Compliance and Enforcement in a Self Regulatory Model (Reliability provisions of Energy Policy Act of 2005)

Transcription

1 Compliance and Enforcement in a Self Regulatory Model (Reliability provisions of Energy Policy Act of 2005) Daniel P. Skaar, President Midwest Reliability Organization September 14-17, 2008 midwestreliability.org Society of Corporate Compliance and Ethics 6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States Brief History of the North American Electric Utility Industry Various players: large and small; investor owned and publicly owned; Canada and United States; asset owners; marketers Grid developed regionally; then interconnected for reliability and efficiency purposes; tariffs and markets developed; changing regulations to provide competition Regulators: FERC, Provincials, and States Major Blackouts Response: Industry stepped up and established a voluntary organization called North American Electric Reliability Council for bulk power system reliability 2 Response: Legislation passed called the Energy Policy Act 2005 resulting in mandatory standards with financial penalties for violations: applies to the bulk power system (not distribution) 1

2 Electric System Diagram 3 A Continental Power System 4 2

3 EPAct and Canada Canada and the United States are co-dependent for bulk power system reliability US-Canada Bilateral Group issued principles for Self Regulatory Organization (SRO) to function on international basis (no treaty proposed) EPAct made provision for Canada (and Mexico) Implementation in Canada will be Province-specific Need recognition by each jurisdiction Goal: Same standards apply to grid operations across the two borders 5 Keys Limitations of the Voluntary Standards Regime Did not capture all the entities who could impact reliability of the bulk power system No teeth ; relied on peer pressure Most standards lacked clarity; difficult to enforce Not workable or sustainable in a de- and re-regulated industry 6 3

4 Key Reliability Provisions of EPAct 2005 Created one international, industry self-regulatory organization called the Electric Reliability Organization (ERO) 7 Modeled after other SRO (NASD) Federal Energy Regulatory Commission (FERC) oversight in U.S. Delegates authority to set and enforce mandatory standards to ERO ERO delegates authority to Regional Entities (RE or Regions) via pro forma delegation agreements (filed with regulators) Standards apply to all owners, operators and users of bulk power system Standards developed using ANSI-type structure (open, inclusive, no cost to participate) Registration criteria and process Enforcement of penalties up to $1.0 million per day per violation Key Reliability Provisions of EPAct 2005 Governance of SRO ERO (North American Electric Reliability Corporation) Independent Regional Entities or Regions (MRO) One of three: independent, balanced stakeholder, and hybrid Funding of SRO Mandated in legislation: Proportional share of costs based on electrical load Penalties are not budgeted, used as compliance cost offset to ERO budget 8 4

5 Sarbanes-Oxley/EPAct Comparison SOX High-profile financial reporting scandals (e.g. Enron, WorldCom) Event Triggered EPAct Blackout in 2003 "Issuers" Applies To "Registrants" (aka Registered Entities) 1,700 Issuers Numbers 1,900 Registrants PCAOB SEC Private or Quasi- Governmental Agency/Corporation Oversight Regulator (in USA) ERO (NERC) FERC Registered CPA firms with PCAOB Auditors Regional Entities with approved delegation agreements 9 Mandatory Reliability Standards Framework Standards which are enforceable are: Clear Technically valid and justified Vetted through an open process Applicable to owners, users, and operators of the bulk power system Key Components of a Standard: Purpose Requirements Measures Compliance 10 5

6 Who Must Comply? 11 Established a Registry criteria for bulk power system Both common sense and science Multi-phase, iterative process Subject to change: mergers, acquisitions, etc. Early Issues Consistency across North America Shotgun versus Rifled approach Defending a material impact to reliability Below the Registration criteria threshold: Burden on the ERO to register Above the Registration criteria threshold: Burden on the Registered Entity to de-register Joint registrations for shared ownership of facilities subject to standards Due Process Notification to Registered Entity May appeal registration to ERO Compliance and Enforcement Framework Delegated authorities from FERC and Provinces FERC, in conjunction with Canada, designated NERC as the international Electric Reliability Organization Relationship between NERC and the Regions Regions authorities and responsibilities specified in a pro-forma Delegation Agreement approved by regulators Regions are the implementation backbone for enforcement Significant discretion given to Regions Penalties and settlements Membership in ERO irrelevant to enforcement Due Process protections 12 6

7 Challenges in Implementing the SRO Model Jurisdictional Issues to Overcome Federal Agencies Canada Registration Balancing Constituencies Regulators expectations Industry expectations Public and Congress expectations Consistency One SRO with eight Regions 13 Challenges in Implementing the SRO Model Roles: Consultants or Cops Oversight Self oversight and reach-ins by Regulators Cultural Customers vs. Registered Entities Voluntary vs. Mandatory Meaningful Metrics How can we measure that compliance is improving reliability? 14 7

8 Discovery Methods under the Compliance Program Periodic reporting Self-certification Exception reporting Investigations Random spot checking or audits Compliance audits 15 Steps in Due Process for Enforcement Applicability of standards to the Registered Entity Discovery of alleged violation Facts and circumstances review to validate Notice of Alleged Violation (Notice of Confirmed Violation, if uncontested) If contested: Right to a hearing at the Regional-level Right to an appeal at ERO-level May contest at the Regulatory level and then, court 16 8

9 Enforcement Considerations Quantitative Factors Risk to the bulk power system Entity size Repeat infractions and prior warnings Time horizon Qualitative Factors Self-reporting Quality of compliance program Deliberate violations Cooperation Documentation Overall: Enforcement action should correspond with the severity of the violation 17 Settlements Compliance and Enforcement process encourages settlements Most violations will be settled Trade-offs: Financial penalties vs. investments to improve grid reliability Key criteria for settlements - Does the settlement improve grid reliability? 18 9

10 Key Elements of an Effective Compliance Program 19 Self assessment and self auditing Self reporting procedures Timely and aggressive corrective actions Staff knowledge of requirements for each standard Whistle blowing procedures Properly aligned pay practices Senior management roles Independence from operations direct line to CEO Internal compliance training Disciplinary procedures Controls to prevent reoccurrence Sustainable compliance (system approach vs. a point in time ) What MRO is Telling the Registered Entities Paradigm Shift Compliance is an investment, not a cost center Investment in Reliability ( keeping the lights on ) Investment in protecting your brand and preserving your reputation Good compliance program is essential Mitigate and manage enterprise-wide risk across all functional areas May act as an effective hedge against regulatory enforcement actions 20 10

11 MRO s Goals for Implementation Encourage self-reporting Encourage strong compliance programs A well-educated set of Registered Entities (e.g. they understand the standards) Non-discriminatory and no undue preferences Accurate and timely decisions Risk-based and cost effective 21 Summary of Lessons Learned-First Year Mandatory program implemented on June 18, 2007 Key Statistics About 10% of self reported and self certifications are dismissed About 95% of all alleged violations are related to documentation Top eight standards violated account for about 50% of all alleged violations Published a public report 22 11

12 Key Lessons Learned-Registered Entities Re-evaluate compliance program; who does what ( line of sight to compliance) Improving documentation to demonstrate compliance with Standards Need for more training and education Need to be better prepared for audits 23 Key Lessons Learned-MRO More transparency needed on compliance and enforcement decisions to the industry Speed and Process Certainty Add elegance to the administration process; remove unnecessary burdens and increase predictability learning curve Increase comfort levels with exercising judgment and discretion/skill set diversity Segregating Enforcement from Compliance (discovery) was a helpful 24 12

13 Key Lessons Learned-MRO More risk based approaches to both compliance and enforcement (e.g. resource allocation) More balance between documentation and operations evaluations Significantly higher level of detail required for public filings to the Commission (e.g. the written record must stand on its own merits) More sophistication in discovery methods (e.g. statistical models) 25 Learning from Other Models SEC released a report under Section 704 of Sarbanes-Oxley (January 2003) Examined five years of enforcement data Top four categories of audit failures: Failure to obtain sufficient, competent evidential matter to determine compliance (support audit opinion) Failure to exercise professional skepticism on the unusual Failure to maintain independence Failure to respond adequately to red flags 26 13

14 Summary SRO model is new to the industry Challenges to move from voluntary to mandatory compliance environments Learn from other models and industries Organizations like SCCE provide value to lessen the learning curve 27 14