On February 18, 2016, the North American Electric Reliability Corporation (“NERC”) filed with the Commission its first annual report (the “Report”) on NERC’s Compliance Monitoring and Enforcement Program (“CMEP”). NERC submitted the Report in compliance with a directive from the Commission’s February 19, 2015 Order approving NERC’s implementation of the Reliability Assurance Initiative (“RAI”) (see February 24, 2015 edition of the WER).
The Report described several major activities that have occurred during the first year of RAI implementation. In particular, the Report stated that NERC began initial implementation activities in 2015, which included: (i) conducting Inherent Risk Assessments (“IRAs”), which are reviews of inherent risks posed by an individual registered entity to Bulk-Power System reliability; (ii) performing Internal Control Evaluations (“ICEs”) to evaluate whether the registered entity has implemented effective internal controls; and (iii) using various methods to process noncompliance based on risk (including Self-Logging and Compliance Exceptions). The Report noted that in 2015, NERC and the Regional Entities conducted 331 IRAs and 51 ICEs, and resolved nearly 70% of minimal risk noncompliance as Compliance Exceptions, which do not trigger formal enforcement action by NERC. The Report also noted that, by the end of 2015, 42 registered entities had been approved to “Self-Log” minimal risk instances of noncompliance (see May 27, 2015 edition of the WER).
Additionally, the Report described other major CMEP activities that occurred in 2015, including:
1. NERC’s expansion of the Coordinated Oversight Program, which coordinates the reliability oversight of registered entities that span more than one Regional Entity footprint;
2. the development of the Regional Consistency Reporting Tool, a software application that allows the public to report any perceived inconsistencies among the Regional Entities’ compliance monitoring and enforcement processes, procedures, or rules;
3. the increased provision of written guidance documents, Reliability Standard Audit Worksheets, and formal staff training in anticipation of registered entities’ transition to Critical Infrastructure Protection Version 5 Reliability Standards, most of which become effective in the United States on April 1, 2016; and
4. the development of formal guidance on implementation requirements for the Physical Security Reliability Standard, which became effective on October 1, 2015.
In addition to the activities described above, the Report identified a number of primary factors and related metrics that NERC used to measure the success of initial RAI implementation during 2015.
A copy of the Report can be found here.