“High-integrity carbon credits can unlock urgently needed finance to reduce and remove billions of tonnes of emissions,” the Integrity Council for the Voluntary Carbon Market (ICVCM) says on its website.

The ICVCM’s Core Carbon Principles (CCPs) provide a standard against which carbon-crediting programs and carbon credits can be evaluated. The ICVCM’s labelling initiative will provide an independent certification of the quality for voluntary carbon credits that meet the required standards.

Although media critiques of voluntary carbon markets have focused on emissions impact of projects for which voluntary carbon credits have been issued, this is only part of the CCPs, which also cover governance and sustainable development. The CCP on “Tracking” requires that carbon-crediting programs “operate or make use of a registry to uniquely identify, record and track mitigation activities and carbon credits issued to ensure credits can be identified securely and unambiguously.”

The Assessment Criteria for this CCP largely adopt the requirements developed by the International Civil Aviation Organization (ICAO) for its CORSIA programme. These requirements include that “the registry is secure (i.e., robust security provisions are in place).” 

The importance of robust registry security to carbon markets cannot be overstated. The role of registries in maintaining records of voluntary credits is akin to that of central securities depositaries (CSDs), securities custodians or banks. The success of any attempt to increase confidence in these markets depends on the safety and security of the registries. 

The effect of security breaches on carbon markets was shown in January 2011 by the cyberattacks on several national emissions registries within the EU Emissions Trading System (EU ETS). The cyberattacks followed an earlier scandal concerning the EU ETS for VAT carousel fraud and enabled the fraudulent transfer of some 2 million allowances. In the near term following the breaches, the European Commission suspended transactions in all registries until member states met much more rigorous IT security requirements. In the longer term, the incident profoundly shaped the EU ETS, resulting in:

• Replacement of national registries with a single EU registry using a single IT platform, albeit with sections administered by different member states;
• Stricter KYC standards for persons opening registry accounts; and
• New regulatory powers to police the EU ETS.

The perceived weaknesses of the EU ETS as revealed by the cyberattacks were perhaps also influential in reducing opposition to the inclusion of EU emissions allowances as financial instruments within the scope of the EU’s Markets in Financial Instruments Directive. 

While other macro reasons accounted for much of the lack of activity and low prices in the EU ETS in the early 2010s, there can be little doubt the cyberattacks reduced market confidence. For a compliance market such as the EU ETS, a lack of confidence is not necessarily fatal as those subject to the scheme will still need to use it. But maintaining confidence in the security of the relevant registry is vital for confidence in individual voluntary schemes, and potentially for voluntary carbon markets as whole.