Regulator Decides To Adopt New Security Requirements For Retail Suppliers, Over $2 Million Potentially Required For Large Suppliers

New Provision (Not In Draft) Requires Suppliers To Attest They -- And Their Third-Party Agents -- Have "Reasonable" Cyber & Data Security Practices, Must Disclose To Regulator

Institutes Biennial Review Of Supplier Licenses, But Delays Start Date

New Rules For Rate Board, Rates On Supplier's Website

September 29, 2023

Email This Story
Copyright 2010-23 EnergyChoiceMatters.com
Reporting by Paul Ring • ring@energychoicematters.com

The following story is brought free of charge to readers by VertexOne, the exclusive EDI provider of EnergyChoiceMatters.com

In accordance with Conn. Gen. Stat. § 4-168(e), the Connecticut Public Utilities Regulatory Authority (Authority or PURA) provided notice that it has decided to move forward with its proposed regulation concerning electric supplier licensing.

The proposed rules were exclusively detailed by EnergyChoiceMatters.com in 2021 (see background here)

PURA's decision today indicates that PURA has decided on final language for the proposed rules. While PURA has decided on final language with which to move forward, the rules have not yet been formally adopted. The final version of the proposed new rules now move through the state's administrative process, outside of PURA, for new rules

In deciding to move forward with the final version of the proposed rules, PURA made certain revisions in response to supplier and other stakeholder comment

Most notably, in response to concerns from the state's Attorney General, PURA has modified the final proposed rule to provide that suppliers, as part of their licensing application (including periodic license renewals for existing suppliers), shall provide an attestation that, "the applicant and the applicant’s third party agents have reasonable cyber and data security practices, including a description of the applicant’s and the third party agents’ cyber and data security practices."

While the language is included in a section related to supplier attestations related to customer information, and notwithstanding PURA's explanatory statement below, nothing in the language itself would limit the required cybersecurity attestation to only those third-party agents which have access to customer information or would limit the data security practices themselves to, "customer information."

PURA, in adopting the new cybersecurity provision, did summarize the provision by stating that PURA was, "adding the requirement that electric suppliers attest to and describe reasonable cyber and data security practices, including for all third-party vendors they utilize who have access to customer information, in their application and biennial license review compliance filing."

The final proposed rules maintain, generally as previously proposed, the new, higher security amounts for retail suppliers, except that the final proposed rule includes a more specific increase process for suppliers with loads above 1,500,000 MWh

The rules provide:

An electric supplier shall maintain an amount of security based on its forecast year load in accordance with the following schedule. The forecast year load shall be the amount of the full load served by the electric supplier during the previous calendar year, as adjusted to account for changes in the type and quantity of customers to be served in the forecast year.

(A) Up to 100,000 MWh: $250,000;

(B) 100,001 MWh to 499,999 MWh: $500,000;

(C) 500,000 MWh to 99,999 MWh: $1 million; and

(D) 1,000,000 to 1,500,000 MWh: $2 million.

An electric supplier may elect to maintain continuous security in an amount greater than indicated in the schedule.

Notwithstanding this schedule, the Authority has the discretion to increase an electric supplier’s security as indicated by a decision in the electric supplier’s licensing docket to accommodate an electric supplier’s forecast year load in excess of 1,500,000 MWh in increments of one million dollars per each additional 500,000 MWh of annual load.

Note these these security amounts are just for licensing, and do not reflect the required security from suppliers related to RPS, which is addressed in a different rule

For comparison, under the current rules, a supplier shall maintain security in the amount of $250,000 or five per cent of its estimated gross receipts for its first full year of operation, not to exceed $250,000

The final proposed regulations include new rules for the state's electricity shopping rate board, which include the following (terms defined below)

• An electric supplier shall self-report all generally available generation offers to the Rate Board following a process established by the Authority;

• All generally available rates shall be all-inclusive rates;

• An electric supplier shall follow standardized language issued by the Authority when self- reporting;

• Rates that appear on an electric supplier’s internet website shall be posted to the Rate Board, thereby aligning these resources

Under the rules, “generally available rate” means, "a generation rate that is offered to all customers taking service under a rate tariff or a rate that is offered to a class of residential or business customers. Rates that are offered through an electric supplier’s internet website or are included on the Rate Board are deemed to be generally available."

"Offer" means, "the information provided to consumers for each product or record displayed on the Rate Board. This information includes, but is not limited to, the applicable electric distribution company tariff and customer class, term in billing cycles, rate, cancellation fee, enrollment fee, restrictions, and other product-specific information."

"All-inclusive" means, "all generation-related costs or charges, such that no other charges can be added."

"Rate" means, "the all-inclusive cost per kWh for each generation offer."

Regarding the definition and attendant requirements concerning, "all-inclusive", PURA did not make any changes in response to Vistra's concerns about the interaction of such requirements and the offering of distributed generation which may typically be charged to customers via a separate recurring fee

As summarized by PURA, Vistra was specifically concerned that some distributed generation projects use a recurring fee collected from customers, which supports the operation and maintenance of the project, and is necessarily a separate charge from a fixed price per kWh. According to PURA, Vistra stated that without the flexibility to develop products with charges other than just a fixed kWh amount, there may be fewer products that support the growth of renewable generation in Connecticut.

The regulations require that an electric supplier shall maintain its company website to include the following:

(1) The electric supplier’s official name and trade name or names, if any;

(2) All Authority docket numbers and titles pertaining specifically to the electric supplier to show its regulatory history in Connecticut, including all licensing and review dockets and history of dockets of companies acquired through mergers or license transfers, and all Authority investigation dockets that have been concluded;

(3) Customer service contact information, including a phone number at which a live company representative (not an answering service) shall be available during normal business hours;

(4) Authority contact information;

(5) Information concerning all generally available offers, renewable products, and information about the source of renewable energy (e.g., renewable energy certificates), standard contracts, and enrollment forms; and

(6) Any other information which the Authority deems necessary.

Furthermore, the rules require that, for offers posted on a supplier's own website, "All rates and offers posted to an electric supplier’s internet website including a claim of savings shall include a clear and conspicuous disclosure of how the savings will be calculated and what the electric supplier will do if the savings are not realized, together with any time or other limitations the electric supplier may impose."

The rules provide that, beginning on April 15, 2025, the Authority shall conduct biennial proceedings to review certain aspects of all electric supplier licenses. This date is a change from the originally proposed start date for the new biennial process of April 15, 2022

Not later than January 31 of each year of the biennial review, an electric supplier shall file with the Authority a license review compliance filing.

The supplier will be charged $2,500 for the license review. Currently, the fee for a renewal is $250, and reviews occur only every five years

The final proposed rule deletes earlier language which had stated that it shall be a condition of continuing licensure for an electric supplier to provide, "All information regarding assignments of customers at least ten days prior to the assignment or within the timeframe indicated by statute."

Docket 19-10-41

ADVERTISEMENT

ADVERTISEMENT
NEW Jobs on RetailEnergyJobs.com:
• NEW! -- Natural Gas Senior Scheduler -- Retail Supplier
• NEW! -- Pricing Analyst - Retail Power
• NEW! -- Electricity Pricing Analyst -- Retail Supplier
• NEW! -- Business Development Manager -- Retail Supplier
• NEW! -- Call Center Manager -- Retail Supplier
• Senior Billing Subject Matter - (Remote) -- Retail Supplier

HOME

Copyright 2010-23 Energy Choice Matters.  If you wish to share this story, please email or post the website link; unauthorized copying, retransmission, or republication prohibited.