Authors: Jack Wishart Naveen Krishnan

null

Mechanical Integrity (MI) is recognised as a critical control in preventing high-consequence losses across the energy sector. Through extensive risk engineering surveys and loss analyses, Gallagher has consistently observed that breakdowns in MI systems are a leading contributor to major incidents, including loss of containment, fires, explosions and prolonged business interruption.

In response, we are launching the MI series to share practical, experience-based insights drawn from real-world observations across global operations. The objective of this series is to highlight common integrity gaps and bridge the gap between inspection, maintenance practices and the real-world failure scenarios, enabling both operators and insurers to better understand where hidden vulnerabilities may exist, ultimately reducing the likelihood and severity of major accidents and insurance claims.

This article on pressure vessels launches the MI series, focusing on high-consequence assets and addressing integrity risks to enhance reliability and prevent losses.

A pressure vessel is a closed container designed to hold fluids (liquids or gases) at a pressure significantly different from atmospheric conditions. Common examples include drums, columns, reactors, heat exchangers and storage vessels. These assets are critical to industrial operations, as they often contain hazardous or high-energy fluids under elevated pressure and temperature. Due to the stored energy, any loss of integrity can result in sudden and severe release, making robust design, inspection and maintenance essential.

Pressure vessels (drums, columns, towers, reactors and exchangers) are among the highest consequence assets in any industrial facility. While failures are relatively rare, when they occur, they often define a site's estimated maximum loss (EML), impacting both property damage and business interruption.

Unlike many other equipment failures, pressure vessel failures are typically:

  • Sudden
  • Violent
  • Triggers a domino effect
  • Costly & time-consuming (long replacement lead times)

In many major incidents, the root cause was inadequate management of MI.

Why pressure vessel integrity requires special attention

Pressure vessels operate with:

  • Elevated pressure and temperature
  • Material degradation mechanisms that are often hard to detect require advanced inspection techniques
  • Limited warning before failure

Once a critical threshold is reached, failure can occur without gradual indicators, making inspection and integrity management the primary line of defence.

A practical self-check: Are your pressure vessels truly under control?

The following five-area self-check can help quickly assess whether your integrity program is aligned with risk.

1. Are your inspection frequency and techniques damage mechanism-driven?

Different damage mechanisms require different inspection techniques. Relying on a single technique can leave critical degradation undetected.

Ask yourself:

  • Is your process data accurate and up to date?
  • Are authorised personnel identifying the damage mechanism?
  • Are relevant inspection techniques used to target the expected damage mechanism?
  • Are the technicians conducting the inspections skilled and qualified for the task?

Red Flag: Inspection programs focused mainly on thickness monitoring. Thickness alone does not detect many critical failure mechanisms (e.g., pitting and cracking)

A technician performs MPI on a pipeline to check for stress corrosion cracking using what is known as the

2. Are you inspecting the right areas, not just the easy ones?

The inspection program should be comprehensive and cover 100% of the assets. Sites sometimes overlook ancillary parts of equipment and exclude hard-to-access areas like the top of the tower, parts of the bridle due to accessibility

Ask yourself:

  • Are we using modern methods like drones to cover difficult to access areas?
  • Are welds, nozzles and high stress regions prioritised?

Red Flag: Uniform inspection coverage across all areas. Damage initiates at stress concentrations and process driven hotspots, not uniformly across the vessel.

Maintenance mechanical engineer perform boiler spray nozzle leakage check inspectiion at the pressure tank during plant inoperation outage shutdown

3. Are the changes/modifications integrated with the management of change?

Adjustments and developments are inevitable throughout the asset lifecycle and if not managed effectively, they can give rise to new risks.

Ask yourself:

  • Are changes to metallurgy performed through the MoC? Has a material selection study been performed? (e.g., change of Stainless Steel SS316 to SS304 reduces resistance to chloride stress corrosion cracking).
  • Are changes to process conditions performed through the MoC? (type of crude, switching pipeline from diesel to gasoline service)

Red Flag: The inspection department is not included in the MoC panel.

4. Do you truly understand remaining life?

Remaining life calculations depend on assumptions around corrosion rates and minimum thickness. If these are not conservative and validated, the risk of failure is underestimated. Life extension decisions are effectively risk acceptance decisions and must be treated as such.

Ask yourself:

  • Have you figured out the correct minimum required thickness (pressure vs structural)?
  • Are degradation rates conservative and evidence-based?
  • Are life extension decisions technically governed and not production-driven?

Red Flag: Repeated deferrals of repair/replacement without escalation or formal review.

Inspector is measuring thickness of the pipe material from near to weld with a portable ultrasonic wall thickness measurement gauge. It is a method of performing non destructive measurement (gauging).

5. How are we managing overdue inspections?

Inspection deferrals extend exposure to potential degradation. Without proper risk assessment and justification, critical damage may progress undetected.

Ask yourself:

  • Are the deferrals approved before the inspection due date?
  • Are they reviewed and authorised by competent personnel?
  • Does the deferral include an assessment of risks?
  • Does the deferral require review of inspection history?

Red Flag: Integrity decisions influenced by operational pressure. Deferrals missing for overdue assets.

What industry losses continue to show

Major incidents continue to reinforce a critical lesson:

Equipment can appear structurally sound

Conventional thickness-based inspection may show no significant loss

Yet material integrity may already be compromised internally

A well-known example involved a refinery heat exchanger failure: Tesoro Anacortes Refinery Explosion (2010)1

In April 2010, during the startup of the Naphtha Hydrotreater unit at the Tesoro Anacortes Refinery in Washington State, a carbon-steel shell-and-tube heat exchanger catastrophically ruptured, releasing a large quantity of flammable hydrocarbons that ignited almost immediately. The resulting explosion and fire killed seven workers and caused extensive damage to the unit. The exchanger failed under normal operating pressure because the steel had suffered severe, undetected metallurgical degradation.

One of the key findings is as follows:

  • High Temperature Hydrogen Attack (HTHA) damage is internal and cannot be detected using traditional inspection methods. The successful identification of HTHA heavily relies on the specific techniques utilised and the expertise of the inspector, though only a limited number of inspectors possess this level of proficiency.

This directly reinforces the first self-check question: Are your inspection frequency and techniques damage mechanism-driven?

It also highlights a fundamental principle: Absence of evidence is not evidence of integrity.

Key takeaways

Across higher performing sites, we typically observe:

  • Inspection programs explicitly linked to damage mechanisms
  • Focus on high-risk locations (not just accessible areas)
  • Changes are tracked through the MoC
  • Conservative and transparent remaining life assessments
  • Strong technical governance independent of operations

Conclusion

Although pressure vessels represent some of the highest consequence failure scenarios, they represent only a portion of the broader integrity landscape. In practice, the majority of loss events stem not from the vessels themselves but from the extensive systems that interconnect them. Gaining insight into how integrity risks develop across these high-failure-frequency networks is essential and this will be the focus of the next article in the series.

The Risk Engineering team at Gallagher offers extensive knowledge in MI, assisting clients across the region in enhancing their asset integrity frameworks, optimising inspection effectiveness and mitigating degradation risks. If you are seeking to improve your MI systems, we invite you to reach out to us for support and advisory services.

Author Information

Jack Wishart , MA MEng CEng MIChemE MEI

Jack Wishart, MA MEng CEng MIChemE MEI

Head of Risk Engineering

Naveen Krishnan , BE MSc CEng MIMechE MEI Cert CII

Naveen Krishnan, BE MSc CEng MIMechE MEI Cert CII

Risk Engineer- Certified in API 510, 653, 570, 580 and 571

Sources

1"Tesoro Anacortes Refinery Fatal Explosion and Fire," U.S. Chemical Safety Board, 1 May 2014.

Disclaimer

The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.

Gallagher Re Ltd is authorised and regulated by the Dubai Financial Services Authority (DFSA).

Registered Business Address: Office 702. Level 7, Gate Building, West Wing, DIFC, Dubai, UAE, PO Box 507061, Dubai, UAE. Registered in Dubai, UAE. DFSA Reference Number: F005278.