At the December 17th Commission Meeting, FERC issued a number of orders concerning its enforcement program and the NERC reliability program. NERC also recently posted the audit report for its triennial independent audit, as well as guidance concerning newly identified Critical Assets and Critical Cyber Assets. These issuances are summarized below.

The 2009 Report on Enforcement Outlines FERC’s Activities in FY2009 and Priorities for FY2010.

FERC’s FY2009 Accomplishments Include 22 Settlements, 122 Self-Reports and 33 Audits.

In the 2009 Report on Enforcement, FERC highlighted the following FY2009 accomplishments:

• Settlements: Staff entered into 22 FERC-approved settlement agreements for a total of $38.3 million in civil penalties and an additional $38.6 million, plus interest, in disgorgement of unjust profits. The settlements included several involving alleged market manipulation.

• Investigations: Staff received 122 new self-reports of violations, opened 10 investigations and closed 36 investigations. The Enforcement Hotline received 509 complaints and inquiries during the past year; staff closed 485.

• Audits: Staff completed 33 audits of public utilities and natural gas pipeline and storage companies, 28 were financial and five nonfinancial. The audits generated 112 recommendations for corrective action and included $2.8 million in monetary recoveries from accounting and billing adjustments.

• Financial Regulation: Staff worked on several projects, including a series of teleconferences to provide guidance in complying with the reporting requirements of Order No. 704, a list of Frequently Asked Questions regarding Form No. 552, and review of nearly 5,000 Electric Quarterly Report filings.

• Energy Market Oversight: Staff produced three publicly available market assessments – the Winter Energy Market Assessment, the 2008 State of the Markets Report and the 2009 Summer Energy and Reliability Market Assessment.

FERC’s FY2010 Enforcement Priorities Include a Focus on Compliance with Reliability Standards.

In FY2010, FERC Enforcement will focus on matters involving its four priorities: fraud and market manipulation; serious violations of the reliability standards; anticompetitive conduct; and conduct that threatens the transparency of regulated markets.

With respect to violations of the NERC Reliability Standards, Enforcement plans to place its emphasis on cases resulting in actual harm, either through the loss of load or through some other means, as well as cases involving repeat violations of the Reliability Standards, a violation of a standard that carries a high Violation Risk Factor, or substantial actual risk to the Bulk Power System. We note that in FY2009, FERC’s Division of Audits staff joined FERC’s Office of Electric Reliability staff to observe 12 reliability audits conducted by the eight Regional Entities and three Agreed-Upon Procedures audits conducted on behalf of NERC.

As a result of Enforcement’s prioritization of NERC compliance, regulated entities should expect increased pressure on their Regional Entities to result in more significant findings in audits, spot checks and investigations.

The 2009 Report on Enforcement is available at: http://www.ferc.gov/legal/staff-reports/12-17-09-enforcement.pdf.

FERC Issues Two Orders to Make Its Enforcement Process More Transparent.

FERC Will Provide Earlier Public Notice of Non-Public Investigations in Certain Circumstances.

FERC authorizes the Secretary to issue Staff’s Preliminary Notice of Violations (“Notice”) upon direction from the Director of Enforcement, after the subject of the investigation has had the opportunity to respond to staff’s preliminary findings letter. The Notice will disclose (1) the identity of the entity or entities that are the subject of the investigation; (2) the time and the place of the alleged conduct; (3) the rules, regulations, statutes or orders that staff alleges were violated; and (4) a concise description of the alleged wrongful conduct. As a result, regulated entities will be able to more readily identify FERC’s enforcement priorities by reviewing these Notices, but will not be able to provide input on or direct the course of these investigations. The order is available at: http://www.ferc.gov/whats-new/comm-meet/2009/121709/M-1.pdf.

We note that the public currently receives notice of non-public investigations at the time the parties enter into a settlement agreement or FERC issues a show cause order. The new policy will likely encourage entities to enter into settlement more rapidly to avoid reputational harm resulting from a time lag between the issuance of the Notice and the settlement agreement.

FERC Will Disclose Exculpatory Materials to Subjects of FERC Non-public Investigations.

FERC issued a Policy Statement, Policy Statement on Disclosure of Exculpatory Materials, to provide guidance concerning the obligations and procedures for disclosing exculpatory materials during investigations conducted under Section 1b and administrative enforcement actions under Part 385 of FERC’s regulations. While Enforcement staff’s prior practice has been to provide exculpatory material to subjects, FERC concluded that formalizing Enforcement staff’s obligation, and the procedures necessary to comply with that obligation, will promote maximum fairness. The order is available at: http://www.ferc.gov/whats-new/comm-meet/2009/121709/M-2.pdf.

Triennial Independent Audit of NERC Compliance Process Highlights Challenges.

Crowe Horwath, an outside consultant hired by NERC management, identified several gaps in NERC’s reliability standard compliance process during its triennial audit of NERC’s compliance process. Crowe Horwath recommends that NERC clarify its rules, improve consistency among its eight Regional Entities, ensure that adequate staffing is available to handle workload and make certain that it and its regulated entities implement new monitoring, technology improvements and enhanced controls over data security. The audit report identifies changes to NERC’s structure and the assignment of responsibilities as well as the relative inexperience of NERC staffers as contributing factors to NERC’s challenges.

The recommendations included in the report should not come as a surprise to NERC because the power industry and FERC have made similar suggestions over the past several months, including expressing concern about staffing levels and how Regional Entity interpretations of the reliability standards vary from region to region and may result in a violation in one region but not in another. The chairman of the NERC Board of Trustees Compliance Committee, Paul Barber, responded to the report, stating that “NERC has already begun to address some of these recommendations and is committed to addressing the remainder as part of its efforts to institute changes.”

In the meantime, entities subject to the reliability standards should continue to carefully watch NERC’s enforcement filings and request clarifications of ambiguous reliability standards to ensure that they are able to comply with the requirements and are not held to vague or shifting standards that are inconsistently applied.

The audit report is available at: http://www.nerc.com/files/Compliance_Evaluation_Report_121509.pdf.

Paul Barber’s letter is available at: http://www.nerc.com/fileUploads/File/Compliance/Letter_Compliance_Evaluation_Report_121509.pdf.

NERC Issues a Compliance Bulletin Concerning Newly Identified Critical Assets and Critical Cyber Assets.

On December 18, 2009, NERC issued a Compliance Process Bulletin to guide affected registered entities concerning the applicability and implementation of Version 1 of the Critical Infrastructure Protection (CIP) Reliability Standards CIP-002-1 through CIP-009-1, specifically with respect to newly identified Critical Assets and Critical Cyber Assets. NERC announced that it will exercise its discretion (and directs the Regional Entities to exercise similar discretion) to defer possible violations of Reliability Standards CIP-002-1 through CIP-009-1 that are associated with assets that have been identified as Critical Assets or Critical Cyber Assets during the period from the effective date of this bulletin until the time when the Version 2 CIP Reliability Standards go into effect (April 1, 2010). As a result, any asset that a responsible entity has identified as a Critical Asset or Critical Cyber Asset during this time period will be deemed to have been identified on April 1, 2010. The responsible entities then will need to come into compliance with respect to such assets in accordance with the implementation plan for the Version 2 CIP Reliability Standards. Consequently, compliance milestone dates will be calculated based on an April 1, 2010 start date for any Critical Assets or Critical Cyber Assets identified during this period prior to April 1, 2010. For additional information, please see NERC Compliance Process Bulletin #2009-008: http://www.nerc.com/files/2009-008_Public_Notice-V1.pdf.

FERC Issues Several Orders on Reliability Standards.

FERC Accepted Revised Mandatory Reliability Standards for Interchange Scheduling and Coordination.

FERC issued a Final Rule accepting NERC’s updated Interchange Scheduling and Coordination (INT) Reliability Standards. The revised INT Reliability Standards incorporate separate timing tables for the Western Interconnection and the Eastern Interconnection, which includes Electric Reliability Council of Texas (ERCOT) and Hydro-Quebec. The changes clarify response requirements for all affected entities. The order is available at: http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=12221908.

FERC Reviews Implementation of Critical Infrastructure Protection Reliability Standards.

FERC determined that it requires additional information to evaluate NERC’s Implementation Plan for nuclear power plant generator owners’ and operators’ compliance with Version 1 of the Critical Infrastructure Protection (CIP) Standards (CIP-002-1 through CIP-009-1). FERC directed NERC to make a compliance filing (1) providing additional information regarding the scope of systems determination, particularly the exemption process, and (2) incorporating into the Implementation Plan the implementation of Version 2 of the CIP Standards by nuclear power plants on the same schedule established for Version 1. The order is available at: http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=12221909.

FERC Clarified Its Requirements for a Visitor Control Program under CIP-006-2.

FERC denied EEI’s request for rehearing, but granted its motion for clarification and extension of time to comply with the September 30 Order concerning CIP Reliability Standards. FERC clarified that the visitor control program it directed NERC to include in CIP-006-2 is intended to address safety and physical security issues associated with visitors only, not unauthorized personnel or personnel with unescorted access rights. FERC explained that “[b]y virtue of their class, visitors require greater scrutiny, including continuous escort, and logs recording locations visited and dates and times of entry and exit.” FERC also granted a 90-day extension from the date of issuance of this order so that NERC would have sufficient time to develop the new CIP-006-2 requirement. The order is available at: http://elibrary.ferc.gov/idmws/common/opennat.asp?fileID=12221954.