Waking Up To Compliance Risk


Do you know what your legal exposure is?

Do you know what your legal exposure is?

Fortnightly Magazine - September 2006

The recent criminal convictions of Kenneth Lay and Jeffrey Skilling close another chapter in the long-running Enron drama, but the impact of this drama on the way corporate America is governed will be felt well into the future.

As the seventh largest U.S. enterprise and the crown jewel of the energy industry, Enron has provided lessons for both corporations generally as well as the energy industry specifically. Predictably, the Enron debacle has spawned a plethora of regulatory reforms—from the broad-ranging corporate governance dictates of the Sarbanes-Oxley Act of 2002 to the specifically tailored proscriptions of the Energy Policy Act of 2005 (EPACT).

How can energy market participants effectively manage the risks inherent in complying with those regulatory reforms?

Please participate in this brief PUF survey

Congress expresses itself clearly in EPACT. It wants more active enforcement by the Federal Energy Regulatory Commission (FERC), especially against energy market manipulation. It directs FERC to promulgate a rule to protect natural gas and electricity ratepayers from this evil.

Armed with enhanced enforcement and penalty authority granted in EPACT, FERC recently adopted a rule detailing broad prohibitions on energy market manipulation.

Compliance Risks

Compliance risks are threats to an organization’s strategy, operations, financial condition, and reputation resulting from a failure to comply with laws, regulations, internal policies and procedures, ethical standards, and customer expectations. The energy industry has faced some major compliance threats in the very recent past. At the forefront are the allegations of market manipulation of electricity and natural-gas prices in the West, ultimately resulting in settlements totaling more than $6 billion. Enron and other power-trading companies were found to have manipulated prices through sham transactions, collusion, and gaming activities. Though not as widely publicized, compliance threats also have resulted from allegations or findings of preferences afforded affiliates, failures to abide by codes/standards of conduct, and other violations of federal energy laws and regulations.

While intentional unscrupulous behavior always will create compliance risks, unintentional operational failures also can generate such risks. When the lights go out for any reason other than obvious force majeure, there almost inevitably will be compliance consequences. In the risk-management world, operational risks are exposures to loss resulting from inadequate or failed internal processes and systems, and can manifest themselves in errors and business interruptions. The August 2003 blackout highlights the operational risks faced by the energy industry. Although the blackout was the result of violations of voluntary reliability standards, those standards are now mandatory and enforceable. Moreover, even with the voluntary standards, the operational failures that caused the blackout had many compliance consequences.

Compliance Programs

EPACT upped the compliance ante for public utilities by granting FERC enhanced enforcement authority and the power to assess civil penalties in a wider scope of violations, up to $1 million per violation per day. EPACT also increased