Reed Smith Client Alerts

On January 25, 2019, the North American Reliability Corporation (NERC) posted a Notice of Penalty describing a settlement agreement with a utility company over alleged violations of the Critical Infrastructure Protection (CIP) Reliability Standards. The settlement includes a significant monetary penalty and imposes ongoing compliance obligations that provide noteworthy and practical guidance for the electric industry.

NERC’s enforcement power

NERC has regulatory authority within North America to “assure the effective and efficient reduction of risks to the reliability and security” of the energy grid. Its eight regional entities monitor and enforce compliance with the NERC Reliability Standards. According to NERC, organizations should initiate self-reporting within three months of discovery of noncompliance with NERC’s Reliability Standards.

Delay in self-reporting could affect penalties and have other consequences. In addition to expecting self-reporting, NERC can also monitor compliance through regularly scheduled compliance audits and spot checks.

NERC may issue monetary penalties and/or increase its compliance monitoring of noncompliant organizations. NERC will consider the number and severity of instances of noncompliance when determining penalties and, as illustrated by the recent Notice, it may find that the number of violations itself creates a serious risk, even if individual violations are less serious.