A statement on the Commission’s website confirmed the registries were shut on January 19 for all activities except the allocation and surrender of allowances, and that they would remain shut until at least January 26.
Paris-based Bluenext, one of the biggest carbon exchanges in Europe, suspended all trade on Wednesday indefinitely, followed by London-based carbon trading hub ICE Futures Europe, which will close down until January 27.
The lockdown is a serious blow to the bloc’s already battered carbon trading scheme, following a long list of scandals that besieged the market since last year, such as carousel and value-added tax fraud and phishing scams where computer hackers acquired sensitive information from market participants.
Registries have been on alert since 1.6 million carbon permits went missing from the Romanian registry account of cement-maker Holcim in November last year. A virus named “Nimkey” was found stealing data from the computers of the account holders – a theft that cost Holcim 23.5 million euros in carbon credits.
The Austrian carbon registry was the earliest to be victimized in a series of cyber attacks targeting European carbon markets this year after hackers tried to gain access to its accounts. The registry closed its doors on January 10, informing investors to wait until January 21 for announcements regarding their investigations.
Four more European carbon trading registries in Czech Republic, Poland, Estonia and Greece also closed on January 19 just when news broke out that Blackstone Global Ventures, a Czech firm, reported the theft of 470,000 carbon permits.
The value of possible missing permits from all the registries are still unknown, but the Commission is more concerned of bringing security up to a level that would allow the registries to open once more. Minimum security measures are now being worked with national authorities along with the investigation.
The emissions trading scheme is a 92 billion euro global market that seeks to limit the carbon emissions of all big factories and power plants in the European Union. It does this by issuing permits for each ton of carbon emitted, which companies can then trade among themselves to meet emission reduction targets also set by the bloc.
Rules to combat cyber crime not enough
Kjersti Ulset, European Carbon Market manager at analyst firm Point Carbon, said to the New York Times more registries could be suspended if security loop holes are not addressed soon.
«Although such incidents are negligible in terms of actual market impact, they will over time undermine the credibility of carbon trading as a policy measure to reduce emissions in Europe,» he said. «Immediate actions to improve the security of E.U. registries are thus needed.
As early as 2009, the European Commission presented measures to fight fraud, specifically carousel fraud in carbon permits to regain the credibility of its emissions trading scheme ahead of the Copenhagen climate talks.
Carousel fraud occurs when a local company sells imported carbon credits to other domestic buyers and charges value-added tax. The fraudulent seller then disappears, along with the money that should be paid over to the tax authority.
The bloc even revised the registries that audit emissions permits under the European Union emissions trading scheme in February 2010 to enhance Internet security. The new rules were originally proposed by the Commission to prepare for the aviation sector’s entry into the scheme from 2012, which also included measures to combat fraud in the aftermath of recent cyber attacks on national registries back then.
The antifraud measures were expected to enter into force last summer after the approvals. However, most of the revisions will only start from 2012 onwards when the aviation sector starts trading emissions allowances.