Compliance with NERC mandatory reliability standards is an actively changing landscape, with new standards continually becoming effective and enforceable while others are retired. Each change brings new challenges for utilities to document and manage compliance evidence for audit purposes. Every NERC-registered utility must strive for continuous compliance with their portfolio of applicable NERC Reliability Standards. They should not be solely focused on having a successful “No Findings” results from NERC audits, but also for the sake of the reliability and resilience, be oriented to reliable operation of their portion of the power system.
Penalties for Non-compliance
When the current NERC regulatory program was initiated in 2007, the statutory limit of penalties was $1M per day per violation. Today, the highest penalty for non-compliance stands at $1.54M per day per violation.
In the NERC 2023 Enforcement Report the FERC Enforcement division reported that 19 new Reliability Standards violation investigations were opened and nine pending investigations were closed. During the year FERC Enforcement staff negotiated twelve settlements nine of which were resolved for a total of approximately $33 million in penalties. The remaining three FERC-approved settlements resolved one district court litigation matter for $4 million, one “order to show cause” proceeding for a $4.4 million civil penalty, and one United States court of appeals matter on remand to the FERC for a $11 million civil penalty.
Variable Audit Schedules
When an organization has a NERC compliance audit, spot check, or guided self-certification, the activity provides an assessment of reliability compliance for a specific past period. Utilities can come out of an audit knowing whether there are compliance short comings that need to be addressed, or whether every mandatory obligation has been fulfilled. However, many utilities will be playing “catch up” when receiving their audit notification letter due to the lack of a continuous compliance assessment and verification planning.
If you have not been audited in a number of years, complacency could set it amongst your individual contributors and Subject Matter Experts (SMEs). With NERC and the Regions moving away from a static audit schedule (every 3 to 6 years) and focusing more on reliability risk, many companies are no longer on predictable NERC compliance audit schedule.
Readiness Reviews
Regularly scheduled Readiness Reviews are the only sure way to know that your utility is currently and continuously in compliance with NERC standards.
A Readiness Review will independently assess your company’s current compliance status, the strength of your compliance program, and can identify weaknesses in compliance evidence that your organization may have.
Readiness Reviews are a valuable tool that all organizations should consider. They can be done completely internally or by an outside third-party.
There are three main assessments that should be included in every Readiness Review.
- First, an organization should complete a review and assessment of the current effective and enforceable NERC Reliability Standards to find out which standards are applicable, not applicable, or that you may have an exemption from. Building an in-depth continuously updated list of applicable standards is the beginning of the process of knowing whether your company can achieve and maintain compliance.
- Second, you need to assess your current Compliance program’s internal controls and evidence of compliance. By going through your program documents and evidence you are essentially auditing your own compliance program. You should be able to point to evidence for each applicable standard requirement and its measure, showing that your organization has knowledge of the standard and requirements (program manuals) and that you can prove compliance (test records, training documents, regional submittals).
- Third, even if you have found no gaps in your organization’s compliance program, you should still assess strengths and weaknesses. Yes, you may be able to provide a program document and evidence, but could it have been achieved more efficiently? Do you meet all the suggested measures in the NERC Standards?
Internal readiness reviews support a proactive NERC Compliance program that will:
- Equip staff and management with sufficient training, education, tools, and other resources, such as well-publicized policies and procedures, to detect issues in a timely manner and to detect, correct or prevent noncompliance.
- Help staff stay abreast of compliance trends by reviewing audit reports from others and evolves based on these trends and other developments in the industry.
- Have the active involvement of senior management to emphasize the importance of compliance and the allocation of funds necessary to maintain a robust compliance program.
- Have a designated compliance officer and compliance committee, charged with development and oversight of compliance activities and metrics to assess program effectiveness.
- Have active involvement of internal audit and monitoring functions to routinely assess compliance with tariff provisions and Commission rules, orders, and regulations, to foster a strong and sustainable culture of commitment to compliance on an enterprise-wide basis.
- Promote a culture of compliance and self-reporting to ensure compliance, including an effective process to self-report noncompliance identified through internal oversight activities.
Effective compliance programs increase the likelihood that your company SMEs will understand and follow the mandatory requirements both “in letter and spirit.” However, since each company is unique in terms of size, region, organizational structure, facilities, and other relevant characteristics, no two compliance programs are alike. Each company must tailor its program to the specific challenges it faces.
Going through these internal assessments will provide a meaningful and truly valuable Readiness Review.
TRC can provide a review of your compliance program and help your company avoid the consequences (monetary and reputational) of unsuccessful NERC/Region compliance audits.
Resources
FERC FY 2023 Report on Enforcement Actions
NERC Compliance Solutions for Registered Distribution Providers (DP)
NERC Solutions for Transmission Development Projects
Your Trusted Regulatory Advisor
TRC closely follows the national, provincial and state regulatory trends in all regions of North America. Our approach to power system security, engineering, planning, design, construction and commissioning testing, balances solutions that incorporate industry reliability risk trends, mandatory reliability standard requirements, regulatory guidance, compliance obligations, best practices, operational goals and budgets. With expertise in power system planning, engineering and operations, TRC supports public utilities and private energy providers in their efforts to stay ahead of the regulatory curve and to meet or exceed regulatory requirements as they evolve.
This regulatory update is provided as a service to TRC’s utility clients, helping to keep you informed of forward-looking issues that will impact your company’s electric system reliability risks along with related topics regarding regulatory developments, to help you achieve your company’s business goals.
Contact:
D. Stradford