Dan Watkiss, Bracewell & Giuliani
How can energy companies design cost-effective legal and regulatory compliance programs?
Law enforcement and regulatory landscapes were reordered seismically early in the decade. In the emergent new topography, energy companies are policed more rigorously for compliance with the many legal, regulatory and contractual obligations under which they operate.
compliance programs are imperative
Comprehensive and effective compliance programs have become imperative to deter corporate prosecutions for management or employee infractions. Prosecutors and many regulators are on record that the absence of a comprehensive and effective compliance program may invite corporate prosecutions and severe penalties. How to secure the benefits of a comprehensive compliance program at a sustainable cost should be a priority for all energy companies.
Much has been written to explain what a compliance program must comprise. The Justice Department Thompson memorandum and the official “core compliance” and enforcement policies of FERC and the Commodity Futures Trading Commission delineate what those bodies expect in terms of management endorsement and oversight, education, auditing, enforcement and cooperation in investigations. But guidance on meeting these compliance program expectations at a reasonable expense is not so readily available.
Evaluating the cost effectiveness of internal controls that seek to ensure compliance is a timely exercise for energy companies. We are now upon the fourth anniversary of the Sarbanes-Oxley Act (Sarbox) and the concurrent anniversaries of prosecutions for market manipulation that produced new antifraud amendments to the Natural Gas and Federal Power Acts and the adoption of new or expanded regulatory enforcement policies. An SEC roundtable scheduled for May 10 will review second-year experience with enhanced financial disclosures under Title IV of Sarbox. Based on public comments filed in advance of the roundtable, the second year experience will echo reports that emerged from the first anniversary roundtable, namely that Section 404 has substantially improved internal controls and financial reporting by publicly traded companies but at costs that many businesses, especially small businesses, find difficult or impossible to sustain.
A number of Sarbox students attribute the high cost of complying with the act’s internal controls and enhanced financial disclosures not so much to the literal statutory requirements, but rather to impractical, and in the words of an SEC release, “mechanical, and even overly cautious” applications of Title IV. In his April 5, 2006, Wall Street Journal commentary, “Why Sweat the Small Stuff,” Robert Pozen argues that this over-caution is partly attributable to the SEC “unlinking “Ëœinternal controls’ from “Ëœfinancial reporting’….encourage[ing] management and auditors to scrutinize detailed procedures for controlling ordinary expenditures-e.g., reimbursing travel expenses and handling petty cash-even in cases where they are clearly immaterial to the company’s financial reports” and investor reliance.
In short, the concept of materiality, traditionally understood as significant to the company’s overall financial situation, is trivialized and thus lost.
Energy companies responding to the demands for comprehensive compliance programs have encountered high costs for some of the same reasons. A simple catalogue of the legal, regulatory and contractual obligations confronting such a company fills scores of pages, even if it participates only in the wholesale market. The pages proliferate further if the company participates in one or more state-regulated retail markets. The text and program materials of a compliance program that accords equal risk and priority to each of these myriad obligations swell to the size of a metropolitan phonebook and become enormously costly. The resulting program is unmanageable and hence ineffectual.
For this reason, I try to apply the lessons learned from implementing Title IV of Sarbox. I encourage clients early in the process to prioritize legal, regulatory and contractual obligations in relation to the likelihood (high, moderate or low) of the obligation being violated in the ordinary course of their business and the consequences (great, significant or minimal) of such a violation.
Creating this risk assessment matrix can be analytically demanding and time-consuming, but the understanding that it produces is crucially important to designing a focused and effective compliance program.
This risk assessment should not result in ignoring obligations that are not likely to be violated or that may seem inconsequential. Rather, it should prioritize obligations. This type of risk assessment can make the compliance education, monitoring and auditing functions much more conducive to a culture of compliance at a manageable cost.
Dan Watkiss is a partner with Bracewell & Giuliani in Washington, D.C., focusing on litigation and arbitration. Contact Dan at Dan.Watkiss@bracewellgiuliani.com.