FERC Order 2004 Compliance

If you are in the Natural Gas Industry, you are aware of The Federal Energy Regulatory Committee (FERC) Order 2004. This requires natural gas companies to control communication between Transmission Function Employees and Energy and Marketing Affiliates. FERC has the power to fine companies that violate this order. Even if the communication was unintentional. Even if the company self-reports to FERC.

However, FERC has hinted at what can prevent those fines:

In April 2006, a FERC webcast was held, discussing what constituted compliance, and which companies were fined (and not fined), and what behavior would cause an organization to be in the former or latter category.

Boiling the discussion down, the essential bit is this: The companies that did not get fined demonstrated a Culture of Compliance. Now, the $65,536 question: what can a company do to demonstrate said culture?

I'd like to suggest that there are three things:

1. Fostering a culture of training towards compliance (teach the employees about compliance, what the regulations are, acceptable behavior, etc.)


2. Measure compliance (know where employees sit in the organizational hierarchy, who is communicating to whom, what constitutes a shared employee)


3. Implement technology to assist (implement ethical walls, especially incorporating automated group/department detection (e.g. looking in Active Directory for groups) and keyword detection, paying attention also to shared employees)

Granted, I've given these three the briefest of coverage, but also note that these can be generally applied to any compliance effort (even if it is just compliance with a corporate Acceptable Use Policy (AUP)).

What are you doing to foster a Culture of Compliance?