The Commodity Futures Trading Commission’s (CFTC’s) Division of Enforcement announced that it has established a new task force—the Environmental Fraud Task Force—to combat environmental fraud and misconduct in derivatives and relevant spot markets, including the carbon markets.

One week after the Commodity Futures Trading Commission’s (CFTC) Whistleblower Office issued an alert seeking tips on potential fraud and manipulation in the carbon markets, the CFTC chairman announced that the second voluntary carbon markets convening will be held on July 19.

FERC has issued its final rule paving the way for incentive-based rate treatment for electric utilities that make certain voluntary cybersecurity investments. As we first noted in 2020 when describing the proposed rule, the final rule provides a new mechanism for promoting cybersecurity of the bulk-power system by rewarding utilities for proactively enhancing their cybersecurity programs beyond the mandatory requirements of the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) reliability standards.

There are no unimportant North American Electric Reliability Corporation (NERC) reliability standards, but from time to time, NERC and the Regional Entities (Regions) place greater emphasis on certain reliability standards in response to events affecting the grid. With headline-grabbing physical attacks on power substations across the country in recent months, one of NERC’s greatest current priorities is evaluating the effectiveness of its physical security standards, most notably CIP-014.

FERC issued three orders focused on increasing regulations for inverter-based resources (IBRs) in fulfillment of one of its primary goals to protect the reliability of the bulk-power system. FERC ensures this reliability through the North American Electric Reliability Corporation (NERC), an independent Electric Reliability Organization that develops and enforces mandatory reliability standards. The reliability standards are only mandatory for certain entities registered with NERC, but most IBRs are not required to register and therefore are not obligated to follow the reliability standards.

On November 17, 2022, the Office of Enforcement (OE) of the Federal Energy Regulatory Commission (FERC or the Commission) released its annual report on enforcement activities (Report). The Report details the FY 2022 efforts of OE’s three divisions: Division of Investigations (DOI), Division of Audits and Accounting (DAA), and Division of Analytics and Surveillance (DAS).

The energy industry and market participants have provided a variety of comments on what role the Commodity Futures Trading Commission (CFTC) should play in the voluntary carbon markets, in response to a June 2022 request for information on how the CFTC can help enhance the integrity and transparency of the voluntary carbon markets and what aspects of the voluntary carbon markets are susceptible to fraud and manipulation.

The Commodity Futures Trading Commission (CFTC or the Commission) released its enforcement results for fiscal year 2022 on October 20, 2022. The enforcement results detail the 82 enforcement actions the CFTC filed in 2022 and show that orders secured by the Commission imposed more than $2.5 billion in restitution, disgorgement, and civil monetary penalties, either through settlement or litigation.

The Commodity Futures Trading Commission (CFTC) issued orders on September 27, 2022, filing and settling charges against various affiliates of financial institutions for failing to maintain, preserve, or produce records that were required to be kept under the CFTC’s recordkeeping requirements and failing to diligently supervise matters related to their businesses. As FERC also has record retention requirements, we discuss key takeaways on compliance and communication methods in light of the CFTC’s orders.

The Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) on the new cyber incident reporting requirements for critical infrastructure owners as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).