The concept of cap and trade took another hit recently with disclosures that hackers had been able to get into the accounts of several holders of carbon emissions allowances in Europe and steal some of the account balance. This, along with the continued snowstorm in Washington, D.C. seems to fill those opposing a federal comprehensive cap and trade plan with glee.
While the issue of record setting snows in D.C. should be addressed with basic scientific education (trends and averages are not the same as one time events; snow often results from warmer temperatures, etc…) the issue of possible fraud in carbon trading systems deserves examination to see if there is such a systemic problem with cap and trade that it is more subject to fraud and manipulation than other markets.
The short answer to this question is “no.” The fraud perpetrated on the E.U. exchange was basic garden-variety thievery. Criminals got access to an asset (carbon credits) and stole them. This could (and has) happened with many assets, and is a risk of electronic records and trading. Does this mean that we should not be concerned or aware of the risks? Absolutely not. The one way that this can be attributed as uniquely related to the carbon market is that the entire trading system is new, and new systems present more opportunities for thievery, rent-seeking, and fraud. Clearly the security protocols on some of the E.U. country registries were not sufficiently strong or that market participants were not educated enough about the protocols of the exchanges to protect their security information from “phishing.” Luckily, the amounts in play were relatively small, they were quickly discovered, and this will provide lessons for future security upgrades.
We must pay particular attention to the systems that will track and verify offsets. Because of their complexity, offset assets may have more tracking “fields” than other commodities, i.e. there may be more variables associated with them that need to be monitored and tracked by regulators. This presents a challenge for software developers that is both related to human psychology and cyber security. With respect to human psychology, software developers will need to be aware of which of these variables is most important for buy and sell decisions and how such information can be easily displayed and understood. But software developers, and the regulators who are monitoring the markets, must also be aware that such complexity presents opportunities to break into systems un-noticed, or alter seemingly small pieces of data that could have a big impact on value and thus the markets.
For instance, if an offset’s electronic signature has 200 variable data points, and one of them, such as time of last verification, or compliance code of verifier, were to be illegally changed, this could disqualify the entire offset (or less likely add value). In turn, this now valueless offset could bring down the value of a derivate instrument that was based on the offset value.
How do regulators avoid these things? They can have alerts when entry fields are altered; they can have periodic notifications; rapid, computerized spot checking, etc…We know that the change of a decimal point in a bank account can impact value. We know that computers and programs can be hacked. We just need to be aware of these possibilities and appreciate the additional risks of larger data sets as we move forward.