2017 Energy Regulatory Compliance Survey report


2018 energy regulatory compliance survey report

Insights into the latest NERC, cybersecurity, and RPA compliance trends

Increased investments in renewable energy, heightened consumer awareness of energy sources, and technological transformations are having a profound effect on the energy industry. How are these changes affecting how companies address regulatory compliance? Find out in our ninth annual regulatory energy compliance survey.

A continued focus on energy compliance

Dynamic forces in the business environment are driving many energy companies to rethink their approach to energy compliance management and oversight. This is due to several factors, such as:

  • Rapid technological changes in operations functions
  • Distributed energy resources, including energy storage and smart grid management systems
  • “Smart” and data-driven energy companies
  • A bolstered demand for clean energy and energy-efficient solutions

Our 2018 survey explored these factors to help energy companies keep up with the latest compliance trends, gain insight into leading practices, improve their energy compliance programs, and manage regulatory and compliance risks more efficiently and effectively.

Findings from the survey are grouped into five categories:

  • Enterprise compliance
  • North American Electric Reliability Corporation (NERC) compliance
  • Federal Energy Regulatory Commission (FERC) compliance
  • Commodity Futures Trading Commission (CFTC) compliance
  • Emerging compliance trends

Enterprise compliance

The current state of the industry’s regulatory compliance landscape remains in flux. When it comes to enterprise compliance, we’re seeing four main trends from our survey responses on this topic:

  1. Fit-for-purpose hybrid governance structures are proliferating.
  2. The volume of rules and regulations directly drives corporate compliance headcount.
  3. Compliance and business partnerships are helping shape a stronger culture of compliance.
  4. The adoption of governance, risk, and compliance (GRC) tools is on the rise and the search for the right one continues.

Finding: Seventy-six percent of respondents indicated that they use a hybrid governance model, which signals an increased sense of ownership and a collaborative culture in the workplace.

How do your responses compare to our survey results? We’d be happy to talk to you about how you stack up against the 49 companies that responded or against a specific sub-group.

Contact us

Governance structures

How would you describe the governance structure of your compliance program in terms of oversight responsibility for the areas of regulatory compliance applicable to your organization (i.e., NERC, CFTC, FERC, state, etc.)?

NERC compliance

NERC continues to be the most costly and resource-intensive compliance area explored in the survey. The sheer volume and broad applicability of NERC regulation, as well as the recent reform of the critical infrastructure protection (CIP) standards, were cited as the primary factors behind overall budget size and sustained growth.

NERC budgets and staffing
Fifty-three percent of respondents have a dedicated NERC compliance budget of $1 million to $5 million per year, and 25 percent have an annual budget of more than $5 million—up from 10 percent or less in prior years.

Annual NERC budget

What is your organization's approximate annual budget for NERC compliance-associated activities (including salaries, oversight and management activities, third-party fees, etc.)?

In addition, full-time employee (FTE) headcounts supporting these compliance activities appear to have continually increased, with a substantial increase to 50 percent of respondents now employing 11 or more FTEs. This is up sharply from 24 percent in 2016 and 19 percent in 2015.

CIP sustainment
The number of companies expecting to spend between $1 million and $5 million on CIP sustainment increased by nearly 15 percent since last year. At the high end, nearly 20 percent of the respondents now expect to spend more than $10 million, up from 14 percent last year.

Top challenges for CIP sustainment

Which of the following are considered top challenges in your organization's NERC/CIP V5/V6 program sustainment? 

Back to top

CFTC and FERC compliance

Although FERC’s and CFTC’s active approach to enforcement and fines have amassed significant attention in the past, the underlying regulations and requirements haven’t changed much. As a result, most of the surveyed companies seem comfortable with their existing resource commitments and investment in these two areas.

For the majority of companies, FERC-related compliance activities, budgets, and staffing levels have remained relatively flat over the past three years. And nearly 80 percent of respondents indicated no change or a decrease in the company’s budget for oversight activities over the past 12 months.

Respondents indicated a similar sentiment when surveyed on CFTC compliance. Today, 81 percent of the survey participants continue to employ fewer than five FTEs for CFTC-related compliance activities. In addition, more than 67 percent of the respondents dedicate an annual budget for CFTC compliance of under $500,000.

Back to top

CFTC compliance staffing needs

How many FTEs (including FTE contractors) are involved in determining compliance with CFTC requirements (including monitoring, oversight, and advisory support)?

Emerging compliance trends

Existing and emergent digital technologies are continuing to drive change and transform how organizations conduct business and create new risks and opportunities for energy companies. Cybersecurity, smart grids, blockchain, and robotic process automation (RPA) are just three trends that are shaping the future of compliance across the energy industry.


As an industry, organizations are increasingly becoming aware of advances in the development of malware targeted at their supervisory control and data acquisition (SCADA)/energy management system (EMS) and other industrial control systems. With the stakes so high, it’s not surprising that many companies are seeking to proactively protect both themselves and consumers from the disastrous consequences of a compromised grid, including the compliance implications of any such event.

Finding: Sixty-seven percent of respondents either have or are implementing an independent compliance governance program with formal processes and controls for cybersecurity; 20 percent believe such a program is necessary but haven’t begun to implement it.

Smart grids

More than half the respondents have already begun to anticipate compliance changes related to disruptive grid technologies, such as smart grids, microgrids, and distributed energy resources—with the biggest push coming from state regulators and public commissions.

Among the companies anticipating compliances changes from disruptive grid technologies:

  • Thirty-five percent are working with regulators and peers to identify leading practices
  • Eighteen percent already have a separate compliance budget to address the related issues (or plan to have one in the next 12–24 months)
  • Twelve percent are actively looking to hire people with expertise in this area

RPA and blockchain

Many organizations haven’t had much direct exposure to RPA and blockchain. While respondents indicated that RPA and blockchain technologies currently have limited value, the survey explored areas where these technologies may have the highest potential.

Findings: Fifty-two percent of respondents see the highest potential for RPA application in managing and testing compliance controls; 54 percent indicated that the greatest potential for blockchain is related to third-party and vendor risk management.

Back to top

person working on graphs using tablet

Energy compliance: Adapting to change

Energy compliance executives must make a conscious choice about how to adapt to and manage industry changes and still provide value to their organizations. As risks facing the industry grow and become more intertwined, organizations should remain vigilant and focus on strengthening how they measure and monitor the compliance atmosphere while ensuring appropriate controls are in place.

Such actions will prove critical to protect organizations from new threats that are within their control and optimize their compliance program capabilities to pivot and adapt to the needs of their companies’ strategies.

To see all the findings, download “2018 energy regulatory compliance survey report: Taking the pulse of the energy industry’s compliance posture.

Back to top

hands on tablet dashboard

Contact us about energy compliance

Howard Friedman (Houston)
Managing director
Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 713 982 3065 and +1 630 215 7564
Paul Campbell (Houston)
Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 713 982 4156 and +1 713 503 6992
Matthew Barbera (New York)
Senior manager
Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 212 436 3487 and +1 646 208 3379

Back to top

chat icon

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?