What is an Internal Compliance Program (ICP)?

Compliance is an integral part of everyone’s day-to-day activities.  Whether it be Operations personnel or those in Management, each is responsible for incorporating all aspects of compliance activities, documentation, training, and reporting into their daily operations.  That’s where an Internal Compliance Program comes into play…

An ICP is, in essence, another Procedure developed to detect and prevent company violations of NERC Electric Reliability Standards.  The Federal Energy Regulatory Commission (FERC) has stated on numerous occasions that it expects to see a "culture of compliance" in place and in force for each registered entity.

Although Internal Compliance Programs are not mandatory, FERC has been consistent in their message that if a company acts aggressively to adopt, foster, and maintain an effective corporate culture of compliance, and has in place rigorous procedures and processes that provide effective accountability for compliance, but a violation nonetheless occurs, the Commission may provide a significant reduction in, or even in some cases the elimination of, the civil penalty that otherwise would be imposed.  This has been noted in several FERC policy statements that I’ve referenced and linked for you at the end of this article.

Factors that FERC is looking for in an ICP are specified in their Revised Policy Statement on Enforcement.  Along with this, the Regional Compliance Implementation Group (a working group overseen by NERC’s Regional Entity Management Group) developed a Policy Statement to create a Compliance Guidance Document that outlines attributes of a good compliance program.

Some finer points from both of these sources include the following:

  • Have a well-documented Internal Compliance Program (ICP).
  • Disseminate the ICP throughout the entity.
  • Name and staff an ICP oversight position.
  • The ICP oversight position is supervised at a high level in the entity.
  • The ICP oversight position should have independent access to the CEO and/or Board of Directors.
  • The ICP is operated and managed so as to be independent of those responsible for compliance with the Reliability Standards.
  • The ICP has the support and participation of senior management (Officer Level).
  • The entity regularly review and modify its ICP.
  • The ICP includes appropriate and sufficient training for all the staff.
  • The ICP includes formal, internal self-auditing for compliance with all applicable Reliability Standards on a set periodic basis.
  • The ICP includes disciplinary action for employees involved in violations of the Reliability Standards, if appropriate.
  • The ICP has internal controls including self-assessment and self-enforcement to prevent reoccurrence of Reliability Standard violations.
  • The ICP provides sufficient funding for the administration of compliance programs by the Compliance Officer.
  • The ICP promotes compliance by identifying measurable performance targets.
  • The ICP ties regulatory compliance to personnel assessments and compensation, including compensation of management.
  • The ICP provides for disciplinary consequences for infractions of Commission requirements.
  • The ICP provides frequent mandatory training programs, including relevant ‘real world’ examples and a list of prohibited activities.
  • Implement an internal Hotline through which personnel may anonymously report suspected compliance issues.
  • Implement a comprehensive compliance audit program, including the tracking and review of any incidents of noncompliance, with submission of the results to senior management and the Board.

It may seem like a huge undertaking, but can be well worth the effort.  Take some time and develop a comprehensive Internal Compliance Program (ICP), it’s good business practice and can help mitigate a penalty.  If you need help, let me know, it’s one of the great services my team provides!

For additional reading regarding the benefits of an ICP, go to:

FERC Revised Policy Statement on Enforcement – Docket No. PL08-3-000 (May 15, 2008)
FERC Policy Statement on Compliance – Docket No. PL-09-1-000 (Oct 16, 2008)
FERC Revised Policy Statement on Penalty Guidelines – Docket No. PL10-4-000 (Sep 17, 2010)

Latest News

Proven Compliance Solutions Inc. adds Carl R. Bench to its NERC Critical Infrastructure Protection Compliance Staff

Proven Compliance Solutions Inc. (PCS), industry recognized for its excellence in North American Electric Reliability Corporation (NERC) Reliability Standards Compliance Consulting Services, is pleased to announce the addition of Carl R. Bench, PSP, CISA, CBRM/CBRA, to the PCS staff as a Senior CIP Consultant. Carl’s industry experience in Critical Infrastructure Protection (CIP) expertise will enhance PCS’ ability to support its rapidly growing number of CIP clients.

Read more ...

Hydro-Québec TransÉnergie Selects Proven Compliance Solutions for Support of its NERC CIP and O&P Standards Compliance Program

Proven Compliance Solutions Inc. (PCS) is pleased to have been selected by Hydro-Québec TransÉnergie (HQT) as its NERC consulting team of choice to provide detailed and comprehensive compliance program evaluations and audit preparation support.

HQT operates the most extensive transmission system in North America managing power flows across Québec. The HQT system comprises 34,292 km of lines and 536 substations, as well as interconnections allowing power interchanges with grids in the Atlantic Provinces, Ontario and the U.S. Northeast region.

Read more ...

Focusing on NERC O&P and CIP Compliance Program Management

Proven Compliance Solutions Inc. –Focusing on NERC O&P and CIP Compliance Program Management 

Searching for an efficient, cost effective solution to managing North American Electric Reliability Corporation (NERC) compliance efforts? Proven Compliance Solutions Inc. (PCS) is making that solution a reality.

Managing NERC compliance internally, but failing to dedicate the appropriate amount of resources to reliability compliance responsibilities can cause negative impacts and may be costing far more in both loss of productivity and risk exposure. Adding the PCS Compliance Team is a cost-effective approach to meeting NERC reliability compliance obligations.

Read more ...