
Essential to Recognize Traditional and Non-traditional Regulations


John D. Rhea, Compliance Officer & Attorney, OGE Energy
Volume and Velocity of Regulations: A Challenge
The two largest challenges for compliance today are volume and velocity of regulations that impact companies. By that I mean the volume of regulations is growing exponentially and the velocity with which regulations are being promulgated is moving faster and faster.
As is always the case, the first step in compliance is recognizing which regulations apply. Although I work in an industry that has been highly regulated for decades new regulations are created constantly. These regulations come from both traditional and non-traditional arenas. The NERC reliability standards are a good example of traditional regulation in that, NERC has been around since 1968, but in 2005 FERC was given authority to essentially turn what were previously voluntarily standards that evolved over decades into mandatory requirements that change annually. In fact, since 2008, when NERC’s Critical Infrastructure Protection (“CIP”) regulations were initially implemented, NERC has now approved its 5th version of CIP and is currently working on versions 6 and 7.
“Although no compliance officer can know the details of every regulation that could impact their company, they can develop a set of tools to reduce the risk of missing something”
A good example of a non-traditional regulation is the recent Conflict Minerals legislation. On its face, electric utilities like ours would not seem to be impacted because it is about raw minerals from certain countries in Africa, but when you get into the details, it could. To address this potential compliance issue required first that we know the legislation existed, second that we analyze the legislation to understand it well enough and third to then analyze its potential impact on our company. The fourth step would be seeking compliance relief for our entity through exclusion if appropriate. All of this takes time and energy from both compliance staff and our subject matter experts.
Healthy Line of Communication
There are three things a compliance officer must be prepared to do every day.
a. Maintain awareness of your regulatory exposure,
b. Develop and foster relationships both inside your company and out,
c. Be prepared to take a stand even if it puts your job at risk
Although no compliance officer can know the details of every regulation that could impact their company, they can develop a set of tools to reduce the risk of missing something. Chief among those tools is relationships inside your company and within your industry. Maintaining relationships with your subject matter experts in your company is the first step in the process. There must be a healthy line of communication going both ways with your subject matter experts. The next step is developing relationships with your regulators so that you can know how they view your company. Last but not least are your contemporaries in other companies in your industry. They are in the best position to know what you are going through and can provide sage advice on dealing with your regulators, a heads-up for new issues, a safe place to explore ideas, and a shoulder to cry on.
The most important tool though is the willingness and ability to take a stand. You owe it to your company and yourself to hold the Company accountable to do the right thing for the right reason, every employee, every day.
2) Advice to Fellow Compliance Officers
Every Compliance Officer I have ever met has had the awkward elevator conversation with their CEO that goes something like this.
CEO to CO “Are we in compliance today?”
CO – [Awkward Pause] “Yes” [thinking] “I sure hope so”
CEO – [Awkward Pause] “Good” [thinking] “Why do I pay a Compliance Officer”
What a good compliance officer knows is that during that brief exchange a new regulation could have become enforceable that the CO knows nothing about; while at the same time someone in the company could be making a decision causing the company to be out of compliance. A good CEO wants to be supportive and receive assurance that the CO has it covered. So the first thing to do is to prepare your elevator speech in advance that is both true and relevant. A better answer for the CEO could be, “We have effective compliance governance policies and procedures in place to recognize the company’s compliance obligations, an accountability structure in place to ensure those obligations are being met, and a compliance assurance function reviewing evidence of compliance to make sure the company can prove its compliance. We are leveraging our cost effective Compliance Management Tool to tie everything together. I appreciate your commitment to our company’s compliance and for setting the tone for everyone.” When you can truthfully make this speech every time you see your see CEO, you will both be much happier.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Looking Closer At Compliance In Healthcare
test
The Intersection of Privacy and IT
Stay Connected with Your Stakeholders
Regulatory Scrutiny of Business: Unavoidable
Developing Technology to Address Big Data and Cyber-Security...
