Module 12

Risk, Controls, and Compliance

Overview

Summary — Risk, Controls, and Compliance

Overview: Why Risk Management Matters

The risk, controls, and compliance layer is not a final step in the energy supply chain — it sits on top of and across all other operations, from field activities to trading to settlement. Every physical transaction (buying gas, transporting it, storing it, selling it) carries a financial, operational, or administrative implication that must be monitored, validated, and reported accurately. Without this layer functioning correctly, invoicing fails, financial statements mislead investors, and companies face legal exposure.

The modern middle office grew dramatically following the collapse of Enron in the early 2000s. Enron — once the world's most innovative energy company, credited with inventing the first online trading platform — shifted focus from delivering value to customers toward managing its stock price quarter by quarter. When bad deals were made, losses were hidden from investors rather than disclosed. Once investors lost trust, they withdrew capital and the company collapsed, destroying the retirements and livelihoods of thousands of employees who had nothing to do with the fraud. The lesson: hiding a problem is almost always worse than the problem itself.

Types of Risk Across the Value Chain

Risk in the natural gas industry falls into several distinct categories, each requiring different mitigation strategies.

Operational Risk

Operational risk is the risk of mistakes and/or fraud resulting in financial exposure. It has two distinct dimensions:

  • Field operations risk: Physical accidents at pipelines, processing plants, compressor stations, or storage facilities. Companies invest heavily in safety training, awards programs for injury-free periods, and strict field protocols. Workers in these environments live in the same communities where infrastructure is located — they have strong personal incentives to operate safely.
  • Business operations risk (also called transactional risk): Fraud, mistakes, or irregularities in the buying, selling, scheduling, and confirming of deals. Examples include:
    • Trader relationship risk: When a trader builds a close personal relationship with a counterparty trader (through dinners, sporting events, entertainment), there is a risk that favorable treatment — lower prices, special terms — is extended at the company's expense. This was mitigated by the introduction of online blind trading platforms (like ICE) where traders cannot see who they are trading with; they trade purely on price and location.
    • Transaction confirmation risk: Deals made by phone could be misrepresented. If Trader A at Company 1 agreed to sell gas at $2.55 but recorded it as $1.55, the difference could be skimmed. The solution was the confirmation desk — an independent internal team that contacts the counterparty's own control person to verify the terms of every deal. This requires at least four people to collude for fraud to succeed, greatly reducing the risk.
    • Online trading / Black Book risk: Before online platforms, traders derived power from personal relationships — their "black book" of contacts. When a trader left, they took those relationships with them. Online platforms transferred that power back to the company; any trader can execute on the platform regardless of personal connections.
    • Scheduling and storage mistakes: Every unit of gas purchased must be accounted for — sent to storage, sold, or balanced through pipeline nominations. A company that buys one million units must be able to explain what happened to every unit. If 100,000 units are unaccounted for at $3/unit, that is a $300,000 loss.

Financial Risk

Financial risk is the risk of financial exposure due to market price fluctuation. Key concerns include:

  • Protecting against rising purchase costs or falling sales prices
  • Locking in margins through hedging instruments
  • Mark-to-market (MtM) daily tracking to project future financial exposure

Credit Risk

Credit risk is the risk of non-performance of financial commitments — i.e., the risk that someone who owes you money will not pay.

  • Credit limits (receivables): Before selling large quantities of gas to a customer on net-25-day terms, a company should assess whether that customer can actually pay. If a customer is near bankruptcy, selling them $3 million of gas on credit is extremely risky.
  • Liquidity limits (payables): This is the mirror image — the credit your vendors extend to you, and your exposure to vendor failure. If a pipeline you rely on for transportation goes bankrupt, your gas cannot reach your customer. If a key gas supplier closes in 10 days, you cannot fulfill customer commitments.
    • Important distinction: A credit limit is what you extend to your customers (a receivable to you). A liquidity limit is what your vendors extend to you (a payable from you). The term "credit card" is actually a misnomer from the cardholder's perspective — it is a liquidity limit to the cardholder and a credit limit to the issuer.

Other Risk Types

  • Technology risk: Cyber attacks, system outages, and data corruption. Companies must have backup systems, offsite data storage (e.g., Iron Mountain vaults), redundant communication channels, and documented recovery plans. A well-prepared company can restore full operations within 24 hours of a cyber attack; unprepared companies may be down for weeks or pay ransoms. Mitigation strategies include multi-factor authentication, 16-character passwords, third-party security monitoring, and regular encrypted backups.
  • Security risk: Ongoing attempts to breach systems, whether for data theft, ransomware, or disruption.
  • Data risk: Loss of historical transaction data can cripple operations and damage client relationships. Best practice includes nightly backups and weekly offsite archival.
  • Environmental risk: Physical and regulatory exposure related to environmental incidents at field locations.

Financial Hedging: Protecting Margins Against Price Fluctuation

One of the most important financial risk tools in the natural gas industry is the financial hedge — conceptually equivalent to an insurance policy on your price exposure.

The Core Problem: Price Exposure

Consider a simple transaction:

  • You buy 10,300 units of gas at $3.00/unit → Cost: $30,900
  • You pay transport for 10,000 delivered units at $0.15/unit → Cost: $1,500
  • You lose 300 units to fuel (also at $3.00) → Cost: $900 (included in purchase)
  • Total investment: ~$32,400
  • You sell 10,000 units to your customer at a fixed price of $3.55/unit → Revenue: $35,500
  • Expected margin: ~$3,100

The problem: your purchase price may float with the daily market (Gas Daily or first-of-month index), while your sales price may be fixed by contract. If the market price rises from $3.00 to $5.00:

Scenario Purchase Cost Revenue Margin
Price stays at $3.00 $30,900 $35,500 +$3,100
Price rises to $3.50 $36,050 $35,500 -$550 (loss)
Price rises to $5.00 $51,500 $35,500 -$17,000 (large loss)
Price falls to $2.75 $28,325 $35,500 +$7,175 (gain)

How a Hedge Works

A financial hedge involves contracting with a third party (a bank, hedge fund, or futures market participant) who agrees to pay you the delta (difference) if the price moves against you — in exchange for you paying them the delta if it moves in your favor.

  • If price rises to $3.50 → hedge counterparty sends you the difference (~$5,150), restoring your $3,100 margin
  • If price falls to $2.75 → you are profitable on the physical deal, but you must send the windfall gain (~$2,575) to your hedge counterparty
  • Result: you always make approximately what you expected when you entered the hedge — no more, no less. This is called being "flat."

This applies to both commodity price risk (price of gas) and basis risk (transport cost fluctuation). If a pipeline goes down and interruptible transport spikes from $0.15 to $0.95/unit, a transport hedge ("basis hedge") would make the hedging counterparty send you the incremental cost difference.

Why Companies Hedge

Companies hedge to protect their margins, not to speculate. Key points:

  • Not hedging is itself a position — a bet that prices will move favorably. "We don't take positions" means nothing if you have open price exposure.
  • Most companies do not hedge 100% of their book. A company might hedge 70% and leave 30% open to capture potential upside, while limiting downside risk.
  • Corporate risk sensitivity determines how much open (unhedged) exposure a company's leadership is willing to tolerate.

Hedge instruments are complex in practice — there are callers, Gas Daily indices, first-of-month indices, European-style and American-style options, regional basis swaps, and more. But the underlying principle is always: either you collect the price difference from your counterparty, or you pay it to them.

Mark-to-Market Reporting

Mark-to-market (MtM) reporting is a forward-looking financial assessment tool that estimates future financial performance by applying current price curves (expert projections of future market prices) to existing open positions.

It answers the question: If we closed our business today and settled all future obligations at current market prices, what would we owe, and what would be owed to us?

MtM complements the two traditional financial statements:

  • Balance Sheet: A snapshot of financial position today — assets, liabilities, receivables, payables, equipment, cash. Like a doctor's appointment: "How are you right now?"
  • Income Statement: Historical performance over a period — profit and loss. Like asking: "Have you been eating right and exercising for the past three months?"
  • Mark-to-Market: Forward-looking projection. Like knowing a patient looks healthy today but has a condition that will require major surgery in 10 months. Investors need this view to make informed decisions.
  • Cash Flow Statement: Current and projected cash position.

MtM reports are run daily, applying updated forward price curves to all open physical and financial positions. Some companies hold hedged positions 20 years into the future, and MtM gives management and investors a daily view of projected gains and losses across that entire horizon.

The Middle Office: Controls and Compliance

Structure: Front, Middle, and Back Office

The front office is where all business activity originates:

  • Physical trades (buy/sell gas)
  • Financial trades (hedges, futures)
  • Scheduling, nominations, storage
  • Deal capture, ICE/Platts data uploads, confirmations

The back office is where financial settlement occurs:

  • Invoicing and payment
  • Accounts receivable collection
  • Accounts payable disbursement
  • Financial statement preparation

The middle office sits between them as a control barrier — a "sieve" that catches anything that does not look correct (an anomaly) before it reaches the financial statements. An anomaly is not necessarily an error or fraud — it is simply something that warrants investigation before proceeding.

The Four Roles in Controls and Compliance

1. Auditors' Role Auditors — both internal and external — ensure that controls are designed and functioning. Following the Sarbanes-Oxley framework, controls must be:

  • Detective: Identify problems that have already occurred
  • Corrective: Implement solutions to identified problems
  • Preventive: Deter problems from occurring in the first place
  • GAAP-compliant: Adhere to Generally Accepted Accounting Principles

Types of audits:

  • Internal audits: Ongoing daily/weekly/monthly checks by in-house staff against established control checklists
  • External audits: Independent third-party auditors (e.g., Grant Thornton) who provide impartial validation twice a year, producing audit reports shared with customers and investors
  • Jurisdictional audits: State and regional audits required by bodies like the Texas Railroad Commission or the public utility commissions of Maryland, Virginia, and Washington D.C.
  • Governmental audits: Federal-level oversight, such as FERC compliance reviews

Best practice: Auditors should work with management collaboratively — not pursue "gotcha" moments. When an issue is found, the auditor and the responsible manager should bring the problem and the solution together to senior management.

2. Management's Role Management must:

  • Continuously monitor and enforce controls
  • Ensure staff awareness through meetings, directives, and mandatory participation
  • Be open and transparent — never hide problems from senior leadership
  • Ensure that when a problem occurs, it is reported with the problem description, an explanation of how it happened, and at least three proposed solutions

Types of controls management enforces:

  • Volumetric balancing: Every unit purchased must be accounted for daily
  • Pricing validations: Flagging trades outside regional price norms (e.g., buying gas at $5 when everyone else in the region is paying $3)
  • Required information controls: System prevents saving a transaction without all mandatory fields populated
  • Credit/liquidity limit adherence: Reporting (not blocking) when traders exceed authorized limits
  • Forecast vs. actuals review: Comparing expected performance to actual results for ongoing planning improvement

3. Technology's Role Technology provides:

  • Automated detection: Computers check all trades instantly against configured rules without fatigue
  • End-to-end confirmation tracking: Every trade gets a unique confirmation number (analogous to a Social Security number) that follows the transaction from deal capture through scheduling, invoicing, and payment
  • Audit trails: Any change to a field (e.g., price, volume) triggers a system prompt requiring a reason, and the actual change is logged regardless of the stated reason — so false explanations can be identified
  • Technology monitoring technology: Automated alerts when data feeds go down, reports fail to run, or system components malfunction
  • Credit limit monitoring: Real-time tracking of trader exposure against authorized limits

Caution: Over-reliance on technology is itself a risk. Staff should understand how invoices are created, where data originates, and how processes work manually — not just how to click buttons. A system can send 500 correct invoices or 500 incorrect ones with equal speed.

4. Government's Role Government typically acts after a crisis rather than in anticipation of one. Key legislative responses to industry failures:

  • Sarbanes-Oxley Act (early 2000s, in response to Enron): Established personal criminal liability for corporate executives when financial statements contain misinformation — eliminating the defense of "I didn't know, ask the accountant." This single act caused the middle office to explode in size and funding, because executives who could face prison needed robust controls.

    • Framework: Detective → Corrective → Preventive

  • Dodd-Frank Act (2010, in response to the 2008 financial crisis): Addressed the daisy chain collapse in the mortgage-backed securities and financial derivatives market. Financial institutions had insured each other's mortgage portfolios in circular chains — Institution A insured by B, B insured by C, C insured by D, D insured by A — so when the housing market collapsed, no one could actually pay. The government had to bail out the entire system. Dodd-Frank requires all parties doing financial hedges to report transaction details (who, what, when, why) to a central platform (ICE) so regulators can detect circular exposure chains before they cause systemic collapse.

Back Office: Accounting and Settlement

The Seamless End-to-End Process

A core design principle of modern ETRM systems is that operational transactions automatically flow to accounting — the same deal data that drives scheduling and nominations also drives invoicing, payment, and financial reporting, eliminating manual re-entry and the associated error risk.

Key Financial Statements

Statement Time Orientation What It Shows
Balance Sheet Present ("today") Assets, liabilities, equity — current financial position
Income Statement Past (historical period) Revenue, expenses, profit/loss over a period
Cash Flow Statement Present + Future Cash position and forecast
Mark-to-Market Future (forward-looking) Projected financial outcome of open positions
Prior Period Adjustments Reconciliation True-up of current month against prior period actuals

Accounts Payable Structure

  • Commodity charges (AP): Gas purchases, transport commodity, processing, storage commodity — all tied to deal capture volumes
  • Demand charges (AP): Fixed monthly costs for transport reservation, storage reservation, and purchase demand

Accounts Receivable Structure

  • Gas sales revenues: Physical gas sold to customers
  • Liquid sales revenues: NGL and liquid product sales

Affected Stakeholders for Financial Reporting

  • Internal staff and management (operational decisions)
  • Stockholders, investors, and lenders (capital allocation)
  • Potential investors and lenders (due diligence)
  • Trading partners, suppliers, and customers (counterparty risk assessment)

Ready to test your knowledge?

Module 12 quiz — ~10 min

W

Wolfie LEARN

Module 12