Washington, 22 January 2011

North American carbon markets are taking measures to avoid the theft that hit the EU ETS this week. Regulators and administrators of the Western Climate Initiative (WCI) and the Regional Greenhouse Gas Initiative (RGGI) said they’ve been monitoring the widespread theft of EU allowances (EUAs) that shook the European carbon market.

On Tuesday Czech firm Blackstone said almost €7 million worth of permits were stolen from its account and the Austrian government said it was also missing permits.

By Wednesday, the European commission had suspended the transfer of carbon units between member states for at least a week as several accounts reported being under attack and confirmed that up to 2 million permits, worth almost €30 million, may be missing.

The incidents raised concerns across the Atlantic, where state regulators are preparing to launch a multi-sector carbon market in the west and ensure the smooth operation of one in the east.

“We have been following this and will obviously take steps to address any similar risks or threats to the WCI system,” said Jim Whitestone, an Ontario air regulator who chairs the markets working group of the WCI.

He added that WCI officials have also consulted with their respective local authorities “to ensure proper oversight of the market and monitoring of any criminal activities including fraud and theft”.

WCI

The WCI, a cap-and-trade programme for 10 western US states and Canadian provinces, plans to launch emissions trading in January 2012.

Local officials will work throughout the year to set up the nuts and bolts of economy-wide trading scheme, including measures to ensure the secure transfer of allowances between accounts.

So far, California and four Canadian provinces are poised to participate in the WCI. On its own, California would be the second largest carbon market in the world behind Europe.

California regulators are also working on the fine details of their own state cap-and-trade scheme, which will be linked to the WCI.

“We will develop a rigorous approach toward security for the reporting and other market-related websites that matches current industry standards,” said Stanley Young, spokesman for California’s Air Resources Board (Carb).

RGGI

In the east, the RGGI market has operated without any major security or technical blips since the start of trading in 2009, but a programme official said the EU carbon thefts are a reminder of the vulnerability of online transactions.

“Given the current news reports we have asked to take a comprehensive review of security measures,” said Jonathan Schrag, executive director of RGGI Inc.

He added that there have been no reports of security breaches in RGGI’s allowance tracking system, known as RGGI coats, and that officials “closely monitor our own security”.

Officials in California have yet to select a system to track allowances.

Last June, Carb issued a request for information on what the California cap-and-trade system’s market tracking system should look like and what kind of security it should provide.

Anomalies

One of the respondents, the Green Exchange, recommended that California select only one market tracking system to avoid the “market anomalies” that occurred in Europe through the existence of multiple allowance registries.

RGGI only uses one registry to track allowance transactions, and California/the WCI is also expected to use a single transactional registry.

One of the causes behind Europe’s security breach is that registries are spread across different countries in the EU ETS, said Richard Barber, chief technical officer at Carbonflow, a San Francisco-based firm that develops software for the carbon market.

“With the EU, what you are seeing is a fragmented situation when there should be one registry for all EU allowances,” he said, noting that security standards vary widely from country to country.

He added that while EUA thieves can see the value of the stolen allowances – the 2 million stolen permits are worth almost €30 million – certain countries may not have understood their value, making them more lax in their enforcement.

“Countries may not value the registries as sufficiently valuable,” he said.

In California, Barber said that state regulators can learn from Europe’s mistakes and tap into a homegrown pool of online security experts.

“California is clearly a tech-aware state and I think that Carb is much more aware of technology than the people who have been raided,” he said.

“Carb will be ready to source expertise from Silicon Valley and be mindful of building a system that is secure,” he said.

Ends --

By Valerie Volcovici and Rory Carroll.

www.pointcarbon.com