On January 19, 2011, following a series of cyber attacks the preceding week on a number of national emissions registries, in particular those of Austria, the Czech Republic, Estonia, Greece, and Poland, the European Commission suspended transactions in all registries within the European Union's Emission Trading System ("EU ETS").
An estimated €30 million ($41 million) worth of European Union carbon emission allowances, known as EUAs, were stolen in January, when criminals fraudulently transferred around two millions EUAs, which were then swiftly sold on the spot market and dispatched in multiple accounts in several EU jurisdictions. The thefts were apparently the result of computer hacking ("Trojan attacks") and theft of passwords ("phishing"), all facilitated by somewhat light identification requirements for market participants.
A phased resumption of trading on the registries has occurred, allowing countries meeting IT security criteria (similar to those mandated for other sensitive IT systems such as electronic banking) set by the Commission to resume operation, while other countries remain suspended until further notice. As of April 20, 2011, 28 European national registries had resumed normal operations.
In response to the Commission's suspension of transactions in the registries, many stakeholders, such as the European Federation of Energy Traders and the International Emissions Trading Association, requested a complete explanation of what had happened and detailed plans to prevent further circulation of stolen EUAs, together with a list of alleged and confirmed stolen EUAs. In the absence of such list, market participants would be exposed to significant and continuing uncertainty when acquiring EUAs on the spot market.
The Commission's draft communication, entitled "Towards an enhanced market oversight framework for the EU Emissions Trading Scheme," and related discussion papers address approaches to enhance market security. On February 23, 2011, the Commission declared that it would propose amendments to Regulation (EC) No. 994/2008, governing the carbon trading registries in the European Union, to respond to the recent thefts, and it held a "stakeholders' meeting" on March 15, 2011 to discuss the matter. The EC has also declared that it is contemplating use of a delivery delay mechanism for the transfer of EUAs, to increase the likelihood of stopping fraudulent transfers before they are completed. These issues will be discussed at the European Climate Change Programme stakeholders' meeting in May 2011.
While a portion of the stolen EUAs have been identified and returned to their legitimate owners, the majority are still missing and probably held by good-faith buyers who acquired them on the spot market. Market participants may well be tempted to carry on with business as usual, acquiring or transferring EUAs, possibly including contested EUAs. However, such activities would raise a risk of loss or liability because, as pointed out by the Commission, the recovery of stolen allowances is a matter of national law and enforceable on a jurisdiction-by-jurisdiction basis. Some EU countries treat the mere selling of stolen allowances as a potential criminal offense.
In addition, the legal remedies and actions available to a good-faith buyer of stolen EUAs in respect of the seller (in particular if such seller also purchased the EUAs in good faith) depend largely on the laws in the relevant jurisdiction. To address the problem of differing legal regimes, some market players are now requesting the establishment of a global compensation mechanism, so that those that purchase stolen EUAs in good faith can return them to the authorities for replacement EUAs or financial compensation. Various legal proceedings are said to have been started in relation to the thefts.
A list of contested EUAs has already been published by some exchanges. Indeed, the recent Intercontinental Exchange ("ICE") Circular No. 11/038 of March 10, 2011 provides for new delivery procedures for EUAs and other carbon credits. Pursuant to this circular, ICE will maintain a list of serial numbers of "prohibited" carbon credits, "which are not acceptable for delivery." Transfer of such prohibited carbon credits will not discharge the transferor of its delivery obligations. The list of prohibited carbon credits, posted on the ICE Futures Europe web site, currently includes about three million EUAs. This blacklisting of allowances, however, raises a number of stakeholder concerns, including the need to define how allowances will be deemed to have been stolen and determining who should be liable for losses incurred due to erroneous or falsified disclosure of contested serial numbers.
Certain trading associations, including the International Swap and Derivatives Association, the European Federation of Energy Traders, and the International Emissions Trading Association, also plan to combine and harmonize their efforts to address the risks associated with stolen allowances by amending their standard form emissions trading documentation. These, and the other efforts described above, will bear watching.