State of Compliance 2014 Energy and utilities industry brief
Delve into the full analysis of the 2014 State of Compliance Survey at: pwc.com/us/ stateofcompliance
Image
Introduction The year 2014 marks the first year PwC has published a separate energy and utilities State of Compliance report, and we expect it will likely serve as a basis for year-to-year comparisons of energy and utilities companies in the future. PwC’s 2014 State of Compliance study shows that the energy and utilities sector faces increasing challenges but does recognize the importance of the compliance function. The compliance function is not as well established in energy and utilities as in other heavily regulated sectors, and the position of chief compliance officer/head of compliance (CCO/HoC) in many cases entails multiple responsibilities—many of them outside the compliance role. That said, the sector has benefited from an increase in compliance staffing levels and budgets in the past year. And in-house compliance committees are well established, containing wide representation from many different departments. Increasing numbers of regulatory reforms are major concerns—and major perceived risks—associated with the energy and utilities sector. Regulations, which may be issued at the state or federal level, have the potential to affect future expansions and overall infrastructure updates that take years to plan, implement, and construct. In line with current trends, the energy and utilities sector is adapting to and embracing the use of social media as viable compliance communication tools, and the CCO/HoC should understand, become familiar with, and prepare to handle both the power of social media and the associated risks.
State of Compliance 2014
Energy and utilities industry brief
1
1
Profile of energy and utilities compliance functions
Our survey indicates that the makeup of the compliance function throughout the energy and utilities industry is not uniform compared with other sectors such as financial services and pharmaceutical and life sciences, which tend to have standalone departments, including a CCO/HoC. According to the survey, 68% of energy and utility respondents said they have a CCO/HoC in place. Further breakdown indicates that only 34% of CCOs/HoCs in the energy and utilities sector are dedicated solely to compliance, whereas 66% of them have multiple responsibilities or hold multiple roles in their organizations. Establishing a standalone CCO/HoC position may become an increasing priority in the energy and utilities sector, considering that industryspecific regulations dominate as the number one concern throughout the industry. CCOs/HoCs in the energy and utilities sector most typically report to the company’s general counsel (41%); only 30% report directly to the CEO, and 14% to the board of directors. As compliance in this sector continues to draw focus, companies may want to review the CCO/HoC’s reportingrelationship position to better align compliance with business performance. State of Compliance 2014
Energy and utilities industry brief
Data collected indicates that the energy and utilities sector has gained increased focus and increased resources in its approach to compliance, with staffing and budget increasing in the past year. More than a quarter of respondents said their approximate annual compliance budgets are $1 million or more. Just over half of respondents indicated that at least two to five full-time employees work in their companies’ compliance function. Further results indicate that compliance committees are relatively well established within the energy and utilities sector, with 58% of respondents affirming they have committees in place. Compliance committees tend to have broad representation from many departments—including compliance, legal, internal audit, human resources, operations, and information technology—but less representation from business units and other business support functions, such as supply chain and procurement. Given that effective compliance practices should be embedded into the business functions, energy and utilities companies should continue that focus and ensure that (1) established compliance committees remain in place and (2) the right internal resources are included in them.
2
2
Risk scope and effectiveness
Although cybersecurity risk is prevalent in other sectors as well, there is a particular focus on it in the energy and utilities industry, due in large part to national security and terrorism concerns. As cybersecurity risks have dramatically evolved, compliance-based security strategies have struggled to keep pace with sophisticated attackers; and today’s approach by many companies tends to be reactionary. Security incidents in the energy and utilities sector are major business risks that, although not always preventable, can and should be mitigated to the extent possible. Moreover, respondents to the survey Cybersecurity is an essential indicated that industry-specific component of organizations’ regulations are perceived as both the compliance strategies—one that should current and future predominant risk to be championed by the CEO and the energy and utilities sector. That adequately funded and viewed as a assessment of risk is not surprising business protection plan rather than as given, for example, the November a cumbersome regulation in the energy 2013 approval of Version 5 of the and utilities industry. Critical Infrastructure Protection Reliability Standards, which can continue to have a pronounced effect on the Bulk Electric System and require energy and utility companies to identify and rate their systems against vulnerability to cyberattacks. Outlined in the survey are the currently perceived levels of risk associated with compliance in the energy and utilities sector. Industryspecific regulations dominate as the number one concern throughout the industry, followed by safety and environmental issues and strategic risk. Given the high level of regulation in the industry, compliance with industry-specific regulations and attention to strategic risk are vital activities so that energy and utilities companies can meet their business performance goals.
State of Compliance 2014
Energy and utilities industry brief
Industry-specific regulations dominate as the #1 concern throughout the industry
3
3
Social media
About 48% of survey respondents in the energy and utilities sector use both internal and external social media to communicate about compliance and ethics topics. The industry seems to be increasing its use of social media for communication of compliance-related issues. That growth is likely to continue based on increasing advancements in social media technology. Compliance functions can benefit by continuing to build awareness throughout a workforce that is increasingly dependent on social media as vehicles to both send and receive content. There are inherent risks associated with use of social media, however, including potential data leakage, incoming threats, and inappropriate user behavior. CCOs/HoCs should be aware of those risks and plan accordingly. As the risks increase, companies in the energy and utilities space may wish to be more cautious in their use of social media during prehiring due diligence and of social media monitoring of employees, for example.
State of Compliance 2014
Conclusion The energy and utilities industry is facing major compliance challenges, and companies should plan accordingly. New regulations, new technologies, and new cybersecurity measures are just a few of the challenges CCOs/HoCs will likely face and should prepare for in the near future. Although the sector has been enjoying increased budgets and staffing levels, it still lags behind other regulated sectors that have more-mature compliance functions, as fewer energy and utilities companies report having compliance departments led by CCOs/HoCs who focus on compliance alone.
Energy and utilities industry brief
4
4
Related data
The majority of respondents state that they have a CCO in place (68%), however this has dropped substantially from the previous year (89%)
Q3a Does your organization have a Chief Compliance Officer/Head of Compliance?
2014
2013
30%
11%
68%
89%
Base: (76, 66)
State of Compliance 2014
Energy and utilities industry brief
6
4
Related data
Almost half of respondents in Energy and Utilities state the legal department provides leadership for compliance
Two thirds of respondents state that the person with most responsibility for compliance “wears multiple hats”
Q3b Which department provides leadership for the compliance program?
Q3d Is the position of the person with the most responsibility for compliance a stand-alone role, or does s/he ‘wear multiple hats’?
Compliance
28% 0% 49%
Legal
57%
Risk HR Other 2014
34%
9%
Internal audit
43% 3% 66%
0% 3% 0% 7% 0%
Stand-alone role Wears multiple hats'
2013
Base: (76, 7) Comparison to Q3d 2013. Please note the change in question wording.
State of Compliance 2014
Base: (74)
Energy and utilities industry brief
7
4
Related data
Over 40% of Energy and Utility respondents suggest that the head of compliance formally reports to the General Counsel/Legal in their organization
Q4 To whom does the person with most responsibility for compliance formally report in your organization?
41%
General Counsel/Legal 25% 30%
Chief Executive Officer
32% 14%
Board of Directors/Audit Committee
26% 9%
Chief Financial Officer 3% Internal Audit
1% 0%
Chief Risk Officer
0% 2%
2014
2013
Base: (74, 65)
State of Compliance 2014
Energy and utilities industry brief
8
4
Related data
Compliance Committees are relatively well established within the Energy and Utilities Sector...
Q6a Does your company have an in-house Compliance Committee to support compliance efforts? 58% respondents told us they have a Compliance Committee within their organization.
58%
58%
36%
35%
7%
Yes 2014
No
6%
Don't know
2013
Base: (74, 66)
State of Compliance 2014
Energy and utilities industry brief
9
4
Related data
The majority of respondents report that compliance and/or legal functions are represented on the committee
Q6b Which of the following departments or functions serve on the Compliance Committee? 2013
2014 Legal
Legal
77%
Compliance
Compliance
72%
Human Resources
67%
Internal Audit
Internal Audit
65%
Human Resources
Finance
44%
Information Technology
61% 58% 47%
Operations Information Technology
33%
74%
Business Units
37%
Business Units
76%
Finance
53%
Operations
82%
42% 32%
Investor Relations
19%
Other
Other
16%
Supply Chain
Procurement
14%
Procurement
Sales and Marketing
12%
Sales and Marketing
18%
Supply Chain
12%
Investor Relations
18%
Base: Respondents who stated ‘yes’ at Q6a (43)
State of Compliance 2014
26% 24% 21%
Base: Respondents who stated ‘yes’ at Q8a (38)
Energy and utilities industry brief
10
4
Related data
Over a third of respondents suggest that there are two or fewer FTEs working in their compliance function Q7a&b How many full time equivalents are working in the corporate compliance function or are based outside of the corporate compliance function? 2014 More than 100
2013 0%
More than 100
5%
26-100
8% 9%
11-25
8%
6-10
2
16%
11-25
16% 12%
6-10
22%
2
8% 7% 7%
Less than one
7%
9% 12% 9% 14% 11% 11% 29%
3-5
14%
1
6%
26-100
30%
3-5
2%
1 Less than one
16%
14% 9% 5% 14% 6% 3% 9%
FTEs in corporate compliance function
FTEs in corporate compliance function
FTEs working in compliance but outside the compliance function
FTEs working in compliance but outside the compliance function
Base: (74)
State of Compliance 2014
Base: (66)
Energy and utilities industry brief
11
4
Related data
43% of Energy and Utility respondents stated that compliance staffing levels have increased over the past 12 months (compared to 33% in 2013)
Q7c How has corporate compliance function staffing changed over the past 12 months?
Decreased
Stayed the same
Increased
2014
0%
54%
43%
2013
6%
55%
33%
Base: (74, 66)
State of Compliance 2014
Energy and utilities industry brief
12
4
Related data
Just over a quarter of respondents stated that their approximate annual budget for compliance is $1 million or more
Q9a What is the total approximate annual budget for compliance and related activities at the corporate compliance function level?
$5m or more
4% 9% 23%
$1m to less than $5m 15% 8%
$500,000 to less than $1m
14% 28%
$100,000 to less than $500,000
14% 8%
Less than $100,000 3%
9%
No budget established 6%
2014
2013
Base: (74, 66)
State of Compliance 2014
Energy and utilities industry brief
13
4
Related data
Over half (53%) of all Energy and Utility respondents stated that their compliance budget has stayed the same this year, however few are seeing their budgets decrease
Q9b In the last 12 months the budget for compliance and related activities at the corporate compliance function level has..
Decreased
Stayed the same
Increased
2014
1%
53%
35%
2013
10%
47%
24%
Base: (74, 62)
State of Compliance 2014
Energy and utilities industry brief
14
4
Related data
Industry-specific regulations remain a top-of-mind risk for Energy and Utility respondents
Q10a Please select your top 3 areas in terms of current perceived level of risk to your business? 2014
2013
Industry-specific regulations
49%
Safety/Environmental
Industry-specific regulations
32%
Strategic risk
Safety/Environmental
26%
Bribery/Corruption
19%
Conflicts of interest
16%
Business continuity
15%
Import-export controls/trade…
Strategic risk
14%
15%
Regulatory quality
14%
Fraud
11%
Fraud
11%
Business continuity
7%
Government contracting
7%
Fair competition/Anti-trust
7%
Consumer protection
5%
Corporate social responsibility
5%
Insider trading
5%
Ethical sourcing Money laundering Social media
4%
11% 11%
Employment labor compliance
8%
Intellectual property
17%
Security
Supplier compliance Records management
23% 18%
Conflicts of interest
11%
9%
23%
Supply chain/procurement
Privacy and confidentiality
Employment labor compliance
26%
Data privacy and confidentiality
15%
Regulatory quality
47%
Bribery/Corruption
18%
Security
49%
9%
Intellectual property Fair competition/Anti-trust
8% 5%
Government contracting
3%
Money laundering
3%
Insider trading
3%
Consumer protection
2%
Corporate social responsibility
1% 0%
2%
Social media
0%
Counterfeiting
0%
Base: (74, 66)
State of Compliance 2014
Energy and utilities industry brief
15
4
Related data
When looking to the future, Energy and Utility respondents cited industry specific regulations, strategic risks and safety/environment as their highest risks to their business Q10b Please select your top 3 areas in terms of future perceived level of risk to your business? 2014
2013
Industry-specific regulations
39%
Strategic risk
Industry-specific regulations
31%
Safety/Environmental
30%
Security
16%
Supplier compliance
16%
Business continuity
26%
Data privacy and confidentiality
21%
Business continuity
18%
Security
14%
Fraud
29%
Strategic risk
15%
Bribery/Corruption
41%
Bribery/Corruption
18%
Regulatory quality
47%
Safety/Environmental
17%
Conflicts of interest
14%
14%
Supply chain/procurement
12%
Conflicts of interest
12%
Corporate social responsibility
12%
Regulatory quality
Records management
12%
Intellectual property
9%
Government contracting
9%
Privacy and confidentiality
11%
Intellectual property
9%
Corporate social responsibility
Import-export controls/trade compliance
9%
Fraud
Ethical sourcing
8%
Employment labor compliance
7%
Government contracting
5%
Consumer protection
4%
Fair competition/Anti-trust
4%
Social media Insider trading Money laundering
Fair competition/Anti-trust
0%
6% 3%
Insider trading
3%
Social media
3%
9% 8%
Money laundering Employment labor compliance
1%
12%
3% 2%
Counterfeiting
0%
Consumer protection
0%
Base: (74, 66)
State of Compliance 2014
Energy and utilities industry brief
16
4
Related data
Communicating about compliance and ethics topics internally is the most frequently cited use of social media
Q19 In which of the following ways does your company use social media in your compliance and ethics program?
48%
We communicate about compliance and ethics topics through internal social media channels
31% 33%
We monitor social media sites for postings suggesting potential misconduct
62% 48%
We communicate about compliance and ethics topics through external social media channels
46% 33%
We review public social media and other sources as part of our pre hiring due diligence
62% 10%
Don't know 0% 2014
2013
Base: (21, 13)
State of Compliance 2014
Energy and utilities industry brief
17
To have a deeper conversation about how the evolution of compliance may affect your business, please contact: Principal Energy and utilities contributor Andrea Falcione Managing Director (617) 530 5011
[email protected]
Principal State of Compliance Survey contributors Sally Bernstein Principal (617) 530 4279
[email protected]
Andrea Falcione Managing Director (617) 530 5011
[email protected]
www.pwc.com
© 2014 PwC. All rights reserved. “PwC” and “PwC US” refer to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. MW-15-0024