What is an Internal Compliance Program (ICP)?
Written by Crystal   
Friday, 07 January 2011 11:18

Compliance is an integral part of everyone’s day-to-day activities.  Whether it be Operations personnel or those in Management, each is responsible for incorporating all aspects of compliance activities, documentation, training, and reporting into their daily operations.  That’s where an Internal Compliance Program comes into play…

An ICP is, in essence, another Procedure developed to detect and prevent company violations of NERC Electric Reliability Standards.  The Federal Energy Regulatory Commission (FERC) has stated on numerous occasions that it expects to see a "culture of compliance" in place and in force for each registered entity.

Although Internal Compliance Programs are not mandatory, FERC has been consistent in their message that if a company acts aggressively to adopt, foster, and maintain an effective corporate culture of compliance, and has in place rigorous procedures and processes that provide effective accountability for compliance, but a violation nonetheless occurs, the Commission may provide a significant reduction in, or even in some cases the elimination of, the civil penalty that otherwise would be imposed.  This has been noted in several FERC policy statements that I’ve referenced and linked for you at the end of this article.

Factors that FERC is looking for in an ICP are specified in their Revised Policy Statement on Enforcement.  Along with this, the Regional Compliance Implementation Group (a working group overseen by NERC’s Regional Entity Management Group) developed a Policy Statement to create a Compliance Guidance Document that outlines attributes of a good compliance program.

Some finer points from both of these sources include the following:

  • Have a well-documented Internal Compliance Program (ICP).
  • Disseminate the ICP throughout the entity.
  • Name and staff an ICP oversight position.
  • The ICP oversight position is supervised at a high level in the entity.
  • The ICP oversight position should have independent access to the CEO and/or Board of Directors.
  • The ICP is operated and managed so as to be independent of those responsible for compliance with the Reliability Standards.
  • The ICP has the support and participation of senior management (Officer Level).
  • The entity regularly review and modify its ICP.
  • The ICP includes appropriate and sufficient training for all the staff.
  • The ICP includes formal, internal self-auditing for compliance with all applicable Reliability Standards on a set periodic basis.
  • The ICP includes disciplinary action for employees involved in violations of the Reliability Standards, if appropriate.
  • The ICP has internal controls including self-assessment and self-enforcement to prevent reoccurrence of Reliability Standard violations.
  • The ICP provides sufficient funding for the administration of compliance programs by the Compliance Officer.
  • The ICP promotes compliance by identifying measurable performance targets.
  • The ICP ties regulatory compliance to personnel assessments and compensation, including compensation of management.
  • The ICP provides for disciplinary consequences for infractions of Commission requirements.
  • The ICP provides frequent mandatory training programs, including relevant ‘real world’ examples and a list of prohibited activities.
  • Implement an internal Hotline through which personnel may anonymously report suspected compliance issues.
  • Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board.

It may seem like a huge undertaking, but can be well worth the effort.  Take some time and develop a comprehensive Internal Compliance Program (ICP), it’s good business practice and can help mitigate a penalty.  If you need help, let me know, it’s one of the great services my team provides!

For additional reading regarding the benefits of an ICP, go to:

FERC Revised Policy Statement on Enforcement – Docket No. PL08-3-000 (May 15, 2008)
FERC Policy Statement on Compliance – Docket No. PL-09-1-000 (Oct 16, 2008)
FERC Revised Policy Statement on Penalty Guidelines – Docket No. PL10-4-000 (Sep 17, 2010)
 

Our Services