FERC COMPLIANCE AND ENFORCEMENT
October 29, 2014
Washington, DC
INTRODUCTION
INTRODUCTION AND OUTLINE
•
FERC Compliance and Enforcement
Overview
•
General Regulatory Compliance
Requirements
•
Reliability Oversight
•
Cybersecurity Oversight
•
CFTC Regulation Oversight
•
FERC Enforcement Practice & Procedure
•
FERC Guidance on Penalties & Mitigation
•
Compliance Best Practices
2
FERC COMPLIANCE AND
ENFORCEMENT OVERVIEW
Federal Energy Regulatory Commission (FERC)
FERC, an independent regulatory
commission within the Department of Energy
(DOE), is composed of four commissioners
and one chairman.

Created by the Department of
Energy Organization Act on October
1, 1977, FERC assumed the
responsibilities of its predecessor, the
Federal Power Commission (FPC).

Has jurisdiction over electric utilities,
the interstate natural gas industry,
electric utilities, hydroelectric
projects, and oil pipelines.
4
FERC administers a variety of statutes that provide the
framework under which it regulates the natural gas
and electric industries, as well as the transportation of
oil, including:
• Federal Power Act
• Natural Gas Act (NGA)
• Natural Gas Policy Act of 1978 (NGPA)
• Public Utility Holding Company Act of 2005
• Public Utility Regulatory Policies Act of 1978
• Interstate Commerce Act
• Federal regulations set forth in 18 C.F.R. Parts 1-399
5
FERC’s Duties
FERC regulates the interstate electric, natural gas
and oil pipeline industries and, as such, it:
1.
Regulates the transmission and wholesale sales of
natural gas in interstate commerce;
2.
Regulates the transmission and wholesale sales of
electricity in interstate commerce;
3.
Licenses and inspects private, municipal, and state
hydroelectric projects;
4.
Approves the siting and abandonment of interstate
natural gas pipelines and storage facilities, and
ensures the safe operation and reliability of proposed
and operating liquefied natural gas (LNG) terminals;
6
FERC’s Duties (cont’d)
5. Ensures the reliability of high-voltage interstate
transmission systems;
6. Monitors and investigates energy markets;
7. Uses civil penalties and other means against
energy organizations and individuals who violate
FERC rules in the energy markets;
8. Oversees environmental matters related to natural
gas, hydroelectric projects, and major electricity
policy initiatives;
9. Administers accounting and financial reporting
regulations and the conduct of regulated
companies; and
10. Regulates the transmission of oil by pipelines in
interstate commerce.
7
Federal Power Act (FPA)
In 1920, Congress enacted the Federal Water Power
Act for the purpose of coordinating the development
of hydroelectric projects within the United States. The
Act also created the Federal Power Commission (FPC)
as the licensing authority for these projects. In 1935,
Congress amended and renamed the Act the
Federal Power Act and expanded the FPC’s
jurisdiction to include:
1. the transmission of electricity in interstate
commerce;
2. its sale in interstate commerce for resale; and
3. all facilities used for the sale or transmission of
electricity in interstate commerce.
8
MAJOR FPA Amendments
• Public Utility Regulatory Policies Act of 1978
▫ Required electric utilities to buy the energy generated
by “Qualifying Facilities” (e.g., cogenerators) at i.e., the
utilities’ “avoided cost.”
• Energy Policy Act of 1992 (EPAct 92)
▫ Reduced regulatory burden for Exempt Wholesale
Generators (EWGs) and required FERC to open the
nation’s electric transmission grid to wholesale suppliers
on a case-by-case basis.
• Energy Policy Act of 2005 (EPAct 2005)
▫
▫
▫
▫
FERC to oversee the reliability of the transmission grid.
FERC can assess civil penalties of up to $1 M per day.
“National interest electric transmission corridors” siting.
FERC authorization required before a public utility
acquires electric generating facilities over $10 Million.
9
FERC Regulations
FERC’s regulations are located in volume 18 of the
Code of Federal Regulations, 18 C.F.R. § 1, et seq.
Sections of note include the following:
1b
Rules relating to Enforcement Investigations;
1c
Rules relating to Prohibition of Market Manipulation;
33
Applications under FPA Section 203 (e.g., to sell FERC
jurisdictional electric facilities or acquire generation
facilities valued at $10 million or more);
35
Filing of rate schedules and tariffs by electric utilities;
358
Standards of conduct for transmission providers, that
is, both electric utilities and interstate natural gas
pipelines; and
385
FERC’s Rules of Practice and Procedure.
10
FERC COMMISSIONERS
• FERC is currently comprised of:
Acting Chairman Cheryl A. LaFleur (D, Massachusetts)
Commissioner Phillip D. Moeller (R, Washington)
Commissioner John R. Norris (D, Iowa)
Commissioner Tony Clark (R, North Dakota)
FERC commissioners serve staggered five-year terms. By
law, no more than three commissioners can be from the
same political party.
11
FEDERAL ENERGY REGULATORY COMMISSION
Organizational Chart
12
13
Office of Energy Market Regulation (OEMR)
OEMR integrates FERC’s economic regulation of the
electric, natural gas, and oil industries.
One of FERC’s primary goals is to prevent the exercise
of market power by wholesale power sellers, electric
transmission companies, and natural gas and oil
companies. This is accomplished by striking the right
balance between competition and regulation.
OEMR also deals with ensuring just and reasonable
rates, tariffs and conditions in natural gas pipeline, oil
pipeline and electric power markets and the reliability
of the electric grid.
14
15
Office of Enforcement
Assures compliance with FERC rules and regulations.
The office is made up of a multi-disciplinary team of
economists, engineers, attorneys, auditors, data
management specialists, financial analysts, and
policy analysts.
Initiates and executes investigations of possible
violations of FERC’s rules, and regulations; pursues
remedies through negotiation or litigation.
Maintains the Enforcement Hotline to informally
resolve disputes concerning any matter subject to
FERC’s jurisdiction.
16
FERC’s Civil and Criminal Penalty Authority
• Violations of the FPA, NGA, and FERC’s Rules and
Regulations promulgated thereunder (e.g., market
manipulation under 18 CFR § 1c and market based rate
requirements; quarterly reports, change in status) are now
subject to:
▫ $1,000,000 civil penalty per violation per day:
 Up to 5 years in prison.
▫ Individual civil liability for traders:
 Former Amaranth trader Brian Hunter is facing FERC
civil penalties of $30 million for alleged market
manipulation.
▫ Disgorgement of unjust profits:
 No statute of limitations.
▫ Revocation of market-based rate authority
17
Complying with FERC’s
Market Manipulation Rules
Jon Schneider
Stinson Leonard Street
EUCI, Washington, D.C.
October 29, 2014
18
The Statutory Framework

Market Manipulation in wholesale markets for Electricity and
Natural Gas and filing false Information with federal officials is
prohibited under:

Federal Power Act (“FPA”) Sections 221 and 222

Natural Gas Act (“NGA”) Sections 4A

The law is expressly applicable to Municipalities (FPA 201(f)
entities).

The potential criminal and civil penalties include up to $1 million per
day in fines and 5 years in prison – applicable to
corporations/municipalities AND individuals.

These statutory provisions have been operational since January 26,
2006, when FERC issued implementing regulations in Order No.
670.
19
False Data Reporting is Prohibited

Federal Power Act Section 221 –Prohibition on Filing False
Information

“No entity (including an entity described in section 201(f)) [i.e., a
municipal utility] shall willfully and knowingly report any information
relating to the price of electricity sold at wholesale or the availability of
transmission capacity, which information the person or any other entity
knew to be false at the time of the reporting, to a Federal agency with
intent to fraudulently affect the data being compiled by the Federal
agency.”

Natural Gas Act: False Reports violate Commission orders and are
subject to enforcement too.

FERC rules applicable to entities authorized to sell power at marketbased rate tariff also require honesty with respect to interaction with
ISOs. Good policy calls for this rule to be honored.
20
Manipulation of Electric Markets
Is Unlawful

Federal Power Act Section 222 –Prohibition of
Energy Market Manipulation
 “(a) In General - It shall be unlawful for any entity
(including an entity described in section 201(f)), directly or
indirectly:
• to use or employ,
• in connection with the purchase or sale of electric energy or
the purchase or sale of transmission services subject to the
jurisdiction of the Commission,
• any manipulative or deceptive device or contrivance (as
those terms are used in section 10(b) of the Securities
Exchange Act of 1934 (15 U.S.C. 78j(b)), in contravention of
such rules and regulations as the Commission may prescribe
as necessary or appropriate in the public interest or for the
protection of electric ratepayers.
21
Manipulation of Natural Gas
Markets Is Unlawful

Natural Gas Act Section 4A –Prohibition of Market
Manipulation

It shall be unlawful for any entity, directly or indirectly,
• to use or employ,
• in connection with the purchase or sale of natural gas or the
purchase or sale of transportation services subject to the
jurisdiction of the Commission,
• any manipulative or deceptive device or contrivance (as
those terms are used in section 10(b) of the Securities
Exchange Act of 1934 (15 U.S.C. 78j(b)) in contravention of
such rules and regulations as the Commission may prescribe
as necessary in the public interest or for the protection of
natural gas ratepayers….”
22
Implementing the Law Through
FERC Order No. 670

FERC’s regulations, 18 C.F.R. §§ 1c.1 and 1c.2, call for
action where an entity:
–
–
–
Uses a fraudulent device, scheme or artifice, or makes a
material misrepresentation or a material omission, or
engages in any act, practice, or course of business that
operates or would operate as a fraud or deceit upon any
entity;
With the requisite “scienter” [ill-intention];
In connection with the purchase or sale of natural gas or
electric energy or transportation of natural gas or
transmission of electric energy subject to the jurisdiction
of the Commission.
23
“Fraud” and “Deceit”
Fraud: Defined by FERC “to include any action,
transaction, or conspiracy for the purpose of
impairing, obstructing or defeating a wellfunctioning market.” Order No. 670 at P 50.
• Common Element: Actions taken with no
legitimate business purpose other than to
alter market results.
 Deceit: Used by FERC to snag entities engaged
in misleading practices under FERC tariffs.

24
Three Common Areas of Focus
 Collusive

behavior
Price Fixing, e.g.
 Activity
in one market without legitimate
business purpose that has an effect on
another.
 Misrepresentation in dealings under
FERC-jurisdictional tariffs
25
What’s Fraud And What’s Not?
 Even
freely operating markets don’t
always work so well. Taking advantage
of legitimate market opportunities, in
response to changing market
conditions, does not constitute fraud.
 Permissible Activity:


Market arbitrage
Scarcity pricing
26
Scienter – You Have to Intend to Mess Up

“Scienter” refers a party’s affirmative intention to manipulate
the market



FERC’s rules follow SEC market manipulation Rule 10b-5 and
require knowing or intentional conduct designed to deceive or
defraud by controlling or artificially affecting prices
Only intentional conduct is prohibited. Scienter cannot be found
where a party acted negligently or inadvertently, even if those
actions affect prices
Reckless conduct, including willful blindness, can satisfy the
scienter requirement if the violator followed a course of action
that involved a known or patently obvious danger of
misleading
27
Only Acts “In Connection With” A Jurisdictional
Purchase or Sale Are Subject To the Rule

FPA § 222, NGA § 4A, and Rule 1c encompass only activity that is “in
connection with the purchase or sale” of FERC jurisdictional service – l.e.,
wholesale sales of natural gas/electricity or transportation/transmission
subject to FERC jurisdiction.

Interpreted under SEC law to implicate activities where any point in a
planned chain of events includes a jurisdictional transaction.



Sale by a municipal into an organized (RTO) market is considered “in
connection with” a jurisdictional sale. Any sale impacting FERC
markets is probably the same category.
Sale across jurisdictional wires or to a jurisdictional entity may also
qualify.
Bottom Line: Don’t try to manipulate any aspect of a deal that could become
part of an interstate transaction because FERC will find a nexus.
28
Commodities Exchange Act and
Regulations


CEA section 6(c)(1): “It shall be unlawful for any person,
directly or indirectly, to use or employ, or attempt to use or
employ, in connection with any swap, or contract of sale of any
commodity in interstate commerce, or for future delivery on or
subject to the rules of any registered entity, any manipulative or
deceptive device or contrivance, in contravention of ….[CEC
rules].”
Elements of Manipulation: Is there evidence of an attempt
to defraud, or to make misleading statements or false
reports in order to alter the natural outcome of a
competitive market.
29
What’s Prohibited - Examples

Wash Trades

Pre-arranged offsetting trades of the same product among the
same parties which involve no economic risk and no net change
in beneficial ownership
• Motivation: gives the appearance of setting a market price or
of increased sales activity or liquidity in a market
• Any resulting advantages are considered improper because
the trades are fictitious, and do not represent the normal
operation of a freely competitive market

Key to understanding behavior: No legitimate business reason
for transaction outside manipulative intent.
30
What’s Prohibited:
Examples drawn from FERC Market Rules

While Wash Trades are prohibited, some simultaneous exchanges of
similar products are allowed.

Examples of permitted transactions include:

Power exchange to avoid need to use physical transmission


Why? Different prices and change of beneficial ownership.
Sales or purchases to offset an error
• Why? Not intentionally prearranged

Sleeves: Designed to assure third party of buyer’s creditworthiness
• Why? Not designed to cancel out a trade, but to facilitate one.

Bookouts: companies with offsetting delivery obligations agree not to
deliver.
• Why? Occurs after parties took the risks of original transactions based on
changed conditions
31
•What’s Prohibited - Examples

Transactions predicated on submitting false
information

Inaccurate or intentionally misleading schedules, load or
generation data that is intended to distort the market
• Excessively high bids in the day ahead market that effectively
remove generation from that market so it can be offered in
the real time market
• Scheduling non-firm service or products as firm

But not inadvertent or honest errors, or forecasted good
faith estimates, so long as organization has procedures in
place to evaluate information and reduce risk of error
32
What’s Prohibited - Examples

Artificial Congestion: Transactions in which an
entity creates artificial congestion and purports to
relieve it
 scheduling conterflow transactions to cause and
relieve congestion, entitling scheduler to congestion
relief payments (Enron “Death Star”)
 scheduling non-firm power over congested path with
no intention of delivering power, but done to obtain
congestion payment upon agreement to cut schedule.
 Theory: Deceit to take advantage of revenue stream
under tariff
33
What’s Prohibited, and What’s Not
Not Prohibited: Virtual bidding
I.e., bids for the purchase or sale of energy with
no expectation of physical delivery.
 Considered a legitimate form of arbitrage in
which a buyer or seller bids in the day ahead
market and hopes to profit from a purchase or
sale of the energy at real time prices. Unlike a
physical bid, the buyer or seller does not have to
have load or power to back up its virtual bid.

34
What’s Prohibited
Prohibited:
 Collusion with another party for purposes of
manipulating market prices, market conditions,
or market rules related to the jurisdictional sale
or transportation of electricity or natural gas


Among other things, this prohibition overlaps antitrust
law (agreements in restraint of trade)
Intentional false reporting (to Gov’t or trade
press) to advantage a market position
35
What’s Prohibited – Amaranth Advisors, LLC
Case Study

FERC’s findings of fact:



Amaranth employees drove down the month-ahead futures
contract settlement price by high volume sales at the very end of
the settlement period shortly prior to month close.
Purpose of activity: To take advantage of the impact of price
decline on opposing financial or physical positions in the ensuing
month.
No legitimate business reason for trades outside intention to
manipulate market and affect derivative prices. (Note:
Amaranth lost money on trading in prompt month.)
36
What’s Prohibited – Amaranth Advisors, LLC
Case Study

FERC’s conclusions:

Amaranth employees intended to deceive/defraud investors in
swaps/options and physical markets by interfering with the
natural function of the futures market (scienter).
• Intention established through Amaranth employees’ knowledge of
impact of futures pricing on derivatives and physical markets.
• Impact on physical markets establishes activity “in connection with”
FERC jurisdictional activity.


$30 million penalty assessed
Case reversed on jurisdictional grounds
37
Rumford Paper Co.
142 FERC ¶ 61,218 (2012)
ISO-NE Demand Response program provides
payment for reduction to base-line load.
 Rumford is a co-generator. Reduced cogeneration by 30-40 MW /day for the period
during which the baseline was established.
 Held: Market manipulation. Artificial base-line
designed to defraud ISO-NE.



Misrepresentation under ISO tariff to take advantage
of revenue stream.
Compare payments for artificial congestion
38
Constellation Energy Commodities Group
138 FERC ¶ 61,168 (2012)

Traders took long and short Contract for
Difference Positions (CFD), and supported them
by virtual or actual imports/exports altering
market price.

When net CFD position was short (betting on price
decline), traders arranged to import day ahead power.
• Note: traders’ short CFD position offers hedge to buyer
seeking insurance against price rise.


When net CFD position was long (betting on price
rise), traders arranged to export day ahead power
(generally at a loss).
Holding: Manipulative behavior. $110 million
disgorgement; $135 million civil penalty.
39
Edison Mission



PJM rules require entities designated as capacity
resources following winning capacity market bids must
bid energy into day-ahead market.
Edison Mission, knowing that real-time market is more
profitable entered unrealistically high bids into day-ahead
market, in order to keep power eligible for real-time
market.
Held: Edison found to misrepresent strategy to FERC
Staff (violation of market-based tariff rules).
40
FERC’s Penalty Authority – Applicable to
Organizations and Individuals

Criminal Penalties ( FERC refers to Department of Justice)



Up to $1 million/day
Up to 5 years in prison
Civil Penalties

Up to $1 million/day – FERC has substantial discretion, based on factors
including cooperation and quality of compliance program, and level of harm.

Disgorgement: FERC will always require disgorgement of ill-gotten profits

Refunds:

FPA § 206 also provides for refunds by § 201(f) entities (except for those with
less than 8 million mwh/year and cooperatives) for short-term sales into
organized markets in violation of Commission-approved tariffs or rules
41
What to Do When Something Has Gone
Wrong








Report the incident immediately to the chief compliance officer
Retain all documents related to incident
Minimize any ongoing damage
Conduct an internal investigation, and report findings to chief
compliance officer, senior management, and/or Board
Determine whether to conduct outside investigation
Take disciplinary action, if necessary
Determine if books or reported prices need to be restated
Determine whether to self-report
42
What to Do When the Government Calls

Notify Chief Compliance Officer. No obligation to speak in the
meantime.

Cooperate with government investigation, at the direction of the
Chief Compliance Officer.

Chief Compliance Officer will supervise an internal investigation with
counsel.

Longer term responses include assessment of current control
mechanisms and need for new or improved procedures,
consideration of whether to shift compliance resources to new
areas, whether new hiring and promotion policies are needed,
whether the affected department needs new procedures or control
mechanisms.
43
Fun with Case Studies
44
Case Study No. 1 - Electric
 Utility
trader takes a short position (or
sale at fixed price) in the month
ahead, then asks the utility’s affiliated
generator to sell at below marginal
cost in order to drive the forward
market price down.
45
Case Study No. 1 - Analysis
 Generation
sales have no legitimate
business purpose other than to affect
forward market position.
 Use of physical assets to affect the natural
operation of the forward market is
manipulative.
46
Case Study No. 2 – Electric
 Utility
trader takes a long position
(could be sale at an indexed price) in
the month ahead, then asks the utility’s
affiliated generator to take plants off
line, even though the market is above
the generators’ marginal cost.
47
Case Study No. 2 – Analysis
 Taking
plant off-line when
remunerative sales may be made has
no legitimate business purpose.
 Economic withholding in order to affect
market price is a form of market
manipulation.
48
Case Study - 3
 Utility
trader takes a long position (or
sale an indexed price) in month ahead
at Henry Hub and works with other
traders to churn market at end of the
previous month’s close, driving
settlement prices up.
49
Analysis - 3
 End
of month churning has no
legitimate business purpose and is
designed to affect forward market.
 Manipulation, per Amaranth approach.
50
Case Study No. 4 – Electric and Gas
 Trader
with combination electric and gas
utility offers neighboring utility gas sales
from an affiliated storage field at below
market prices, for use in generation that
was previously priced out of wholesale
market.
 Trader maintains short position in related
electric markets.
51
Case Study No. 4 - Analysis
 Below
market gas sales have no legitimate
business purpose other than to affect
forward market position.
 Use of physical assets to affect the natural
operation of the forward market is
manipulative.
52
Case Study 5 – Electric
 Trader
takes long position (or purchase at
fixed price).
 Works with affiliated transmission provider
to take key line out of service for
unscheduled maintenance (or understates
ATC).
53
Case Study 5 – Analysis
 Manipulative
Conduct - affects natural
outcome of market.
 Violation of Standard of Conduct
 Possible permutation: Work with
neighboring utility (collusion)
54
Case Study No. 6
 Utility
Transmission Function Employee
learns that neighboring ATC has been
erroneously understated and will soon be
corrected.
 Transmission employee turns information
over to trading group, which takes a short
position (or sale at fixed price) in the
affected market.
55
Case Study No. 6 - Analysis
Market manipulation follows from a trade based
on intentionally misleading data. Collusion to
manipulate the market is also present if a
marketer is involved.
 Violation of Standards of Conduct

56
Case Study No. 7 – Natural Gas

Utility Traders report prices to trade press 15%
above closing trades and take short position at
reflected prices prior to reports.
57
Case Study No. 7 – Analysis

False reporting in order to influence market
results constitutes market manipulation.

See Coral Energy
58
Case Study No. 8 – ISO Operations
 Utility
submits a schedule for delivery
of power across the CAISO which is
erroneously overstated
 The error is discovered, but goes
uncorrected, with knowledge that it will
affect forward prices.
59
Case Study No. 8 - Analysis
 If
the decision not to correct the
schedule was made knowing that the
schedule would influence forward
market prices to Utility’s advantage,
this may be market manipulation.
 Analysis: Intentional omission to alter
market outcome
60
Case Study No. 9 – ISO Operations
 FERC
caps ISO market rate for instate generation in order to control
exercise of market power
 In-state Utility ships power out of
state and arranges purchase of an
equal amount of power to be shipped
in-state
61
Case Study No. 9 - Analysis
 Wash
trade designed to circumvent
market rules constitutes market
manipulation.
 ENRON Code Name: Richocet
 Red Flag: Violation of Market Rules
62
Case Study No. 10
 Under
ISO rules, a utility which bids
successfully into capacity market is
obligated to bid energy into the day-ahead
market.
 Knowing that real-time market is more
profitable, utility bids energy into dayahead market at prices it knows are wellabove the market-clearing price.
 Utility sells energy into the real-time
market
63
Case Study No. 10 – Analysis
 Intentional
effort to circumvent ISO rules
through effective misrepresentation is
likely to be held to be manipulative.

(Note: Edison Mission was penalized for
misleading representations, not manipulation)
64
Case Study No. 11

Trader takes CRR position at intertie between
the CAISO and an external control area


To decrease losses from the CRR position, trader
schedules physical exports from CAISO at the
congested intertie, and imports at a separate intertie (at
loss or nominal gain).


Position allows trader to profit from export congestion at the
intertie point; suffer losses from import congestion.
Arrangement designated a wheel-through, but without an
external resource/load to which to wheel
Exports at the intertie eliminates import congestion,
raising the intertie price, increasing CRR value
65
Case Study No. 11 - Analysis

Violation #1:
Cross-Product Manipulation (18 C.F.R. 1c.2)


Traded in one product (physical exports) with the
intent to benefit a second product (financial CRR
position)
Engaged in a scheme involving “fraud and deceit”
under FERC’s Anti-Manipulation Rule: Trader’s
actions injected false and deceptive information into
the marketplace and affected the price at the intertie,
which hindered the proper functioning of the physical
market and the CRR market
66
Case Study No. 11 – Analysis

(contin.)
Violation #2:
Prohibition of submission of false or misleading
information or the omission of material
information (18 C.F.R. 35.41(b))
• Submitted false & fraudulent wheel-through
transactions to the CAISO, which did not meet
CAISO requirements, because they did not have
an external resource and load.
• FERC: This undermines the proper functioning of
the CAISO markets

Deutsche Bank Energy Trading, LLC, 142 FERC 61,056 (2013)
67
GENERAL REGULATORY COMPLIANCE
REQUIREMENTS
FERC Electric Forms
Form No. 1: Annual Report of Major Electric Utility
Form No. 1-F: Annual Report of Non-major Electric Utility
Form No. 3-Q: Quarterly Financial Report of Electric Utilities, Licensees, and
Natural Gas Companies
Form No. 423: Cost and Quality of Fuels for Electric Plants
Form No. 520: Application for Authority to Hold Interlocking Directorate
Positions
Form No. 523: Application for Authorization of the Issuance of Securities or
the Assumption of Liabilities
Form No. 556: Certification of QF Status for Small Power Production and
Cogeneration Facilities
Form No. 561: Interlocking Directorates
FERC-566: Twenty Largest Purchasers
FERC-580: Interrogatory on Fuel and Energy Purchase Practices
Form No. 714: Annual Electric Control and Planning Area Report
Form No. 715: Annual Transmission Planning and Evaluation Report
FERC-730: Report of Transmission Investment Activity
FERC-920: Electric Quarterly Report
69
Forms (cont’d)
FERC Gas Forms
Form No. 2: Major Natural Gas Pipeline Annual Report
Form No. 2A: Non-major Natural Gas Pipeline Annual Report
Form No. 3-Q: Quarterly Financial Report of Electric Utilities, Licensees, and
Natural Gas Companies
Form No. 11: Quarterly Statement of Monthly Data
Form No. 537: Annual Certificate Report
Form No. 537: Annual Report of 311 Facility Activities
Form No. 537: Notice of Bypass
Form No. 537: Semi-annual Storage Report
Form No. 549B: Index of Customers
Form No. 549B: Capacity Report Under Section 284.13
Form No. 549D: Quarterly Transportation & Storage Report for Intrastate
Natural Gas and Hinshaw Pipelines
Form No. 552: Annual Report of Natural Gas Transactions
Form No. 567: System Flow Diagrams
Form No. 576: Report of Service Interruptions
Form No. 577: Annual Report of Replacement of Certificated Facilities
Form No. 592: Marketing Affiliates of Interstate Pipelines
70
Forms (cont’d)
FERC Hydro Power Forms
Form No. 3-Q: Quarterly Financial Report of Electric Utilities, Licensees, and
Natural Gas Companies
Form No. 80: Licensed Hydropower Development Recreation Report
Form No. 587: Federal Land Description
Other Federal Agency Cost Submission Form
71
Cost-Based Rate and Tariff Review
An electric utility must obtain FPA section 205 rate
approval to change
1. Cost-of-Service rates (e.g., transmission) and
2. Tariff
72
Market-Based
Rate Review by FERC
Granted if neither seller or its affiliates have market
power in generation or transmission (or such market
power has been mitigated)
Conditioned on (1) restrictions governing transactions
and conduct between power sales affiliates with
captive customers; (2) filing post-transaction election
quarterly transaction reports (EQRs), and (3) notice of
change in status
Under Order 697, marketers with market-based rate
authority no longer need to file triennial updates if
they are determined to be a Category 1 Seller
(own/control <500 MW generation per region).
Category 2 sellers (everyone else) are required to file
regularly scheduled updated market power analyses.
73
EQRs - Must summarize each
quarter
• The contractual terms and conditions of its
agreements for all jurisdictional services (including
market-based power sales).
• Transaction information for short-term and long-term
market-based power sales.
• Agreements entered into pursuant to a marketbased rate tariff do not need to be filed with FERC;
the terms of the agreements only need to be
summarized in the EQRs.
• Financial transactions that do not go to physical
delivery, e.g., virtual bidding, do not need to be
filed in the EQRs.
• Filing deadlines – last day of the month following the
quarter. For example, for the period January 1
through March 31, the EQR due by April 30.
74
Change in Status – Market-Based Rates
A change in status is triggered by:
• A change in ownership or control of generation or transmission
facilities or inputs to electric power production and
• Affiliation with any entity not disclosed in the application for
market-based rate authority that owns or controls generation
or transmission facilities or inputs to electric power production
(other than fuel supply), or affiliation with any entity that has a
franchised service area. 18 C.F.R. § 35.27(c)(1)(i) and (ii).
• “Control”– “arrangements, contractual or otherwise, granting
control of generation or transmission facilities, just as effectively
as they could through ownership.”
• FERC considers the totality of circumstances on a fact-specific
basis, with “no single factor or factors necessarily resulting in
control.”
75
MBR holder must file a change
in status report when it (or an
affiliate):
• Gains control over the operation of a generation
facility, either by ownership or contractual
arrangement (e.g., energy management, asset
management, tolling, scheduling, or dispatching
agreements).
• Obtains cumulative increases in generation owned
or of 100 MW or greater (net of decreases) since the
initial application or last triennial review/change in
status report.
• Gains ownership or control of natural gas
transportation, storage or distribution facilities.
76
• Presumption of Control: “[A]n entity controls the
facilities when it controls the decision-making over
sales of electric energy, including discretion as to
how and when power generated by these facilities
will be sold.”
▫ Operation of the real-time desk 76% of the time (16
hours during the work week (off peak) and 24
hours per day during weekends and holidays);
decision-making authority over sales of electric
energy, including discretion as to how, when and
to whom to sell power, subject only to reliability
concerns; dispatch instructions while manning
trading desk; “power scheduling services”.
▫ Setting price, as long as operational and reliability
criteria met.
77
▫ Occasional sales of wholesale energy to itself while
operating the real-time desk, i.e., taking title to
power.
▫ Access to “sensitive, competitive information”
(e.g., load information, unit heat rate, etc.).
▫ Authority to enter into day-ahead wholesale
electricity contracts with provided volume and
acceptable prices (minimum, not ceiling); with
occasional scheduling of the physical power.
▫ Authority to determine timing and volume of RTO
bids.
▫ Authority to dispose of the output of certain
generation assets.
▫ Ability to withhold the supply from the market.
78
Interlocking Positions
• FPA Section 305(b) deals with the holding of
interlocking positions, that is, an officer or director of:
▫ more than one public utility (which includes
entities with market-based rate authority
▫ a public utility and (a) a bank, trust company or
firm authorized to underwrite public utility
securities; or (b) a company supplying electrical
equipment to such public utility.
• An Officer or Director is defined as: a president, vice
president, secretary, treasurer, general manager,
comptroller, chief purchasing agent, director or
partner, or anyone who performs similar executive
duties or functions. 18 C.F.R. § 45.2.
79
• Individuals holding the position of officer or director
of a public utility and of any bank, trust company,
banking association, or firm authorized to underwrite
utility securities or an entity providing electrical
equipment to a public utility must file an application
seeking FERC authorization to hold the interlocking
positions. If FERC does not act on the application
within 60 days, it is deemed granted.
• The key to the interlock rules is that the initial filing
must be made (and approval received if necessary)
before the person takes the position.
• Subsequently, each individual holding interlocking
positions must file a FERC Form 561 by April 30 listing
the interlocking positions held for the prior calendar
year.
80
Rules On Standards Of Conduct
Elements Of This Segment
• Explain “Standards of Conduct” governing
organization of utilities with both Marketing and
Transmission Functions under one roof.
• Explain the core principle embodied in the Standards
of Conduct – the Independent Functioning Rule.
• Describe the “No-Conduit Rule” as it pertains to
transmission information.
• Describe the procedure to be utilized when
transmission information is improperly disclosed.
• Tariff administration requirements
82
History: Order 888 And 889
• In 1996, FERC issued Order 888, which
compelled Investor Owned Utilities to provide
transmission service to eligible customers
under a standard (pro forma) Open Access
Transmission Tariff (OATT).
• At the same time, FERC issued Order 889
which established standards of conduct
governing the relationship between
transmission operations and wholesale
merchant operations within a utility.
83
Application Of Rules Governing
Standard Of Conduct
• Standards of Conduct Rules apply directly to
FERC jurisdictional utilities – Electric and Natural
Gas (interstate pipeline) Public Utilities
• For FPA 201(f) Entities (generally nonjurisdictional utilities),the “Reciprocity Rule”
appplies
▫ Reciprocity permits an investor owned utility to deny
service to a non-jurisdictional utility unless the NJU first
offers to provide “reciprocal service” to the IOU.
84
History: Post-order 889 Standards –
Order 2004
• Expanded Standards of Conduct rules
adopted in FERC Order 2004 in 2003
• Order 2004 rules were perceived as
overly expansive and overly complex
• Portions of Order 2004 invalidated on
appeal
• FERC ultimately acknowledged the
problems with Order 2004 and went
back to the drawing board
85
Order No. 717
• FERC announced revised standards of
conduct rules in Order No. 717, issued
on October 16, 2008
• Standards of Conduct rules adopted in
Order No. 717, with some later
clarifications, remain in place
• Part 358 of FERC’s regulations – 18
C.F.R. Pt. 358
86
Order No. 717 Key Aspects
Core purpose is to prevent sharing of
non-public transmission function
information with affiliated marketing
function that might provide marketing
function with advantage over
unaffiliated transmission customers
87
Keep In Mind . . .
• Two Fundamental Rules:


Independent Functioning of Transmission and
Wholesale Merchant Function Employees
Golden Rule: Utility Merchant employees cannot
have any non-public transmission information.
88
Employees Governed By Standards
Of Conduct Rules
• Everybody within a utility, with
particular application to:
▫ “Marketing Function Employees”
▫ “Transmission Function Employees”
▫ Individuals within the utility to whom
Wholesale Marketing and Transmission
function employees report and with whom
they conduct business
89
The Core Principle:
“Independent Functioning”
• Focus is on functions performed by individual
employees
• Transmission function employees must
function independently of wholesale
marketing function employees (“Functional
Unbundling”)
• Transmission operations personnel and
management cannot treat wholesale
marketing employees any differently than
any other independent marketers. This
relates to the nature of service and
information exchanged within the utility and
with third parties.
90
Employees Governed By Standards Of
Conduct Rules - Definitions
• “Marketing Function” - the sale for resale in interstate
commerce or the submission of offers to sell for resale
in interstate commerce, of electric energy or capacity,
demand response, virtual transactions, or financial or
physical transmission rights.
▫ It excludes bundled retail service
▫ Purchases of power are not covered
• “Marketing Function Employee” – an employee,
contractor, consultant or agent of a transmission
provider or of an affiliate of a transmission provider
who actively and personally engages on a day-to-day
basis in marketing functions.
91
Employees Governed By Standards Of
Conduct Rules - Definitions
• “Transmission Function” - the planning,
directing, organizing or carrying out of dayto-day transmission operations, including the
granting and denying of transmission service
requests.
▫ Does not include long-range planning activities
• “Transmission Function Employee” – an
employee, contractor, consultant or agent of
a transmission provider who actively and
personally engages on a day-to-day basis in
transmission functions.
92
Day-to-day Transmission Operations
• Granting or denying transmissions service
requests, regardless of duration
• Coordinating actual physical flows of power
• Isolating portions of system to prevent
cascades
• Imposing transmission loading relief
• Performing system impact studies if the SIS is
performed to determine whether the system
can support a transmission service request
▫ SIS for generator interconnection request is not a
transmission function
93
Who Are Not Transmission Function Or
Marketing Function Employees?
•
•
•
•
•
Field
Maintenance
Construction
Clerical
Engineering
► Unless actively and personally involved
on a day-to-day basis in transmission or
marketing operations
94
Who May Be Transmission Function Or
Marketing Function Employees?
•
•
•
•
•
•
•
•
•
Attorneys
Accountants
Risk Management Personnel
Regulatory Personnel
Rate Design Personnel
Strategic planning personnel
Procurement employees
Officers
Consultants and Contractors
•
These employees may be Transmission or Marketing Function
Personnel if they are actively and personally involved on a
day-to-day basis in transmission or marketing operations.
95
Independent Functioning Rule
(18 C.F.R. § 358.5)
• Transmission Function employees must
function independently of its
Wholesale Marketing Employees.
▫ Marketing Function Employees may not
conduct transmission functions
▫ Transmission Function Employees may not
conduct marketing functions
96
Physical And Organizational Separation:
• Organizations may meld transmission and
marketing employees, but must honor No
conduct and independent Function Rule.
• Structural Separation often implemented.
▫ Note: Employees engaged in the Wholesale
Merchant Function have no access to the
System Control Room.
• Officers and Directors may maintain dual
responsibility, but may not engage in dayto-day transmission and merchant
functions
97
Information Access - “No-conduit Rule”
(18 C.F.R. § 358.6)
• No conduit rule applies to all utility
employees, contractors and agents.
• “Non-public transmission function
information” is transmission information
not available to OATT customers on
OASIS.
98
Examples Of Information That May Not Be
Disclosed To Marketing Employees
• Transmission Capability (if not on OASIS),
Transmission Reliability Margins and Capacity
Benefit Margins for other companies
• Information about planned transmission
outages, now matter how far in the future
• Non-public transmission costs and budgets
• Non-public transmission customer information
• Transmission studies (System Impact,
Facilities), other than to applicants
99
Examples Of Information That May Not Be
Disclosed To Marketing Employees
• Transmission planning information (e.g.,
additions, upgrades)
• Maintenance schedules
• Information on pending transmission
requests
• Transmission information about other
systems, if not public
100
Integrated Resource Planning
• Revised Standards of Conduct Rules permit long-term
integrated resource planning (integration of
transmission, generation and load planning)
• How did the rules change?
▫ Transmission planning (other than day-to-day) is no
longer defined as a Transmission Function
▫ Resource Procurement (buying power) is no longer
defined as a Marketing Function
▫ Generation operations personnel are not defined as
marketing function employees
• BUT, Marketing Function Employees may not work with
Transmission Function Employees on Integrated
Resource plans.
101
Exemptions To Non-disclosure Rule
• Information pertaining to compliance with
NERC Reliability Standards may be disclosed
to Marketing Employees
• Information necessary to maintain or restore
operation of the transmission system, or
generating units, or that may impact dispatch
of generating units may be disclosed to
Marketing Employees.
• Where information is disclosed under these
exemptions, report must be made to the
Chief Compliance Officer, who will retain
record of the disclosure for five years.
102
Transparency Rule – Improper Disclosure
• Improper disclosure of transmission function
information must be promptly reported to
Chief Compliance Officer.
• Disclosed information must be promptly
posted on OASIS.
• For two categories of information, only
notice of improper disclosure should be
posted, not the information itself: (a) Critical
Infrastructure Information (CEII); and (b)
transmission customer information
• Posting does not “cure” original violation;
failure to post is a separate violation
103
Transparency Rule –
General Posting Requirements
• Standards of Conduct implementation
procedures
• Affiliates with marketing function employees
• Facilities shared by transmission function
employees and marketing function employees
• Job titles and job descriptions of transmission
function employees
• Notice of transfer of a transmission function
employee to a marketing function position and
vice-versa
• Potential merger partners
104
Tariff Administration
• FERC Standards of Conduct regulations in
Part 358 also include general rules to
ensure non-discrimination in the provision
of transmission service and administration
of the OATT
• Overarching requirement to treat all
transmission customers on a not unduly
discriminatory basis and not to grant any
undue preference or advantage. § 358.2(a)
105
Tariff Administration
• Tariff provisions not providing for discretion
Employees engaged in transmission system operations or
reliability functions shall strictly enforce all Tariff provisions
relating to the sale or purchase of open access transmission
service, if these provisions do not provide for the use of
discretion.
• Tariff Provisions providing for discretion. Employees
engaged in transmission system operations shall apply all
tariff provisions relating to the sale or purchase of open
access transmission service in a fair and impartial manner
that treats all customers in a nondiscriminatory manner if
these provisions involve discretion.
106
RELIABILITY OVERSIGHT
FPA Section 215 & Background
108
NERC’s Story:
The Tale Of Two Blackouts
November 9, 1965
August 14, 2003
109
110
Problem –
Who Has Regulatory Authority?
▫ FERC’s authority over reliability of the transmission system was
unclear until Energy Policy Act of 2005.
▫ NERC was a voluntary organization, relying on reciprocity and
the mutual self-interest of all those involved
▫ State authority varied and limited .
– In some cases, may be non-existent
111
FPA Section 215 - Statutory Basics
A Few Observations
•
Congress enacted mandatory reliability regime with full industry support Energy Policy Act of 2005
•
Congress rejected FERC-centric regime in favor of an ERO required to
consider stakeholder input in
▫ Choosing board of trustees
▫ Populating committees
•
Relationship with Industry is complicated: The ERO must be independent of
industry, but it depends on industry for the content of the standards.
•
Relationship with FERC is complicated:
▫ NERC is overseen by FERC – which approves standards and can reverse
enforcement actions.
▫ NERC occupies the same space as FERC, which:
 is also authorized to direct NERC to develop specific standards; and
 may undertake its own enforcement actions.
112
Energy Policy Act Of 2005:
Federal Power Act Section 215,
16 U.S.C. 824o
• (a)(4): The term “reliable operation” means operating the elements of
the bulk-power system within equipment and electric system thermal,
voltage, and stability limits so that instability, uncontrolled separation, or
cascading failures of such system will not occur as a result of a sudden
disturbance, including a cybersecurity incident, or unanticipated failure of
system elements.
• (b) Jurisdiction and applicability (1)The Commission [FERC] shall have
jurisdiction, within the United States, over the ERO [Electric Reliability
Organization] certified by the Commission under subsection (c) of this
section, any regional entities, and all users, owners and operators of the
bulk-power system, including but not limited to the entities described in
section 201(f) for purposes of approving reliability standards established
under this section and enforcing compliance with this section. All users,
owners and operators of the bulk-power system shall comply with reliability
standards that take effect under this section.
113
Federal Power Act Section 215,
Statutory Basics – Certification Of ERO
•
The Commission may certify an ERO that:
(1)has the ability to develop and enforce reliability standards that provide for an
adequate level of reliability of the bulk-power system; and
(2)has established rules that—
(A) assure its independence of the users and owners and operators of the
bulk-power system, while assuring fair stakeholder representation in the
selection of its directors and balanced decisionmaking in any ERO committee
or subordinate organizational structure;
114
Federal Power Act Section 215,
Statutory Basics - Certification
•
The Commission may certify an ERO that:
(2) has established rules that—
(B) Allocate equitably reasonable dues;
(C)provide fair and impartial procedures for enforcement of reliability
standards through the imposition of penalties in accordance with
subsection (e) of this section;
(D)provide for reasonable notice and opportunity for public comment,
due process, openness, and balance of interests in developing reliability
standards and otherwise exercising its duties; and
(E)provide for taking, after certification, appropriate steps to gain
recognition in Canada and Mexico.
115
Federal Power Act Section 215,
Statutory Basics – Reliability Standards – 215(d)
•
ERO must file each standard with FERC;
•
FERC may approve standard if determined to be “just and reasonable, not unduly
discriminatory or preferential and in the public interest.”
▫ FERC will give due weight to technical expertise of the ERO [untested in court]
•
FERC shall remand proposed standards that are disapproved
▫ [FERC does not have authority directly to modify standards – also untested]
•
215(d)(5): FERC may order ERO to submit proposed reliability standards or modifications
that address specific matters that FERC determines are needed to carry out section 215 [but
FERC can’t draft standards – again untested]
▫ See: FERC’s March 7, 2014 order directing NERC to develops standards
addressing physical security
Reliability Standards for Physical Security Measures, 146 FERC ¶ 61,166 (2014)
116
Federal Power Act Section 215,
Enforcement – FPA Section 215(e)
(e) Enforcement
(1) The ERO may impose, subject to paragraph (2), a penalty on a user or owner or
operator of the bulk-power system for a violation of a reliability standard approved by
the Commission under subsection (d) of this section if the ERO, after notice and an
opportunity for a hearing—
(A)finds that the user or owner or operator has violated a reliability standard
approved by the Commission under subsection (d) of this section; and
(B)files notice and the record of the proceeding with the Commission.
117
Federal Power Act Section 215,
Enforcement – FPA Section 215(e)
(e) Enforcement
By FERC:
(3)On its own motion or upon complaint, the Commission may order compliance
with a reliability standard and may impose a penalty against a user or owner or
operator of the bulk-power system if the Commission finds, after notice and
opportunity for a hearing, that the user or owner or operator of the bulk-power
system has engaged or is about to engage in any acts or practices that constitute
or will constitute a violation of a reliability standard.
By Regional Entities:
(4) FERC may authorize the ERO to delegate enforcement authority to a regional
entity that is governed by an independent or balanced stakeholder board (or a
combination)
118
NERC as ERO; Mandatory Standards:
• FERC Order No. 672
• NERC was certified as the ERO on July 20, 2006
• Standards were rushed from their state as
voluntary guidelines to mandatory status by
June 2007.
▫ FERC Order No 693: FERC approved 83 of 107 proposed
standards, making them mandatory & enforceable
• NERC pressed to morph from an industrysponsored voluntary organization into an entity
capable of producing enforceable standards and
enforcing them in the same time-frame.
• There were bound to be growing pains.
119
The Current FERC/NERC Model
•
NERC:
▫ Develops & enforces reliability standards
▫ Monitors the BPS
▫ Educates & trains industry personnel
•
NERC’s Vulnerabilities:
▫ Standards development
▫ Enforcement backlog
▫ FERC’s overlapping authority
•
FERC:
▫ Approves standards; penalties
▫ Makes recommendations & directives to NERC to improve/develop
standards
▫ Investigates & enforces serious violations
▫ Analyzes wide-scale events
120
NERC Reliability Standards
121
Reliability Standards – Applicability
•
Reliability standards apply to all elements and facilities that fall with “Bulk
Electric System” (BES) Definition
•
2010: FERC Order 743 directs new BES definition
•
New “core” BES definition employs 100kv “bright-line” threshold,
with specified inclusions & exclusions
▫ approved by FERC in Order No. 773; effective 7/1/14
▫ Additional refinements to inclusions & exclusions approved in March 2014
122
Reliability Standards – Applicability
NERC’s new BES definition employ a 3-step process:
Step 1: Core BES Definition:
▫ All Transmission Elements operated at 100 kV or higher, and
▫ Real Power and Reactive Power resources connected at 100 kV or higher.
123
Reliability Standards – Applicability
Step 2: Application of Inclusions (five)
•
I1 ‐ Transformers with the primary terminal and at least one secondary terminal operated
at 100 kV or higher unless excluded by application of Exclusion E1 or E3.
•
I2 – Generating resource(s) including the generator terminals through the high‐side of the
step‐up transformer(s) connected at a voltage of 100 kV or above with:
▫ Gross individual nameplate rating greater than 20 MVA. Or,
▫ Gross plant/facility aggregate nameplate rating greater than 75 MVA.
•
I3 ‐ Blackstart Resources identified in the Transmission Operator’s restoration plan.
•
I4 ‐ Dispersed power producing resources that aggregate to a total capacity greater than 75
MVA (gross nameplate rating), and that are connected through a system designed primarily
for delivering such capacity to a common point of connection at a voltage of 100 kV or
above. Thus, the facilities designated as BES are:
▫ The individual resources, and
▫ The system designed primarily for delivering capacity from the point where those
resources aggregate to greater than 75 MVA to a common point of connection at a
voltage of 100 kV or above.
•
I5 –Static or dynamic devices (excluding generators) dedicated to supplying or absorbing
Reactive Power that are connected at 100 kV or higher, or through a dedicated transformer
with a high‐side voltage of 100 kV or higher, or through a transformer that is designated in
Inclusion I1 unless excluded by application of Exclusion E4.
124
Reliability Standards – Applicability
Step 3: Application of Exclusions (four)
125
NERC Standards
(BAL) Resource and Demand Balancing
BAL-001-1
Real Power Balancing Control Performance
BAL-001-TRE-1
Primary Frequency Response in the ERCOT Region
BAL-002-1
Disturbance Control Performance
BAL-003-0.1b
Frequency Response and Bias
BAL-004-0
Time Error Correction
BAL-004-WECC-02
Automatic Time Error Correction
BAL-005-0.2b
Automatic Generation Control
BAL-006-2
Inadvertent Interchange
BAL-502-RFC-02
Planning Resource Adequacy Analysis, Assessment and
Documentation
BAL-STD-002-0
Operating Reserves (WECC)
126
NERC Standards
(CIP) Critical Infrastructure Protection
CIP-002-3
Cyber Security - Critical Cyber Asset Identification
CIP-003-3
Cyber Security - Security Management Controls
CIP-004-3a
Cyber Security - Personnel & Training
CIP-005-3a
Cyber Security - Electronic Security Perimeter(s)
CIP-006-3c
Cyber Security - Physical Security of Critical Cyber Assets
CIP-007-3a
Cyber Security — Systems Security Management
CIP-008-3
Cyber Security - Incident Reporting and Response Planning
CIP-009-3
Cyber Security - Recovery Plans for Critical Cyber Assets
127
NERC Standards
(COM) Communications
COM-001-1.1
Telecommunications
COM-002-2
Communications and Coordination
128
NERC Standards
(EOP) Emergency Preparedness & Operations
EOP-001-2.1b
Emergency Operations Planning
EOP-002-3.1
Capacity and Energy Emergencies
EOP-003-2
Load Shedding Plans
EOP-004-2
Event Reporting
EOP-005-2
System Restoration from Blackstart Resources
EOP-006-2
System Restoration Coordination
EOP-008-1
Loss of Control Center Functionality
129
NERC Standards
(FAC) Facilities Design, Connections and Maintenance
FAC-001-1
Facility Connection Requirements
FAC-002-1
Coordination of Plans For New Generation, Transmission, and End-User
Facilities
FAC-003-1
Transmission Vegetation Management Program
FAC-008-3
Facility Ratings
FAC-010-2.1
System Operating Limits Methodology for the Planning Horizon
FAC-011-2
System Operating Limits Methodology for the Operations Horizon
FAC-013-2
Assessment of Transfer Capability for the Near-term Transmission Planning
Horizon
FAC-014-2
Establish and Communicate System Operating Limits
FAC-501-WECC-1
Transmission Maintenance (WECC)
130
NERC Standards
(INT) Interchange Scheduling & Coordination
INT-001-3
Interchange Information
INT-003-3
Interchange Transaction Implementation
INT-004-2
Dynamic Interchange Transaction Modifications
INT-005-3
Interchange Authority Distributes Arranged Interchange
INT-006-3
Response to Interchange Authority
INT-007-1
Interchange Confirmation
INT-008-3
Interchange Authority Distributes Status
INT-009-1
Implementation of Interchange
INT-010-1
Interchange Coordination Exemptions
131
NERC Standards
(IRO) Interconnection Reliability Operations & Coordination
IRO-001-1.1
Reliability Coordination - Responsibilities and Authorities
IRO-002-2
Reliability Coordination - Facilities
IRO-003-2
Reliability Coordination - Wide-Area View
IRO-004-2
Reliability Coordination - Operations Planning
IRO-005-3.1a
Reliability Coordination - Current Day Operations
IRO-006-5
Reliability Coordination - Transmission Loading Relief (TLR)
IRO-006-EAST-1
Transmission Loading Relief Procedure for the Eastern
Interconnection
IRO-006-TRE-1
IROL and SOL Mitigation in the ERCOT Region
IRO-006-WECC-1
Qualified Transfer Path Unscheduled Flow Relief (WECC)
IRO-008-1
Reliability Coordinator Operational Analyses and Real-time
Assessments
IRO-009-1
Reliability Coordinator Actions to Operate Within IROLs
IRO-010-1a
Reliability Coordinator Data Specification and Collection
IRO-014-1
Procedures, Processes, or Plans to Support Coordination Between
Reliability Coordinators
IRO-015-1
Notifications and Information Exchange Between Reliability
Coordinators
IRO-016-1
Coordination of Real-time Activities Between Reliability Coordinators
132
NERC Standards
(MOD) Modeling, Data & Analysis
MOD-001-1a
Available Transmission System Capability
MOD-004-1
Capacity Benefit Margin
MOD-008-1
Transmission Reliability Margin Calculation Methodology
MOD-010-0
Steady-State Data for Modeling and Simulation of the Interconnected
Transmission System
MOD-012-0
Dynamics Data for Modeling and Simulation of the Interconnected Transmission
System
MOD-016-1.1
Documentation of Data Reporting Requirements for Actual and Forecast
Demands, Net energy for Load, and Controllable Demand-Side Management
MOD-017-0.1
Aggregated Actual and Forecast Demands and Net Energy for Load
MOD-018-0
Treatment of Nonmember Demand Data and How Uncertainties are Addressed in
the Forecasts of Demand and Net Energy for Load
MOD-019-0.1
Reporting of Interruptible Demands and Direct Control Load Management
MOD-020-0
Providing Interruptible Demands and Direct Control Load Management Data to
System Operators and Reliability Coordinators
MOD-021-1
Documentation of the Accounting Methodology for the Effects of Demand-Side
Management in Demand and Energy Forecasts
MOD-028-2
Area Interchange Methodology
MOD-029-1a
Rated System Path Methodology
MOD-030-2
Flowgate Methodology
133
NERC Standards
(NUC) Nuclear
NUC-001-2.1
Nuclear Plant Interface Coordination
134
NERC Standards
(PER) Personnel Performance, Training & Qualifications
PER-001-0.2
Operating Personnel Responsibility and Authority
PER-003-1
Operating Personnel Credentials
PER-004-2
Reliability Coordination - Staffing
PER-005-1
System Personnel Training
135
NERC Standards
(PRC) Protection and Control
PRC-001-1.1
System Protection Coordination
PRC-002-NPCC-01
Disturbance Monitoring
PRC-004-2.1a
Analysis and Mitigation of Transmission and Generation Protection System Misoperations
PRC-004-WECC-1
Protection System and Remedial Action Scheme Misoperation (WECC)
PRC-005-1.1b
Transmission and Generation Protection System Maintenance and Testing
PRC-006-1
Automatic Underfrequency Load Shedding
PRC-006-SERC-01
Automatic Underfrequency Load Shedding Requirements
PRC-008-0
Implementation and Documentation of Underfrequency Load Shedding Equipment Maintenance
Program
PRC-010-0
Technical Assessment of the Design and Effectiveness of Undervoltage Load Shedding Program
PRC-011-0
Undervoltage Load Shedding System Maintenance and Testing
PRC-015-0
Special Protection System Data and Documentation
PRC-016-0.1
Special Protection System Misoperations
PRC-017-0
Special Protection System Maintenance and Testing
PRC-018-1
Disturbance Monitoring Equipment Installation and Data Reporting
PRC-021-1
Under-Voltage Load Shedding Program Data
PRC-022-1
Under-Voltage Load Shedding Program Performance
PRC-023-2
Transmission Relay Loadability
136
NERC Standards
(TOP) Transmission Operations
TOP-001-1a
Reliability Responsibilities and Authorities
TOP-002-2.1b
Normal Operations Planning
TOP-003-1
Planned Outage Coordination
TOP-004-2
Transmission Operations
TOP-005-2a
Operational Reliability Information
TOP-006-2
Monitoring System Conditions
TOP-007-0
Reporting System Operating Limit (SOL) and Interconnection Reliability
Operating Limit (IROL) Violations
TOP-007-WECC-1
System Operating Limits (WECC)
TOP-008-1
Response to Transmission Limit Violations
137
NERC Standards
(TPL) Transmission Planning
TPL-001-0.1
System Performance Under Normal (No Contingency) Conditions
(Category A)
TPL-002-0b
System Performance Following Loss of a Single Bulk Electric System
Element (Category B)
TPL-003-0b
System Performance Following Loss of Two or More Bulk Electric
System Elements (Category C)
TPL-004-0a
System Performance Following Extreme Events Resulting in the Loss
of Two or More Bulk Electric System Elements (Category D)
138
NERC Standards
(VAR) Voltage & Reactive
VAR-001-3
Voltage and Reactive Control
VAR-002-2b
Generator Operation for Maintaining Network Voltage
Schedules
VAR-002-WECC-1
Automatic Voltage Regulators (AVR) (WECC)
VAR-501-WECC-1
Power System Stabilizer (PSS) (WECC)
139
NERC Standards Development Process
140
NERC Standards Development Process
141
Standards Development - 9 Steps
1. Identify need for standard &
Draft Standard Authorization Request (SAR)
2. Post SAR for 30-day Informal Comment
Period
3. Develop draft of standard



Form Standards Drafting Team
Field testing & quality review
Informal feedback loop; revisions made as needed
142
Standards Development - 9 Steps
4. Obtain Standard Committee approval to post
for comment/ballot
5. Comment Period and Ballot
 Draft changes/conduct additional Ballot if significant changes
needed
6. Post response to Comments
143
Standards Development - 9 Steps
7. Conduct Final Ballot
8. Submit standard to Board of Trustees for
adoption and approval
9. Submit BOT-approved standard to FERC for
approval
144
NERC Compliance & Enforcement
145
NERC Compliance & Enforcement Organization
146
Regional Entities
147
Compliance Monitoring Processes
• Compliance Audits
▫ 5 stages: Pre-Audit; Planning; Fieldwork; Reporting; Performance Assessment
• Annual Self-certifications
• Spot Checks
• Compliance Investigations
• Self-reports
• Periodic Data Submittals
• Complaints
• Exception Reports
148
Self-Reports: Why Disclose
• Potential credit for self-reporting
• Request Expedited treatment:
“Find, Fix, Track & Report” (FFT) Process
(for minimal and moderate risk issues)
• Enhance reputation with the agency
• Negotiate settlement
• Reduce fines
149
Self-report – Now What?
• Assessment of possible violation
▫ Preliminary Screen
▫ Meetings
▫ Data Requests
• Dismissed
• Find, Fix and Track Acceptance
▫ Still a violation
▫ No penalties
• Notice of Alleged Violation
▫ (NERC Enforcement Process)
150
NERC Internal Compliance Program
• FERC’s Policy Statements on Compliance
▫ October 16, 2008
▫ Supplemented May 15, 2008 Revised Policy Statement on
Enforcement.
• Four Hallmarks of Compliance Program
▫ Active engagement by senior management
▫ Preventive measures
▫ Prompt detection, cessation and reporting
▫ Remediation of misconduct
• NERC’s Sanction Guidelines emphasize similar factors, and gear penalties
to Violation Severity Levels and Violation Risk Factors (unique to each
requirement) and Violation Severity Levels (measure of responsible entity
performance)
151
NERC Enforcement Process
1. Preliminary Screen
2. Possible Alleged Violation
3. Notice of Alleged Violation (NAV)
4. Registered Entity Response
152
NERC Enforcement Process
5. Settlement Process
6. Notice of Confirmed Violation (NOCV)
7. Notice of Penalty (NOP)
8. FERC Review
9. Closure of Enforcement Action
153
What’s Filed with FERC?
• NERC’s monthly enforcement filings:
▫ Notice of Penalties
▫ Spreadsheet Notice of Penalties
• What’s not filed, but posted & retained for informational
purposes:
▫ Find, Fix, Track & Report Spreadsheet
154
NERC Appeals Process
•
•
•
•
•
•
Appeal to NERC
Use NERC Rules of Procedure
No settlement? Appeal to FERC
Use FERC Rules of Procedure
No settlement with FERC?
US Court of Appeals
155
Mitigation Plans
• An entity found in violation of a standard SHALL
file with the Region:
▫ A proposed mitigation plan to correct the violation; or
▫ A description of how the violation has been mitigated.
• An entity MAY also submit a proposed mitigation
plan at any other time (i.e., with a self-report, in
response to a NOPV or NAV) without admitting it
has committed a violation
156
NERC Compliance & Enforcement:
What the Future Holds
157
NERC’s Reliability Assurance Initiative (RAI)
In a Nutshell:
•
A shift in thinking about reliability compliance & enforcement, towards a sustainable “end
state”
•
A move towards a risk-based approach to ensure proper allocation of resources
Why?
•
Not practical, effective or sustainable to monitor all compliance issues to the same degree, or
to treat all non-compliance similarly
•
Must “right size” compliance monitoring and enforcement based on:
▫ Entity Risk factors
▫ Entity internal controls (practices related to self-detection, assessment, mitigation &
reporting of non-compliance)
Key Elements:
 Focuses on each entity
 Removes compliance concerns regarding data retention
 Provides incentives for taking control of compliance
 Compliance a necessary component of reliability
 Emphasizes self-monitoring and self-reporting
158
NERC RAI
Compliance Monitoring Process Flow
159
Risk-Based Enforcement
Risk and
Control
Assessment
Input
Audit,
Spot Check,
Etc.
Triage
Log, SelfReport, SelfCertification
Record
Compliance
Exception
Enforce
Feedback to
Risk and
Controls
Assessment
160
Penalties
• Under the FPA, civil penalties for violations of
reliability standards:
▫ up to $1M per day, per violation, for its duration.
161
Additional Resources
162
Resources
•
Federal Power Act, Title 16 USC, Chap. 12 (Sec. 215)
•
Energy Policy Act of 2005, 42 USC 15801
•
18 CFR Part 40, Mandatory Reliability Standards for the Bulk-Power System
FERC:
•
FERC Order No. 693, Mandatory Reliability Standards for the Bulk-Power System, March
16, 2007
•
FERC Order No. 706, Mandatory Reliability Standards for Critical Infrastructure Protection,
January 18, 2008
•
FERC Order No. 773, Revisions to Electric Reliability Organization Definition of the Bulk
Power System and Rules of Procedure
•
FERC’s Policy Statement on Compliance, 125 FERC ¶ 61,058 (2008)
•
FERC’s Revised Policy Statement on Enforcement, 123 FERC ¶ 61,156 (2008)
NERC:
•
Rules of Procedure of the North American Electric Reliability Corporation (NERC)
•
NERC CMEP; CMEP Implementation Plan; AML
•
NERC Reliability Standard Audit Worksheets (RSAWs)
•
NERC Compliance Application Notices (CANs)
•
RAI: http://www.nerc.com/pa/comp/Pages/Reliability-Assurance-Initiative.aspx
163
Helpful Websites
• FERC - www.ferc.gov
• NERC - www.nerc.com
▫ Standards – Mandatory, approved, proposed
▫ Webinars
▫ Resource Documents
▫ Procedures
• Regional Entity websites
• US Sentencing Guidelines -- www.ussc.gov
164
CONCLUSION & QUESTIONS
CYBERSECURITY OVERSIGHT
Getting Serious About Cybersecurity
EUCI – Compliance and Enforcement
Washington, D.C.
Jonathan Schneider
October 29, 2014
[email protected]
202-728-3034
167
Background
•
Evidence of the nation’s cyber vulnerability has increased geometrically over the past five years.
•
2013 Mandiant report of the concerted effort apparently mounted by China’s military was eye-opening.
•
Recent CrowdStrike report details Chinese military strikes at government, military contractor, and research
facilities in satellite and space industries.
•
High profile incidents pointing to potential destructive potential include:
–
–
–
–
–
Shamoon attack on Saudi Aramco disabled 30,000 computers
23 attacks on US Pipeline systems in 2012
Dozens of attacks on financial institutions in 2012 (DHS report)
Major Denial of Service attack successfully brought down internet service to Jacksonville Electric
Authority in late-2013
May, 2014 – ICS-CERT reported successful intrusion into internet-facing utility control system through
password compromised by brute-force attack.
•
Soviet Invasion of Georgia - Potential for full-out cyber warfare demonstrated
•
Former Secretary of Defense Leon Panetta warned of potential for a “Cyber Pearl Harbor.”
•
DOE Idaho Labs Aurora Test
168
DHS Industrial Control Systems Emergency Response Team
(ICS-CERT)
10/2012 Report – Energy sector has been a focal point:
- 40% of all cyber attacks in 2012
- 59% in 2013
169
Department of Homeland Security - Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT)
2013 Report
170
Understanding Cyber Vulnerabilities
•
Attack Vectors
– Internet access (hacking)
– Phishing (email)
– Watering Hole Attacks (logging on to mined websites)
– Inserted malware (Stuxnet and reversed engineered versions)
– Mobile device attacks
– Internal exposure
•
Electric Sector Vulnerabilities
– Operations/Control Systems
• Idaho Labs Aurora Test – Industry wake-up call
• Televant (project files for OASyS SCADA system stolen)
– Communications and Information Systems
• Communications: JEA Denial of Internet Service
• Theft (proprietary data – Nortel, banking)
171
Legislative Gridlock
•
At least half-dozen bills introduced in Congress over the past five years, and dozens
of amendments
•
Most legislative activity targeted energy industry
– Ironically, energy industry may be better protected through NERC standards
than any other sector
•
Focus now encompasses other major economic, physical infrastructure and
manufacturing sectors.
•
Electric Industry Supported:
– Information Sharing – Govt. to Industry
– Emergency Directives
– Liability Protection
•
Electric Industry Opposed:
– Redundant mandatory standards
– Disruption of Industry-based (NERC) Standards Development Process
172
White House Response
to Legislative Gridlock
• White House stepped into the legislative void on February 12, 2013 with
its Executive Order (“Improving Critical Infrastructure Cybersecurity”)
• Executive Order sets up a broad program:
– Provides for information sharing by federal agencies w/owners of
critical assets
– Cybersecurity Framework to be promulgated by the National Institute
of Standards and Technology (NIST)
• A “voluntary framework” for managing cyber vulnerabilities
• Preliminary draft was due 10/10/13
173
Evaluating the NIST Framework Against Existing
Standards and Guidelines
• NERC’s Suite of Critical Infrastructure Protection Standards
– Versions 3, 4 (moot) and 5
• DOE’s Maturity Model
– Electricity Subsector Cybersecurity Maturity Model
(“C2M2”)
174
Critical Infrastructure Protection (“CIP”) under North American Electric Reliability
Corporation (NERC) Standards
The State of Play
•
NERC’s Suite of CIP Standards
– V. 3 - now in effect
– V. 5 – Approved with modifications by FERC Rule issued Nov. 22, 2013
• Enforceable on April 1, 2016, though technically effective April 1, 2014 (Transition
Period)
• V. 4 (never effective) held moot in order approving V. 5
•
NERC Transition from V 3 to V. 5 – See June 9 Transition Guidance
– Compliance with V. 5 will satisfy V. 3 during the transition period
– NERC Transition Guidance maps V. 3 to V., showing where standards are ‘Mostly
Compatible.’
175
Critical Infrastructure Protection (“CIP”) Under NERC Standards
•
CIP-002-5 – BES Cyber System Categorization - identification and risk-based ranking of ‘BES Cyber Systems’
• Definitions:
– BES ‘Cyber System’ defined as ‘one or more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability tasks. ’
– ‘Cyber Assets’ – Programmable electronic devices, including hardware, software and data
» [Note: ‘communication’ deleted w/V.5]
– ‘BES Cyber Assets’ - are those that ‘ if rendered unavailable, degraded or misused would,
within 15 minutes of required operation….adversely impact one or more
facilities….which if …unavailable, would affect the reliable operation of the Bulk Electric
System.’ [subject to one year study]
• Impact Ranking of Cyber Systems - High, Medium and Low
176
CIP Standards - CIP-002-5 BES Cyber System Categorization
•
V. 5: Categorizes ALL BES Cyber Systems (Impact Rating Criteria):
– High Impact: BES Systems located at Large Control Centers (Reliability Coordinators; BAs with
generation aggregating to 3000 MW); specified Transmission and Generation
–
Medium Impact: Generation and Transmission + smaller control centers
– Generation aggregated to 1500 MW or higher
– Transmission at 500 kV or higher or between 200 and 499, where it aggregates at a
weighted average value of 3000.
–
Low Impact: All other BES Cyber Systems
NOTE: FERC directed NERC to: (1) develop objective criteria for evaluating protection systems for
low impact assets; and (2) require entities to identify assets
NOTE: Applicability to limited Distribution Facilitites: Underfrequency Load shedding or
Undervoltage Load shdding; Special Protection Systems
•
V. 3 calls for risk-based identification of ‘critical cyber assets ‘ (control centers, transmission, generation)
and identification of associated critical cyber assets key to operation of Critical Assets.
177
Existing Protection:
Critical Infrastructure Protection under North American Electric
Reliability Corporation (NERC) Standards
• CIP-003-5 – Security Management Controls
– Utilities must maintain/implement/document cybersecurity policies addressing
requirements of CIP 4 – 11.
– More prescriptive and routinized than V. 3
• CIP-004-5 – Personnel & Training – training, awarement and personnel risk
assessment
• CIP-005-5 – Electronic Security Perimeters
– High and medium impact Cyber Systems connected to network via routable protocol
(network address allowing inter-network communication) must reside behind an
“electronic security perimeter” (secure access)
– External routable connectivity must be via protected Electronic Access Point
accompanied by method for detecting malicious communication.
178
Existing Protection:
Critical Infrastructure Protection under North American Electric
Reliability Corporation (NERC) Standards
•
•
•
•
CIP-006-5 – Physical Security of Cyber System Assets
– Secure physical access to high and medium impact Cyber System Assets
CIP-007-5 – Systems Security Management
– Port management
– Security Patch Management
– Malicious Software Prevention
– Authenticate users (authorized access)
– Security status monitoring
CIP-008-5 – Incident Reporting and Response Planning
– Process for identifying, reporting and responding to cyber incidents
– ES-ISAC must be notified w/in one hour (change from V.3)
CIP-009-5 – Recovery Plans for Critical Cyber Assets
– Responsible entities must devise, document , implement and test (full operational
exercise) recovery plans.
179
Existing Protection:
Critical Infrastructure Protection under North American Electric
Reliability Corporation (NERC) Standards
•
CIP-010-5 (New) – Configuration Change Management and Vulnerability.
– Purpose: to detect and prevent unauthorized changes to BES Cyber systems by
specifying configuration change management and vulnerability assessment.
– Baseline configuration tracked; process for making changes documented and verified.
– Active vulnerability assessment.
•
CIP-011-5 (New) – Information Protection
– Purpose: To prevent unauthorized access to BES Cyber system information by specifying
information protection requirements.
180
Upcoming Changes to
CIP V. 5
• Removal of “Identify, Assess, Correct” language
– “Reliability Assurance Initiative” to Cover (June, 2014 filing)
• Low Impact Assets (June, 2014 filing)
– NERC to administer objective criteria for evaluating protections
– Registered Entities to develop ability to identify nature and location of
assets for audit and compliance purposes
• Communications Networks – NERC to develop definition and propose
standards (December, 2014)
• Transient Devices (thumb drives, etc.) - New or revised standards are
directed to address vulnerabilities.
181
Existing Protection –
DOE’s Cybersecurity Capability Maturity Model 1.1 (ES –
C2M2) (Feb. 2014)
•
Ten Core Domains (Competencies)
(1) Risk Management;
(2) Asset, Change, and Configuration Management;
(3) Identity and Access Management;
(4) Threat and Vulnerability Management;
(5) Situational Awareness;
(6) Information Sharing and Communications;
(7) Event and Incident Response, Continuity of Operations;
(8) Supply Chain and External Dependencies Management;
(9) Workforce Management; and
(10) Cybersecurity Program Management
•
Maturity Levels (Process Oriented Approach, geared to each domain): (1) Initiation; (2)
certain degree of performance including program documentation, stakeholder involvement,
resource commitment and reliance on standards or guidelines; and (3) a fully managed
program, reflecting evolving risks.
182
2/12/13 Executive Order
“Improving Critical Infrastructure Cybersecurity”
• Headline News: Without legislation, the White House has directed the
Secretary of Homeland Security, the Attorney General, DOD, and the NIST
(National Institute of Standards and Technology) to implement a broad
program ensuring:
– Information Sharing by Governmental Agencies with private sector
regarding cyber threats
– The identification of Critical Infrastructure at risk
– The creation of a “voluntary” Critical Infrastructure Cybersecurity
baseline program (“the Framework”) by NIST –
183
Application to Industries and Responsible Sector-Specific
Agencies
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Chemical: Department of Homeland Security
Commercial Facilities: Department of Homeland Security
Communications: Department of Homeland Security
Critical Manufacturing: Department of Homeland Security
Dams: Department of Homeland Security
Defense Industrial Base: Department of Defense
Emergency Services: Department of Homeland Security
Energy: Department of Energy
Financial Services: Department of the Treasury
Food and Agriculture: U.S. Department of Agriculture and Department of Health and Human Services
Government Facilities: Department of Homeland Security and General Services Administration
Healthcare and Public Health: Department of Health and Human Services
Information Technology: Department of Homeland Security
Nuclear Reactors, Materials, and Waste: Department of Homeland Security
Transportation Systems: Department of Homeland Security and Department of Transportation
Water and Wastewater Systems: Environmental Protection Agency
184
What Is Critical Infrastructure?
Executive Order defined Critical Infrastructure to mean:
“systems and assets, whether physical or virtual, so vital to the
United States that the incapacity or destruction of such systems
and assets would have a debilitating impact on security,
national economic security, national public health or safety, or
any combination of those matters.”
• Identification of assets deemed most critical:
▫ Within 150 days of the date of the Executive Order (mid-July,
2013), the Secretary shall use a risk-based approach to identify
critical infrastructure where a cybersecurity incident could
reasonably result in catastrophic regional or national effects on
public health or safety, economic security, or national security.
•
» Assets were tentatively identified through a
“consultative process,” but final cut is a work in
progress.
185
NIST Cybersecurity Baseline
Program (“The Framework”)
•
Goal of The Framework: “To establish a common
language to address and manage cybersecurity without
added regulatory requirements.”
•
Components:
▫ Framework Core - Substantive activities and outcomes
▫ Framework Tiers - Levels of cybersecurity risk
management, rigor and sophistication
▫ Framework Profile – Internal description of current and
desired state of cybersecurity risk protection, reflecting
risk tolerance, legal/regulatory requirements
186
Framework Core
187
Framework Core
Functions
Meaning
Categories
Subcategories (selected)
Identify
Develop the organizational
understanding to manage
cybersecurity risk to systems,
assets, data, and capabilities.
Asset
Management
•
•
•
•
Business
Environment
• Supply chain
• Place in industry sector and critical
infrastructure
• Priorities
• Dependencies
• Resilience requirements
Governance
• Information security policy, roles and
responsibilities
• Legal and regulatory requirements
• Governance and risk management
Risk Assessment
• Identify asset vulnerabilities
• Information sharing forums
• Risk and responses identified and
prioritized
Risk Management
• Processes established, managed
• Organization risk tolerance
assessed/expressed
Understanding the business
context, the resources that support
critical functions, and the related
cybersecurity risks.
Enables an organization to focus
and prioritize its efforts, consistent
with its risk management strategy
and business
Physical and systems inventory
Communications
Resource priority
Intra-org responsibilities
188
Framework Core
Functions
Meaning
Categories
Subcategories (selected)
Protect
Develop and
implement appropriate
safeguards for delivery
of services
Access Control
• Physical and electronic access
controlled – on site and remote
Awareness and
Training
• All users, including third parties
and senior executives
Data Security
• Data at rest protected
• Data in transit protected
• Assets managed through removal,
transfer, disposition
• Data leaks protected
• Integrity checking for software
Information
Protection
Processes and
procedures
• Baseline configuration maintained
• System development life cycle
• Configuration change control
processes
• Backup information
• Physical protection
Maintenance
Protective
Technology
• Removable devices
• Communication and control
networks
• System access limited
189
Framework Core
Functions
Meaning
Categories
Subcategories (selected)
Detect
Develop and implement
activities to timely identify
the occurrence of
cybersecurity events
Anomalies and
Events
• Detected events analyzed
• Impact of events determined
• Incident alert threshold established
Continuous Security
Monitoring
•
•
•
•
•
•
•
Detection Processes
• Roles and responsibilities
• Testing detection systems
• Communication
Network monitored
Personnel Activity monitored
Physical plant monitored
Malicious code detected
Unauthorized mobile code detected
External service provider monitored
Monitoring for unauthorized personnel,
connections, devices
190
Framework Core
Functions
Meaning
Categories
Subcategories (selected)
Respond
Develop and implement
activities to take action
in response to
cybersecurity event
Response Planning
• Physical and electronic access controlled –
on site and remote
Communications
Analysis
• Notifications from Detection systems
analyzed
• Impact understood
• Forensics undertaken
Mitigation
• Incidents contained and mitigated
Improvements
• Implement lessons learned
191
Framework Core
Functions
Meaning
Categories
Recover
Develop and implement
appropriate activities to
maintain plans or
resilience and to restore
capability and service.
Recovery planning
Subcategories (selected)
Improvements
Communications
• PR managed (!)
• Reputation repair
• Recovery activity communicated to
internal stakesholders
192
“Implementation Tiers”
•
•
Tier 1 – Partial
– Risk Management Process – Organizational cybersecurity risk management practices are not formalized, and risk is
managed in an ad hoc and sometimes reactive manner.
• Prioritization of cybersecurity activities may not be directly informed by organizational risk objectives, the
threat environment, or business/mission requirements.
– Integrated Risk Management Program – There is limited awareness of cybersecurity risk at the organizational level
and an organization-wide approach to managing cybersecurity risk has not been established.
Tier 2 – Risk Informed
– Risk Management Process – Risk management practices are approved by management but may not be established
as organizational-wide policy. Prioritization of cybersecurity activities is directly informed by organizational risk
objectives, the threat environment, or business/mission requirements.
– Integrated Risk Management Program – There is an awareness of cybersecurity risk at the organizational level but
an organization-wide approach to managing cybersecurity risk has not been established. Risk-informed,
management-approved processes and procedures are defined and implemented, and staff has adequate resources to
perform their cybersecurity duties. Cybersecurity information is shared within the organization on an informal basis.
– External Participation – The organization knows its role in the larger ecosystem, but has not formalized its capabilities
to interact and share information externally.
193
Cyber Framework
“Implementation Tiers”
•
•
Tier 3 – Repeatable
– Risk Management Process – The organization’s risk management practices are formally approved and expressed as
policy. Organizational cybersecurity practices are regularly updated based on the application of risk management
processes to changes in business/mission requirements and a changing threat and technology landscape.
– Integrated Risk Management Program – There is an organization-wide approach to managing cybersecurity risk.
Risk-informed policies, processes, and procedures are defined, implemented as intended, and reviewed. Consistent
methods are in place to respond effectively to changes in risk. Personnel possess the knowledge and skills to
perform their appointed roles and responsibilities.
– External Participation – The organization understands its dependencies and partners and receives information from
these partners that enables collaboration and risk-based management decisions within the organization in response
to events.
Tier 4 – Adaptive
– All of the above, plus:
– Organization updates its practices based on lessons learned and predictive indicators. Continuous improvement
and active adaptation to changing risks.
– Organizational culture reflects risk management philosophy
– Active information sharing
194
Organization “Profile”
under the Framework
•
•
•
The Profile is “the alignment of Functions, Categories and
Subcategories with business requirements, risk tolerance and
resources of the organization.”
Creation of Profile follows from senior management direction re:
priorities, resources and risk tolerance to business processes and
operations. Feedback loop follows development of Profile at
operating level.
In so many words, the Profile is designed to describe where an
organization is and where it wants to be.
195
Coordination of Framework
Implementation
196
Implementing the Framework:
Department of Energy
• DOE “Glossy” points to Framework/C2M2 Overlap
– Framework Core compares with C2M2 “Domains”
– Framework “Tiers” overlap C2M2 “Maturity levels”
• DOE provides implementation guidance
– Recommends that C2M2 be used as a tool to implement
the Framework
– DOE will NOT map the Framework to CIP Standards
197
The Framework is Voluntary, but cannot reasonably be
ignored
•
The Framework is “Voluntary”
•
It will inevitably be relevant for these purposes:
– Liability in the event of harm – standard of care
– Regulatory obligations and investigations
– Insurance Markets
– Financial Risk Disclosure
198
Additional Resources
•
DHS Critical Infrastructure Cyber Community Voluntary Program
–
•
•
•
•
Stakeholder Assistance and Outreach
COBIT 5 (Control Objectives for Information and Related Technology) - Information Systems Audit and
Control Association
ISO 27001 - International Organization for Standardization
ISA 62443 – Security for Industrial Control Systems
NIST Standards
199
What Must Asset Owners Do
and What Should They Do?
•
Critical Infrastructure owners/operators must:
– Comply with CIP Requirements
– Determine whether to participate in the Framework
• Weigh risks of non-participation
– Potential liability in not meeting benchmark
– Possible Disclosure Issue
• Liability Implications are important – Standard of Care Established
– Insurance Markets Likely to Be Affected
•
Asset owners should consider application of CIP Standards and Framework to nonBES and non-Critical Assets
200
201
COMMODITY FUTURE TRADING COMMISSION
REGULATION OVERSIGHT
CFTC
OVERVIEW
203
Commodity Futures Trading Commission (CFTC)
• Created in 1974 — since then, derivatives market has evolved
from predominantly agricultural futures to an astounding array of
complex financial instruments.
• Mission: Protect market users and public from fraud,
manipulation, and abusive practices in commodity and financial
derivatives and foster open, competitive, and financially sound
derivatives markets.
• 5 Commissioners (no more than 3 from one party). Currently
only Mark P. Wetjen (Acting Chair) and Scott D. O’Malia. Three
seats are vacant.
• Divisions include: Market Oversight, Enforcement, Clearing and
Risk, and Swap Dealer and Intermediary Oversight.
204
CFTC’S Penalty Authority
• Civil penalties for each violation:
 Up to $100,000/$140,000 (judicial/administrative
hearing) or 3x monetary gain
 Manipulation or attempted manipulation—up to
$1,000,000 or 3x monetary gain
 Restitution of victims’ losses
 Disgorgement of gains
• Criminal violations
 Fines up to $1,000,000, plus costs of prosecution
 Up to 10 years imprisonment
205
Recent CFTC Enforcement
• CFTC Enforcement for FY 2013:
 Filed 82 enforcement actions.
 Charges – attempted manipulation, false reporting,
customer fund violations, position limit violations,
wash trading, supervision failures, Ponzi schemes &
other fraud.
 Over $1.5 billion in civil monetary penalties, and
over $200 million in restitution & disgorgement.
206
TRADING
PROHIBITIONS
(FUTURES & SWAPS)
207
Prohibition of Manipulative and Deceptive
Devices
• New, expanded SEC-like authority prohibits
intentionally or recklessly:
 Employing or attempting manipulative device, scheme, or
artifice to defraud;
 Making or attempting misleading statements or omissions;
 Engaging or attempting any act, practice, or course of business
that would operate as fraud or deceit;
 Delivering false, misleading, or inaccurate market report
tending to affect prices;
 (But, no requirement to disclose nonpublic information to any
person unless necessary to make another statement not
misleading)
208
Prohibition of Price Manipulation
• Elements of Price Manipulation:
 Accused had ability to influence market prices;
 Accused intended to affect price beyond legitimate
supply and demand;
 Artificial price existed; and
 Accused caused the artificial price
• Example: Taking and accepting loss on one position
to profit off other, much larger position
209
Prohibited Transactions
• The Commodity Exchange Act prohibits engaging in
any transaction that:
 Is, is of the character of, or is commonly known to
the trade as, a “wash sale” or “accommodation
trade” (non-competitive trade entered into to, e.g.,
assist another trader with illegal trades or tax
evasion);
 Is a fictitious sale; or
 Is used to cause any price to be reported,
registered, or recorded that is not a true and bona
fide price.
210
Prohibition of Disruptive Trading
Practices
• Violating bids or offers

Buying/selling a contract at a price that is
higher/lower than the lowest/highest available
offer/bid
• Disregard for orderly execution during close

E.g., banging/slamming the close

“Orderliness” — rational relationship between
price changes and volume of trades, levels of
volatility that do not materially affect liquidity,
accurate relationships between price of
derivative and underlying, reasonable spreads
between contracts for near and remote months
211
Prohibition of Disruptive Trading Practices (cont’d)
• “Spoofing”

Bidding or offering with intent to cancel before execution

Submitting or cancelling bids or offers to:

Overload quotation system of a registered entity;

Delay another person’s execution of trades; or

Create an appearance of false market depth.
• Enforcement—CFTC has filed at least two “spoofing” complaints against
traders/companies in the recent years for submitting and cancelling bids
with no intent to execute:

Bunge (CFTC 2011) – traders merely sought to probe market

Moncado (S.D.N.Y. 2012) – traders merely sought to offer a false
appearance of liquidity
212
Examples of Illegal or Suspect Trading
Activities
• Taking position in one market to benefit position in another market
• Marking the close
 Executing a number of transactions near the close of a day’s or contract’s
trading to affect the closing or settlement price
 Example: FERC v. Amaranth (vacated by D.C. Circuit for lack of FERC
jurisdiction; potential CFTC case to follow) – rapid selling at close of
NYMEX NG Futures, allegedly to drive down settlement price to benefit
swap and option positions
• Banging the open—Buying or selling a large quantity at the opening of
trading to induce others to trade at that price level and to signal information
on fundamentals
• Wash Trades
 (1) Prearranged to cancel each other out; and
 (2) Involve no economic risk.
 Classic wash trade: Same price, volumes, counterparties
 Do not include trades made to correct scheduling or nomination errors,
etc.
213
FUTURES
REGULATION
214
Definition of Futures Contract
• A futures contract a standardized contract between two parties
 to buy or sell a particular asset (e.g., electricity)
 of standardized quantity and quality
 for an agreed upon price
 with delivery and payment occurring at a specified, future date
• The party agreeing to buy the contract asset is said to be "long," and
the party agreeing to sell the asset is said to be "short." The
terminology reflects the expectations of the parties—the buyer
anticipates that the asset price will increase, while the seller expects
the price to decrease.
215
CFTC Futures Regulation
• As a general rule, all futures contracts traded within
the United States must be traded on a designated
contract market (DCM) such as ICE Futures U.S.,
NYMEX, or CME or a foreign board of trade, such as
NGX. See 7 U.S.C. § 6(a)-(b).
• CFTC futures regulation focuses on DCMs and
intermediaries such as futures commission merchants
(FCMs), clearing members, and foreign brokers
• By comparison, CFTC futures regulation of traders is
relatively light
216
SWAPS
REGULATION
217
The Dodd-Frank Act
•
•
•
•
•
•
•
•
The “Dodd-Frank Wall Street Reform and Consumer Protection Act’’
Passed as direct response to financial crisis of 2008
Signed into law by President Obama July 21, 2010
Title VII provides for regulation of swap markets by amending and
expanding the Commodity Exchange Act (“CEA”), which is
administered by the CFTC
Repeals prior regulatory exemptions for OTC derivatives, including
energy derivatives
Imposes a regulatory frame-work upon the OTC derivatives market
Purposes — reduce risk, increase transparency, and promote market
integrity
Monitor developments in Dodd-Frank Act regulation at: http://doddfrank.com/.
218
Swap
• An energy swap is a financial instrument whereby one participant
agrees to a fixed-price contract for say crude oil, natural gas,
gasoline, electricity, coal and other energies on a settlement date,
while the other counterparty takes on the spot price, or the floating
price of the commodity. The contracts are often used to hedge the
fluctuating price of an energy commodity.
• For example, say a large energy user agrees to pay a set price for
crude oil. The other participant, usually a large financial institution,
then agrees to pay the current market, or spot price. Energy swaps
are used by energy producers, commercial users of energy, banks
and other financial institutions to hedge energy price risk.
219
What is a “Swap”?
• CFTC definition of “swap” includes:
 Any contract that provides on an executory basis for the exchange
of payments based on the value of rates, currencies, commodities,
and certain other items and that transfers the financial risk
associated with a future change in such values without also
conveying an ownership interest in an underlying asset;
 Options
 Includes many forward contracts with “embedded optionality”
 “Trade options” are subject to reduced regulatory requirements
 Commodity swaps (e.g., financial contracts in metals, energy,
agricultural, or other physical commodities)
 Energy swaps (same, in electricity, natural gas, crude, etc.)
 Basis swaps (financial contracts based on commodity price
differences between two locations)…
220
Contracts Excluded From Definition of “Swap”
• Futures contracts — Intercontinental Exchange (ICE) has transitioned
its cleared energy swaps to futures contracts
• FERC-Regulated RTO/ISO Contracts
1.
Financial Transmission Rights (FTRs)
2.
Energy Transactions (including virtual & convergence bids/offers)
3.
Forward Capacity Transactions
4.
Reserve or Regulation Transactions
 Exclusion applies only to CAISO, ERCOT, ISO NE, MISO, NYISO,
and PJM products
 Each party must be an “appropriate person” or “eligible contract
participant” (generally, must meet certain net worth or gross asset
thresholds) or a “person who actively participates in the generation,
transmission or distribution of electric energy”
221
Forward Contract Exclusion
• “The term ‘swap’ does not include . . . Any sale of a
nonfinancial commodity . . . For deferred shipment or
delivery, so long as the transaction is intended to be
physically settled.”
• Key Requirement—Intent of the parties to make or
take physical delivery (at time of execution)
222
Forward Contract Exclusion—
Limitations or Exceptions to the
Exclusion
• Financial Settlement Rights
 Forward contract that allows for financial settlement in place of physical
delivery will likely be viewed as a swap
• Embedded Optionality
 Forward contract that allows a party to specify performance requirements
between two or more options may be viewed as an option
 “Embedded volumetric optionality”
 Where one party has right to elect what volume(s) are delivered under
the contract
 Common in many energy contracts (e.g., swing gas, electric capacity,
tolling agreements)
 CFTC has multi-part tests for determining whether forward contracts with
embedded optionality qualify for exclusion
223
7-Part Test for Exclusion of Forward Contracts
with “Embedded Volumetric Optionality”
A transaction falls within the forward exclusion from the swap and future delivery definitions,
notwithstanding that it contains embedded volumetric optionality, when:
1.
The embedded optionality does not undermine the overall nature of the agreement, contract, or
transaction as a forward contract;
2.
The predominant feature of the agreement, contract, or transaction is actual delivery;
3.
The embedded optionality cannot be severed and marketed separately from the overall
agreement, contract, or transaction in which it is embedded;
4.
The seller of a nonfinancial commodity underlying the agreement, contract, or transaction with
embedded volumetric optionality intends, at the time it enters into the agreement, contract, or
transaction to deliver the underlying nonfinancial commodity if the optionality is exercised;
5.
The buyer of a nonfinancial commodity underlying the agreement, contract or transaction with
embedded volumetric optionality intends, at the time it enters into the agreement, contract, or
transaction, to take delivery of the underlying nonfinancial commodity if it exercises the
embedded volumetric optionality;
6.
Both parties are commercial parties; and
7.
The exercise or non-exercise of the embedded volumetric optionality is based primarily on
physical factors, or regulatory requirements, that are outside the control of the parties and
are influencing demand for, or supply of, the nonfinancial commodity.
224
Book-Outs of Forward Contracts
• “Book-Outs” are transactions whereby offsetting physical delivery obligations
under two or more forward contracts are cancelled
• CFTC’s “Brent Interpretation” provides safe harbor from booked out forward
contracts being viewed as swaps
 Parties must be commercial market participants that regularly make or take
delivery of the commodity
 Parties must intend to make or take delivery of the commodity
 The book-out must be effected through a separately negotiated agreement,
not as of right under the forward contract
• Documenting Oral/IM Book-Outs – must be documented in writing or
electronically within a “commercially reasonable time frame”
225
Trade Options
• Trade options are subject to reduced regulatory requirements
compared to other options/swaps
• “Trade option” – a commodity option for which:
1. The offeror* and offeree are both:
a. Producers, processors, or commercial users of, or
merchants handling, the subject commodity; and
b. Entering into the transaction solely for purposes related to
their business as such; and
2. The parties intend to physically settle the transaction if the
option is exercised
* Alternatively, offeror satisfies the first prong if it is an eligible
contract participant
226
Swap Dealers and Major Swap Participants
• Section 721 of the Dodd-Frank Act amends the CEA
by adding definitions of the terms “swap dealer” and
“major swap participant.”
• There are only two MSPs (Cournot Financial
Products and MBIA Insurance), and they are subject
to a regulatory regime almost identical to that
imposed on swap dealers.
• There are about 100 SDs, many of which are
financial institutions. Others include, BP, Cargill, and
Shell.
227
Definition of “Swap Dealer”
• Any person who:
1. Holds self out as a dealer in swaps;
2. Makes a market in swaps;
3. Regularly enters into swaps with counterparties as an
ordinary course of business for its own account; or
4. Engages in activity causing one to be commonly known as a
dealer or market maker in swaps.
• Fact-specific self-determination
• Swaps excluded from swap dealer determination:




Inter-affiliate swaps (majority-owned)
Certain swaps to hedge physical positions
Certain swaps by cooperatives or floor traders
Trade options
228
De Minimis Exception to “Swap Dealer”
Definition
• A person is not a swap dealer if, over the prior 12 months, the
aggregate gross notional amount of swaps it enters into in
connection with dealing activities does not exceed:
 $8 billion ($3 billion after 3- to 5-year phase-in period);
 $25 million with non-utility “special entities” (government bodies,
pension plans, endowments); or
 $800 million with utility “special entities” using the swaps to
hedge
 Must provide quarterly notice to CFTC beginning December 31,
2012 if utilizing this threshold
 No-Action Letter No. 12-18 (effective until final Commission
rulemaking on petition)
 Aggregation across affiliates (entities controlling, controlled by, or
under common control)
229
CFTC Regulatory Requirements
Applicable to Swaps (Including Options)
• Reporting requirements
• Recordkeeping requirements
• Mandatory clearing for swaps determined as
“required to be cleared”
 End user exception
• Comprehensive regulation of swap dealers and
major swap participants
• Prohibitions of manipulation and disruptive trading
practices (discussed above)
230
Swap Reporting—Four Rules
1.
2.
3.
4.
Swap Data Reporting
Reporting of Pre-Enactment and Transition Swaps
Real-Time Swap Reporting
Trade Option Reporting
231
Swap Reporting (Rules 1-3)
• All swaps (except trade options between nonSD/MSPs) must be individually reported to a swap
data repository (SDR)
• Three SDRs accept natural gas and electricity swaps:
 DTCC Data Repository
 ICE Trade Vault
 Chicago Mercantile Exchange
• Data reported:
 Swap creation data (primary economic terms or PET)
 Continuation data (quarterly mark-to-market; changes to PET)
232
Swap Reporting (Rules 1-3)—
Reporting Counterparty
• A non-SD/MSP is not required to report any swap with a Swap
Dealer (SD) or Major Swap Participant (MSP) counterparty
• Non-SD/MSP is not required to report, or has reduced reporting
requirements, for any swap that is:
 Traded on an exchange; or
 Submitted for clearing
 (Consult detailed rules in 17 C.F.R. Parts 43, 45-46)
• Swaps with non-SD/MSPs:
 Non-SD/MSP or its counterparty’s commodity pool or U.S.
Person status may dictate which is the reporting counterparty
 Otherwise, the counterparties must agree who will be the
reporting counterparty as a term of each swap or master
agreement
233
Reporting Pre-Enactment and Transition Swaps
• Pre-Enactment Swaps—Open as of July 21, 2010
• Transition Swaps—Executed on or after July 21,
2010 and prior to reporting counterparty’s
compliance data (i.e., April 10, 2013)
• Must have reported such swaps by October 31,
2013, unless transacted with a swap dealer or major
swap participant counterparty or executed and
cleared on the InterContinental Exchange (ICE)
234
Real Time Reporting—
What Swaps Are Subject?
• Only swaps that represent “arm’s length
transactions” (i.e., not swaps between wholly-owned
subsidiaries)
• With respect to energy contracts, only contracts that
reference one of the following:





NYMEX Henry Hub Natural Gas
NYMEX Light Sweet Crude Oil
NYMEX NY Harbor Gasoline Blendstock
NYMEX NY Harbor Heating Oil
Brent Crude Oil (ICE)
235
Trade Option Reporting
Trade options between end users:
•

CFTC Form TO
(https://forms.cftc.gov/_layouts/TradeOptions/TradeOptions.aspx)

Applies only to trade options entered into on or after April 10, 2013
that are not reported to a SDR

Report aggregate volume exercised ($0; 0 to $10M; $10M to $100M;
$100M+ ) during the previous calendar year in each identified swap
category (energy, metals, agriculture, other)

Due March 1, 2014 and each year thereafter

Both parties include the trade option in their aggregate reports

Must notify CFTC if enter into trade options in excess of $1 billion
aggregate notional value during any calendar year
Trade options with SD/MSP counterparties
•

Generally, the SD/MSP must report each trade option to a SDR like
any other option/swap
236
Swap Recordkeeping Requirements
• All counterparties and swaps are subject
• “Full, complete, and systematic records, together
with all pertinent data and memoranda, with respect
to each swap”
 Any master agreement, credit support
arrangement, and confirmation for the swap
 Reduced requirements for pre-enactment and
transition swaps
• Retention: 5 years after termination
• Accessibility: 5 business days (for end users)
• Compliance date for end users—April 10, 2013
237
Mandatory Swap Clearing
Swaps that are “Required to be Cleared”
Class of Swap
Final Determination
4 classes of interest rate
swaps
2 classes of credit default
swaps
Natural Gas Swaps
Electricity Swaps
77 FED. REG. 74284
(Dec. 13, 2012)
77 FED. REG. 74284
(Dec. 13, 2012)
[none]
[none]
End User
Compliance Date
September 9, 2013
September 9, 2013
[Oct 2014 or later]
[Oct 2014 or later]
238
ENFORCEMENT PRACTICE AND PROCEDURE
FERC Investigatory & Enforcement Procedure
240
Investigations
241
INVESTIGATIONS
▫ Overview
 FERC investigations are conducted by the Office of Enforcement,
Division of Investigations (DOI)
 Two types:
– Formal: investigation initiated by the Commission via order
– Preliminary: investigation initiated by the Commission or FERC
Enforcement Staff.
 Scope: May relate to any matter subject to FERC’s jurisdiction
 See 18 C.F.R. Part 1b
242
INVESTIGATIONS
▫ Initiation of an Investigation
DOI staff initiates investigations when it (1) has reason to suspect violations;
or (2) has received information from a variety of sources, including:
• Referrals from within FERC’s Office of Enforcement
• Division of Audits
• Division of Energy Market Oversight
• Referrals from other FERC offices
• Office of Energy Market Regulation
• Office of Electric Reliability
• Referrals from the Commission
• Other Sources
• Tips from the industry
• Market monitors
• Self-reports
• Hotline
Note: all information received is treated as non-public; disclosure only permitted at
Commission’s discretion, or as otherwise required to disclose
243
INVESTIGATIONS
Staff Initial Assessment
▫ Staff will: review information received; conduct preliminary exam; consult
publically-available data; seek input from FERC Staff SMEs; contact the entity for
explanation
▫ Based on this initial assessment, and consideration of the factors below (as
needed), DOI determines whether there is substantial basis for opening an
investigation
•
•
•
•
•
•
•
•
•
•
•
Seriousness of the harm
Extent of the harm
Efforts made to remedy the alleged violation
Violations are willful or inadvertent
Violations are widespread or isolated
Likelihood of the conduct recurring
Compliance history of the alleged wrongdoer
Amount of detail in the allegation or suspicion of wrongdoing
Importance of documenting and remedying the potential violations to
advance Commission policy objectives
Likelihood that staff could assemble a legally and factually
sufficient case
Staff resources
244
INVESTIGATIONS
▫ Investigation Formally Opened: If a substantial basis for investigation is
found, DOI will notify the subject entity that an investigation is being
opened
▫ Discovery: Once opened, Staff collects information through
customary discovery methods
 data/document requests, interrogatories, interviews, and depositions
 All information received during an investigation, as well as the existence
of an investigation, is non-public information
▫ Length: Length of investigation depends on complexity; nature of
alleged violations
▫ Communications: Staff in frequent contact with entity throughout
process; entity may contact Enforcement Staff to provide additional
information/explanations
245
INVESTIGATIONS
▫ At any time during the course of its investigation, DOI Staff may close the
investigation without taking further action
(and notify the entity of its decision)
 Reasons include:
– Determination of no violation
– Insufficient evidence to warrant further investigation
▫ If Staff concludes that a violation may have occurred, warranting
sanctions, staff informs the entity, providing relevant facts and legal
theories
 May be done orally; typically via a preliminary findings letter.
 Subject has an opportunity to respond and provide further information. DOI
staff may reevaluate & modify allegations based on this response
 If Staff continues to believe sanctions are warranted, the investigation can take
one of two courses:
1) Commence settlement talks
2) Subject contests Enforcement’s conclusions, in which case FERC may
issue a public order to show cause
246
Prosecutorial Discretion
247
PROSECUTORIAL DISCRETION
▫ US Supreme Court
 “The United States Attorney is the representative not of an ordinary party to
a controversy, but of a sovereignty whose obligation to govern impartially is
as compelling as its obligation to govern at all; and whose interest,
therefore, in a criminal prosecution is not that it shall win a case, but that
justice shall be done.”
• Berger v. United States, 295 U.S. 78 (1935)
▫ FERC
 Endorsed DOJ’s “McNulty Memorandum” as a statement of its emphasis on
fairness in its own investigative approach
– Revised Policy Statement on Enforcement
¶ 61,156, n17 (May 15, 2008)
123 FERC
– “A prosecutor’s duty to enforce the law requires the investigation and
prosecution of criminal wrongdoing if it is discovered.”
Deputy Attorney General Paul J. McNulty, December 12, 2006
248
Ex Parte Rules
249
EX PARTE CONTACT
FERC Policy Regarding Communications with the Commission:
▫ “Neither the Commissioners nor their assistants will receive oral
communications, in person or by telephone, from any person
concerning an ongoing staff investigation as to which such person is the
subject”
▫ The subject of an investigation is permitted to submit
written information to the Commission at any time during an
investigation, up to the point that Order to Show procedures come into
play
•
Revised Policy Statement on Enforcement
123 FERC ¶ 61,156, P 27 (May 15, 2008)
250
Public Disclosure of Investigations
251
PUBLIC DISCLOSURE OF INVESTIGATIONS
•
Public disclosure of an investigation typically does not occur until:
1. A settlement is reached; or
2. FERC issues an Order to Show Cause
•
Premature disclosure could impact entity reputation in the public eye
•
To increase transparency of non-public Staff investigations and potential
violations, FERC in 2009 authorized release of Staff Preliminary Notices of
Violation
▫ Timing: public disclosure after the subject has had opportunity to respond to
Staff’s preliminary findings letter
▫ Notice identifies:
1.
2.
3.
4.
entity subject to the investigation;
time/place of alleged conduct;
rules/regulations alleged to have been violated;
description of the alleged wrongful conduct
252
Settlements
253
SETTLEMENTS
▫ Staff’s “preferred method” of resolution for investigations that
result in a recommendation for remedial action
Why?
 Faster resolution
– Allows FERC to allocate resources to other matters
– Compliance problems are fixed sooner
– Disgorged profits are returned to customers more quickly
254
SETTLEMENTS
The Settlement Process
 Staff request for settlement authority:
• Enforcement staff seeks settlement authority from Commission, within a
range of potential civil penalties and/or disgorgement
• Staff provides the Commission: (1) Staff’s views on the investigation; and (2)
the subject’s comments (if any)
 Settlement Negotiations:
• If settlement authority is granted, staff & subject meet to negotiate
 Stipulation & Consent Agreement:
• If staff and the subject agree in principle on the terms of a settlement, staff
drafts a proposed stipulation and consent agreement, and sends it to subject
for review
• After further negotiations, an executed stipulation and consent agreement is
submitted to the Commission for consideration
• Upon approval, the stipulation and consent agreement and the order
approving the settlement are generally released publicly
255
Orders to Show Cause
256
ORDERS TO SHOW CAUSE
•
If Enforcement staff and the subject of an investigation are unable to reach a
settlement, staff may recommend that the Commission initiate public
enforcement proceedings
 Enforcement staff will notify the subject of its intention to recommend
enforcement proceedings
• The subject may then respond (within 30 days) explaining why an Order
to Show should not issue
• Staff submits to the Commission its report and any submissions timely
received from the subject
• In extreme cases (e.g., a case in which injunction is being sought),
notice of recommendation may not be given to entity
257
ORDERS TO SHOW CAUSE
 After considering the recommendations and submissions, the
Commission determines whether an Order to Show Cause is appropriate
• If so, the Commission issues Order to Show Cause with Enforcement staff’s
report attached (18 C.F.R. 385.209(a)(2))
• The Order to Show Cause outlines:
1. The alleged violation; and
2. Proposed penalties (civil fines; disgorgement of profits; etc.)
• The Commission will also issue a separate Notice designating certain FERC
staff as non-decisional employees
(i.e., FERC staff who are prohibited from conducting off-therecord communications about the investigation with any
Commissioner or decisional staff)
• An Order to Show Cause commences a Part 385 proceeding
(18 CFR Part 385) – it does NOT make any finding as to
a violation of law.
258
ORDERS TO SHOW CAUSE
• The Order will outline next steps & options for the subject.
• Typically, the subject has 30 days from issuance of Order to:
1. File an answer (per 18 C.F.R. 385.213) showing cause:
(A) why it should not be found to have committed the
violation listed in the order; and
(B) why the alleged violation should not warrant the
remedies listed in the order.
– AND –
2. Choose one of the following options:
(A) An administrative hearing before a FERC Administrative
Law Judge (ALJ) prior to assessment of a penalty
(per 16 U.S.C. 823b(d)(2)); or
(B) An immediate penalty assessment by the Commission
(if it finds a violation) which a U.S. District Court is
authorized to review de novo (per 16 U.S.C. 823b(d)(3))
259
ORDERS TO SHOW CAUSE
• The answer should address all disputed legal, factual & procedural issues;
admit/deny each allegation; set forth defenses
• Failure to answer will be treated as a general denial, and may be a basis for
summary disposition per 18 C.F.R. 385.213(e)(2).
• FERC Staff may file a reply within 30 days after the subject files its answer
• NOTE: the Commission will not issue findings until after it has received the
subject’s responses to the Order to Show Cause
260
ORDERS TO SHOW CAUSE
• If the subject contests the allegations or proposed penalties, the Commission has
several options:
1. Administrative Hearing:
If the subject elects an administrative hearing before a FERC ALJ, the
Commission will set the case for a trial-type hearing, with full discovery
(per Part 385 regulations)
2. Immediate Penalty Assessment:
If the subject elects an immediate penalty assessment, and the
Commission finds a violation, it will issue an order on the merits, and
assessing penalties.
3. Where the record is insufficient, the Commission may also set the case
for paper hearing (i.e., request briefs), after which it will issue an order
on the paper hearing record.
See BP America, Inc., et al., 144 FERC 61,100, P3 (2013);
Amaranth Advisors LLC, 120 FERC 61,085, n.7 (2007)
261
ORDERS TO SHOW CAUSE
▫ Enforcement staff who participate become non-decisional
▫ Office of General Counsel takes the lead in advising the Commission
regarding disposition of arguments
▫ Settlements may proceed according to Rule 602
(18 CFR 385.602)
 Any participant in the proceedings may submit a settlement offer at any time,
which is transmitted to the Commission
 If the offer is uncontested, the Commission may approve it upon a finding that
it is fair, reasonable, and the in the public interest
 An approved settlement closes the investigation and concludes the
enforcement proceedings with respect to all matters covered in the settlement
▫ If no settlement: the proceeding continues to conclusion
262
Administrative Hearing
263
ADMINISTRATIVE HEARING
If the subject contests the Order to Show Cause & proposed penalties,
and opts for an administrative hearing:
1. Hearing Order: The Commission will issue a hearing order setting the
case for trial-type hearing
2. Hearing: The ALJ will conduct a hearing pursuant to FERC’s hearing
procedures (18 C.F.R. 385.501); with FERC Enforcement Staff serving as
Trial Staff at the hearing
3. Initial Decision: After hearing, the ALJ will issue an Initial Decision (ID)
and determine whether a violation occurred. If so, the ID will include
recommended penalties.
4. Exceptions: Parties may file exceptions to the ID within 30 days
5. Commission Order: The Commission, after consideration, will issue an
order. If it finds a violation, it may assess penalties.
264
ADMINISTRATIVE HEARING PROCEDURE
FERC Process for Administrative Hearings:
Hearing Process Begins
Commission
Establishes
Hearing
-
Discovery
Testimony/Briefs Filed
Hearing is Held
Initial/Reply Briefs Filed
Judge Issues
Initial Decision;
Parties File Briefs
on Exception and
Opposing Exceptions
Commission
Issues Final
Decision
265
Appeals
266
APPEALS
Appeal of FERC a order assessing penalties:
▫ A Commission order following an administrative hearing process:
 Rehearing: Within 30 days after issuance of order, the subject may seek
rehearing by the Commission.
 Appeal: Within 60 days from issuance of the final Commission order, the
subject may appeal to the U.S. Court of Appeals,
– The court may enter a judgment affirming, modifying, or setting aside
(in whole or in part) the Commission’s order, or remand to the
Commission.
267
APPEALS
Appeal of FERC a order assessing penalties:
▫ An immediate penalty assessment order issued by the Commission:
 If the subject does not pay the civil penalty within 60 days, the
Commission “shall” institute an action in the appropriate U.S. district
court for an order affirming the assessment of the penalty.
– The district court shall have authority to review the case de novo
– The court shall have authority to enter a judgment enforcing,
modifying, and enforcing as modified, or setting aside (in whole or in
part) the penalty assessment.
 Appeal of district court order to the U.S. Court of Appeals
– FERC can appeal to the U.S. Court of Appeals a district court order that
modifies or sets aside the Commission’s penalty assessment
– The subject can appeal a district court order
268
APPEALS
Settlement
Judge
FERC Orders
Rehearing
Request
Appeal
US Court of Appeals
Appeal
Supreme Court
Litigation
Judge
269
Remedies
270
REMEDIES
▫ If the Commission finds a violation it may assess the following
remedies at its broad discretion:
1. Civil penalties
2. Disgorgement of profits
3. Compliance plans
4. Other non-monetary measures
271
FERC Staff Guidance:
No-Action Letters & Guidance Letters
272
NO-ACTION LETTERS
▫ A way to obtain written advice as to whether FERC staff would
recommend that the Commission take no enforcement action with
respect to specific proposed transactions, practices or situations
▫ No-Action Letter responses provide increased certainty regarding
staff’s view on whether a particular transaction, practice or
situation would be subject to agency enforcement action
▫ Key Orders
 2005: process formalized (113 FERC ¶ 61,174)
 2008: process clarified and expanded (123 FERC ¶ 61,157)
273
NO-ACTION LETTERS
▫ Scope
 Docket No. PL08-2-000
– FERC expanded the scope of issues for
which No-Action Letter requests may
be submitted
– Any issue that falls within the
Commission’s jurisdiction, except for
issues arising under:
• Part I of the FPA
(licensing of hydroelectric projects)
• Sections 215 and 216 of the FPA
(reliability standards)
• Sections 3, 7, and 15 of the NGA
(certification of natural gas pipelines)
• Section 311 of the NGPA
(operation of LNG terminals)
274
NO-ACTION LETTERS
▫ Additional requirements:
 The request may not be anonymous
 The request must relate to a situation in which the requesting party
is or may be involved and not involve hypothetical circumstances or
completed transactions
▫ NALs are:
 Signed by representatives of the Office of the General Counsel and
the Office of Enforcement and reflect the consensus views of those
offices
 Office of Energy Market Regulation may also be consulted
▫ However, NALs are not binding
275
NO-ACTION LETTERS
▫ Confidentiality
 Once submitted, a NAL request generally may not be withdrawn
 Until a response is issued, NAL requests are treated as non-public
 Applicants can request that staff continue to treat both NAL requests
and responses as non-public for an additional 120 days after a
response is issued
 Once NAL response is public, it is posted in the Commission’s eLibrary
system in searchable format
276
GUIDANCE LETTERS
1. General Counsel Opinion Letters
 Used to provide guidance regarding interpretation of any statute or
implementing regulation under FERC’s jurisdiction
 Addressed such issues as FERC jurisdiction over natural gas
pipelines; electric energy sales, and whether certain sales would be
subject to price mitigation and must-offer obligations
 Typically prepared with input from FERC’s other offices
 The views expressed in an opinion letter are only those of the
General Counsel – not binding on FERC
 There is a filing fee associated with a General Counsel opinion letter
except for requests solely to matters under Part I of the FPA (18
C.F.R. §§ 388.104(c); 381.305)
 Opinion letters are publicly posted on eLibrary, absent
confidentiality issues
277
GUIDANCE LETTERS
2. Accounting Interpretations
 Per FERC’s USofA: to maintain uniformity of accounting, regulated
entities must submit questions of doubtful interpretations to the
Commission for consideration.
 FERC & Chief Accountant provide guidance to, and respond to inquiries
from, regulated entities on the implementation of standards issued by
the Financial Accounting Standards Board and existing/emerging
industry-wide or entity-specific accounting issues within the context of
FERC’s Uniform System of Accounts
– See Order No. PL08-2-000 at pp. 12-13
 Past guidance letters have addressed: (A) accounting for uncertainty in
income taxes, (B) accounting for the funded status of defined benefit
postretirement plans, (C) appropriate accounting treatment for
earnings on use-restricted debt funds used for construction
 Effect of guidance letters issued by Chief Accountant:
– Controlling accounting guidance for regulated entities, unless or until
superseded by rehearing or other FERC action
– non-binding on Commission
– not controlling precedent for ratemaking purposes
278
Audits – Substance & Procedures
279
AUDITS
▫ Overview
 Audits are conducted by FERC’s Division of Audits
 Most audits are initiated without any information of or allegation regarding any
specific wrongdoing (in contrast to investigations)
▫ Initial Step – Commencement Letter





Sent to Company
Sets out purpose and scope of audit
Describes audit staff’s authority to perform the audit
Identifies audit team members
Provides contact information for Enforcement staff leadership
▫ Audit team contacts company to discusses commencement letter
▫ NOTE:
 Commencement Letter is public (posted to FERC’s eLibrary)
 All information/documentation gathered during audit fieldwork is treated as nonpublic information
– exception: company’s written response to the draft audit report
280
AUDITS
▫ Fieldwork & Discovery –
Staff collects data using several techniques:
 Data Requests – primary means of obtaining audit data
– information requested may include financial information, procedures manuals,
and e-mails
– Company should institute document hold during audit
– generally treated as non-public, but may be subject to FOIA requests (assertions
of exemption from FOIA should be made at the time of production)
– Documents must be reviewed for privilege and work product
 Site Visits – auditors collect materials, review documents,
observe processes/controls, and conduct interviews
– Includes an opening & wrap-up conference with company mgmt.
 Interviews
– face-to-face or over the phone
 Analysis of publicly-available documents
– FERC filings, state filings, etc.
281
AUDITS
▫ Exit Conference
 conducted at the completion of all audit fieldwork
 discuss staff’s preliminary audit findings & recommendations with the
company
– NOTE: By this stage, staff’s preliminary findings/ recommendations have
been approved by OE leadership,
in consultation with other FERC offices
 may be conducted in person or through conference call
 discuss “next steps”
▫ Confidentiality of Fieldwork
 all information and documentation gathered during audit fieldwork is
non-public
282
AUDITS
▫ The Audit Report
 Draft Audit Report & Opportunity for Company Comments
– Once FERC Staff has completed its audit fieldwork, it provides the
company with a non-public draft audit report and discusses
preliminary findings with the company to ensure the audit report is
fair, accurate, complete, and objective
– the company has the opportunity to comment on the draft audit
findings and recommendations, as well as the facts in the report
 Final Audit Report
– after the company has the opportunity to comment, FERC will issues
a final audit report with FERC’s findings and the company’s response
– Includes: detailed description of audit findings and
recommendations, the audit methodology, and company’s written
response to draft audit report
– either issued under delegated authority by the Director of
Enforcement or approved by the Commission
– publicly reported
283
AUDITS
▫ Disposition of Contested Audit Matters
 If the company disputes any of FERC’s findings, it may dispute those findings
pursuant to procedures in FERC Order No. 675
– Company may elect:
• shortened procedure (decision upon submission of briefs); or
• trial-type procedure to challenged disputed matters
** FERC will honor the company’s choice unless it
determines that there are no material facts in dispute
a trial-type proceeding **
which require
 Referral to Division of Investigations (DOI)
– Evidence collected by Staff at any point during the audit which indicates
that a violation may have occurred may be referred to FERC DOI Staff
– The matter may be resolved during the audit or become the subject of a
separate investigation
284
AUDITS
Recap: FERC’s Audit Process in a Nutshell
Public Commencement
letter sent to the company
describing purpose and
scope of the audit
Company
comments
to FERC
staff
Staff collects
data to reach
findings &
conclusions
NO
Commission issues a final
report through Delegated
Authority or Commission
Order
YES
Company provided with
draft audit report
Company can
dispute the
findings following
procedures set
forth in the
Commission’s
regulations
FERC incorporates company
comments into Report
285
Case Study: FERC v. Barclays Bank PLC, et al.
286
Barclays Bank PLC: FERC’s Alleged facts
• Barclays & 4 traders violated FERC anti-market manipulation rules
from Nov. 2006 – Dec. 2008
• “Loss-generating” trading of day-ahead fixed price physical
electricity at CA trading points to benefit Barclay’s ICE fixed-forfloating financial swaps
• Barclays assembled large physical index positions in the opposite
direction of its fixed-for-floating financial swap positions at the
same points
• Barclays flattened its physical positions in the next-day fixed-price
markets to move the ICE daily index settlement up or down to
benefit its swap positions.
• Barclays trading was “highly coordinated and discussed amongst
the traders” daily
• Estimated losses to market participants (in the next-day fixed-price
physical markets): $139.3M
• Barclays’ flattening of physical positions through cash trading
produced significant losses; however the cash trading resulted in
gains to Barclays’ financial swap positions.
287
• This is the first time that a FERC electric
market manipulation claim is being
adjudicated in a federal district court
288
Barclays Bank PLC: Timeline
• July 2007: FERC staff initiates non-public formal investigation,
following anonymous call via FERC Enforcement Hotline
• 6/10/11: FERC Staff issues preliminary conclusions letters to
Barclays & traders
• 4/5/12: FERC Staff issues Notice of Alleged Violations involving
Barclays and four individual traders
• Settlement discussions comments, proving unproductive
• 5/3/12: Staff issues notice of intent to recommend that FERC
initiate a public proceeding (per 18 CFR 1b.19)
• 6/11/12: Barclays, et al. file responses
• 10/31/12: FERC issues Order to Show Cause; Enforcement Staff
Report & Recommendation
• 11/29/12: Barclays, et al. elects immediate penalty assessment and
de novo review by Dist. Ct.
289
Barclays Bank PLC: Timeline
• 12/14/12: Barclays, et al. files answer
▫ Barclays opposes Enforcement staff’s findings; claims that OE lacks sufficient
evidence to prove that Barclays engaged in manipulative conduct, or that
Barclays’ trades impacted market prices
• 7/16/13: FERC order finding violation and assessing civil penalties
▫ Barclays: $435M & disgorge $34.9M profits
▫ Separate individual fines to other traders between $1M and $15M
• 10/9/13: FERC files complaint with U.S. Dist. Court of Eastern CA,
asking court to affirm agency’s penalty assessment without
modification
• 12/16/13: Barclays files to dismiss for improper venue; failure to
state a claim
• 2/14/14: FERC files opposition to motion
• Hearing scheduled for 4/24/14
• 4/14/14: Court cancels hearing
290
Barclays Bank PLC: Key Issues
In addition to satisfying the applicable legal standard for finding a
violation of FERC’s anti-manipulation rule (18 CFR 1c.2), other issues are
at play:
• Statute of Limitations
▫ Barclays: Allegations are “time barred” by statute of limitations
▫ FERC cannot impose penalties more than 5 years after the conduct giving rise to
▫
▫
those penalties occurred.
Barclays & Staff entered agreements on 6/21/11 to toll SOL; Barclays argued that
FERC’s issuance of NAV on 4/5/12 terminated the tolling agreement, and the
remaining time left under the SOL has run
FERC: a NAV does not necessarily mark the end of staff’s investigation; the tolling
agreements remain in effect and the 5-year SOL has not lapsed
• Estoppel
▫ Barclays: FERC is estopped from enforcing the alleged manipulation/pursuing
▫
claims that post-date Barclays’ request to OE staff to advise them if they should
discontinue trading activity
FERC: neither Commission nor FERC is estopped, and neither waived authority
because they did not respond to B’s request for guidance during the investigation
291
Barclays Bank PLC: Key Issues
Barclays raises the following in its Motion to Dismiss: (E.D. Cal.)
• Adjudication of case in Federal Court:
▫ FERC’s 10/9/13 complaint asks court to affirm agency’s penalty assessment
without modification, while the FPA provides for de novo review by court.
▫ Barclays: FERC employed no adjudicative process prior to filing complaint, and
Barclays elected immediate penalty assessment (without ALJ hearing). Thus, FERC
proffers only factual & legal allegations.
• Improper Venue:
▫ Barclays: All alleged acts occurred at Barclay’s trading desk in NYC; no defendant
is an inhabitant of the Eastern District of CA. Barclays asks for transfer to SDNY
292
Barclays Bank PLC: Key Issues
Barclays raises the following in its Motion to Dismiss: (E.D. Cal.)
(continued)
• FERC lacks jurisdiction
▫ CFTC has exclusive jurisdiction over transactions involving the swap
contracts Barclays traded on ICE are futures contracts
▫ FERC lacks jurisdiction, since Barclays is not alleged to have
receive/delivered physical electricity – in fact FERC alleges that Barclays
structured the transactions to avoid physical delivery
▫ FERC has not adequately alleged that it has jurisdiction over Barclays’
conduct because it occurred “in connection with” FERC-jurisdictional
transactions.
▫ FERC lacks jurisdiction under FPA to bring manipulation claims against
individual traders
– FPA prohibition against manipulation applies to “any entity”, which
Barclays argues does not include natural persons
293
Barclays Bank PLC: Key Issues
Barclays raises the following in its Motion to Dismiss: (E.D. Cal.)
(continued)
• Complaint does not adequately state a claim for manipulation under
FPA
▫ FERC’s complaint acknowledges that the transactions were trades with
willing counterparties who accepted the risk of entering into contracts
opposite Barclays and pursuant to which Barclays performed its
obligations.
▫ Such open-market transactions cannot constitute the predicate for a
manipulation claim
• Statute of limitations: FERC’s allegations based on conduct prior to
12/26/07 are precluded by SOL
▫ FERC’s claim is governed by 5-yr SOL starting on date when alleged
conduct occurred
▫ Barclays entered tolling agreements with FERC, which terminated on
4/5/12 when FERC issued its NAV
▫ Barclays: FERC policy is that NAV is issued only after investigation
concludes
294
Why is this important?
• Barclays litigation calls into question the
breadth and scope of FERC’s enforcement
regime for power markets.
295
If Barclays Prevails On CFTC Exclusive
Jurisdiction
• FERC’s enforcement authority would be
significantly constrained
▫ limited only to activities within physical markets
▫ cross-market (physical/financial) transactions
would be solely within the CFTC’s jurisdiction
296
If Barclays Prevails On Physical Delivery
Requirement
FERC’s authority would be seriously limited
• The power market contains multiple types of physical
contracts that may not result delivery. The following types of
transactions could be outside FERC’s jurisdiction:
▫ forward power transactions that “booked out” or subject to other
▫
▫
▫
market arrangements;
dispatchable power purchase agreements involving power plants
that do not result in physical delivery of power unless the plant is
dispatched;
options on the physical sale/delivery of power that do not result in
physical delivery unless option is exercised
capacity products and markets that represent the ability to
generate power but do not involve physical deliveries
virtual markets in FERC-regulated RTOs
▫
In short, FERC’s enforcement authority would not be triggered
unless and until power flowed over a transmission line or was
delivered pursuant to a contract
297
If Barclays Prevails On Open Market
Transactions
• FERC could only bring a manipulation claim for
transactions involving direct fraud.
▫ A marketer’s scheme to lose money in open market
transactions with will counterparties – to benefit
positions in other markets – would be beyond
FERC’s enforcement jurisdiction
298
Bottom Line
• If FERC prevails:
▫ expanded enforcement authority, involving physical
transactions and other transactions “in connection
with”
• If Barclays prevails:
▫ limited view of enforcement authority, just
fraudulent transactions involving physical
transmitted or delivered power
299
Case Study: Deutsche Bank
300
Deutsche Bank AG unit
• In December 2011, FERC accused a Deutsche Bank AG unit of
engaging in market manipulation by trading energy in the
California ISO to boost its congestion revenue rights positions,
and creating schedules in which no power was transmitted.
• FERC issued an Order to Show Cause to Deutsche Bank Energy
Trading LLC to show:
▫ Why it should not be found to have violated the Anti-Manipulation Rule
of the Federal Power Act; and
▫ Why it should not be found to have violated the accuracy requirements
of the Commission’s regulations.
• On January 22, 2013 the Commission approved a Stipulation and
Consent Agreement between the Office of Enforcement and
Deutsche Bank resolving the proceeding.
▫ Determined that DB did engage in market manipulation
▫ Civil penalty of $1,500,000
▫ Disgorgement of $172,645 in profits
▫ Compliance and reporting requirement
301
FERC GUIDANCE ON PENALTIES AND MITIGATION
Craig Silverstein
PENALTIES UNDER THE FPA
• FERC has had investigative and penalty authority for
a long time, but it was limited and always treated as
subordinate to its responsibilities as a rate regulator.
• 2000-2001 Western Energy Crisis and Enron
meltdown, and to a lesser extent the emergence of
markets and RTOs, changed everything.
• 2002: Office of Market Oversight and Investigation
(OMOI) created, and first major action was a factfinding investigation to figure out what went wrong.
303
PENALTIES UNDER THE FPA
• By 2003, major cases with dozens of parties were
underway to figure out what went wrong in the
wholesale electric markets.
• By this point, the “Enron Memo” was out, and FERC
OMOI was looking into both simple and advanced
strategies to manipulate energy prices:
▫ Trading schemes like Fat Boy, Get Shorty, Death
Star, were investigated.
▫ Accuracy of reporting transactions also became a
concern.
• FERC started to change its rules, particularly those
relating to regulated entities, but told Congress that
its enforcement authority had no teeth beyond
disgorgement of profit.
304
PENALTIES UNDER THE FPA
In 2005, Congress gave FERC what it wanted in the Energy
Policy Act of 2005:
• Expanded the Commission's FPA civil penalty authority to
cover violations of any provision of Part II of the FPA, as
well as of any rule or order issued there under.
• Extended the Commission's civil penalty authority to
cover violations of the NGA or any rule, regulation,
restriction, condition, or order made or imposed by the
Commission under NGA authority.
• Established the maximum civil penalty the Commission
may assess under the NGA, NGPA, or Part II of the FPA as
$1,000,000 per violation per day.
305
PENALTIES UNDER THE FPA
306
PENALTIES UNDER THE FPA
• We’ve got the power, what now?
• Civil penalties in the earlier years were not that
large, but started growing:
▫ 2007: 12 cases, ranging from $300k to $10 M
▫ 2008: 10 cases, ranging from $250k to $5 M
▫ 2009: 15 cases, ranging from $300k to $25 M
• More parties under investigation, more people
clamoring for transparency in how FERC
Enforcement was determining penalties.
• Dec. 2006: Process for Assessing Civil Penalties
307
CREATION OF PENALTY GUIDELINES
• In 2010 FERC issued guidance:
▫ March 2010: Enforcement of Statutes, Orders, Rules, and
Regulations, 130 FERC ¶ 61,220 (2010) (Policy Statement
on Penalty Guidelines).
▫ April 2010: the Commission suspended the Policy
Statement on Penalty Guidelines and application of the
Penalty Guidelines to allow 60 days within which comments
could be submitted. Workshops held in several cities.
▫ September 2010: Enforcement of Statutes, Orders, Rules,
and Regulations, 132 FERC ¶ 61,216 (2010) (Revised Policy
Statement on Penalty Guidelines)
308
CREATION OF PENALTY GUIDELINES
• “The modified Penalty Guidelines will play a significant role in our
determinations of civil penalties and will add greater fairness, consistency,
and transparency to our enforcement program. These Penalty Guidelines
continue to base penalties on the same factors as those present in our
policy statements on enforcement, but do so in a more focused manner
by assigning specific and transparent weight to each factor. For example,
we will continue to base penalties on the seriousness of the violation,
measured in large part by the harm or risk of harm caused, an
organization’s efforts to remedy the violation, as well as other culpability
factors, such as senior-level involvement, prior history, compliance, selfreporting, and cooperation. While these factors remain the same,
organizations will now know with more certainty how each is applied. At
the same time, the modified Penalty Guidelines do not restrict our
discretion to make an individualized assessment based on the facts
presented in a given case.”
309
FERC’S PENALTY GUIDELINES
Five-step process:
Step One: Determine the Base Violation Level
Step Two: Adjust the Base Level Violation to reflect
ƚŚĞƐĞƌŝŽƵƐŶĞƐƐŽĨƚŚĞŽī ĞŶƐĞї &ŝŶĂůs ŝŽůĂƟŽŶ
Level.
Step Three: Calculate a Base Penalty
Step Four: Calculate a Culpability Score.
Step Five: Multiply the Base Penalty Amount (from
Step Three) by the Multipliers (from Step Four).
310
FERC’S PENALTY GUIDELINES
Fraud, Anticompetitive Conduct and other Rule,
Tariff and Order Violations
Start with a Base Violation Level 6 and
Increase level from 0 to 30 depending on the size
of the loss resulting from violation
Increase level from 2 to 6 depending on the
amount of the electricity or natural gas involved
Increase level from 2 to 6 depending on the
duration of the violation
311
FERC’S PENALTY GUIDELINES
Intentional or Reckless Misrepresentations and
False Statements to FERC
Start with a Base Violation Level 18 and
Increase by 3 levels if violation resulted in
substantial interference
Increase by 2 levels if evidence was fabricated,
destroyed
312
FERC’S PENALTY GUIDELINES
Reliability Standards
Start with a Base Violation Level 6 and
Increase up to 26 levels depending on the risk of
harm resulting from violation
Increase up to 32 levels depending on the loss of
firm load
313
FERC’S PENALTY GUIDELINES
Culpability Score (Add/Subtract)
Add
1 point (ten or more employees) to 5 points (5,000 or more
employees)
2 points (violation of FERC order)
3 points for obstructing justice during investigation
Subtract
2 points for self-report
1 point for full cooperation
1 point for settling (i.e. no hearing)
1 point for accepting responsibility for violation
314
FERC’S PENALTY GUIDELINES
FERC still has discretion in the application of the
Guidelines:
• The Guidelines do not affect Staff’s exercise of discretion
to close investigations and self-reports without
sanctions.
• The Commission may depart from application of the
Guidelines if appropriate.
315
DISGORGEMENT AS A REMEDY
• When disgorgement is ordered, the amount
disgorged may be refunded to the party “harmed”
by the violation, or, if FERC determines that it
would be inappropriate to refund to that party or
that it is not possible to determine who that party
would be, FERC may direct that the amount
disgorged be paid to an energy assistance
program.
316
USING THE PENALTY GUIDELINES: EXAMPLE
•
For a 90-day period, a small natural gas marketer (52
employees), without an effective Asset Management
Agreement, and as part of tied arrangement released 25,000
MMBtu/day of capacity on an interstate pipeline. The
additional compensation from the “tying arrangement”
exceeded the pipeline’s applicable maximum rate by $0.40
MMBtu. Marketer, which does not have effective compliance
program, had an inkling that the transaction might violate a
FERC rule, but never bothered to explore. Eventually, marketer
was referred to the Enforcement Hotline by an anonymous
caller (likely a competitor). Marketer was dismayed, destroyed
a couple incriminating e-mails, and misled the FERC Staff during
the initial part of the investigation. Ultimately, however, the
marketer assumed responsibility for the violation and
informally resolved the investigation through settlement
317
USING THE PENALTY GUIDELINES: EXAMPLE
• Two discernable violations to
•
•
•
•
•
calculate: Violation of a FERC
Order and Misrepresentation.
90 day period
$900k profit
No compliance program
Destroyed documents
Reported to FERC
• Only smart thing the entity did
was settle!
318
Application of Penalty Guidelines
Violation of FERC Order
Step 1:
6
Base Violation Level for violation of FERC orders
(tying prohibition)
Step 2:
+
+
Step 3:
14
6
More than $400,000 loss ($900,000 – see above)
More than 700,000 MMBtu
26
Final Violation Level
$3,700,000 Base Penalty (from a Table in the Revised Policy Statement)
Step 4:
5
Starting Culpability Score
+
2
More than 50 employees and willful ignorance of violation
+
3
Obstruction of justice
1
Informal Resolution
1
Accepting Responsibility
8
Final Culpability Score
► Minimum Multiplier 1.6
► Maximum Multiplier 3.2
Step 5:
Penalty Range
$3,700,000 (Base Penalty) x 1.6 (Minimum Multiplier) = $5,920,000*
$3,700,000 (Base Penalty) x 3.2 (Maximum Multiplier) = $11,840,000*
319
Application of Penalty Guidelines
Misrepresentation
Step 1:
18
Step 2:
+
Step 3:
Base Violation Level involving reckless misrepresentation
to FERC Staff
2
Document destruction
20
Final Violation Level
$650,000
Base Penalty
Step 4:
5
Starting Culpability Score
2
More than 50 employees and willful ignorance of violation
3
Obstruction of justice
1
Informal Resolution
1
Accepting Responsibility
8
Final Culpability Score
► Minimum Multiplier 1.6
► Maximum Multiplier 3.2
+
+
-
Step 5:
Penalty Range
$650,000 (Base Penalty) x 1.6 (Minimum Multiplier) = $1,040,000*
$650,000 (Base Penalty) x 3.2 (Maximum Multiplier) = $2,080,000*
320
Using the penalty guidelines:
EXAMPLE
Total:
Disgorgement of $900,000
(25,000 x 90 x .40)
Penalty for the order violation:
between $5,920,000 and
$11,840,000*
Penalty for the misrepresentation:
between $1,040,000 and
$2,080,000*
Penalty amount could be in either
range or cumulative for both
ranges, that is, from $1,940,000 to
$14,820,000 (including
disgorgement)
321
PENALTIES UNDER THE FPA
Total Civil Penalties assessed for all years 2007 to present: $602,329,786
Total Civil Penalties does not include the $30,000,000 assessed in Hunter and
overturned on jurisdictional grounds by the U.S. Court of Appeals for the
District of Columbia Circuit. Also does not include penalties proposed or
assessed in the following currently pending matters: $28,000,000 in BP
America Inc., et al.; $453,000,000 in Barclays Bank PLC, et al.; $5,000,000
assessed in Lincoln Paper and Tissue, LLC; $7,500,000 assessed in Competitive
Energy Services, LLC; or $1,250,000 assessed in Richard Silkman.
Total Disgorgement ordered for all years 2007 to present: $299,699,982
Total Disgorgement does not include amounts ordered in the following
currently pending matters: $34,900,000 ordered in Barclays Bank PLC, et al.;
$379.016 ordered in Lincoln Paper and Tissue, LLC; or $166,841 ordered in
Competitive Energy Services, LLC.
322
OTHER PENALTIES
•
•
•
•
Revocation of Market-Based Rate Authority
Ban specific traders
Require detailed reporting to FERC for a period of years
Spend $$$ on a compliance program and training
COMPLIANCE BEST PRACTICES
FERC’s Suggestions For a Compliance
Program
FERC has stated that an effective compliance program will
have the following two goals:
(1)
(2)
exercising due diligence to prevent and
detect violations; and
promoting an organizational culture that
encourages a commitment to compliance
with the law.
When deciding the amount of civil penalties, FERC will give
serious consideration to whether a regulated entity has a
compliance program.
325
The seven components to achieve these two goals are as follows:
(1) Adopting standards and procedures to prevent and detect
violations;
(2) Involving the highest governing body of the organization, e.g., the
Board of Directors, in the compliance program and assigning overall
responsibility for the program to high level personnel;
(3) Preventing individuals, whose previous conduct would have been
inconsistent with an effective compliance program, from having
substantial authority within the organization;
(4) Communicating, through effective training or otherwise
disseminating information, the current standards, procedures and
other aspects of the compliance program;
(5) Taking reasonable steps to (i) detect violations, including adopting
an employee hotline, and (ii) evaluate the effectiveness of the
compliance program;
(6) Using both carrots (incentives) and sticks (disciplinary actions) with
employees to achieve compliance; and
(7) Reporting any violations without "unreasonable delay", while taking
appropriate steps to prevent future violations.
See Enforcement of Statutes, Orders, Rules and Regulations,132
FERC ¶ 61,216 (2010).
326
Attributes of a Culture of Compliance
“ … if a company acts aggressively to adopt,
foster, and maintain an effective corporate culture
of compliance, and has in place rigorous
procedures and processes that provide effective
accountability for compliance, but a violation
nonetheless occurs, the Commission may provide
a significant reduction in, or even in some cases
the elimination of, the civil penalty that otherwise
would be imposed.”
Compliance with Statutes, Regulations and Orders, 125 FERC ¶ 61,058 at P 4
(October 16, 2008).
327
Attributes of a Culture of Compliance
I.
Actions of Senior Management.
“[T]he responsibility for a culture of compliance rests
squarely on the shoulders of senior management.”
Common steps senior management should take:
•
communicate its commitment to compliance frequently,
both formally and informally, to employees;
•
set aside the time necessary to address compliance issues
as they arise, both to vet proposed actions to avoid
violations and to address misconduct if it should occur;
•
actively encourage employees to raise questions and to
obtain the views of supervisors or designated compliance
personnel;
•
assure that designated compliance personnel are actively
included in the development of new transaction structures
or business initiatives.
Compliance with Statutes, Regulations and Orders, 125 FERC ¶ 61,058 at PP 13-15.
328
Attributes of a Culture of Compliance
II.
Effective Preventive Measures
•
Careful hiring, training, accountability, and supervision;
•
Effective compliance program with periodic reviews;
•
Systematic preventive measures.
“The Commission will take into account the size of a
company and the nature and extent of its jurisdictional
activities in reviewing the adequacy of preventive
measures undertaken.”
Compliance with Statutes, Regulations and Orders, 125 FERC ¶ 61,058 at PP 16-17.
329
Attributes of a Culture of Compliance
III.
Prompt detection, cessation, and reporting of the offense
•
Prompt detection (comprehensive internal monitoring system,
actively-promoted company hotline, or other measures to
ensure that transactions are reviewed for conformance to
regulatory requirements on a real-time basis). “Violations
discovered as a result of systematic internal auditing and
supervision programs normally will be given substantial
credit.”
•
Cessation –- “expeditiously.”
•
Prompt reporting. Should report shortly after discovery, or at
least call Enforcement staff to inform of internal investigation.
“[C]ompanies that fail to report violations discovered as a
result of improved compliance monitoring can expect to be
penalized far more severely than if they self-report such
violations.”
Compliance with Statutes, Regulations and Orders, 125 FERC ¶ 61,058 at PP 18-20.
330
Attributes of a Culture of Compliance
IV. Remediation
•
Disciplinary action to employee (case-specific).
•
Implementation of new or modified perspective
controls (case-specific).
Compliance with Statutes, Regulations and Orders, 125 FERC ¶ 61,058 at P 21.
331
Action Items
1. Management Involvement
2. Chief Compliance Officer
3. Internal Hotline
4. Regular Training
332
CONCLUSION & QUESTIONS