Introduction

The Central Electricity Regulatory Commission (CERC) has introduced draft guidelines for Virtual Power Purchase Agreements (VPPAs), aimed at enabling designated consumers such as DISCOMs and large corporates to meet their Renewable Consumption Obligations (RCO) through financial contracts. While the concept of VPPAs represents a modern, market-linked mechanism to encourage renewable energy investment and decarbonization, it also opens the door to potential misuse.

This article explores the risk of money laundering and fraud embedded in the current draft guidelines of VPPAs. It dissects the structural and regulatory gaps that create room for abuse and examines how weak enforcement, inadequate audit mechanisms, and opportunities for collusion between parties may undermine the integrity of the REC ecosystem.

Understanding VPPAs and Their Structure

A Virtual Power Purchase Agreement (VPPA) is a purely financial contract that facilitates renewable energy procurement without physical delivery of electricity. Under this mechanism, the renewable energy (RE) generator sells power into a market platform such as the Day-Ahead Market (DAM) or Real-Time Market (RTM). The corporate or institutional consumer, in turn, pays the difference between a pre-agreed VPPA price and the realised market price. In exchange, the consumer receives the associated Renewable Energy Certificates (RECs), which can be used to demonstrate compliance with Renewable Consumption Obligations (RCOs) or to meet voluntary sustainability targets.

Unlike conventional power purchase agreements, a VPPA does not involve the direct transfer of electricity from the generator to the consumer. Instead, it is entirely a financial settlement, and the green attributes of renewable energy are conveyed through the REC mechanism.

The current policy framework for VPPAs has been issued as “Guidelines” rather than binding “Regulations”, highlighting its advisory nature. While this flexible approach supports early market development, pilot transactions, and innovation, it also comes with important limitations. Guidelines do not have statutory authority and cannot compel compliance; they merely provide directional advice and promote best practices.

This lack of legal enforceability has critical implications. For long-term, financially complex instruments like VPPAs, regulatory certainty is essential to ensure:

• Investor and lender confidence,

• Clear and enforceable contractual terms, and

• Defined processes for settlement, risk allocation, and dispute resolution.

In the absence of a regulatory mandate, these aspects may remain ambiguous or vulnerable to interpretation, reducing the bankability and legal robustness of such contracts.

Given the financial sophistication and long-term nature of VPPAs, there is a compelling case for the Commission to transition from guidelines to formal regulations once the market stabilises and stakeholder consensus is achieved. This would help build a predictable and transparent framework, ensure regulatory oversight, and enable standardised practices across market participants.

As outlined above, VPPAs share key characteristics with Contracts for Difference (CfDs)notably their financial settlement structure and separation from physical power delivery. When left unregulated, such instruments can be vulnerable to misuse, including money laundering or financial manipulation, particularly in capital-intensive and opaque sectors like energy. That is why any VPPA/CfD mechanism must come with strict financial, legal, and disclosure safeguards to ensure it serves clean energy goals—not as a tool for financial misconduct. Having said that, there are many other issues which need to be addressed before the rollout of this initiative. These are listed below:

Where Loopholes Arise: A Structural View

The absence of physical delivery in a VPPA creates several points of vulnerability:
- No physical metering or verification at consumer's end
- Privately negotiated price with no transparent discovery
- Lack of standard contract templates or settlement benchmarks
- No compulsory audit or central reporting mechanism for VPPA contracts

Fraud Case 1: Over-Invoicing and Price Padding

Example:
- Generator and Consumer enter into a VPPA at Rs. 6.00/kWh.
- Generator sells power in the market at Rs. 2.50/kWh.
- Consumer pays Rs. 3.50/kWh as financial settlement.
- In reality, the cost of generation is only Rs. 3.00/kWh.

In this scenario, the consumer effectively transfers an inflated margin to the generator. If both parties are colluding, the payment differential can be a means of transferring illicit funds under the guise of green energy procurement. This can be used by related parties to siphon funds.

Fraud Case 2: Duplicate VPPAs for Same Generation

Example:
- Generator signs VPPA-1 with Consumer A and transfers REC.
- Generator also signs VPPA-2 with Consumer B using the same generation.
- Only one set of RECs is issued, but both consumers are charged.
If Consumer B is not RCO-audited or only needs green claims for ESG reporting, fraud may never surface.

Fraud Case 3: Collusion with Registry Insider

Example:
- Generator colludes with a registry insider to issue duplicate RECs for the same MWh.
- RECs are then transferred to multiple consumers.
- Both parties claim compliance, but only one REC is valid.
Though rare, insider threats in digital registries are documented risks, especially without public audit trails or automated compliance matching.

Fraud Case 4: Greenwashing Without REC Transfer

Example:
- Generator issues a VPPA invoice.
- No REC is transferred or extinguished.
- Consumer uses the contract to report Scope 2 emissions reduction.
Without a mandatory, verifiable ESG audit, this form of greenwashing can go undetected.

Types of Likely Collusion in VPPA and Fraud Risks in the Absence of ESG Audits

Fraud Risk in the Absence of ESG Audits

In India, ESG audits are currently mandated only for the top 1,000 listed companies under SEBI’s BRSR Core framework, with assurance requirements being rolled out in a phased manner over four years. As a result, a vast number of companies, particularly private, unlisted, or smaller listed entities—remain outside the purview of compulsory ESG verification. This regulatory gap allows such firms to make sustainability and green energy claims based on unaudited contracts or unverified REC transactions. In the absence of third-party assurance, the risk of fraudulent practices under VPPAs increases substantially, including the use of inflated claims, non-existent REC transfers, or duplicate green attributes to falsely demonstrate compliance or enhance ESG profiles.

Key risks due to lack of ESG assurance include:

- Acceptance of VPPA invoices without actual REC transfer.

- False reporting of Scope 2 emission reductions.

- Use of forged REC certificates or duplicated REC IDs.

- Absence of audit trail between REC registry and ESG disclosures.

- Lack of visibility into one-to-one mapping between RE generation and RECs used.

Why Traditional PPAs Are Less Vulnerable

Conventional physical PPAs are usually bid-based or approved by regulators and involve:
- Metered, traceable energy delivery
- Regulated tariffs or bidding processes
- SLDC and energy accounting oversight
These features create a transparent trail from generation to billing, significantly reducing laundering risks.

Comparative Risk Table: OTC Physical PPA vs OTC VPPA

Absence of Mandatory ESG Audit: A Weak Link

In India, ESG audits are mandatory only for the top 1,000 listed companies under SEBI’s BRSR Core framework, and even then, assurance on disclosures is phased in over four years.
This leaves a large pool of companies—especially private, unlisted, or smaller public firms—free to make green claims based on unaudited, unverified contracts.

What Needs to Be Done

To close these fraud and laundering loopholes, the following regulatory and market safeguards must be implemented:
1. Mandatory registration of all VPPAs with CERC or a central OTC registry.
2. One-to-one mapping between RE generation and REC issuance, tied to metered data.
3. Model VPPA contracts with standardized pricing and settlement terms.
4. Central public dashboard of all REC transfers and extinguishments.
5. Mandatory ESG assurance for all entities claiming RCO compliance via VPPAs.
6. Automated validation between REC registry and ESG disclosures.

Other Risks in draft VPPA guidelines

1. Regulatory Framework and Jurisdiction

The draft classifies VPPAs as Non-Transferable Specific Delivery (NTSD) contracts based on SEBI’s opinion (para 1.3), placing them under CERC’s regulatory purview. However, since the RE generator sells electricity via power exchanges (para 5.1, 6.3), there is a potential conflict: VPPAs have financial settlement characteristics akin to derivatives, but are classified as NTSD. This opens up a jurisdictional ambiguity where future legal or regulatory challenges may arise—particularly on whether SEBI, CERC, or another authority should govern such instruments if they begin to exhibit traits of financial securities. Clarification and legal harmonization are needed to avoid overlapping claims of jurisdiction.

Relevant Paragraphs: 1.3, 1.5, 4.1(j)

2. Definition of VPPA and Legal Validity

The VPPA is structured as a financial contract with settlement based on market price differences, not direct power supply. This derivative-like structure under the NTSD umbrella (para 4.1(j)) creates legal tension. Failure to clarify this could impact the recognition of VPPA for compliance or finance.

Relevant Paragraphs: 4.1(j), 5.1, 6.3

3. Market Participation and Price Settlement

The mechanism lacks a defined reference for 'market price' used in VPPA settlement (para 7.1). There’s no price index, cap/floor, or timeline for settlement. This creates risk for both parties and discourages participation due to potential disputes.

Relevant Paragraphs: 5.1, 6.3, 7.1

4. REC Handling and Compliance

REC issuance is tied to sale in DAM/RTM (para 5.2, 6.3), without provisions for curtailment, delays, or alternative compliance routes. This could jeopardize RCO compliance if RECs are delayed or withheld due to external factors.

Relevant Paragraphs: 5.2, 6.2, 6.3, 8.1–8.4

5. Platform and Trader Role

While traders or OTC platforms can facilitate VPPAs (para 6.1), their roles, responsibilities, and liabilities are undefined. This may lead to a lack of accountability or due diligence, exposing parties to undue risks.

Relevant Paragraphs: 6.1, 4.1(d), (e), (i)

6. Bankability and Contract Enforceability

The draft lacks model VPPA contracts and does not specify bankable clauses like termination rights, force majeure, or default provisions. Non-tradability (para 6.4) also limits financing opportunities for RE projects.

Relevant Paragraphs: 6.4, 7.1

7. Omissions: Grid, Scheduling, and Green Claims

There is no integration with grid codes or DSM regulations. Also, risks of double counting green attributes (via REC and Green OA) are not addressed, potentially undermining transparency in green energy claims.

Relevant Paragraphs: 5.2, 6.3, 8.4; Not explicitly addressed

8. Dispute Resolution

Only bilateral settlement is mentioned (para 9.1), with no reference to arbitration or CERC adjudication. This weakens the enforceability of these financial contracts and could lead to litigation or compliance failures.

Relevant Paragraphs: 9.1

Conclusion

VPPAs offer great potential as a flexible, market-based tool for scaling renewable energy procurement. But without rigorous enforcement and audit safeguards, they can become conduits for financial fraud, double-counting, and greenwashing.

As India operationalizes its compliance carbon markets and deepens the renewable energy transition, ensuring transparency, traceability, and trust in instruments like VPPAs is not just a legal necessity but a reputational imperative for the entire clean energy ecosystem.

To preserve the integrity of India’s clean energy markets and ESG ecosystem, it is critical to implement mandatory ESG assurance, central VPPA registration, and tighter integration between REC registry and carbon disclosures. Absent these safeguards, VPPAs risk becoming vehicles for undetected fraud, non-compliance, and reputational loss.