What is an Internal Compliance Program (ICP)?

Compliance is an integral part of everyone’s day-to-day activities.  Whether it be Operations personnel or those in Management, each is responsible for incorporating all aspects of compliance activities, documentation, training, and reporting into their daily operations.  That’s where an Internal Compliance Program comes into play…

An ICP is, in essence, another Procedure developed to detect and prevent company violations of NERC Electric Reliability Standards.  The Federal Energy Regulatory Commission (FERC) has stated on numerous occasions that it expects to see a "culture of compliance" in place and in force for each registered entity.

Although Internal Compliance Programs are not mandatory, FERC has been consistent in their message that if a company acts aggressively to adopt, foster, and maintain an effective corporate culture of compliance, and has in place rigorous procedures and processes that provide effective accountability for compliance, but a violation nonetheless occurs, the Commission may provide a significant reduction in, or even in some cases the elimination of, the civil penalty that otherwise would be imposed.  This has been noted in several FERC policy statements that I’ve referenced and linked for you at the end of this article.

Factors that FERC is looking for in an ICP are specified in their Revised Policy Statement on Enforcement.  Along with this, the Regional Compliance Implementation Group (a working group overseen by NERC’s Regional Entity Management Group) developed a Policy Statement to create a Compliance Guidance Document that outlines attributes of a good compliance program.

Some finer points from both of these sources include the following:

  • Have a well-documented Internal Compliance Program (ICP).
  • Disseminate the ICP throughout the entity.
  • Name and staff an ICP oversight position.
  • The ICP oversight position is supervised at a high level in the entity.
  • The ICP oversight position should have independent access to the CEO and/or Board of Directors.
  • The ICP is operated and managed so as to be independent of those responsible for compliance with the Reliability Standards.
  • The ICP has the support and participation of senior management (Officer Level).
  • The entity regularly review and modify its ICP.
  • The ICP includes appropriate and sufficient training for all the staff.
  • The ICP includes formal, internal self-auditing for compliance with all applicable Reliability Standards on a set periodic basis.
  • The ICP includes disciplinary action for employees involved in violations of the Reliability Standards, if appropriate.
  • The ICP has internal controls including self-assessment and self-enforcement to prevent reoccurrence of Reliability Standard violations.
  • The ICP provides sufficient funding for the administration of compliance programs by the Compliance Officer.
  • The ICP promotes compliance by identifying measurable performance targets.
  • The ICP ties regulatory compliance to personnel assessments and compensation, including compensation of management.
  • The ICP provides for disciplinary consequences for infractions of Commission requirements.
  • The ICP provides frequent mandatory training programs, including relevant ‘real world’ examples and a list of prohibited activities.
  • Implement an internal Hotline through which personnel may anonymously report suspected compliance issues.
  • Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board.

It may seem like a huge undertaking, but can be well worth the effort.  Take some time and develop a comprehensive Internal Compliance Program (ICP), it’s good business practice and can help mitigate a penalty.  If you need help, let me know, it’s one of the great services my team provides!

For additional reading regarding the benefits of an ICP, go to:

FERC Revised Policy Statement on Enforcement – Docket No. PL08-3-000 (May 15, 2008)
FERC Policy Statement on Compliance – Docket No. PL-09-1-000 (Oct 16, 2008)
FERC Revised Policy Statement on Penalty Guidelines – Docket No. PL10-4-000 (Sep 17, 2010)

Latest News

Proven Compliance Solutions Inc. adds Jared Shakespeare to its NERC Critical Infrastructure Protection Compliance Staff

Proven Compliance Solutions Inc. (PCS), industry recognized for its excellence in North American Electric Reliability Corporation (NERC) Reliability Standards Compliance Consulting Services, is pleased to announce the addition of Jared Shakespeare to its Critical Infrastructure Protection (CIP) team.  Jared holds a Bachelor of Science in Business Administration, along with the professional credentials of Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Information Systems Auditor (CISA), Certified Business Resilience Manager (CBRM), Certified Business Resilience Auditor (CBRA) and Masters Achievement in Business Resilience (MABR).

Read more ...

Proven Compliance Solutions Inc. Announces the Addition of Alisa Moretto to its Premier NERC Compliance Consulting Team!

Proven Compliance Solutions Inc. (PCS) is pleased to announce Alisa Moretto has joined its staff, bringing added knowledge and skills to its industry recognized core team.  Alisa’s history of compliance began in Environmental and Safety.  She holds a Master of Science in Environmental Management, as well as a Master of Business Administration.  Among her accomplishments, Alisa formed and was sole proprietor of AH! Environmental Resources where her primary focus was environmental auditing and permitting.  

Read more ...

Janice Hill joins Proven Compliance Solutions Inc. adding Depth to its NERC Critical Infrastructure Protection (CIP) Support Capabilities

Proven Compliance Solutions Inc. (PCS) is pleased to announce the addition of Janice Hill of Orlando, Florida, as its new Sr. CIP Consultant, adding a wealth of knowledge and experience in the FRCC Region to its already strong and industry recognized CIP consulting capabilities. Janice comes to PCS from Gainesville Regional Utilities (GRU) in Gainesville, Florida, where her role included leading the efforts for the implementation of the CIP V5 NERC Reliability Standards from 2011 to 2015.

Read more ...