A divided Federal Energy Regulatory Commission approved Duke Energy Corp.'s request to continue including investments in a company cybersecurity program in an Allowance for Funds Used During Construction, or AFUDC, account despite objections from consumer advocates and Democratic FERC member Richard Glick.
In a 2-1 decision, FERC gave Duke permission to treat its cybersecurity program as a single project for calculating AFUDC based on Duke's assertion that the separate project components, including some that have already been completed, are interdependent and, therefore, will not be ready to enter service as a whole until the entire cybersecurity program is finished.
The commission permits jurisdictional companies such as Duke to recover the financing costs associated with new assets by accruing AFUDC as a construction cost. When the asset enters service, the cost of the construction and associated AFUDC is transferred from a construction "work in progress account" to a utility plant in service account. The company can then recover those costs through approved depreciation rates over the life of the asset and also earn a rate of return on the remaining undepreciated balance of the project through its rate base. The capitalization of the AFUDC funds continues until the project is fully completed.
The AFUDC rules have typically applied to more traditional utility projects, such as transmission lines, where some parts of a project are completed before the full asset enters service. But Duke asked that the policy apply to its cybersecurity program because some constituent hardware and software elements of the project would be deployed ahead of its overall completion. In total, Duke said it will make about $137 million in capital investments as part of the program in the next 36 to 42 months to address the growing threat of cyberattacks.
With its new order, FERC is "acknowledging the special circumstances that the new world of cybersecurity issues bring, and it's time to get some regulatory opportunities to Duke in order to make these investments," Commissioner Bernard McNamee said at the agency's open monthly meeting Dec. 19.
But fellow FERC member Glick dissented in the decision, saying the order would hurt ratepayers and go against the commission's policy of requiring investments to be shifted from the AFUDC account to a utility's rate base if a project has entered service.
"The consumers pay more money the longer the asset is in the AFUDC account as opposed to the rate base," Glick said at the meeting. "So I think ... we're creating some bad precedent here."
Consumer advocacy group Public Citizen lodged a protest against Duke's proposal, asserting that a relationship existed between Duke's accounting request and a record $10 million notice of penalty that the North American Electric Reliability Corp. levied against Duke for 127 alleged violations of critical infrastructure protection standards between 2015 and 2018.
Public Citizen also asked Duke to explain why ratepayers, rather than shareholders, should pay the costs of the cybersecurity program. Duke responded that its accounting proposal was not a request to implement a rate for cost recovery of the cybersecurity program and that the cost of the initiative, including any approved AFUDC, will be recovered through formula rates previously approved by FERC.
In its Dec. 19 order, FERC said the issues raised by Public Citizen were "beyond the scope" of the accounting proceeding and that the commission therefore "need not address them." (FERC docket AC19-75)