State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
NERC's Reliability Standards: The Good, the Bad, and the Fill-in-the-Blanks
How to prepare for mandatory enforcement.
on Enforcement, and they expressly hold open the prospect for substantial penalties for “egregious conduct” by violators, including attempts to conceal violations.
Penalties for Non-Compliance
Under the authority of FPA § 215, the ERO, or a regional entity, may impose a penalty on an entity for a violation of a reliability standard approved by FERC if the ERO or the regional entity: (1) finds that the entity has violated a reliability standard; and (2) the ERO files notice and the record of the ERO’s or regional entity’s proceeding with FERC. 8 FERC stated in its Final Rule that an appeals process at the ERO or regional entity level is appropriate and found that there should be a single appeal at either the ERO or the regional entity level. NERC, in its application to become the ERO, stated that it believes any appeal of a compliance or enforcement action should take place at the ERO level.
The Final Rule provides that the ERO and each regional entity must have a program that provides for rigorous audits of compliance with reliability standards by users, owners, and operators of the bulk power system. Other important aspects of the reliability compliance and enforcement program include:
• Self-Regulating Programs. FERC will require the ERO to make a compliance filing no later than one year from the date of certification proposing reliability enhancement programs that are industry-driven to improve bulk power system reliability, along with a program implementation schedule. 9
• Compliance Directives. FERC stated in the Final Rule that the ERO or regional entity may conclude, based on the evidence available to it, that an entity is violating or is about to violate a reliability standard, and in such case the ERO or regional entity may issue a compliance directive. Such compliance directives may establish a timetable for compliance. The ERO or regional entity must inform FERC of any compliance directives.
• Penalty Guidelines. FERC concluded in the Final Rule that penalty guidelines, to be developed by the ERO and approved by FERC, should provide a predictable, uniform and rational approach to the imposition of penalties. Such guidelines would help ensure that a penalty bears a reasonable relation to the seriousness of the violation. Thus, the Final Rule requires the ERO to develop, and submit to FERC for approval, penalty guidelines that identify a range of non-monetary and monetary penalties to be applied by the ERO or a regional entity for determining the appropriate penalty for the violation of a reliability standard. 10 Regional entities should adopt the ERO’s penalty guidelines, with changes or supplements only as necessary to reflect regional differences in a reliability standard. The ERO must approve any such changes by a regional entity and the ERO must submit them to FERC for approval. 11
Ways to Ensure Compliance
The new reliability regime created by EPACT and now taking shape through FERC’s Final Rule, the forthcoming establishment of the ERO, and the promulgation of mandatory reliability standards, will require utilities and other bulk power system users, owners, and operators to develop policies and procedures