Escolar Documentos
Profissional Documentos
Cultura Documentos
Key messages
4. Does not support anonymized transactions unless the legal status of an allegedly stolen
emission allowance is clarified EU-wide, and a notification process, a freezing
mechanism and compensation procedures for victims of the theft are in place. Non-
disclosure would also prevent market participants from doing compulsory reporting.
5. Consider that certain aspects related to registry security such as who is entitled to
participate in this market should be part of the review of market oversight rules.
6. Build up of user forum working towards implementation of safe and functional EU ETS
infrastructure. Representation should be self selected by various relevant business
groupings.
1 1
IETA is the leading voice of the international business community on the subject of emissions trading with over 160
member companies from across the carbon cycle. IETA supports efforts to address the pressing environmental
challenge of climate change, and is dedicated to the establishment of environmentally effective market-based
emissions trading systems that generate reductions at least cost to the community. For more information:
www.ieta.org
24, Rue Merle d’Aubigné Boite 27 1730 Rhode Island Ave., NW, 100 King Street West, Suite
Geneva, 1207, Switzerland Rue de la Loi 235 Suite 802, Washington, DC 5700, Toronto, Ontario
Tel: +41 (22) 737 0500 Brussels, 1040, Belgium 20036 USA M5X 1C7, Canada
Tel: +32 (0)22 30 11 60 Tel: +1 (202) 629-5980 Tel. +1 (416) 913 0135
Reg. 0889.072.702
Urgent measures
Following the stakeholder meeting on registry security on 15 March, IETA thanks the
Commission for the opportunity to provide comments on the revision of the registry regulation.
Measures proposed at the ECCP stakeholder meeting on 15th March mainly targeted security
improvements on the functioning of the Union registry, to be implemented in 2012. While these
are welcome, IETA is also concerned that more immediate steps are needed to help the market
return to a more normal situation and to restore confidence that the problems which have
paralysed the spot market are being appropriately addressed. This means first and foremost,
enhancing security levels across all registries and to get them operate at the commercial
standards that would adequately protect the value at stake:2
♦ Fast notice: Establish emergency notification protocols allowing companies to notify a theft
instantly by submitting an online form to national authorities and registry operators
available from the CITL. Introduce a telephone hotline operating during trading hours for all
registries and at EU level. Publish registry trading hours with details of national holidays.
♦ Clean up and monitor: Require registries to run detailed Know-Your Customer (KYC) checks
on all existing and new registry accounts within 60 days and copy the Danish Registry
example of asking for motivations for holding accounts and involve anti-crime authorities in
the process. Clarify practical implementation difficulties (‘tipping off’) in registry regulation
for how national registries can deny or suspend accounts3 to those that do not pass the KYC
process. KYC processes should be designed as per Anti Money Laundering standards.
2
That will entail significant ramping up of resources in certain registries and as part of this dearly needed effort could
imply a review of registries’ fees arrangements towards adequate but moderate levels. See annex 1 for the current
fee structure on EU ETS registries.
3
An appeal route is however required, in particular if new processes are implemented which restrict access to certain
accounts. The appeal mechanism foreseen in the registry regulation will need to deal with such cases.
2
♦ Clarify and take responsibilities: There should be a clear obligation on registries to undergo
annual audits to certify the appropriateness of security levels and the way KYC checking is
organized and implemented. The Commission should mandate an independent auditor to
review all the annual registry audits and publish a public report. Where a registry has not
performed appropriate KYC checks and/or security requirements are not met, the registry
subject to the theft and the registry receiving the fraudulent transaction must be held liable
for the consequences of any unlawful transfers (where the end user has taken necessary
precautions). Companies also have a duty to enhance internal security procedures, regularly
check their accounts, have traders trained in doing KYC checks on counterparties and
regularly change passwords. But not all the risk can be borne by companies. Registry
operators should issue best practice guidance to account holders.
♦ Claims: If the market was to return back to normal, the legal character of an EUA cannot
remain further unaddressed. Achieving consistency across Member States is vital for the
future of this market and must be addressed in parallel before the end of phase 2. IETA also
proposes to discuss the introduction in the registry regulation of unified title transfer rules
specifically for EUA trading. Such rules might facilitate taking ownership and trading of
carbon allowances in good faith (see section IV.1). This remains an issue of vital importance
for the future of this market and must be addressed in parallel, through issuance of an EU
decision before the end of phase 2. Given the intricacies, IETA calls upon the Commission to
immediately investigate these possibilities and discuss with lawyers from different
jurisdictions to pool views about what can be done to improve matters.
Many of these points could not be addressed in full length during the stakeholder meeting. IETA
therefore repeats its suggestion that, following this first very successful exchange of views, the
Commission in conjunction with main European business and trade associations should set up a
permanent user forum on registry questions. Such fora exist at national level but not in all
Member States. The exchange of information and consultation of market participants should
not be kept to national fora only. This EU ETS forum would consist of a group of experts
including business representatives, Commission and Member States officials that would work on
enhancing user features in the registries and would allow ‘market testing’ for any new concepts
before putting them to use. This forum could also provide support in training national registry
operators in better monitoring and flagging unusual transactions. Minutes of forum meetings
should be published along the lines for minutes of the Climate Change Committee meetings.
3
Comments on Commission Proposals
I. Introductory comments
The theft of allowances has deeply affected confidence and liquidity in the EU ETS, undermining
market functioning not only in the spot market but also in derivatives markets. One can already
observe that companies that provide liquidity, but that are market participants for financial
rather than for compliance purposes, are having second thoughts about their involvement in
this type of activity. Such involvement has been a crucial factor supporting the successful
development of the ETS and is dearly needed as the market enters its third trading phase and
their withdrawal could come at a significant cost to the remainder of the market.
This is why IETA is supporting measures in this paper which might have not received approval
across the membership just a couple of months ago, as they change the fundamental nature of
this market and add regulatory layers that might not have been necessary if security was
maintained at adequate levels across all registries. IETA will monitor the situation and upon
implementation of the Union registry reassess the conditions needed to ensure a good market
functioning.
IETA considers that the Commission and the Member States as the “owners of the ETS” must
ensure the full security for an industry operator’s assets and provide compensation for losses
incurred as a consequence of an insecure operating system, given due diligence on the side of
the affected operator. In the same way, if a party can demonstrate it was in compliance with
reasonable and proportionate KYC requirements and due diligence checks and, through no fault
of its own, now holds potentially stolen allowances, there needs to be a swift remedy to the
situation including compensatory measures. An option for setting up compensation schemes is
further elaborated in this paper (see section IV.3).
IETA would like to emphasize that no single measure is sufficient by itself and the
effectiveness of individual measures will depend on how they interact with other measures.
Thus the following comments cannot be seen in isolation, as they are intrinsically linked. For
instance, the publication of a central list of ‘allegedly’ stolen allowances also requires
establishing a process on how to reliably but efficiently update such a list, a registry telephone
hotline, details on opening hours, and procedures for reporting a theft.
Moreover, it is important to consider that certain aspects related to registry security such as
who is entitled to participate in this market should be part of the forthcoming review of market
oversight rules for the EU ETS. This is meant to encompass both the auctioning and trade of
emission allowances.
4
1. Make it more difficult to steal allowances if and when security has been breached
allowing accounts to be accessed fraudulently.
2. Make it more difficult to quickly transfer/launder the stolen allowances.
IETA supports the introduction of differentiated account categories or security tiers, based on
certain conditions, as set out below. IETA believes it is very important that in creating such
categories, we do not inadvertently restrict access by any party with a legitimate interest in
trading allowances.
To further reinforce the barriers to entry by fraudsters, separate “out of band” confirmation
system (such as SMS/ TAN message or e-token confirmation) for transfer proposals must be set-
up for all accounts. Processing transfers via two independent communications systems adds a
significant entry-barrier for cyber fraudsters as they would need to gain physical access to the
separate confirmation system i.e. the mobile phones or e-tokens of account operators.
• How many different account categories should be created and under what conditions
should more flexible account categories be allowed?
4
However, a process needs to be set up allowing prompt removal of accounts should information be received which
might indicate a change in status of a previously « approved » account, for example on the basis of SMS/TAN or e-
token confirmation and 2-persons authorization. Adding accounts should only be possible by written procedure and
co-signed by the two authorized representatives, followed by request for confirmation by registry authorities.
5
To be eligible to a flexible account, a participant must demonstrate that it meets the predefined
set of criteria of a standardised, unified KYC process through a Commission accredited auditor
resembling the Anti Money-Laundering recommendations published by almost all national
financial regulators (see annex 2 for some non exhaustive examples for KYC processes). The
assessment against such criteria could for instance include some form of credit point system.
This combined with other measures should sufficiently mitigate the risk that holders of flexible
accounts may be involved in criminal activity. This mechanism would also require an appropriate
body to undertake the assessment or oversee assessments performed by specialised service
providers.
In terms of principles, where delivery delay is set, this should not affect compliance postings
(e.g. surrender and allocation of allowances). Moreover, there is no point in implementing a
delay as a stand-alone measure. It must come with (a) provision of information on the
transaction to the account holder via sms; (b) possibility for account holder to undo the
transaction before it is completed. We would like to see on the CITL an updated list of operating
hours of all registries and the hotline numbers to call in case of an emergency.
Members have different views on the appropriate length but, as an emergency measure, a 4
hour delay during operating hours5 could be sufficient, introduced right now in all registries
until establishment of the Union Registry, and then be reassessed. Longer delays would require
expensive changes to trading systems. While the transfer entering or exiting the exchange
settlement infrastructure would be subject to a delay (either handled by a general clearing
member (GCM), CCP or an exchange), no delay shall apply within it (illustration below):
But a delay mechanism only works if a company is also able to interfere and stop a transfer.
For this, each registry will need to provide a telephone hotline during operation hours. This does
not relieve registries of the obligation to introduce appropriate security levels both at registry
and company level and in particular, automatic and immediate notification of the account
holder via SMS that a transaction command has been made on their account.
The feasibility of non-delayed deliveries shall also be maintained for specific circumstances.
For instance, even though this is not the most common market practice, active market
participants need to stay able to adjust immediately their balance, for instance on exchange-set
5 Need for careful definition (does this relate to CET/GMT, and how deal with different national bank holidays).
6
and market-customary expiry dates of forward contracts6. A balance needs to be maintained
between preventing abuse of such opt-out and ensuring good market functioning.
• Do you support the discontinuation of displaying serial numbers in the single registry?
IETA does not support hiding of serial numbers, unless this would be combined with:
- legal clarification of status and transfer of title for EUAs with a view to allow for a bona
fide purchase of EUAs;
- freezing mechanism in CITL that would stop any transfer of allegedly stolen EUAs;
- compensation procedures for victims of the theft.
On the one side, we have seen that the display of serial numbers can lead to market
fragmentation when stolen allowances are put into circulation, e.g. while the theft has only
affected a very small number of allowances, this has fragmented the market – as
(a) their status is not clarified and unwitting recipients of allegedly stolen allowances run the risk
of suffering loss or, at worst, criminal liability arising from merely participating in the EU ETS as
some jurisdictions require disclosure of any potential trading irregularities.;
(b) there are moral and reputational aspects to using someone else’s stolen goods.
Yet the key problem in the proposed anonymization of serial numbers resides in the uncertain
legal situation regarding ownership of ‘allegedly’ stolen allowances. For instance under English
law, unless a product is a negotiated instrument, it is irrelevant whether you have transacted in
good faith: if the allowance is stolen, then you have no good title. As a result, in this
jurisdiction, hiding serial numbers may well be counterproductive: not only don’t you have good
title, but you cannot do anything to prevent delivery of allowances that are known to be under
investigation. In other words, the law does not protect you and you cannot protect yourself.
6Instant deliveries are also needed for reconciliation in cases the counterparty has not delivered, but onwards
delivery is due, one must purchase instantly replacement units to deliver on a supply contract. Otherwise there is a
high risk that this liability triggers down the supply chain and affects market liquidity.
7
At the same time, it may be easier to pursue the asset rather than the thief. Thieves are hard to
track down: while complicit accounts were opened to facilitate the laundering of proceeds, the
account holders disappeared. Yet the stolen allowances are visible throughout the laundering
chain. In previous fraud cases, companies that published stolen allowances had a much better
chance of recovering parts of the losses and gained much higher publicity, thereby accelerating
the judiciary procedures. If serial numbers are kept anonymous there should be clear timelines
for judiciary procedures in cases of theft, and obligatory instant sharing of the information with
policy and legal authorities across the EU through notification of Europol.
The introduction of a CITL check that would allow the freezing and recovery of allegedly stolen
allowances could prevent paralysis of the entire market (with or without visibility of serial
numbers). This mechanism could be activated on the basis of a request backed by a national
police report detailing the good grounds for belief that allowances had been stolen, see box 1
below. The CITL should automatically check EUAs proposed for transfer versus the current, CITL
administered, list of allegedly stolen allowances. However, there is also a need to ensure that
those that bought these EUAs in good faith are not disadvantaged but have speedy access to
redress.
1. A fraud victim would notify national registry operators of the loss through an emergency
notification protocol7 within 8-12 (operating/business) hours of the loss. In conjunction with
an instant sms notification system for accounting holders following execution of transaction
commands this, or a similar time delay, should be considered sufficient;
2. Registry operators to report serial numbers to CITL as stolen;
3. CITL to immediately block these from further transfers and inform all other national
registries by circulating the emergency notification protocol subject to a confidentiality
agreement about the identity of the (alleged) victim;
4. Effective blockage to take place within hours, not days;
5. Immediate information to the account holder who has allegedly stolen EUAs on its account
and request to provide evidence for due diligence process in acquiring allowances.
6. Fraud victim to provide within 5 working days a police report as sufficient evidence that it
has officially declared being the victim of theft.
7. Fraud victim to take full responsibility for false/ erroneous claim of stolen EUA (limited to
market price at time of call for blockage, no consequential losses). The CITL to publish all
successful applications to freeze allowances.
8.
7
The Commission and Member States need to develop a consistent set of emergency notification protocols and
enhance intervention capacity to prevent transfer of allowances in case emergency notifications are filed. These
would enable: (a) victims of an alleged incident of theft to immediately alert relevant EU ETS authorities; and (b)
those authorities to in turn notify market participants and the national registry administrators.
8
IV.3 Compensation
There are different options to ensure that compensation is addressing both the victim of the
theft and the last legitimate holder of the frozen allegedly stolen allowance. The proposal of a
mutual pool is just one of many options which might merit further exploring.
A “mutual pool” could be set up by the regulator through pooling national allocation of emission
allowances (Member States and Commission).
- Should the disclosure of the serial numbers of allegedly stolen allowances be permitted or
should such disclosure be ruled out?
IETA has identified risks and benefits to the disclosure of allegedly stolen allowances:
Benefits
The list is needed for good internal risk management. In the current situation of multiple lists
published by different market players, judiciary authorities might consider that anyone ought to
know and refrain from trading the allowances appearing on publicly accessible lists, but there is
no single central access point and the lists are clearly incomplete as one registry has not
published serial numbers. With a single centrally available list at hand, companies could isolate
allowances on separate account and trade remaining units of the block. This would tackle
liability issue and minimize revenue risks. Companies could build a reference to the list into
delivery contracts and accept to make good if such an allowance should be delivered. A
reference list would also enhance confidence in the filtering by exchanges. Several incomplete
lists are now circulating and used by market participants. Hence, a central would enhance
confidence and market liquidity.
Risks
A centrally published list creates problems for the good functioning of the market, leading to an
effective halt of transactions as liability risks are perceived to sharply increase. It does not help
to know the serial numbers of allegedly stolen allowances as companies cannot react to this
information. Companies can return stolen allowances to sender, but only under tedious
procedures: they must open a new account to isolate the units if these are part of a block.
9
Publication would undermine trust in the market and give a sense of false security. Finally, the
Commission has clarified in its Q&A that any allowance is good for compliance, publication of
such a list would go against this principle. But as outlined above, in some jurisdictions the
surrender of allegedly stolen allowances for compliance purposes carries legal risks.
IETA therefore invites the Commission and Member States to carefully assess both risks and
benefits to the publication of a centralized list. If a central list is published, this should be for a
limited time of for instance 6 months and/or until any new system (including freezing
mechanism, monitoring measures and compensatory procedures) are established.
The CITL website should include notice of a fresh theft as soon as an alert is sent by a national
registry operator to be refreshed every day at noon.
This is also in line with good practices for market-relevant information, which should be made
available in a centralized and transparent manner and in a comprehensive format accessible to
all market participants to avoid market distortions.
- Who should assume the legal responsibility for the correctness of the information
The fraud victim is to take full responsibility for false/ erroneous claim of stolen EUA (limited to
market price at time of call for blockage, with no consequential losses) or if they do not produce
the required national police report within 48 hours. Registries will have the legal responsibility if
they fail to inform the CITL of a newly reported theft within 1 hour. The CITL will be responsible
for updating its central list within 1 hour of being informed by a registry operator.
Such a central list will make it more difficult for fraudsters to monetize allowances. In the
absence of such steps, market participants will be exposed to significant and continuing
uncertainty when acquiring EUAs on the spot and forward/futures markets.
10
ANNEX 1 Fee structure in EU registries
Source: CITL website and information provided by IETA members
OHA = operator holding accounts, PHA = personal holding accounts
11
ANNEX 2
EXAMPLE 1
The process identifies and assesses the risks associated with a counterparty. The counterparty is
then assigned a risk rating (Low, Medium or High). The process is based on a ‘Balance of Risk’.
Each counterparty is assessed on the following basis:
The matrix is not definitive, there are certain special risk indicators that also need to be
considered:
High Risk counterparties are only approved in exceptional cases (unavoidable counterparty) and
subject to regular review and involvement of: Trading Desk, Credit, Regulation and Settlement.
Contracts may include additional risk mitigation clauses that allow: suspension of trading or
termination of contract. Additional trading limits and/or guidance may be put in place.
12
EXAMPLE 2:
Request to provide:
In addition to that the identity of primary and secondary account holders should be established
(unless this is already undertaken for the opening of an account with the registry, required as of
1 January 2012 in the currently applicable registry regulation).
13