AICPA SOC Service Organizations - Certrec

How the NERC Deals with Violations

How the NERC Deals with Violations - Certrec

A violation of any NERC (North American Electric Reliability Corporation) standard is the same as if you were breaching the law. If NERC assess that you have violated a standard they will submit a proposal for penalty to FERC, which then has the power to assess fines.
The Federal Energy Regulatory Commission (FERC) recently approved the assignment of over 700 violation risk factors for the North American’s Electric Reliability Corporation’s (NERC) reliability standards.

Let’s look at the severity levels:

Violation severity levels

Also see Violation Risk Factor and Violation Severity Level Assignments from NERC

NERC and FERC assign different risks and severity levels “violation risk factors (VRF)” and “violation severity levels (VSL)” to each violation: low, medium, or high. FERC also directed NERC to modify 28 violation risk factor assignments and make a compliance filing within 60 days with an explanation for the assignment of approximately 75 violation risk factors.

Low risk factor

For instance if your breach was “considered administrative in nature where a violation would not be expected to affect the reliability of the Bulk-Power System.” It is classified as a “Low” risk factor.

Medium risk factor

The medium risk level factors are those, that “while unlikely to cause or contribute to Bulk-Power System instability or cascading failures, could, however, directly affect the electrical state, capability, monitoring and control of the Bulk-Power System.”

High risk factor

High risk requirements are those that “could conceivably cause or contribute to Bulk-Power System instability or cascading failures.” Monetary penalties are assessed according to the level of risk to the reliability of the national bulk electric system and the severity of the violation.

Examples of NERC fines and VRF/VSLs

NERC fines Duke Energy $10 million for cybersecurity failings and the actual notice of penalty letter from FERC A really good (redacted) document from NERC that shows the application of VRF/VSL and risk

But it doesn’t stop with NERC finding violations:

Regional Entities can also Recommend fines and sanctions

NERC, as the Electric Reliability Organization (“ERO”), and Regional Entities to whom NERC has delegated authority, shall determine and may levy monetary Penalties and non-monetary sanctions and Remedial Action Directives against owners, operators, and users of the Bulk Power System for violations of the Requirements of NERC Reliability Standards approved by the Federal Energy Regulatory Commission (“FERC”) and Applicable Governmental Authorities in Canada and/or Mexico.
So, Regional Entities like WECC, TRE, MRO etc. can also determine and levy penalties and non-monetary sanctions. Sanction guidelines from NERC.

Disclaimer: Any opinions expressed in the blog do not necessarily reflect the opinions of Certrec. The content of this blog is meant for informational purposes only.