On May 20, 2015, the North American Electric Reliability Corporation (“NERC”) submitted to the Commission a compliance filing relating to the Reliability Assurance Initiative (“RAI”)—a multi-year effort among NERC and the Regional Entities designed to transition NERC’s Compliance Monitoring and Enforcement Program (“CMEP”) to a “risk-based” approach that focuses CMEP resources on certain activities based on the proportional risk that those activities pose to the reliability of the Bulk Electric System.
NERC made its compliance filing in response to the Commission’s February 19, 2015 order in which the Commission approved NERC’s implementation of RAI (see February 24, 2015 edition of the WER). In that order, the Commission conditionally approved, among other things, NERC’s proposed “self logging process”—a mechanism through which registered entities with demonstrated effective management practices may self-identify, assess, and mitigate minimal risk instances of noncompliance, and then record those instances in an internal log, in lieu of individually self-reporting each instance of noncompliance to the Regional Entity. The self-logging process proposed by NERC requires a Regional Entity to periodically review and approve the internal log. Once approved, NERC stated that the logged issues would usually be resolved as compliance exceptions—meaning they would be mitigated without formal action by NERC enforcement.
In its February 19, 2015 order, the Commission directed NERC, among other things, to provide: (i) a level of formal review of a registered entity’s internal controls prior to granting the ability to self-log instances of noncompliance; (ii) a methodology for assessing a registered entity’s internal controls; and (iii) a standardization of the content and review of a registered entity’s compliance logs.
In its May 20, 2015 compliance filing, NERC indicated that it had addressed the Commission’s concerns by submitting an ERO Enterprise self-logging program document. The program document establishes a requirement that a Regional Entity, upon receipt of a request by a registered entity for self-logging treatment, conduct a formal initial evaluation of the registered entity’s internal controls in order to determine the registered entity’s eligibility for the self-logging program, and describes the separate methodologies that the Regional Entity must use to conduct the evaluation. Specifically, the program document describes the methodologies used to evaluate the registered entity’s processes: (i) to identify noncompliance; (ii) to assess noncompliance; and (iii) to correct noncompliance.
With respect to standardization of the content and review of compliance logs, the program document clarifies that for each logged noncompliance, the registered entity must provide: (i) a description of the facts surrounding the noncompliance and its discovery; (ii) a risk assessment; and (iii) a description of the activities the registered entity has undertaken or will undertake to mitigate the noncompliance (including prevention of recurrence). Lastly, the program document states that the Regional Entity, when conducting its evaluation of a registered entity’s compliance logs, will include a determination of whether: (i) the logged noncompliance is sufficiently described; (ii) the minimal risk determination is justified and reasonable; and (iii) the mitigation activities for the noncompliance are appropriate and adequate.
NERC’s petition was filed in Docket No. RR15-2-000. A copy of the petition, and the ERO Enterprise self-logging program document, may be found here.