FERC’s Enforcement Priorities After 10 Years Under the EPAct

On August 8, 2005, the Energy Policy Act of 2005 (EPAct) was signed into law. It remains, arguably, the last significant piece of energy legislation to be enacted in the U.S. The changes wrought by EPAct are far-reaching and controversial, and for the gas and electric industry, perhaps no change has been more significant than the law’s transformation of the Federal Energy Regulatory Commission (FERC) into a formidable enforcement agency.

EPAct endowed FERC with authority to impose civil penalties of up to $1 million, per day, per violation under the Federal Power Act (FPA), the Natural Gas Act, and the Natural Gas Policy Act, and FERC has aggressively staked out its enforcement territory. Since 2007, the Commission has imposed over $642 million in civil penalties and ordered disgorgement of more than $300 million in profits. Two areas attracting a significant amount of FERC’s attention over the past decade include market manipulation and protection of the electric grid from cyberattacks.

Market Manipulation

In July 2013, FERC entered into a consent agreement requiring JP Morgan to pay a $285 million civil penalty and disgorge $125 million in profits for allegedly making bids in the electric markets administered by the California Independent System Operator (CAISO) and the Midcontinent Independent System Operator that were designed to create artificial conditions that forced those ISOs to pay JP Morgan outside the market at premium rates.

In the Hunter case in 2013, FERC had a civil penalty for alleged market manipulation rejected by the D.C. Circuit for encroaching on futures markets found to be subject to the Commodity Futures Trading Commission’s exclusive jurisdiction.

In four other cases, FERC’s role as the adjudicator of market manipulation is under assault as the defendants have elected to force FERC to file suit in federal district court, where there is to be de novo review under FPA Section 31(d)(3). These cases include challenges to:

■ A July 2013 order in which FERC required Barclays to pay $435 million in civil penalties and $34.9 million in disgorged profits for allegedly engaging in certain physical market trades for the sole purpose of benefitting its financial swap positions.

■ An August 2013 order in which FERC required Competitive Energy Services to pay a civil penalty of $7.5 million for allegedly devising and implementing a fraudulent scheme whereby one of its demand response service provider clients inflated its baseline energy usage in order to capture demand-response revenues from artificial load reductions.

■ A May 2015 order in which FERC imposed civil penalties of $30 million on Powhatan Energy Fund and others for allegedly placing round-trip up-to-congestion bids in order to profit from the distribution of transmission line–loss credits.

■ A May 2015 order in which FERC required Maxim Power Corp. to pay a civil penalty of $5 million for allegedly falsely reporting to ISO New England that it was burning oil rather than cheaper natural gas and thereby collecting inflated make-whole payments from the ISO.

In each of these cases, FERC is taking the position that the de novo review provided for under FPA Section 31(d)(3) means simply that the court should decide the case based on the record that was before FERC without according any deference to FERC’s decision, while the defendants are generally claiming that de novo review means that the case is to be re-adjudicated at the district court level with full rights to discovery and to introduce evidence. If the courts adopt Barclays’ interpretation of what de novo review means in this context, this could prove to be an effective avenue to rein in FERC’s aggressive enforcement tactics.

Cybersecurity

FERC has made “serious violations” of North American Electric Reliability Corp. (NERC) standards a major enforcement priority. FERC and the electric industry have given considerable attention to the development and refinement of Critical Infrastructure Protection reliability standards (CIP Standards) that are intended to protect the electric grid from cyberattacks. Frequent changes to CIP Standards reflect an effort to keep up with the increasingly innovative ways that hackers can exploit a vulnerable bulk electric system and inflict substantial damage on the American economy.

In the last two years alone, FERC has conditionally accepted Version 5 of the CIP Standards and then conditionally accepted seven modified Version 6 standards. In its most recent proposed rulemaking regarding CIP Standards, FERC has further directed NERC to develop a new (or modified) CIP Standard that will address supply chain vulnerability to targeted malware and inevitably introduce new Version 7 standards. This proposal marks only the third time FERC has used its EPAct authority to require NERC to propose a new standard, highlighting the careful attention FERC has devoted to cybersecurity threats. This concern with cybersecurity may be well placed, as a recent report by Lloyd’s and the University of Cambridge Centre for Risk Studies estimates that a large-scale cyberattack on the U.S. grid could cost the economy over $100 billion.

FERC seems to relish its role as an enforcement force in the electric industry under EPAct. It remains to be seen, though, whether its authority will be curtailed by the courts or whether an industry burdened with high compliance costs and exposure will push back enough to spawn the next major piece of energy legislation in the U.S. ■

Carlos E. Gutierrez (carlosgutierrez@dwt.com) is counsel in Davis Wright Tremaine’s Energy practice group in the firm’s New York, N.Y., office.

PWR_110115_LR_cgutierrez