Compliance and Risk Management

At PG&E, we are committed to complying with both the letter and the spirit of the law and our own Code of Conduct at all times. That is, and must be, the standard for our behavior individually and as a company. In 2014, we acknowledged that we had fallen short of this standard. As a result, we have made significant changes to strengthen our ethics and compliance program and performance. We also continue to enhance our approach to managing risk throughout our business—from seismic activity and wildfires to incidents where third-party workers “dig in” and damage buried natural gas pipelines.

Our Approach

Compliance and risk at PG&E are managed on three levels:


PG&E focuses on monitoring and managing three broad categories of risk across the business:

  • Enterprise and Operational Risk. This encompasses risks that could have a potentially catastrophic impact on public and employee safety, reliability, the environment, customer trust or PG&E’s financial condition, as well as other risks that arise from our operations.
  • Compliance Risk. This includes all programs designed to help ensure that PG&E complies with both the spirit and the letter of all applicable legal and regulatory requirements.
  • Market and Credit Risk. This includes PG&E’s exposure to risks associated with PG&E’s energy portfolio, including trading in energy commodities, financial hedging and counterparty risk.

Within senior leadership, ethics and compliance are managed by a Chief Ethics and Compliance Officer, a position created in 2015 as part of our commitment to achieve a best-in-class ethics and compliance program. The position reports to the PG&E Corporation CEO and has additional reporting responsibility to the Audit Committees of the Board of Directors, and the Compliance and Public Policy Committee of PG&E Corporation.

The new position is responsible for:

  • Building a best-in-class ethics and compliance program and overseeing its implementation
  • Overseeing company-wide programs for compliance reporting and related investigatory processes, and improving processes for prevention, detection and investigation of any potential non-compliant activities
  • Strengthening ethics and compliance-related training
  • Reinforcing PG&E’s ethics and compliance culture, as well as the company’s compliance management system
  • Identifying areas of ethics and compliance risk, and developing preventive and corrective action plans

PG&E’s Chief Risk and Audit Officer is responsible for overseeing the company's enterprise and operational risk management, internal audit, market and credit risk management, and insurance functions. The officer functionally reports to the Audit Committees of the PG&E Corporation and Utility Boards, and facilitates and is a voting member of PG&E Corporation Risk Policy Committee and the Utility Risk Management Committee, which include a subset of senior officers of PG&E Corporation and Pacific Gas and Electric Company.

Enterprise-wide Risk and Compliance teams are responsible for guiding the risk management process, including incorporating risk management into PG&E’s strategic planning process. On an annual basis, PG&E’s senior executives from every line of business hold a two-day discussion to review and assess our plans to manage compliance and risk, including the identification of top risks and compliance obligations for each line of business. This meeting provides the foundation for PG&E’s structured strategy and resource allocation discussions. Further, the PG&E Internal Auditing department provides independent objective verification regarding the adequacy of processes and controls to manage business risk, and provides control advisory services throughout PG&E.

PG&E maintains codes of conduct for the following:

Further, PG&E maintains a Chairman’s Ethics Council—comprised of management and union-represented employees at multiple levels—which helps raise and address issues relating to business ethics and conduct at PG&E. The Council meets several times throughout the year, including one meeting that is open to all employees.

Boards of Directors

The PG&E Corporation and Pacific Gas and Electric Company Boards and their committees have specific oversight responsibility for risk and compliance management in their respective areas:

Entity Risk Oversight Responsibilities
  • Evaluate risks associated with major investments and strategic initiatives (with assistance from the Finance Committee1)
  • Oversee the implementation and effectiveness of overall legal compliance and ethics programs (with assistance from the Audit Committees and the Compliance and Public Policy Committee)
Compliance and Public Policy Committee1
  • Assist the Boards of Directors and their respective Audit Committees in fulfilling the Boards’ oversight responsibility for compliance with legal and regulatory requirements
  • Coordinate the compliance-related oversight work of the various committees of the Boards
  • Advise and assist the Boards with respect to public policy and corporate sustainability issues which could affect significantly the interests of customers, shareholders or employees
Audit Committees
  • Discuss the guidelines and policies that govern the processes for assessing and managing major risks
  • Allocate to other Board committees the specific responsibility to oversee identified enterprise risks
  • Consider risk issues associated with overall financial reporting and disclosure processes
  • Discuss programs to monitor compliance with laws, regulations, policies and programs
Finance Committee1
  • Discuss risk exposures related to energy procurement, including energy commodities and derivatives, and other enterprise risks, as assigned by the Audit Committees
Nuclear, Operations and Safety Committee1
  • Advise and assist the Boards of Directors with respect to the oversight and review of compliance issues and risk management practices related to the Utility’s nuclear, generation, gas and electric transmission, and gas and electric distribution operations and facilities
  • Oversee other enterprise risks, as assigned by the Audit Committees
Compensation Committee1
  • Oversee potential risks arising from compensation policies and practices
1 Refers to committees of the PG&E Corporation Board of Directors.

For a full description of Board committee oversight responsibilities, please see the webpages of the Board of Directors of PG&E Corporation and Pacific Gas and Electric Company, as well as our 2015 Joint Proxy Statement.

Lines of Business

Each line of business within PG&E has its own risk and compliance committee, which reviews all relevant risks, approves risk analyses and mitigation strategies, and tracks mitigation progress. Each committee is led by a senior officer and includes an expert risk manager and a Compliance Champion who helps implement the risk management process and establish appropriate compliance controls within the line of business.

2014 Milestones

“We want all of our customers and their families to know that PG&E is absolutely committed to doing the right thing and acting in a transparent and ethical manner that upholds both the letter and spirit of the law and the company’s own Code of Conduct at all times.”

— Tony Earley, Chairman of the Board, Chief Executive Officer and President of PG&E Corporation

In 2014, PG&E notified the California Public Utilities Commission (CPUC) that an extensive internal review of nearly five years of emails between the company and officials at the Commission had identified a number of instances in which PG&E believed these interactions violated the CPUC's rules governing communications with the state regulator. Subsequent reviews resulted in additional reports of communications that PG&E believed violated CPUC rules.

PG&E has taken numerous actions as part of its effort to achieve the highest level of ethics and compliance possible. Specific examples include:

  • Took definitive action to strengthen regulatory compliance. Three officers are no longer employed by the company; a new senior vice president of regulatory affairs was named; and we engaged special counsel to assist in developing a best-in-class regulatory compliance model.
  • Created a new position of Chief Ethics and Compliance Officer. The new officer, who was hired in early 2015, has a mandate to establish a best-in-class corporate ethics program. The position reports to the CEO of PG&E Corporation, the Audit Committees of the Boards of Directors, and the Compliance and Public Policy Committee of PG&E Corporation.
  • Re-established the Public Policy Committee of the PG&E Corporation Board as the Compliance and Public Policy Committee. The Committee’s responsibilities include assisting the Boards and their respective Audit Committees in fulfilling the Boards’ oversight responsibility for compliance with legal and regulatory requirements.
  • Placed renewed emphasis on regulatory compliance. With the assistance of special counsel, we have placed a particular focus on complying with rules and laws governing how PG&E employees communicate with regulatory officials. We overhauled the rules of engagement with Commissioners and staff at the CPUC, and for reporting and monitoring ex parte communications. We have also developed and deployed new training, including web-based and instructor-led courses, on interacting with the CPUC.

In addition, we continue to incorporate a risk and compliance session in our enterprise-wide strategic planning process. Broadly, this process enables PG&E to assess risks and compliance obligations, set a strategy to address them and then allocate resources to successfully implement our strategy. Each line of business follows a rigorous process to assess the likelihood and impact of various enterprise, operational and compliance risks. The results of these assessments are calibrated across the enterprise, objectively applying the same criteria to all areas of operational focus. Final plans for each line of business include metrics to monitor compliance performance in an ongoing way, and top risks are assessed, managed and monitored. These plans form the basis of PG&E’s deployment of resources—leading to our ultimate goal of employing risk-informed budget allocation.

Measuring Progress

PG&E mandates annual ethics and compliance training for all employees, and requires that management employees annually certify that they have read, understand and will comply with our Employee Code of Conduct (union-represented employees receive electronic reminders or briefings from supervisors about the code).

In 2014, more than 99 percent of employees completed our annual compliance and ethics training, which is typically conducted in small groups to stimulate discussion and share experiences. (Each year, and for a variety of reasons, a statistically small number of PG&E’s employees are unable to attend a training session.) Supervisors also led conduct-related briefings with their work groups throughout the year.

Compliance and Conduct Training
2012 2013 2014
Compliance and Ethics Training 99.7% 99.9% 99.8%
Code of Conduct Training 99.3% 99.9% 99.8%

All-Employee Meeting with the Chairman’s Ethics Council

Photo of the Chairman’s Ethics Council during a meeting
(Photo by Alma de le Melena Cox)

The Chairman’s Ethics Council is designed to help raise and address issues relating to business ethics and conduct at PG&E. According to leaders in the ethics field, the concept of inviting all employees to participate in a “real-time” ethics discussion is rare.

We also continued to operate our Compliance and Ethics Helpline for employees. The volume of Helpline calls we received in 2014 was roughly 2.4 calls per 100 employees, falling within the normal range of 0.3 to 8.2 calls per 100 employees according to a benchmark report prepared by NAVEX Global. While we saw a call volume similar to prior years, we saw a 37 percent increase in calls requesting guidance. This indicates that more employees are turning to the Helpline for advice before taking actions that might be in conflict with PG&E’s policies and procedures or the law.

Looking Ahead

PG&E is committed to achieving a best-in-class ethics and compliance program, and to continuing to employ risk-based decision-making in our integrated planning process and regulatory approach. We will drive continuous improvement by:

  • Improving processes for prevention, detection and investigation of any potential non-compliant activities;
  • Strengthening ethics and compliance-related training, and reinforcing PG&E’s ethics and compliance culture and compliance management system;
  • Identifying areas of ethics and compliance risk, and developing preventive and corrective action plans;
  • Improving analytical rigor associated with the assessment and monitoring of risk within each business area;
  • Maintaining a strengthened governance process to oversee risk management activities and progress; and
  • Incorporating risk more fully into PG&E’s annual strategic planning process and future General Rate Case filings.







Economic Vitality