2018 energy regulatory compliance survey report

Enterprise compliance

The current state of the industry’s regulatory compliance landscape remains in flux. When it comes to enterprise compliance, we’re seeing four main trends from our survey responses on this topic:

1. Fit-for-purpose hybrid governance structures are proliferating.
2. The volume of rules and regulations directly drives corporate compliance headcount.
3. Compliance and business partnerships are helping shape a stronger culture of compliance.
4. The adoption of governance, risk, and compliance (GRC) tools is on the rise and the search for the right one continues.
   

Finding: Seventy-six percent of respondents indicated that they use a hybrid governance model, which signals an increased sense of ownership and a collaborative culture in the workplace.

NERC compliance

NERC continues to be the most costly and resource-intensive compliance area explored in the survey. The sheer volume and broad applicability of NERC regulation, as well as the recent reform of the critical infrastructure protection (CIP) standards, were cited as the primary factors behind overall budget size and sustained growth.

NERC budgets and staffing
Fifty-three percent of respondents have a dedicated NERC compliance budget of $1 million to $5 million per year, and 25 percent have an annual budget of more than $5 million—up from 10 percent or less in prior years.

CFTC and FERC compliance

Although FERC’s and CFTC’s active approach to enforcement and fines have amassed significant attention in the past, the underlying regulations and requirements haven’t changed much. As a result, most of the surveyed companies seem comfortable with their existing resource commitments and investment in these two areas.

For the majority of companies, FERC-related compliance activities, budgets, and staffing levels have remained relatively flat over the past three years. And nearly 80 percent of respondents indicated no change or a decrease in the company’s budget for oversight activities over the past 12 months.

Respondents indicated a similar sentiment when surveyed on CFTC compliance. Today, 81 percent of the survey participants continue to employ fewer than five FTEs for CFTC-related compliance activities. In addition, more than 67 percent of the respondents dedicate an annual budget for CFTC compliance of under $500,000.

Back to top

Emerging compliance trends

Existing and emergent digital technologies are continuing to drive change and transform how organizations conduct business and create new risks and opportunities for energy companies. Cybersecurity, smart grids, blockchain, and robotic process automation (RPA) are just three trends that are shaping the future of compliance across the energy industry.

Cybersecurity

As an industry, organizations are increasingly becoming aware of advances in the development of malware targeted at their supervisory control and data acquisition (SCADA)/energy management system (EMS) and other industrial control systems. With the stakes so high, it’s not surprising that many companies are seeking to proactively protect both themselves and consumers from the disastrous consequences of a compromised grid, including the compliance implications of any such event.

Finding: Sixty-seven percent of respondents either have or are implementing an independent compliance governance program with formal processes and controls for cybersecurity; 20 percent believe such a program is necessary but haven’t begun to implement it.

Smart grids

More than half the respondents have already begun to anticipate compliance changes related to disruptive grid technologies, such as smart grids, microgrids, and distributed energy resources—with the biggest push coming from state regulators and public commissions.

Among the companies anticipating compliances changes from disruptive grid technologies:

• Thirty-five percent are working with regulators and peers to identify leading practices
• Eighteen percent already have a separate compliance budget to address the related issues (or plan to have one in the next 12–24 months)
• Twelve percent are actively looking to hire people with expertise in this area

RPA and blockchain

Many organizations haven’t had much direct exposure to RPA and blockchain. While respondents indicated that RPA and blockchain technologies currently have limited value, the survey explored areas where these technologies may have the highest potential.

Findings: Fifty-two percent of respondents see the highest potential for RPA application in managing and testing compliance controls; 54 percent indicated that the greatest potential for blockchain is related to third-party and vendor risk management.

Back to top

Energy compliance: Adapting to change

Energy compliance executives must make a conscious choice about how to adapt to and manage industry changes and still provide value to their organizations. As risks facing the industry grow and become more intertwined, organizations should remain vigilant and focus on strengthening how they measure and monitor the compliance atmosphere while ensuring appropriate controls are in place.

Such actions will prove critical to protect organizations from new threats that are within their control and optimize their compliance program capabilities to pivot and adapt to the needs of their companies’ strategies.

To see all the findings, download “2018 energy regulatory compliance survey report: Taking the pulse of the energy industry’s compliance posture.”

Back to top