What is an Internal Compliance Program (ICP)?

Compliance is an integral part of everyone’s day-to-day activities.  Whether it be Operations personnel or those in Management, each is responsible for incorporating all aspects of compliance activities, documentation, training, and reporting into their daily operations.  That’s where an Internal Compliance Program comes into play…

An ICP is, in essence, another Procedure developed to detect and prevent company violations of NERC Electric Reliability Standards.  The Federal Energy Regulatory Commission (FERC) has stated on numerous occasions that it expects to see a "culture of compliance" in place and in force for each registered entity.

Although Internal Compliance Programs are not mandatory, FERC has been consistent in their message that if a company acts aggressively to adopt, foster, and maintain an effective corporate culture of compliance, and has in place rigorous procedures and processes that provide effective accountability for compliance, but a violation nonetheless occurs, the Commission may provide a significant reduction in, or even in some cases the elimination of, the civil penalty that otherwise would be imposed.  This has been noted in several FERC policy statements that I’ve referenced and linked for you at the end of this article.

Factors that FERC is looking for in an ICP are specified in their Revised Policy Statement on Enforcement.  Along with this, the Regional Compliance Implementation Group (a working group overseen by NERC’s Regional Entity Management Group) developed a Policy Statement to create a Compliance Guidance Document that outlines attributes of a good compliance program.

Some finer points from both of these sources include the following:

  • Have a well-documented Internal Compliance Program (ICP).
  • Disseminate the ICP throughout the entity.
  • Name and staff an ICP oversight position.
  • The ICP oversight position is supervised at a high level in the entity.
  • The ICP oversight position should have independent access to the CEO and/or Board of Directors.
  • The ICP is operated and managed so as to be independent of those responsible for compliance with the Reliability Standards.
  • The ICP has the support and participation of senior management (Officer Level).
  • The entity regularly review and modify its ICP.
  • The ICP includes appropriate and sufficient training for all the staff.
  • The ICP includes formal, internal self-auditing for compliance with all applicable Reliability Standards on a set periodic basis.
  • The ICP includes disciplinary action for employees involved in violations of the Reliability Standards, if appropriate.
  • The ICP has internal controls including self-assessment and self-enforcement to prevent reoccurrence of Reliability Standard violations.
  • The ICP provides sufficient funding for the administration of compliance programs by the Compliance Officer.
  • The ICP promotes compliance by identifying measurable performance targets.
  • The ICP ties regulatory compliance to personnel assessments and compensation, including compensation of management.
  • The ICP provides for disciplinary consequences for infractions of Commission requirements.
  • The ICP provides frequent mandatory training programs, including relevant ‘real world’ examples and a list of prohibited activities.
  • Implement an internal Hotline through which personnel may anonymously report suspected compliance issues.
  • Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board.

It may seem like a huge undertaking, but can be well worth the effort.  Take some time and develop a comprehensive Internal Compliance Program (ICP), it’s good business practice and can help mitigate a penalty.  If you need help, let me know, it’s one of the great services my team provides!

For additional reading regarding the benefits of an ICP, go to:

FERC Revised Policy Statement on Enforcement – Docket No. PL08-3-000 (May 15, 2008)
FERC Policy Statement on Compliance – Docket No. PL-09-1-000 (Oct 16, 2008)
FERC Revised Policy Statement on Penalty Guidelines – Docket No. PL10-4-000 (Sep 17, 2010)

Latest News

Focusing on NERC O&P and CIP Compliance Program Management

Proven Compliance Solutions Inc. –Focusing on NERC O&P and CIP Compliance Program Management 

Searching for an efficient, cost effective solution to managing North American Electric Reliability Corporation (NERC) compliance efforts? Proven Compliance Solutions Inc. (PCS) is making that solution a reality.

Managing NERC compliance internally, but failing to dedicate the appropriate amount of resources to reliability compliance responsibilities can cause negative impacts and may be costing far more in both loss of productivity and risk exposure. Adding the PCS Compliance Team is a cost-effective approach to meeting NERC reliability compliance obligations.

Read more ...

Proven Compliance Solutions Inc. Announces the Addition of Sandra Pea as Senior Reliability Compliance Manager

Proven Compliance Solutions Inc. (PCS), industry recognized for its excellence in North American Electric Reliability Corporation (NERC) Reliability Standards Compliance Consulting Services, is pleased to announce the addition of Sandra Pea to its team, once again strengthening its industry experience, operational expertise and program management skills.  Sandra is an accomplished NERC Compliance Program Manager with extensive expertise in risk and compliance management for both Operations and Planning (O&P) and Critical Infrastructure Protection (CIP).

Read more ...

Proven Compliance Solutions Inc. Announces the Addition of Rick Terrill, P.E. as the Director of NERC Consultation Services

Rick Terrill brings a tremendous amount of operations and compliance experience to PCS and is highly respected among industry peers for his participation and active leadership role with NERC and TRE/ERCOT.

Read more ...