Responding to calls from the regulated energy industry for more detailed guidance on compliance best practices, on October 16, 2008, the Federal Energy Regulatory Commission (FERC) issued its Policy Statement on Compliance.1 The new compliance policy expands on previous FERC guidance on the factors that FERC will apply in assessing a civil penalty for violations of its statutes, regulations and orders. FERC states that, where a violation is not serious and the entity has adhered to four key compliance factors, the Commission may reduce or eliminate altogether a civil penalty. Although the new compliance policy may not be as clear or go as far as some in the industry may have wanted, it is a significant step in FERC’s evolving enforcement policy.
As further encouragement by the Commission for regulated entities to develop and maintain strong compliance programs to detect and remedy violations, FERC also recently issued a warning to natural gas pipelines with respect to compliance with a particular FERC policy.2 In Southern Star Central Gas Pipeline, Inc. (Southern Star), FERC noted that a routine audit by the Office of Enforcement, Division of Audits, had uncovered several violations of FERC regulatory requirements, including the requirement that pipelines file contracts that materially deviate from the pipeline’s pro forma service agreement in its tariff.3 FERC declined to assess civil penalties against Southern Star, but in a separate statement warned pipelines that they face the risk of civil penalties for failure to comply with FERC’s policy on material deviations.
Moving Towards Stronger Compliance Programs
FERC Chairman Joseph T. Kelliher has consistently emphasized his goal of creating a “culture of compliance” in the energy industry. Much to the regulated energy industries’ dismay, however, until recently, FERC had provided little guidance on what FERC considers to be the essential elements of a strong compliance program and the extent to which a strong compliance program may mitigate a civil penalty for violations of FERC’s regulatory policies.
Beginning with its October 2005 Policy Statement on Enforcement, FERC set out to provide guidance to the industry on “the factors we take into account in determining the severity of penalties to be imposed for violations.”4 In the Enforcement Policy Statement, FERC stated that, in determining the appropriate civil penalty, it would consider the seriousness of the offense and how the company reacted to the wrongdoing.5 To assess the company’s reaction, FERC considers “steps taken by entities to prevent, monitor, and immediately stop misconduct, to report violations to the Commission, and to cooperate with the Commission’s enforcement actions.”6
As FERC began to exercise its civil penalty authority in individual enforcement actions, however, several industry trade groups identified a ”disconnect” between the level of civil penalties imposed by FERC and the factors set forth in the Enforcement Policy Statement.7 To the industry, it was unclear how much credit FERC afforded for each of the mitigating factors. To remedy this disconnect, the industry suggested that “FERC should offer amnesty under appropriate circumstances for certain types of violations”8 and adopt and publicly issue a penalty schedule with “gradations of civil penalties based on the seriousness of the offense and the harm to the market.”9
In 2008, FERC responded to these industry concerns with its Revised Policy Statement on Enforcement.10 Although FERC did not adopt the specific industry recommendations from the Enforcement White Paper, it clarified that “the most important [factors] in determining the amount of the penalty are the seriousness of the offense and the strength of the entity’s commitment to compliance.”11 The Revised Policy Statement listed three compliance measures that FERC would consider in evaluating a company’s commitment to compliance:
(i) systems and protocols for monitoring, identifying, and correcting possible violations, (ii) a management culture that encourages compliance among company personnel, and (iii) tools and training sufficient to enable employees to comply with Commission requirements.12 FERC also suggested some specific actions that companies could take which “point to a strong compliance culture,” including:
- preparing an inventory of compliance risks and practices;
- designating a Compliance Officer who reports to the CEO;
- sufficiently funding the compliance program;
- identifying measurable performance targets;
- tying compensation to compliance;
- providing for disciplinary consequences for FERC infractions;
- providing frequent and mandatory training; • implementing an internal Hotline for anonymously reporting suspected compliance issues; and
- implementing a comprehensive compliance audit program.13
Notwithstanding the guidance on developing compliance programs that FERC provided in the Revised Enforcement Policy Statement, given the importance of maintaining a strong compliance program in FERC’s calculation of a civil penalty, at the July 8, 2008 FERC staff workshop on compliance, industry representatives asked FERC for even more concrete guidance on compliance best practices.
FERC Identifies Four Key Compliance Factors
Responding again to industry concerns on how FERC will evaluate compliance programs, on October 16, 2008, FERC issued its Compliance Policy Statement. Noting that the Compliance Policy Statement is intended to supplement the Revised Enforcement Policy Statement, FERC noted that “the elements noted in the Revised Policy Statement can be helpful, but should be tailored, along with other appropriate measures to create a compliance program that best fits the needs of each individual company.”14 Accordingly, FERC declined to “spell out what constitutes an effective compliance program in all circumstances,”15 but rather, identified and discussed “four key compliance factors that may lead to the reduction or even elimination of a civil penalty.”16
Actions of Senior Management. For FERC, the task of “[d]eveloping a strong and continued culture of compliance” falls squarely on the shoulders of senior management: “the best compliance program will not succeed unless senior management actively embraces the importance of compliance and sets the standard within a company for proactive compliant behavior.”17 Some “common steps that senior management can take to instill a culture of compliance” include:
- providing adequate funds and resources for compliance;
- communicating its commitment to compliance frequently, both formally and informally to employees;
- setting aside the time necessary to address compliance issues as they arise and to vet proposed actions to avoid violations;
- encouraging employees to raise compliance questions and to consult supervisors and designated compliance personnel;
- ensuring that designated compliance personnel are actively involved in business development activities;
- ensuring the designated compliance personnel are able to function independently and to bring compliance matters directly to the board of directors; and
- developing compensation and reporting structures to ensure that all employees follow senior management’s lead in embracing a strong compliance culture.18
Effective Preventive Measures. An effective compliance program will have “systematic and preventive measures (such as careful hiring, training, accountability, and supervision) . . . .”19 According to FERC, “[i]t is not enough to create a good compliance program on paper; the company must carry through to implement the program with effective accountability for compliance and periodic review and evaluation of the effectiveness of the program.”20 FERC recognizes that even a strong compliance, fully supported by senior management, may not be able to prevent misconduct by rogue employees not adhering to direction from the company, but, if such violations do occur, FERC will nonetheless be able to assess the degree to which a company demonstrated a serious commitment to establishing effective preventive measures and may reduce the amount of a civil penalty for such violations.21
Prompt Detection, Cessation, and Reporting of the Offense. FERC expects that a strong compliance program may detect violations either through a “high quality and comprehensive internal monitoring system, or actively-promoted company hotline, or other measures to ensure that transactions are reviewed for conformance to regulatory requirements on a real-time basis.”22 FERC recognizes that a company’s inquiry into conduct by its employees may take time, and, as such, there “is no specific amount of time by which a company must find or report a violation in order to be considered prompt.”23 FERC does expect, however, that once a company determines that a violation has occurred, it “will act expeditiously to end the wrongful conduct and will report it promptly.24 A company will receive credit for prompt reporting if it reports a violation to Enforcement staff shortly after discovery, or if it calls Enforcement staff to let staff know the company is investigating a matter.”25 Because a strong compliance program may result in an increase in discovered violations, FERC also recognized the importance of self-reporting such violations: “companies that fail to report violations discovered as a result of improved compliance monitoring can expect to be penalized far more severely than if they self-report such violations.”26
Remediation. FERC “will weigh the response of a company to misconduct that it discovers in determining whether civil penalty reduction is appropriate . . . .”27 When a violation is discovered, a company should consider whether “new or modified prospective controls are needed to prevent a recurrence” of the violation.28 A company should also consider whether “disciplinary action is appropriate (e.g., reprimand, suspension, reduction in pay or bonus, termination, etc.) . . . .”29 Consideration of this factor is inherently fact-specific.30
Where the Four Key Compliance Factors Are Present, FERC May Reduce or Eliminate a Civil Penalty
Although the Revised Enforcement Policy Statement clarified that the “seriousness of the offense and the strength of the entity’s commitment to compliance” are the two most important factors in assessing a civil penalty,31 this guidance did not provide additional clarity on how, quantitatively, the presence of a strong compliance program may reduce a civil penalty.32 In the Compliance Policy Statement, FERC moved to provide a bit more of this quantitative clarity by describing circumstances under which a civil penalty may be completely eliminated. According to FERC:
for complete elimination of a civil penalty, a company must affirmatively demonstrate (1) that its violation was not serious and (2) that its senior management has made a commitment to compliance, that the company adopted effective preventive measures, that when a violation is detected it is halted and reported to the Commission promptly, and that company took appropriate remediation steps. All of the components must be present for complete elimination of a civil penalty; reduction of the penalty will be considered where the company meets all of the requirements. The Commission retains discretion to determine whether the actions taken by a company are sufficient to meet the requirements.33
Where there is a serious violation (for example, a violation that involves “significant harm, risk of significant harm, or damage to the integrity of the Commission’s regulatory program”)34 a reduction in a civil penalty may be warranted where a company has “a demonstrated commitment to compliance.”
Whether FERC’s Compliance Policy Statement will provide the certainty as to how FERC will determine what constitutes a strong compliance program that the regulated industries desire will depend on how FERC’s new compliance policy is implemented in future cases. To be sure, FERC’s guidelines on the key factors of strong compliance programs and the discretion that it has reserved for itself in evaluating compliance programs, are far from an objective model compliance program that companies could take off the shelf and tailor to their own needs.35 At this point, FERC-regulated companies would be well-advised to take stock of their internal compliance programs to ensure that the programs adequately address the four key compliance factors identified in the Compliance Policy Statement.
FERC’s Warning to Pipelines on Noncompliance Risk Highlights the Importance of Maintaining a Strong Compliance Program
The Commission’s recent Order issued to Southern Star approving an audit report by the Office of Enforcement’s Division of Audits, finding several violations of FERC policies and warning to pipelines on the importance of complying with FERC’s policy on filing material deviations in gas transportation contracts is a further incentive for pipelines to review their compliance procedures. In Southern Star, FERC approved an audit report finding that the pipeline had violated several FERC regulatory requirements, including failing to properly file its index of customers, failing to properly post capacity under one expiring contract, failing to comply with FERC Form No. 2 filing requirements and failing to post transactional and available capacity reports.36
FERC was “especially troubled by the company’s failure to file material deviations from the pro forma service agreement in its tariff, in violation of 18 C.F.R. § 154.1(d) (2008).”37 Noting the importance of its policy requiring pipelines to file non-confirming contracts, FERC stated that it “must be able to review agreements entered into by the parties that deviate from the pro forma service agreement to meet its obligations under the Natural Gas Act to assure that the agreement is just and reasonable. Pipelines’ failure to file non-conforming agreements imperils the Commission’s responsibility under the Natural Gas Act to assure that the agreements are just and reasonable and not unduly discriminatory.”38 Following a routine audit, FERC’s Division of Audits found that of the 272 individual contracts reviewed, 25 of the contracts contained material deviations from Southern Star’s pro forma service agreement.39
FERC noted that “the level of Southern Star’s violations was such that we seriously considered penalties as a remedy,” but decided not to assess a civil penalty because most of the contracts had been entered into by Southern Star’s predecessor.40 In reaching its decision not to impose a civil penalty, FERC also cited Southern Star’s exemplary cooperation during the audit and prompt implementation of remedial measures.41 Noting the Division of Audits’ finding that Southern Star did not have an effective regulatory compliance program, FERC required Southern Star to implement a comprehensive regulatory compliance program.42
In order to send a message to the rest of the pipeline industry on the importance of the FERC’s policy on material deviations, FERC stressed to
Southern Star and all other pipelines within our jurisdiction that we will not be inclined to be so lenient if we discover similar violations in the future. The rules regarding pipelines’ tariffs that govern the provision of accessible and properly priced transportation service to their customers are too important to the efficient operation of the natural gas grid and markets for the Commission to do otherwise. Accordingly, the Commission will not hesitate to exercise the Natural Gas Act’s penalty authority in appropriate circumstances in the future to deter such action.43
FERC’s statement on the importance of its material deviations policy to the “efficient operation of the natural gas grid and markets” leaves little doubt that, under the damage-to-the-integrity-of-aregulatory- program standard from the Compliance Policy Statement,44 FERC would consider a material deviation violation to be a “serious” violation. A few days after it issued the Southern Star order, FERC also issued an Alert to pipelines to “warn natural gas pipeline companies that they face the risk of penalties if they have not filed with the Commission contracts that do not conform with their pro forma open access tariffs."45
The routine circumstances in which the violations of the material deviation policy were discovered in Southern Star, the serious nature of these violations and recent guidance from the Compliance Policy Statement, demonstrate the substantial civil penalty risk that a pipeline with material deviations that have not been filed with FERC faces in today’s regulatory environment. To illustrate this risk, consider that if FERC found one contract with a material deviation to be a violation and that contract had been in effect for a year without having been filed, the pipeline could be facing a maximum civil penalty of $365 million based on FERC’s $1,000,000 per day, per violation civil penalty authority under the Natural Gas Act.46 Consider also that in 2008 the Division of Audits conducted 21 non-financial audits (like the one in Southern Star) of public utilities and natural gas pipeline and storage companies.47 Even assuming that less than half of these audits were conducted on natural gas companies, it is possible that FERC may have audited ten pipeline and storage companies. Surely, no pipeline or storage company would want to take the risk of finding itself the target of a FERC audit and not having a strong compliance program in place to mitigate the possibility of a civil penalty for any violation that might be discovered.