EU Needs Quick Action on New CO2 Fraud, Barclays Says (Update1)

Feb. 5 (Bloomberg) -- European regulators need to take “decisive action” after a new round of fraud tainted the world’s biggest emissions market, according to the head of carbon trading at Barclays Capital.

Germany’s Federal Environment Agency said Feb. 3 that about 250,000 CO2 allowances with a market value of 3.2 million euros ($4.4 million) were improperly transferred after cyber attacks. The “phishing” incidents on Jan. 28, with fraudsters impersonating regulators to steal passwords, comes after Europe lost a total of 5 billion euros in revenue for the 18 months ending in December 2009 because of value-added tax fraud in the CO2 market, according to Europol, the law enforcement agency.

“Without consistent and decisive action by the European Union, the world’s flagship carbon market will become mired in fraudulent activity,” Louis Redshaw, managing director at the investment-bank unit of Barclays Plc, said in a phone interview.

The European Commission plans to prepare revised Internet- security guidelines following the cyber attacks last week on carbon account holders in the continent’s registries, according to an e-mailed statement yesterday. The statement didn’t say when the guidelines would be prepared. Carbon trading volumes on the BlueNext spot exchange in Paris dropped to 424,000 metric tons on Feb. 3 following revelation of the latest fraud. That’s the lowest since Dec. 28.

‘Integrity of the Market’

“The integrity of the market is of utmost importance to us,” said Keiron Allen, BlueNext spokesman. “All effort should be made to prevent this from happening again.”

Account holders at national CO2 registries, which keep track of who owns EU allowances, should have to disclose as much information as required for a bank account “as a bare minimum,” Redshaw said. “Why wouldn’t registries do know-your- customer security checks for an account that can hold millions of euros worth of allowances?”

Germany said the permits stolen last week were transferred to accounts in Denmark and the U.K. Some of the stolen allowances have been traded back into “a great number” of the nation’s registry accounts, said Hans-Juergen Nantke, head of the German Emissions Trading Authority (DEHSt) at the Federal Environment Agency. “We found one transaction to a U.K. account,” he said today by phone.

Germany is still determining how to return the permits, which each have a serial number, Nantke said. It is also working out how to compensate buyers of stolen allowances. “Stolen goods have to be given back,” he said.

$110 Fee

The cost to set up a registry account in Denmark, for instance, is 600 krone ($110), and there also is an annual fee of the same amount, according to the Web site of the Danish Energy Agency. People applying for an account need to supply “up-to-date and usable addresses, telephone numbers and e-mail addresses of the primary and secondary account holders as well as of the company,” it says.

Regulators should also consider requiring that account holders come from certain industries or abide by existing regulatory structures, such as Financial Services Authority in the U.K., Redshaw said.

“The problem of money laundering, the problem of fraud and the problem of theft is the result of lax security,” Redshaw said.

Germany reopened its carbon-dioxide registry yesterday after closing it Jan. 29 in response to the attacks, the country’s DEHSt emissions office said.

The Czech Republic will reopen its carbon-dioxide registry after it finishes an assessment of damages from the multi-nation attack, the Environment Ministry said.

“We have certainly detected damage, but we are not yet sure how big it is,” said Petra Roubickova, a spokeswoman for the ministry, in an e-mailed statement yesterday.

To contact the reporter on this story: Mathew Carr in London at m.carr@bloomberg.net