FERC granted formal certification to NERC as the nation’s sole ERO and reliability czar, making it inevitable that NERC would delegate the job of regional enforcement to its various regional...
Facing Compliance Risks
Enforcement trends call for a proactive approach to complying with market rules.
The severity of penalties for not approaching price-reporting expectations in a diligent manner suggests there is much at risk. During the period January 2005 to December 2006, the enforcement division of the Commodities Futures Trading Commission (CFTC) brought 40 enforcement actions, resulting in nearly $435 million in civil monetary penalties. Charges included such violations as false price reporting, attempts to manipulate markets, cornering a market and wash trading. 4
Giving attention to regulatory compliance program elements results in several potential direct benefits to an enterprise, including the mitigation of substantial fines (both civil and criminal), reducing the risk of regulatory inquiries, minimizing the costs of compliance, and ensuring the most efficient use of capital and human resources to achieve compliance. Last, creating an integrated compliance risk-management program across the six elements promotes consistency and sustainability.
Regardless of a company’s current position with respect to its approach to regulatory compliance, the preferred solution is to find the optimal means of controlling the cost of compliance, mitigating the probability of investigations, and minimizing the risk of civil or criminal sanctions. While having an integrated enterprise-wide approach to regulatory compliance is optimal for addressing each of these risks, companies face varying situations and are driven by different factors with respect to their compliance capabilities. Whether addressing organizational design, policies and procedures, data and document management systems, or procedural and IT controls, efforts to strengthen regulatory compliance capabilities should focus on finding ways to be more efficient and more effective.
Companies can take different approaches to regulatory compliance; however, there is significant variability in the cost and risk among the approaches. With the challenges regulators have presented for companies to adopt and infuse a culture of compliance in their organizations, the question becomes “how will you respond as an enterprise?”
While uncertainty remains regarding what it means to be regulatory compliant and how federal regulators will enforce certain rules and provisions, the costs and risks of not being proactive can be quite large and should drive companies to ask questions about the adequacy of their approach. Furthermore, ignoring federal mandates because of compliance uncertainties will not provide adequate defense if a company is perceived to be falling short of regulators’ expectations. The magnitude of the penalties ($41 million in penalties paid across thirteen cases in 2007 alone, plus CFTC penalties exceeding $400 million) should be enough motivation to at least establish some consistency and verifiability of the overall regulatory compliance program a company chooses. 5 A company that ignores these clear warning signs proceeds at its own risk—and the risk of its shareholders and governing board.
One of the preeminent 20th century American poets, Robert Frost, provided an apt description of the assumption of risk related to regulatory compliance: “We took risks. We knew we took them. Things have come against us. We have no cause for complaint.” Companies choosing to be passive or reactive will have limited defenses and should be prepared to accept the consequences.
1. “Implementation of the Federal Energy Regulatory Commission’s Enforcement Authority: A White Paper,” November 2007.