The most important [factor] in determining the amount of the penalty are the seriousness of the offense and the strength of the entity’s commitment to compliance.”
By now, most electric industry participants are aware of the mandatory reliability standards required by the Energy Policy Act of 2005 and managed by the North American Electric Reliability Corp. (NERC). Bulk-power system users, owners, and operators (known as NERC registered entities) are responsible for complying with the set of standards that are applicable to their operations in their specific region.
Compliance is monitored by the NERC regions (Texas Regional Entity, Western Electric Coordinating Council, Reliability First Corp., Midwest Reliability Organization, SERC Reliability Corp., Florida Reliability Coordinating Council, Northeast Power Coordinating Council, and Southwest Power Pool) through spot checks, self-certifications, audits, and investigations.
The Federal Energy Regulatory Commission is expected to beef up internal compliance inspections during 2009. Compliance inspections are carried out by the North American Electric Reliability Corp. (NERC) regional entities.
Compliance is proven by the registered entities through valid and approved operating procedures, evidence of following those procedures, and documented evidence of actions taken in response to directives. However, having a full set of up-to-date and approved operating procedures and meticulous records of compliance activities is only part of the picture.
Perhaps even more important in today’s reliability compliance structure is the nature and scope of the registered entity’s internal compliance program. The Federal Energy Regulatory Commission (FERC), the sanctioning body for violations of requirements associated with the reliability standards, has stated on numerous occasions that it expects to see a “culture of compliance” in place and in force for each registered entity.
The aspects of such a culture for all compliance activities have been delineated in both the FERC Policy Statement on Enforcement, Docket No. PL06-1-000, and, most recently, in the FERC Policy Statement on Compliance issued on October 16, 2008, Docket No. PL09-1-000 (www.ferc.gov/ whats-new/comm-meet/2008/101608/M-3 .pdf). Though internal compliance programs are not in themselves mandatory requirements, their presence and quality are clearly intended to weigh heavily in determining the magnitude of sanctions in the event of a verified requirement violation.
Registered entities are well advised to have such a program in place as evidence of their commitment to grid reliability and of their ongoing culture to manage and optimize that commitment through a wellorganized and robust compliance program.
Paragraph 2 of the Policy Statement on Compliance clarifies the importance FERC places on such programs: “Accordingly, the purpose of this Policy Statement is to provide additional guidance to the public on compliance with our governing statutes, regulations and orders. In response to input from participants in the Commission’s July 8, 2008, staff workshop on compliance, and based on our experience in implementing our new civil penalty authority thus far, we discuss further some of the factors related to effective compliance that the Commission will take into account in considering whether to reduce or even to eliminate civil penalties for violations.These factors are: (1) the role of senior management in fostering compliance; (2) effective preventive measures to ensure compliance; (3) prompt detection, cessation, and reporting of violations; and (4) remediation efforts.”
Obviously, the nature of compliance requires more than a cursory operator training effort and drafting a set of procedures. Compliance is not something to take care of and then move on; rather, it is an integral part of day-to-day operations. Operators should be fully engaged in the consequences of their actions relative to their applicable requirements, and management will be held responsible for ensuring that all aspects of compliance activities, documentation, and training are addressed, managed, updated, and incorporated into their business.
Some finer points of the internal compliance program are also laid out in the Policy Statement on Compliance, :
# “Provide sufficient funding for the administration of compliance programs
by the Compliance Officer.
# Promote compliance by identifying measurable performance targets.
# Tie regulatory compliance to personnel assessments and compensation, including compensation of management.
# Provide for disciplinary consequences for infractions of Commission requirements.
# Provide frequent mandatory training programs, including relevant ‘real world’ examples and a list of prohibited activities.
# Implement an internal Hotline through which personnel may anonymously report suspected compliance issues.
# Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board.”
Although not all of these measures lend themselves to all types and sizes of entities, they do provide useful guidance on how an internal compliance program should be structured. Management commitment to such a structure is further emphasized in paragraph 10: “The Commission expects companies to invest appropriate time and effort in the creation, monitoring, and growth of strong internal compliance programs.
Depending on a company’s size and organizational structure, the nature and complexity of the company’s involvement in activities subject to Commission regulation, and the range of compliance risks resulting from those activities, a comprehensive and effective compliance program may be time and resource intensive.” In other words, not having the time or money to invest in a robust compliance program is not a wise defense for failing to develop a culture of compliance.