Energy headlines this year have focused on the federal government’s regulatory roll back, as well as lawsuits challenging those decisions. As a result, energy executives have to monitor a dizzying array of developments, changes and threats in the compliance space.

Keeping track of these regulatory changes in energy is no small task. The Environmental Protection Agency recently proposed lifting some regulations on coal ash, the residue created after burning coal. And 22 states sued the EPA in August, alleging its repeal and replacement of carbon pollution regulation put in place under former President Barack Obama violated the Clean Air Act.

Later in August, the Department of Justice published a memo narrowing a regulatory enforcement tool called the Supplemental Environmental Project that was popular with enforcement officials and often came up in settlements with states or companies. Critics said SEPs directed money to unrelated third-parties.

Where the federal agencies are backing off, state agencies are moving in. California will require builders of most new homes and multi-family residences to include solar electrical systems starting in 2020, the first state in the nation to do so.

But regulatory scrutiny in the energy sector remains high following high-profile accidents, according to Deloitte. PG&E Corp, which owns Pacific Gas & Electric, caused a series of fires that ravaged parts of California, including the deadly Camp Fire in 2018. Pipelines belonging to other energy companies have exploded in landslides.

Although Deloitte didn’t mention individual companies or incidents, it says “such events are prompting regulators across North America to scrutinize the operational integrity management practices of the companies they oversee – causing them to question what is in place, whether it is sustainable, and if companies are adhering to their own stated practices and policies.”

Deloitte also says “regulatory compliance expectations are rising from every source – regulators, shareholders, boards of directors, executive leadership, counterparties, and even customers. In response, a growing number of companies are starting to take a close look at the lessons that can be learned from these events, whether or not they were directly involved. The main question they are asking themselves is: ‘Could it happen here?’”

Cybersecurity is another area of continued regulatory focus. Energy companies will need to address supply-chain related cybersecurity risks when NERC Standard CIP-013-1 goes into effect in July 2020.

“Many entities are also recognizing that their traditional governance and compliance functions are not adequate for today’s landscape,” Deloitte says. “Leading practices include the expansion of governance and compliance functions to explicitly focus on cybersecurity.”