On June 24, the US Supreme Court issued its opinion in Food Marketing Institute v. Argus Leader Media, expanding the scope of information protected under Exemption 4 of the Freedom of Information Act (FOIA). FOIA establishes an expansive right for the public to access records from executive agencies to hold the government accountable. Limiting that broad right, FOIA includes several broadly worded exceptions whereby the release of certain information may not be compelled under FOIA. One such exemption, Exemption 4, states that “trade secrets and commercial or financial information obtained from a person” that are “privileged or confidential” are protected from mandatory public disclosure. The statute does not define “confidential,” so the question of what “commercial or financial information” is protected from disclosure has resulted in much litigation.
When a business entity that is regulated by the Federal Energy Regulatory Commission (FERC) is closely related to another business entity, FERC takes the position that under some circumstances it may treat the two different legal entities as if they were one single entity. FERC ruled recently that it “may disregard the corporate form in the interest of public convenience, fairness, or equity” and “[t]his principle of allowing agencies to disregard corporate form is flexible and practical in nature.” As a result, a new power marketer could be barred by a Regional Transmission Organization (RTO) from participating in the market unless it paid off the debts to the RTO owed by another power marketer with the same business objectives and the same contacts and administrators as the bankrupt entity. This decision could make it difficult for public utilities to avoid the debts of their bankrupt affiliates, which could be attributed to the entire enterprise regardless of the final plan of bankruptcy, including the liquidation of the bankrupt entity.
When a debtor in bankruptcy is liquidated, or successfully emerges from bankruptcy, certain unsatisfied, unsecured pre-bankruptcy debts of that bankrupt debtor are discharged. The discharge functions as a defense by the debtor against the claims of the debtor’s creditors. Similarly, when a debtor in bankruptcy is affiliated (such as by common upstream ownership) with a non-bankrupt entity, the non-bankrupt affiliate is typically not presumed to be responsible for that bankrupt debtor’s unsatisfied obligations, unless some statutory, contractual or security arrangement makes the non-bankrupt affiliate liable for those obligations or one entity is viewed to be the “alter ego” of the other under applicable state law.
FERC recently approved proposed Reliability Standard CIP-008-6, which expands the mandatory reporting requirements for Cyber Security Incidents that attempt to compromise the operation of the bulk power system. Under the new standard, electric utilities will need to implement more comprehensive internal controls for identifying, reviewing, and reporting cyber incidents and attempted cyber intrusions than are currently required. The new standard goes into effect on January 1, 2021.
As we reported, NERC developed the revised standard in response to the Commission’s directive to broaden the scope of mandatory reporting of Cyber Security Incidents. In particular, the Commission was concerned with the risk posed by malicious intrusion attempts that might facilitate subsequent efforts to harm the reliable operation of the bulk power system.
On June 14, the US Court of Appeals for the DC Circuit vacated and remanded two challenged orders and directed FERC to explain or reconsider whether data made available after a challenged rate increase becomes effective (i.e., post–rate increase information) should be considered. The court found that, prior to the challenged orders, FERC only reviewed the data from the two years preceding the rate increase (i.e., pre–rate increase information) to determine whether rate increases were substantially in excess of the actual cost increases that the pipeline incurred. The court did not opine on whether FERC’s consideration of post–rate increase data was appropriate, but held that FERC failed to explain why it departed from its practice of considering only pre–rate increase data, and why it considered post–rate increase data in evaluating the rate increases at issue.
The supply chain risks facing electric utilities have long been a concern for industry stakeholders and regulators alike. Reflecting those concerns, NERC submitted a report on May 28 to FERC recommending the expansion of requirements addressing supply chain cybersecurity risks for electric utilities, concluding that the scope of those requirements needed to expand to match the scope of the cybersecurity risk. The development of such revised standards will itself be a lengthy process and subject to additional FERC review.
A recent grid reliability report issued by staff members of the Offices of Electric Reliability and Enforcement within FERC evaluating the upcoming operating season underscored the changing generation resource mix in the United States and its implications for grid operations.
Currently at issue before the US Court of Appeals for the First Circuit is whether the filed rate doctrine prevents a court from assessing the reasonableness of a utility’s rates in the retail market. Under the filed rate doctrine, any rate that is approved by the governing regulatory agency is per se reasonable in judicial proceedings. FERC holds exclusive authority to determine whether wholesale rates filed by utilities are just and reasonable. Therefore, if FERC determines that a rate is just and reasonable, a court does not approve a departure from that wholesale rate.
The May 16 Order on Rehearing affirms FERC’s jurisdictional authority, and refuses calls for state opt-outs.
The Federal Energy Regulatory Commission (FERC or Commission) issued Order No. 841 early last year, a final rule amending FERC’s regulations to facilitate participation of electric storage resources in the capacity, energy, and ancillary service markets operated by regional transmission organizations (RTOs) and independent system operators (ISOs). Several entities have since challenged key aspects of the final rule, urging the Commission on rehearing to reverse course or modify its approach on a number of issues. On May 16, the Commission issued Order No. 841-A, denying those requests for rehearing, thereby upholding the initial rulemaking while providing some additional clarification.
FERC issued an order on May 16 rescinding its 2009 policy of issuing Notices of Alleged Violations (NAVs) after the subject of an investigation is given an opportunity to respond to FERC Enforcement Staff’s preliminary findings (the NAV Policy). NAVs typically identify FERC’s targets (by name), and set forth abbreviated information concerning the subject matter of FERC’s enforcement attention, the time frame, and the particular statutes relevant to the alleged violations. Since FERC began implementing the NAV Policy in 2011, it has been monitoring its implementation and has now determined that the potential adverse consequences that NAVs pose for the subjects of FERC investigations are no longer justified in light of the limited transparency that NAVs provide.
A few years after FERC received enhanced enforcement authority in 2005, it instituted the NAV Policy to increase the transparency of the nonpublic investigations that its Staff conducts under Part 1b of FERC’s regulations. When it issued the NAV Order, FERC explained that issuing the NAVs after the preliminary findings stage balances “the need to protect the subject’s confidentiality in the early stages of an investigation with the public interest of promoting additional transparency during investigations.” FERC has since determined that NAVs provide only limited guidance and information to market participants and that the various orders on enforcement matters and the reports and white papers its Staff issues are more informative and provide more transparency.
FERC Staff issued a report on March 29 on Commission-led critical infrastructure protection (CIP) reliability audits completed for fiscal years 2016 through 2018. The report provides lessons learned from those audits, as well as voluntary recommendations on cybersecurity practices to enhance the protection of electric infrastructure from cyberattacks. Even though many of these recommendations go beyond what is necessary for compliance with the mandatory CIP reliability standards, FERC is likely to view implementation of these recommendations as evidence of a strong cybersecurity culture that proactively addresses best cybersecurity practices and evolving threats. That can, in turn, have positive ramifications for utilities undergoing cybersecurity reviews by FERC, NERC, or the Regional Entities.