Regulatory Compliance Consulting

If you’re in the electrical utility sector and you hear NERC Audit you’re likely to start sweating. Not because you may not have a NERC compliance plan, but because of the simple fact that there really isn’t any good information that exists that tells you everything you have to do and exactly how to do it. As you know there is NERC, FERC, and even SERC. How can you keep them all straight along with the litany of other regulatory issues you have to deal with? One of my best pieces of advice is to breakdown the different standards of NERC into manageable pieces.

Creating a NERC Compliance Plan

First, take apart all the standards and sectionalize them. NERC has done a decent job of trying to separate these into groups. For instance, Cyber Security has standards that go from CIP 001-009. However, if you break apart all the different issues that go into just those standards, you will no doubt have a million different action items on your plate. My specialty and focus has been on CIP 4, because this is where I have listened to a lot of screaming clients who have become frustrated with the auditing process taking place. The fines that these audits generate can cost upwards of $7,500 per person per day. I was recently at the TechAdvantage Expo in Atlanta, and spoke with many industry executives who said they have had to pay fines of several hundred thousand dollars and more for not complying with CIP 4.

The best thing to do is break apart the standards and review each one in detail and then parse them out to your different department heads, who can be made responsible for implementation. As the NERC compliance plan manager, you will need to get buy in from your senior management so that they will dictate to your peers the fact that they will need to report to you on their findings. You will need to coordinate their efforts and then tell your senior management you want to provide them with updates on the plan bi-weekly or at least monthly. By doing this, it will help keep them engaged and continue to provide you with the resources you need to devise a NERC compliance plan.

Let’s just take, for example, the Cyber Security standards. The very name could be a little misleading because it would imply that this standard should go to your IT department. They are the ones that will need to implement all kinds of cool techno stuff that will provide you with cyber intrusion protection tools, right? Not necessarily. Take for example the CIP 004. This clearly states that you must have a system in place for conducting awareness training, background risk assessments, and access documentation and credentialing on all of your employees and contractors. You may now look at this and then realize this is more of a security department or HR concern rather than a technical one.

Second, when you’re looking for vendors to help you analyze all of the different options, remember this one true statement. No single company has a system to manage all NERC compliance plan issues. I’ve seen it many times before where companies advertise that they can make you NERC compliant by just hiring them. This is a fallacy. There are many consulting companies out there that are very reputable and can certainly assist you with the interpretation and development of a NERC compliance plan, but they cannot implement the systems and technology to make you compliant. I go back to the CIP 4 standard for Cyber Security where vendors proclaim to be able to achieve compliance in a certain time frame. One of the most important issues as part of that standard is conducting a risk assessment background check on anyone that has access to critical assets. To do a background check, you need to be a certified CRA (Credit Reporting Agency). But even to this same point, doing things that might involve other pieces of that standard, for instance handling encryption and password protection of those assets that same company would not be the correct fit.

Remember that creating a NERC compliance plan is a goal driven task. Have yourself or a consulting company review the different aspects of NERC that apply and coordinate with your top managers to make this a goal for you and your peers.

Implementing a NERC Compliance Plan

One of the morals of this story is to get your suppliers to illustrate how they comply with a specific standard of NERC. If they say they comply with multiple standards, then ask them to show you how and run it by NERC for verification. Also, make sure their pricing is in line with how they sell it to you. There are multiple occurrences where a vendor will sell something to one company and then turn around and sell the exact same thing to another company but at a much higher mark up since there is a regulation surrounding that industry. Don’t be fooled by those gimmick tactics and allow vendors to prey on your fear of not having a NERC compliance plan in place.

In summary, get a breakdown of which standard applies directly to you, create a matrix chart of which pieces of which standard apply to what departments, get your senior managers involved to dictate these goals to your peers and provide them with updates. Then, when going out to vendors, have them prove how it directly relates to a NERC compliance plan; ask them if they sell that same tool to others and how much it is. Doing these things in this order will help you become the go-to person on regulatory issues, and, in a utility company…that is highly valued.

An owner of a small trucking company contacted us this week to get some help with his safety management controls - he knows there are things he needs to do but he hadn’t been doing them.

He is a smart man and he knows his assets are at risk - the DOT can be thorough and fines get pretty high, and there are rumors of lawsuits when things go wrong.

This small carrier has been around more than 2 years, so I asked if they had a safety audit - if there were any violations on the SA the fixes are important - no need letting yourself in for repeat violations, as this CAN lead to maximum penalties.

Why, yes, the man said, they have had a safety audit, in March last year. And after rummaging around in some files for a few minutes, they did find the safety audit document. But there are no violations here - not one. How can this be?

The carriers DQ Files are less than 40% compliant, their D & A testing program is less than 6 months old, they have a hit-and-miss HOS monitoring program with a few examples of flagrant false logs, some minor 11 and 14-hour violations, and countless form and manner violations, his maintenance folders have none of the required elements. Let’s just say there is MUCH room for improvement.

So why was there such a contradiction between what I found and what a safety auditor found 18 months ago? The safety auditor said there were NO VIOLATIONS.

Now, I suppose it is possible this carrier was doing EVERYTHING right in March 2008 and just let things go to heck since then. Or, maybe the carrier never got around to doing anything but the safety auditor didn’t do a very thorough job. My money is on the second explanation.

Sadly, I have seen this numerous times since we started our small consulting practice a couple years ago. Safety auditors and investigators doing compliance reviews are sometimes so lenient, carriers think the DOT has no teeth.

Sounds like a good world right?

You try and make a living, and when the DOT sends enforcers out, they are creampuffs.

But overly lenient investigators don’t do carriers any favors, encouraging complacency in the motor carrier community.

I feel sorry for the honest business people who TRY to do the right thing.

They have a Compliance Review, the investigator points out one or two little things, they throw some effort at these things and forget about DOT requirements.

Then, one day a terrible accident takes place. Where are those friendly, overly lenient DOT investigators now? Nowhere to be found, I assure you.

This time you have a CR and the investigator is very thorough indeed. This time they leave no stone unturned. The fines may still be inconsequential, but that doesn’t matter. Once a federal agent puts down on his scorecard that you were doing something that was a violation of a DOT Reg., the plaintiffs attorney (who may be an expert on DOT Regs) goes after the full amount of your insurance limits AND any assets you have or that you might EVER have.

You thought that lenient investigator was doing you a favor, eh?

The best thing DOT investigators can do for you is conduct thorough, tough Compliance Reviews. Sadly, most investigators are not very thorough at all.

A safety audit is supposed to be a lightweight CR, and nearly everyone passes. But, it is meant to be an education event for the carrier.

Most safety auditors don’t do a very thorough job either.

The one I just looked at yesterday was, by definition, one of the worst, but it is a trend that I see all too often.

Any idiot can get a DOT number - it only takes a few minutes. Even the ones who TRY to follow the regs should have several violations when they have a safety audit. It is nearly impossibly to do everything right. But too many safety audits are done showing a carrier was doing nothing wrong when, in truth, the carrier was doing very little right.

The term ‘grandfathering’ is commonly used in many different circumstances when dealing with a possible exemption to a rule, requirement, or change to any existing conditions or standards that apply to a variety of situations such as businesses activities or occupational requirement. Often employees or tradepersons find themselves in a situation where they may become exempt to a new professional requirement by the act of being grandfathered-in by means of previously acceptable conditions. In fact, there are a wide variety of circumstances where the grandfathering of a pre-existing condition or requirement is applicable. However for the purposes of this article, a common situation where the application of a grandfathering-in of a structure, use or occupancy when dealing with zoning codes, land development regulations, and permit requirements will be reviewed. The term grandfathering is often applied to address uses, activities, and structures that may be adversely affected by the adoption of new restrictive ordinances, land-use designations, or code requirements.

Historical Perspective

The term grandfathering or grandfather clause has been cited as having its origins in the amendments to constitutional provisions of many southern U.S. states around the late nineteenth century. Black’s Law Dictionary and West’s Encyclopedia of American Law explains that the original purpose of the ‘Grandfather Clause’ was to keep newly freed African-Americans and certain groups of people from voting, mainly in the southern U.S states. Theses clauses denied voter registration to people who didn’t meet certain requirements unless their grandfathers had served in the Confederate Army therefore if a person’s grandfather could vote, so could they. In 1915 the U. S. Supreme Court declared these types of clauses unconstitutional; however, the term grandfathering is still a commonly accepted term when addressing exemption provisions for zoning regulations. Today, grandfathering of a structure, business activity or use provides an exemption from current codes or other newly adopted regulations that would make it otherwise prohibited or fail to meet current codes because it was lawfully in place prior to any change or requirement affecting its existence, use or lawfulness. When a property or use is grandfathered-in, it is said to be non-conforming to any current codes or requirements. There is often a misconception that just the prior existence of a structure or activity or other use is okay if built or in place prior to the adoption of a related code or ordinance, however, the key to grandfathering is that the affected area or item of concern must have been lawfully in place prior to any change or prohibition. Additionally, there are laws that can be adopted for life-safety reasons that would not allow the continuance of any use or structure that is determined to be dangerous just because it has always been so or an new law may contain an amortization period where affected persons are put on noticed of a certain time-frame for when a use must conform to current codes or otherwise be ceased to exist.

Concerns for existing structures

It is important for owners of older properties to check with their local building and zoning departments prior to pursuing any construction or repair activities, not only to ensure what permit requirements may be necessary, if any, but also to obtain knowledge of any pre-existing conditions or new requirements that may affect the project or use. Any use or structure that does not conform to current codes or requirements for similar uses or structures would be considered non-conforming or that which does not conform. For example, in Florida, there are windstorm requirements for the installation of shutters or safety approved windows for new construction due to the changes in the Florida building code due to need for building safety from hurricane force winds and related effects of these storms. For an existing structure with older windows that do not conform to the latest safety standards, if the replacement of these windows becomes necessary, in order to meet this requirement, it may be required to upgrade all the windows or provide proper window safety coverings installed over the windows on the entire structure. Because of the life-safety and property protection nature of this requirement the existing windows on your property may not be grandfathered-in due to this requirement. However, the local building department would be able to advise if an exemption to this requirement would be allowed for only minor repairs for broken window panes or a replacement of only one window is needed.

Further considerations

Another scenario could involve the repair of an existing accessory structure, such as a fence, where there has been a change in permit requirements or new restrictions limiting size or location of new fences, the grandfathering provision may also not apply. Just because the fence may already be in existence and previously permitted, modifications or major repair may constitute adherence to any new regulations or requirements adopted by a local jurisdiction, change in building or zoning code or sometimes even a local neighborhood restriction as an architectural guideline or neighborhood enhancement standard. Often when existing structures are not in conformance with current code, such as one that may restrict the location of new fences in front yards, when an existing fences that are located in front yard need to be replaced, this may cause this existing fences to now be required to conform to the current neighborhood standards. Unless there is a minor repair provision, usually repairs to an existing structure that exceeds a preset percentage of the structure, such as a certain value of the work such as exceeding 50% or more or the area of the structure or value of the work or if a new building or zoning permit is required will require the structure to now be brought into conformance with current code requirements. This is how a neighborhood progresses towards all properties conforming to current neighborhood standards by requiring adherence to current codes when it makes sense and only exempting those properties that truly remain grandfathered-in by maintaining their nonconforming status either because no major repair or modifications requiring permits where necessary or changes to the a structure or use have remained within prescribed limitations. Be very wary of any contractor that tells you that a project does not require obtaining any permits or local jurisdiction approvals or homeowner association reviews unless it is for minor repairs or you are absolutely sure that it does not because if it does or it may affect a grandfathering status, it may cost you more money and headache in the long run if it is to be corrected after the fact.

Scenario of a common dilemma

A common area of concern occurs when a new property owner is faced with the dilemma of dealing with work that was previously done without permits to a property that they now own. When parts of real property such as an accessory structure like a shed or a property addition has been constructed without permits and required inspections it can be a real headache, especially if the work does not meet current code requirements or even worse, if it is not allowed or in the wrong place. This often occurs because the previous owner or owner at the time that the work was performed failed to obtain permits for the work and therefore the construction was never reviewed by all applicable agencies such as building, zoning, environmental, and engineering. Even though the work was done prior to a new or current owners awareness, it would not be grandfathered in because it was not originally done lawfully. Often property owners who find themselves in this type of situation may feel that the lack of a permit should be overlooked because whatever was done may not be thought to bother anyone else or that it does not serve any substantial purpose or protection of the general welfare to require a permit be obtained after the fact or if a long period of time has passed. However, the fact that a previous owner overlooked the responsibility to obtain a permit and required inspections does not negate the responsibility of the jurisdiction to enforce the codes once it has been made aware of the violation. To do so would be neglectful and the problem would not go away but would remain to be dealt with by a future unsuspecting purchaser or if something terrible were to happen because of poor workmanship or the unearthing of unknown consequences. In some cases, the building or zoning official may be able to provide alternative options towards bringing the property into compliance or obtaining an exception to the code requirements if a variance is sought and certain conditions are met. This is important if the problem was not self-created such as in this scenario.

The Quest for the Grandfathering Status

The need for the application of a grandfather status to a particular situation often arises when a new owner who is unaware of any problems or limitations on a property begins a home improvement project and either clears away obstructions that have concealed the construction from view, such as with overgrown landscaping or vegetation or upon the review of property survey or construction plans for the application of a new permit. Another common situation is when a change to an existing use of a property that is no longer allowed by the zoning code occurs or a new property owner applies for a use that is determined to have been previously discontinued and can no longer occur. The discovery of an existing problem may even occur upon property visits by a code inspector for other violations, when inspections are performed for the permit for new home improvement work or even by obvious visual reasons where a seasoned inspector can easily see that work was done without permits. This often occurs because since un-permitted work has not been reviewed by building and zoning officials, the awareness of code requirements or zoning limitations, such as setbacks from property lines, can be easily violated without being aware. Unless a new property owner can address this issue with the previous owner or through some type of title insurance claim, they are usually faced with the unfortunate responsibility and costs of trying to correct any problems un-permitted work may cause or address an expected use of a property that will not be allowed by the zoning department. Some jurisdictions may require that any property owner who is aware of work done without permits or if a violation has already been issued be responsible to disclose same to any future or prospective purchaser of the property. For example, in the State of Florida, Chapter 162.06 of the State Statutes requires the following:

“If the owner of property that is subject to an enforcement proceeding before an enforcement board, special magistrate, or court transfers ownership of such property between the time the initial pleading was served and the time of the hearing, such owner shall (a) Disclose, in writing, the existence and the nature of the proceeding to the prospective transferee; (b) Deliver to the prospective transferee a copy of the pleadings, notices, and other materials relating to the code enforcement proceeding received by the transferor: (c) Disclose, in writing, to the prospective transferee that the new owner will be responsible for compliance with the applicable code and with orders issued in the code enforcement proceeding; (d) File a notice with the code enforcement official of the transfer of the property, with the identity and address of the new owner and copies of the disclosures made to the new owner, within 5 days after the date of the transfer. A failure to make the disclosures described in paragraphs (a), (b), and (c) before the transfer creates a rebuttable presumption of fraud. If the property is transferred before the hearing, the proceeding shall not be dismissed, but the new owner shall be provided a reasonable period of time to correct the violation before the hearing is held.”

Certain state constitutions or statues may allow for a use or structure to continue if it has been in existence over a certain period of time depending on the law. An example of this would be if a state provides a statute of limitations whereby if a building code permit provision has not been enforced for the construction of a structure for more than twenty-years then a local jurisdiction cannot require the structure to be brought into current code conformance unless the jurisdiction is able to meet certain requirements that warrant such action. However, because the building codes are usually considered specifically dealing with life-safety, most work done without permits unless specifically exempt by code or statue would not be allowed to exist once discovered. The codes are not only designed to prevent harm and property damage to the general public but also to protect each and every individual from harm to themselves, family, tenants, or guests by occupying or utilizing unsafe structures.

Conclusion

Although code enforcement officials and inspectors are tasked with the responsibility to address possible violations for losses of nonconformance or items that are not in conformance with current codes, every situation encountered should be treated as an individual case and handled based upon its own history, facts and records. Code officials can assist with researching records, such as building permits, zoning approvals, certificates of uses or other prior board determinations to make a determination if something is or is not grandfathered-in. If a property was lawfully existing or a use was already established before a change was made to prohibit such use or construction, certain evidence such as photos, plans, and even testimonial affidavits may become very useful in assisting the local building and zoning departments to establish a legal nonconforming use or structure. Additionally, because there are always other factors, circumstances or applicable laws that may affect a determination of grandfathering, any concerns regarding the application of grandfathering should be discussed with your code enforcement official, local building and zoning department officials, municipal or county attorney and other qualified professional or counsel. There may be numerous procedural steps, exemptions, and laws that may apply to your particular situation so be sure and get all the assistance and information that you can, especially when dealing with any legal concern. It is often recommended that before the purchase of any property, that buyers obtain the services of a reliable and reputable inspection service, as well as, paying a visit to your local building and zoning departments. Some jurisdictions may offer a prospective property buyer to obtain a pre-purchase or pre-occupancy inspection for a property to determine if there are any existing liens, encumbrances, outstanding permits, violations or limitations on proposed uses.

While the Federal Reserve Bank works to improve efficiencies and services, sometimes the changes can cause confusion for financial institutions. In the fall 2009, they changed the requirements for depositing currency and coin. Now, within a matter of months, they are making another change.

With the initial changes in 2009, the FRB stated deposits should be made in plastic bags or canvas bags that utilize seals. This is a modification from the 2003 rule that stipulated the use of plastic bags only.

If you decide to use plastic, keep the following points in mind.

• Bags should have a tamper-evident seal
• Bags must have a reinforced handle and withstand a 100 lb. load.
• Be constructed from 6.5-mil gauge plastic
• Be sized approximately to that of a standard canvas bag
• Contain contents that are clearly visible through the packaging
• Be labeled on the opposite side of the handle showing the denomination, dollar amount, depositor’s name and ABA routing number

Other rules will apply if canvas bags are used for coin. For example, with canvas bags, you must use color-coded tags based on denomination with proper identification and closure.

The Federal Reserve has established these requirements in order to create efficiencies for processing deposits. The requirements help ensure institutions are not sending deposits in bags that are not constructed or intended to handle, transport and process large amounts of coin.

The requirements far out perform what is actually being seen in the field. As an example, it is not possible to fit 100 pounds of coins into a standard coin deposit bag. Nor is it even feasible to lift and carry a 100 pound coin bag without compromising health and safety issues. The 100-pound hang test, however, does show how the reinforced bag handles will facilitate carrying and processing.

A lot of confusion exists regarding the Federal Reserve regulations for currency deposits. Before November 1, 2009, there were no specifications for currency deposits. Recently, the specifications were revamped.

The new approved packaging for currency deposits now require clear plastic disposable bags with plastic or metal containers. When using plastic the bag must:

• Have a tamper-evident seal
• Be constructed from 5-mil plastic
• Be made of translucent material so contents are visible
• Contain no more than 16 bundles

On November 9, 2009, the FedCash Services announced it would again be changing practices in order to create additional efficiencies in processing deposits. Unlike the requirements that went into effect just days earlier, these new requirements would be rolled by region over the course of several years. New York will be the first region affected and the new requirements will take effect on April 5, 2010.

Many people are confused as to what they should expect in April of 2010. The FED wants to track where bags are coming from. This means that each deposit bag manufacturer must register with them. In turn, the Fed will assign bar codes for each manufacturer to use on their deposit bags. This will make the tracking process automatic.

Keep in mind that this new bar coding only affects currency deposits. There are no additional adjustments being made to coin bags. As mentioned previously, these changes are being rolled out slowly by geographical region. The specific timeline of the rollout has not yet been established. The bar coding will be specific to the bag manufacturer, not to the geographical region of deposit. Customers depositing to multiple regions do not need to keep or maintain numerous inventories.

One thing is for certain, the FRB regulations will continue to evolve and change with time. While the changes may cause some initial confusion, they will ultimately benefit the customer with faster deposit processing times.