Compliance Program Guidance

Deck: 

The industry debates how far FERC should go.

Fortnightly Magazine - April 2009

Since the Energy Policy Act was enacted in 2005, the domestic power and gas industry has experienced several years of Federal Energy Regulatory Commission (FERC) compliance enforcement history, including the related monetary impact for companies that experienced compliance issues. For example, FERC increased the number of investigations opened in 2008 to 48 from 35 in 2007.1 Of those 48 investigations in 2008—some stemming from self-reports—17 were closed via settlement agreements that ended up costing some $52.5 million in sanctions.2

Including the settlements entered into in 2007, which totaled approximately $41.7 million, total penalties levied and agreed to by companies are close to $100 million over the past two years.3 These figures don’t include the costs incurred by the entities under investigation such as labor, legal fees, opportunity costs, and required compliance program investments. Nor do they include the possible damage to reputation from the related negative impact on stock price, or the effects of management shifting focus from commercial operations and strategy to damage control. Although 15 investigations undertaken between 2007 and 2008 closed with FERC not finding sufficient evidence of wrong-doing and therefore not levying any sanctions, these entities still incurred the costs and uncertainties of preparing for, and responding to, the investigations.4 Given the high stakes, some industry stakeholders have suggested that FERC could provide more comprehensive guidance on what it means to have an adequate compliance program and what constitutes that compliance. The Workshops on Regulatory Compliance held in November 2007 and July 2008 were good steps toward clarifying FERC’s expectations and many stakeholders are encouraged by FERC’s intentions to make the workshop an annual event. However, further guidance from FERC, perhaps via a model compliance program, would help companies develop plans for building out or strengthening their existing programs.

The debate over how far FERC should go in providing a model compliance program hasn’t ebbed much over the past year. This debate comes in spite of the fact that FERC issued an enforcement policy statement in October 2008, which provided further guidance on the basic elements of a compliance program. Industry stakeholders and FERC regulators alike express mixed opinions as to whether this guidance is adequate in the face of substantial penalty risks faced by industry participants. The overarching question is whether FERC should prepare and present to the industry a model compliance program that companies should follow in mitigating the risks of non-compliance. Further, the industry is anxious to see what’s in store for regulatory enforcement and program guidance resulting from the recent change in leadership at FERC. From FERC’s point of view, the benefits of such a suggested model program could bring some risk to the regulatory agency if companies that implement a suggested type of program still are found to have issues; those companies then could indicate the issues result from an inadequate model provided by FERC.

Industry stakeholders also have raised concerns about the value of self-reporting and have suggested rules behind the application of penalties aren’t clear enough and could benefit from further FERC guidance. Companies need to understand the consequences of non-compliance and how self-reporting might impact a settlement. The overarching issue across each of these areas of concern is that some industry participants believe that FERC is perpetuating uncertainty as to how they best can meet their compliance obligations, while at the same time mitigating the magnitude of potential penalties should they be found to be in contravention of the rules.

Varying Regulatory Demands

Capacity release-related violations provide a specific example of the difficulty the industry is facing in the application and implementation of compliance. In 2008, FERC settled four investigations resulting in $12.7 million in penalties for capacity release-related violations.5 All four were self-reported violations with the largest penalties levied on two entities that practiced “flipping” of long-term capacity. Prior to these settlements, many people in the industry viewed this as common practice and wouldn’t have had compliance measures in place either to detect or prevent it.

In addition to the uncertainty plaguing common industry practices, there’s lack of clarity as to what’s expected of the regulatory-compliance infrastructure of a company to prevent non-compliance. Of the more than 20 investigations settled over the past two years, only two companies have been required to develop comprehensive regulatory compliance plans.6 The focus of these plans has been on remedying specific issues of concern identified during the respective FERC staff investigations. Along with developing plans of action to mitigate the risk of future non-compliance, the companies also have been directed to develop action plans that will be used to reinforce a culture of compliance throughout their organizations. The other enforcement-related settlement agreements entered into with FERC also have called for compliance plans to be filed with the regulators, but these plans were limited in scope to particular areas found to be deficient, such as training, controls, documentation, or procedures. Among all of these enforcement actions, however, only 10 percent of the settlements have required comprehensive plans to be prepared for FERC’s review. What was unique about the settlements requiring comprehensive plans was the apparent absence of an appropriate tone from the top leadership reinforcing a commitment to compliant practices.

The development of compliance programs is the industry’s response to the expectations of regulators, which commenced with FERC’s October 2005 Enforcement Policy Statement, that companies have adequate infrastructure and practices in place to demonstrate a consistent adherence to compliance and a track record of compliance performance (i.e., a compliance program). Many companies have chosen to be proactive in developing compliance programs because not only was it encouraged by FERC, but it also has been deemed by companies as the preferred way of effectively mitigating compliance risks. The question for companies now is whether what they’re doing is sufficient to meet FERC’s expectations.

FERC’s Guidance and Actions

One could argue that the compliance-policy guidance FERC issued in October 2008 provided sufficient guidance to industry for developing and maintaining the basic building blocks of a sustainable compliance program. However, some market participants still are clamoring for further guidance in the form of a “model compliance program.” The perception is that if FERC were to develop and provide such a program it would give the industry a more sufficient road map to follow. The challenge for FERC and the industry alike is that there is such diversity in the businesses from electric to gas and integrated regional entities to national energy companies, that the prospect of going beyond the guidance already provided risks delving too far into the details of how companies choose to manage their varied compliance obligations and mitigate their risks of non-compliance. Such far-reaching steps by FERC also could pose the risk of shifting responsibility for compliance to the regulators and away from the industry.

To gauge the sufficiency of guidance already provided by FERC, it’s useful to look at the direction that was provided in the Policy Statement on Compliance, dated Oct. 16, 2008. FERC states that companies with the following components in place will put themselves in a better position to reduce or possibly eliminate civil penalties:

• Management Involvement: Active engagement and leadership by senior management;
Preventive Measures: Preventive measures appropriate to the circumstances of the company that are effective in practice;
Detective Measures: Capabilities for prompt detection of problems, cessation of misconduct, and reporting of a violation; and
Remediation Program: Processes and practices that facilitate remediation of identified misconduct or non-compliance.

FERC views the combination of these components as the foundation upon which compliance programs should be based. Effective functioning of each of these components should, in theory, help companies to limit incidences of non-compliance and reduce the size of penalties imposed on companies for identified violations. FERC has continued to state that companies who self-report and demonstrate a commitment to proactive remediation will receive favorable consideration from FERC when the agency is considering sanctions. FERC has stated in several of its settlement reports that if remediation has occurred and minimal harm was caused, the investigation will be closed with no further action. In 2007 this was true for 75 percent of the self-reported cases; however, the figure dropped to only 40 percent in 2008.7 The perceived complication around determining the appropriateness of monetary sanctions lies in the severity of the issue and its perceived or actual impact on the marketplace and other market participants. It appears that what helps to temper the magnitude of a penalty assessed by FERC, however, is the extent to which each of the above components is in place and active within a company.

The concern that companies have stated in news reports is that uncertainty remains over how much credit a company is given for having a robust compliance program and coming forward with identified issues. Their concern is rooted in the fact that about 20 percent of the settlement agreements entered into with FERC originated with a compliance incident self-report.8 If companies are to continue being measured on the rigor of their compliance programs, the question arises as to how a company can: 1) have confidence that it has gone far enough in building out its program; and 2) interpret the credit that it might be given in self-reporting compliance incidents.

Providing Further Guidance

Upon examining the breadth of organizations regulated by FERC, the range of their operational portfolios, the diversity of organizational structures, and the variety of management cultures, it’s worth stepping back to assess whether more prescriptive direction can be provided to companies regarding their compliance programs. In organizations with more mature compliance programs that have been in operation for several years, these programs tend to be woven into the fabric of the operations and management of the businesses. These compliance programs form part of the everyday activities and culture of both operations and transaction-focused personnel, not just personnel with regulatory-compliance oversight responsibilities. In short, meeting regulatory-compliance obligations is not treated as a check-the-box exercise, but is integrated with the everyday practices of the organization. Against this backdrop, it would appear that individual companies are in the best position to determine what their compliance programs should look like for meeting their on-going compliance obligations.

Companies developing and maintaining compliance programs can look to industry-leading practices, as well as FERC policy statements, for guidance on what they should have in place for effective functioning programs. In addition to the formal policy guidance provided by FERC, energy-market participants also can avail themselves of a number of different vehicles to obtain further clarification and support directly from FERC including:

• Petitioning for declaratory orders;
• Petitioning for general counsel opinion letters;
• Petitioning for accounting interpretations;
• Calling the enforcement hotline;
• Communicating informally with FERC staff;
• Calling the virtual Compliance Help Desk; and
• Initiating a no-action letter process.

If industry participants believe the policy guidance and clarification options still aren’t adequate for helping companies to establish and maintain robust compliance programs, then further prescription may be needed from FERC. What companies and their industry lobbying groups should consider is that if FERC goes down the path of providing a model compliance program, companies still will be required to apply these practices to their respective operations and manage the changes required. As we have heard from change-management experts through the years, “top-level commitment is vital to engendering commitment to change from those at the coal face. If employees don’t see the company’s leadership is backing a project, they’re unlikely to change.”9 Herein lies one of the conundrums for the industry, that while it may be seeking more specific guidance from FERC, such guidance won’t absolve companies from the primary task and challenge of leading change and implementation. No matter how much further guidance is provided, companies still bear the responsibility for implementation and demonstrating a corporate commitment to compliance.

Furthermore, companies shouldn’t necessarily request FERC to provide the industry with the same kind of prescriptive guidance provided in the North American Electric Reliability Corporation (NERC) Standards. The market rules don’t lend themselves well to the same structured engineering approach that was taken when crafting the NERC standards and penalty matrix. The activities and dynamics in energy markets aren’t like planning and operational activities that are geared toward the preservation of infrastructure security and reliability. Markets by their nature evolve as do the companies that operate in them, balancing commercial return against other less quantifiable risks. Compliance guidance should afford flexibility for companies to decide their preferred governance structure, the breadth of their compliance-performance reporting, the types of controls put in place, the type of issue-resolution process used, the kind of training provided to personnel or how often they audit and test their practices, controls, and transactions for compliance. This is consistent with the guidance that other federal agencies such as the EPA, SEC, and the Department of Health and Human Services, among others, have provided to the entities they regulate. All have acknowledged that the main limitation to providing more prescriptive guidance has been the recognition of significant diversity among companies.

Change Comes to FERC

The arrival of a new executive administration brings change. In this most recent case, the inauguration of President Barack Obama has brought a change in the leadership at FERC with the appointment of commissioner Jon Wellinghoff as the acting FERC chairman, replacing Joseph Kelliher, who for five-plus years has been an ardent proponent of regulatory compliance. Throughout much of his tenure, former Chairman Kelliher called for companies to be proactive about establishing a culture of compliance and not waiting for FERC or other market participants to raise questions or concerns about their market behavior or their compliance practices. In spite of Kelliher’s passion for regulatory compliance, he firmly believed that “developing model guidance would be nearly impossible because the commission is charged with overseeing such a diversity of stakeholders.”10 The director of the FERC Office of Enforcement also has acknowledged that “one size doesn’t fit all … that it has been a struggle … to advise [the industry] as to what makes a good compliance program”11

On the other side of this debate sits Commissioner Philip Moeller, who has called for FERC to issue a “model compliance program.”12 The new acting FERC chairman had not been as vocal as these two commissioners or the other seated commissioners, so there is some ambiguity as to what direction he would lean as it relates to regulatory compliance. Some of this ambiguity was lifted when Wellinghoff stated at an industry-sponsored event in February 2009 that “there is no standard formula for an effective compliance program.”13 It also appears clear that Wellinghoff will remain a staunch advocate for energy consumers and finding effective ways to ensure that consumer interests are protected. In the past, he advocated co-operative owned utilities and increased utility choices with the goals of providing consumers with reliable, lower utility costs. He has focused a majority of his career on renewable energy development and hinted at his leaning toward encouraging utilities through regulation to stimulate the growth of renewable energy use.14

This commitment is consistent with Obama’s plans for increasing the availability of renewable energy through the expansion of transmission infrastructure to the top wind resource zones across the United States. As this new infrastructure build accelerates over the coming years, and state and federal regulators balance competing interests such as economic efficiency, reliability, and political expediency, there will be an emphasis on how providers and users of this infrastructure comply with prevailing market rules. FERC will be at the forefront of these presidential initiatives in light of the oversight and enforcement role it plays in encouraging the competitiveness of energy markets and preserving the reliability of system infrastructure. Judging by Obama’s actions and words during his first few months in office, it would appear that a reasoned and balanced approach aimed at sustainability will be taken by the federal agencies charged with bringing his vision to reality. With respect to compliance, FERC is expected to remain keenly focused on issues that threaten the integrity of markets and the reliability of the national grid. This would involve FERC continuing to be an active proponent of companies building out and maintaining their compliance programs.

What has become increasingly clear for market participants is that FERC’s enforcement of compliance has been an evolving process. In addition, both regulators and the industry have continued refining what it means to have an effective and robust regulatory-compliance program. Since 2005, FERC has continued to clarify what it expects from the industry and has provided both forums and policy statements whereby industry participants could better understand what their peers are doing about managing compliance. Further clarification on the benefits of self-reporting and the application of penalty authority appear to be a high priority for market participants. Even though FERC has emphasized that responsiveness, consistency and transparency should be cornerstones of a sound compliance program, companies want greater assurance that if they do the right thing, any levied sanctions will be reduced significantly by the company’s demonstrated commitment to being compliant (e.g., the NRG settlement).15 Whichever way FERC chooses to lean in the future, it might be advisable for companies to take a balanced approach that preserves corporate flexibility while providing sufficient guidance to continue taking confident steps in the right direction.

 

Endnotes:

1. 2008 FERC Report on Enforcement, Oct. 31, 2008.

2. Ibid.

3. 2007 FERC Report on Enforcement, Nov. 14, 2007.

4. 2008 FERC Report on Enforcement, Oct. 31, 2008.

5. Ibid.

6. 2007 FERC Report on Enforcement, Nov. 14, 2007.

7. 2008 FERC Report on Enforcement, Oct. 31, 2008.

8. Ibid.

9. HBR, “Hard Side of Change Management,” Oct. 2005.

10. Energy Washington Week, Jan. 7, 2009.

11. Inside FERC, Nov. 24, 2008.

12. Energy Washington Week, Jan. 7, 2009.

13. FERC Statement of Jon Wellinghoff, Feb. 3, 2009.

14. Las Vegas Review Journal, May 6, 2001.

15. October 16th FERC Policy Statement on Compliance, p. 6.