Earlier this month, the US Supreme Court issued a ruling that imposed a five-year statute of limitations period in which disgorgement could be ordered by an administrative agency penalizing regulatory violations. Although the Court’s decision in Kokesh v. SEC arose in the context of an enforcement action initiated by the Securities and Exchange Commission (SEC), the Court’s decision may well be applied to disgorgement orders issued by either the Federal Energy Regulatory Commission (FERC) or the Commodity Futures Trading Commission (CFTC). However, additional litigation may be required to ensure that the disgorgement boundaries set forth by the Court in Kokesh are equally applied to FERC and CFTC enforcement actions seeking disgorgement from an energy market participant.

On June 8, the North American Electric Reliability Corporation (NERC) released its report on the loss of 1,200 MW of solar generation in southern California during a system disturbance that unexpectedly caused inverters at solar generation facilities to trip or momentarily cease to operate. The report provides solar plant owners and engineers with recommendations to prevent future occurrences. According to NERC, inverter disconnect events pose an increasing reliability risk given the expansion of solar generation.

Growing solar penetration has made the response of solar generators to system disturbances more critical. If NERC and utility-scale solar generators adopt the report’s recommendations, the likelihood of both recurrences and government-imposed regulations will be reduced. The Federal Energy Regulatory Commission’s (FERC’s) recent orders requiring renewable generation to promote frequency response (Docket No. RM16-6), reactive power (Order No. 827), and ride-through capability (Order No. 828) indicate a willingness to impose regulatory requirements on renewable generation where FERC sees it as necessary to preserve system reliability. Separate and apart from NERC action and any voluntary industry response, the report may lead FERC to consider such action.

Continue reading the LawFlash.

As you have likely heard by now, the US Securities and Exchange Commission (SEC) has been targeting companies that require departing employees, as a condition to receiving severance benefits, to enter into severance agreements that discourage or prohibit the former employees from contacting regulators or from receiving whistleblower awards. The SEC whistleblower programs, established under Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act and memorialized in Section 21F of the Securities and Exchange Act of 1934, as amended, and SEC Rule 21F-17, are designed to provide incentives to individuals to encourage their providing information regarding violations of securities laws, and to protect whistleblowers from retaliation resulting from any disclosure.

On May 23, the Federal Energy Regulatory Commission (FERC) issued a notice inviting comments on the interplay between state policy goals and organized wholesale electricity markets. The referenced state policy goals involve state support for zero-carbon-emitting power plants, including nuclear power plants, generally in the form of tax credits.

FERC is asking for comments to further explore information presented on this topic at a technical conference convened by FERC commissioners and staff on May 1 and 2, 2017. FERC seeks comments on the five potential paths for reconciling the two policies already identified by the FERC staff. It also seeks broader comments on any “conceptual level” changes that would need to be implemented, and whether the necessary changes could be implemented and in what time frame. Finally, the notice seeks input on the larger principles that should drive reconciliation of the two separate policy goals, including any necessary procedural requirements.

Continue reading the LawFlash.

The recent “WannaCry” ransomware cyberattack highlights the need for firms to engage in proactive prevention and protection. Ransomware (malware that encrypts data pending an extortion payment) is a recurring cyber threat that is growing more pervasive and profitable for criminals. This most recent attack this month by the WannaCry virus highlights the potential global impact, speed and acceleration, and scope of the ransomware problem.

Ransomware as one unique form of cyberattack has been an increasing global and domestic cybersecurity problem over the last several years. Ransomware targets have included businesses, hospitals, schools, and even police departments. Worryingly, some recent forms of ransomware are becoming more sophisticated and resilient.

In response to the recurring nature of this type of cyberattack, Morgan Lewis partner Mark Krotoski and associate Martin Hirschprung authored a LawFlash offering some steps for proactive prevention and protection as well as some thoughts on the legal issues that may arise following these types of cyberattacks.

Read the LawFlash >>

On April 14, the US Court of Appeals for the DC Circuit issued its opinion in Emera Maine v. FERC, vacating and remanding FERC’s Opinion No. 531 in which FERC established a just and reasonable rate of return on equity (ROE) for transmission-owning utilities in the Northeast (NETOs) and adopted a new methodology for determining the ROE for FERC-jurisdictional electric utilities.

The DC Circuit found two grounds for sending the case back to FERC. First, because the proceeding began through a complaint filed under section 206 of the Federal Power Act (FPA), the court found that FERC failed to find that the existing ROE for the NETOs was unjust and unreasonable before proceeding to set a new just and reasonable ROE. Second, the court found that FERC had not adequately justified its determination of the new just and reasonable ROE.

The court’s decision creates significant uncertainty in FERC ROE policy.

Although FERC remains hobbled by its continued lack of quorum since then-Commissioner Norman Bay’s departure earlier this year, recent ratemaking challenges remind the industry that the specter of FERC’s unresolved income tax allowance policy for pass-through entities (e.g., master limited partnership pipelines) remains an ever-present conundrum for the industry and the Commission. Two protests submitted earlier this week in response to Great Lakes Transmission, LP’s (Great Lakes’) rate case filed in March raised the issue of FERC’s unresolved income tax allowance policy. The challenges demonstrate that the income tax allowance policy for pass-through entities can, and in many cases, is likely to, be disputed by customers involved in proceedings seeking to amend the rate structures of pass-through entity pipelines.

Putting aside the climate change politics swirling around US President Donald Trump’s recent executive order on “Promoting Energy Independence and Economic Growth,” what does the order mean for the nation’s electric generation portfolio? Can the gradual decline in the role of coal-fired generation be reversed?

The executive order, released on March 28, 2017, calls for increased domestic energy production from coal, natural gas, nuclear material, and other domestic sources, explicitly balancing the need to “promote clean and safe development” of energy resources with “avoiding regulatory burdens that unnecessarily encumber energy production, constrain economic growth, and prevent job creation.” In addition to revoking various Obama-era executive orders on climate change and carbon emissions and rescinding various reports issued by federal agencies on these topics, the executive order also directs the Environmental Protection Agency (EPA) to review the Clean Power Plan in the context of the domestic production policy adopted in the executive order and to, “as soon as practicable, suspend, revise, or rescind” the rule.  

Earlier this month, the North American Electric Reliability Corporation (NERC) submitted proposed changes to Reliability Standard CIP-003 to modify the cybersecurity protections required for low-impact BES Cyber Systems. In response to FERC’s directives in Order No. 882, the new CIP-003-7 Standard (i) clarifies electronic access control requirements, (ii) adds requirements related to the protection of transient electronic devices, and (iii) requires utilities to have documented cybersecurity policies related to declaring and responding to CIP Exceptional Circumstances for low-impact BES Cyber Systems. The key changes are as follows:

Electronic Access Control Requirements

Utilities will be required to implement electronic access controls to permit only necessary inbound and outbound access to low-impact BES Cyber Systems for certain communications, whether direct or indirect, using routable protocols. This resolves the dispute regarding the existence of Low-Impact External Routable Connectivity (LERC) from an asset with a low-impact BES Cyber System, and the need to implement a Low-Impact BES Cyber System Electronic Access Point (LEAP) for the control of communications into the asset. Under the proposed standard, the LERC and LEAP concepts are discarded, and instead utilities are required to implement certain electronic access controls for all routable connections into and out of assets with low-impact BES Cyber Systems, regardless of whether those connections are direct or indirect.

Protection of Transient Electronic Devices

Under the proposed standard, utilities are also required to implement plans to protect transient electronic devices (e.g., laptops) with the goal of mitigating the risk of malicious code being introduced to low-impact BES Cyber Systems by, for example, a relay technician testing protection systems in a substation. The requirements differentiate between transient cyber assets managed by a utility and those managed by third parties such as vendors and contractors.

CIP Exceptional Circumstances Policy

NERC is also proposing changes that would require utilities to have policies for declaring and responding to CIP Exceptional Circumstances related to low-impact BES Cyber Systems. A CIP Exceptional Circumstance includes, among other situations, a risk of injury or death; natural disasters; civil unrest; imminent or existing hardware, software, or equipment failures; and cybersecurity incidents requiring emergency assistance. During a CIP Exception Circumstance, certain CIP requirements can be waived.

These revisions are the result of a lengthy stakeholder development process, and ultimately received strong support from the industry in stakeholder voting. The revisions also close the gaps in the CIP-003 Reliability Standard identified by FERC. As a result, the revised standard is likely to be approved by FERC. However, to the extent utilities have concerns over the substance or clarity of the proposed language, the upcoming notice and comment process at FERC will provide the last good opportunity to receive binding guidance from the Commission or challenge the language in the new standard.