AICPA SOC Service Organizations - Certrec

Exelon Companies Receive a $1,800,000 Penalty in Violation of FAC-009-1 Standard

Summary of NERC Penalties









Quarter 2 - May 2023

Exelon Companies



Insufficient internal controls to verify accuracy in information recording throughout each company’s Facility Ratings program and processes. 


The Settlement Agreement with a Notice of Penalty of $1,800,000 resolves six violations of FAC‐009‐1 R1 (one violation per registration), two of which posed a moderate risk (BGE and ComEd), and four of which posed a serious risk (the PHI Companies and PECO) to the reliability of the bulk power system (BPS). Details regarding the violations are organized into two groups: (a) the PHI Companies; and (b) BGE, ComEd, and PECO. Exelon Corporation (Exelon) is the nation’s largest utility company, serving more than 10 million customers through six fully regulated transmission and distribution utilities: ACE, BGE, ComEd, DPL, PECO, and Pepco. When assessing the penalty for the alleged violations at issue in this Agreement, ReliabilityFirst considered whether the underlying facts evidence repetitive infractions. ReliabilityFirst considered the Exelon Companies’ relevant compliance history and determined that a prior issue with FAC-008/9 (i.e., RFC2017017824) should serve as an aggravating factor in the penalty determination because the entity involved failed to identify the full breadth of their systemic issue with Facility Ratings in response to those prior issues.

PHI Companies

The PHI Companies identified their Facility Rating issues in 2019 while investigating what initially
appeared to be an isolated issue that occurred when temporarily placing a transmission line back in
service. While investigating that issue, the PHI Companies discovered errors in their Facility Ratings that
caused them to expand the scope of their review and eventually commit to perform a comprehensive
evaluation of compliance with FAC‐009‐1 R1 across all of their applicable Facilities. In total, the PHI
Companies discovered errors at 235 out of their 349 total Facilities (67%), with 189 Facilities (54%)
requiring a rating decrease ranging from less than 1 percent to 66 percent. Additionally, the PHI Companies identified
12 Facilities that either operated above or near the correct Facility Rating (i.e., more than 95 percent of the
correct Facility Rating) over the last five years, with only one of those Facilities exceeding its emergency
rating. The violations are indicative of a long‐standing, systemic issue with Facility Ratings and include
instances that (a) were identified through an initial extent of condition conducted with third‐party
contractors, which included full field walkdowns of all Facilities; (b) were identified through a preliminary
quality assurance assessment of that initial extent of condition; and (c) were and will be identified
through a second extent of condition review that is ongoing and will be completed by the end of 2023,
which will include another round of full field walkdowns of all Facilities.

BGE, ComEd, and PECO

The results of the PHI Companies’ extent of condition review prompted BGE, ComEd, and PECO to
perform their own extent of condition reviews across all applicable Facilities, beginning by reviewing a
sample of their total Facilities in early 2020 with full field walkdowns. This review found numerous
instances of inaccurate Facility Ratings and several instances of Facilities operating above the correct
rating but not exceeding the applicable emergency rating over the last five years. The issue resulted in
34 BGE Facilities (12%), 111 ComEd Facilities (11%), and 133 PECO Facilities (53%) requiring a Facility
Rating change. Of these, 20 BGE Facilities, 49 ComEd Facilities, and 84 PECO Facilities required a decrease
ranging from 0.1 percent to 51.6 percent. Based on the results of those initial reviews, BGE, ComEd, and PECO each
completed a full extent of condition review, including full field walkdowns of all of their Facilities by the
end of 2022.


  • FAC‐009‐1 R1 – Violation IDs RFC2020023212, RFC2020023213, RFC2020023214 (PHI Companies) ReliabilityFirst determined that the PHI Companies did not maintain accurate Facility Ratings. The cause of this violation was insufficient internal controls throughout the PHI Companies’ Facility Ratings program and processes. Contributing causes included a lack of clear overall ownership and accountability for the transmission equipment and Facility Ratings program; communication gaps between teams that increased the risk of errors; and lack of formal, comprehensive training on employee responsibilities in the process.
  • FAC‐009‐1 R1 – Violation IDs RFC2020023644, RFC2020023645, RFC2020023643 (BGE, ComEd, PECO) ReliabilityFirst determined that the BGE, ComEd, and PECO did not maintain accurate Facility Ratings. The cause of this violation was insufficient internal controls to verify accuracy in information recording throughout each company’s Facility Ratings program and processes. Contributing causes included failure to maintain or confirm facility baselines, including those developed by third parties; asset and contractor change management; facility ratings database discrepancies; and documentation quality issues.

Disposition  (The Regional Entity’s Basis for Penalty According to the Settlement Agreement)

ReliabilityFirst assessed a penalty of one million eight hundred thousand dollars ($1,800,000) for the referenced violations. In reaching this determination, ReliabilityFirst considered the following factors:   
1. Four of the six violations posed a serious or substantial risk to the reliability of the BPS.
2. ReliabilityFirst considered the Entity’s compliance history with FAC‐008/9 as an aggravating
factor in the penalty determination.
3. While the Entity formally self‐reported the violations after receiving notification of an upcoming
audit, it had informally notified ReliabilityFirst of several potential issues prior to the notification
letter, which ReliabilityFirst determined should warrant mitigating credit.
4. The Entity was highly cooperative throughout the compliance enforcement process.
5. There were no other mitigating or aggravating factors or extenuating circumstances that would
affect the assessed penalty/disposition method.
After consideration of the above factors, ReliabilityFirst determined that, in this instance, the penalty amount of one million eight hundred thousand dollars ($1,800,000) is appropriate and bears a reasonable relation to the seriousness and duration of the violations.

About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting expertise have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 60+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2013 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact