A violation of any NERC (North American Electric Reliability Corporation) standard is the same as if you were breaching the law. If NERC assess that you have violated a standard they will submit a proposal for penalty to FERC, which then has the power to assess fines.
The Federal Energy Regulatory Commission (FERC) recently approved the assignment of over 700 violation risk factors for the North American’s Electric Reliability Corporation’s (NERC) reliability standards.
Let’s look at the severity levels:
NERC and FERC assign different risks and severity levels “violation risk factors (VRF)” and “violation severity levels (VSL)” to each violation: low, medium, or high. FERC also directed NERC to modify 28 violation risk factor assignments and make a compliance filing within 60 days with an explanation for the assignment of approximately 75 violation risk factors.
For instance if your breach was “considered administrative in nature where a violation would not be expected to affect the reliability of the Bulk-Power System.” It is classified as a “Low” risk factor.
The medium risk level factors are those, that “while unlikely to cause or contribute to Bulk-Power System instability or cascading failures, could, however, directly affect the electrical state, capability, monitoring and control of the Bulk-Power System.”
High risk requirements are those that “could conceivably cause or contribute to Bulk-Power System instability or cascading failures.” Monetary penalties are assessed according to the level of risk to the reliability of the national bulk electric system and the severity of the violation.
NERC fines Duke Energy $10 million for cybersecurity failings and the actual notice of penalty letter from FERC A really good (redacted) document from NERC that shows the application of VRF/VSL and risk
But it doesn’t stop with NERC finding violations:
NERC, as the Electric Reliability Organization (“ERO”), and Regional Entities to whom NERC has delegated authority, shall determine and may levy monetary Penalties and non-monetary sanctions and Remedial Action Directives against owners, operators, and users of the Bulk Power System for violations of the Requirements of NERC Reliability Standards approved by the Federal Energy Regulatory Commission (“FERC”) and Applicable Governmental Authorities in Canada and/or Mexico.
So, Regional Entities like WECC, TRE, MRO etc. can also determine and levy penalties and non-monetary sanctions. Sanction guidelines from NERC.