Proposed Amendments To Swap Data Access Provisions and Certain Other Matters, 8369-8391 [2017-01287]
Download as PDFAgencies
[Federal Register Volume 82, Number 15 (Wednesday, January 25, 2017)] [Proposed Rules] [Pages 8369-8391] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2017-01287] ======================================================================= ----------------------------------------------------------------------- COMMODITY FUTURES TRADING COMMISSION 17 CFR Part 49 RIN 3038-AE44 Proposed Amendments To Swap Data Access Provisions and Certain Other Matters AGENCY: Commodity Futures Trading Commission. ACTION: Notice of proposed rulemaking. ----------------------------------------------------------------------- SUMMARY: Pursuant to Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (``Dodd-Frank Act''), as amended by the Fixing America's Surface Transportation Act of 2015 (``FAST Act''), the Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is proposing amendments the Commission's regulations relating to access to swap data held by Swap Data Repositories. The proposed amendments would implement pertinent provisions of the FAST Act and make associated changes to the Commission's regulations governing the grant of access to swap data to certain foreign and domestic authorities by Swap Data Repositories and to certain other regulations unrelated to such access. DATES: Comments must be received on or before March 27, 2017. ADDRESSES: You may submit comments, identified by RIN 3038-AE44, by any of the following methods:CFTC Web site: https://comments.cftc.gov. Follow the instructions for submitting comments through the Comments Online process on the Web site. Mail: Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581. Hand Delivery/Courier: Same as Mail, above. Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. Please submit your comments using only one method. All comments must be submitted in English, or if not, accompanied by an English translation. Comments will be posted as received to www.cftc.gov. You should submit only information that you wish to make available publicly. If you wish the Commission to consider information that you believe is exempt from disclosure under the Freedom of Information Act (``FOIA''), a petition for confidential treatment of the exempt information may be submitted according to the procedures established in Sec. 145.9 of the Commission's regulations.\1\ --------------------------------------------------------------------------- \1\ 17 CFR 145.9. All Commission regulations cited herein are set forth in chapter I of Title 17 of the Code of Federal Regulations. --------------------------------------------------------------------------- The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse or remove any or all of your submission from www.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of the rulemaking will be retained in the public comment file and will be considered as required under the Administrative Procedure Act and other applicable laws, and may be accessible under the FOIA. FOR FURTHER INFORMATION CONTACT: Daniel Bucsa, Deputy Director, Division of Market Oversight--Data and Reporting Branch, (202) 418- 5435, dbucsa@cftc.gov; Jeffrey P. Burns, Assistant General Counsel, Office of the General Counsel, (202) 418-5101, jburns@cftc.gov; David E. Aron, Special Counsel, Division of Market Oversight--Data and Reporting Branch, (202) 418-6621, daron@cftc.gov; or Owen J. Kopon, Special Counsel, Division of Market Oversight--Data and Reporting Branch, (202) 418-5360, okopon@cftc.gov, Commodity Futures Trading Commission, Three Lafayette Centre, 1151 21st Street NW., Washington, DC 20581. SUPPLEMENTARY INFORMATION: Table of Contents I. Background and Introduction A. Statutory Background: The Dodd-Frank Act B. Regulatory History: The Part 49 Rules and the Commission's 2012 Interpretative Statement 1. Access to SDR Swap Data 2. The Regulatory Indemnification Requirement C. FAST Act Amendments to CEA Section 21 D. CEA Section 8 Informs the Confidentiality Provisions of CEA Section 21 E. Summary of Proposed Revisions to Part 49 F. Rescission of 2012 Interpretative Statement II. Discussion A. Definitions: Proposed Amendments to Sec. 49.2 B. Domestic and Foreign Regulators With Regulatory Responsibility Over SDRs: Proposed Amendments to Sec. 49.17(d)(2) and (3) 1. The Current Rule 2. Proposed Amendments 3. Request for Comment C. Appropriateness Determination for Foreign Regulators and Non- Enumerated Domestic Regulators: Proposed Sec. 49.17(h) and Proposed Amendments to Sec. 49.17(b) 1. The Current Rule 2. The Proposed Amendments 3. The Factors Required for a Determination Order a. Scope of Jurisdiction b. Robust Confidentiality Safeguards c. Additional Considerations d. Other Matters Regarding the Determination Order Process e. Request for Comment 4. Proposed Amendments to Sec. 49.17(d)(4)--SDR Notice and Verification Obligations 5. Proposed New Sec. 49.17(i)--Delegation of Authority 6. Request for Comment D. CEA Section 21(d) Confidentiality Agreements: Proposed Amendments to Sec. 49.18 1. Current Sec. 49.18 2. Proposed Amendments to Sec. 49.18(a)--Confidentiality Arrangement Required Prior to Disclosure of Swap Data 3. Proposed Amendments to Sec. 49.18(b)--Required Elements of the Confidentiality Arrangement 4. Removal of Sec. 49.18(c)--ADRs and AFRs With Regulatory Responsibility Over an SDR 5. Failure To Fulfill the Terms of a Confidentiality Arrangement: Proposed Sec. 49.18(c) and (d) 6. Proposed Sec. 49.18(e)--Delegation of Authority 7. Conforming Changes 8. Request for Comment E. Other Changes III. Request for Comment IV. Related Matters A. Regulatory Flexibility Act B. Paperwork Reduction Act 1. Summary of the Proposed Requirements 2. Collection of Information 3. Request for Comments on Collection C. Cost-Benefit Considerations D. Antitrust Considerations I. Background and Introduction A. Statutory Background: The Dodd-Frank Act Title VII of the Dodd-Frank Act \2\ amended the Commodity Exchange Act (``CEA'' or the ``Act'') \3\ to establish a [[Page 8370]] comprehensive new regulatory framework for swaps including, in new CEA section 21, the registration and regulation of Swap Data Repositories (``SDRs'').\4\ CEA section 21 imposes on SDRs, among other duties and responsibilities, the duty to maintain the privacy of all swap transaction information received from a swap dealer, counterparty, or any other registered entity.\5\ CEA section 21(c)(7) directs SDRs to make swap data available ``on a confidential basis pursuant to section 8 [of the CEA]'' \6\ to certain enumerated domestic authorities and any other person the Commission determines to be appropriate, which may include certain types of foreign authorities.\7\ Entities that are eligible to receive access to swap data from an SDR pursuant to CEA section 21(c)(7) are referred to herein, collectively, as the ``21(c)(7) entities''). --------------------------------------------------------------------------- \2\ See Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376 (2010), available at https://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of the Dodd-Frank Act, which amended the Commodity Exchange Act (``CEA'' or the ``Act''), may be cited as the Wall Street Transparency and Accountability Act of 2010. \3\ 7 U.S.C. 1 et seq. \4\ See Dodd-Frank Act section 728 (adding new CEA section 21, 7 U.S.C. 24(a), to establish a registration requirement and regulatory regime for SDRs). \5\ 7 U.S.C. 24a(c)(6). \6\ As is discussed more fully below, CEA section 8 describes circumstances under which public disclosure of information in the Commission's possession is permitted and prohibited. As is particularly relevant here, CEA section 8(e) permits the Commission to disclose information in its possession and obtained in connection with the administration of the CEA, upon request, to Federal departments and agencies acting within the scope of their jurisdiction but prohibits such recipients from disclosing such information except in an action or proceeding under the laws of the United States to which the recipient, the Commission or the United States is a party. CEA section 8(e) further permits the Commission to disclose information in its possession obtained in connection with administration of the CEA, upon request, to any foreign futures authority, department, central bank and ministries, or agency of a foreign government or political subdivision thereof, acting within the scope of its jurisdiction, subject to the condition that the Commission is satisfied that the information will not be disclosed by such recipient other than in connection with an adjudicatory action or proceeding to which the foreign futures authority, department, central bank and ministries, or the foreign government or political subdivision or agency thereof is a party, and which is brought under the laws of the foreign government or its political subdivision, See 7 U.S.C. 12(e). \7\ See 7 U.S.C. 24a(c)(7). See also Commission, Final Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77 FR 2136, Jan. 13, 2012 (``Data Final Rules''). The Data Final Rules set forth, among others, regulations governing SDR data collection and reporting responsibilities under part 45 of the Commission's regulations. --------------------------------------------------------------------------- As originally enacted, CEA sections 21(d)(1) and (2) of the Act mandated that, prior to receipt of any requested data or information from an SDR, a 21(c)(7) entity agree in writing to abide by the confidentiality requirements described in CEA section 8 and, separately, to indemnify the SDR and the Commission for ``any expenses arising from litigation relating to the information provided under section 8.'' \8\ Congress's repeal of the CEA section 21(d)(2) indemnification requirement in the FAST Act in December 2015 gave rise to the amendments proposed in this release. --------------------------------------------------------------------------- \8\ 7 U.S.C. 24a(d). As noted above, the indemnification requirement was stricken from CEA section 21(d) by the FAST Act. See Public Law 114-94, section 86001(b)(2). --------------------------------------------------------------------------- B. Regulatory History: The Part 49 Rules and the Commission's 2012 Interpretative Statement 1. Access to SDR Swap Data In 2011, the Commission adopted rules implementing CEA section 21's requirements for SDRs.\9\ The Commission implemented the SDR swap data access provisions of CEA sections 21(c)(7) and (d) by establishing processes by which various categories of entities could gain access to SDR swap data. The domestic entities enumerated in CEA section 21(c)(7)(A)-(D),\10\ and certain others deemed by the Commission to be appropriate recipients of such swap data pursuant to CEA section 21(c)(7)(E),\11\ were defined in Sec. 49.17(b)(1) of the Commission's regulations as ``Appropriate Domestic Regulators'' (``ADRs'').\12\ --------------------------------------------------------------------------- \9\ Swap Data Repositories: Registration Standards, Duties and Core Principles; 76 FR 54538 (Sept. 1, 2011) (``SDR Final Rules''); see also Swap Data Repositories: Registration Standards, Duties and Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final Rules) (``SDR NPRM''). \10\ The domestic regulators enumerated in CEA section 21(c)(7)(A)-(D) are: (A) Each appropriate prudential regulator; (B) the Financial Stability Oversight Council (``FSOC''); (C) the Securities and Exchange Commission (``SEC''); and (D) the Department of Justice. The term ``prudential regulator'' is defined in CEA section 1a(39). \11\ In addition to enumerating certain domestic entities to which an SDR must grant swap data access, CEA section 21(c)(7)(E) identifies as an eligible recipient of such access ``any other person that the Commission determines to be appropriate, including-- foreign financial supervisors (including foreign futures authorities); foreign central banks; foreign ministries; and other foreign authorities[.]'' 7 U.S.C. 24a(c)(7)(E). Pursuant to this authority, in rules 49.17(b)(1)(v) and (vi), the Commission identified any Federal Reserve Bank and the Office of Financial Research (``OFR''), respectively, as ``Appropriate Domestic Regulators.'' The Commission also defined as an ``Appropriate Domestic Regulator'' each prudential regulator identified in CEA section 1(a)(39), with respect to requests related to any such regulator's statutory authority. See Sec. 49.17(b)(1)(ii). The Commission further reserved the discretion, in Sec. 49.17(b)(1)(vii), to recognize ``[a]ny other person the Commission deems appropriate'' to be an ``Appropriate Domestic Regulator.'' \12\ Pursuant to Sec. 49.17(d)(2), ADRs with regulatory jurisdiction over an SDR are not required to apply for access to SDR data or to execute a confidentiality and indemnification agreement if the regulator executes an information sharing arrangement with the Commission and the Commission designates the regulator to receive direct electronic access to SDR data pursuant to CEA section 21(c)(4). See also Sec. 49.18(c). --------------------------------------------------------------------------- The term ``Appropriate Foreign Regulator'' (``AFR'') \13\ was defined in Sec. 49.17(b)(2) as a ``Foreign Regulator'' \14\ with an existing memorandum of understanding (``MOU'') or similar type of arrangement with the Commission; no AFRs were specifically identified in the rule. The term ``Appropriate Foreign Regulator'' was also defined to include a Foreign Regulator without an existing MOU with the Commission, as determined by the Commission on a case-by-case basis. Such a Foreign Regulator was required to file with the Commission an application providing sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator employs appropriate confidentiality procedures, and to satisfy the Commission that any SDR data accessed by the Foreign Regulator would be disclosed ``only as permitted by [s]ection 8(e)'' of the CEA.\15\ --------------------------------------------------------------------------- \13\ The Commission established the category of AFRs pursuant to CEA section 21(c)(7)(E), which, among other things, includes a list of the types of foreign entities that the Commission may determine to be appropriate recipients of such swap data access. \14\ The term ``Foreign Regulator'' is defined in Sec. 49.2(a)(5) to mean a foreign futures authority as defined in CEA section 1(a)(26), foreign financial supervisors, foreign central banks and foreign ministries. \15\ 17 CFR 49.17(b)(2)(i)(B). --------------------------------------------------------------------------- An ADR or AFR seeking access to SDR data is required by current Sec. 49.17(d)(1) to file an access request with the SDR certifying that it is acting within the scope of its jurisdiction and is required by current Sec. 49.17(d)(6) to execute a ``Confidentiality and Indemnification Agreement'' with the SDR.\16\ --------------------------------------------------------------------------- \16\ Current Sec. 49.18(b) requires an SDR to receive such a Confidentiality and Indemnification Agreement from an ADR or AFR prior to releasing swap data to the ADR or AFR. --------------------------------------------------------------------------- 2. The Regulatory Indemnification Requirement In the preamble to the SDR Final Rules, the Commission acknowledged commenters' concerns that compliance with the statutory and regulatory indemnification requirements would be difficult for certain domestic and foreign regulators due to various home country laws and other regulations prohibiting such arrangements,\17\ and expressed its intent to continue to work to provide regulators sufficient access to SDR data. In this regard, the Commission outlined the circumstances under which it believed the indemnification provision of CEA section 21(d) and Sec. 49.18 would [[Page 8371]] not apply. The Commission explained that, under the part 49 rules, certain Appropriate Domestic Regulators may in some circumstances obtain access to swap data reported and maintained by SDRs without regard to the notice and indemnification requirements of CEA sections 21(c)(7) and (d).\18\ With respect to foreign regulatory authorities, the Commission determined in the SDR Final Rules that swap data reported to and maintained by an SDR may be accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR has supervisory authority over a Commission-registered SDR that is also registered with the AFR pursuant to foreign law and/or regulation. --------------------------------------------------------------------------- \17\ See SDR Final Rules at 54554. The Commission notes that, prior to passage of the FAST Act on December 4, 2015, no 21(c)(7) entity had entered into a confidentiality or indemnification agreement pursuant to CEA section 21(d) or the part 49 rules. \18\ It was, in the Commission's view, appropriate to permit access to the swap data maintained by SDRs to Appropriate Domestic Regulators that have concurrent regulatory jurisdiction over such SDRs, without the application of the notice and indemnification provisions of CEA sections 21(c)(7) and (d). See SDR Final Rules at 54554, n163. Accordingly, pursuant to the Commission's Part 49 rules, these provisions did not apply to an Appropriate Domestic Regulator that has regulatory jurisdiction over an SDR registered with it pursuant to a separate statutory authority that is also registered with the Commission, if the Appropriate Domestic Regulator executes an MOU or similar information sharing arrangement with the Commission and the Commission, consistent with CEA section 21(c)(4)(A), designates the Appropriate Domestic Regulator to receive direct electronic access. See 17 CFR 49.17(d)(2). --------------------------------------------------------------------------- Concerns about the scope of the indemnification provision persisted, and in October 2012 the Commission issued an Interpretative Statement, which was designed to provide guidance and greater clarity to interested members of the public and foreign regulators with respect to the scope and application of CEA section 21(d) and the part 49 rules.\19\ The Interpretative Statement clarified that a foreign regulatory authority's access to swap data held in a CFTC-registered SDR would not be subject to the confidentiality and indemnification provisions of CEA section 21(d) or the part 49 regulations if (i) the registered SDR is also registered in, or recognized or otherwise authorized by, the foreign authority's regulatory regime; and (ii) the data sought to be accessed by the foreign authority has been reported to the registered SDR pursuant to such foreign regulatory regime.\20\ --------------------------------------------------------------------------- \19\ See Swap Data Repositories: Interpretative Statement Regarding the Confidentiality and Indemnification Provisions of the Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012) (``Interpretative Statement''). \20\ Interpretative Statement at 65181. --------------------------------------------------------------------------- C. FAST Act Amendments to CEA Section 21 Congress responded to the regulators' access concerns by including in the FAST Act a repeal of CEA section 21(d)(2)'s indemnification requirement.\21\ The confidentiality requirement in CEA section 21(d)(1) was retained in CEA section 21(d), as amended.\22\ --------------------------------------------------------------------------- \21\ Title LXXXVI (``Repeal of Indemnification Requirements'') of the FAST Act amends the CEA by: repeal[ing] the indemnification requirements added by the Dodd- Frank Wall Street Reform and Consumer Protection Act for regulatory authorities to obtain access to swap data. Foreign regulators and regulatory entities have indicated concerns regarding the indemnification requirements of Dodd-Frank. The title removes such requirements so data can be shared with foreign authorities. The title would still require the regulatory agencies requesting the information to agree to certain confidentiality requirements prior to receiving the data. FAST Act: Conference Report to Accompany H.R. 22, Dec. 1, 2015 at 486-87. The repeal applied as well to the analogous provision in the Securities Exchange Act of 1934, 15 U.S.C. 78m(n)(5). \22\ The legislation struck subsection (d) of CEA section 21 and inserted in its place a provision entitled, ``Confidentiality Agreement,'' that states that before a swap data repository may share information with any entity described in subsection (c)(7), the swap data repository shall receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in section 8 of the CEA relating to the information on swap transactions that is provided. See FAST Act, Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015). --------------------------------------------------------------------------- The FAST Act also modified CEA section 21(c)(7)(A) by specifying that ``swap'' data--as opposed to ``all'' data--must be provided to 21(c)(7) entities, and added to CEA section 21(c)(7)(E)'s non-exclusive list of persons that the Commission may determine to be appropriate recipients of SDR swap data the new category ``other foreign authorities.'' D. CEA Section 8 Informs the Confidentiality Provisions of CEA Section 21 CEA section 8 governs the Commission's treatment of nonpublic information in its possession in a number of circumstances, and its disclosure restrictions and confidentiality standards expressly inform the access provisions of CEA sections 21(c)(7) and 21(d). As relevant here, CEA section 8(e) permits the Commission to furnish to the specified types of domestic or foreign entities--upon their request and acting within the scope of their jurisdiction--any information in its possession obtained in connection with the administration of the Act.\23\ CEA section 8(e) specifies, with respect to U.S. entities, that any information furnished thereunder shall not be disclosed except in an action or proceeding under the laws of the United States to which the entity, the Commission or the United States is a party. CEA section 8(e) further specifies, with respect to the specified types of foreign entities, that the Commission shall not furnish information thereunder unless the Commission is satisfied that the information will not be disclosed by the entity except in connection with an adjudicatory action or proceeding to which the entity is a party brought under the laws to which such entity is subject. --------------------------------------------------------------------------- \23\ 7 U.S.C. 12(e). --------------------------------------------------------------------------- The principles underlying CEA section 8(e) are also fundamental to CEA sections 21(c)(7) and (d) and to the access standards and confidentiality provisions proposed in this release. In proposing clearer and more robust access and confidentiality standards in Sec. Sec. 49.17 and 49.18, the Commission is mindful of these foundational principles: Where information is sought to be accessed, the information must relate to the scope of the requesting entity's jurisdiction or authority; and information provided by the SDR shall not be further disclosed except in limited, defined circumstances. E. Summary of Proposed Revisions to Part 49 Pursuant to its authority under the Act,\24\ the Commission is proposing amendments to Sec. Sec. 49.2, 49.9, 49.17, 49.18, and 49.22 to (i) implement the statutory changes mandated by the FAST Act Amendments; (ii) make certain conforming and clarifying changes related to such implementation; (iii) revise the process by which appropriateness is determined for purposes of access to SDR swap data and clarify the standards in connection with the Commission's appropriateness determinations; and (iv) establish the form and substance of the written agreement mandated by CEA section 21(d), as amended. In formulating the following proposed amendments, the Commission has endeavored to balance the goal of effective and consistent global regulation of swaps \25\ with the mandate of CEA sections 21(c)(7) and (d) that swap data be made available to a limited universe of regulators on a [[Page 8372]] confidential basis pursuant to CEA section 8. The proposed rules and rule amendments would, if adopted: --------------------------------------------------------------------------- \24\ See, e.g., CEA section 21(f)(4) (Additional duties developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules and regulations as, in the judgment of the Commission, are reasonably necessary to effectuate any of the provisions or to accomplish any of the purposes of the Act. \25\ Section 752 of the Dodd-Frank Act directs the CFTC, the SEC and the prudential regulators, as appropriate, to consult and coordinate with foreign regulatory authorities in this regard and provides that these entities may agree to such information-sharing arrangements as may be deemed necessary or appropriate in the public interest or for the protection of investors, swap counterparties, and security-based swap counterparties. --------------------------------------------------------------------------- Add ``other foreign authorities'' to the foreign regulators identified in Sec. 49.2(a)(5), consistent with the FAST Act's amendment to CEA section 21(c)(7)(E) to include this category among the entities that the Commission may deem appropriate to access SDR swap data; Amend Sec. 49.9 to make clarifying changes; Amend Sec. 49.17 to, among other things: (i) Delete all references to the indemnification requirement and/or indemnification agreement; (ii) establish a process and clarify the standards for determining whether certain entities not enumerated in Sec. 49.17(b)(1)(i)-(vi) are appropriate to directly access swap data from an SDR; (iii) revise the SDR notification requirement so that SDRs notify the Commission only for each initial request for swap data by ADRs and AFRs and any subsequent request at variance with the ADR's or AFR's scope of jurisdiction; (iv) specify that the information available to ADRs and AFRs is ``swap data''--as distinguished from ``data,'' to reflect the corresponding FAST Act amendment to CEA section 21; and (v) add a delegation of authority provision so that Commission staff is able to efficiently administer certain functions related to SDR swap data access; Amend Sec. 49.18 to, among other things: (i) Delete all references to the indemnification requirement and/or indemnification agreement; (ii) require that SDRs receive, prior to providing SDR swap data access to an ADR or AFR, a written confidentiality arrangement between the Commission and such ADR or AFR; (iii) specify the required elements of such written confidentiality arrangement; (iv) require SDRs to notify the Commission of any known failures to fulfill the terms of a confidentiality arrangement required by Sec. 49.18(a); (v) inform ADRs, AFRs and SDRs that the Commission may direct an SDR to limit, suspend or revoke an ADR's or AFR's access to swap data held by an SDR if such ADR or AFR has failed to fulfill the terms of a confidentiality arrangement required by Sec. 49.18(a); and (vi) add a delegation of authority provision so that Commission staff is able to efficiently administer certain functions related to SDR swap data access; and Amend Sec. 49.22(d)(4) to omit a reference to indemnification in order to conform to the corresponding FAST Act amendment to the CEA. F. Rescission of 2012 Interpretative Statement The Commission has determined to rescind its 2012 Interpretative Statement. References to the indemnification requirement in the Interpretative Statement are no longer relevant as the indemnification requirement in CEA section 21(d) has been repealed by the FAST Act. Additionally, the modifications to Sec. 49.17(d)(3) that are proposed here are consistent with the clarifications provided in the Interpretative Statement. II. Discussion A. Definitions: Proposed Amendments to Sec. 49.2 As originally adopted, Sec. 49.2(a)(5) defined the term ``foreign regulator'' to include a foreign futures authority as defined in CEA section 1a(26), foreign financial supervisors, foreign central banks and foreign ministries.\26\ The FAST Act amendments to the CEA added to subsection 21(c)(7)(E) a new category of entity--``other foreign authorities''--that the Commission may deem appropriate to obtain access to SDR swap data. The Commission proposes a corresponding amendment to the definition of ``foreign regulator'' in Sec. 49.2(a)(5) to conform this definition to amended subsection 21(c)(7)(E). --------------------------------------------------------------------------- \26\ 17 CFR 49.2(a)(5). CEA Section 1a(26) defines ``foreign futures authority'' as any foreign government, or any department, agency, governmental body, or regulatory organization empowered by a foreign government to administer or enforce a law, rule, or regulation as it relates to a futures or options matter, or any department or agency of a political subdivision of a foreign government empowered to administer or enforce a law, rule, or regulation as it relates to a futures or options matter. Section 723(a)(2) of the Dodd-Frank Act added section 2(d) to the CEA to provide that enumerated provisions, including CEA section 1a, apply to swaps. --------------------------------------------------------------------------- B. Domestic and Foreign Regulators With Regulatory Responsibility ) Over SDRs: Proposed Amendments to Sec. 49.17(d)(2) and (3) 1. The Current Rule Commission regulation 49.17(d)(2) of the Commission's regulations currently provides that an ADR with regulatory jurisdiction over an SDR registered with it pursuant to a separate statutory authority that is also registered with the Commission is not subject to the requirements of Sec. 49.17(d) (application and notice provisions) and Sec. 49.18(b) (confidentiality and indemnification agreement) as long as the following conditions are met: (i) The ADR executes an MOU or similar information sharing arrangement with the Commission; and (ii) the Commission, consistent with CEA section 21(c)(4)(A), designates the ADR to receive direct electronic access. As described in the SDR Final Rules, the Commission provided that these ADRs may be provided access to the swap data reported and maintained by SDRs without being subject to the notice and indemnification provisions of CEA sections 21(c)(7) and (d).\27\ --------------------------------------------------------------------------- \27\ See SDR Final Rules at 54554. --------------------------------------------------------------------------- Commission regulation 49.17(d)(3) of the Commission's regulations currently provides that an AFR with supervisory authority over an SDR registered with it pursuant to foreign law and/or regulation that is also registered with the Commission is not subject to the requirements of Sec. 49.17(d) (application and notice provisions) and Sec. 49.18(b) (confidentiality and indemnification agreement). As described in the SDR Final Rules and Interpretative Statement, the Commission believes that confidential swap data reported to, and maintained, by an SDR may be appropriately accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR is acting in a regulatory capacity with respect to an SDR that is also registered with the AFR and with respect to data reported to such SDR pursuant to such AFR's regulatory regime.\28\ --------------------------------------------------------------------------- \28\ Id. See also Interpretative Statement at 65181; section 752 of the Dodd-Frank Act. --------------------------------------------------------------------------- 2. Proposed Amendments With respect to domestic regulators with regulatory jurisdiction over an SDR, the Commission proposes to remove: (1) The reference to ``Appropriate Domestic Regulator'' in Sec. 49.17(d)(2) and replace it with the term ``domestic regulator'' to clarify that all domestic regulators and not just ADRs would fall under Sec. 49.17(d)(2); (2) subparagraph (i) to Sec. 49.17(d)(2) (the information sharing arrangement condition) and (3) subparagraph (ii) to Sec. 49.17(d)(2) (the direct electronic access condition). Although the Commission in the original part 49 rules adopted the information sharing and direct electronic access conditions so that ADRs would not be subject to the then-existing confidentiality and indemnification requirements, the Commission through experience with SDR swap data access believes an additional refinement of these rules is necessary in order to promote greater efficiency and cooperation among domestic regulators. Accordingly, the Commission submits that a domestic regulator that has regulatory jurisdiction [[Page 8373]] over an SDR registered with it pursuant to a separate statutory authority should be able to access SDR data reported to such SDR pursuant to such separate statutory authority irrespective of whether such domestic regulator has executed an MOU or similar information sharing arrangement with the Commission or been designated to receive direct electronic access by the Commission.\29\ --------------------------------------------------------------------------- \29\ The Commission's proposal is consistent with the principle previously set forth in its Interpretative Statement relating to the confidentiality and indemnification provisions of the CEA. In particular, the Commission stated ``that a foreign regulator's access to data from a registered SDR that is also registered, recognized, or otherwise authorized in a foreign jurisdiction's regulatory regime, where the data to be accessed has been reported pursuant to that [other] regulatory regime, [such access] will be dictated by that jurisdiction's regulatory regime and not by the CEA or Commission regulations.'' See Interpretative Statement at 65181. --------------------------------------------------------------------------- In connection with foreign regulatory authorities that have supervisory authority over an SDR, the Commission proposes to (i) remove the reference to ``Appropriate Foreign Regulator'' in Sec. 49.17(d)(3) and replace it with the term ``Foreign Regulator'' as defined in Sec. 49.2 to clarify that all Foreign Regulators, not only those that have been determined ``appropriate'' by the Commission would fall under Sec. 49.17(d)(3); and (ii) add qualifying language to Sec. 49.17(d)(3) so that Sec. 49.17(d)(3) applies not only to SDRs that are ``registered'' with the Foreign Regulator but also to those SDRs that are ``registered, recognized, or otherwise authorized'' by a foreign jurisdiction's regulatory regime, and where such swap data has been reported to the SDR pursuant to the Foreign Regulator's regulatory regime.\30\ --------------------------------------------------------------------------- \30\ Id. --------------------------------------------------------------------------- As it was when adopting the SDR Final Rules, the Commission is mindful of the need to protect the confidentiality of swap data when such data is provided to another regulator. Under the proposal, the Commission believes that the proposed changes to Sec. 49.17(d)(3) strike the appropriate balance in providing access to swap data consistent with the confidentiality protections set forth in the CEA.\31\ --------------------------------------------------------------------------- \31\ See CEA section 21(c)(7); see also section 752 of the Dodd- Frank Act. --------------------------------------------------------------------------- 3. Request for Comment The Commission requests comment on all aspects of amendments to Sec. 49.17(d)(2) and (3). C. Appropriateness Determination for Foreign Regulators and Non- enumerated Domestic Regulators: Proposed Sec. 49.17(h) and Proposed Amendments to Sec. 49.17(b) 1. The Current Rule CEA section 21(c)(7) specifies U.S. entities to which swap data must be released by an SDR, provided certain prerequisites are satisfied. Because Congress has determined that access to SDR swap data by these entities is appropriate when the prerequisites are satisfied, no further access consideration by the Commission is necessary. These U.S. entities, along with others determined to be appropriate by the Commission pursuant to CEA section 21(c)(7)(E), are identified in Sec. 49.17(b)(1) as ``Appropriate Domestic Regulators.'' The term ``Appropriate Domestic Regulator'' is also defined to include ``any other person the Commission deems appropriate.'' The current part 49 rules do not include a process for determining that a U.S. entity not specifically enumerated in Sec. 49.17(b)(1) is an ``Appropriate Domestic Regulator.'' Under current Sec. 49.17(b)(2)(i), in order for a Foreign Regulator \32\ that does not have a current MOU with the Commission to be determined to be an ``Appropriate Foreign Regulator,'' \33\ it must file with the Commission an application in the form and manner specified by the Commission.\34\ The application must provide sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator's confidentiality procedures are appropriate and to satisfy the Commission that information provided by an SDR will not be disclosed by the Foreign Regulator except as permitted by CEA section 8(e). --------------------------------------------------------------------------- \32\ The term ``Foreign Regulator'' is defined in Sec. 49.2(a)(5) to mean a foreign futures authority as defined in CEA section 1(a)(26), foreign financial supervisors, foreign central banks and foreign ministries. \33\ No Foreign Regulators are enumerated in CEA section 21(c)(7) or specifically identified as Appropriate Foreign Regulators in Sec. 49.17(b)(2). \34\ To date the Commission has not specified a form and manner for the application referenced in current Sec. 49.17(b)(2)(i)(A). --------------------------------------------------------------------------- 2. The Proposed Amendments The Commission proposes to eliminate the current filing requirements set forth in current Sec. 49.17(b)(2)(i) and establish new filing requirements in proposed Sec. 49.17(h). The Commission also proposes to include in Sec. 49.17(h), CEA section 8-related confidentiality considerations and the ability for the Commission to revisit or reassess appropriateness determinations. The filing requirements proposed in new Sec. 49.17(h) would apply to all foreign regulators regardless of whether a current MOU or similar arrangement with the Commission exists, and to any domestic regulator that is not an ADR enumerated in Sec. 49.17(b)(1)(i)-(vi) (``Enumerated ADR''). Proposed Sec. 49.17(h)(3) would specify two threshold requirements for a finding of appropriateness: (i) The requesting entity has in place appropriate safeguards to maintain the confidentiality of such swap data; and (ii) such entity is acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. These requirements are necessary but may or may not be sufficient to support an appropriateness determination: The Commission proposes to evaluate each filing on a case-by-case basis with reference to these and other factors that the Commission may find germane to its determination. If the Commission finds on the basis of information submitted that access to SDR swap data is appropriate, the Commission would issue an order confirming the regulator's status as an ADR or AFR and setting forth any conditions or limitations on access consistent with the relevant statutory and regulatory requirements (the proposed ``Determination Order''). The Commission is also proposing, through Sec. 49.17(h)(4), to be able to revisit, reassess, limit, suspend or revoke a previously issued Determination Order. The Commission believes it is necessary to be able to revisit an appropriateness determination, and potentially take one of the foregoing remedial actions, in order to be able to address situations that may arise subsequent to the determination, such as where an AFR or ADR violates the term of a Determination Order or fails to properly keep SDR swap data confidential. 3. The Factors Required for a Determination Order a. Scope of Jurisdiction CEA section 21(c)(7) directs SDRs to provide swap data to regulators ``on a confidential basis pursuant to section 8.'' \35\ The Commission interprets this provision to require consistency with CEA section 8(e)'s mandate that information may be furnished, on a confidential basis, only to other regulators acting within the scope of their jurisdiction. Accordingly, the Commission believes that an appropriateness determination must be [[Page 8374]] informed by reference to the regulator's jurisdiction and to the entity's legitimate regulatory or legal interest in the swap data to be sought. --------------------------------------------------------------------------- \35\ 7 U.S.C. 24(c)(7). --------------------------------------------------------------------------- In this regard, the Commission proposes to add to part 49 new Sec. 49.17(h)(2), which would require an applicant seeking a Determination Order to provide the Commission sufficient information to permit the Commission to conclude that the applicant would be acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. As part of this information, the Commission expects that an applicant would explain the relationship between its jurisdiction and its request for access to swap data maintained by SDRs, including an explanation of the applicant's need for particular swap data to carry out its regulatory mandate, legal authority or responsibility. The Commission proposes in new Sec. 49.17(h)(3) to specify that the Commission will not issue a Determination Order unless it is satisfied that the regulator is acting within the scope of its jurisdiction in seeking access to SDR swap data, and that any grant of access will be limited to swap data appropriate to the entity's regulatory mandate or legal authority. Each Determination Order would further require, as a condition of the appropriateness determination set forth therein, that a regulator that has received a Determination Order promptly notify the Commission, and each SDR from which it has received swap data, of any change to its jurisdiction that would relate to the swap data access requested.\36\ As described in proposed Sec. 49.17(d)(5), the Commission would be able to direct SDRs to limit, suspend or revoke the scope of an ADR's or AFR's SDR swap data access to reflect the new scope of its jurisdiction.\37\ The Commission expects that this proposed limitation on access will reduce the risk of unauthorized or unnecessary disclosures because each appropriate regulator will have access to swap data only to the extent necessary to fulfill its jurisdictional mandate or regulatory responsibility. --------------------------------------------------------------------------- \36\ The form of confidentiality arrangement set forth in proposed Appendix B to part 49 also would require such notices. \37\ As is relevant here, proposed Sec. 49.17(d)(5) would require that each SDR ``shall, as directed by the Commission, limit, suspend or revoke . . . such access should the Commission . . . direct the [SDR] to limit, suspend or revoke such access.'' --------------------------------------------------------------------------- b. Robust Confidentiality Safeguards CEA section 21(c)(7) is explicit in requiring that SDRs make swap data available on a confidential basis pursuant to CEA section 8. Proposed Sec. 49.17(h)(2) accordingly would require that the applicant submit to the Commission information sufficient to permit a determination that the applicant employs adequate confidentiality safeguards to ensure that swap data the applicant receives from an SDR will not be disclosed other than as permitted by the confidentiality arrangement required by Sec. 49.18(a). The Commission anticipates that this would involve the Commission considering whether the applicant's confidentiality protocols, system safeguards and security compliance procedures can be expected to ensure the confidentiality of the swap data, and that the applicant has in place protections sufficient to prevent unauthorized intrusions into the systems that maintain the swap data. In this regard, the Commission would also expect to consider the applicant's processes for limiting internal access to swap data to those persons with a need to know, as well as how the swap data will be stored and whether the swap data will be segregated from other information. It is the Commission's view that reliance on these factors strikes an appropriate balance between realizing the benefits of data access by regulators \38\ and the obligation to protect confidential information in accordance with the dictates of CEA section 8(e), as incorporated by reference in CEA section 21(c)(7) and (d) through those sections' incorporation of CEA section 8. The Commission considers these factors essential to a determination of appropriateness. Other considerations, while not proposed to be codified in these proposed rules, may also contribute to the Commission's appropriateness analysis. --------------------------------------------------------------------------- \38\ See CEA section 21(c)(7); see also Section 752 of the Dodd- Frank Act (recognizing the goal of effective and consistent global regulation of swaps). --------------------------------------------------------------------------- c. Additional Considerations Although the Commission proposes to eliminate the current regulatory provision conferring AFR status on a foreign regulator with ``an existing [MOU] or other similar type of information sharing arrangement executed with the Commission . . ., '' \39\ it nonetheless continues to believe that the existence of such an arrangement fosters a cooperative relationship and encourages the development of shared understandings related to regulatory responsibilities. Although not dispositive, indications of a strong cooperative relationship with another authority, as established by the existence of such an arrangement and the Commission's experience working with such authority in finalizing and administering the arrangement, would likely be a factor supporting an appropriateness determination. Also, a failure to cooperate fully or to comply with the terms of an existing or prior arrangement might be expected to weigh against an appropriateness determination. --------------------------------------------------------------------------- \39\ 17 CFR 49.17(b)(2). --------------------------------------------------------------------------- Similarly, when assessing appropriateness, the Commission expects to consider whether it receives access to swap data maintained by trade repositories in that regulator's jurisdiction. The Commission is mindful of the Dodd-Frank Act's encouragement of coordination and cooperation with foreign regulatory authorities.\40\ The Commission believes that increased data access by regulators has the potential to provide the Commission and other authorities with more complete information with which to monitor risk exposures and should be expected to promote global market stability through enhanced regulatory transparency. Accordingly, Commission access to swap data maintained by trade repositories in such other regulator's jurisdiction, an arrangement prospectively to assist the Commission in obtaining data from other jurisdictions, and a history of assistance from a foreign regulator, would be viewed favorably by the Commission in considering appropriateness. --------------------------------------------------------------------------- \40\ See Dodd-Frank Act section 752, supra. --------------------------------------------------------------------------- d. Other Matters Regarding the Determination Order Process The Commission preliminarily believes that the Determination Order process and factors discussed above offer a reasonable approach to providing requesting entities access to SDR swap data based on clearly articulated factors and any additional considerations or circumstances the Commission may deem relevant on a case-by-case basis. Both the required factors and the additional considerations support the mandate of CEA sections 8, 21(c)(7) and 21(d) and are consistent with the express intent of Congress that the Commission coordinate and cooperate with foreign regulatory authorities on matters related to the regulation of swaps. Through the issuance of Determination Orders, the Commission will be able to impose appropriate conditions or restrictions on an entity's access to SDR swap data such that the entity's access is linked to its jurisdictional scope. Pursuant to proposed Sec. 49.17(h)(4), the Commission [[Page 8375]] may also, in its discretion, issue a Determination Order of limited duration, and may otherwise limit, suspend or revoke such an order if the entity fails to comply with its terms or the terms of the statutory confidentiality arrangements. The Commission would expect SDRs to take into account any conditions or restrictions contained in a Determination Order when providing access to swap data to an ADR or AFR. The Commission further believes it is appropriate to make the process and factors proposed in Sec. 49.17(h) applicable to any domestic entities that are not enumerated as ADRs in Sec. 49.17(b)(1)(i)-(vi), as scope of jurisdiction and confidentiality considerations are equally applicable to U.S. entities, and has drafted proposed Sec. 49.17(h) accordingly. e. Request for Comment The Commission requests comment on all aspects of proposed Sec. 49.17(h), particularly on whether the proposed regulatory and other factors are sufficient to determine whether access to SDR swap data is appropriate. 4. Proposed Amendments to Sec. 49.17(d)(4)--SDR Notice and Verification Obligations CEA section 21(c)(7) requires each SDR to notify the Commission of a swap data request received from an ADR or AFR.\41\ Currently, this statutory requirement is implemented in Sec. 49.17(d)(4)(i), which provides that an SDR must promptly notify the Commission regarding ``any'' request received by an ADR or AFR to gain access to swap data maintained by the SDR. --------------------------------------------------------------------------- \41\ See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7). --------------------------------------------------------------------------- To reduce the burden on SDRs and provide greater operational efficiency consistent with the intent of CEA section 21(c)(7), the Commission is proposing to amend the SDR notification requirement in current Sec. 49.17(d)(4)(i) to require an SDR to notify the Commission (i) at the time that it receives the first request for swap data from a particular ADR or AFR and (ii) at any time that a request does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed Sec. 49.18(a). The proposed amendment would make the notification applicable only to the initial request for swap data and any subsequent request at variance with the ADR's or AFR's scope of jurisdiction: On receiving either such request for data by a particular ADR or AFR, the SDR would be required to provide prompt electronic notification to the Commission of the request, in a format specified by the Secretary of the Commission, pursuant to proposed Sec. 49.17(d)(4)(ii). The SDR would be required to keep such notification and related requests confidential consistent with the requirements of CEA sections 21(c)(6) and (7) and related regulatory requirements set forth in Sec. Sec. 49.16 and 49.17. The Commission believes that the proposed approach to SDR notification supports the Commission's need to be aware of who is able to access SDR swap data and what data has been accessed, while eliminating potentially costly, unwieldy and inefficient notice of every swap data request. Under the proposal, the Commission would be notified that a particular ADR or AFR has requested access to SDR swap data and will be able to examine records of the ADR's or AFR's individual swap data requests, and the swap data provided, as it deems necessary.\42\ --------------------------------------------------------------------------- \42\ Consistent with the current recordkeeping requirements for SDRs in Sec. 45.2(f), SDRs are required to maintain records of all information related to the initial and all subsequent requests for swap data from ADRs/AFRs. Appropriate records would include, at a minimum, the identity of the ADR/AFR accessing the swap data; the date, time and substance of the request for access; confirmation that the request is consistent with the scope of the regulator's jurisdiction; and copies of all swap data provided in connection with the request for access. Pursuant to CEA section 1.31, SDRs are required to maintain such records for a period of no less than five years after the date of such request and must provide this information to the Commission upon request. --------------------------------------------------------------------------- The Commission also proposes to amend Sec. 49.17(d)(4) by adding new subsection (iii) to require each SDR that receives a request for access to its swap data from an ADR or AFR to verify, prior to providing such access, that the request is consistent with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed Sec. 49.18(a).\43\ This verification would need to incorporate any subsequent changes thereto. The Commission is also proposing to require an ADR or AFR that has executed a confidentiality arrangement with the Commission pursuant to Sec. 49.18(a) and provided such confidentiality arrangement to one or more SDRs to notify the Commission and each such SDR of any change to such ADR's or AFR's scope of jurisdiction as described in such confidentiality arrangement. Additionally, the proposal would enable the Commission to direct a SDR to suspend, limit, or revoke access to swap data maintained by such SDR based on any such change to such ADR's or AFR's scope of jurisdiction, and that, if so directed, such SDR shall so suspend, limit, or revoke such access. --------------------------------------------------------------------------- \43\ The scope of jurisdiction would be described in Exhibit A to the form of confidentiality arrangement set forth in proposed Appendix B to part 49. --------------------------------------------------------------------------- As proposed, Sec. 49.17(d)(4)(iv) would require SDR verification only once with respect to a request for ongoing or recurring access to particular data, provided that there has not been a change in the scope of the regulator's jurisdiction (in which case an SDR would need to verify anew that the swap data requested is within the scope of the requesting ADR's or AFR's jurisdiction). The Commission recognizes that the proposed requirement imposes a burden on SDRs; however, it notes that SDRs are obliged by CEA section 21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which requires a jurisdictional nexus to the information requested. In these circumstances, the Commission believes SDRs must take a role in ensuring compliance with these statutory restrictions. 5. Proposed New Sec. 49.17(i)--Delegation of Authority In the interests of expedience and efficiency in determining appropriateness of access by regulators, the Commission proposes to delegate all functions reserved to the Commission in Sec. 49.17 to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time. 6. Request for Comment The Commission requests comment on all aspects of the proposed amendments to Sec. 49.17, and particularly invites comments on: 1. Whether commenters believe there are more cost-effective methods of notification and recordkeeping that would still provide the Commission with access to the information necessary for it to perform its regulatory functions in a manner consistent with CEA section 21(c)(7); and 2. Whether a phase-in process is necessary to decrease the likelihood that a large number of new demands on SDRs' systems from ADRs and AFRs seeking access to swap data will decrease SDR systems reliability, efficiency or speed. D. CEA Section 21(d) Confidentiality Agreements: Proposed Amendments to Sec. 49.18 CEA section 21(d), as amended, requires that, prior to providing swap data to a 21(c)(7) entity, an SDR ``shall [[Page 8376]] receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in CEA section 8 relating to the information on swap transactions that is provided.'' \44\ As originally adopted, the part 49 rules required that such confidentiality agreements be executed between the SDR and the 21(c)(7) entity.\45\ The Commission proposes to add a new Sec. 49.18(a) to require that a confidentiality arrangement be executed by and between the ADR or AFR and the Commission.\46\ Once the ADR or AFR and the Commission have executed a confidentiality arrangement, the ADR or AFR may present the executed document to any SDR from which it requests access to swap data in satisfaction of CEA section 21(d). --------------------------------------------------------------------------- \44\ See CEA section 21(d). 7 U.S.C. 24a(d) as amended by the FAST Act. \45\ See current Sec. 49.17(d)(6) and 49.18(b). \46\ See proposed Sec. 49.18(a) (requiring that an SDR received ``an executed confidentiality arrangement between the Commission and the [ADR] or [AFR] . . . .''). The Commission notes that the SEC has implemented a similar approach with respect to the execution of the required agreement. See Access to Data Obtained by Security-Based Swap Data Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2, 2016) (SEC rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and associated preamble text). --------------------------------------------------------------------------- The Commission recognizes that its proposed amendments to Sec. 49.18 represent a change in approach from the part 49 rules as adopted. Based on its experience with SDRs and swap data access since the adoption of part 49 in 2011, and further consideration of the relationship between CEA sections 21 and 8, however, the Commission believes this change is consistent with the statutory framework established by Congress in CEA section 21(d) and 21(c)(7). Moreover, in the Commission's view a confidentiality arrangement between the Commission and the regulator more directly supports the confidentiality mandate of CEA section 8. Finally, the Commission believes that the proposed requirement will promote regulatory efficiency and reduce costs to SDRs, ADRs and AFRs while ensuring the confidentiality of SDR swap data by giving full effect to the strictures of CEA section 8(e). To further promote regulatory efficiency, the Commission is proposing to provide a form of confidentiality arrangement as Appendix B to Part 49, for use by ADRs and AFRs. The Commission would expect its use by ADRs and AFRs to reduce significantly the need for these entities to negotiate separate confidentiality arrangements with the Commission. This proposed change also would eliminate the costs and potential inefficiencies to SDRs inherent in requiring them to negotiate confidentiality agreements with a potentially large number of ADRs and AFRs. Finally, while its use is not required, the Commission believes that the proposed form of confidentiality arrangement in Appendix B to Part 49 can be expected to conserve its limited staff resources by eliminating in many cases the need for the Commission and its staff to develop individualized confidentiality arrangements with multiple ADRs or AFRs seeking access to SDR swap data. 1. Current Sec. 49.18 The Commission adopted Sec. 49.18 to implement CEA section 21(d)(1) and (2) as originally enacted. Accordingly, the current rule sets forth the obligation for SDRs to execute a ``Confidentiality and Indemnification Agreement'' before providing SDR swap data to an ADR or AFR. Congress has repealed the indemnification requirement, and the Commission proposes to make conforming amendments to Sec. 49.18 to remove references to indemnification. Separately, the Commission is proposing revisions to Sec. 49.18 to modify the substantive requirements of the confidentiality arrangement and the parties to the confidentiality arrangement, to establish conditions for restricting or revoking access to SDR swap data, and to clarify the confidentiality obligations of ADRs and AFRs with regulatory responsibility over an SDR. 2. Proposed Amendments to Sec. 49.18(a)--Confidentiality Arrangement Required Prior to Disclosure of Swap Data The Commission proposes to remove current Sec. 49.18(a) \47\ and add a new Sec. 49.18(a) requiring that an SDR receive a confidentiality arrangement, executed by the Commission and the ADR or AFR seeking access to the swap data maintained by the SDR, that, at a minimum, contains all elements described in proposed Sec. 49.18(b). --------------------------------------------------------------------------- \47\ Current Sec. 49.18(a) describes the purpose of Sec. 49.18. --------------------------------------------------------------------------- 3. Proposed Amendments to Sec. 49.18(b)--Required Elements of the Confidentiality Arrangement The Commission proposes to replace the text of current Sec. 49.18(b) \48\ with a requirement that the confidentiality arrangement required pursuant to Sec. 49.18(a) shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in proposed Appendix B to part 49. Paragraph 5 of the confidentiality arrangement would require the ADR or AFR to undertake that it will be acting within the scope of its jurisdiction each time it requests swap data from an SDR, and to promptly notify the Commission and each relevant SDR if the scope of the ADR's or AFR's jurisdiction changes. Paragraph 5 of the confidentiality arrangement also would require ADRs and AFRs to employ procedures to maintain the confidentiality of swap data and any information and analyses derived therefrom (the swap data and such information are referred to collectively as the ``Confidential Information''). --------------------------------------------------------------------------- \48\ Current Sec. 49.18(b) requires an SDR to receive a confidentiality agreement from a 21(c)(7) entity before granting the 21(c)(7) entity access to swap data maintained by the SDR. As discussed above, the Commission proposes to address in proposed Sec. 49.18(a) the confidentiality arrangement condition to swap data access. --------------------------------------------------------------------------- Paragraph 6 of the confidentiality arrangement would require ADR and AFR signatories to employ the following safeguards to maintain the confidentiality of the Confidential Information: To the maximum extent practicable, maintain Confidential Information received from SDRs separately from other data and information; \49\ --------------------------------------------------------------------------- \49\ ADRs and AFRs seeking useful guidance for Confidential Information segregation can look to the data segregation standards contained in the National Institute of Standards and Technology (``NIST'') Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (April 2013), available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf or in the Federal Information Security Management Act of 2002, as amended (``FISMA''). 44 U.S.C. 3541. As the Commission has previously noted in a different context, FISMA ``is a source of cybersecurity best practices and also establishes legal requirements for federal government agencies . . . .'' System Safeguards Testing Requirements, 80 FR 80139, 80142 (Dec. 23, 2015) (``Registered Entity Cyber NPRM''). The Commission recently adopted final rules based on the Registered Entity Cyber NPRM. See System Safeguards Testing Requirements, 81 FR 64271 (Sept. 19, 2016) (``Final Registered Entity Cyber Rules''). --------------------------------------------------------------------------- Protect such Confidential Information from misappropriation and misuse; \50\ --------------------------------------------------------------------------- \50\ This should include cybersecurity measures. As the Commission detailed in a different context in the Final Registered Entity Cyber Rules, ``cyber threats to the financial sector continue to expand.'' See Final Registered Entity Cyber Rules at 64272. See also System also Safeguards Testing Requirements for Derivatives Clearing Organizations, 80 FR 80113, 80114-80115 (Dec. 23, 2015) (describing escalating and evolving cybersecurity threats); Registered Entity Cyber NPRM at 80140-80141 (Dec. 23, 2015) (describing, inter alia, the current cybersecurity threat environment). --------------------------------------------------------------------------- Ensure that only ADR or AFR personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto and that such access is [[Page 8377]] permitted only to the minimum extent necessary to perform such job functions; \51\ --------------------------------------------------------------------------- \51\ One basic principle of data security is that only those with a need to access data to perform their work should be granted access to such data. See, e.g., Framework for Improving Critical Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at https://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the ``Protect'' element of a core cybersecurity framework as one where ``[a]ccess to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.''). --------------------------------------------------------------------------- Except as provided in paragraph 8 of the confidentiality arrangement, prevent disclosure of Confidential Information unless sufficiently aggregated and anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; \52\ --------------------------------------------------------------------------- \52\ The Commission understands that ADRs and AFRs may want to use aggregated and anonymized information derived from SDR swap data in analyses that may be made public. Cf. U.S. Gov't Accountability Office, GAO-16-175, Financial Regulation: Complex and Fragmented Structure Could Be Streamlined To Improve Effectiveness 71-75 (2016) (``GAO Report''), available at https://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and related confidentiality issues and protections surrounding sharing aggregated and disaggregated information provided by other agencies). The Commission believes that, when properly aggregated and anonymized, information derived from SDR swap data generally can be disclosed without violating the requirement in CEA section 21(d) that a recipient of swap data agree, with respect to the information on swap transactions that is provided by an SDR, to abide by the confidentiality requirements described in CEA section 8. Cf. Sec. 49.16(c) (stating that ``[s]ubject to Section 8 of the Act, [SDRs] may disclose aggregated swap data on a voluntary basis or as requested[ ] in the form and manner[ ] prescribed by the Commission.''); SDR Final Rules at 54551 (stating that ``the Commission believes that it is permissible under the Dodd-Frank Act and part 49 of the Commission's regulations for an SDR to disclose, for non-commercial purposes, data on an aggregated basis such that the disclosed data reasonably cannot be attributed to individual transactions or market participants.''). In certain cases, however, even aggregated information may enable a reader to determine a market participant's business transactions, trade secrets (e.g., algorithms) or positions. Thus, the proposed form of confidentiality arrangement requires ADRs and AFRs to implement safeguards designed to appropriately limit the use of information that has been aggregated from SDR swap data and to prevent disaggregation or other derivations of a market participant's business transactions, trade data or market positions. ADRs and AFRs can look to Sec. 43.4(d)(1), (d)(4) and (g) for guidance on anonymization principles. --------------------------------------------------------------------------- Prohibit the use of Confidential Information by ADR or AFR personnel for any improper purpose; and Monitor compliance with the confidentiality safeguards and ensure prompt notification of the CFTC and each relevant SDR of any violation of the safeguards or failure to fulfill the terms of the confidentiality arrangement. Paragraph 7 of the confidentiality arrangement also would preclude, with limited exceptions, ADRs and AFRs from disclosing any Confidential Information, via onward sharing \53\ or otherwise. The only permitted disclosures would be (1) in actions, adjudicatory actions or proceedings, as applicable, described in CEA section 8(e), the operative language of which is included in paragraph 8 of the confidentiality arrangement and (2) aggregated SDR swap data that is anonymized to prevent identification (through disaggregation or otherwise) of a market participant's business transactions, trade data, market positions, customers or counterparties. --------------------------------------------------------------------------- \53\ The Commission interprets the restrictions on disclosure contained in CEA section 8 that are incorporated in CEA section 21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing swap data it obtains from an SDR. --------------------------------------------------------------------------- Paragraph 9 of the confidentiality arrangement contains certain provisions requiring ADRs and AFRs to notify the Commission, and take certain protective actions, prior to disclosing SDR swap data even where an ADR or AFR receives a legally enforceable demand to disclose Confidential Information. Paragraph 11 of the confidentiality arrangement would require ADRs and AFRs accessing swap data from SDRs to comply with all security- related requirements imposed by SDRs in connection with access to such swap data, as such requirements may be revised from time to time. Because, subject to specified conditions, CEA sections 21(c)(7) and 21(d) require SDRs to provide ADRs and AFRs access to swap data, the Commission expects that SDRs will not impose security-related access requirements beyond those that are necessary to ensure the privacy and confidentiality of SDR swap data. The Commission further expects that SDRs' security-related access requirements for ADRs and AFRs would be akin, if not identical, to the requirements SDRs impose on others (e.g., the Commission, reporting counterparties) to whom SDRs provide swap data access. To further protect the confidentiality of SDR swap data, paragraph 12 of the confidentiality arrangement would require ADR and AFR signatories to promptly destroy all Confidential Information for which they no longer have a need or which no longer falls within their scope of jurisdiction.\54\ While it may be the case that ADRs or AFRs will use some or all Confidential Information in perpetuity, if they no longer have a need for Confidential Information, they should destroy such Confidential Information to prevent its misuse. Similarly, it is possible that an SDR may inadvertently provide swap data outside the scope of an ADR or AFR's jurisdiction. In such circumstances, such swap data also should be destroyed immediately after the ADR or AFR discovers that such swap data is outside the scope of its jurisdiction. --------------------------------------------------------------------------- \54\ Paragraph 12 of the confidentiality arrangement would also require ADR and AFR signatories to certify to the CFTC, upon request, that they have destroyed such swap data. --------------------------------------------------------------------------- The proposed rule would require that the confidentiality arrangement must include an exhibit (Exhibit A) specifying the scope of jurisdiction of the ADR or AFR signatory. If such signatory is not an Enumerated ADR, the ADR or AFR would attach the Commission Determination Order described in Sec. 49.17(h) as Exhibit A to the confidentiality arrangement. If such signatory is an Enumerated ADR, it would attach, as Exhibit A to the confidentiality arrangement, a detailed description of its scope of jurisdiction as it relates to the swap data maintained by SDRs that the ADR would seek pursuant to the confidentiality arrangement. This requirement is designed to assist SDRs in determining that the scope of each swap data request is within the scope of the requesting entity's jurisdiction. While the Commission would impose certain obligations on ADRs and AFRs, with respect to swap data received from an SDR, in the proposed confidentiality arrangement, ADRs and AFRs retain the discretion to determine how to comply with those obligations. Additionally, to the extent that neither the proposal nor commenters address a relevant confidentiality issue that arises after an ADR or AFR commences accessing swap data, the Commission expects affected ADRs and AFRs to take appropriate measures to safeguard affected swap data and advise the Commission of such issue promptly so that the Commission may consider appropriate action. 4. Removal of Sec. 49.18(c)--ADRs and AFRs With Regulatory Responsibility Over an SDR The Commission proposes to remove current Sec. 49.18(c), which provides that the indemnification and confidentiality requirements established in Sec. 49.18(b) do not apply to certain ADRs and AFRs with regulatory jurisdiction or supervisory responsibilities over an SDR, but requires such regulators to comply with CEA section 8 and ``any other relevant statutory confidentiality authorities.'' As noted above in section II.B. relating to Sec. 49.17(d)(2) and (3), the Commission believes that those domestic and foreign regulators that have regulatory responsibility over an [[Page 8378]] SDR should be able to access SDR data reported to such SDR pursuant to such other regulator's regulatory regime, without limitation. Therefore, the Commission submits that Sec. 49.18(c) is not appropriate because it requires these domestic and foreign regulators with regulatory responsibility over SDRs to comply with CEA section 8 and any other relevant statutory confidentiality authorities. In addition, Sec. 49.17(d)(2) and (3) already provide that the confidentiality and indemnification requirements of Sec. 49.18(b) do not apply to these domestic and foreign regulators with regulatory responsibility over SDRs. However, insofar as a regulator sought swap data that was not reported to the SDR pursuant to that regulator's regulatory regime, the exclusions set forth within Sec. 49.17(d)(2) and (3) would not apply. The Commission accordingly submits that current Sec. 49.18(c) is inappropriate and unnecessary, and therefore, should be eliminated. 5. Failure to Fulfill the Terms of a Confidentiality Arrangement: Proposed Sec. 49.18(c) and (d) The Commission proposes in new Sec. 49.18(c) to require SDRs to promptly report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that they receive pursuant to Sec. 49.18(a). Proposed new Sec. 49.18(d) would authorize the Commission to direct an SDR to limit, suspend or revoke an AFR's or ADR's access to swap data, if the Commission determines that the AFR or ADR has failed to fulfill the terms of its confidentiality arrangement with the Commission.\55\ --------------------------------------------------------------------------- \55\ Proposed Sec. 49.18(d) provides that, if an ADR or AFR fails to fulfill the terms of a confidentiality arrangement under paragraph (a) of proposed Sec. 49.18, the Commission may direct each registered SDR to limit, suspend or revoke the ADR's or AFR's access to swap data held by the SDR Similarly, proposed Sec. 49.17(d)(5) would require an SDR, as directed by the Commission, to limit, suspend or revoke an ADR's or AFR's swap data access should the Commission revoke the appropriateness determination for such ADR or AFR or otherwise direct the SDR to suspend or revoke such access. --------------------------------------------------------------------------- 6. Proposed Sec. 49.18(e)--Delegation of Authority The Commission is proposing to add Sec. 49.18(e)(1) to delegate to the Director of the Division of Market Oversight, and to such staff acting under his or her direction as he or she may designate from time to time, all functions reserved to the Commission in Sec. 49.18. Proposed Sec. 49.18(e)(2) would reserve to the Director of the Division of Market Oversight the authority to submit to the Commission for its consideration any matter which has been delegated to the Director under proposed Sec. 49.18(e)(1). The Commission proposes in Sec. 49.18(e)(3) to expressly permit the Commission, at its election, to exercise the authority delegated to the Director of the Division of Market Oversight under proposed Sec. 49.18(e)(1). This delegation is intended to conserve Commission resources and increase the effectiveness and efficiency of the Commission's oversight and supervision of SDR swap data access. The Commission anticipates that the delegation of authority will help facilitate timely access to SDR swap data by ADRs and AFRs consistent with the requirements set forth in part 49 of the Commission's regulations. However, the Division of Market Oversight may submit matters to the Commission for its consideration, as it deems appropriate. 7. Conforming Changes As a result of the FAST Act Amendments, the Commission proposes conforming changes to Sec. 49.17(d)(6), to delete references to an Indemnification Agreement. As a result of the proposed changes to Sec. 49.18, and in particular, Sec. 49.18(a), the Commission proposes conforming changes to Sec. 49.22(d)(4) relating to chief compliance officer compliance responsibilities and duties so that the appropriate section reflecting the confidentiality arrangement is referenced. 8. Request for Comment 1. The Commission requests comment on all aspects of the proposed amendments to Sec. 49.18. Commenters are particularly invited to address the proposed amendments to Sec. 49.18 relating to the confidentiality provisions of CEA sections 21(c)(7) and 21(d), whether the Commission should prescribe specific processes to govern ADR and AFR requests for swap data access from an SDR; and whether the Commission should prescribe a process to govern an SDR's treatment of requests for swap data access. 2. In addition, commenters are invited to address the proposed rules implementing the notification requirement. In this regard, is there an alternative to requiring SDRs to maintain copies of all data they provide in connection with the data access provisions that would still permit the Commission to assess the SDR's ongoing compliance with those provisions? For example, are alternative approaches available such that the Commission need not require SDRs to maintain actual copies of all information provided pursuant to the data access provisions? Would such an alternative approach reduce the burdens on SDRs while still permitting the Commission to assess ongoing compliance? E. Other Changes In addition to those changes discussed throughout this release, the Commission is proposing other changes to part 49, including a number of ministerial changes. The Commission proposes to amend Sec. 49.9(a)(9) to change the reference in Sec. 49.9(a)(9) from ``certain appropriate domestic regulators and foreign regulators'' to ``Appropriate Domestic Regulators and Appropriate Foreign Regulators'' to make clear that an SDR is required to provide access to swap data, pursuant to Sec. 49.17, only to ADRs and AFRs. The Commission is proposing to make a number of other changes to part 49 to more consistently refer to the defined term ``swap data''. The Commission is proposing to modify the references in existing Sec. Sec. 49.9(a)(9) and 49.17(b)(2)(i) to ``swap data or information''; the reference in existing Sec. 49.17(d)(4)(i) to ``swaps transaction data''; and the reference in existing Sec. 49.17(d)(6) to ``requested data,'' to be references to ``swap data'' as that term is defined in Sec. 49.2(a)(15). The Commission is proposing these changes to eliminate confusion and to conform part 49 to the FAST Act's amendment of CEA section 21(c)(7) to refer to ``swap data.'' The Commission is also proposing to replace the reference in Sec. 49.17(a) to ``swaps data'' with a reference to ``swap data'' and to replace the reference in Sec. 49.17(a) to ``Regulation'' with a reference to ``Sec. 49.17'' to match the format of the reference in Sec. 49.17(b). The Commission does not intend to effect any substantive changes with these proposed amendments. The Commission is proposing to change the references to ``swap transaction data'' and ``swaps transaction data'' in Sec. 49.17(c)(2) and 49.17(c)(3) to ``swap data'' as defined in Sec. 49.2(a)(15). The Commission is also proposing to change the references to ``data'' in Sec. 49.17(d)(5), (d)(6), (e), and (e)(1) to ``swap data'' in order to clarify the Commission's intent to refer to ``swap data'' within the meaning of Sec. 49.2(a)(15). For the same reason, the Commission is also proposing to add ``swap data and'' before ``information'' in Sec. 49.17(e)(2) to conform it to Sec. 49.17(e)(1), as proposed to be amended.\56\ The Commission also [[Page 8379]] proposes to add the term ``and information'' after the term ``swap data'' in the second sentence of Sec. 49.17(e) so that such sentence is consistent with the first sentence of Sec. 49.17(e), which permits access by third parties to both swap data and information maintained by a registered SDR, subject to certain conditions. --------------------------------------------------------------------------- \56\ Although Sec. 49.17(e) uses the terms ``data'' and ``swap data'' interchangeably, the Commission intended those paragraphs to reference the definition of ``swap data'' and, consequently, believes that these do not represent a change to the Commission's original intent in promulgating Sec. 49.17(e). However, the term ``swap data'' is narrower than the terms ``data'' and ``information.'' Consequently, changing ``data'' to ``swap data'' arguably would narrow the scope of the confidentiality procedures and confidentiality arrangement required by Sec. 49.17(e)(1) and (2). --------------------------------------------------------------------------- In Sec. 49.17(f)(2), the Commission is proposing to change both references to ``[d]ata and information'' to ``[S]wap data and information'' in order to clarify, in each case, that the intended reference is to ``swap data'' as defined in Sec. 49.2(a)(15). In addition to those changes related to references to swap data, the Commission is also proposing to amend Sec. 49.17(b)(1)(vii) to change ``[a]ny other person the Commission deems appropriate[ ]'' to ``[a]ny other person the Commission determines to be appropriate pursuant to the process set forth in Sec. 49.17(h)'' to match the language in CEA section 21(c)(7). Commission regulation 49.17(f)(1) currently states, ``Access of swap data maintained by the registered swap data repository to market participants is generally prohibited.'' The Commission is proposing to amend Sec. 49.17(f)(1) to state, ``Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in Sec. 49.17(f)(2)'' in order to clarify its meaning. The Commission does not intend this to be a substantive change to Sec. 49.17(f)(1). Finally, the Commission is proposing several minor clarifying changes to Sec. 49.18(b).\57\ These changes include replacing ``the swap data'' with ``swap data''; replacing the ``with any Appropriate Domestic Regulator or Appropriate Foreign Regulator'' reference with ``to any Appropriate Domestic Regulator or Appropriate Foreign Regulator''; and adding ``each'' before ``as defined in Sec. 49.17(b)'' to reflect that both ``Appropriate Domestic Regulator'' and ``Appropriate Foreign Regulator'' are defined terms in Sec. 49.17(b). --------------------------------------------------------------------------- \57\ These proposed changes appear in proposed Sec. 49.18(a). --------------------------------------------------------------------------- III. Request for Comment In addition to the specific questions set forth in various sections above, the Commission requests comment on all aspects of the proposal, and particularly invites comment on the questions set forth below. (1) What, if any, impediments exist to accurately and cost- effectively determining whether swap data access requests are within the scope of an ADR's/AFR's jurisdiction? (2) Are there any particular elements the Commission has proposed to include in the confidentiality arrangement that are unnecessary? Has the Commission omitted particular element(s) that should be included in a confidentiality arrangement? (3) Do SDRs maintain swap data in a manner that permits accurate reproduction at a later date of the results of an ADR's/AFR's request for swap data? If so, is it necessary for the Commission to require that SDRs maintain records of the results of such requests, as opposed to merely maintaining the details of the request? IV. Related Matters A. Regulatory Flexibility Act The Regulatory Flexibility Act (``RFA'') requires federal agencies, in promulgating rules, to consider the impact of those rules on small entities.\58\ The rules proposed herein will have a direct effect on the operations of SDRs and certain domestic and foreign regulators seeking access to swap data reported to, and maintained, by SDRs. --------------------------------------------------------------------------- \58\ See 5 U.S.C. 601 et seq. --------------------------------------------------------------------------- The Commission has previously established certain definitions of ``small entities'' to be used by the Commission in evaluating the impact of its rules on small entities in accordance with the RFA.\59\ The Commission has previously determined that SDRs are not small entities for purpose of the RFA.\60\ For purposes of the Regulatory Flexibility Act, the definition of ``small entity'' also encompasses ``small governmental jurisdictions,'' which in relevant part means governments of locales with a population of less than fifty thousand.\61\ Although the Commission anticipates that this proposal may be expected to have an economic impact on various governmental entities that access data pursuant to Dodd-Frank's data access provisions, the Commission does not anticipate that any of those governmental entities would be small governmental jurisdictions. Therefore, the Commission does not believe that this proposal will have a significant economic impact on a substantial number of small entities. Therefore, the Chairman, on behalf of the Commission, pursuant to 5 U.S.C. 605(b), hereby certifies that the proposed rules will not have a significant economic impact on a substantial number of small entities. --------------------------------------------------------------------------- \59\ See Policy Statement and Establishment of ``Small Entities'' for purposes of the Regulatory Flexibility Act, 47 FR 18618 (Apr. 30, 1982) at 18618-21. \60\ See Part 49 Adopting Release at 54575 and Notice of Proposed Rulemaking: Swap Data Repositories, 75 FR 80898 (Dec. 23, 2010) at 80926. \61\ 5 U.S.C. 601(5), (6). --------------------------------------------------------------------------- B. Paperwork Reduction Act The proposed amendments to part 49 would result in new ``collection of information'' requirements within the meaning of the Paperwork Reduction Act of 1995 (``PRA'').\62\ An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (``OMB'') control number. The OMB control number for the information collection associated with part 49 swap reporting is 3038- 0086.\63\ The Commission is seeking to revise Information Collection 3038-0086 because the rule amendments proposed herein will impose information collection requirements that require approval from OMB under the PRA. The Commission is therefore submitting this proposal to OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11. --------------------------------------------------------------------------- \62\ 44 U.S.C. 3501 et seq. \63\ See OMB Control Number 3038-0086 (``Information Collection 3038-0086''). The most recent revision to OMB Control Number 3038- 0086 was approved November 30, 2015 and is available at: https://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086. --------------------------------------------------------------------------- 1. Summary of the Proposed Requirements The proposed modifications to part 49 would require SDRs to make swap data available to requesting entities if certain conditions are satisfied. These conditions include the requesting entity executing a confidentiality arrangement and, in some cases, receiving a determination order from the Commission that it is an appropriate entity to receive SDR swap data. The proposed modifications would also require SDRs to report failures to fulfill the terms of confidentiality arrangements to the Commission. 2. Collection of Information Currently, OMB Control Number 3038-0086 sets out burden estimates relating to a broad range of SDR obligations associated with registration requirements, reporting requirements, recordkeeping requirements, and disclosure requirements. Where the information collection associated with those obligations would be modified by this proposed rule, the Commission is proposing to revise Information [[Page 8380]] Collection 3038-0086 accordingly. To the extent the proposed modifications to part 49 introduce new information collections that were not previously incorporated into Information Collection 3038-0086, the Commission is proposing to revise Information Collection 3038-0086 to account for the new information collections. Finally, many of the information collections discussed in Information Collection 3038-0086 are not implicated or modified by the Commission's proposed revisions to part 49 in this release. The Commission, therefore, is not proposing to revise the estimated burdens associated with such information collections. New or revised information collections contained in these proposed revisions to part 49 will affect SDRs as well as entities that request access to SDR swap data pursuant to these provisions. As discussed above, the proposed modifications to part 49 set out in this release are intended to provide a process by which other authorities may obtain access to SDR swap data. The information collections associated with this process are intended to ensure that SDR swap data is only accessed by appropriate entities and that the confidentiality of any accessed SDR swap data is adequately protected. The ultimate result of this process is intended to provide other authorities with information to assist with the oversight of the global swaps market and market participants. ADR/AFRs. As discussed throughout this release, certain conditions must be satisfied before a requesting entity is permitted to access SDR swap data. These conditions may implicate various PRA collections and burdens as discussed below. Pursuant to Sec. 49.18(a), every requesting entity seeking access to SDR swap data must execute a confidentiality arrangement with the Commission prior to receiving access. This requirement applies to both those entities that are specifically enumerated as appropriate in Sec. 49.17(b)(1) and those entities that require a determination from the Commission that they are appropriate entities to receive access to SDR swap data, regardless of whether the requesting entity is a domestic or foreign entity. In addition to executing a confidentiality arrangement, requesting entities that are not Enumerated ADRs will be required to seek a Determination Order from the Commission to have access to SDR swap data. Such Determination Orders will describe SDR swap data that is appropriate for the entity to access, based on the requesting entity's scope of jurisdiction. For Enumerated ADRs, the Commission is proposing to require that the confidentiality arrangement describe the requesting entity's scope of jurisdiction. The Commission believes the use of the form of confidentiality arrangement set out in Appendix B to part 49 will provide an efficient means to satisfy the requirements of Sec. 49.18(a). The Commission, for PRA purposes, believes that it is reasonable to assume that 300 total entities will seek access to SDR swap data. This estimate is based on the Commission's experience in receiving data requests from other regulators and its experience in coordinating and cooperating with other regulators.\64\ For PRA purposes, the Commission assumes there are four SDRs, which is the number of SDRs that are provisionally registered with the Commission. As the confidentiality arrangement will be between the ADR or AFR and the Commission and delivered to the SDR, AFRs and ADRs need not execute a separate confidentiality arrangement for each SDR. Accordingly, the Commission estimates, for PRA purposes, that the total number of confidentiality arrangements that will be executed under the proposed rules is 300. Given that the Commission will have published a form of confidentiality arrangement as an appendix to part 49, the Commission estimates that the review and execution of each confidentiality arrangement by an ADR or AFR will take approximately 40 hours, for a total burden of 12,000 hours. The burden estimates associated with entering into such confidentiality arrangements are addressed in the proposed revised OMB Control Number 3038-0086. --------------------------------------------------------------------------- \64\ The Commission estimates that up to approximately 30 authorities in the United States may seek to access swap data from SDRs. In the context of potential AFRs, the Commission believes that most requests will come from authorities in G20 countries, each of which will have no more and likely fewer than 30 authorities that may request swap data from SDRs. In addition, certain authorities from outside the G20 also may request swap data from SDRs. Accounting for all of these entities, the Commission estimates that there likely will be a total of no more than 300 relevant domestic and foreign authorities that may request swap data from SDRs. --------------------------------------------------------------------------- An entity that seeks access to SDR swap data must be considered appropriate by the Commission prior to that entity receiving access to SDR swap data. For Enumerated ADRs, there is no burden associated with seeking to be deemed appropriate by the Commission as they are already enumerated as such. Those entities that are not Enumerated ADRs will be required to receive a Determination Order prior to receiving access to SDR swap data. The process for obtaining such a Determination Order is set out in general terms in proposed Sec. 49.17(h) and requires the requesting entity to prepare and submit an application to the Commission. The preparation and submittal of this application constitutes an information collection under the PRA. As discussed above, the Commission believes that for PRA purposes it is reasonable to assume that 300 domestic and foreign entities will seek access to SDR swap data. Very few of these entities are specifically enumerated in Sec. 49.17(b)(1). The Commission estimates, for PRA purposes, that each such requesting entity would expend 100 hours in connection with filing an application to receive an appropriateness determination, for a total initial burden of no more than 30,000 hours, calculated as the product of 300 domestic and foreign entities seeking access to SDR swap data and 100 hours per application). This estimate considers the relevant information that would be required to be provided in such an application, including information regarding the entity's scope of jurisdiction, mutual assistance provided to the Commission, and the existence of cooperation related to an MOU or similar information sharing arrangement with the Commission, as well as any other information relevant for the Commission's determination. This burden estimate is included in the Commission's proposed revisions to Information Collection 3038-0086. Swap Data Repositories. As discussed throughout this release, SDRs are required to facilitate access to SDR swap data by requesting entities, provided certain conditions are met. This requirement may implicate PRA collections and burdens, some of which are already addressed in the existing OMB Control Number 3038-0086, and some of which constitute new collections, as discussed below. Currently, the burden on SDRs of making data available to ADRs and AFRs is accounted for in OMB Control Number 3038-0086, as this is an existing obligation under existing Sec. 49.17(d). However, the proposed rules set out in this release clarify and modify the requirements imposed on SDRs in providing access to SDR swap data to ADRs and AFRs. Consequently the Commission is revising Information Collection 3038-0086 to account for these modifications. The Commission expects to limit a requesting entity's access to SDR swap data based on the entity's scope of jurisdiction. In connection with this [[Page 8381]] limitation, the Commission expects SDRs to incur burdens and costs associated with setting up access to SDR swap data that is consistent with an ADR or AFR's scope of jurisdiction. The Commission expects that each confidentiality arrangement will identify, either directly or through the attached Determination Order, the scope of access that is appropriate for a given requesting entity. The Commission expects SDRs to use these limitations to program their systems to reflect the scope of the ADR or AFR's access to SDR swap data. These limits set out in the confidentiality arrangement are expected to reduce the burdens on SDRs of assessing whether a request satisfies the relevant conditions, particularly with regard to whether SDR swap data relates to persons or activities within the requesting entity's scope of jurisdiction. The Commission estimates that the burden on an SDR associated with setting up access restrictions to match a requesting entity's scope of jurisdiction will include 20 hours of programmer analyst time, five hours of senior programming time, and one hour of attorney time, for a total of 26 hours. Consequently, for PRA purposes, the Commission estimates that each SDR would incur a total burden of 7,800 hours (i.e., the product of 300 entities and 26 hours of time) associated with setting up access for each ADR or AFR. The burdens associated with these permissioning requirements are addressed in proposed revised OMB Control Number 3038-0086. SDRs will also be required to provide electronic notice to the Commission of the first request for data from a particular requesting entity and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. In addition to notifying the Commission of the foregoing, the Commission is proposing, in Sec. Sec. 49.17(d)(4)(i) and (iii), to require SDRs to maintain records of all information related to the initial and all subsequent requests for data from the requesting entity. These records shall include, at a minimum, the identity of the requestor or person accessing the data; the date, time and substance of the request or access; and copies of all data reports or other aggregation of data provided in connection with the request or access. The SDR shall maintain this information for a period of no less than five years after the date of such request and shall provide this information to the Commission upon request. Currently, OMB Control Number 3038-0086 estimates burdens associated with various registration, reporting, recordkeeping, and disclosure requirements to which SDRs are subject. The proposed recordkeeping requirements relating to requesting entities' data requests constitute an information collection for PRA purposes and require the Commission to revise the recordkeeping burden estimates contained in OMB Control Number 3038-0086. The reporting and recordkeeping requirements proposed in this release may potentially impact each SDR. SDRs already have the ability to communicate electronically with the Commission and are subject to significant recordkeeping requirements pursuant to Sec. 49.12. Therefore, the proposed requirements should not result in SDRs having to incur initial costs to implement systems to properly notify the Commission when a requesting entity submits a data request for the first time that are in excess of what is already accounted for in OMB Control Number 3038-0086. The Commission estimates that initially each SDR may incur a burden of 360 hours associated with these proposed recordkeeping requirements, for a total of 1,440 hours (i.e., the product of four SDRs and 360 hours). Additionally, the Commission estimates that each SDR would incur an annual burden of 280 hours associated with the recordkeeping requirements, for a total of 1,120 hours annually (i.e., the product of four SDRs and 280 hours). The burdens associated with these notification requirements are addressed in proposed revised Information Collection 3038-0086. Finally, current Information Collection 3038-0086 accounts for the costs to SDRs of executing a ``Confidentiality and Indemnification Agreement'' with each requesting ADR and AFR. Under the Commission's proposal, the SDR is no longer required to execute such an agreement with the ADRs or AFRs. The proposed confidentiality arrangement shall be between the requesting ADR or AFR and the Commission. Accordingly, the total burden to SDRs, as currently reflected in Information Collection 3038-0086, is reduced by the cost to execute such agreements. The reduction in burden associated with this change in the confidentiality agreement is addressed in proposed revised Information Collection 3038-0086. 3. Request for Comments on Collection The Commission invites the public and other Federal agencies to comment on any aspect of the reporting burdens discussed above. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (1) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) evaluate the accuracy of the Commission's estimate of the burden of the proposed collection of information; (3) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; and (4) minimize the burden of the collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology. Comments may be submitted directly to the Office of Information and Regulatory Affairs, by fax at (202) 395-6566 or by email at OIRAsubmissions@omb.eop.gov. Please provide the Commission with a copy of submitted comments so that all comments can be summarized and addressed in the final rule preamble. Refer to the ADDRESSES section of this notice of proposed rulemaking for comment submission instructions to the Commission. A copy of the supporting statements for the collections of information discussed above may be obtained by visiting www.RegInfo.gov. OMB is required to make a decision concerning the collection of information between 30 and 60 days after publication of this document in the Federal Register. Therefore, a comment is best assured of having its full effect if OMB receives it within 30 days of publication. C. Cost-Benefit Considerations 1. Introduction As discussed in Section I, entitled ``Background and Introduction,'' above, Congress passed the FAST Act to facilitate broader access to swap data by the regulatory community. Section 86001(b) of the FAST Act amends CEA section 21 by, among other things, eliminating the requirement that, as a condition of receiving information from SDRs, each ADR or AFR agree to indemnify the SDR and the Commission for any expenses arising from litigation relating to the information provided under CEA Section 8. The Commission is issuing this proposed rulemaking to enable ADRs and AFRs to access swap data, subject to certain safeguards designed to protect swap data from misappropriation or misuse, and to advise the public of the practical implications of the changes to the CEA made by the FAST Act. The Commission preliminarily believes that the proposed safeguards are warranted based on the incorporation by reference [[Page 8382]] in CEA sections 21(c)(7) and 21(d) of the strong protections of CEA section 8. CEA section 15(a) requires the Commission to consider the costs and benefits of its actions before promulgating a regulation under the CEA or issuing certain orders. CEA section 15(a) further specifies that the costs and benefits shall be evaluated in light of the following five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness, and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The Commission considers the costs and benefits resulting from its discretionary determinations with respect to the CEA section 15(a) factors. As an initial matter, the Commission recognizes that there are benefits, discussed more fully below, for domestic and foreign regulators to have access to SDR swap data. Yet, there are inherent compromises between data access and data security. More directly, greater access leads to data being less secure from misappropriation or misuse. The Commission recognizes that there are costs associated with this proposed rulemaking. The Commission, however, lacks the requisite data and information to precisely estimate costs, in part, because the proposed rulemaking grants SDRs, ADRs, and AFRs discretion to implement the proposed regulations through alternative measures. Furthermore, the Commission does not know which approach SDRs, ADRs, and AFRs will take. As a consequence, where it is not feasible to quantify (e.g., because of the lack of accurate data or appropriate metrics), the Commission has considered the costs and benefits of this proposed rulemaking in qualitative terms. The Commission, nevertheless, requests that commenters provide any data or other information that would be useful in the estimation of the quantifiable costs and benefits of this proposed rulemaking. 2. Baseline and Proposed Rule Summary a. Definition of Foreign Regulator--Proposed Amendment to Sec. 49.2(a)(5) The status quo baseline definition for the term ``foreign regulator'' as defined in current Sec. 49.2(a)(5) is a ``foreign futures authority as defined in CEA Section 1a(26), foreign financial supervisors, foreign central banks and foreign ministries.'' \65\ The Commission is proposing to amend the term ``foreign regulator'' to add entities. Specifically, the Commission is adding the phrase ``other foreign authorities'' to the definition. This approach is consistent with the FAST Act's amendment to CEA section 21(c)(7)(E). --------------------------------------------------------------------------- \65\ 17 CFR 49.2(a)(5). --------------------------------------------------------------------------- b. Definition of Appropriate Foreign Regulator--Proposed Amendment to Sec. 49.17(b)(2) The status quo baseline definition for the term ``Appropriate Foreign Regulator'' (defined in current Sec. 49.17(b)(2)) is ``those Foreign Regulators with an existing memorandum of understanding or other similar type of information sharing arrangement executed with the Commission and/or Foreign Regulators without an MOU as determined on a case-by-case basis by the Commission.'' \66\ --------------------------------------------------------------------------- \66\ 17 CFR 49.17(b)(2). --------------------------------------------------------------------------- The Commission is proposing to amend current Sec. 49.17(b)(2) to require all ``foreign regulators'' to file an application with the Commission to become ``Appropriate Foreign Regulators.'' The existence of a current MOU or other information sharing arrangement with the Commission will not be dispositive to a determination of appropriateness. The proposed amendment would require the Commission to issue an order finding each foreign regulator ``appropriate.'' In this manner, the Commission will ensure that each ``Appropriate Foreign Regulator'' is acting within its scope of jurisdiction as mandated under CEA section 21(c)(7) through incorporation by reference of CEA section 8(e). The Commission believes that this proposal will provide greater control over the process by which foreign regulators obtain access to SDR swap data; specifically, it will help to ensure that only those foreign regulators who have a regulatory interest in SDR swap data can access such swap data. The limitation on swap data access proposed in this recommendation is expected to help reduce the risk of unauthorized disclosure, misappropriation or the misuse of swap data. c. Duties of Registered SDRs--Proposed Amendments to Sec. 49.9(a)(9) The Commission has proposed conforming language changes to current Sec. 49.9(a)(9).\67\ There are no substantive changes with respect to costs and benefits. --------------------------------------------------------------------------- \67\ 17 CFR 49.9(a)(9). --------------------------------------------------------------------------- d. Purpose of Access to SDR Data--Proposed Amendment to Sec. 49.17(a) The Commission has proposed conforming language changes to current Sec. 49.17(a).\68\ There are no substantive changes with respect to costs and benefits. --------------------------------------------------------------------------- \68\ 17 CFR 49.17(a). --------------------------------------------------------------------------- e. Appropriate Domestic Regulator--Proposed Amendment to Sec. 49.17(b)(vii) The Commission has proposed conforming language changes to current Sec. 49.17(b)(vii) to cross-reference the process under Sec. 49.17(h).\69\ There are no substantive changes with respect to costs and benefits in proposed Sec. 49.17(b)(vii). If there are any costs or benefits associated with the changes in Sec. 49.17(b)(vii), they will be discussed in regards to the process defined under proposed Sec. 49.17(h), which is the appropriateness-determination process. --------------------------------------------------------------------------- \69\ 17 CFR 49.17(b)(vii). --------------------------------------------------------------------------- f. Domestic Regulator With Regulatory Responsibility--Proposed Amendment to Sec. 49.17(d)(2) By way of this proposed rulemaking, the Commission has explained that if a domestic regulator receives swap data pursuant to its regulatory regime, that access is not subject to CEA sections 21(c)(7) or 21(d), or Commission regulations Sec. 49.17(d) or Sec. 49.18. g. Foreign Regulator With Regulatory Responsibility--Proposed Amendment to Sec. 49.17(d)(3) Foreign Regulators require data in order to fulfill their regulatory responsibilities. In proposed Sec. 49.17(d)(3) the Commission has explained that, if a foreign regulator receives swap data pursuant to its regulatory regime, that access is not subject to CEA sections 21(c)(7) or 21(d), or Sec. Sec. 49.17(d) or 49.18. h. SDR Notification Requirement--Proposed Amendment to Sec. 49.17(d)(4)(i) to (iv) Current Sec. 49.17(d)(4)(i) requires an SDR to promptly notify the Commission regarding any request for swap data received by Appropriate Domestic or Foreign Regulators.\70\ SDRs under this current regulation are required to notify the Commission for each and every request of an Appropriate Domestic or Foreign Regulator (including ongoing swap data requests). --------------------------------------------------------------------------- \70\ 17 CFR 49.17(d)(4)(i). --------------------------------------------------------------------------- The Commission proposes to amend current Sec. 49.17(d)(4)(i)-(ii) to provide that SDRs notify the Commission at the time that such SDR receives the initial request for swap data from a particular [[Page 8383]] ADR or AFR and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. Consistent with current recordkeeping requirements set forth in Sec. 49.12, SDRs are required to maintain books and records of all information related to the initial and any subsequent requests for swap data from an Appropriate Domestic or Foreign Regulator. The Commission also proposed electronic notification similar to the current rule requirement. In addition, the Commission placed a few obligations on SDRs under proposed Sec. 49.17(d)(4)(iii) and (iv) regarding data access to ADRs and AFRs, and determining an ADR's or AFR's jurisdiction. In addition, proposed Sec. 49.17(d)(4)(iii) requires SDRs to limit, suspend, or revoke an ADR's or AFR's swap data access if the ADR's or AFR's scope of jurisdiction changes and the Commission directs the ADR or AFR to limit, suspend, or revoke an ADR's or AFR's swap data access. i. Timing; Limitation, Suspension or Revocation of Access--Proposed Amendments to Sec. 49.17(d)(5) The changes to the rule text in current Sec. 49.17(d)(5) make clear that SDRs must notify the Commission of an ADR or AFR access request and the receipt of a confidentiality arrangement, among other things. In addition, proposed Sec. 49.17(d)(5) requires SDRs to limit, suspend, or revoke an ADR's or AFR's swap data access if the Commission limits, suspends or revokes the ADR's or AFR's appropriateness determination or otherwise directs the ADR or AFR to limit, suspend, or revoke an ADR's or AFR's swap data access. j. Confidentiality Agreement--Proposed Amendments to Sec. Sec. 49.17(d)(6) and 49.18(a)-(f) Current Sec. Sec. 49.17(d)(6) and 49.18, adopted as part of the original part 49 rules, provide that SDRs execute a ``Confidentiality and Indemnification Agreement'' with a CEA section 21(c)(7) entity, prior to sharing swap transaction data and information.\71\ This Agreement is required to state that the other regulator will abide by the confidentiality provisions of CEA section 8 and agree to indemnify both the SDR and the Commission against any litigation expenses relating to information provided under CEA section 8. However, through the passage of the FAST Act, Congress has eliminated the requirement that certain domestic and foreign regulators execute the ``Confidentiality and Indemnification Agreement'' prior to obtaining SDR swap data. More specifically, Congress amended CEA section 21(d) to require only the execution of a written agreement by domestic and foreign regulators prior to receipt of swap data from SDRs so that these regulators will abide by the confidentiality requirements described in CEA section 8. --------------------------------------------------------------------------- \71\ See 17 CFR 49.17(d)(6) and 49.18. --------------------------------------------------------------------------- The Commission proposes to amend current Sec. Sec. 49.17(d)(6) and 49.18 to (i) reflect the FAST Act amendments to CEA sections 21(c)(7) and (d), and (ii) require SDRs to receive a confidentiality arrangement from a 21(c)(7) entity, before sharing swap data, to satisfy the requirements of CEA section 21(d). Unlike the current regulations, this confidentiality arrangement will not be executed by the SDR with the 21(c)(7) entity, but instead would be executed by the Commission and the 21(c)(7) entity. The Commission proposes to provide a form of confidentiality arrangement attached as Appendix B to part 49. Use of the form would not be mandatory but would provide an efficient and expeditious means of fulfilling the confidentiality requirement of 21(d) and Sec. Sec. 49.17(d) and 49.18. k. Third-Party Service Providers--Proposed Amendments to Sec. 49.17(e) The Commission modified the text in current Sec. 49.17(e) for clarity. There are no substantive cost or benefit implications. l. Access by Market Participants Barred--Proposed Amendment to Sec. 49.17(f) The Commission modified the text in current Sec. 49.17(f) for clarity. There are no substantive cost or benefit implications. m. Filing Requirements for Applicants To Be Determined Appropriate-- Proposed Amendments to Sec. 49.17(h) In this proposed rulemaking, the Commission has added proposed Sec. 49.17(h) to describe the application process for persons seeking an appropriateness determination. In sub-paragraph (2), the Commission explains that the applicant must provide sufficient detail to explain its jurisdiction and its confidentiality safeguards. Proposed Sec. 49.17(h)(3) also outlines the standards by which the Commission will issue an appropriateness determination. Finally, the Commission explains in proposed Sec. 49.17(h)(4) that it reserves the right to ``revisit, reassess, limit, suspend or revoke'' an appropriateness determination. n. Delegation of Authority--Addition of Proposed Sec. Sec. 49.17(i) and 49.18(e) Current Sec. Sec. 49.17 and 49.18 do not have delegation of authority provisions. The Commission proposes to amend Sec. Sec. 49.17 and 49.18 to add a delegation of authority to the Director of the Division of Market Oversight (``DMO'') and the Director's designee(s) of functions reserved to the Commission in Sec. Sec. 49.17 and 49.18. The delegation of Commission authority would make the process more effective and efficient. o. SDR Chief Compliance Officer Duties--Proposed Amendment to Sec. 49.22(d)(4) The change to current Sec. 49.22(d)(4) is the removal of the word ``indemnification'' from the rule text. This is a conforming change to make the rule consistent with the FAST Act amendments. 3. Benefits At a high level regarding benefits, the rulemaking is expected to assist regulators in performing their supervisory and regulatory functions by providing them access to swap data, which would help regulators better understand the risks their regulated entities are assuming and the impact of such risks on the broader markets. These supervisory and regulatory functions may include: Monitoring and mitigation of systemic risk; ensuring financial stability; registration and oversight of financial market infrastructures; registration and oversight of trading venues; registration and oversight of market participants; central bank activities; prudential supervision; restructuring or resolution of infrastructures and firms; and regulation of cash markets, in some of which swap counterparties are active. A more granular benefit to regulators flows from the Commission's proposal to resolve a conflict or potential conflict between the Commission's Interpretative Statement and current Sec. 49.18(c). In the Interpretative Statement, the Commission took the view that other regulators who access swap data based on their own authority over SDRs are not subject to the swap data access-related provisions of the CEA. On the other hand, current Sec. 49.18(c) provides that such regulators are required to comply with CEA section 8 and any other relevant statutory confidentiality provisions. The Commission proposes to delete the statement in current Sec. 49.18(c) providing that other regulators are required to comply with CEA section 8 and any other relevant statutory [[Page 8384]] confidentiality provisions even when they access swap data based on their own authority over SDRs.\72\ Other regulators will benefit both from the clarity this action provides and by the greater ease of access to swap data within their jurisdiction. --------------------------------------------------------------------------- \72\ 17 CFR 49.18(c). --------------------------------------------------------------------------- 4. Costs The Commission recognizes that there are different types of costs associated with this proposed rulemaking. One cost is the potential harm to market participants and the public if swap data is misused--for example, inappropriately disclosed by ADRs and AFRs. Or, another harmful scenario might involve misappropriated data where hackers pilfer swap data from ADRs and AFRs to learn the positions of market participants so that the hackers, or other interested parties who may even pay for such information, scam the market. Such bad actors might be able to anticipate such market participants' trades and trade in front of them, raising swap trading costs to market participants, thereby reducing their profits.\73\ If the aforementioned scenario occurred frequently enough this might induce swap dealers to widen their spreads, making hedging more expensive. In turn, this might lead to sub-optimal business and investment strategies, as parties would be less willing to participate in swap markets, because it would be more costly. Further, the scenario posed could cause market participants to be concerned that their business strategies might be tipped to their competitors, because with stolen data, somebody might be able to infer their strategies from knowing their swap positions and how these positions change in response to relevant economic events.\74\ Such concerns could lead some market participants to withdraw to some extent from swap markets, reducing liquidity and potentially inducing them to use less effective hedging instruments or trading strategies in other markets. --------------------------------------------------------------------------- \73\ See, e.g., Registered Entity Cyber proposed rulemaking at 80141 (observing that ``there has . . . been a rise in attacks by . . . hacktivists . . . aimed at . . . [, among other things,] theft of data or intellectual property . . . .''); Id. at 80189 (Concurring Statement of Commissioner Bowen) (stating that ``our firms are facing an unrelenting onslaught of attacks from hackers with a number of motives ranging from petty fraud to international cyberwarfare.''). \74\ While the same risks of misuse and misappropriation exist with respect to swap data maintained at SDRs, SDRs are regulated, and subject to sanctions, by the Commission, whereas ADRs and AFRs are not. --------------------------------------------------------------------------- At a high level regarding costs to ADRs and AFRs, the less access to swap data granted to ADRs and AFRs, the less such swap data would help in performing ADRs' and AFRs' supervisory and other regulatory functions. Similarly, the more impediments to swap data access, the longer it would take ADRs and AFRs to use, or the less use ADRs and AFRs could make of, such swap data. At a more granular level, the Commission is proposing several new obligations applicable to foreign regulators and certain domestic regulators that will trigger costs for such regulators. The obligation for foreign regulators and unenumerated domestic regulators to apply for a Determination Order conferring AFR or ADR status so that such foreign regulators and unenumerated domestic regulators can receive access to SDR swap data will, at a minimum, require such applicants to dedicate personnel to drafting the application. Some applicants for ADR and AFR status may choose to retain outside counsel or another third party to draft the application, thereby incurring related costs. There also may be an additional cost associated with the complexity of the application because applicants for ADR and AFR status will have to explain their jurisdiction and link it to the sought swap data so that the Commission can provide swap data access parameters to SDRs in the Determination Orders.\75\ While applicants will need to expend resources developing their ``appropriateness'' applications, the Commission expects that the requirements and guidance it has provided in the proposed rulemaking should reduce such expenditures to a certain extent. Nonetheless, such expenditures will depend on the particulars of a given applicant. Because the Commission lacks sufficient knowledge of the specific characteristics of the applicants, among other things, the Commission is unable to quantify these expenditures at this time. --------------------------------------------------------------------------- \75\ Enumerated domestic regulators also will have to demonstrate to the Commission the scope of their jurisdiction so that SDRs will know the contours of the swap data access they can provide to enumerated domestic regulators. --------------------------------------------------------------------------- The proposed requirement in Sec. 49.18(a) that SDRs receive an executed confidentiality arrangement from an ADR or AFR before the SDR can provide the ADR or AFR swap data is based on a corresponding requirement set forth in CEA section 21(d) and will generate costs to ADRs and AFRs. CEA section 21(d) does not specify any details of the required written agreement other than that it must state that the ADR or AFR shall abide by CEA section 8's confidentiality requirements. The Commission, however, is proposing, in Appendix B to this part 49, to specify required elements as well as a form of confidentiality arrangement providing for ADRs and AFRs to implement a number of safeguards that would impose burdens on ADRs and AFRs. The confidentiality arrangement would include safeguards that: To the maximum extent practicable, maintain Confidential Information separately from other data and information; Protect Confidential Information from misappropriation and misuse; Ensure that only ADR or AFR personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto and that such access is permitted only to the minimum extent necessary to perform such job functions; Prevent disclosure of aggregated Confidential Information unless anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; Prohibit the use of Confidential Information by ADR or AFR personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose; Monitor compliance with the confidentiality safeguards and ensure prompt notification of the CFTC and each relevant SDR of any violation of the safeguards or failure to fulfill the terms of the confidentiality arrangement; Prohibit the onward sharing or disclosing of Confidential Information unless exempted in paragraphs 6(d) or 8 of the confidentiality arrangement; Notify the CFTC in writing prior to complying with any legally enforceable demand for Confidential Information and assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information; and Promptly destroy all Confidential Information for which an ADR or AFR no longer has a need or for which the information no longer falls within the scope of its jurisdiction, and certify to the CFTC, upon request, that the ADR or AFR has destroyed such Confidential Information. The Commission preliminarily believes that the monetary costs of these burdens would be minor, and the other costs of complying with these burdens, such as the costs to develop policies, [[Page 8385]] procedures and safeguards, are within the scope of ADRs' and AFRs' expertise.\76\ Given that ADRs and AFRs can elect not to seek access to swap data from SDRs and that ADRs and AFRs who do seek such access have some control over the manner in which they seek to access such swap data, ADRs and AFRs themselves can influence to some degree the costs they impose on themselves by seeking access to swap data from SDRs. --------------------------------------------------------------------------- \76\ The Commission believes that potential ADRs and AFRs would likely have established safeguards to protect sensitive data other than swap data and that such safeguards could be adapted to address the requirements of the proposed form of confidentiality arrangement without great cost. --------------------------------------------------------------------------- The proposed rulemaking would prohibit ADRs and AFRs from onward sharing Confidential Information with other parties. This could impose some costs in that ADRs and AFRs would not be able to freely share swap data among themselves. This could reduce the utility of the swap data to ADRs and AFRs, possibly reducing the effectiveness thereof. In addition, the fact that the Commission is proposing not to specify a particular means of ADRs and AFRs accessing swap data could result in SDRs providing a means of access other than a means preferred by ADRs and AFRs. This might impose additional costs to ADRs and AFRs relative to the potentially lesser costs of their preferred means of access. Because of these uncertainties, the Commission is unable to quantify these costs but is able to identify such costs generally. For SDRs, providing swap data access to so many potential ADRs and AFRs may be expensive. For example, SDRs may be forced to purchase new servers, hire new system administrators to oversee the new swap data/ system usage and troubleshoot related problems that may arise. New recordkeeping requirements would require more system resources. The proposed requirement to limit the swap data provided to ADRs and AFRs to only swap data that is within the scope of ADRs' and AFRs' jurisdiction may cause SDRs to elect to create new methods for parsing swap data to comply with the proposed requirement to so limit swap data. The proposed reporting obligations also will increase SDRs' costs, although to the extent that such reporting obligations are not triggered, such cost increases would be tempered accordingly. Nevertheless, SDRs presumably would need to incur some costs to develop policies and procedures, and build out systems, to monitor potential events that would trigger the proposed new reporting requirements. Other SDR costs will include those related to SDRs verifying that each access request by an ADR or AFR is within the scope of the ADR's or AFR's jurisdiction. This will require SDRs to expend resources to ensure that they do not improperly disclose to an ADR or AFR swap data that such ADR or AFR is not entitled to see, in violation of CEA section 21(c)(7)'s requirement that SDRs disclose swap data to ADRs and AFRs ``on a confidential basis pursuant to [CEA] section 8 . . . .'' \77\ By stating that SDRs shall not provide ADRs or AFRs with swap data access unless such swap data is within the scope of a requesting ADR's or AFR's jurisdiction as described and appended to the confidentiality arrangement required by proposed Sec. 49.18(a), proposed Sec. 49.17(d)(4)(iii) would narrow the scope of the sources SDRs must consult to determine the ADR's or AFR's scope of jurisdiction. The Commission anticipates that narrowing the scope of the sources that SDRs must review to determine an ADR's or AFR's scope of jurisdiction would limit the resources SDRs must expend to verify the scope of an ADR's or AFR's jurisdiction. The Commission also anticipates that lists of ADRs' and AFRs' regulated entities' legal entity identifiers (``LEIs'') and uniform product identifiers (``UPIs'') of swaps within the scope of ADRs' and AFRs' jurisdiction would limit the resources SDRs must expend to verify whether swap data access requests are within the scope of an ADR's or AFR's jurisdiction--if ADRs and AFRs choose to develop such lists--which the Commission anticipates they would. --------------------------------------------------------------------------- \77\ The need for these resource expenditures would flow from proposed Sec. 49.17(d)(4)(iii), which would preclude SDRs from granting ADRs or AFRs access to swap data unless the SDR has determined that such swap data is within the then-current scope of such ADRs' or AFRs' jurisdiction. --------------------------------------------------------------------------- The Commission understands that there are some blank data entries in LEI fields, however, despite the Commission having designated an LEI system in 2012, and masked LEIs in a number of cases to reflect certain other jurisdictions' privacy law limits on disclosure.\78\ In addition, UPIs are still evolving for many swap contracts. Specifically, UPIs are in widespread use for standardized swaps but less so for other swaps. In cases where there is no UPI for a class of swaps, Sec. 45.7(c)(2) requires SDRs to create a UPI for such class and requires SDRs, all other registered entities and swap counterparties to use such SDR UPI- equivalent contract identifiers to classify swaps. In such cases, ADRs and AFRs could use SDRs' UPI-equivalents to identify swaps within the scope of ADRs' and AFRs' jurisdiction. --------------------------------------------------------------------------- \78\ See, e.g., DMO No-Action Letter 16-03 (Jan. 15, 2016), available at https://www.cftc.gov/idc/groups/public/@lrlettergeneral/documents/letter/16-03.pdf, for further information regarding such privacy law restrictions. --------------------------------------------------------------------------- In general, the blank or masked LEI data fields and UPI limits discussed above would raise the costs for SDRs and potentially for ADRs and AFRs. Inadequate data fields and UPIs hinder SDRs' abilities to identify transactions and determine whether such transactions, in particular swap data, are within an ADR's or AFR's jurisdictional scope and interest. Even though the Commission believes these obstacles would increase costs, the Commission also believes that such costs are difficult to quantify at this time. The Commission specifically requests comment on this concern. Commenters are encouraged to quantify such costs, if practical. The Commission understands that lists of LEIs of ADRs' and AFRs' regulated entities and lists of UPIs or UPI- equivalents of swaps within ADRs' and AFRs' jurisdiction may have to be updated from time to time as regulated entities move in and out of ADRs' and AFRs' jurisdiction, ADRs' and AFRs' jurisdiction expands or contracts, swaps evolve, and new swaps are developed. In these cases, for example, an ADR or AFR likely would have to modify periodically the list of LEIs and UPIs it gives to SDRs. The proposal would further mitigate the costs to SDRs by permitting them to verify the scope of an ADR's or AFR's jurisdiction just once for a recurring request the details of which do not change. SDRs might incur additional costs, however, if the scope of jurisdiction changes for an ADR or AFR. Such additional costs include some fraction of the above costs as well as the cost to notify the Commission of the change in jurisdiction for the ADR or AFR. The Commission is proposing Appendix B to Part 49 to provide a form of confidentiality arrangement for execution by the Commission and by ADRs and AFRs seeking swap data access maintained by SDRs so that ADRs and AFRs can satisfy the confidentiality agreement requirement set forth in CEA Sec. 21(d). The Commission believes that this form would eliminate SDRs' costs and reduce ADRs' and AFRs' costs to negotiate the terms of such an arrangement relative to an alternative of negotiating and signing confidentiality arrangements with four separate SDRs. Otherwise, confidentiality arrangement costs could be substantial in terms of management [[Page 8386]] attention and expenditures.\79\ The Commission expects that reviewing and signing a confidentiality arrangement would not require substantial expenditures, but request public comments on such costs.\80\ Commenters are encouraged to quantify where practical. --------------------------------------------------------------------------- \79\ Nevertheless, proposed Sec. 49.18(a) would allow ADRs and AFRs to negotiate an alternative to the proposed form, provided that such alternative contains the elements required in proposed Sec. 49.18(b), which, in turn, requires that such alternative contain all the elements of the proposed form. \80\ The Commission has on occasion used the SIFMA Report on Management and Professional Earnings in the Securities Industry to estimate these kinds of costs. For instance, on page 279 of the SIFMA Report for 2013, the mean salary for a compliance attorney is $100,840 with an average bonus of $26,666. This gives $127,506 in average total compensation for a compliance attorney. This number is divided by 1,800 hours and multiplied by 5.35 to account for overhead to get approximately $379 per hour. Next, multiplying by 12,000 burden hours (from the Paperwork Reduction Act section of this release) results in approximately $4,500,000 in estimated costs. --------------------------------------------------------------------------- The Commission is proposing to permit SDRs to determine the means by which they will provide access to swap data to ADRs and AFRs. The Commission notes that SDRs already provide the Commission and the National Futures Association with data. Providing incremental access to ADRs and AFRs may permit SDRs to take advantage of economies of scale, thus mitigating SDRs' costs. The proposal would also mitigate SDRs' costs by permitting them to choose the means by which they will provide access to swap data to ADRs and AFRs. The Commission expects that SDRs would choose the lowest cost means of access consistent with their statutory obligation to provide ADRs and AFRs access to swap data and other constraints. The Commission cannot forecast what these costs would be at this time, however, because it depends on particulars of each SDR that the Commission does not know. Consequently, the Commission welcomes public comments on this requirement and how SDRs might satisfy this requirement. Commenters are encouraged to quantify where practical. CEA section 21(c)(7) requires SDRs to notify the Commission of requests for data from a particular ADR or AFR. Proposed Sec. 49.17(d)(4)(i) would reduce that burden by permitting SDRs to notify the Commission only of the first such request by each ADR or AFR and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. In addition to the foregoing, the Commission is proposing to amend current Sec. 49.17(d)(4)(i) to require SDRs to maintain records of all information related to the initial and all subsequent requests for data from the requesting entity. The SDR would have to maintain this information for the same period required for other SDR records. Although these costs may be relatively small, the Commission anticipates using such data to, for example, monitor ADRs' and AFRs' access requests from time to time to ensure that they remain within the scope of their jurisdiction and, relatedly, to ensure that SDRs have been monitoring this access issue. As one alternative to proposing comprehensive swap data safeguards, the Commission instead could have chosen to merely delete the indemnification references in its regulations. While that approach could have avoided imposing many of the costs to ADRs, AFRs, and SDRs related to protection of confidentiality discussed herein, it would have dramatically increased the risk of imposing on market participants and the public the costs discussed above in the first paragraph of this section IV.C.4. and below in section IV.C.5.a.-c., which the Commission preliminarily believes is inconsistent with the historical importance Congress and the Commission have placed on protecting information covered by CEA section 8. Consequently, the Commission has determined to take the proposed approach. 5. Consideration of CEA Section 15(a) Factors a. Protection of Market Participants and the Public The Commission is proposing a number of safeguards to prevent market participants' swap data maintained at SDRs from being misappropriated or misused, as discussed above. Those proposed safeguards include: Modifying the requirements for being an AFR; requiring both ADRs and AFRs to demonstrate the scope of their swap- data jurisdiction as a limit on the swap data to which an ADR or AFR may have access; having the Commission issue Determination Orders; imposing on ADRs and AFRs seeking access to swap data maintained by SDRs a number of required confidentiality safeguards; barring onward sharing of swap data; certain recordkeeping and reporting requirements; and ensuring the Commission's ability to revoke an ADR's or AFR's swap data access. Some market participants, and the public, could be harmed if market participants' proprietary swap data were misappropriated or misused. As detailed above in the ``Cost'' discussion, there is the potential harm that misappropriated swap data could be used to front run market participants whose swap data were misappropriated, raising their costs of completing swap transactions. More specifically, spreads could widen, which could deter some market participants from engaging in swap transactions trading and prevent prices from adjusting as quickly. Another possible misuse of market participants' swap data is if those who obtained misappropriated swap data were to reverse engineer the trading strategies of the market participants whose data were misappropriated and use such strategies, potentially undermining their efficacy. b. Efficiency, Competitiveness, and Financial Integrity of Futures Markets The Commission believes that there will be little effect on efficiency, competiveness, and financial integrity of futures markets if swap data is properly protected from being misappropriated or misused. If swap data is not properly protected, however, competition might be affected, in that market participants might be less willing to engage in swap transactions if parties are trading in front of them, raising their costs, or misappropriating their trading strategies, lowering such strategies' effectiveness. This could induce some swap dealers to charge higher fees (explicitly or implicitly) for their services and otherwise reduce profits. Such concerns may also encourage market participants to increase their use of futures contracts relative to swaps, because futures position data may be better protected. c. Price Discovery The Commission believes that price discovery would not be affected by this proposed rulemaking. There may be some indirect effects on price discovery if the safeguards in this proposed rulemaking prove ineffective, however. Price discovery could be negatively impacted if position data is misappropriated or misused to the disadvantage of some participants. For instance, as previously explained, some market participants might withdraw from swaps markets if they fear that their position data will be misappropriated or misused. This could lead to less frequent trading as well as reduced liquidity in swap markets. Furthermore, spreads could widen due to front-running concerns, which could make prices more volatile and harm price discovery. [[Page 8387]] d. Sound Risk Management Practices This proposed rulemaking will help regulators better understand the risks posed by their regulated entities. Without swaps data, it is impossible to comprehensively supervise entities that engage in swap trading. In this way, the proposed rulemaking helps to mitigate systemic risk. Allowing more ADRs and AFRs to access SDR swap data establishes the potential to improve SDR data by potentially facilitating research and analysis that ultimately leads to better risk management by market participants. This can occur through academic research that influences market participants to improve their risk management based on the research, or by ADRs and AFRs asserting their authority over their regulated entities to compel them to improve their swap data reporting and risk management. e. Other Public Interest Considerations The Commission does not believe that there are any other public interest considerations with respect to this proposed rulemaking. 6. Request for Comment The Commission requests comment on all aspects of its cost and benefit considerations. Commenters are encouraged to quantify their comments, if practical. D. Antitrust Considerations CEA section 15(b) requires the Commission to take into consideration the public interest to be protected by the antitrust laws and endeavor to take the least anticompetitive means of achieving the objectives of the CEA, in issuing any order or adopting any Commission rule or regulation. The Commission does not anticipate that the proposed amendments to part 49 will result in anticompetitive behavior. However, because the proposed amendments affect existing SDR procedures relating to data reporting validation and data accuracy, the Commission encourages comments from the public on any aspect of the proposal that may have the potential to be inconsistent with the antitrust laws or be anticompetitive in nature. List of Subjects in 17 CFR Part 49 Access to swap data; Commodity Exchange Act section 8; Confidentiality; Registration and regulatory requirements; Swap data repositories. For the reasons stated in the preamble, the Commodity Futures Trading Commission proposes to amend 17 CFR part 49 as set forth below: PART 49--SWAP DATA REPOSITORIES 0 1. The authority citation for part 49 is revised to read as follows: Authority: 7 U.S.C. 12a and 24a, unless otherwise noted. 0 2. In Sec. 49.2, revise paragraph (a)(5) to read as follows: Sec. 49.2 Definitions. (a) * * * (5) Foreign Regulator. The term ``foreign regulator'' means a foreign futures authority as defined in Section 1a(26) of the Act, foreign financial supervisors, foreign central banks, foreign ministries and other foreign authorities. * * * * * 0 3. In Sec. 49.9, revise paragraph (a)(9) to read as follows: Sec. 49.9 Duties of registered swap data repositories. (a) * * * (9) Upon request of Appropriate Domestic Regulators and Appropriate Foreign Regulators, provide access to swap data held and maintained by the swap data repository, as prescribed in Sec. 49.17; * * * * * 0 4. Amend Sec. 49.17 as follows: 0 a. Revise paragraphs (a), (b)(1)(vii), (b)(2), (c)(2) and (c)(3), (d)(2) through (d)(6), and (e) and (f); and 0 b. Add paragraphs (h) and (i). The revisions and additions to read as follows: Sec. 49.17 Access to SDR data. (a) Purpose. This section provides a procedure by which the Commission, other domestic regulators and foreign regulators may obtain access to the swap data held and maintained by registered swap data repositories. Except as specifically set forth in this section, the Commission's duties and obligations regarding the confidentiality of business transactions or market positions of any person and trade secrets or names of customers identified in Section 8 of the Act are not affected. (b) * * * (1) * * * (vii) Any other person the Commission determines to be appropriate pursuant to the process set forth in Sec. 49.17(h). (2) Appropriate Foreign Regulator. The term ``Appropriate Foreign Regulator'' shall mean those Foreign Regulators the Commission determines to be appropriate pursuant to the process set forth in Sec. 49.17(h). * * * * * (c) * * * (2) Monitoring tools. A registered swap data repository is required to provide the Commission with proper tools for the monitoring, screening and analyzing of swap data, including, but not limited to, Web-based services, services that provide automated transfer of data to Commission systems, various software and access to the staff of the swap data repository and/or third-party service providers or agents familiar with the operations of the registered swap data repository, which can provide assistance to the Commission regarding data structure and content. These monitoring tools shall be substantially similar in analytical capability as those provided to the compliance staff and the Chief Compliance Officer of the swap data repository. (3) Authorized users. The swap data provided to the Commission by a registered swap data repository shall be accessible only by authorized users. The swap data repository shall maintain and provide a list of authorized users in the manner and frequency determined by the Commission. (d) * * * (2) Domestic regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with a domestic regulator pursuant to a separate statutory authority, and such domestic regulator seeks access to swap data that has been reported to such swap data repository pursuant to the domestic regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, or of Sec. Sec. 49.17(d) or 49.18. (3) Foreign Regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with, or recognized or otherwise authorized by, a Foreign Regulator that has supervisory authority over such swap data repository pursuant to foreign law and/or regulation, and such Foreign Regulator seeks access to swap data that has been reported to such swap data repository pursuant to the Foreign Regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, or of Sec. Sec. 49.17(d) or 49.18. (4) Obligations of the registered swap data repository in connection with appropriate domestic regulator or appropriate foreign regulator requests for data access. (i) A registered swap data repository shall notify the [[Page 8388]] Commission promptly after receiving an initial request from an Appropriate Domestic Regulator or Appropriate Foreign Regulator to gain access to swap data maintained by such swap data repository and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction, as described and appended to the confidentiality arrangement required by Sec. 49.18(a). Each registered swap data repository shall maintain records thereafter, pursuant to Sec. 49.12, of the details of such initial request and of all subsequent requests by such Appropriate Domestic Regulator or Appropriate Foreign Regulator for such access. (ii) The registered swap data repository shall notify the Commission electronically, in a format specified by the Secretary of the Commission, of the receipt of a request specified in Sec. 49.17(d)(4)(i). (iii) The registered swap data repository shall not provide an Appropriate Domestic Regulator or Appropriate Foreign Regulator access to swap data maintained by the swap data repository unless the swap data repository has determined that the swap data to which the Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks access is within the then-current scope of such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by Sec. 49.18(a). An Appropriate Domestic Regulator or Appropriate Foreign Regulator that has executed a confidentiality arrangement with the Commission pursuant to Sec. 49.18(a) and provided such confidentiality arrangement to one or more swap data repositories shall notify the Commission and each such swap data repository of any change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction as described in such confidentiality arrangement. The Commission may direct a swap data repository to suspend, limit, or revoke access to swap data maintained by such swap data repository based on any such change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction, and, if so directed, such swap data repository shall so suspend, limit, or revoke such access. (iv) The registered swap data repository need not make the determination required pursuant to Sec. 49.17(d)(4)(iii) more than once with respect to a recurring swap data request. If such request changes, the swap data repository must make a new determination pursuant to Sec. 49.17(d)(4)(iii). (5) Timing; limitation, suspension or revocation of swap data access. Once a registered swap data repository has-- (i) Notified the Commission, pursuant to Sec. 49.17(d)(4)(i) and (ii), of an initial request for swap data access by an Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, that was submitted pursuant to Sec. 49.17(d)(1); (ii) Received from such Appropriate Domestic Regulator or Appropriate Foreign Regulator a confidentiality arrangement executed by the Commission and such Appropriate Domestic Regulator or Appropriate Foreign Regulator as required by Sec. 49.18(a); and (iii) Satisfied its obligations under Sec. 49.17(d)(4)(iii), such swap data repository shall provide access to the requested swap data; provided, however, that such swap data repository shall, as directed by the Commission, limit, suspend or revoke such access should the Commission limit, suspend or revoke the appropriateness determination for such Appropriate Domestic Regulator or Appropriate Foreign Regulator or otherwise direct the swap data repository to limit, suspend or revoke such access. (6) Confidentiality arrangement. Consistent with Sec. 49.18(a), the Appropriate Domestic Regulator or Appropriate Foreign Regulator shall, prior to receiving access to any requested swap data, execute a confidentiality arrangement with the Commission consistent with the requirements set forth in Sec. 49.18(b). (e) Third-party service providers to a registered swap data repository. Access to the swap data and information maintained by a registered swap data repository may be necessary for certain third parties that provide various technology and data-related services to a registered swap data repository. Third-party access to the swap data and information maintained by a swap data repository is permissible subject to the following conditions: (1) Both the registered swap data repository and the third party service provider shall have strict confidentiality procedures that protect swap data and information from improper disclosure. (2) Prior to a registered swap data repository granting access to swap data or information to a third-party service provider, the third- party service provider and the registered swap data repository shall execute a confidentiality agreement setting forth minimum confidentiality procedures and permissible uses of the swap data and information maintained by the swap data repository that are equivalent to the privacy procedures for swap data repositories outlined in Sec. 49.16. (f) Access by market participants--(1) General. Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in Sec. 49.17(f)(2). (2) Exception. Swap data and information related to a particular swap that is maintained by the registered swap data repository may be accessed by either counterparty to that particular swap. However, the swap data and information maintained by the registered swap data repository that may be accessed by either counterparty to a particular swap shall not include the identity or the legal entity identifier (as such term is used in part 45 of this chapter) of the other counterparty to the swap, or the other counterparty's clearing member for the swap, if the swap is executed anonymously on a swap execution facility or designated contract market, and cleared in accordance with Commission regulations in Sec. Sec. 1.74, 23.610, and 37.12(b)(7) of this chapter. * * * * * (h) Appropriateness determination process. (1) Each person seeking an appropriateness determination pursuant to this paragraph shall file an application with the Commission. (2) Each applicant seeking an appropriateness determination shall provide sufficient detail in its application to permit the Commission to analyze whether the applicant is acting within the scope of its jurisdiction in seeking access to swap data maintained by a registered swap data repository, and whether the applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not, except as allowed for in the form of confidentiality arrangement set forth in Appendix B of this part, be disclosed. (3) If the Commission determines that an applicant pursuant to this paragraph is, conditionally or unconditionally, appropriate for purposes of CEA section 21(c)(7), the Commission shall issue an order setting forth its appropriateness determination. The Commission shall not determine that an applicant pursuant to this paragraph is appropriate unless the Commission is satisfied that-- (i) The applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository [[Page 8389]] will not be disclosed, except as allowed for in the form of confidentiality arrangement set forth in Appendix B of this part and (ii) Such applicant is acting within the scope of its jurisdiction in seeking access to swap data from a registered swap data repository. (4) The Commission reserves the right, in connection with any appropriateness determination with respect to an Appropriate Domestic Regulator or Appropriate Foreign Regulator, to revisit, reassess, limit, suspend or revoke such determination consistent with the Act. (i) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section. (2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (i)(1) of this section to the Commission for its consideration. (3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (i)(1) of this section. 0 5. Revise Sec. 49.18 to read as follows: Sec. 49.18 Confidentiality arrangement. (a) Confidentiality arrangement required prior to disclosure of swap data by a registered swap data repository to an Appropriate Domestic Regulator or Appropriate Foreign Regulator. Prior to a registered swap data repository providing access to swap data to any Appropriate Domestic Regulator or Appropriate Foreign Regulator, each as defined in Sec. 49.17(b), the swap data repository shall receive, pursuant to Section 21(d) of the Act, an executed confidentiality arrangement between the Commission and the Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, in the form set forth in Appendix B of this part or, at a minimum, containing the elements required in paragraph (b) of this section, from such Appropriate Domestic Regulator or Appropriate Foreign Regulator. Such confidentiality arrangement must include, either as Exhibit A to the form set forth in Appendix B of this part or similarly appended, a description of the Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction. Once a registered swap data repository is notified that a confidentiality arrangement received from an Appropriate Domestic Regulator or Appropriate Foreign Regulator no longer is in effect, the swap data repository shall not provide access to swap data to such Appropriate Domestic Regulator or Appropriate Foreign Regulator. (b) Elements of confidentiality arrangement. The confidentiality arrangement required pursuant to paragraph (a) of this section shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in Appendix B of this part. (c) Reporting failures to fulfill the terms of a confidentiality arrangement. A registered swap data repository shall immediately report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that it receives pursuant to paragraph (a) of this section. (d) Failures to fulfill the terms of the confidentiality arrangement. The Commission may, if an Appropriate Domestic Regulator or Appropriate Foreign Regulator fails to fulfill the terms of a confidentiality arrangement described in paragraph (a) of this section, direct each registered swap data repository to limit, suspend or revoke such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's access to swap data held by such swap data repository. (e) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section. (2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (e)(1) of this section to the Commission for its consideration. (3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (e)(1) of this section. 0 6. In Sec. 49.22, revise paragraph (d)(4) to read as follows: Sec. 49.22 Chief compliance officer. * * * * * (d) * * * (4) Taking reasonable steps to ensure compliance with the Act and Commission regulations in this chapter relating to agreements, contracts, or transactions, and with Commission regulations in this chapter under Section 21 of the Act, including confidentiality arrangements received by the chief compliance officer's registered swap depository pursuant to Sec. 49.18(a); * * * * * 0 7. Add Appendix B to part 49, to read as follows: Appendix B to Part 49--Confidentiality Arrangement for Appropriate Domestic Regulators and Appropriate Foreign Regulators To Obtain Access To Swap Data Maintained by Registered Swap Data Repositories Pursuant to Sec. Sec. 49.17(d)(6) and 49.18(a) [[Page 8390]] [GRAPHIC] [TIFF OMITTED] TP25JA17.088 The U.S. Commodity Futures Trading Commission (``CFTC'') and the [name of foreign/domestic regulator (``ABC'')] (each an ``Authority'' and collectively the ``Authorities'') have entered into this Confidentiality Arrangement (``Arrangement'') in connection with [whichever is applicable] [CFTC Regulation 49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to [ABC] (``Order'')] and any request for swap data by [ABC] to any swap data repository (``SDR'') registered with the CFTC. Article One: General Provisions 1. ABC is permitted to request and receive swap data directly from a registered SDR (``Swap Data'') on the terms and subject to the conditions of this Arrangement. 2. This Arrangement is entered into to fulfill the requirements under Section 21(d) of the Commodity Exchange Act (``Act'') and CFTC Regulation 49.18. Upon receipt by a registered SDR, this Arrangement will satisfy the requirement for a written agreement pursuant to Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This Arrangement does not apply to information that is [reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with [ABC] pursuant to separate statutory authority, even if such information also is reported pursuant to the Act and CFTC regulations][reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with, or recognized or otherwise authorized by, [ABC], which has supervisory authority over the repository pursuant to foreign law and/or regulation, even if such information also is reported pursuant to the Act and CFTC regulations.] \1\ --------------------------------------------------------------------------- \1\ The first bracketed paragraph will be used for ADRs; the second will be used for AFRs. The inapplicable paragraph will be deleted. --------------------------------------------------------------------------- 3. This Arrangement is not intended to limit or condition the discretion of an Authority in any way in the discharge of its regulatory responsibilities or to prejudice the individual responsibilities or autonomy of any Authority. 4. This Arrangement does not alter the terms and conditions of any existing arrangements. Article Two: Confidentiality of Swap Data 5. ABC will be acting within the scope of its jurisdiction in requesting Swap Data and employs procedures to maintain the confidentiality of Swap Data and any information and analyses derived therefrom (collectively, the ``Confidential Information''). ABC undertakes to notify the CFTC and each relevant SDR promptly of any change to ABC's scope of jurisdiction. 6. ABC undertakes to treat Confidential Information as confidential and will employ safeguards that: a. To the maximum extent practicable, identify the Confidential Information and maintain it separately from other data and information; b. Protect the Confidential Information from misappropriation and misuse; c. Ensure that only authorized ABC personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto, and that such access is permitted only to the extent necessary to perform their job functions related to such particular Confidential Information; d. Prevent the disclosure of aggregated Confidential Information; provided, however, that ABC is permitted to disclose any sufficiently aggregated Confidential Information that is anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; e. Prohibit use of the Confidential Information by ABC personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose; and f. Include a process for monitoring compliance with the confidentiality safeguards described herein and for promptly notifying the CFTC, and each SDR from which ABC has received Swap Data, of any violation of such safeguards or failure to fulfill the terms of this Arrangement. 7. Except as provided in Paragraphs 6.d. and 8, ABC will not onward share or otherwise disclose any Confidential Information. 8. ABC undertakes that: a. If a department, central bank, or agency of the Government of the United States, it will not disclose Confidential Information except in an action or proceeding under the laws of the United States to which it, the CFTC, or the United States is a party; b. If a department or agency of a State or political subdivision thereof, it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the Act or the laws of [name of either the State or the State and political subdivision] to which it is a party; or c. If a foreign futures authority or a department, central bank, ministry, or agency of a foreign government or subdivision thereof, or any other Foreign Regulator, as defined in Commission Regulation 49.2(a)(5), it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the laws of [name of country, political subdivision, or (if a supranational organization) supranational lawmaking body] to which it is a party. 9. Prior to complying with any legally enforceable demand for Confidential Information, ABC will notify the CFTC of such demand in writing, assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information. 10. ABC acknowledges that, if it does not fulfill the terms of this Arrangement, the CFTC may direct any registered SDR to suspend or revoke ABC's access to Swap Data. 11. ABC will comply with all applicable security-related requirements imposed by an SDR in connection with access to Swap Data maintained by the SDR, as such requirements may be revised from time to time. 12. ABC will promptly destroy all Confidential Information for which it no longer has a need or which no longer falls within the scope of its jurisdiction, and will certify to the CFTC, upon request, that ABC has destroyed such Confidential Information. Article Three: Administrative Provisions 13. This Arrangement may be amended with the written consent of the Authorities. 14. The text of this Arrangement will be executed in English, and may be made available to the public. 15. On the date this Arrangement is signed by the Authorities, it will become effective and may be provided to any registered SDR that holds and maintains Swap Data that falls within the scope of ABC's jurisdiction. [[Page 8391]] 16. This Arrangement will expire 30 days after any Authority gives written notice to the other Authority of its intention to terminate the Arrangement. In the event of termination of this Arrangement, Confidential Information will continue to remain confidential and will continue to be covered by this Arrangement. This Arrangement is executed in duplicate, this ___day of ___. ----------------------------------------------------------------------- [name of Chairman] Chairman U.S. Commodity Futures Trading Commission ----------------------------------------------------------------------- [name of signatory] [title] [name of foreign/domestic regulator] [Exhibit A: Description of Scope of Jurisdiction. If ABC is not enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach the Determination Order received from the Commission pursuant to Commission Regulation 49.17(h). If ABC is enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a sufficiently detailed description of the scope of ABC's jurisdiction as it relates to Swap Data maintained by SDRs.] Issued in Washington, DC, on January 13, 2017, by the Commission. Christopher J. Kirkpatrick, Secretary of the Commission. Note: The following appendices will not appear in the Code of Federal Regulations. Appendices to Proposed Amendments to the Swap Data Access Provisions of Part 49 and Certain Other Matters--Commission Voting Summary and Chairman's Statement Appendix 1--Commission Voting Summary On this matter, Chairman Massad and Commissioners Bowen and Giancarlo voted in the affirmative. No Commissioner voted in the negative. Appendix 2--Statement of Chairman Timothy G. Massad The increased reporting of data on swaps transactions is an important reform of the derivatives markets agreed to by the G20 leaders in 2009. Today, thanks to this reporting, regulators across the globe are in a better position to assess exposures and risks related to this market. Because of the global nature of the market, it is critical for regulators to be able to share information, subject to appropriate confidentiality and other protections. That's why I am pleased we are issuing this proposal, which will make it easier for other regulators, both domestic and foreign, to gain access to swap data repository (SDR) swap data. The proposal would conform our rules to various changes Congress made in the law and provide a process for sharing of information. Among other things, Congress removed a requirement that another regulator must indemnify both the Commission and the swap data repository for expenses related to litigation before data could be shared. To date, no domestic or foreign regulator has provided such an indemnification. Today's proposal removes this requirement in the CFTC's own rules, makes other changes consistent with Congressional action, and creates a process for when and how other regulators gain access to SDR information that will protect confidentiality. I thank my fellow Commissioners Bowen and Giancarlo for their unanimous support for this proposal. I also thank the hardworking CFTC staff for all their efforts. [FR Doc. 2017-01287 Filed 1-24-17; 8:45 am] BILLING CODE 6351-01-P
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.