Supervisory Rating System for Financial Market Infrastructures, 58932-58939 [2016-20517]

Download as PDF 58932 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices organization, or request description. Records concerning initial requests under the FOIA and the Privacy Act are maintained by the FOIA Public Liaison in FOIAonline. Inquiries regarding these records should be addressed to the FOIA Public Liaison, Federal Communications Commission (FCC), 445 12th Street SW., Washington, DC 20554. Records concerning administrative appeals for access requests under the FOIA and records concerning administrative appeals for access requests and accountings of disclosure requests under the Privacy Act are maintained by the FCC’s Office of General Counsel and in FOIAonline. Inquiries regarding these records should be addressed to the General Counsel, Office of General Counsel, Federal Communications Commission (FCC), 445 12th Street SW., Washington, DC 20554 or to FOIA-Appeal@fcc.gov. mstockstill on DSK3G9T082PROD with NOTICES SAFEGUARDS: Access to the file cabinets containing paper records in this system are maintained in the FOIA Public Liaison’s office and in the bureau or office suites accessible through card-coded main doors. The FOIA file cabinets in the office of the FOIA Public Liaison are locked at the end of the business day. Access to these FOIA files is restricted to authorized supervisors and staff who are responsible for responding to the FOIA requests or appeals. The electronic records, files, and data are housed in FOIAonline and in the FCC’s computer network. Access to the electronic files is restricted to staff in the bureaus and offices who are responsible for responding to FOIA requests, and to the Information Technology Center (ITC) staff and contractors who maintain the FCC’s computer network. Other FCC employees and contractors may be granted access on a ‘‘need-to-know’’ basis. The FCC’s computer network databases are protected by the FCC’s IT privacy safeguards, a comprehensive and dynamic set of IT safety and security protocols and features that are designed to meet all Federal IT privacy standards, including those required by the National Institute of Standards and Technology (NIST) and the Federal Information Security Management Act (FISMA). RETENTION AND DISPOSAL: Records are retained and disposed of in accordance with the National Archives and Records Administration’s General Records Schedule 4.2, Items 020, 040, 050, 070, and 090. VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 SYSTEM MANAGER(S) AND ADDRESS: EXEMPTIONS CLAIMED FOR THE SYSTEM: FOIA Public Liaison, Office of Managing Director (OMD), Federal Communications Commission (FCC), 445 12th Street SW., Washington, DC 20554. FOIAonline is managed by the U.S. Environmental Protection Agency, Office of Information Collection, 1200 Pennsylvania Ave. NW., Washington, DC 20460. Individuals wishing to determine whether this system of records contains information about them may do so by writing to FOIA Public Liaison, Office of Managing Director (OMD), Federal Communications Commission (FCC), 445 12th Street SW., Washington, DC 20554, email: FOIA@fcc.gov. Individuals must furnish reasonable identification by showing any two of the following: Social security card; driver’s license; employee identification card; Medicare card; birth certificate; bank credit card; or other positive means of identification, or by signing an identity statement stipulating that knowingly or willfully seeking or obtaining access to records about another person under false pretenses is punishable by a fine of up to $5,000. Individuals requesting access to records concerning themselves must also comply with the FCC’s Privacy Act regulations regarding verification of identity and access to records (5 CFR part 0, subpart E). RECORD ACCESS PROCEDURES: Access to information about FOIA requests and appeals is available through FOIAonline, https:// foiaonline.regulations.gov/foia/action/ public/home. Individuals wishing additional information about records in this system should follow the Notification Procedure above. Individuals wishing to contest information pertaining to him or her in the system of records should follow the Notification Procedure above. RECORD SOURCE CATEGORIES: The sources for the information in this system of records are the individuals making requests under FOIA or the Privacy Act; the individuals who are the subjects of FOIA or Privacy Act requests; the attorneys or representatives of the requesters and the subjects of the requests; communication between FCC organizational units (bureaus and offices), and the investigative materials and related documentation and decisions involved in appeals, amendments, and litigation concerning FOIA responses, etc. Fmt 4703 Sfmt 4703 [FR Doc. 2016–20515 Filed 8–25–16; 8:45 am] BILLING CODE 6712–01–P [Docket No. OP–1521] Supervisory Rating System for Financial Market Infrastructures Board of Governors of the Federal Reserve System. ACTION: Notice. AGENCY: Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) granted the Board of Governors of the Federal Reserve System (Board) enhanced authority to supervise financial market utilities that are designated as systemically important by the Financial Stability Oversight Council (financial market utilities are defined to comprise a subset of the entities that, outside the United States, are generally called financial market infrastructures or FMIs). In addition, the Board may have direct supervisory authority over other FMIs subject to its jurisdiction. The Board has approved the use of the ORSOM (Organization; Risk Management; Settlement; Operational Risk and Information Technology (IT); and Market Support, Access, and Transparency) rating system in reviews of FMIs by the Board and, under delegated authority, the Federal Reserve Banks (collectively, the Federal Reserve). SUMMARY: The Board will begin using the FMI rating system on October 27, 2016. FOR FURTHER INFORMATION CONTACT: Stuart Sperry, Deputy Associate Director (202) 452–2832 or Kristopher Natoli, Manager (202) 452–3227, Division of Reserve Bank Operations and Payment Systems; Evan H. Winerman, Counsel (202) 872–7578, Legal Division; for users of Telecommunications Device for the Deaf (TDD) only, contact (202) 263– 4869. SUPPLEMENTARY INFORMATION: DATES: CONTESTING RECORD PROCEDURES: Frm 00031 Gloria J. Miles, Federal Register Liaison Officer, Office of the Secretary. FEDERAL RESERVE SYSTEM NOTIFICATION PROCEDURE: PO 00000 None. Federal Communications Commission. Background FMIs are multilateral systems that transfer, clear, settle, or record payments, securities, derivatives, or other financial transactions among participants or between participants and the FMI operator. FMIs include payment E:\FR\FM\26AUN1.SGM 26AUN1 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices mstockstill on DSK3G9T082PROD with NOTICES systems, central securities depositories, securities settlement systems, central counterparties, and trade repositories. FMIs can strengthen the markets that they serve and play a critical role in fostering financial stability. If not properly managed, however, they can pose significant risks to the financial system and be a potential source of contagion, particularly in periods of market stress. For example, improperly managed FMIs can be sources of financial shocks or channels through which shocks are transmitted across domestic and international financial markets. The Federal Reserve supervises certain FMIs that provide payment, clearing, and settlement services for critical U.S. financial markets. Specifically, under Title VIII of the Dodd-Frank Act, the Federal Reserve is the Supervisory Agency for certain designated financial market utilities (DFMUs).1 These DFMUs are subject to risk-management standards set out in Regulation HH.2 In addition, the Federal Reserve may have supervisory authority over FMIs that are operated by state member banks, Edge or agreement corporations, or bank holding companies. Furthermore, the Board supervises FMIs that are operated by the Federal Reserve Banks, such as the Fedwire Funds Service.3 These latter two categories of FMIs are expected to meet the risk-management standards set out in the Board’s Payment System Risk (PSR) policy.4 The risk management standards set out in both Regulation HH and the PSR policy are based on the 1 The term financial market utility (FMU) is defined in Title VIII as ‘‘any person that manages or operates a multilateral system for the purpose of transferring, clearing, or settling payments, securities, or other financial transactions among financial institutions or between financial institutions and the person’’ (12 U.S.C. 5462(6)). FMUs are a subset of FMIs; for example, trade repositories are excluded from the definition of an FMU. Pursuant to section 804 of the Dodd-Frank Act, the Financial Stability Oversight Council (Council) is required to designate those FMUs that the Council determines are, or are likely to become, systemically important. Such a designation by the Council makes an FMU subject to the supervisory framework set out in Title VIII of the Dodd-Frank Act. The term Supervisory Agency is defined in Title VIII as the ‘‘Federal agency that has primary jurisdiction over a designated financial market utility under Federal banking, securities, or commodity futures laws’’ (12 U.S.C. 5462(8)). Currently, the Board is the Supervisory Agency for two DFMUs: (i) The Clearing House Payments Company, L.L.C., on the basis of its role as operator of the Clearing House Interbank Payments System (CHIPS), and (ii) CLS Bank International (CLS). 2 12 CFR 234.3. 3 See Sections 11(a)(1) and 11(j) of the Federal Reserve Act, 12 U.S.C. 248(a)(1) and 248(j). 4 The Board’s PSR policy is available at http:// www.federalreserve.gov/paymentsystems/files/psr_ policy.pdf. VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 Principles for Financial Market Infrastructures (PFMI).5 The ORSOM (Organization; Risk Management; Settlement; Operational Risk and IT; and Market Support, Access, and Transparency) rating system is a supervisory tool that the Federal Reserve will use to provide a consistent internal framework for performing FMI assessments across the Federal Reserve’s FMI portfolio.6 The ORSOM rating system will be applied to DFMUs for which the Board is the Supervisory Agency pursuant to Title VIII, other FMIs over which the Board has supervisory authority because they are members of the Federal Reserve System, and FMIs that are operated by the Federal Reserve Banks.7 The Federal Reserve will convey the annual rating to a DFMU’s management and board of directors. The rating system is designed to link supervisory assessments and messages to the regulations and guidance that form the foundation of the supervisory program, such as Regulation HH and the PSR policy. The Board issued a notice requesting comments on all aspects of the rating system.8 Summary of Public Comments and Analysis The Board received two public comment letters on the notice and request for comment. The Board considered these comments in developing its final FMI rating system. Except as noted herein, the Board is adopting the rating system’s text as proposed.9 5 The PFMI, published by the Committee on Payment and Settlement Systems (now the Committee on Payments and Market Infrastructures) and the Technical Committee of the International Organization of Securities Commissions in April 2012, is widely recognized as the most relevant set of international risk-management standards for payment, clearing, and settlement systems. 6 The ORSOM rating system replaces the Federal Reserve’s existing rating system, which is referred to as SCIISO. SCIISO stands for Supervision and organization; Compliance, Internal controls and audit; Information technology/electronic data processing; Settlements and liquidity; and General Organization. SCIISO was originally developed to facilitate the Federal Reserve’s supervision of the Depository Trust Company, but subsequently was adapted and applied to The Clearing House Payments Company LLC as operator of the CHIPS payment system, CLS Bank International, and the Warehouse Trust Company LLC. The Federal Reserve did not seek public comment when SCIISO was introduced. 7 At present, the first group includes CLS and CHIPS, the second group includes the Depository Trust Company, and the third group includes Fedwire Funds Service and Fedwire Securities Service. 8 80 FR 70211 (Nov. 13, 2015). 9 The Board is also making several technical edits, which are not specifically addressed in the discussion below. PO 00000 Frm 00032 Fmt 4703 Sfmt 4703 58933 Overall Approach The Board proposed to use the ORSOM rating system as a supervisory tool for providing a consistent internal framework for performing annual FMI assessments across the Federal Reserve’s FMI portfolio, which includes DFMUs for which the Board is the Supervisory Agency pursuant to Title VIII, other FMIs over which the Board has supervisory authority because they are members of the Federal Reserve System, and FMIs that are operated by the Federal Reserve Banks. Commenters were generally supportive of the Board’s effort to establish a consistent approach to rating FMIs. Both commenters, however, raised two general concerns about the Board’s overall approach: (1) That the rating system would create new obligations beyond those that already exist in Regulation HH and (2) that an FMI’s rating would depend excessively on supervisory judgment. The Board’s FMI rating system is an internal supervisory tool that is intended to assist supervisors in assessing FMIs against regulatory requirements, but it does not create any new obligations or requirements for FMIs. In establishing a consistent internal framework for discussing FMI assessments, the FMI rating system instructs supervisory staff to consider relevant regulations and related guidance. The explanatory language provided for each of the rating system’s categories is intended to describe generally the range of issues covered in each category’s relevant regulations and guidance. The Board has revised the ratings system to address concerns that it expands on already-applicable requirements. For example, the Board has added clarifying language to the rating system’s Introduction section and made technical edits throughout to align each category’s explanatory language more closely with Regulation HH’s text. With regard to the role that supervisory judgment plays in determining an FMI’s rating, the Board believes that the rating system must provide examiners with the ability to use their expertise and judgment when determining an FMI’s rating. An FMI’s category and composite ratings reflect many factors that may vary in importance for each FMI. Supervisory staff’s judgment will be guided by the relevant regulations and guidance, as well as by the Board’s internal processes for ensuring consistent treatment of similarly situated FMIs. The Board agrees with commenters that supervisory staff should explain the supervisory judgment underlying an FMI’s rating. The rating system is E:\FR\FM\26AUN1.SGM 26AUN1 58934 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices mstockstill on DSK3G9T082PROD with NOTICES designed to facilitate a clear and logical discussion of the FMI’s condition with the FMI’s management and board of directors. Supervisory staff will continue its current practice of explaining the factors that determine an FMI’s rating. Alignment With Regulation HH Commenters requested that the Board make multiple changes to the rating system that would align the rating system more closely with the text of Regulation HH. The rating system is fundamentally derived from, and should reflect, the requirements of Regulation HH and the PSR policy. Therefore, the Board made technical clarifications throughout the rating system to align explanatory language more closely with Regulation HH’s text. Examples include changing the explanatory language in the Board and Management Oversight subcomponent of the Organization category to specify that the requirement for independent validation focuses on risk-management models; the Risk Management category to reflect verbatim Regulation HH’s requirement pertaining to recovery and orderly wind-down plans; and the Settlement category to reflect verbatim Regulation HH’s requirement that FMIs provide clear and certain final settlement. Both commenters raised concerns regarding the explanatory language in the Market Support, Access and Transparency category, which states that ‘‘the analysis under this category considers . . the efficiency with which [the FMI] consumes resources in providing its services.’’ Commenters believed that this language was vague. The Board is retaining this language in the ratings system guidance because Regulation HH requires that a DFMU operate efficiently.10 The Board explained this concept in preamble text to the notice of proposed rulemaking with respect to these provisions of Regulation HH, stating that ‘‘efficiency generally encompasses what a DFMU chooses to do, how it does it, and the resources required by the DFMU to perform its functions.’’ 11 As the Board explained further, ‘‘there is an inherent tradeoff between safety (that is, risk management) and efficiency (that is, direct and indirect costs) in the design and management of a designated FMU.’’ 12 The Board noted that ‘‘[a] designated FMU’s design; operating structure; scope of payment, clearing, and settlement activities; and use of technology can influence its efficiency 12 CFR 234.3(a)(21). FR 3666, 3685 (Jan. 22, 2014). 12 Id. at 3685–86. and can ultimately provide incentives for market participants to use, or not use, the designated FMU’s services. In certain cases, inefficiently designed systems may increase operational costs to the point that it would be cost prohibitive for participants to use the designated FMU. As a result, the inefficiency could drive market participants toward less-safe alternatives, such as bilateral clearing or settlement on the books of the participants.’’ 13 References to Relevant Statutes, Regulations and Guidance One commenter requested that the Board provide more specific examples of the relevant guidance to which examiners would refer when determining an FMI’s rating. For each category, the Board has, to the extent possible, specified the relevant statutes, regulations, and guidance that factor into that category’s rating. In the case of the Operational Risk and IT category, the Board refers to ‘‘FFIEC and relevant industry guidance.’’ In assessing an FMI’s performance under Regulation HH’s requirements with respect to operational risk and cybersecurity policies and procedures,14 the Board will be guided by leading information, communication and technology (ICT) and information and cyber security standards and guidelines. Some of these standards and guidelines are reflected in Federal Reserve and FFIEC guidance, as well as guidance supporting the PFMI (such as CPMI–IOSCO’s forthcoming Guidance on Cyber Resilience for Financial Market Infrastructures). The Board believes that in light of the rapidly evolving IT and cyber risk landscapes, further specification of relevant industry guidance would date itself quickly. Further, as the Board has stated, the rating system is an internal supervisory tool that does not create new regulatory requirements. DFMUs subject to the jurisdiction of the Federal Reserve as the Supervisory Agency under Title VIII of the Dodd-Frank Act should adhere to, and will be assessed against, Regulation HH’s provisions, and examiners will clearly communicate with the FMIs the standards against which they are being rated. Board and Management Responsiveness The proposed text of the Board and Management Oversight stated that ‘‘[t]his rating evaluates how effectively the board of directors and senior management guide and manage the FMI, and ensure that the FMI operates in a 10 See 11 79 VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 13 Id. 14 12 PO 00000 CFR 234.3(a)(17). Frm 00033 Fmt 4703 Sfmt 4703 safe and sound manner; specific considerations in this regard include management’s responsiveness to supervisory concerns.’’ One commenter requested the Board confirm its understanding that this language refers to issues that the Board identifies and that the FMI agrees to address and not to issues that are subject to a formal appeals process. FMI ratings are an internal tool for Federal Reserve supervisors, and, unlike ratings of insured depository institutions and their holding companies, do not carry any automatic implications with respect to supervisory or regulatory interventions or requirements. Therefore, the Board does not have a formal appeals process for its supervisory ratings at this time. The Board expects FMI management to respond appropriately to supervisory concerns. Title VIII requires the Board to prescribe risk management standards governing DFMUs’ operations related to payment, clearing, and settlement activities, and to conduct annual examinations of relevant DFMUs for which it is the Supervisory Agency to determine, among other things, their safety and soundness, as well as their compliance with Title VIII and any rules and orders prescribed thereunder. If supervisory staff believes that a DFMU’s board and management are failing to respond to supervisory concerns and thereby undermining the DFMU’s safety and soundness or threatening financial stability, supervisory staff will incorporate that determination into its assessment of board and management oversight, regardless of whether the board and management disagree with supervisory staff’s conclusions. Text of the Supervisory Rating System for FMIs Introduction Under the ORSOM rating system for financial market infrastructures (FMIs), the Federal Reserve develops a rating for each of the ORSOM categories and rolls those category ratings into an overall composite rating. The rating system is designed to (1) be clearly tied to relevant Federal Reserve regulations and guidance, (2) facilitate a clear and logical discussion of the FMI’s condition with the FMI’s management and board of directors, (3) be easily understood and used by both supervisors and FMIs, (4) be flexible, (5) facilitate comprehensive and consistent assessments across the Federal Reserve’s FMI portfolio, and (6) promote financial stability by ensuring that systemically important FMIs understand and are held to the Federal Reserve’s rigorous riskmanagement standards. Importantly, the E:\FR\FM\26AUN1.SGM 26AUN1 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices rating system is an internal supervisory tool that does not create new regulatory requirements; the explanatory language provided for each of the ratings system’s categories is intended to describe generally the range of issues covered in each category’s relevant regulations and guidance. Additionally, the rating system is designed to allow for supervisory judgment and discretion, and should not be viewed as establishing a formula for determining an FMI’s rating. Each of the assigned ratings, including the composite rating, should reflect supervisory judgment about the importance of the individual categories and issues as they pertain to the FMI. Relevant provisions of Regulation HH and the Payment System Risk (PSR) policy, which are reflected in each rating category, help to organize and structure each category’s rating. The criticality of categories and issues, however, may differ among FMIs because of factors such as their differing services, risk profiles, and operational and organizational structures. An FMI’s rating will also take into account the FMI’s responsiveness to supervisory concerns and the demonstrated effectiveness of any measures that the FMI has implemented to address the root cause of those concerns. Categories The ORSOM rating system consists of the following five categories, which were selected to highlight broadly the risk management issues that FMIs face, to guide supervisory examinations, and to provide a structure for organizing assessment letters: mstockstill on DSK3G9T082PROD with NOTICES • • • • • Organization Risk Management Settlement Operational Risk and IT Market Support, Access, and Transparency Analysis of the issues considered under each category should be consistent with Regulation HH, the PSR policy, and relevant guidance, such as supervision and regulation (SR) letters and guidance of the Federal Financial Institutions Examination Council (FFIEC). The categories’ order is not a reflection of their relative importance. The weight prescribed to either a category or a category’s components is a matter of supervisory judgment and expertise, and may differ among FMIs. In addition, supervisory staff’s assessment of an FMI should take into account the categories’ interrelationships and the FMI’s entire risk management framework, and should integrate knowledge derived from all available sources, including VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 examination work, continuous monitoring efforts, and other relevant sources (for example, the processes set forth in Regulation HH and Board policy regarding advance notice of material changes proposed by designated financial market utilities (DFMUs) and the Federal Reserve Banks’ Fedwire services, respectively, and lessons learned from market events). Finally, an FMI’s category rating should reflect consideration of the demonstrated effectiveness of any remediation measures that the FMI has implemented to address the root cause of supervisory concerns. Organization The foundations of an FMI’s risk management framework are its management and governance structures, which include the board of directors’ and management’s authority, responsibilities, and reporting. The Organization category evaluates the FMI’s overarching objectives, and the ability of the FMI’s board and management to implement them. This category also considers the relationships among the FMI’s relevant stakeholders and their influence on the FMI’s business strategy. Further, analysis under this category considers the independence and effectiveness of the FMI’s internal audit function and its ability to inform the board and management about the robustness of the FMI’s risk management and control processes. As a result, the Organization category contains two subcomponents, Board and Management Oversight, and Internal Audit. The FMI’s assessment under these subcomponents is reflected in a single category rating.1 Board and Management Oversight The Board and Management Oversight subcomponent addresses the organization and conduct of the FMI’s board of directors and senior management. It assesses the structure and effectiveness of the FMI’s legal and compliance risk monitoring and management framework. This rating evaluates how effectively the board of directors and senior management guide and manage the FMI, and ensure that the FMI operates in a safe and sound manner; specific considerations in this regard include management’s responsiveness to supervisory concerns. 1 The Board and Management Oversight and the Internal Audit subcomponents are not individually rated; they represent matters examiners should consider when assigning the Organization category rating. Depending on the issues at the FMI, examiners should use their judgment in weighting each of these subcomponents in their assessment of the Organization category overall. PO 00000 Frm 00034 Fmt 4703 Sfmt 4703 58935 This rating component also evaluates the board’s effectiveness at establishing the FMI’s objectives, strategy, and risk tolerances, and management’s effectiveness at ensuring that the FMI’s activities are consistent with them. Specific considerations in this regard include the board’s effectiveness in setting strategic objectives, developing a risk-management framework, creating clear and responsive corporate governance structures, and establishing corporate risk tolerances. This rating also evaluates the effectiveness of the FMI’s governance program for risk models and its use of independent validation mechanisms to validate the FMI’s risk-management model methodologies and output. Relevant statutes, regulations and guidance include— • Regulation HH § 234.3(a)(1)–(3) (excluding (a)(2)(iv)(I)) • Regulations implementing the Bank Secrecy Act (BSA) 2 and sanctions programs administered by the Office of Foreign Assets Control (OFAC) • PSR policy: Legal Basis (Principles for Financial Market Infrastructures (PFMI) 1), Governance (PFMI 2, excluding references to internal audit), Framework for Comprehensive Management of Risks (PFMI 3, excluding references to internal audit) Internal Audit The Internal Audit subcomponent reflects the ability and independence of the FMI’s internal audit function to assess risk and to inform the board and management. An FMI should have an effective internal audit function with sufficient resources and independence from management to provide a rigorous and unbiased assessment of the FMI’s risk profile and risk exposure, including financial and operational risk, as well as the effectiveness of risk management and controls. The Internal Audit subcomponent assesses the internal audit function’s day-to-day management, including its annual risk assessment, audit program, quality of work papers, quality assurance, planning and reporting, and training.3 2 The BSA is codified at 31 U.S.C. 5311 et seq., 12 U.S.C. 1829b, and 12 U.S.C. 1951–1959. Federal Reserve supervised institutions that are subject to the BSA include state member banks (Regulation H, 12 CFR 208), bank holding companies (Regulation Y, 12 CFR 225), Edge and agreement corporations, and foreign banking organizations operating in the United States (Regulation K, 12 CFR 211). The U.S. Department of the Treasury’s Financial Crimes Enforcement Network has published regulations implementing the BSA at 31 CFR Part X. 3 The Internal Audit subcomponent does not assess the board’s effectiveness at establishing and overseeing an internal audit function at the FMI; E:\FR\FM\26AUN1.SGM Continued 26AUN1 58936 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices Relevant regulations and guidance include— • Regulation HH § 234.3(a)(2)(iv)(I) • Audit guidance applicable to the FMI (for example, Institute of Internal Auditors, FFIEC, SR Letters, Bank for International Settlements, and ISACA) • PSR policy: Governance (PFMI 2, as it pertains to internal audit), Framework for Comprehensive Management of Risks (PFMI 3, as it pertains to internal audit), Operational Risk (PFMI 17, as it pertains to internal audit) mstockstill on DSK3G9T082PROD with NOTICES Risk Management The Risk Management category evaluates the effectiveness of the FMI’s risk management, including the availability to the FMI of acceptable financial resources to contain and manage losses and liquidity pressures, and the FMI’s ability to meet its obligations in the event of a participant’s default. Further, the rating assesses whether the FMI has developed a risk-management framework that includes integrated plans for the FMI’s recovery and orderly wind-down, and the viability of its capital plan. The rating also considers the FMI’s ability and practices in safeguarding its own assets and those of its participants, and the FMI’s ability to ensure those assets are readily available and convertible into cash with minimum losses. In addition, the Risk Management rating assesses the FMI’s awareness, mitigation, or management of the material risks that its participants’ customers and other FMIs indirectly introduce. Relevant regulations and guidance include— • Regulation HH § 234.3(a)(4)–(7), (14)– (16), (19)–(20) • PSR policy: Credit risk (PFMI 4), Collateral (PFMI 5), Margin (PFMI 6), Liquidity risk (PFMI 7), Segregation and Portability (PFMI 14), General Business Risk (PFMI 15), Custody and Investment Risks (PFMI 16), Tiered Participation Arrangements (PFMI 19), and FMI Links (PFMI 20) Settlement Final settlement is the irrevocable and unconditional transfer of an asset or financial instrument, or the discharge of an obligation by an FMI or its participants in accordance with the underlying contract’s terms. Settlement risk, which is the risk that settlement will not take place as expected, is a key risk that FMIs and their participants face. Failure to settle a transaction on that is assessed in the Board and Management Oversight subcomponent. VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 time and in full can create liquidity and credit problems for an FMI or its participants, with potential systemic implications. This is especially true during a participant default event. Welldesigned, clearly articulated, and effectively disclosed default management rules are imperative to maintaining market confidence in the event of a participant default. The Settlement category focuses on the risk-management tools that an FMI uses to ensure settlement takes place as expected, and the default management procedures the FMI follows in the event of a participant default. The rating assesses the FMI’s ability to provide clear and certain final settlement, and its ability to manage the risks related to money settlements and the delivery of physical assets. The rating also includes central securities depositories’ abilities to safeguard the rights of securities issuers and holders, and to ensure the integrity of the securities issues that they hold in custody. Finally, this category includes assessing the adequacy of the FMI’s participant default rules and procedures, and the steps that the FMI takes to ensure that it is prepared to execute them. Relevant regulations and guidance include— • Regulation HH § 234.3(a)(8)–(13) • PSR Policy: Settlement Finality (PFMI 8), Money Settlements (PFMI 9), Physical Deliveries (PFMI 10), Central Securities Depositories (PFMI 11), Exchange-of-Value Settlement Systems (PFMI 12), and Participant Default Rules and Procedures (PFMI 13) Operational Risk and IT FMIs face significant operational and IT risks in their provision of post-trade services. Operational risk entails deficiencies in information systems, internal processes, and personnel, or disruptions from external events that may result in the reduction, deterioration, or breakdown of services provided by an FMI. FMIs are expected to ensure that, through the development of appropriate systems, controls, and procedures, their operations and IT infrastructure are reliable, secure, and have adequately scalable capacity. FMIs’ information security practices and controls are expected to be strong and effective. FMIs should protect and secure the systems, media, and facilities that process and maintain information vital to their operations in the context of a continually changing threat landscape. Further, FMIs are expected to have robust business continuity plans that allow for the rapid recovery and timely resumption of critical operations. PO 00000 Frm 00035 Fmt 4703 Sfmt 4703 FMIs are expected to test and update these plans regularly. The Operational Risk and IT category focuses on the FMI’s operational reliability and its ability to support the safe and continuous functioning of the markets that it serves. This category considers the FMI’s operational risk management framework and IT infrastructure, including the adequacy of the FMI’s operational risk management governance, internal controls, physical and information security, data management, capacity management, and business continuity plan. Relevant regulations and guidance include— • Regulation HH § 234.3(a)(17) • PSR Policy: Operational Risk (PFMI 17, excluding references to internal audit) • Interagency Paper on Sound Practices to Strengthen Resilience of the U.S. Financial System • FFIEC, relevant industry IT & cybersecurity guidance, and CPMI– IOSCO guidance supporting the PFMI. Market Support, Access, and Transparency FMIs should be designed and operated to meet the needs of their participants and the markets that they serve. Access to FMIs’ services is often necessary for meaningful participation in the markets that they serve, and FMIs’ efficiency and effectiveness can influence financial activity and market structure. Also, access to, and understanding of, relevant information about an FMI fosters confidence among participants and the public. The Market Support, Access, and Transparency category focuses on the FMI’s efforts to support the markets it serves, to ensure fair and open access to its services (while balancing the FMI’s safety and efficiency), and to provide participants with the information necessary to understand the risks and responsibilities attendant with their participation in the FMI. Analysis under this category considers, among other things, the FMI’s implementation of risk-based, objective participation requirements; its member monitoring framework; the efficiency with which it consumes resources in providing its services; and the adequacy of its disclosure of its rules, its key procedures, and its legal, governance, risk management, and operating framework. Relevant regulations and guidance include— • Regulation HH § 234.3(a)(18), (21)– (23) E:\FR\FM\26AUN1.SGM 26AUN1 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices • PSR policy: Access and Participation Requirements (PFMI 18), Efficiency and Effectiveness (PFMI 21), Communication Procedures and Standards (PFMI 22), Disclosure of Rules, Key Procedures, and Market Data (PFMI 23), Disclosure of Market Data by Trade Repositories (PFMI 24) mstockstill on DSK3G9T082PROD with NOTICES Category Ratings FMIs receive a rating for each ORSOM category based on an evaluation of the FMI against that category’s key attributes as described herein. Regulation HH prescribes riskmanagement standards for DFMUs for which the Board or another federal banking agency is the Supervisory Agency under Title VIII of the DoddFrank Act. Other FMIs subject to Federal Reserve supervision—for example, other DFMUs over which the Board has supervisory authority because they are members of the Federal Reserve System, and FMIs that are operated by the Federal Reserve Banks—are subject to the Federal Reserve Act and the expectations set out in the Federal Reserve’s PSR policy. An FMI’s rating should be consistent with the expectations set forth in Regulation HH, the PSR policy, and relevant supervisory guidance, such as SR letters and FFIEC guidance.4 The rating scale ranges from 1 to 5, with a rating of 1 indicating the strongest performance and, therefore, the level of least supervisory concern. A rating of 5 indicates the most critically deficient level of performance and, therefore, the greatest level of supervisory concern. Importantly, an FMI’s category rating should reflect supervisory judgment and expertise as to the materiality of any issues identified based on the resulting effect those issues have on the safety and soundness of the FMI, the growth of systemic risks, or the stability of the broader financial system.5 A common set of definitions for each rating level is applied across all of the ORSOM categories. These general definitions focus on broad supervisory interests, which are— • the extent to which any issues identified, either individually or cumulatively, are issues of concern for the safety and soundness of the FMI or the stability of the broader financial system. 4 DFMUs subject to the jurisdiction of the Federal Reserve under Title VIII of the Dodd-Frank Act should adhere to, and will be assessed against, Regulation HH’s provisions and any other regulation directly applicable to that DFMU, and any supervisory guidance would be applicable only insofar as it is consistent with Regulation HH and other directly applicable regulations. 5 See Dodd-Frank Act Section 805, 12 U.S.C. 5464(b). VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 • the immediacy with which the FMI is expected to remedy the issues, and the extent to which close supervisory monitoring of the FMI’s remediation efforts, or supervisory action, is needed.6 Supervisors may identify multiple issues with differing degrees of concern. In such cases, supervisors typically should assign the category a rating that reflects their judgment of the severity of the most serious concerns identified. For example, if a payment system meets the majority of supervisory standards for the Settlement category, but only partly observes the risk management standard pertaining to settlement finality, then, because of that issue’s criticality to a payment system, the payment system’s rating for the Settlement category should reflect its weaknesses with regard to that key risk management standard. 1: Strong • Any issues identified, either individually or cumulatively, are not issues of concern with respect to the category’s supervisory guidance. For example, the FMI observes all of the key risk management standards in Regulation HH or the PSR policy, as applicable.7 • The FMI can correct any issues identified in the normal course of business and focused supervisory monitoring of the FMI’s remediation efforts is not needed. 2: Satisfactory • Any issues identified, either individually or cumulatively, are not presently issues of concern with respect to the category’s supervisory guidance, but may become so if left uncorrected. For example, the FMI either observes or broadly observes the key risk management standards in Regulation HH or the PSR policy, as applicable. 6 FMIs are responsible for remedying supervisory concerns. Supervisory action in this context refers to the range of supervisory measures that relevant laws authorize the Federal Reserve to take. These include issuing a matter requiring attention or matter requiring immediate attention; entering into a memorandum of understanding with the FMI; or more severe enforcement action measures as authorized under Title VIII of the Dodd-Frank Act or other relevant laws. 7 The applicable standards are based on the Federal Reserve’s source of authority. DFMUs for which the Federal Reserve acts as the Supervisory Agency under Title VIII of the Dodd-Frank Act are subject to Regulation HH. Other FMIs subject to Federal Reserve supervision, for example, by virtue of being members of the Federal Reserve System, are subject to the Federal Reserve Act and the expectations set out in the Federal Reserve’s PSR policy. The applicable standards in both Regulation HH and the PSR policy are based on the PFMI. The Board has stated that it does not intend for differences in language in the two documents to lead to inconsistent policy results. PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 58937 • The FMI can correct any issues identified in the normal course of business, but limited, focused supervisory monitoring of the FMI’s remediation efforts may be needed. 3: Fair • One or more issues identified, either individually or cumulatively, are issues of concern with respect to the category’s supervisory guidance. For example, the FMI, at a minimum, broadly observes most of the key risk management standards in Regulation HH or the PSR policy, as applicable, but may partly observe some of them. • The FMI should correct one or more of the issues of concern identified within a defined period, focused supervisory monitoring of the FMI’s remediation efforts is likely needed, and supervisory action may be needed. 4: Marginal • One or more issues identified, either individually or cumulatively, are substantial issues of concern with respect to the category’s supervisory guidance. For example, the FMI only partly observes many key risk management standards in Regulation HH or the PSR policy, as applicable, and may not observe some of them. • The FMI should correct one or more of the issues of concern identified immediately, focused supervisory monitoring of the FMI’s remediation efforts is needed, and supervisory action is likely. 5: Unsatisfactory • One or more issues identified, either individually or cumulatively, are critical and immediate issues of concern with respect to the category’s supervisory guidance. For example, the FMI does not observe key risk management standards in Regulation HH or the PSR policy, as applicable. • The FMI must correct one or more of the issues of concern identified immediately, and immediate supervisory action and monitoring of the FMI’s remediation efforts are needed. Composite Ratings An FMI’s composite rating indicates whether and to what extent the issues identified, in the aggregate, give cause for supervisory concern. Like the category ratings, an FMI’s composite rating ranges from 1 to 5. A rating of 1 indicates the strongest performance and, therefore, the level of least supervisory concern, and a rating of 5 indicates a critically deficient level of performance and, therefore, the greatest level of supervisory concern. An FMI’s E:\FR\FM\26AUN1.SGM 26AUN1 58938 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices composite rating should not represent a formulaic combination of its category ratings, such as an arithmetic average. Rather, the ratings definitions provide factors that supervisory staff should consider when viewing an FMI’s performance against the totality of relevant regulations and supervisory guidance. 1: Strong • As reflected in its category ratings, an FMI with a composite rating of 1 is substantially sound in every respect and does not give cause for supervisory concern. • Any issues identified do not reflect a pattern of risk management or governance failures and, either individually or cumulatively, are not issues of concern for the safety and efficiency of either the FMI or the markets that it supports. • The FMI can correct any issues identified in the normal course of business and focused supervisory monitoring of the FMI’s remediation efforts is not needed. 2: Satisfactory • As reflected in its category ratings, an FMI with a composite rating of 2 is sound in most respects and does not presently give cause for supervisory concern. • Any issues identified do not reflect a pattern of risk management or governance failures and, either individually or cumulatively, are not presently issues of concern for the safety and efficiency of either the FMI or the markets that it supports, but may become so if left uncorrected. • The FMI can correct any issues identified in the normal course of business, but limited, focused supervisory monitoring of the FMI’s remediation efforts may be needed. mstockstill on DSK3G9T082PROD with NOTICES 3: Fair • As reflected in its category ratings, an FMI with a composite rating of 3 is sound in many respects, but gives cause for some supervisory concern, and supervisory action may be necessary. • Any issues identified, either individually or cumulatively, are issues of concern for the safety and efficiency of either the FMI or the markets that it supports. • The FMI should correct one or more of the issues of concern identified within a defined period and focused monitoring of the FMI’s remediation efforts is likely needed. 4: Marginal • As reflected in its category ratings, an FMI with a composite rating of 4 is VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 unsound in one or more respects and gives cause for substantial supervisory concern, which will likely lead to supervisory action. • Any issues identified, either individually or cumulatively, are substantial issues of concern for the safety and efficiency of either the FMI or the markets that it supports. • The FMI should correct one or more of the issues of concern identified immediately and focused supervisory monitoring of the FMI’s remediation efforts is needed. 5: Unsatisfactory • As reflected in its category ratings, an FMI with a composite rating of 5 is considered critically unsound and gives cause for substantial and immediate supervisory concern and action. • Any issues identified, either individually or cumulatively, are critical and immediate issues of concern for the safety and efficiency of either the FMI or the markets that it supports. • The FMI must correct one or more of the issues of concern identified immediately, and immediate supervisory action and monitoring of the FMI’s remediation efforts are needed. Administrative Law Matters Regulatory Flexibility Act Analysis Congress enacted the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.) to address concerns related to the effects of agency rules on small entities, and the Board is sensitive to the impact its rules may impose on small entities. The RFA requires agencies either to provide a final regulatory flexibility analysis with a final rule or to certify that the final rule will not have a significant economic impact on a substantial number of small entities. The Board received no comments on its initial regulatory flexibility analysis regarding the supervisory rating system for FMIs. The rating system will apply to FMUs that are designated by the Financial Stability Oversight Council under Title VIII of the Dodd-Frank Act as systemically important, for which the Board is the Supervisory Agency, and which are subject to Regulation HH. In addition, the supervisory rating system for FMIs will apply to other DFMUs over which the Board has supervisory authority because they are members of the Federal Reserve System, and FMIs that are operated by the Federal Reserve Banks, pursuant to the PSR policy. Based on current information, none of the FMIs are ‘‘small entities’’ for purposes of the RFA, and so, the rating system likely will not have a significant PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 economic impact on a substantial number of small entities (5 U.S.C. 605(b)). The following final regulatory flexibility analysis, however, has been prepared in accordance with 5 U.S.C. 604, based on current information. 1. Statement of the need for, and objectives of, the rule. The Board is implementing the ORSOM rating system in order to carry out its supervisory responsibilities regarding FMIs under Title VIII of the Dodd-Frank Act and other applicable law, as discussed above. As noted above, the ORSOM rating system is a supervisory tool that the Federal Reserve will use to provide a consistent internal framework for performing FMI assessments across the Federal Reserve’s FMI portfolio, including DFMUs for which the Board is the Supervisory Agency pursuant to Title VIII, other FMIs that are members of the Federal Reserve System, and FMIs that are operated by the Federal Reserve Banks. The Federal Reserve will convey the annual ORSOM rating to a DFMU’s management and board of directors. The rating system is designed to link supervisory assessments and messages to the regulations and guidance that form the foundation of the supervisory program, such as Regulation HH and the PSR policy. 2. Significant issues raised by comments in response to the initial regulatory flexibility analysis. The Board received no public comments in response to the initial regulatory flexibility act analysis, nor did it receive comments from the Chief Counsel for Advocacy of the Small Business Administration. 3. Small entities affected by the rule. Pursuant to regulations issued by the Small Business Administration (SBA) (13 CFR 121.201), a small entity includes an establishment engaged in (i) financial transaction processing, reserve and liquidity services, and/or clearinghouse services with an average annual revenue of $38.5 million or less (NAICS code 522320); (ii) securities and/or commodity exchange activities with an average annual revenue of $38.5 million or less (NAICS code 523210); and (iii) trust, fiduciary, and/or custody activities with an average annual revenue of $38.5 million or less (NAICS code 523991). Based on current information, the Board does not believe that any of the FMIs that would be subject to the ORSOM rating system would be small entities pursuant to the SBA regulation. 4. Projected reporting, recordkeeping, and other compliance requirements. The ORSOM rating system does not impose any reporting or recordkeeping requirements on the relevant FMIs. E:\FR\FM\26AUN1.SGM 26AUN1 Federal Register / Vol. 81, No. 166 / Friday, August 26, 2016 / Notices mstockstill on DSK3G9T082PROD with NOTICES Although the rating system reflects risk management standards set out in Regulation HH, the PSR policy, and other applicable rules and guidance, the ORSOM rating system itself does not impose any compliance requirements. 5. Steps to minimize significant economic impact on small entities consistent with the stated objectives of applicable statutes/discussion of significant alternatives. The rating system will not have an economic impact on small entities. The Board is not aware of any significant alternatives to the rating system that accomplish the objectives of reflecting the relevant risk management standards in the supervisory rating system. at least as stringent as the applicable Regulation HH standards applied to DFMUs that provide similar services. The risk management and transparency expectations in part I of the PSR policy, which applies to the Federal Reserve priced services, are consistent with those in Regulation HH. The ORSOM rating system will be applied equally to both DFMUs subject to Regulation HH and to the other FMIs subject to the Board’s authority, including the Federal Reserve priced services, subject to the PSR policy. Therefore, the Board does not believe the rating system will have any direct and material adverse effect on the ability of other service providers to compete with the Reserve Banks. Competitive Impact Analysis As a matter of policy, the Board subjects all operational and legal changes that could have a substantial effect on payment system participants to a competitive impact analysis, even if competitive effects are not apparent on the face of the proposal. Pursuant to this policy, the Board assesses whether the changes ‘‘would have a direct and material adverse effect on the ability of other service providers to compete effectively with the Federal Reserve in providing similar services’’ and whether any such adverse effect ‘‘was due to legal differences or due to a dominant market position deriving from such legal differences.’’ If, as a result of this analysis, the Board identifies an adverse effect on the ability to compete, the Board then assesses whether the associated benefits—such as improvements to payment system efficiency or integrity—can be achieved while minimizing the adverse effect on competition. DFMUs are subject to the supervisory framework established under Title VIII of the Dodd-Frank Act. At least one DFMU that is subject to Regulation HH competes with a similar service provided by the Reserve Banks. Under the Federal Reserve Act, the Board has general supervisory authority over the Reserve Banks, including the Reserve Banks’ provision of payment and settlement services (Federal Reserve priced services). This general supervisory authority is much more extensive in scope than the authority provided under Title VIII over DFMUs. In practice, Board oversight of the Reserve Banks goes well beyond the typical supervisory framework for private-sector entities, including the framework provided by Title VIII. The Board is committed to applying risk-management standards to the Reserve Banks’ Fedwire Funds Service and Fedwire Securities Service that are Paperwork Reduction Act Analysis In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR part 1320, Appendix A.1), the Board may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a valid Office of Management and Budget (OMB) control number. The Board has reviewed this rating system and determined that it contains no collections of information. VerDate Sep<11>2014 21:17 Aug 25, 2016 Jkt 238001 By order of the Board of Governors of the Federal Reserve System, August 23, 2016. Robert deV. Frierson, Secretary of the Board. [FR Doc. 2016–20517 Filed 8–25–16; 8:45 am] BILLING CODE 6210–01–P FEDERAL RESERVE SYSTEM Change in Bank Control Notices; Acquisitions of Shares of a Bank or Bank Holding Company The notificants listed below have applied under the Change in Bank Control Act (12 U.S.C. 1817(j)) and § 225.41 of the Board’s Regulation Y (12 CFR 225.41) to acquire shares of a bank or bank holding company. The factors that are considered in acting on the notices are set forth in paragraph 7 of the Act (12 U.S.C. 1817(j)(7)). The notices are available for immediate inspection at the Federal Reserve Bank indicated. The notices also will be available for inspection at the offices of the Board of Governors. Interested persons may express their views in writing to the Reserve Bank indicated for that notice or to the offices of the Board of Governors. Comments must be received not later than September 12, 2016. A. Federal Reserve Bank of St. Louis (David L. Hubbard, Senior Manager) P.O. Box 442, St. Louis, Missouri 63166–2034. Comments can also be sent PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 58939 electronically to Comments.applications@stls.frb.org: 1. Gaylon M. Lawrence, Jr., Memphis, Tennessee, to retain shares of Piggott Bankstock, Inc., and thereby indirectly retain control of Piggott State Bank, both in Piggott, Arkansas. Board of Governors of the Federal Reserve System, August 23, 2016. Michele T. Fennell, Assistant Secretary of the Board. [FR Doc. 2016–20531 Filed 8–25–16; 8:45 am] BILLING CODE 6210–01–P FEDERAL RESERVE SYSTEM Formations of, Acquisitions by, and Mergers of Bank Holding Companies The companies listed in this notice have applied to the Board for approval, pursuant to the Bank Holding Company Act of 1956 (12 U.S.C. 1841 et seq.) (BHC Act), Regulation Y (12 CFR part 225), and all other applicable statutes and regulations to become a bank holding company and/or to acquire the assets or the ownership of, control of, or the power to vote shares of a bank or bank holding company and all of the banks and nonbanking companies owned by the bank holding company, including the companies listed below. The applications listed below, as well as other related filings required by the Board, are available for immediate inspection at the Federal Reserve Bank indicated. The applications will also be available for inspection at the offices of the Board of Governors. Interested persons may express their views in writing on the standards enumerated in the BHC Act (12 U.S.C. 1842(c)). If the proposal also involves the acquisition of a nonbanking company, the review also includes whether the acquisition of the nonbanking company complies with the standards in section 4 of the BHC Act (12 U.S.C. 1843). Unless otherwise noted, nonbanking activities will be conducted throughout the United States. Unless otherwise noted, comments regarding each of these applications must be received at the Reserve Bank indicated or the offices of the Board of Governors not later than September 22, 2016. A. Federal Reserve Bank of St. Louis (David L. Hubbard, Senior Manager) P.O. Box 442, St. Louis, Missouri 63166–2034. Comments can also be sent electronically to Comments.applications@stls.frb.org: 1. M&P Community Bancshares, Inc., 401(k) Employee Stock Ownership Plan; to acquire additional shares of M&P Community Bancshares, Inc., for a total of ownership of up to 38 percent, and E:\FR\FM\26AUN1.SGM 26AUN1

Agencies

[Federal Register Volume 81, Number 166 (Friday, August 26, 2016)]
[Notices]
[Pages 58932-58939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-20517]


=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

[Docket No. OP-1521]


Supervisory Rating System for Financial Market Infrastructures

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: Title VIII of the Dodd-Frank Wall Street Reform and Consumer 
Protection Act (Dodd-Frank Act) granted the Board of Governors of the 
Federal Reserve System (Board) enhanced authority to supervise 
financial market utilities that are designated as systemically 
important by the Financial Stability Oversight Council (financial 
market utilities are defined to comprise a subset of the entities that, 
outside the United States, are generally called financial market 
infrastructures or FMIs). In addition, the Board may have direct 
supervisory authority over other FMIs subject to its jurisdiction. The 
Board has approved the use of the ORSOM (Organization; Risk Management; 
Settlement; Operational Risk and Information Technology (IT); and 
Market Support, Access, and Transparency) rating system in reviews of 
FMIs by the Board and, under delegated authority, the Federal Reserve 
Banks (collectively, the Federal Reserve).

DATES: The Board will begin using the FMI rating system on October 27, 
2016.

FOR FURTHER INFORMATION CONTACT: Stuart Sperry, Deputy Associate 
Director (202) 452-2832 or Kristopher Natoli, Manager (202) 452-3227, 
Division of Reserve Bank Operations and Payment Systems; Evan H. 
Winerman, Counsel (202) 872-7578, Legal Division; for users of 
Telecommunications Device for the Deaf (TDD) only, contact (202) 263-
4869.

SUPPLEMENTARY INFORMATION:

Background

    FMIs are multilateral systems that transfer, clear, settle, or 
record payments, securities, derivatives, or other financial 
transactions among participants or between participants and the FMI 
operator. FMIs include payment

[[Page 58933]]

systems, central securities depositories, securities settlement 
systems, central counterparties, and trade repositories. FMIs can 
strengthen the markets that they serve and play a critical role in 
fostering financial stability. If not properly managed, however, they 
can pose significant risks to the financial system and be a potential 
source of contagion, particularly in periods of market stress. For 
example, improperly managed FMIs can be sources of financial shocks or 
channels through which shocks are transmitted across domestic and 
international financial markets.
    The Federal Reserve supervises certain FMIs that provide payment, 
clearing, and settlement services for critical U.S. financial markets. 
Specifically, under Title VIII of the Dodd-Frank Act, the Federal 
Reserve is the Supervisory Agency for certain designated financial 
market utilities (DFMUs).\1\ These DFMUs are subject to risk-management 
standards set out in Regulation HH.\2\ In addition, the Federal Reserve 
may have supervisory authority over FMIs that are operated by state 
member banks, Edge or agreement corporations, or bank holding 
companies. Furthermore, the Board supervises FMIs that are operated by 
the Federal Reserve Banks, such as the Fedwire Funds Service.\3\ These 
latter two categories of FMIs are expected to meet the risk-management 
standards set out in the Board's Payment System Risk (PSR) policy.\4\ 
The risk management standards set out in both Regulation HH and the PSR 
policy are based on the Principles for Financial Market Infrastructures 
(PFMI).\5\
---------------------------------------------------------------------------

    \1\ The term financial market utility (FMU) is defined in Title 
VIII as ``any person that manages or operates a multilateral system 
for the purpose of transferring, clearing, or settling payments, 
securities, or other financial transactions among financial 
institutions or between financial institutions and the person'' (12 
U.S.C. 5462(6)). FMUs are a subset of FMIs; for example, trade 
repositories are excluded from the definition of an FMU. Pursuant to 
section 804 of the Dodd-Frank Act, the Financial Stability Oversight 
Council (Council) is required to designate those FMUs that the 
Council determines are, or are likely to become, systemically 
important. Such a designation by the Council makes an FMU subject to 
the supervisory framework set out in Title VIII of the Dodd-Frank 
Act.
    The term Supervisory Agency is defined in Title VIII as the 
``Federal agency that has primary jurisdiction over a designated 
financial market utility under Federal banking, securities, or 
commodity futures laws'' (12 U.S.C. 5462(8)). Currently, the Board 
is the Supervisory Agency for two DFMUs: (i) The Clearing House 
Payments Company, L.L.C., on the basis of its role as operator of 
the Clearing House Interbank Payments System (CHIPS), and (ii) CLS 
Bank International (CLS).
    \2\ 12 CFR 234.3.
    \3\ See Sections 11(a)(1) and 11(j) of the Federal Reserve Act, 
12 U.S.C. 248(a)(1) and 248(j).
    \4\ The Board's PSR policy is available at http://www.federalreserve.gov/paymentsystems/files/psr_policy.pdf.
    \5\ The PFMI, published by the Committee on Payment and 
Settlement Systems (now the Committee on Payments and Market 
Infrastructures) and the Technical Committee of the International 
Organization of Securities Commissions in April 2012, is widely 
recognized as the most relevant set of international risk-management 
standards for payment, clearing, and settlement systems.
---------------------------------------------------------------------------

    The ORSOM (Organization; Risk Management; Settlement; Operational 
Risk and IT; and Market Support, Access, and Transparency) rating 
system is a supervisory tool that the Federal Reserve will use to 
provide a consistent internal framework for performing FMI assessments 
across the Federal Reserve's FMI portfolio.\6\ The ORSOM rating system 
will be applied to DFMUs for which the Board is the Supervisory Agency 
pursuant to Title VIII, other FMIs over which the Board has supervisory 
authority because they are members of the Federal Reserve System, and 
FMIs that are operated by the Federal Reserve Banks.\7\ The Federal 
Reserve will convey the annual rating to a DFMU's management and board 
of directors. The rating system is designed to link supervisory 
assessments and messages to the regulations and guidance that form the 
foundation of the supervisory program, such as Regulation HH and the 
PSR policy. The Board issued a notice requesting comments on all 
aspects of the rating system.\8\
---------------------------------------------------------------------------

    \6\ The ORSOM rating system replaces the Federal Reserve's 
existing rating system, which is referred to as SCIISO. SCIISO 
stands for Supervision and organization; Compliance, Internal 
controls and audit; Information technology/electronic data 
processing; Settlements and liquidity; and General Organization. 
SCIISO was originally developed to facilitate the Federal Reserve's 
supervision of the Depository Trust Company, but subsequently was 
adapted and applied to The Clearing House Payments Company LLC as 
operator of the CHIPS payment system, CLS Bank International, and 
the Warehouse Trust Company LLC. The Federal Reserve did not seek 
public comment when SCIISO was introduced.
    \7\ At present, the first group includes CLS and CHIPS, the 
second group includes the Depository Trust Company, and the third 
group includes Fedwire Funds Service and Fedwire Securities Service.
    \8\ 80 FR 70211 (Nov. 13, 2015).
---------------------------------------------------------------------------

Summary of Public Comments and Analysis

    The Board received two public comment letters on the notice and 
request for comment. The Board considered these comments in developing 
its final FMI rating system. Except as noted herein, the Board is 
adopting the rating system's text as proposed.\9\
---------------------------------------------------------------------------

    \9\ The Board is also making several technical edits, which are 
not specifically addressed in the discussion below.
---------------------------------------------------------------------------

Overall Approach

    The Board proposed to use the ORSOM rating system as a supervisory 
tool for providing a consistent internal framework for performing 
annual FMI assessments across the Federal Reserve's FMI portfolio, 
which includes DFMUs for which the Board is the Supervisory Agency 
pursuant to Title VIII, other FMIs over which the Board has supervisory 
authority because they are members of the Federal Reserve System, and 
FMIs that are operated by the Federal Reserve Banks. Commenters were 
generally supportive of the Board's effort to establish a consistent 
approach to rating FMIs. Both commenters, however, raised two general 
concerns about the Board's overall approach: (1) That the rating system 
would create new obligations beyond those that already exist in 
Regulation HH and (2) that an FMI's rating would depend excessively on 
supervisory judgment.
    The Board's FMI rating system is an internal supervisory tool that 
is intended to assist supervisors in assessing FMIs against regulatory 
requirements, but it does not create any new obligations or 
requirements for FMIs. In establishing a consistent internal framework 
for discussing FMI assessments, the FMI rating system instructs 
supervisory staff to consider relevant regulations and related 
guidance. The explanatory language provided for each of the rating 
system's categories is intended to describe generally the range of 
issues covered in each category's relevant regulations and guidance. 
The Board has revised the ratings system to address concerns that it 
expands on already-applicable requirements. For example, the Board has 
added clarifying language to the rating system's Introduction section 
and made technical edits throughout to align each category's 
explanatory language more closely with Regulation HH's text.
    With regard to the role that supervisory judgment plays in 
determining an FMI's rating, the Board believes that the rating system 
must provide examiners with the ability to use their expertise and 
judgment when determining an FMI's rating. An FMI's category and 
composite ratings reflect many factors that may vary in importance for 
each FMI. Supervisory staff's judgment will be guided by the relevant 
regulations and guidance, as well as by the Board's internal processes 
for ensuring consistent treatment of similarly situated FMIs.
    The Board agrees with commenters that supervisory staff should 
explain the supervisory judgment underlying an FMI's rating. The rating 
system is

[[Page 58934]]

designed to facilitate a clear and logical discussion of the FMI's 
condition with the FMI's management and board of directors. Supervisory 
staff will continue its current practice of explaining the factors that 
determine an FMI's rating.

Alignment With Regulation HH

    Commenters requested that the Board make multiple changes to the 
rating system that would align the rating system more closely with the 
text of Regulation HH. The rating system is fundamentally derived from, 
and should reflect, the requirements of Regulation HH and the PSR 
policy. Therefore, the Board made technical clarifications throughout 
the rating system to align explanatory language more closely with 
Regulation HH's text. Examples include changing the explanatory 
language in the Board and Management Oversight subcomponent of the 
Organization category to specify that the requirement for independent 
validation focuses on risk-management models; the Risk Management 
category to reflect verbatim Regulation HH's requirement pertaining to 
recovery and orderly wind-down plans; and the Settlement category to 
reflect verbatim Regulation HH's requirement that FMIs provide clear 
and certain final settlement.
    Both commenters raised concerns regarding the explanatory language 
in the Market Support, Access and Transparency category, which states 
that ``the analysis under this category considers . . the efficiency 
with which [the FMI] consumes resources in providing its services.'' 
Commenters believed that this language was vague. The Board is 
retaining this language in the ratings system guidance because 
Regulation HH requires that a DFMU operate efficiently.\10\ The Board 
explained this concept in preamble text to the notice of proposed 
rulemaking with respect to these provisions of Regulation HH, stating 
that ``efficiency generally encompasses what a DFMU chooses to do, how 
it does it, and the resources required by the DFMU to perform its 
functions.'' \11\ As the Board explained further, ``there is an 
inherent tradeoff between safety (that is, risk management) and 
efficiency (that is, direct and indirect costs) in the design and 
management of a designated FMU.'' \12\ The Board noted that ``[a] 
designated FMU's design; operating structure; scope of payment, 
clearing, and settlement activities; and use of technology can 
influence its efficiency and can ultimately provide incentives for 
market participants to use, or not use, the designated FMU's services. 
In certain cases, inefficiently designed systems may increase 
operational costs to the point that it would be cost prohibitive for 
participants to use the designated FMU. As a result, the inefficiency 
could drive market participants toward less-safe alternatives, such as 
bilateral clearing or settlement on the books of the participants.'' 
\13\
---------------------------------------------------------------------------

    \10\ See 12 CFR 234.3(a)(21).
    \11\ 79 FR 3666, 3685 (Jan. 22, 2014).
    \12\ Id. at 3685-86.
    \13\ Id.
---------------------------------------------------------------------------

References to Relevant Statutes, Regulations and Guidance

    One commenter requested that the Board provide more specific 
examples of the relevant guidance to which examiners would refer when 
determining an FMI's rating. For each category, the Board has, to the 
extent possible, specified the relevant statutes, regulations, and 
guidance that factor into that category's rating. In the case of the 
Operational Risk and IT category, the Board refers to ``FFIEC and 
relevant industry guidance.'' In assessing an FMI's performance under 
Regulation HH's requirements with respect to operational risk and 
cybersecurity policies and procedures,\14\ the Board will be guided by 
leading information, communication and technology (ICT) and information 
and cyber security standards and guidelines. Some of these standards 
and guidelines are reflected in Federal Reserve and FFIEC guidance, as 
well as guidance supporting the PFMI (such as CPMI-IOSCO's forthcoming 
Guidance on Cyber Resilience for Financial Market Infrastructures). The 
Board believes that in light of the rapidly evolving IT and cyber risk 
landscapes, further specification of relevant industry guidance would 
date itself quickly. Further, as the Board has stated, the rating 
system is an internal supervisory tool that does not create new 
regulatory requirements. DFMUs subject to the jurisdiction of the 
Federal Reserve as the Supervisory Agency under Title VIII of the Dodd-
Frank Act should adhere to, and will be assessed against, Regulation 
HH's provisions, and examiners will clearly communicate with the FMIs 
the standards against which they are being rated.
---------------------------------------------------------------------------

    \14\ 12 CFR 234.3(a)(17).
---------------------------------------------------------------------------

Board and Management Responsiveness

    The proposed text of the Board and Management Oversight stated that 
``[t]his rating evaluates how effectively the board of directors and 
senior management guide and manage the FMI, and ensure that the FMI 
operates in a safe and sound manner; specific considerations in this 
regard include management's responsiveness to supervisory concerns.'' 
One commenter requested the Board confirm its understanding that this 
language refers to issues that the Board identifies and that the FMI 
agrees to address and not to issues that are subject to a formal 
appeals process. FMI ratings are an internal tool for Federal Reserve 
supervisors, and, unlike ratings of insured depository institutions and 
their holding companies, do not carry any automatic implications with 
respect to supervisory or regulatory interventions or requirements. 
Therefore, the Board does not have a formal appeals process for its 
supervisory ratings at this time.
    The Board expects FMI management to respond appropriately to 
supervisory concerns. Title VIII requires the Board to prescribe risk 
management standards governing DFMUs' operations related to payment, 
clearing, and settlement activities, and to conduct annual examinations 
of relevant DFMUs for which it is the Supervisory Agency to determine, 
among other things, their safety and soundness, as well as their 
compliance with Title VIII and any rules and orders prescribed 
thereunder. If supervisory staff believes that a DFMU's board and 
management are failing to respond to supervisory concerns and thereby 
undermining the DFMU's safety and soundness or threatening financial 
stability, supervisory staff will incorporate that determination into 
its assessment of board and management oversight, regardless of whether 
the board and management disagree with supervisory staff's conclusions.

Text of the Supervisory Rating System for FMIs

Introduction

    Under the ORSOM rating system for financial market infrastructures 
(FMIs), the Federal Reserve develops a rating for each of the ORSOM 
categories and rolls those category ratings into an overall composite 
rating. The rating system is designed to (1) be clearly tied to 
relevant Federal Reserve regulations and guidance, (2) facilitate a 
clear and logical discussion of the FMI's condition with the FMI's 
management and board of directors, (3) be easily understood and used by 
both supervisors and FMIs, (4) be flexible, (5) facilitate 
comprehensive and consistent assessments across the Federal Reserve's 
FMI portfolio, and (6) promote financial stability by ensuring that 
systemically important FMIs understand and are held to the Federal 
Reserve's rigorous risk-management standards. Importantly, the

[[Page 58935]]

rating system is an internal supervisory tool that does not create new 
regulatory requirements; the explanatory language provided for each of 
the ratings system's categories is intended to describe generally the 
range of issues covered in each category's relevant regulations and 
guidance.
    Additionally, the rating system is designed to allow for 
supervisory judgment and discretion, and should not be viewed as 
establishing a formula for determining an FMI's rating. Each of the 
assigned ratings, including the composite rating, should reflect 
supervisory judgment about the importance of the individual categories 
and issues as they pertain to the FMI. Relevant provisions of 
Regulation HH and the Payment System Risk (PSR) policy, which are 
reflected in each rating category, help to organize and structure each 
category's rating. The criticality of categories and issues, however, 
may differ among FMIs because of factors such as their differing 
services, risk profiles, and operational and organizational structures. 
An FMI's rating will also take into account the FMI's responsiveness to 
supervisory concerns and the demonstrated effectiveness of any measures 
that the FMI has implemented to address the root cause of those 
concerns.

Categories

    The ORSOM rating system consists of the following five categories, 
which were selected to highlight broadly the risk management issues 
that FMIs face, to guide supervisory examinations, and to provide a 
structure for organizing assessment letters:

 Organization
 Risk Management
 Settlement
 Operational Risk and IT
 Market Support, Access, and Transparency

    Analysis of the issues considered under each category should be 
consistent with Regulation HH, the PSR policy, and relevant guidance, 
such as supervision and regulation (SR) letters and guidance of the 
Federal Financial Institutions Examination Council (FFIEC). The 
categories' order is not a reflection of their relative importance. The 
weight prescribed to either a category or a category's components is a 
matter of supervisory judgment and expertise, and may differ among 
FMIs. In addition, supervisory staff's assessment of an FMI should take 
into account the categories' interrelationships and the FMI's entire 
risk management framework, and should integrate knowledge derived from 
all available sources, including examination work, continuous 
monitoring efforts, and other relevant sources (for example, the 
processes set forth in Regulation HH and Board policy regarding advance 
notice of material changes proposed by designated financial market 
utilities (DFMUs) and the Federal Reserve Banks' Fedwire services, 
respectively, and lessons learned from market events). Finally, an 
FMI's category rating should reflect consideration of the demonstrated 
effectiveness of any remediation measures that the FMI has implemented 
to address the root cause of supervisory concerns.

Organization

    The foundations of an FMI's risk management framework are its 
management and governance structures, which include the board of 
directors' and management's authority, responsibilities, and reporting. 
The Organization category evaluates the FMI's overarching objectives, 
and the ability of the FMI's board and management to implement them. 
This category also considers the relationships among the FMI's relevant 
stakeholders and their influence on the FMI's business strategy. 
Further, analysis under this category considers the independence and 
effectiveness of the FMI's internal audit function and its ability to 
inform the board and management about the robustness of the FMI's risk 
management and control processes. As a result, the Organization 
category contains two subcomponents, Board and Management Oversight, 
and Internal Audit. The FMI's assessment under these subcomponents is 
reflected in a single category rating.\1\
---------------------------------------------------------------------------

    \1\ The Board and Management Oversight and the Internal Audit 
subcomponents are not individually rated; they represent matters 
examiners should consider when assigning the Organization category 
rating. Depending on the issues at the FMI, examiners should use 
their judgment in weighting each of these subcomponents in their 
assessment of the Organization category overall.
---------------------------------------------------------------------------

Board and Management Oversight
    The Board and Management Oversight subcomponent addresses the 
organization and conduct of the FMI's board of directors and senior 
management. It assesses the structure and effectiveness of the FMI's 
legal and compliance risk monitoring and management framework. This 
rating evaluates how effectively the board of directors and senior 
management guide and manage the FMI, and ensure that the FMI operates 
in a safe and sound manner; specific considerations in this regard 
include management's responsiveness to supervisory concerns. This 
rating component also evaluates the board's effectiveness at 
establishing the FMI's objectives, strategy, and risk tolerances, and 
management's effectiveness at ensuring that the FMI's activities are 
consistent with them. Specific considerations in this regard include 
the board's effectiveness in setting strategic objectives, developing a 
risk-management framework, creating clear and responsive corporate 
governance structures, and establishing corporate risk tolerances. This 
rating also evaluates the effectiveness of the FMI's governance program 
for risk models and its use of independent validation mechanisms to 
validate the FMI's risk-management model methodologies and output.
    Relevant statutes, regulations and guidance include--

 Regulation HH Sec.  234.3(a)(1)-(3) (excluding (a)(2)(iv)(I))
 Regulations implementing the Bank Secrecy Act (BSA) \2\ and 
sanctions programs administered by the Office of Foreign Assets Control 
(OFAC)
---------------------------------------------------------------------------

    \2\ The BSA is codified at 31 U.S.C. 5311 et seq., 12 U.S.C. 
1829b, and 12 U.S.C. 1951-1959. Federal Reserve supervised 
institutions that are subject to the BSA include state member banks 
(Regulation H, 12 CFR 208), bank holding companies (Regulation Y, 12 
CFR 225), Edge and agreement corporations, and foreign banking 
organizations operating in the United States (Regulation K, 12 CFR 
211). The U.S. Department of the Treasury's Financial Crimes 
Enforcement Network has published regulations implementing the BSA 
at 31 CFR Part X.
---------------------------------------------------------------------------

 PSR policy: Legal Basis (Principles for Financial Market 
Infrastructures (PFMI) 1), Governance (PFMI 2, excluding references to 
internal audit), Framework for Comprehensive Management of Risks (PFMI 
3, excluding references to internal audit)
Internal Audit
    The Internal Audit subcomponent reflects the ability and 
independence of the FMI's internal audit function to assess risk and to 
inform the board and management. An FMI should have an effective 
internal audit function with sufficient resources and independence from 
management to provide a rigorous and unbiased assessment of the FMI's 
risk profile and risk exposure, including financial and operational 
risk, as well as the effectiveness of risk management and controls. The 
Internal Audit subcomponent assesses the internal audit function's day-
to-day management, including its annual risk assessment, audit program, 
quality of work papers, quality assurance, planning and reporting, and 
training.\3\
---------------------------------------------------------------------------

    \3\ The Internal Audit subcomponent does not assess the board's 
effectiveness at establishing and overseeing an internal audit 
function at the FMI; that is assessed in the Board and Management 
Oversight subcomponent.

---------------------------------------------------------------------------

[[Page 58936]]

---------------------------------------------------------------------------
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(2)(iv)(I)
 Audit guidance applicable to the FMI (for example, Institute 
of Internal Auditors, FFIEC, SR Letters, Bank for International 
Settlements, and ISACA)
 PSR policy: Governance (PFMI 2, as it pertains to internal 
audit), Framework for Comprehensive Management of Risks (PFMI 3, as it 
pertains to internal audit), Operational Risk (PFMI 17, as it pertains 
to internal audit)

Risk Management

    The Risk Management category evaluates the effectiveness of the 
FMI's risk management, including the availability to the FMI of 
acceptable financial resources to contain and manage losses and 
liquidity pressures, and the FMI's ability to meet its obligations in 
the event of a participant's default. Further, the rating assesses 
whether the FMI has developed a risk-management framework that includes 
integrated plans for the FMI's recovery and orderly wind-down, and the 
viability of its capital plan. The rating also considers the FMI's 
ability and practices in safeguarding its own assets and those of its 
participants, and the FMI's ability to ensure those assets are readily 
available and convertible into cash with minimum losses. In addition, 
the Risk Management rating assesses the FMI's awareness, mitigation, or 
management of the material risks that its participants' customers and 
other FMIs indirectly introduce.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(4)-(7), (14)-(16), (19)-(20)
 PSR policy: Credit risk (PFMI 4), Collateral (PFMI 5), Margin 
(PFMI 6), Liquidity risk (PFMI 7), Segregation and Portability (PFMI 
14), General Business Risk (PFMI 15), Custody and Investment Risks 
(PFMI 16), Tiered Participation Arrangements (PFMI 19), and FMI Links 
(PFMI 20)

Settlement

    Final settlement is the irrevocable and unconditional transfer of 
an asset or financial instrument, or the discharge of an obligation by 
an FMI or its participants in accordance with the underlying contract's 
terms. Settlement risk, which is the risk that settlement will not take 
place as expected, is a key risk that FMIs and their participants face. 
Failure to settle a transaction on time and in full can create 
liquidity and credit problems for an FMI or its participants, with 
potential systemic implications. This is especially true during a 
participant default event. Well-designed, clearly articulated, and 
effectively disclosed default management rules are imperative to 
maintaining market confidence in the event of a participant default.
    The Settlement category focuses on the risk-management tools that 
an FMI uses to ensure settlement takes place as expected, and the 
default management procedures the FMI follows in the event of a 
participant default. The rating assesses the FMI's ability to provide 
clear and certain final settlement, and its ability to manage the risks 
related to money settlements and the delivery of physical assets. The 
rating also includes central securities depositories' abilities to 
safeguard the rights of securities issuers and holders, and to ensure 
the integrity of the securities issues that they hold in custody. 
Finally, this category includes assessing the adequacy of the FMI's 
participant default rules and procedures, and the steps that the FMI 
takes to ensure that it is prepared to execute them.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(8)-(13)
 PSR Policy: Settlement Finality (PFMI 8), Money Settlements 
(PFMI 9), Physical Deliveries (PFMI 10), Central Securities 
Depositories (PFMI 11), Exchange-of-Value Settlement Systems (PFMI 12), 
and Participant Default Rules and Procedures (PFMI 13)

Operational Risk and IT

    FMIs face significant operational and IT risks in their provision 
of post-trade services. Operational risk entails deficiencies in 
information systems, internal processes, and personnel, or disruptions 
from external events that may result in the reduction, deterioration, 
or breakdown of services provided by an FMI. FMIs are expected to 
ensure that, through the development of appropriate systems, controls, 
and procedures, their operations and IT infrastructure are reliable, 
secure, and have adequately scalable capacity. FMIs' information 
security practices and controls are expected to be strong and 
effective. FMIs should protect and secure the systems, media, and 
facilities that process and maintain information vital to their 
operations in the context of a continually changing threat landscape. 
Further, FMIs are expected to have robust business continuity plans 
that allow for the rapid recovery and timely resumption of critical 
operations. FMIs are expected to test and update these plans regularly.
    The Operational Risk and IT category focuses on the FMI's 
operational reliability and its ability to support the safe and 
continuous functioning of the markets that it serves. This category 
considers the FMI's operational risk management framework and IT 
infrastructure, including the adequacy of the FMI's operational risk 
management governance, internal controls, physical and information 
security, data management, capacity management, and business continuity 
plan.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(17)
 PSR Policy: Operational Risk (PFMI 17, excluding references to 
internal audit)
 Interagency Paper on Sound Practices to Strengthen Resilience 
of the U.S. Financial System
 FFIEC, relevant industry IT & cybersecurity guidance, and 
CPMI-IOSCO guidance supporting the PFMI.

Market Support, Access, and Transparency

    FMIs should be designed and operated to meet the needs of their 
participants and the markets that they serve. Access to FMIs' services 
is often necessary for meaningful participation in the markets that 
they serve, and FMIs' efficiency and effectiveness can influence 
financial activity and market structure. Also, access to, and 
understanding of, relevant information about an FMI fosters confidence 
among participants and the public.
    The Market Support, Access, and Transparency category focuses on 
the FMI's efforts to support the markets it serves, to ensure fair and 
open access to its services (while balancing the FMI's safety and 
efficiency), and to provide participants with the information necessary 
to understand the risks and responsibilities attendant with their 
participation in the FMI. Analysis under this category considers, among 
other things, the FMI's implementation of risk-based, objective 
participation requirements; its member monitoring framework; the 
efficiency with which it consumes resources in providing its services; 
and the adequacy of its disclosure of its rules, its key procedures, 
and its legal, governance, risk management, and operating framework.
    Relevant regulations and guidance include--

 Regulation HH Sec.  234.3(a)(18), (21)-(23)

[[Page 58937]]

 PSR policy: Access and Participation Requirements (PFMI 18), 
Efficiency and Effectiveness (PFMI 21), Communication Procedures and 
Standards (PFMI 22), Disclosure of Rules, Key Procedures, and Market 
Data (PFMI 23), Disclosure of Market Data by Trade Repositories (PFMI 
24)

Category Ratings

    FMIs receive a rating for each ORSOM category based on an 
evaluation of the FMI against that category's key attributes as 
described herein. Regulation HH prescribes risk-management standards 
for DFMUs for which the Board or another federal banking agency is the 
Supervisory Agency under Title VIII of the Dodd-Frank Act. Other FMIs 
subject to Federal Reserve supervision--for example, other DFMUs over 
which the Board has supervisory authority because they are members of 
the Federal Reserve System, and FMIs that are operated by the Federal 
Reserve Banks--are subject to the Federal Reserve Act and the 
expectations set out in the Federal Reserve's PSR policy. An FMI's 
rating should be consistent with the expectations set forth in 
Regulation HH, the PSR policy, and relevant supervisory guidance, such 
as SR letters and FFIEC guidance.\4\ The rating scale ranges from 1 to 
5, with a rating of 1 indicating the strongest performance and, 
therefore, the level of least supervisory concern. A rating of 5 
indicates the most critically deficient level of performance and, 
therefore, the greatest level of supervisory concern. Importantly, an 
FMI's category rating should reflect supervisory judgment and expertise 
as to the materiality of any issues identified based on the resulting 
effect those issues have on the safety and soundness of the FMI, the 
growth of systemic risks, or the stability of the broader financial 
system.\5\
---------------------------------------------------------------------------

    \4\ DFMUs subject to the jurisdiction of the Federal Reserve 
under Title VIII of the Dodd-Frank Act should adhere to, and will be 
assessed against, Regulation HH's provisions and any other 
regulation directly applicable to that DFMU, and any supervisory 
guidance would be applicable only insofar as it is consistent with 
Regulation HH and other directly applicable regulations.
    \5\ See Dodd-Frank Act Section 805, 12 U.S.C. 5464(b).
---------------------------------------------------------------------------

    A common set of definitions for each rating level is applied across 
all of the ORSOM categories. These general definitions focus on broad 
supervisory interests, which are--
     the extent to which any issues identified, either 
individually or cumulatively, are issues of concern for the safety and 
soundness of the FMI or the stability of the broader financial system.
     the immediacy with which the FMI is expected to remedy the 
issues, and the extent to which close supervisory monitoring of the 
FMI's remediation efforts, or supervisory action, is needed.\6\
---------------------------------------------------------------------------

    \6\ FMIs are responsible for remedying supervisory concerns. 
Supervisory action in this context refers to the range of 
supervisory measures that relevant laws authorize the Federal 
Reserve to take. These include issuing a matter requiring attention 
or matter requiring immediate attention; entering into a memorandum 
of understanding with the FMI; or more severe enforcement action 
measures as authorized under Title VIII of the Dodd-Frank Act or 
other relevant laws.
---------------------------------------------------------------------------

    Supervisors may identify multiple issues with differing degrees of 
concern. In such cases, supervisors typically should assign the 
category a rating that reflects their judgment of the severity of the 
most serious concerns identified. For example, if a payment system 
meets the majority of supervisory standards for the Settlement 
category, but only partly observes the risk management standard 
pertaining to settlement finality, then, because of that issue's 
criticality to a payment system, the payment system's rating for the 
Settlement category should reflect its weaknesses with regard to that 
key risk management standard.
1: Strong
     Any issues identified, either individually or 
cumulatively, are not issues of concern with respect to the category's 
supervisory guidance. For example, the FMI observes all of the key risk 
management standards in Regulation HH or the PSR policy, as 
applicable.\7\
---------------------------------------------------------------------------

    \7\ The applicable standards are based on the Federal Reserve's 
source of authority. DFMUs for which the Federal Reserve acts as the 
Supervisory Agency under Title VIII of the Dodd-Frank Act are 
subject to Regulation HH. Other FMIs subject to Federal Reserve 
supervision, for example, by virtue of being members of the Federal 
Reserve System, are subject to the Federal Reserve Act and the 
expectations set out in the Federal Reserve's PSR policy. The 
applicable standards in both Regulation HH and the PSR policy are 
based on the PFMI. The Board has stated that it does not intend for 
differences in language in the two documents to lead to inconsistent 
policy results.
---------------------------------------------------------------------------

     The FMI can correct any issues identified in the normal 
course of business and focused supervisory monitoring of the FMI's 
remediation efforts is not needed.
2: Satisfactory
     Any issues identified, either individually or 
cumulatively, are not presently issues of concern with respect to the 
category's supervisory guidance, but may become so if left uncorrected. 
For example, the FMI either observes or broadly observes the key risk 
management standards in Regulation HH or the PSR policy, as applicable.
     The FMI can correct any issues identified in the normal 
course of business, but limited, focused supervisory monitoring of the 
FMI's remediation efforts may be needed.
3: Fair
     One or more issues identified, either individually or 
cumulatively, are issues of concern with respect to the category's 
supervisory guidance. For example, the FMI, at a minimum, broadly 
observes most of the key risk management standards in Regulation HH or 
the PSR policy, as applicable, but may partly observe some of them.
     The FMI should correct one or more of the issues of 
concern identified within a defined period, focused supervisory 
monitoring of the FMI's remediation efforts is likely needed, and 
supervisory action may be needed.
4: Marginal
     One or more issues identified, either individually or 
cumulatively, are substantial issues of concern with respect to the 
category's supervisory guidance. For example, the FMI only partly 
observes many key risk management standards in Regulation HH or the PSR 
policy, as applicable, and may not observe some of them.
     The FMI should correct one or more of the issues of 
concern identified immediately, focused supervisory monitoring of the 
FMI's remediation efforts is needed, and supervisory action is likely.
5: Unsatisfactory
     One or more issues identified, either individually or 
cumulatively, are critical and immediate issues of concern with respect 
to the category's supervisory guidance. For example, the FMI does not 
observe key risk management standards in Regulation HH or the PSR 
policy, as applicable.
     The FMI must correct one or more of the issues of concern 
identified immediately, and immediate supervisory action and monitoring 
of the FMI's remediation efforts are needed.

Composite Ratings

    An FMI's composite rating indicates whether and to what extent the 
issues identified, in the aggregate, give cause for supervisory 
concern. Like the category ratings, an FMI's composite rating ranges 
from 1 to 5. A rating of 1 indicates the strongest performance and, 
therefore, the level of least supervisory concern, and a rating of 5 
indicates a critically deficient level of performance and, therefore, 
the greatest level of supervisory concern. An FMI's

[[Page 58938]]

composite rating should not represent a formulaic combination of its 
category ratings, such as an arithmetic average. Rather, the ratings 
definitions provide factors that supervisory staff should consider when 
viewing an FMI's performance against the totality of relevant 
regulations and supervisory guidance.
1: Strong
     As reflected in its category ratings, an FMI with a 
composite rating of 1 is substantially sound in every respect and does 
not give cause for supervisory concern.
     Any issues identified do not reflect a pattern of risk 
management or governance failures and, either individually or 
cumulatively, are not issues of concern for the safety and efficiency 
of either the FMI or the markets that it supports.
     The FMI can correct any issues identified in the normal 
course of business and focused supervisory monitoring of the FMI's 
remediation efforts is not needed.
2: Satisfactory
     As reflected in its category ratings, an FMI with a 
composite rating of 2 is sound in most respects and does not presently 
give cause for supervisory concern.
     Any issues identified do not reflect a pattern of risk 
management or governance failures and, either individually or 
cumulatively, are not presently issues of concern for the safety and 
efficiency of either the FMI or the markets that it supports, but may 
become so if left uncorrected.
     The FMI can correct any issues identified in the normal 
course of business, but limited, focused supervisory monitoring of the 
FMI's remediation efforts may be needed.
3: Fair
     As reflected in its category ratings, an FMI with a 
composite rating of 3 is sound in many respects, but gives cause for 
some supervisory concern, and supervisory action may be necessary.
     Any issues identified, either individually or 
cumulatively, are issues of concern for the safety and efficiency of 
either the FMI or the markets that it supports.
     The FMI should correct one or more of the issues of 
concern identified within a defined period and focused monitoring of 
the FMI's remediation efforts is likely needed.
4: Marginal
     As reflected in its category ratings, an FMI with a 
composite rating of 4 is unsound in one or more respects and gives 
cause for substantial supervisory concern, which will likely lead to 
supervisory action.
     Any issues identified, either individually or 
cumulatively, are substantial issues of concern for the safety and 
efficiency of either the FMI or the markets that it supports.
     The FMI should correct one or more of the issues of 
concern identified immediately and focused supervisory monitoring of 
the FMI's remediation efforts is needed.
5: Unsatisfactory
     As reflected in its category ratings, an FMI with a 
composite rating of 5 is considered critically unsound and gives cause 
for substantial and immediate supervisory concern and action.
     Any issues identified, either individually or 
cumulatively, are critical and immediate issues of concern for the 
safety and efficiency of either the FMI or the markets that it 
supports.
     The FMI must correct one or more of the issues of concern 
identified immediately, and immediate supervisory action and monitoring 
of the FMI's remediation efforts are needed.

Administrative Law Matters

Regulatory Flexibility Act Analysis

    Congress enacted the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 
et seq.) to address concerns related to the effects of agency rules on 
small entities, and the Board is sensitive to the impact its rules may 
impose on small entities. The RFA requires agencies either to provide a 
final regulatory flexibility analysis with a final rule or to certify 
that the final rule will not have a significant economic impact on a 
substantial number of small entities.
    The Board received no comments on its initial regulatory 
flexibility analysis regarding the supervisory rating system for FMIs. 
The rating system will apply to FMUs that are designated by the 
Financial Stability Oversight Council under Title VIII of the Dodd-
Frank Act as systemically important, for which the Board is the 
Supervisory Agency, and which are subject to Regulation HH. In 
addition, the supervisory rating system for FMIs will apply to other 
DFMUs over which the Board has supervisory authority because they are 
members of the Federal Reserve System, and FMIs that are operated by 
the Federal Reserve Banks, pursuant to the PSR policy. Based on current 
information, none of the FMIs are ``small entities'' for purposes of 
the RFA, and so, the rating system likely will not have a significant 
economic impact on a substantial number of small entities (5 U.S.C. 
605(b)). The following final regulatory flexibility analysis, however, 
has been prepared in accordance with 5 U.S.C. 604, based on current 
information.
    1. Statement of the need for, and objectives of, the rule. The 
Board is implementing the ORSOM rating system in order to carry out its 
supervisory responsibilities regarding FMIs under Title VIII of the 
Dodd-Frank Act and other applicable law, as discussed above. As noted 
above, the ORSOM rating system is a supervisory tool that the Federal 
Reserve will use to provide a consistent internal framework for 
performing FMI assessments across the Federal Reserve's FMI portfolio, 
including DFMUs for which the Board is the Supervisory Agency pursuant 
to Title VIII, other FMIs that are members of the Federal Reserve 
System, and FMIs that are operated by the Federal Reserve Banks. The 
Federal Reserve will convey the annual ORSOM rating to a DFMU's 
management and board of directors. The rating system is designed to 
link supervisory assessments and messages to the regulations and 
guidance that form the foundation of the supervisory program, such as 
Regulation HH and the PSR policy.
    2. Significant issues raised by comments in response to the initial 
regulatory flexibility analysis. The Board received no public comments 
in response to the initial regulatory flexibility act analysis, nor did 
it receive comments from the Chief Counsel for Advocacy of the Small 
Business Administration.
    3. Small entities affected by the rule. Pursuant to regulations 
issued by the Small Business Administration (SBA) (13 CFR 121.201), a 
small entity includes an establishment engaged in (i) financial 
transaction processing, reserve and liquidity services, and/or 
clearinghouse services with an average annual revenue of $38.5 million 
or less (NAICS code 522320); (ii) securities and/or commodity exchange 
activities with an average annual revenue of $38.5 million or less 
(NAICS code 523210); and (iii) trust, fiduciary, and/or custody 
activities with an average annual revenue of $38.5 million or less 
(NAICS code 523991). Based on current information, the Board does not 
believe that any of the FMIs that would be subject to the ORSOM rating 
system would be small entities pursuant to the SBA regulation.
    4. Projected reporting, recordkeeping, and other compliance 
requirements. The ORSOM rating system does not impose any reporting or 
recordkeeping requirements on the relevant FMIs.

[[Page 58939]]

Although the rating system reflects risk management standards set out 
in Regulation HH, the PSR policy, and other applicable rules and 
guidance, the ORSOM rating system itself does not impose any compliance 
requirements.
    5. Steps to minimize significant economic impact on small entities 
consistent with the stated objectives of applicable statutes/discussion 
of significant alternatives. The rating system will not have an 
economic impact on small entities. The Board is not aware of any 
significant alternatives to the rating system that accomplish the 
objectives of reflecting the relevant risk management standards in the 
supervisory rating system.

Competitive Impact Analysis

    As a matter of policy, the Board subjects all operational and legal 
changes that could have a substantial effect on payment system 
participants to a competitive impact analysis, even if competitive 
effects are not apparent on the face of the proposal. Pursuant to this 
policy, the Board assesses whether the changes ``would have a direct 
and material adverse effect on the ability of other service providers 
to compete effectively with the Federal Reserve in providing similar 
services'' and whether any such adverse effect ``was due to legal 
differences or due to a dominant market position deriving from such 
legal differences.'' If, as a result of this analysis, the Board 
identifies an adverse effect on the ability to compete, the Board then 
assesses whether the associated benefits--such as improvements to 
payment system efficiency or integrity--can be achieved while 
minimizing the adverse effect on competition.
    DFMUs are subject to the supervisory framework established under 
Title VIII of the Dodd-Frank Act. At least one DFMU that is subject to 
Regulation HH competes with a similar service provided by the Reserve 
Banks. Under the Federal Reserve Act, the Board has general supervisory 
authority over the Reserve Banks, including the Reserve Banks' 
provision of payment and settlement services (Federal Reserve priced 
services). This general supervisory authority is much more extensive in 
scope than the authority provided under Title VIII over DFMUs. In 
practice, Board oversight of the Reserve Banks goes well beyond the 
typical supervisory framework for private-sector entities, including 
the framework provided by Title VIII.
    The Board is committed to applying risk-management standards to the 
Reserve Banks' Fedwire Funds Service and Fedwire Securities Service 
that are at least as stringent as the applicable Regulation HH 
standards applied to DFMUs that provide similar services. The risk 
management and transparency expectations in part I of the PSR policy, 
which applies to the Federal Reserve priced services, are consistent 
with those in Regulation HH. The ORSOM rating system will be applied 
equally to both DFMUs subject to Regulation HH and to the other FMIs 
subject to the Board's authority, including the Federal Reserve priced 
services, subject to the PSR policy. Therefore, the Board does not 
believe the rating system will have any direct and material adverse 
effect on the ability of other service providers to compete with the 
Reserve Banks.

Paperwork Reduction Act Analysis

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR part 1320, Appendix A.1), the Board may not conduct or 
sponsor, and a respondent is not required to respond to, an information 
collection unless it displays a valid Office of Management and Budget 
(OMB) control number. The Board has reviewed this rating system and 
determined that it contains no collections of information.

    By order of the Board of Governors of the Federal Reserve 
System, August 23, 2016.
Robert deV. Frierson,
Secretary of the Board.
[FR Doc. 2016-20517 Filed 8-25-16; 8:45 am]
 BILLING CODE 6210-01-P