Supervisory Rating System for Financial Market Infrastructures, 58932-58939 [2016-20517]

Agencies

• FEDERAL RESERVE SYSTEM

[Federal Register Volume 81, Number 166 (Friday, August 26, 2016)]
[Notices]
[Pages 58932-58939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-20517]


=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

[Docket No. OP-1521]


Supervisory Rating System for Financial Market Infrastructures

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: Title VIII of the Dodd-Frank Wall Street Reform and Consumer 
Protection Act (Dodd-Frank Act) granted the Board of Governors of the 
Federal Reserve System (Board) enhanced authority to supervise 
financial market utilities that are designated as systemically 
important by the Financial Stability Oversight Council (financial 
market utilities are defined to comprise a subset of the entities that, 
outside the United States, are generally called financial market 
infrastructures or FMIs). In addition, the Board may have direct 
supervisory authority over other FMIs subject to its jurisdiction. The 
Board has approved the use of the ORSOM (Organization; Risk Management; 
Settlement; Operational Risk and Information Technology (IT); and 
Market Support, Access, and Transparency) rating system in reviews of 
FMIs by the Board and, under delegated authority, the Federal Reserve 
Banks (collectively, the Federal Reserve).

DATES: The Board will begin using the FMI rating system on October 27, 
2016.

FOR FURTHER INFORMATION CONTACT: Stuart Sperry, Deputy Associate 
Director (202) 452-2832 or Kristopher Natoli, Manager (202) 452-3227, 
Division of Reserve Bank Operations and Payment Systems; Evan H. 
Winerman, Counsel (202) 872-7578, Legal Division; for users of 
Telecommunications Device for the Deaf (TDD) only, contact (202) 263-
4869.

SUPPLEMENTARY INFORMATION:

Background

    FMIs are multilateral systems that transfer, clear, settle, or 
record payments, securities, derivatives, or other financial 
transactions among participants or between participants and the FMI 
operator. FMIs include payment

[[Page 58933]]

systems, central securities depositories, securities settlement 
systems, central counterparties, and trade repositories. FMIs can 
strengthen the markets that they serve and play a critical role in 
fostering financial stability. If not properly managed, however, they 
can pose significant risks to the financial system and be a potential 
source of contagion, particularly in periods of market stress. For 
example, improperly managed FMIs can be sources of financial shocks or 
channels through which shocks are transmitted across domestic and 
international financial markets.
    The Federal Reserve supervises certain FMIs that provide payment, 
clearing, and settlement services for critical U.S. financial markets. 
Specifically, under Title VIII of the Dodd-Frank Act, the Federal 
Reserve is the Supervisory Agency for certain designated financial 
market utilities (DFMUs).\1\ These DFMUs are subject to risk-management 
standards set out in Regulation HH.\2\ In addition, the Federal Reserve 
may have supervisory authority over FMIs that are operated by state 
member banks, Edge or agreement corporations, or bank holding 
companies. Furthermore, the Board supervises FMIs that are operated by 
the Federal Reserve Banks, such as the Fedwire Funds Service.\3\ These 
latter two categories of FMIs are expected to meet the risk-management 
standards set out in the Board's Payment System Risk (PSR) policy.\4\ 
The risk management standards set out in both Regulation HH and the PSR 
policy are based on the Principles for Financial Market Infrastructures 
(PFMI).\5\
---------------------------------------------------------------------------

    \1\ The term financial market utility (FMU) is defined in Title 
VIII as ``any person that manages or operates a multilateral system 
for the purpose of transferring, clearing, or settling payments, 
securities, or other financial transactions among financial 
institutions or between financial institutions and the person'' (12 
U.S.C. 5462(6)). FMUs are a subset of FMIs; for example, trade 
repositories are excluded from the definition of an FMU. Pursuant to 
section 804 of the Dodd-Frank Act, the Financial Stability Oversight 
Council (Council) is required to designate those FMUs that the 
Council determines are, or are likely to become, systemically 
important. Such a designation by the Council makes an FMU subject to 
the supervisory framework set out in Title VIII of the Dodd-Frank 
Act.
    The term Supervisory Agency is defined in Title VIII as the 
``Federal agency that has primary jurisdiction over a designated 
financial market utility under Federal banking, securities, or 
commodity futures laws'' (12 U.S.C. 5462(8)). Currently, the Board 
is the Supervisory Agency for two DFMUs: (i) The Clearing House 
Payments Company, L.L.C., on the basis of its role as operator of 
the Clearing House Interbank Payments System (CHIPS), and (ii) CLS 
Bank International (CLS).
    \2\ 12 CFR 234.3.
    \3\ See Sections 11(a)(1) and 11(j) of the Federal Reserve Act, 
12 U.S.C. 248(a)(1) and 248(j).
    \4\ The Board's PSR policy is available at https://www.federalreserve.gov/paymentsystems/files/psr_policy.pdf.
    \5\ The PFMI, published by the Committee on Payment and 
Settlement Systems (now the Committee on Payments and Market 
Infrastructures) and the Technical Committee of the International 
Organization of Securities Commissions in April 2012, is widely 
recognized as the most relevant set of international risk-management 
standards for payment, clearing, and settlement systems.
---------------------------------------------------------------------------

    The ORSOM (Organization; Risk Management; Settlement; Operational 
Risk and IT; and Market Support, Access, and Transparency) rating 
system is a supervisory tool that the Federal Reserve will use to 
provide a consistent internal framework for performing FMI assessments 
across the Federal Reserve's FMI portfolio.\6\ The ORSOM rating system 
will be applied to DFMUs for which the Board is the Supervisory Agency 
pursuant to Title VIII, other FMIs over which the Board has supervisory 
authority because they are members of the Federal Reserve System, and 
FMIs that are operated by the Federal Reserve Banks.\7\ The Federal 
Reserve will convey the annual rating to a DFMU's management and board 
of directors. The rating system is designed to link supervisory 
assessments and messages to the regulations and guidance that form the 
foundation of the supervisory program, such as Regulation HH and the 
PSR policy. The Board issued a notice requesting comments on all 
aspects of the rating system.\8\
---------------------------------------------------------------------------

    \6\ The ORSOM rating system replaces the Federal Reserve's 
existing rating system, which is referred to as SCIISO. SCIISO 
stands for Supervision and organization; Compliance, Internal 
controls and audit; Information technology/electronic data 
processing; Settlements and liquidity; and General Organization. 
SCIISO was originally developed to facilitate the Federal Reserve's 
supervision of the Depository Trust Company, but subsequently was 
adapted and applied to The Clearing House Payments Company LLC as 
operator of the CHIPS payment system, CLS Bank International, and 
the Warehouse Trust Company LLC. The Federal Reserve did not seek 
public comment when SCIISO was introduced.
    \7\ At present, the first group includes CLS and CHIPS, the 
second group includes the Depository Trust Company, and the third 
group includes Fedwire Funds Service and Fedwire Securities Service.
    \8\ 80 FR 70211 (Nov. 13, 2015).
---------------------------------------------------------------------------

Summary of Public Comments and Analysis

    The Board received two public comment letters on the notice and 
request for comment. The Board considered these comments in developing 
its final FMI rating system. Except as noted herein, the Board is 
adopting the rating system's text as proposed.\9\
---------------------------------------------------------------------------

    \9\ The Board is also making several technical edits, which are 
not specifically addressed in the discussion below.
---------------------------------------------------------------------------

Overall Approach

    The Board proposed to use the ORSOM rating system as a supervisory 
tool for providing a consistent internal framework for performing 
annual FMI assessments across the Federal Reserve's FMI portfolio, 
which includes DFMUs for which the Board is the Supervisory Agency 
pursuant to Title VIII, other FMIs over which the Board has supervisory 
authority because they are members of the Federal Reserve System, and 
FMIs that are operated by the Federal Reserve Banks. Commenters were 
generally supportive of the Board's effort to establish a consistent 
approach to rating FMIs. Both commenters, however, raised two general 
concerns about the Board's overall approach: (1) That the rating system 
would create new obligations beyond those that already exist in 
Regulation HH and (2) that an FMI's rating would depend excessively on 
supervisory judgment.
    The Board's FMI rating system is an internal supervisory tool that 
is intended to assist supervisors in assessing FMIs against regulatory 
requirements, but it does not create any new obligations or 
requirements for FMIs. In establishing a consistent internal framework 
for discussing FMI assessments, the FMI rating system instructs 
supervisory staff to consider relevant regulations and related 
guidance. The explanatory language provided for each of the rating 
system's categories is intended to describe generally the range of 
issues covered in each category's relevant regulations and guidance. 
The Board has revised the ratings system to address concerns that it 
expands on already-applicable requirements. For example, the Board has 
added clarifying language to the rating system's Introduction section 
and made technical edits throughout to align each category's 
explanatory language more closely with Regulation HH's text.
    With regard to the role that supervisory judgment plays in 
determining an FMI's rating, the Board believes that the rating system 
must provide examiners with the ability to use their expertise and 
judgment when determining an FMI's rating. An FMI's category and 
composite ratings reflect many factors that may vary in importance for 
each FMI. Supervisory staff's judgment will be guided by the relevant 
regulations and guidance, as well as by the Board's internal processes 
for ensuring consistent treatment of similarly situated FMIs.
    The Board agrees with commenters that supervisory staff should 
explain the supervisory judgment underlying an FMI's rating. The rating 
system is

[[Page 58934]]

designed to facilitate a clear and logical discussion of the FMI's 
condition with the FMI's management and board of directors. Supervisory 
staff will continue its current practice of explaining the factors that 
determine an FMI's rating.

Alignment With Regulation HH

    Commenters requested that the Board make multiple changes to the 
rating system that would align the rating system more closely with the 
text of Regulation HH. The rating system is fundamentally derived from, 
and should reflect, the requirements of Regulation HH and the PSR 
policy. Therefore, the Board made technical clarifications throughout 
the rating system to align explanatory language more closely with 
Regulation HH's text. Examples include changing the explanatory 
language in the Board and Management Oversight subcomponent of the 
Organization category to specify that the requirement for independent 
validation focuses on risk-management models; the Risk Management 
category to reflect verbatim Regulation HH's requirement pertaining to 
recovery and orderly wind-down plans; and the Settlement category to 
reflect verbatim Regulation HH's requirement that FMIs provide clear 
and certain final settlement.
    Both commenters raised concerns regarding the explanatory language 
in the Market Support, Access and Transparency category, which states 
that ``the analysis under this category considers . . the efficiency 
with which [the FMI] consumes resources in providing its services.'' 
Commenters believed that this language was vague. The Board is 
retaining this language in the ratings system guidance because 
Regulation HH requires that a DFMU operate efficiently.\10\ The Board 
explained this concept in preamble text to the notice of proposed 
rulemaking with respect to these provisions of Regulation HH, stating 
that ``efficiency generally encompasses what a DFMU chooses to do, how 
it does it, and the resources required by the DFMU to perform its 
functions.'' \11\ As the Board explained further, ``there is an 
inherent tradeoff between safety (that is, risk management) and 
efficiency (that is, direct and indirect costs) in the design and 
management of a designated FMU.'' \12\ The Board noted that ``[a] 
designated FMU's design; operating structure; scope of payment, 
clearing, and settlement activities; and use of technology can 
influence its efficiency and can ultimately provide incentives for 
market participants to use, or not use, the designated FMU's services. 
In certain cases, inefficiently designed systems may increase 
operational costs to the point that it would be cost prohibitive for 
participants to use the designated FMU. As a result, the inefficiency 
could drive market participants toward less-safe alternatives, such as 
bilateral clearing or settlement on the books of the participants.'' 
\13\
---------------------------------------------------------------------------

    \10\ See 12 CFR 234.3(a)(21).
    \11\ 79 FR 3666, 3685 (Jan. 22, 2014).
    \12\ Id. at 3685-86.
    \13\ Id.
---------------------------------------------------------------------------

References to Relevant Statutes, Regulations and Guidance

    One commenter requested that the Board provide more specific 
examples of the relevant guidance to which examiners would refer when 
determining an FMI's rating. For each category, the Board has, to the 
extent possible, specified the relevant statutes, regulations, and 
guidance that factor into that category's rating. In the case of the 
Operational Risk and IT category, the Board refers to ``FFIEC and 
relevant industry guidance.'' In assessing an FMI's performance under 
Regulation HH's requirements with respect to operational risk and 
cybersecurity policies and procedures,\14\ the Board will be guided by 
leading information, communication and technology (ICT) and information 
and cyber security standards and guidelines. Some of these standards 
and guidelines are reflected in Federal Reserve and FFIEC guidance, as 
well as guidance supporting the PFMI (such as CPMI-IOSCO's forthcoming 
Guidance on Cyber Resilience for Financial Market Infrastructures). The 
Board believes that in light of the rapidly evolving IT and cyber risk 
landscapes, further specification of relevant industry guidance would 
date itself quickly. Further, as the Board has stated, the rating 
system is an internal supervisory tool that does not create new 
regulatory requirements. DFMUs subject to the jurisdiction of the 
Federal Reserve as the Supervisory Agency under Title VIII of the Dodd-
Frank Act should adhere to, and will be assessed against, Regulation 
HH's provisions, and examiners will clearly communicate with the FMIs 
the standards against which they are being rated.
---------------------------------------------------------------------------

    \14\ 12 CFR 234.3(a)(17).
---------------------------------------------------------------------------

Board and Management Responsiveness

    The proposed text of the Board and Management Oversight stated that 
``[t]his rating evaluates how effectively the board of directors and 
senior management guide and manage the FMI, and ensure that the FMI 
operates in a safe and sound manner; specific considerations in this 
regard include management's responsiveness to supervisory concerns.'' 
One commenter requested the Board confirm its understanding that this 
language refers to issues that the Board identifies and that the FMI 
agrees to address and not to issues that are subject to a formal 
appeals process. FMI ratings are an internal tool for Federal Reserve 
supervisors, and, unlike ratings of insured depository institutions and 
their holding companies, do not carry any automatic implications with 
respect to supervisory or regulatory interventions or requirements. 
Therefore, the Board does not have a formal appeals process for its 
supervisory ratings at this time.
    The Board expects FMI management to respond appropriately to 
supervisory concerns. Title VIII requires the Board to prescribe risk 
management standards governing DFMUs' operations related to payment, 
clearing, and settlement activities, and to conduct annual examinations 
of relevant DFMUs for which it is the Supervisory Agency to determine, 
among other things, their safety and soundness, as well as their 
compliance with Title VIII and any rules and orders prescribed 
thereunder. If supervisory staff believes that a DFMU's board and 
management are failing to respond to supervisory concerns and thereby 
undermining the DFMU's safety and soundness or threatening financial 
stability, supervisory staff will incorporate that determination into 
its assessment of board and management oversight, regardless of whether 
the board and management disagree with supervisory staff's conclusions.

Text of the Supervisory Rating System for FMIs

Introduction

    Under the ORSOM rating system for financial market infrastructures 
(FMIs), the Federal Reserve develops a rating for each of the ORSOM 
categories and rolls those category ratings into an overall composite 
rating. The rating system is designed to (1) be clearly tied to 
relevant Federal Reserve regulations and guidance, (2) facilitate a 
clear and logical discussion of the FMI's condition with the FMI's 
management and board of directors, (3) be easily understood and used by 
both supervisors and FMIs, (4) be flexible, (5) facilitate 
comprehensive and consistent assessments across the Federal Reserve's 
FMI portfolio, and (6) promote financial stability by ensuring that 
systemically important FMIs understand and are held to the Federal 
Reserve's rigorous risk-management standards. Importantly, the

[[Page 58935]]

rating system is an internal supervisory tool that does not create new 
regulatory requirements; the explanatory language provided for each of 
the ratings system's categories is intended to describe generally the 
range of issues covered in each category's relevant regulations and 
guidance.
    Additionally, the rating system is designed to allow for 
supervisory judgment and discretion, and should not be viewed as 
establishing a formula for determining an FMI's rating. Each of the 
assigned ratings, including the composite rating, should reflect 
supervisory judgment about the importance of the individual categories 
and issues as they pertain to the FMI. Relevant provisions of 
Regulation HH and the Payment System Risk (PSR) policy, which are 
reflected in each rating category, help to organize and structure each 
category's rating. The criticality of categories and issues, however, 
may differ among FMIs because of factors such as their differing 
services, risk profiles, and operational and organizational structures. 
An FMI's rating will also take into account the FMI's responsiveness to 
supervisory concerns and the demonstrated effectiveness of any measures 
that the FMI has implemented to address the root cause of those 
concerns.

Categories

    The ORSOM rating system consists of the following five categories, 
which were selected to highlight broadly the risk management issues 
that FMIs face, to guide supervisory examinations, and to provide a 
structure for organizing assessment letters:

 Organization
 Risk Management
 Settlement
 Operational Risk and IT
 Market Support, Access, and Transparency

    Analysis of the issues considered under each category should be 
consistent with Regulation HH, the PSR policy, and relevant guidance, 
such as supervision and regulation (SR) letters and guidance of the 
Federal Financial Institutions Examination Council (FFIEC). The 
categories' order is not a reflection of their relative importance. The 
weight prescribed to either a category or a category's components is a 
matter of supervisory judgment and expertise, and may differ among 
FMIs. In addition, supervisory staff's assessment of an FMI should take 
into account the categories' interrelationships and the FMI's entire 
risk management framework, and should integrate knowledge derived from 
all available sources, including examination work, continuous 
monitoring efforts, and other relevant sources (for example, the 
processes set forth in Regulation HH and Board policy regarding advance 
notice of material changes proposed by designated financial market 
utilities (DFMUs) and the Federal Reserve Banks' Fedwire services, 
respectively, and lessons learned from market events). Finally, an 
FMI's category rating should reflect consideration of the demonstrated 
effectiveness of any remediation measures that the FMI has implemented 
to address the root cause of supervisory concerns.

Organization

    The foundations of an FMI's risk management framework are its 
management and governance structures, which include the board of 
directors' and management's authority, responsibilities, and reporting. 
The Organization category evaluates the FMI's overarching objectives, 
and the ability of the FMI's board and management to implement them. 
This category also considers the relationships among the FMI's relevant 
stakeholders and their influence on the FMI's business strategy. 
Further, analysis under this category considers the independence and 
effectiveness of the FMI's internal audit function and its ability to 
inform the board and management about the robustness of the FMI's risk 
management and control processes. As a result, the Organization 
category contains two subcomponents, Board and Management Oversight, 
and Internal Audit. The FMI's assessment under these subcomponents is 
reflected in a single category rating.\1\
---------------------------------------------------------------------------

    \1\ The Board and Management Oversight and the Internal Audit 
subcomponents are not individually rated; they represent matters 
examiners should consider when assigning the Organization category 
rating. Depending on the issues at the FMI, examiners should use 
their judgment in weighting each of these subcomponents in their 
assessment of the Organization category overall.
---------------------------------------------------------------------------

Board and Management Oversight
    The Board and Management Oversight subcomponent addresses the 
organization and conduct of the FMI's board of directors and senior 
management. It assesses the structure and effectiveness of the FMI's 
legal and compliance risk monitoring and management framework. This 
rating evaluates how effectively the board of directors and senior 
management guide and manage the FMI, and ensure that the FMI operates 
in a safe and sound manner; specific considerations in this regard 
include management's responsiveness to supervisory concerns. This 
rating component also evaluates the board's effectiveness at 
establishing the FMI's objectives, strategy, and risk tolerances, and 
management's effectiveness at ensuring that the FMI's activities are 
consistent with them. Specific considerations in this regard include 
the board's effectiveness in setting strategic objectives, developing a 
risk-management framework, creating clear and responsive corporate 
governance structures, and establishing corporate risk tolerances. This 
rating also evaluates the effectiveness of the FMI's governance program 
for risk models and its use of independent validation mechanisms to 
validate the FMI's risk-management model methodologies and output.
    Relevant statutes, regulations and guidance include--

 Regulation HH Sec.  234.3(a)(1)-(3) (excluding (a)(2)(iv)(I))
 Regulations implementing the Bank Secrecy Act (BSA) \2\ and 
sanctions programs administered by the Office of Foreign Assets Control 
(OFAC)
---------------------------------------------------------------------------

    \2\ The BSA is codified at 31 U.S.C. 5311 et seq., 12 U.S.C. 
1829b, and 12 U.S.C. 1951-1959. Federal Reserve supervised 
institutions that are subject to the BSA include state member banks 
(Regulation H, 12 CFR 208), bank holding companies (Regulation Y, 12 
CFR 225), Edge and agreement corporations, and foreign banking 
organizations operating in the United States (Regulation K, 12 CFR 
211). The U.S. Department of the Treasury's Financial Crimes 
Enforcement Network has published regulations implementing the BSA 
at 31 CFR Part X.
---------------------------------------------------------------------------

 PSR policy: Legal Basis (Principles for Financial Market 
Infrastructures (PFMI) 1), Governance (PFMI 2, excluding references to 
internal audit), Framework for Comprehensive Management of Risks (PFMI 
3, excluding references to internal audit)
Internal Audit
    The Internal Audit subcomponent reflects the ability and 
independence of the FMI's internal audit function to assess risk and to 
inform the board and management. An FMI should have an effective 
internal audit function with sufficient resources and independence from 
management to provide a rigorous and unbiased assessment of the FMI's 
risk profile and risk exposure, including financial and operational 
risk, as well as the effectiveness of risk management and controls. The 
Internal Audit subcomponent assesses the internal audit function's day-
to-day management, including its annual risk assessment, audit program, 
quality of work papers, quality assurance, planning and reporting, and 
training.\3\
---------------------------------------------------------------------------

    \3\ The Internal Audit subcomponent does not assess the board's 
effectiveness at establishing and overseeing an internal audit 
function at the FMI; that is assessed in the Board and Management 
Oversight subcomponent.

---------------------------------------------------------------------------

[[Page 58936]]

---------------------------------------------------------------------------
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(2)(iv)(I)
 Audit guidance applicable to the FMI (for example, Institute 
of Internal Auditors, FFIEC, SR Letters, Bank for International 
Settlements, and ISACA)
 PSR policy: Governance (PFMI 2, as it pertains to internal 
audit), Framework for Comprehensive Management of Risks (PFMI 3, as it 
pertains to internal audit), Operational Risk (PFMI 17, as it pertains 
to internal audit)

Risk Management

    The Risk Management category evaluates the effectiveness of the 
FMI's risk management, including the availability to the FMI of 
acceptable financial resources to contain and manage losses and 
liquidity pressures, and the FMI's ability to meet its obligations in 
the event of a participant's default. Further, the rating assesses 
whether the FMI has developed a risk-management framework that includes 
integrated plans for the FMI's recovery and orderly wind-down, and the 
viability of its capital plan. The rating also considers the FMI's 
ability and practices in safeguarding its own assets and those of its 
participants, and the FMI's ability to ensure those assets are readily 
available and convertible into cash with minimum losses. In addition, 
the Risk Management rating assesses the FMI's awareness, mitigation, or 
management of the material risks that its participants' customers and 
other FMIs indirectly introduce.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(4)-(7), (14)-(16), (19)-(20)
 PSR policy: Credit risk (PFMI 4), Collateral (PFMI 5), Margin 
(PFMI 6), Liquidity risk (PFMI 7), Segregation and Portability (PFMI 
14), General Business Risk (PFMI 15), Custody and Investment Risks 
(PFMI 16), Tiered Participation Arrangements (PFMI 19), and FMI Links 
(PFMI 20)

Settlement

    Final settlement is the irrevocable and unconditional transfer of 
an asset or financial instrument, or the discharge of an obligation by 
an FMI or its participants in accordance with the underlying contract's 
terms. Settlement risk, which is the risk that settlement will not take 
place as expected, is a key risk that FMIs and their participants face. 
Failure to settle a transaction on time and in full can create 
liquidity and credit problems for an FMI or its participants, with 
potential systemic implications. This is especially true during a 
participant default event. Well-designed, clearly articulated, and 
effectively disclosed default management rules are imperative to 
maintaining market confidence in the event of a participant default.
    The Settlement category focuses on the risk-management tools that 
an FMI uses to ensure settlement takes place as expected, and the 
default management procedures the FMI follows in the event of a 
participant default. The rating assesses the FMI's ability to provide 
clear and certain final settlement, and its ability to manage the risks 
related to money settlements and the delivery of physical assets. The 
rating also includes central securities depositories' abilities to 
safeguard the rights of securities issuers and holders, and to ensure 
the integrity of the securities issues that they hold in custody. 
Finally, this category includes assessing the adequacy of the FMI's 
participant default rules and procedures, and the steps that the FMI 
takes to ensure that it is prepared to execute them.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(8)-(13)
 PSR Policy: Settlement Finality (PFMI 8), Money Settlements 
(PFMI 9), Physical Deliveries (PFMI 10), Central Securities 
Depositories (PFMI 11), Exchange-of-Value Settlement Systems (PFMI 12), 
and Participant Default Rules and Procedures (PFMI 13)

Operational Risk and IT

    FMIs face significant operational and IT risks in their provision 
of post-trade services. Operational risk entails deficiencies in 
information systems, internal processes, and personnel, or disruptions 
from external events that may result in the reduction, deterioration, 
or breakdown of services provided by an FMI. FMIs are expected to 
ensure that, through the development of appropriate systems, controls, 
and procedures, their operations and IT infrastructure are reliable, 
secure, and have adequately scalable capacity. FMIs' information 
security practices and controls are expected to be strong and 
effective. FMIs should protect and secure the systems, media, and 
facilities that process and maintain information vital to their 
operations in the context of a continually changing threat landscape. 
Further, FMIs are expected to have robust business continuity plans 
that allow for the rapid recovery and timely resumption of critical 
operations. FMIs are expected to test and update these plans regularly.
    The Operational Risk and IT category focuses on the FMI's 
operational reliability and its ability to support the safe and 
continuous functioning of the markets that it serves. This category 
considers the FMI's operational risk management framework and IT 
infrastructure, including the adequacy of the FMI's operational risk 
management governance, internal controls, physical and information 
security, data management, capacity management, and business continuity 
plan.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(17)
 PSR Policy: Operational Risk (PFMI 17, excluding references to 
internal audit)
 Interagency Paper on Sound Practices to Strengthen Resilience 
of the U.S. Financial System
 FFIEC, relevant industry IT & cybersecurity guidance, and 
CPMI-IOSCO guidance supporting the PFMI.

Market Support, Access, and Transparency

    FMIs should be designed and operated to meet the needs of their 
participants and the markets that they serve. Access to FMIs' services 
is often necessary for meaningful participation in the markets that 
they serve, and FMIs' efficiency and effectiveness can influence 
financial activity and market structure. Also, access to, and 
understanding of, relevant information about an FMI fosters confidence 
among participants and the public.
    The Market Support, Access, and Transparency category focuses on 
the FMI's efforts to support the markets it serves, to ensure fair and 
open access to its services (while balancing the FMI's safety and 
efficiency), and to provide participants with the information necessary 
to understand the risks and responsibilities attendant with their 
participation in the FMI. Analysis under this category considers, among 
other things, the FMI's implementation of risk-based, objective 
participation requirements; its member monitoring framework; the 
efficiency with which it consumes resources in providing its services; 
and the adequacy of its disclosure of its rules, its key procedures, 
and its legal, governance, risk management, and operating framework.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(18), (21)-(23)

[[Page 58937]]

 PSR policy: Access and Participation Requirements (PFMI 18), 
Efficiency and Effectiveness (PFMI 21), Communication Procedures and 
Standards (PFMI 22), Disclosure of Rules, Key Procedures, and Market 
Data (PFMI 23), Disclosure of Market Data by Trade Repositories (PFMI 
24)

Category Ratings

    FMIs receive a rating for each ORSOM category based on an 
evaluation of the FMI against that category's key attributes as 
described herein. Regulation HH prescribes risk-management standards 
for DFMUs for which the Board or another federal banking agency is the 
Supervisory Agency under Title VIII of the Dodd-Frank Act. Other FMIs 
subject to Federal Reserve supervision--for example, other DFMUs over 
which the Board has supervisory authority because they are members of 
the Federal Reserve System, and FMIs that are operated by the Federal 
Reserve Banks--are subject to the Federal Reserve Act and the 
expectations set out in the Federal Reserve's PSR policy. An FMI's 
rating should be consistent with the expectations set forth in 
Regulation HH, the PSR policy, and relevant supervisory guidance, such 
as SR letters and FFIEC guidance.\4\ The rating scale ranges from 1 to 
5, with a rating of 1 indicating the strongest performance and, 
therefore, the level of least supervisory concern. A rating of 5 
indicates the most critically deficient level of performance and, 
therefore, the greatest level of supervisory concern. Importantly, an 
FMI's category rating should reflect supervisory judgment and expertise 
as to the materiality of any issues identified based on the resulting 
effect those issues have on the safety and soundness of the FMI, the 
growth of systemic risks, or the stability of the broader financial 
system.\5\
---------------------------------------------------------------------------

    \4\ DFMUs subject to the jurisdiction of the Federal Reserve 
under Title VIII of the Dodd-Frank Act should adhere to, and will be 
assessed against, Regulation HH's provisions and any other 
regulation directly applicable to that DFMU, and any supervisory 
guidance would be applicable only insofar as it is consistent with 
Regulation HH and other directly applicable regulations.
    \5\ See Dodd-Frank Act Section 805, 12 U.S.C. 5464(b).
---------------------------------------------------------------------------

    A common set of definitions for each rating level is applied across 
all of the ORSOM categories. These general definitions focus on broad 
supervisory interests, which are--
     the extent to which any issues identified, either 
individually or cumulatively, are issues of concern for the safety and 
soundness of the FMI or the stability of the broader financial system.
     the immediacy with which the FMI is expected to remedy the 
issues, and the extent to which close supervisory monitoring of the 
FMI's remediation efforts, or supervisory action, is needed.\6\
---------------------------------------------------------------------------

    \6\ FMIs are responsible for remedying supervisory concerns. 
Supervisory action in this context refers to the range of 
supervisory measures that relevant laws authorize the Federal 
Reserve to take. These include issuing a matter requiring attention 
or matter requiring immediate attention; entering into a memorandum 
of understanding with the FMI; or more severe enforcement action 
measures as authorized under Title VIII of the Dodd-Frank Act or 
other relevant laws.
---------------------------------------------------------------------------

    Supervisors may identify multiple issues with differing degrees of 
concern. In such cases, supervisors typically should assign the 
category a rating that reflects their judgment of the severity of the 
most serious concerns identified. For example, if a payment system 
meets the majority of supervisory standards for the Settlement 
category, but only partly observes the risk management standard 
pertaining to settlement finality, then, because of that issue's 
criticality to a payment system, the payment system's rating for the 
Settlement category should reflect its weaknesses with regard to that 
key risk management standard.
1: Strong
     Any issues identified, either individually or 
cumulatively, are not issues of concern with respect to the category's 
supervisory guidance. For example, the FMI observes all of the key risk 
management standards in Regulation HH or the PSR policy, as 
applicable.\7\
---------------------------------------------------------------------------

    \7\ The applicable standards are based on the Federal Reserve's 
source of authority. DFMUs for which the Federal Reserve acts as the 
Supervisory Agency under Title VIII of the Dodd-Frank Act are 
subject to Regulation HH. Other FMIs subject to Federal Reserve 
supervision, for example, by virtue of being members of the Federal 
Reserve System, are subject to the Federal Reserve Act and the 
expectations set out in the Federal Reserve's PSR policy. The 
applicable standards in both Regulation HH and the PSR policy are 
based on the PFMI. The Board has stated that it does not intend for 
differences in language in the two documents to lead to inconsistent 
policy results.
---------------------------------------------------------------------------

     The FMI can correct any issues identified in the normal 
course of business and focused supervisory monitoring of the FMI's 
remediation efforts is not needed.
2: Satisfactory
     Any issues identified, either individually or 
cumulatively, are not presently issues of concern with respect to the 
category's supervisory guidance, but may become so if left uncorrected. 
For example, the FMI either observes or broadly observes the key risk 
management standards in Regulation HH or the PSR policy, as applicable.
     The FMI can correct any issues identified in the normal 
course of business, but limited, focused supervisory monitoring of the 
FMI's remediation efforts may be needed.
3: Fair
     One or more issues identified, either individually or 
cumulatively, are issues of concern with respect to the category's 
supervisory guidance. For example, the FMI, at a minimum, broadly 
observes most of the key risk management standards in Regulation HH or 
the PSR policy, as applicable, but may partly observe some of them.
     The FMI should correct one or more of the issues of 
concern identified within a defined period, focused supervisory 
monitoring of the FMI's remediation efforts is likely needed, and 
supervisory action may be needed.
4: Marginal
     One or more issues identified, either individually or 
cumulatively, are substantial issues of concern with respect to the 
category's supervisory guidance. For example, the FMI only partly 
observes many key risk management standards in Regulation HH or the PSR 
policy, as applicable, and may not observe some of them.
     The FMI should correct one or more of the issues of 
concern identified immediately, focused supervisory monitoring of the 
FMI's remediation efforts is needed, and supervisory action is likely.
5: Unsatisfactory
     One or more issues identified, either individually or 
cumulatively, are critical and immediate issues of concern with respect 
to the category's supervisory guidance. For example, the FMI does not 
observe key risk management standards in Regulation HH or the PSR 
policy, as applicable.
     The FMI must correct one or more of the issues of concern 
identified immediately, and immediate supervisory action and monitoring 
of the FMI's remediation efforts are needed.

Composite Ratings

    An FMI's composite rating indicates whether and to what extent the 
issues identified, in the aggregate, give cause for supervisory 
concern. Like the category ratings, an FMI's composite rating ranges 
from 1 to 5. A rating of 1 indicates the strongest performance and, 
therefore, the level of least supervisory concern, and a rating of 5 
indicates a critically deficient level of performance and, therefore, 
the greatest level of supervisory concern. An FMI's

[[Page 58938]]

composite rating should not represent a formulaic combination of its 
category ratings, such as an arithmetic average. Rather, the ratings 
definitions provide factors that supervisory staff should consider when 
viewing an FMI's performance against the totality of relevant 
regulations and supervisory guidance.
1: Strong
     As reflected in its category ratings, an FMI with a 
composite rating of 1 is substantially sound in every respect and does 
not give cause for supervisory concern.
     Any issues identified do not reflect a pattern of risk 
management or governance failures and, either individually or 
cumulatively, are not issues of concern for the safety and efficiency 
of either the FMI or the markets that it supports.
     The FMI can correct any issues identified in the normal 
course of business and focused supervisory monitoring of the FMI's 
remediation efforts is not needed.
2: Satisfactory
     As reflected in its category ratings, an FMI with a 
composite rating of 2 is sound in most respects and does not presently 
give cause for supervisory concern.
     Any issues identified do not reflect a pattern of risk 
management or governance failures and, either individually or 
cumulatively, are not presently issues of concern for the safety and 
efficiency of either the FMI or the markets that it supports, but may 
become so if left uncorrected.
     The FMI can correct any issues identified in the normal 
course of business, but limited, focused supervisory monitoring of the 
FMI's remediation efforts may be needed.
3: Fair
     As reflected in its category ratings, an FMI with a 
composite rating of 3 is sound in many respects, but gives cause for 
some supervisory concern, and supervisory action may be necessary.
     Any issues identified, either individually or 
cumulatively, are issues of concern for the safety and efficiency of 
either the FMI or the markets that it supports.
     The FMI should correct one or more of the issues of 
concern identified within a defined period and focused monitoring of 
the FMI's remediation efforts is likely needed.
4: Marginal
     As reflected in its category ratings, an FMI with a 
composite rating of 4 is unsound in one or more respects and gives 
cause for substantial supervisory concern, which will likely lead to 
supervisory action.
     Any issues identified, either individually or 
cumulatively, are substantial issues of concern for the safety and 
efficiency of either the FMI or the markets that it supports.
     The FMI should correct one or more of the issues of 
concern identified immediately and focused supervisory monitoring of 
the FMI's remediation efforts is needed.
5: Unsatisfactory
     As reflected in its category ratings, an FMI with a 
composite rating of 5 is considered critically unsound and gives cause 
for substantial and immediate supervisory concern and action.
     Any issues identified, either individually or 
cumulatively, are critical and immediate issues of concern for the 
safety and efficiency of either the FMI or the markets that it 
supports.
     The FMI must correct one or more of the issues of concern 
identified immediately, and immediate supervisory action and monitoring 
of the FMI's remediation efforts are needed.

Administrative Law Matters

Regulatory Flexibility Act Analysis

    Congress enacted the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 
et seq.) to address concerns related to the effects of agency rules on 
small entities, and the Board is sensitive to the impact its rules may 
impose on small entities. The RFA requires agencies either to provide a 
final regulatory flexibility analysis with a final rule or to certify 
that the final rule will not have a significant economic impact on a 
substantial number of small entities.
    The Board received no comments on its initial regulatory 
flexibility analysis regarding the supervisory rating system for FMIs. 
The rating system will apply to FMUs that are designated by the 
Financial Stability Oversight Council under Title VIII of the Dodd-
Frank Act as systemically important, for which the Board is the 
Supervisory Agency, and which are subject to Regulation HH. In 
addition, the supervisory rating system for FMIs will apply to other 
DFMUs over which the Board has supervisory authority because they are 
members of the Federal Reserve System, and FMIs that are operated by 
the Federal Reserve Banks, pursuant to the PSR policy. Based on current 
information, none of the FMIs are ``small entities'' for purposes of 
the RFA, and so, the rating system likely will not have a significant 
economic impact on a substantial number of small entities (5 U.S.C. 
605(b)). The following final regulatory flexibility analysis, however, 
has been prepared in accordance with 5 U.S.C. 604, based on current 
information.
    1. Statement of the need for, and objectives of, the rule. The 
Board is implementing the ORSOM rating system in order to carry out its 
supervisory responsibilities regarding FMIs under Title VIII of the 
Dodd-Frank Act and other applicable law, as discussed above. As noted 
above, the ORSOM rating system is a supervisory tool that the Federal 
Reserve will use to provide a consistent internal framework for 
performing FMI assessments across the Federal Reserve's FMI portfolio, 
including DFMUs for which the Board is the Supervisory Agency pursuant 
to Title VIII, other FMIs that are members of the Federal Reserve 
System, and FMIs that are operated by the Federal Reserve Banks. The 
Federal Reserve will convey the annual ORSOM rating to a DFMU's 
management and board of directors. The rating system is designed to 
link supervisory assessments and messages to the regulations and 
guidance that form the foundation of the supervisory program, such as 
Regulation HH and the PSR policy.
    2. Significant issues raised by comments in response to the initial 
regulatory flexibility analysis. The Board received no public comments 
in response to the initial regulatory flexibility act analysis, nor did 
it receive comments from the Chief Counsel for Advocacy of the Small 
Business Administration.
    3. Small entities affected by the rule. Pursuant to regulations 
issued by the Small Business Administration (SBA) (13 CFR 121.201), a 
small entity includes an establishment engaged in (i) financial 
transaction processing, reserve and liquidity services, and/or 
clearinghouse services with an average annual revenue of $38.5 million 
or less (NAICS code 522320); (ii) securities and/or commodity exchange 
activities with an average annual revenue of $38.5 million or less 
(NAICS code 523210); and (iii) trust, fiduciary, and/or custody 
activities with an average annual revenue of $38.5 million or less 
(NAICS code 523991). Based on current information, the Board does not 
believe that any of the FMIs that would be subject to the ORSOM rating 
system would be small entities pursuant to the SBA regulation.
    4. Projected reporting, recordkeeping, and other compliance 
requirements. The ORSOM rating system does not impose any reporting or 
recordkeeping requirements on the relevant FMIs.

[[Page 58939]]

Although the rating system reflects risk management standards set out 
in Regulation HH, the PSR policy, and other applicable rules and 
guidance, the ORSOM rating system itself does not impose any compliance 
requirements.
    5. Steps to minimize significant economic impact on small entities 
consistent with the stated objectives of applicable statutes/discussion 
of significant alternatives. The rating system will not have an 
economic impact on small entities. The Board is not aware of any 
significant alternatives to the rating system that accomplish the 
objectives of reflecting the relevant risk management standards in the 
supervisory rating system.

Competitive Impact Analysis

    As a matter of policy, the Board subjects all operational and legal 
changes that could have a substantial effect on payment system 
participants to a competitive impact analysis, even if competitive 
effects are not apparent on the face of the proposal. Pursuant to this 
policy, the Board assesses whether the changes ``would have a direct 
and material adverse effect on the ability of other service providers 
to compete effectively with the Federal Reserve in providing similar 
services'' and whether any such adverse effect ``was due to legal 
differences or due to a dominant market position deriving from such 
legal differences.'' If, as a result of this analysis, the Board 
identifies an adverse effect on the ability to compete, the Board then 
assesses whether the associated benefits--such as improvements to 
payment system efficiency or integrity--can be achieved while 
minimizing the adverse effect on competition.
    DFMUs are subject to the supervisory framework established under 
Title VIII of the Dodd-Frank Act. At least one DFMU that is subject to 
Regulation HH competes with a similar service provided by the Reserve 
Banks. Under the Federal Reserve Act, the Board has general supervisory 
authority over the Reserve Banks, including the Reserve Banks' 
provision of payment and settlement services (Federal Reserve priced 
services). This general supervisory authority is much more extensive in 
scope than the authority provided under Title VIII over DFMUs. In 
practice, Board oversight of the Reserve Banks goes well beyond the 
typical supervisory framework for private-sector entities, including 
the framework provided by Title VIII.
    The Board is committed to applying risk-management standards to the 
Reserve Banks' Fedwire Funds Service and Fedwire Securities Service 
that are at least as stringent as the applicable Regulation HH 
standards applied to DFMUs that provide similar services. The risk 
management and transparency expectations in part I of the PSR policy, 
which applies to the Federal Reserve priced services, are consistent 
with those in Regulation HH. The ORSOM rating system will be applied 
equally to both DFMUs subject to Regulation HH and to the other FMIs 
subject to the Board's authority, including the Federal Reserve priced 
services, subject to the PSR policy. Therefore, the Board does not 
believe the rating system will have any direct and material adverse 
effect on the ability of other service providers to compete with the 
Reserve Banks.

Paperwork Reduction Act Analysis

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR part 1320, Appendix A.1), the Board may not conduct or 
sponsor, and a respondent is not required to respond to, an information 
collection unless it displays a valid Office of Management and Budget 
(OMB) control number. The Board has reviewed this rating system and 
determined that it contains no collections of information.

    By order of the Board of Governors of the Federal Reserve 
System, August 23, 2016.
Robert deV. Frierson,
Secretary of the Board.
[FR Doc. 2016-20517 Filed 8-25-16; 8:45 am]
 BILLING CODE 6210-01-P