Skip to content

Are you a victim of stolen carbon credits

12 April 2011

The EU carbon markets have faced harsh criticism after approximately €45m in carbon credit certificates were stolen from national registries in early 2011. The magnitude, coordination and sophistication of the attacks suggest that highly efficient criminals are cashing in on the lax regulation and security procedures governing the carbon markets.

Whilst the recent abuses of the markets have little to do with the underlying asset, carbon, and more to do with the general criminal elements, critics of the cap and trade have been keen to jump on the problem as further evidence of a system that needs overhaul.

The recent thefts have exposed serious security flaws in the national registries which hold the certificates and have resulted in many investors avoiding trading the spot carbon markets. As the laws governing the recovery of stolen credits and the consequences of acquiring those credits differs amongst Member States, investors and traders could unwittingly be party to criminal transactions as a result of the circulation of stolen carbon credits. The current state of affairs in the markets – and the hopes for the future – are addressed below.

The EU carbon markets

Under the Kyoto Protocol to the United Nations Framework Convention on Climate Change (the “Kyoto Protocol”), signatory states can utilise market-based mechanisms to meet their emissions reduction commitments. In response, the EU implemented the European Emissions Trading Scheme (the “EU ETS”), which is currently the world’s largest carbon trading market. The EU carbon market consists of spot and derivative markets, with the spot market accounting for 10 percent to 15 percent of carbon trading within the EU.

To prove compliance with the EU ETS emission reduction requirements, companies subject to the EU ETS must surrender carbon credits to their national registries. These credits are held as certificates in electronic form and can be transferred electronically amongst account holders and between registries. National registry rules in the 27 EU Member States, as well as Iceland, Norway and Liechtenstein, regulate how to open accounts, how to transfer credits from registry to registry or amongst account holders and how to track the ownership of permits. This results in a wide variety of regulation and differing levels of security for each registry.

Spate of thefts in 2011

Since January 2011, the EU carbon market has been disrupted as registries have been closed following a number of attacks by cyber hackers. A total of over 3 million carbon credits have been stolen from both governments and firms active in the EU ETS.

The first cyber-attack occurred on 10 January 2011, when 488,000 credits were reportedly stolen from an Austrian government account, forcing the Austrian national registry to close. On 18 January 2011, the national registries of Romania, Greece and the Czech Republic were targeted. Cyber thieves stole 1 million credits from the Romanian account of Holcim, a Swiss cement company, and 300,000 credits from Halyps, the Greek cement company. A further 1.3 million credits were stolen from the Czech registry operator, OTE, when their building was evacuated due to a bomb scare.

With the total number of stolen credits reaching 3.1 million and carrying a market value of approximately €45m, on 19 January 2011, the European Commission (“EC”) closed all national registries and suspended spot trading across the entire EU ETS. The EC allowed national registries to reopen intermittently after each registry proved compliance with certain minimum security requirements set by the EC.

Although the implications on the larger EU carbon market were minimal, given that the larger carbon derivatives market was unaffected, the psychological impact of the thefts in the spot market has been damaging for the carbon credit trading industry. The major fears currently facing market participants are how to recover stolen credits and how to avoid unwittingly buying stolen credits. These issues are further complicated by the fact that the law governing the consequences of holding a stolen credit, even if acquired in good faith, differs amongst Member States.

Impact on EU ETS participants of falling victim to carbon credit theft

Member States will be responsible for clarifying the status of the stolen credits in accordance with their domestic carbon legislation, including whether the original owner may recover the credits. The International Emissions Trading Association (“IETA”) has been pressing for clarification on this issue as criminal consequences may result from dealing in the stolen carbon credit certificates. For example, in the UK, criminal liability may attach to parties assisting with money laundering, handling stolen goods and participating in fraud.

At present, the EU lacks a publicly available method to track stolen or missing carbon credits, such as a hotline to immediately report discovery of a theft. Companies which establish that there has been a theft face a race against time to report it, with the odds favouring the thieves, as they should have no problem finding a buyer on one of Europe’s carbon exchanges and transfer of ownership can be quickly accomplished electronically. Unlike the market for bonds or securities (save for in some exceptional circumstances), there is no system of clearing houses for carbon credits on the spot market, and therefore no inquisition into the legal status of the credits or the vendor.

At present, companies that discover that they have been the subject of certificate thefts should inform carbon exchanges immediately. Companies can also publish the list of serial numbers for the stolen certificates on their company website. However, the certificates may well be long gone by the time these steps are taken. In response to the concerns around allegedly stolen carbon certificates, on 10 March 2011 ICE Futures Europe (“ICE”), the biggest energy exchange in Europe, restricted the type of permissible emissions instruments they would accept for all future delivery obligations under its emissions contracts. While actions such as those taken by ICE are a step in the right direction, a comprehensive overhaul of carbon market regulation at the EU level is required to prevent similar instances of theft moving forward.

The future (single registration)

Dialogue is currently taking place between market participants and the EC to explore the possibility that the EC can intervene to prevent the transfer of certificates where a proper emergency notification has been made. At present, the EU ETS legislation only permits the EC to suspend access to national registries if there is a security breach that threatens the integrity of the overall registries system. This position should, however, be re-visited to establish whether this interpretation is correct, and, if so, what changes to Commission Regulation (EC) No 994/2008 for a standardised and secured system of registries (the “Registries Regulation”) could be implemented to allow for such interventions to take place.

The major flaw in the EU ETS market as it currently operates, is the difference in the levels of security applicable to and the overall regulation of the individual national registries. For example, in early 2011, thefts took place in the Czech Republic, Poland, Greece, Estonia and Austria. Conversely, the UK is widely regarded as having one of the more secure national registries. Although spot trading was suspended until all national registries were able to provide the EC with an independent report confirming minimum security requirements are in place, the EC refused to publicly disclose the content of those minimum requirements. Traders should therefore be aware that divergences between some national registries are likely to remain. Further, traders attempting to locate missing carbon credit certificates, or to avoid purchasing stolen credits, must rely on national law and local law enforcement in the Member States.

The EC maintains the view that the divergences between national registries will be removed by the implementation of a single, central EU ETS register from 2013, whereby security measures will be centralised and orchestrated by the EC. However, many participants in the EU ETS market are lobbying for the single registration system to be implemented sooner than the 2013 deadline to prevent future instances of certificate theft. Other solutions put forward by industry participants include classifying carbon credits as financial instruments under the Market in Financial Instruments Directive (MiFID), subjecting the spot carbon markets to financial markets regulation, tightening the requirements for opening an account with a national registry, introducing a delivery delay mechanism and implementing “know your customer” regulations.

Whilst it is currently uncertain what regulatory solution will be embraced by the EC and the Member States, it is clear that robust reform at the EU and national level is required to restore confidence in the spot carbon market and the EU ETS in general. In the interim period, market participants, including authorised firms trading derivatives, are facing complex and difficult issues, such as the risk of being party to a criminal transaction. They are therefore advised to clarify the position with advisory firms and legal counsel as appropriate. HFW have a wide experience in advising on carbon related transactions including emissions trading, carbon finance, EU ETS compliance and developments in the regulatory framework affecting carbon markets post-2012.

For more information, please contact Andrew Williams, Associate, on +44 (0)20 7264 8364 or, or your usual contact at HFW.

Download Briefing

Download a PDF version of ‘Are you a victim of stolen carbon credits’