The Compliance Framework and Reporting Guidelines were produced in 2016 by the Utilities Commission of the Northern Territory (‘the Commission’). The guidelines were produced pursuant to section 7 of the Utilities Commission Act and are consistent with the aim of the Commission to foster a culture of compliance.
The Commission’s objectives in developing the Compliance Framework and Reporting Guidelines are set out in section 1.17 and include the clarification of enforcement and disciplinary processes in cases of non-compliance. The document also specifies and reinforces the Commission’s requirements for:
- licensees in relation to establishing and maintaining appropriate and robust compliance processes and frameworks in compliance with licence conditions;
- responsibility of the board and senior management;
- reporting of information to the commission; and
- operational and compliance audits in respect of operations carried out by licensees under the authority of their licences.
Compliance processes: expectation
Pursuant to clause 11 of retail, network and generation licences, licence entities must establish a compliance process that is maintained, regularly updated and auditable and must report on identified material breaches. Furthermore, pursuant to clause 11.2 (a), retail, network and generation licence holders must submit an annual compliance report to the Commission. Responsibility for compliance ultimately lies with the Board of Directors of each regulated entity and executive and senior level management should be accountable to the board for ensuring compliance. The Compliance Framework and Reporting Guidelines are a consolidation on the Commission’s previous Compliance Framework and Reporting Guidelines and statement of approach on compliance.
The Commission’s compliance monitoring programme reflects ISO 19600:2015 and the Commission expects regulated entities to develop their compliance systems based on the same standard. The Commission takes a risk-based approach in its consideration of appropriate monitoring and compliance measures, including audit frequency and scope. The Commission supports a cooperative approach to compliance as it tends to foster a more positive response. The Commission asked that regulated entities adopt a voluntary culture of compliance. The Commission expects that regulated entities understand the purpose and objectives of regulation, know what their obligations are and be informed of the consequences of non-compliance. The Commission expects that compliance programmes be reviewed at regular intervals for continuous improvement to reflect changes in the environment and regulation.
Licensees are expected to systematically identify compliance obligations and the way in which they impact on activities, products and services, which may include a register of compliance obligations outlining various business and regulatory risks. The identification and ranking of risks is the responsibility of a regulated entity. The compliance register of the licensee must be sufficiently robust and detailed in identifying the licensee’s regulatory compliance obligations from all legislative and licenced instruments. The Commission generally groups compliance obligations into several degrees based on the risk assessment of individual obligations. These are:
- Conduct – obligations related to market behaviour affecting competition;
- Performance – obligations for performance-based outcomes, such as standards of service;
- Pricing – obligations relating to price regulation;
- Electricity retail competition – provisions relating to electricity retail competition and customer transfer;
- Technical – obligations relating to technical aspects and requirements of the relevant industry;
- Safety – obligations imposing safety standards and requirements; and
- Administration – obligations for the administration of an Act or the administration of the functions of an entity under an Act.
As flagged above, the obligations registrar must be sufficiently robust and detailed in identifying the licen’ee’s compliance obligations from all legislative and licence conditions. The licensee should have processes in place to identify new and changing laws, regulations, codes and other compliance obligations. The licensee should have processes in place to evaluate the impact of the identified changes and implement any changes in the management of the compliance obligations. Ultimately, the Commission notes that the identification and ranking of risks remains a responsibility of regulated entities. In Appendix A, the Commission provides an indicative risk assessment methodology. The Commission also provides guidance on when a breach is considered to be material in Appendix A, but the Commission’s expectation is that the board and senior management of a licensee will develop a comprehensive risk assessment methodology. In assessing risk, regulated entities must give appropriate consideration to the severity of risks of non-compliance with regulatory obligations. The Commission considers repeated breaches of medium to low risk obligations as an overall material breach and as an indication of an insufficiently robust compliance process.
In considering the factors affecting the impact of a breach, a licensee should consider the long-term interests of consumers. The categories considered high-risk by the Commission include the impact on public safety and system security, impact to customers (including financial impact), and breaches of legislative and other regulatory obligations. The rating of a risk will determine the appropriate management controls associated with ensuring compliance with particular regulatory obligations.
Compliance monitoring by the Commission
The Commission uses a range of instruments to monitor compliance and identify breaches or potential breaches. The Commission partly relies on regulated entities self-assessment of their compliance with their regulatory obligations. Regulated entities are required to monitor and report on any material breaches of their obligations to the Commission as soon as reasonably possible after becoming aware that a breach has occurred. Within the report, a regulated entity must advise of the remediation measures that are being undertaken to rectify the breach. The Commission considers a breach to be material when it has the following attributes:
- incident adversely affects (financially and/ or service provision) customers;
- a significant number of customers are affected;
- a regulated entity’s ability to provide services is compromised; or
- public health and safety is threatened.
Should a regulated entity be in doubt as to the seriousness of a breach, the Commission expects the regulated entity to notify the Commission. As noted above, the Commission also expects regulated entities to consider the impact of repeated breaches of individual non-material breaches and if, in totality, these lead to a material breach.
When a regulated entity has not been compliant, the Commission expects a breach notification to be provided to the Commission with the following information:
- a brief statement explaining the circumstances and reasons for the breach;
- a brief statement explaining any delay in reporting the breach;
- relevant regulatory provisions;
- consequences of non-compliance; and
- remedial measures.
The Commission expects a licensee’s compliance framework to contain a series of escalating processes whereby potential breaches are reported to the executive and senior level management and to the board of the licensee and then to the Commission. The chief executive officer and board of a licensee must be made aware of any material breaches without delay. Pursuant to the Electricity Reform Act, regulated entities must submit an annual licence return by 1 August each year. In addition, generation, network, retail, and system control licensees are required to submit the following information by 1 August;
- names and titles of key staff members carrying out the licenced operations as of 30 June;
- confirmation from the regulated entity that there has been no material change in the licensee’s financial, technical and other capacity to continue to operate under its licence, or if there has been a change, details of the change;
- for electricity retail licence holders – the total number of customer sales for the year ending 30 June.
Additional reporting obligations apply to generation, network and system control licence holders as set out in the Compliance Framework and Reporting Guidelines.
The compliance report itself must be submitted to the commission by 31 August each year with a declaration of responsibility from the board of the licensee;
- that the licensee maintains an appropriate compliance framework that complies with the requirements of its licences set out in the Compliance Framework and Reporting Guidelines; and
- the licensee has complied with all licence conditions and obligations during the immediately preceding financial year, with the exception of non-compliance listed in the compliance report.
In the compliance report, the licensee must also list all instances of non-compliance stating whether they were material or non-material breaches, and the steps taken to rectify each compliance breach listed in the declaration. The compliance report must be approved and signed by the chief executive officer and the chairman of the board of the licensee, or any other person who was formerly delegated powers at an equivalent level and is sufficiently independent from the day-to-day operations of the licensee, as approved by the Commission.
The scope of this article was to examine some of the relevant provisions of the Compliance Framework and Reporting Guidelines. It is critical that all energy retailers comprehensively examine the guidelines in full and ensure that they are systems and processes in place to comply. Should you have any questions or wish to discuss this article, please get in contact with us.