In the world of North American Electric Reliability Corp. (NERC) Reliability Standards, each company (entity) that must comply with the standards determines for itself the scope and size of its compliance program, based on the scope and size of its operations. NERC Standards make no accommodation for or distinction between the scope of compliance programs for a large, vertically integrated utility and a small municipality, independent power producer, or wind generator. This single standard is particularly apparent in the Generator Owner and Generator Operator sections of the standards and the features of their internal compliance programs.
Today, registered entities must have a compliance program in place — it’s no longer a matter of "if" but "how big." The standards may be quiet about how the size and scope of an entity determine the size and scope of its compliance program, but policy statements from regulators do make reference to ways different-size entities can comply with the standards.
An example of a policy statement that may mean different standards apply to different-size entities is this passage from the Federal Energy Regulatory Commission (FERC) Policy Statement on Compliance (Docket PL09-1-000 at paragraph 10):
The Commission expects companies to invest appropriate time and effort in the creation, monitoring, and growth of strong internal compliance programs. Depending on a company’s size and organizational structure, the nature and complexity of the company’s involvement in activities subject to Commission regulation, and the range of compliance risks resulting from those activities, a comprehensive and effective compliance program may be time and resource intensive. The needs and circumstances of each company are unique, and we recognize that a company may meet its compliance obligation with internal resources, outside assistance, or a combination of the two.
The desired components of a well-designed compliance program are well known and are also listed in the FERC Policy Statement on Compliance, p. 4:
Provide sufficient funding for the administration of compliance programs by the Compliance Officer
Promote compliance by identifying measurable performance targets
Tie regulatory compliance to personnel assessments and compensation, including compensation of management
Provide for disciplinary consequences for infractions of Commission requirements
Provide frequent mandatory training programs, including relevant "real world" examples and a list of prohibited activities
Implement an internal Hotline through which personnel may anonymously report suspected compliance issues
Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board
A large utility could easily conclude that it must assemble a large, comprehensive compliance team with representation across the company to carry out the specific items on the list, draft an internal compliance procedure document, establish or modify training programs across the company to address reliability responsibilities, initiate and develop periodic monitoring mechanisms with its internal audit group, and draft more procedures by which the compliance team will review and manage all components of the compliance effort by the company.
Alternatively, for a small independent generator or municipality, these policy statements provide a different, less-cumbersome path to reach the same results. The smaller entity will assemble a "compliance team" ideally made up of operations, legal, regulatory, and senior management representatives. In some cases for the smaller entity, this would be a "team" of one person. Similar flexibility is given for the design and implementation of training programs, ongoing methods of tracking the latest versions of applicable standards, and internal audit/monitoring activities.
These FERC policy statements also give smaller entities the latitude to use a combination of internal resources and outside assistance as perhaps the shortest and most cost-effective road to reach the goal of implementing a robust compliance program while avoiding the substantial costs of additional staff devoted primarily to compliance issues.
In the coming months, expect to see products emerge in the marketplace designed specifically to assist small to mid-size responsible entities achieve compliance with the NERC Reliability Standards. The new products will help smaller entities adhere to the same programmatic requirements as their larger counterparts, but with a more cost-effective and structured approach designed specifically for them.
— By James Stanton (firstname.lastname@example.org), POWER contributing editor and executive director of SPS ENERGY, a division of SPS Consulting Group Inc.