Self-Regulatory Organizations; The Depository Trust Company; Fixed Income Clearing Corporation; National Securities Clearing Corporation; Notice of Filings of Proposed Rule Changes To Adopt the Clearing Agency Operational Risk Management Framework, 37942-37946 [2017-17043]
Download as PDF
<![CDATA[
37942
Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices
Paper Comments
the marketplace for violations of
Exchange Rules. The ORF assists the
Exchange to fund the cost of this
regulation of the marketplace.
• Send paper comments in triplicate
to Secretary, Securities and Exchange
Commission, 100 F Street NE.,
Washington, DC 20549–1090.
B. Self-Regulatory Organization’s
Statement on Burden on Competition
The Exchange does not believe that
the proposed rule change will impose
any burden on competition not
necessary or appropriate in furtherance
of the purposes of the Act. The ORF is
not intended to have any impact on
competition. Rather, it is designed to
enable the Exchange to recover a
material portion of the Exchange’s cost
related to its regulatory activities. The
Exchange is obligated to ensure that the
amount of regulatory revenue collected
from the ORF, in combination with its
other regulatory fees and fines, does not
exceed regulatory costs.
C. Self-Regulatory Organization’s
Statement on Comments on the
Proposed Rule Change Received From
Members, Participants, or Others
No written comments were either
solicited or received.
III. Date of Effectiveness of the
Proposed Rule Change and Timing for
Commission Action
The foregoing rule change has become
effective pursuant to Section
19(b)(3)(A)(ii) of the Act.15 At any time
within 60 days of the filing of the
proposed rule change, the Commission
summarily may temporarily suspend
such rule change if it appears to the
Commission that such action is: (i)
necessary or appropriate in the public
interest; (ii) for the protection of
investors; or (iii) otherwise in
furtherance of the purposes of the Act.
If the Commission takes such action, the
Commission shall institute proceedings
to determine whether the proposed rule
should be approved or disapproved.
IV. Solicitation of Comments
Interested persons are invited to
submit written data, views, and
arguments concerning the foregoing,
including whether the proposed rule
change is consistent with the Act.
Comments may be submitted by any of
the following methods:
All submissions should refer to File No.
SR–ISE–2017–71. This file number
should be included on the subject line
if email is used. To help the
Commission process and review your
comments more efficiently, please use
only one method. The Commission will
post all comments on the Commission’s
Internet Web site (https://www.sec.gov/
rules/sro.shtml). Copies of the
submission, all subsequent
amendments, all written statements
with respect to the proposed rule
change that are filed with the
Commission, and all written
communications relating to the
proposed rule change between the
Commission and any person, other than
those that may be withheld from the
public in accordance with the
provisions of 5 U.S.C. 552, will be
available for Web site viewing and
printing in the Commission’s Public
Reference Room, 100 F Street NE.,
Washington, DC 20549, on official
business days between the hours of
10:00 a.m. and 3:00 p.m. Copies of the
filing also will be available for
inspection and copying at the principal
office of the Exchange. All comments
received will be posted without change;
the Commission does not edit personal
identifying information from
submissions. You should submit only
information that you wish to make
available publicly. All submissions
should refer to File No. SR–ISE–2017–
71, and should be submitted on or
before September 5, 2017.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.16
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2017–17050 Filed 8–11–17; 8:45 am]
BILLING CODE 8011–01–P
sradovich on DSK3GMQ082PROD with NOTICES
Electronic Comments
• Use the Commission’s Internet
comment form (https://www.sec.gov/
rules/sro.shtml); or
• Send an email to rule-comments@
sec.gov. Please include File No. SR–ISE–
2017–71 on the subject line.
15 15
U.S.C. 78s(b)(3)(A)(ii).
VerDate Sep<11>2014
16:45 Aug 11, 2017
[Release No. 34–81338; File Nos. SR–DTC–
2017–014; SR–FICC–2017–017; SR–NSCC–
2017–013]
Self-Regulatory Organizations; The
Depository Trust Company; Fixed
Income Clearing Corporation; National
Securities Clearing Corporation;
Notice of Filings of Proposed Rule
Changes To Adopt the Clearing
Agency Operational Risk Management
Framework
August 8, 2017.
Pursuant to Section 19(b)(1) of the
Securities Exchange Act of 1934, as
amended (‘‘Act’’) 1 and Rule 19b–4
thereunder,2 notice is hereby given that
on July 25, 2017, The Depository Trust
Company (‘‘DTC’’), Fixed Income
Clearing Corporation (‘‘FICC’’), and
National Securities Clearing Corporation
(‘‘NSCC,’’ and together with DTC and
FICC, the ‘‘Clearing Agencies’’) filed
with the Securities and Exchange
Commission (‘‘Commission’’) the
proposed rule changes as described in
Items I and II below, which Items have
been prepared primarily by the Clearing
Agencies. The Commission is
publishing this notice to solicit
comments on the proposed rule changes
from interested persons.
DATE:
I. Clearing Agencies’ Statement of the
Terms of Substance of the Proposed
Rule Changes
The proposed rule changes would
adopt the Clearing Agency Operational
Risk Management Framework
(‘‘Framework’’) of the Clearing
Agencies, described below. The
Framework would apply to both of
FICC’s divisions, the Government
Securities Division (‘‘GSD’’) and the
Mortgage-Backed Securities Division
(‘‘MBSD’’). The Framework would be
maintained by the Clearing Agencies to
support their compliance with Rule
17Ad–22(e)(17) under the Act, as
described below.3
Although the Clearing Agencies
would consider the Framework to be a
rule, the proposed rule changes do not
require any changes to the Rules, Bylaws and Organization Certificate of
DTC (‘‘DTC Rules’’), the Rulebook of
GSD (‘‘GSD Rules’’), the Clearing Rules
of MBSD (‘‘MBSD Rules’’), or the Rules
& Procedures of NSCC (‘‘NSCC Rules’’),
as the Framework would be a
standalone document.4
1 15
U.S.C. 78s(b)(1).
CFR 240.19b–4.
3 17 CFR 240.17Ad–22(e)(17).
4 Capitalized terms not defined herein are defined
in the DTC Rules, GSD Rules, MBSD Rules, or
2 17
16 17
Jkt 241001
SECURITIES AND EXCHANGE
COMMISSION
PO 00000
CFR 200.30–3(a)(12).
Frm 00104
Fmt 4703
Sfmt 4703
E:\FR\FM\14AUN1.SGM
14AUN1
Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices
II. Clearing Agencies’ Statement of the
Purpose of, and Statutory Basis for, the
Proposed Rule Changes
In their filings with the Commission,
the Clearing Agencies included
statements concerning the purpose of
and basis for the proposed rule changes
and discussed any comments they
received on the proposed rule changes.
The text of these statements may be
examined at the places specified in Item
IV below. The Clearing Agencies have
prepared summaries, set forth in
sections A, B, and C below, of the most
significant aspects of such statements.
(A) Clearing Agencies’ Statement of the
Purpose of, and Statutory Basis for, the
Proposed Rule Changes
1. Purpose
The Clearing Agencies are proposing
to adopt the Framework, which would
describe the manner in which each of
the Clearing Agencies manages
operational risk, which is defined by the
Clearing Agencies in the Framework as
the risk of direct or indirect loss or
reputational harm resulting from an
event, internal or external, that is the
result of inadequate or failed processes,
people, and systems (‘‘Operational
Risk’’). As described in more detail
below, the Framework would set forth
the manner in which the Clearing
Agencies (1) generally manage
Operational Risk; (2) more specifically
manage their information technology
risks; and (3) more specifically manage
their business continuity risks. The
processes and systems described in the
Framework, and any policies,
procedures or other documents created
to support those processes, support the
Clearing Agencies’ compliance with the
requirements of Rule 17Ad–22(e)(17).5
The Framework would be maintained
by the DTCC Operational Risk
Management group (‘‘ORM’’), on behalf
of the Clearing Agencies.6
sradovich on DSK3GMQ082PROD with NOTICES
Operational Risk Management
The Framework would describe how
the Clearing Agencies generally manage
their Operational Risks. The Framework
would describe how ORM is specifically
charged with establishing appropriate
systems, policies, procedures, and
controls to enable management to
NSCC Rules, as applicable, available at https://
dtcc.com/legal/rules-and-procedures.
5 17 CFR 240.17Ad–22(e)(17).
6 The parent company of the Clearing Agencies is
The Depository Trust & Clearing Corporation
(‘‘DTCC’’). DTCC operates on a shared services
model with respect to the Clearing Agencies. Most
corporate functions are established and managed on
an enterprise-wide basis pursuant to intercompany
agreements under which it is generally DTCC that
provides a relevant service to a Clearing Agency.
VerDate Sep<11>2014
16:45 Aug 11, 2017
Jkt 241001
identify plausible sources of
Operational Risk in order to mitigate
their impact to the Clearing Agencies,
including through the Risk Tolerance
Statements and Risk Profiles, as
described below.
The Framework would describe how
the Clearing Agencies identify key risks
and set metrics to categorize such risks
(from ‘‘no impact’’ to ‘‘severe impact’’)
through ‘‘Risk Tolerance Statements.’’
The Framework would describe how the
Risk Tolerance Statements document
the overall risk reduction or mitigation
objectives for the Clearing Agencies
with respect to identified risks to the
Clearing Agencies. The Framework
would also describe how the Risk
Tolerance Statements document the risk
controls and other measures used to
manage such identified risks, including
escalation requirements in the event of
risk metric breaches. The Framework
would state that each Risk Tolerance
Statement is reviewed, revised, updated,
and/or created, as necessary, by ORM on
an annual basis.
The Framework would also describe
how the Clearing Agencies monitor key
risks, including Operational Risk,
through ‘‘Risk Profiles,’’ which
document the assessment of risk for
each of the Clearing Agencies’
businesses and support areas (each a
‘‘Clearing Agency Business’’ and/or
‘‘Clearing Agency Support Area’’). The
risk assessment documented in these
profiles includes (1) identification and
assessment of inherent risk, which is
risk without any mitigating controls; (2)
identification of existing controls, and,
as appropriate, any new additional
controls, and evaluation of the same risk
against the strength of such controls;
and (3) identification of any residual
risk and a determination to either
further mitigate such risk or accept such
risk by the applicable Clearing Agency
Business or Clearing Agency Support
Area.
The Framework would also provide a
description of the responsibilities of
ORM, which is a part of the second line
of defense within the Clearing Agencies’
Three Lines of Defense approach to risk
management.7 The Framework would
7 The Three Lines of Defense approach to risk
management identifies the roles and responsibilities
of different Clearing Agency Businesses or Clearing
Agency Support Areas in identifying, assessing,
measuring, monitoring, mitigating, and reporting
certain key risks faced by the Clearing Agencies.
The Three Lines of Defense approach is more fully
described in a separate framework, the Clearing
Agency Risk Management Framework, maintained
by the DTCC General Counsel’s Office. See SR–
DTC–2017–013, SR–FICC–2017–016, SR–NSCC–
2017–012, which was filed with the Commission
but has not yet been published in the Federal
Register. A copy of these proposed rule change
PO 00000
Frm 00105
Fmt 4703
Sfmt 4703
37943
identify some of those responsibilities
as including, for example, management
of the Risk Tolerance Statements and
working with the Clearing Agency
Businesses and Clearing Agency
Support Areas to create and monitor
Risk Profiles.
Information Technology Risk
The Framework would describe how
the Clearing Agencies address
information technology risks. The
Framework would state that the DTCC
Technology Risk Management group
(‘‘TRM’’), on behalf of the Clearing
Agencies, is responsible for establishing
appropriate programs, policies,
procedures, and controls with respect to
the Clearing Agencies’ information
technology risks to help management
ensure that systems have a high degree
of security, resiliency, operational
reliability, and adequate, scalable
capacity. The Framework would
identify some of the recognized
information technology standards that
may be used by TRM, as applicable, in
support of executing its responsibilities.
The Framework would also identify
some of TRM’s responsibilities, which
include, for example, (1) performing risk
assessments to, among other things,
facilitate the determination of the
Clearing Agencies’ investment and
remediation priorities; (2) facilitating
annual mandatory and periodic
information security awareness,
education, training, and communication
to personnel of Clearing Agency
Businesses and Clearing Agency
Support Areas and relevant external
parties; and (3) creating, implementing,
and managing certain programs,
including programs that (i) address
information security throughout a
system’s lifecycle, (ii) facilitate
compliance with evolving and
established regulatory rules and
guidelines that govern protection of the
information assets of the Clearing
Agencies and their participants, (iii)
identify, prioritize, and manage the
level of cyber threats to the Clearing
Agencies, and (iv) assure that access to
Clearing Agency information assets is
appropriately authorized and
authenticated based on current business
need.
The Framework would state that
TRM’s risk strategy is closely aligned to
the Clearing Agencies’ business drivers
and future strategic direction, such that
efforts to achieve information security
threat mitigation objectives, resiliency
of infrastructure supporting Clearing
Agency critical business applications,
filings is available at https://www.dtcc.com/legal/
sec-rule-filings.
E:\FR\FM\14AUN1.SGM
14AUN1
37944
Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices
sradovich on DSK3GMQ082PROD with NOTICES
and operational reliability are
prioritized. The Framework would state
this is also accomplished through
TRM’s early and consistent involvement
in initiatives to develop new products
and systems. The Framework would
state that, by involving TRM from the
initial planning phase, through the
design, build and operative phases of
those initiatives, resiliency, operational
effectiveness, reliability, and availability
requirements are addressed and
incorporated into design and execution
from both a technology and cyber
security perspective.
The Framework would also describe
the Clearing Agencies’ security strategy
and defense, and would state that the
Clearing Agencies’ network security
framework and preventive controls are
designed to support a reliable and
robust tiered security strategy and
defense. These controls include modern
and technically advanced security
firewalls, intrusion detection, system
and data monitoring, and data
protection tools. The Framework would
describe the Clearing Agencies’
enhanced security features and the
standards they use to assess
vulnerabilities and potential threats.
Business Continuity Risk
Finally, the Framework would
describe how the Clearing Agencies
have established and maintain business
continuity plans to address events that
may pose a significant risk of disrupting
their operations. The Framework would
describe how the business continuity
process for each Clearing Agency
Business and Clearing Agency Support
Area is ranked within a range of tiers,
from 0 to 5, based on criticality to each
applicable Clearing Agency’s operations
(each a ‘‘Tier’’), where Tier 0 equates to
critical operations or support of such
operations for which virtually no
downtime is permitted under applicable
regulatory standards, and Tier 5 equates
to non-essential operations or support of
such operations for which recovery
times of greater than five days is
permitted.
The Framework would state that, on
an annual basis, each Clearing Agency
Business and Clearing Agency Support
Area updates its own business
continuity plan and reviews and ratifies
its business impact analysis. These
analyses are used by the DTCC Business
Continuity Management department
(‘‘BCM’’), on behalf of the Clearing
Agencies, to validate that business’ or
area’s current Tier ranking. The
Framework would identify the key
elements of these business impact
analyses, which include (1) an
assessment of the criticality of the
VerDate Sep<11>2014
16:45 Aug 11, 2017
Jkt 241001
applicable Clearing Agency Business or
Clearing Agency Support Area, based on
potential impact to the Clearing Agency;
(2) an estimation of the maximum
allowable downtime for the applicable
Clearing Agency Business or Clearing
Agency Support Area; and (3) the
identification of dependencies, and
ranking such dependencies to align with
the process criticality for recovery, of
the applicable Clearing Agency Business
or Clearing Agency Support Area.
The Framework would describe the
Clearing Agencies’ multiple data
centers, and the emergency monitoring
and back up systems available at each
site. The Framework would describe the
capacity of the various data centers. The
Framework would also describe the
Clearing Agencies’ operating centers,
and would describe how each Clearing
Agency Business and Clearing Agency
Support Area creates and deploys its
own work area recovery strategy to
mitigate the loss of primary workspace
and/or associated desktop technology,
as well as for purposes of social
distancing among personnel. The
Framework would describe how each of
these work area recovery strategies is
developed and executed, based on the
applicable Clearing Agency Business’
and Clearing Agency Support Area’s
current Tier ranking, as described
above.
The Framework would describe the
responsibilities of BCM in managing a
disruptive business event, which
includes coordination with a team of
representatives from each Clearing
Agency Business and Clearing Agency
Support Area. Finally, the Framework
would describe how the Clearing
Agencies conduct regular exercises used
to simulate loss of Clearing Agency
locations, and would describe some of
the preventive measures the Clearing
Agencies take with respect to business
continuity risk management.
2. Statutory Basis
The Clearing Agencies believe that the
proposed rule changes are consistent
with the requirements of the Act and the
rules and regulations thereunder
applicable to a registered clearing
agency. In particular, the Clearing
Agencies believe that the Framework is
consistent with Section 17A(b)(3)(F) of
the Act 8 and the subsections cited
below of Rule 17Ad–22(e)(17),9
promulgated under the Act, for the
reasons described below.
Section 17A(b)(3)(F) of the Act
requires, in part, that the rules of a
registered clearing agency be designed
to promote the prompt and accurate
clearance and settlement of securities
transactions, and to assure the
safeguarding of securities and funds
which are in the custody or control of
the clearing agency or for which it is
responsible.10 As described above, the
Framework would describe how the
Clearing Agencies manage their
Operational Risk, technology and
information security risks, and their
business continuity risks. The
processes, systems, and controls used by
the Clearing Agencies to identify,
manage, and mitigate these risks, as
described in the Framework, and the
policies and procedures that support
these activities, assist the Clearing
Agencies to continue the prompt and
accurate clearance and settlement of
securities transactions and continue to
assure the safeguarding of securities and
funds which are in their custody or
control or for which they are
responsible notwithstanding the
realization of these risks. Therefore, the
Clearing Agencies believe the
Framework is consistent with the
requirements of Section 17A(b)(3)(F) of
the Act.11
The Clearing Agencies believe that the
Framework is consistent with the
requirements of each of the subsections
of Rule 17Ad–22(e)(17),12 cited below,
for the reasons described below.
Rule 17Ad–22(e)(17)(i) under the Act
requires, in part, that each covered
clearing agency establish, implement,
maintain and enforce written policies
and procedures reasonably designed to
manage the covered clearing agency’s
operational risks by identifying the
plausible sources of operational risk,
both internal and external, and
mitigating their impact through the use
of appropriate systems, policies,
procedures, and controls.13 The
Framework would describe how the
Risk Tolerance Statements and the Risk
Profiles both assist the Clearing
Agencies to identify the plausible
sources of Operational Risk, both
internal and external. As described
above, the Risk Tolerance Statements
identify both internal and external
Clearing Agency risks, categorize the
respective Clearing Agencies’ tolerance
for those risks, and then identify
governance process applicable to any
breach of those tolerances. In this way,
the Risk Tolerance Statements allow the
Clearing Agencies to identify and
manage the risks they face. As described
above, the Risk Profiles serve a similar
10 15
U.S.C. 78q–1(b)(3)(F).
11 Id.
8 15
9 17
PO 00000
U.S.C. 78q–1(b)(3)(F).
CFR 240.17Ad–22(e)(17).
Frm 00106
Fmt 4703
Sfmt 4703
12 17
13 17
E:\FR\FM\14AUN1.SGM
CFR 240.17Ad–22(e)(17).
CFR 240.17Ad–22(e)(17)(i).
14AUN1
sradovich on DSK3GMQ082PROD with NOTICES
Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices
function, by serving as a tool for
identifying and assessing inherent risks,
and evaluating the controls around
those risks. The Framework also
describes the role of ORM, which
includes oversight of the Risk Tolerance
Statements and Risk Profiles. By
describing the functions of the Risk
Tolerance Statements and Risk Profiles,
which, together, assist the Clearing
Agencies in effectively managing their
operational risks by identifying the
plausible sources of operational risk,
both internal and external, and by
assisting the Clearing Agencies in
mitigating the impact of those risks, and
by describing the role of ORM in
facilitating these tools, the Clearing
Agencies believe the Framework is
consistent with the requirements of Rule
17Ad–22(e)(17)(i).14
Rule 17Ad–22(e)(17)(ii) under the Act
requires, in part, that each covered
clearing agency establish, implement,
maintain and enforce written policies
and procedures reasonably designed to
manage the covered clearing agency’s
operational risks by ensuring that
systems have a high degree of security,
resiliency, operational reliability, and
adequate, scalable capacity.15 The
Framework would describe the role, and
some of the responsibilities, of TRM, in
managing the Clearing Agencies’
information technology risks and in
helping the Clearing Agencies maintain
systems with a high degree of security,
resiliency, operational reliability, and
adequate, scalable capacity. The
Framework would also describe the
programs, systems, and controls used by
TRM in performing this function, and
would identify some of the standards on
information technology risk
management that may be used by TRM
in support of its responsibilities. The
Framework would also describe TRM’s
role in product and project initiatives to
address security issues through the
lifecycle of an initiative. Therefore, by
describing the role and responsibilities
of TRM in managing the Clearing
Agencies’ information technology risks
and in helping the Clearing Agencies
maintain systems with a high degree of
security, resiliency, operational
reliability, and adequate, scalable
capacity, the Clearing Agencies believe
the Framework is consistent with the
requirements of Rule 17Ad–
22(e)(17)(ii).16
Rule 17Ad–22(e)(17)(iii) under the
Act requires, in part, that each covered
clearing agency establish, implement,
maintain and enforce written policies
and procedures reasonably designed to
manage the covered clearing agency’s
operational risks by establishing and
maintaining a business continuity plan
that addresses events posing a
significant risk of disrupting
operations.17 The Framework would
describe how the Clearing Agencies
have established and maintain business
continuity plans, and would describe
the critical features of those plans to
demonstrate how such plans address
events posing a significant risk of
disrupting the Clearing Agencies’
operations. The Framework would also
describe how each Clearing Agency
Business and Clearing Agency Support
Area reviews and ratifies its respective
plan and its business impact analysis,
relative to its assigned Tier. Therefore,
through this description of the
establishment, management and
maintenance of the business continuity
plans of the Clearing Agencies, the
Clearing Agencies believe the
Framework is consistent with the
requirements of Rule 17Ad–
22(e)(17)(iii).18
(B) Clearing Agencies’ Statement on
Burden on Competition
None of the Clearing Agencies believe
that the Framework would have any
impact, or impose any burden, on
competition because the proposed rule
changes reflect some of the existing
methods by which the Clearing
Agencies manage Operational Risk,
including their management of
information technology and business
continuity risks, and would not
effectuate any changes to the Clearing
Agencies’ processes described therein as
they currently apply to their respective
participants.
(C) Clearing Agencies’ Statement on
Comments on the Proposed Rule
Changes Received From Members,
Participants, or Others
The Clearing Agencies have not
solicited or received any written
comments relating to this proposal. The
Clearing Agencies will notify the
Commission of any written comments
received by the Clearing Agencies.
III. Date of Effectiveness of the
Proposed Rule Changes, and Timing for
Commission Action
Within 45 days of the date of
publication of this notice in the Federal
Register or within such longer period
up to 90 days (i) as the Commission may
designate if it finds such longer period
to be appropriate and publishes its
14 Id.
15 17
CFR 240.17Ad–22(e)(17)(ii).
17 17
16 Id.
VerDate Sep<11>2014
CFR 240.17Ad–22(e)(17)(iii).
18 Id.
16:45 Aug 11, 2017
Jkt 241001
PO 00000
Frm 00107
Fmt 4703
Sfmt 4703
37945
reasons for so finding or (ii) as to which
the clearing agency consents, the
Commission will:
(A) By order approve or disapprove
such proposed rule changes, or
(B) institute proceedings to determine
whether the proposed rule changes
should be disapproved.
IV. Solicitation of Comments
Interested persons are invited to
submit written data, views and
arguments concerning the foregoing,
including whether the proposed rule
changes are consistent with the Act.
Comments may be submitted by any of
the following methods:
Electronic Comments
• Use the Commission’s Internet
comment form (https://www.sec.gov/
rules/sro.shtml); or
• Send an email to rule-comments@
sec.gov. Please include File Number SR–
DTC–2017–014, SR–FICC–2017–017, or
SR–NSCC–2017–013 on the subject line.
Paper Comments
• Send paper comments in triplicate
to Secretary, Securities and Exchange
Commission, 100 F Street NE.,
Washington, DC 20549.
All submissions should refer to File
Number SR–DTC–2017–014, SR–FICC–
2017–017, or SR–NSCC–2017–013. One
of these file numbers should be
included on the subject line if email is
used. To help the Commission process
and review your comments more
efficiently, please use only one method.
The Commission will post all comments
on the Commission’s Internet Web site
(https://www.sec.gov/rules/sro.shtml).
Copies of the submission, all subsequent
amendments, all written statements
with respect to the proposed rule
changes that are filed with the
Commission, and all written
communications relating to the
proposed rule changes between the
Commission and any person, other than
those that may be withheld from the
public in accordance with the
provisions of 5 U.S.C. 552, will be
available for Web site viewing and
printing in the Commission’s Public
Reference Room, 100 F Street NE.,
Washington, DC 20549 on official
business days between the hours of
10:00 a.m. and 3:00 p.m. Copies of the
filing also will be available for
inspection and copying at the principal
office of the Clearing Agencies and on
DTCC’s Web site (https://dtcc.com/legal/
sec-rule-filings.aspx). All comments
received will be posted without change;
the Commission does not edit personal
identifying information from
submissions. You should submit only
E:\FR\FM\14AUN1.SGM
14AUN1
37946
Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices
information that you wish to make
available publicly. All submissions
should refer to File Number SR–DTC–
2017–014, SR–FICC–2017–017, or SR–
NSCC–2017–013 and should be
submitted on or before September 5,
2017.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.19
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2017–17043 Filed 8–11–17; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
Self-Regulatory Organizations;
NASDAQ BX, Inc.; Notice of Filing and
Immediate Effectiveness of Proposed
Rule Change To Revise the Rules
Regarding the Exchange’s Options
Regulatory Fee
August 8, 2017.
Pursuant to Section 19(b)(1) of the
Securities Exchange Act of 1934
(‘‘Act’’) 1, and Rule 19b–4 thereunder,2
notice is hereby given that on July 26,
2017, NASDAQ BX, Inc. (‘‘BX’’ or
‘‘Exchange’’) filed with the Securities
and Exchange Commission (‘‘SEC’’ or
‘‘Commission’’) the proposed rule
change as described in Items I, II, and
III, below, which Items have been
prepared by the Exchange. The
Commission is publishing this notice to
solicit comments on the proposed rule
change from interested persons.
DATES:
sradovich on DSK3GMQ082PROD with NOTICES
I. Self-Regulatory Organization’s
Statement of the Terms of Substance of
the Proposed Rule Change
The Exchange proposes to revise BX
Rules at Chapter XV, Section 5 to: (i)
Make adjustments to the amount of its
Options Regulatory Fee (‘‘ORF’’); and
(ii) more closely reflect the manner in
which BX assesses and collects its ORF.
While the changes proposed herein
are effective upon filing, the Exchange
has designated the amendments [sic]
become operative on August 1, 2017.
The text of the proposed rule change
is available on the Exchange’s Web site
at https://nasdaqbx.cchwallstreet.com/,
at the principal office of the Exchange,
and at the Commission’s Public
Reference Room.
CFR 200.30–3(a)(12).
U.S.C. 78s(b)(1).
2 17 CFR 240.19b–4.
1 15
VerDate Sep<11>2014
16:45 Aug 11, 2017
Jkt 241001
In its filing with the Commission, the
Exchange included statements
concerning the purpose of and basis for
the proposed rule change and discussed
any comments it received on the
proposed rule change. The text of these
statements may be examined at the
places specified in Item IV below. The
Exchange has prepared summaries, set
forth in sections A, B, and C below, of
the most significant aspects of such
statements.
A. Self-Regulatory Organization’s
Statement of the Purpose of, and the
Statutory Basis for, the Proposed Rule
Change
[Release No. 34–81341; File No. SR–BX–
2017–032]
19 17
II. Self-Regulatory Organization’s
Statement of the Purpose of, and
Statutory Basis for, the Proposed Rule
Change
1. Purpose
BX initially filed to establish its ORF
in 2016.3 The Exchange has amended its
ORF several times since the inception of
this fee.4 At this time, the Exchange
proposes to: (i) Amend the amount of its
ORF; and (ii) revise BX Rules at Chapter
XV, Section 5 to more closely reflect the
manner in which BX assesses and
collects its ORF.
The Exchange supports a common
approach for the assessment and
collection of ORF among the various
options exchanges that assess such a fee.
Furthermore, the Exchange supports
guidance from the Commission
regarding regulatory cost structures to
ensure equal knowledge and treatment
among options markets assessing ORF.
Proposal 1—Amend the Amount of the
ORF
The Exchange assesses an ORF of
$0.0004 per contract side. The Exchange
proposes to increase the ORF from
$0.0004 per contract side to $0.0005 per
contract side as of August 1, 2017 to
account for a reduction in market
volume. The Exchange’s proposed
change to the ORF should balance the
Exchange’s regulatory cost [sic] against
the anticipated revenue. The Exchange
regularly reviews its ORF to ensure that
the ORF, in combination with its other
regulatory fees and fines, does not
exceed regulatory costs. The Exchange
believes this adjustment will permit the
Exchange to cover a material portion of
3 See Securities Exchange Act Release Nos. 77053
(February 4, 3016), 81 FR 7163 (February 10, 2016)
(SR–BX–2016–007); (Notice of Filing and
Immediate Effectiveness of Proposed Rule Change
Relating To Adopt an Options Regulatory Fee).
4 See Securities Exchange Act Release No. 78361
(July 19, 2016), 81 FR 48485 (July 25, 2016) (SR–
BX–2016–043).
PO 00000
Frm 00108
Fmt 4703
Sfmt 4703
its regulatory costs, while not exceeding
regulatory costs.
The Exchange notified its Participants
of this ORF adjustment thirty (30)
calendar days prior to the proposed
operative date.5
Proposal 2—Reflect the Manner in
Which BX Assesses and Collects its ORF
Currently, BX assesses its ORF for
each Customer option transaction that is
either: (1) Executed by a Participant on
BX; or (2) cleared by a BX Participant
at The Options Clearing Corporation
(‘‘OCC’’) in the Customer range,6 even if
the transaction was executed by a nonmember of BX, regardless of the
exchange on which the transaction
occurs.7 If the OCC clearing member is
a BX Participant, ORF is assessed and
collected on all cleared Customer
contracts (after adjustment for CMTA 8);
and (2) if the OCC clearing member is
not a BX Participant, ORF is collected
only on the cleared Customer contracts
executed at BX, taking into account any
CMTA instructions which may result in
collecting the ORF from a non-member.
By way of example, if Broker A, a BX
Participant, routes a Customer order to
CBOE and the transaction executes on
CBOE and clears in Broker A’s OCC
Clearing account, ORF will be collected
by BX from Broker A’s clearing account
at OCC via direct debit. While this
transaction was executed on a market
other than BX, it was cleared by a BX
Participant in the Participant’s OCC
clearing account in the Customer range,
therefore there is a regulatory nexus
between BX and the transaction. If
Broker A was not a BX Participant, then
no ORF should be assessed and
collected because there is no nexus; the
transaction did not execute on BX nor
was it cleared by a BX Participant.
In the case where a Participant both
executes a transaction and clears the
transaction, the ORF is assessed to and
collected from the Participant only
once. In the case where a Participant
executes a transaction and a different
Participant clears the transaction, the
ORF is assessed to and collected from
the Participant who clears the
transaction and not the Participant who
executes the transaction. In the case
5 See
Options Trader Alert #2017–54.
Rules require each member to record
the appropriate account origin code on all orders at
the time of entry in order to allow the Exchange to
properly prioritize and route orders and assess
transaction fees pursuant to the Rules of the
Exchange and report resulting transactions to OCC.
7 The Exchange uses reports from OCC to
determine the identity of the executing clearing
firm and ultimate clearing firm.
8 CMTA or Clearing Member Trade Assignment is
a form of ‘‘give-up’’ whereby the position will be
assigned to a specific clearing firm at OCC.
6 Exchange
E:\FR\FM\14AUN1.SGM
14AUN1
]]>Agencies
[Federal Register Volume 82, Number 155 (Monday, August 14, 2017)]
[Notices]
[Pages 37942-37946]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-17043]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-81338; File Nos. SR-DTC-2017-014; SR-FICC-2017-017; SR-
NSCC-2017-013]
Self-Regulatory Organizations; The Depository Trust Company;
Fixed Income Clearing Corporation; National Securities Clearing
Corporation; Notice of Filings of Proposed Rule Changes To Adopt the
Clearing Agency Operational Risk Management Framework
DATE: August 8, 2017.
Pursuant to Section 19(b)(1) of the Securities Exchange Act of
1934, as amended (``Act'') \1\ and Rule 19b-4 thereunder,\2\ notice is
hereby given that on July 25, 2017, The Depository Trust Company
(``DTC''), Fixed Income Clearing Corporation (``FICC''), and National
Securities Clearing Corporation (``NSCC,'' and together with DTC and
FICC, the ``Clearing Agencies'') filed with the Securities and Exchange
Commission (``Commission'') the proposed rule changes as described in
Items I and II below, which Items have been prepared primarily by the
Clearing Agencies. The Commission is publishing this notice to solicit
comments on the proposed rule changes from interested persons.
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------
I. Clearing Agencies' Statement of the Terms of Substance of the
Proposed Rule Changes
The proposed rule changes would adopt the Clearing Agency
Operational Risk Management Framework (``Framework'') of the Clearing
Agencies, described below. The Framework would apply to both of FICC's
divisions, the Government Securities Division (``GSD'') and the
Mortgage-Backed Securities Division (``MBSD''). The Framework would be
maintained by the Clearing Agencies to support their compliance with
Rule 17Ad-22(e)(17) under the Act, as described below.\3\
---------------------------------------------------------------------------
\3\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------
Although the Clearing Agencies would consider the Framework to be a
rule, the proposed rule changes do not require any changes to the
Rules, By-laws and Organization Certificate of DTC (``DTC Rules''), the
Rulebook of GSD (``GSD Rules''), the Clearing Rules of MBSD (``MBSD
Rules''), or the Rules & Procedures of NSCC (``NSCC Rules''), as the
Framework would be a standalone document.\4\
---------------------------------------------------------------------------
\4\ Capitalized terms not defined herein are defined in the DTC
Rules, GSD Rules, MBSD Rules, or NSCC Rules, as applicable,
available at https://dtcc.com/legal/rules-and-procedures.
---------------------------------------------------------------------------
[[Page 37943]]
II. Clearing Agencies' Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Changes
In their filings with the Commission, the Clearing Agencies
included statements concerning the purpose of and basis for the
proposed rule changes and discussed any comments they received on the
proposed rule changes. The text of these statements may be examined at
the places specified in Item IV below. The Clearing Agencies have
prepared summaries, set forth in sections A, B, and C below, of the
most significant aspects of such statements.
(A) Clearing Agencies' Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Changes
1. Purpose
The Clearing Agencies are proposing to adopt the Framework, which
would describe the manner in which each of the Clearing Agencies
manages operational risk, which is defined by the Clearing Agencies in
the Framework as the risk of direct or indirect loss or reputational
harm resulting from an event, internal or external, that is the result
of inadequate or failed processes, people, and systems (``Operational
Risk''). As described in more detail below, the Framework would set
forth the manner in which the Clearing Agencies (1) generally manage
Operational Risk; (2) more specifically manage their information
technology risks; and (3) more specifically manage their business
continuity risks. The processes and systems described in the Framework,
and any policies, procedures or other documents created to support
those processes, support the Clearing Agencies' compliance with the
requirements of Rule 17Ad-22(e)(17).\5\ The Framework would be
maintained by the DTCC Operational Risk Management group (``ORM''), on
behalf of the Clearing Agencies.\6\
---------------------------------------------------------------------------
\5\ 17 CFR 240.17Ad-22(e)(17).
\6\ The parent company of the Clearing Agencies is The
Depository Trust & Clearing Corporation (``DTCC''). DTCC operates on
a shared services model with respect to the Clearing Agencies. Most
corporate functions are established and managed on an enterprise-
wide basis pursuant to intercompany agreements under which it is
generally DTCC that provides a relevant service to a Clearing
Agency.
---------------------------------------------------------------------------
Operational Risk Management
The Framework would describe how the Clearing Agencies generally
manage their Operational Risks. The Framework would describe how ORM is
specifically charged with establishing appropriate systems, policies,
procedures, and controls to enable management to identify plausible
sources of Operational Risk in order to mitigate their impact to the
Clearing Agencies, including through the Risk Tolerance Statements and
Risk Profiles, as described below.
The Framework would describe how the Clearing Agencies identify key
risks and set metrics to categorize such risks (from ``no impact'' to
``severe impact'') through ``Risk Tolerance Statements.'' The Framework
would describe how the Risk Tolerance Statements document the overall
risk reduction or mitigation objectives for the Clearing Agencies with
respect to identified risks to the Clearing Agencies. The Framework
would also describe how the Risk Tolerance Statements document the risk
controls and other measures used to manage such identified risks,
including escalation requirements in the event of risk metric breaches.
The Framework would state that each Risk Tolerance Statement is
reviewed, revised, updated, and/or created, as necessary, by ORM on an
annual basis.
The Framework would also describe how the Clearing Agencies monitor
key risks, including Operational Risk, through ``Risk Profiles,'' which
document the assessment of risk for each of the Clearing Agencies'
businesses and support areas (each a ``Clearing Agency Business'' and/
or ``Clearing Agency Support Area''). The risk assessment documented in
these profiles includes (1) identification and assessment of inherent
risk, which is risk without any mitigating controls; (2) identification
of existing controls, and, as appropriate, any new additional controls,
and evaluation of the same risk against the strength of such controls;
and (3) identification of any residual risk and a determination to
either further mitigate such risk or accept such risk by the applicable
Clearing Agency Business or Clearing Agency Support Area.
The Framework would also provide a description of the
responsibilities of ORM, which is a part of the second line of defense
within the Clearing Agencies' Three Lines of Defense approach to risk
management.\7\ The Framework would identify some of those
responsibilities as including, for example, management of the Risk
Tolerance Statements and working with the Clearing Agency Businesses
and Clearing Agency Support Areas to create and monitor Risk Profiles.
---------------------------------------------------------------------------
\7\ The Three Lines of Defense approach to risk management
identifies the roles and responsibilities of different Clearing
Agency Businesses or Clearing Agency Support Areas in identifying,
assessing, measuring, monitoring, mitigating, and reporting certain
key risks faced by the Clearing Agencies. The Three Lines of Defense
approach is more fully described in a separate framework, the
Clearing Agency Risk Management Framework, maintained by the DTCC
General Counsel's Office. See SR-DTC-2017-013, SR-FICC-2017-016, SR-
NSCC-2017-012, which was filed with the Commission but has not yet
been published in the Federal Register. A copy of these proposed
rule change filings is available at https://www.dtcc.com/legal/sec-rule-filings.
---------------------------------------------------------------------------
Information Technology Risk
The Framework would describe how the Clearing Agencies address
information technology risks. The Framework would state that the DTCC
Technology Risk Management group (``TRM''), on behalf of the Clearing
Agencies, is responsible for establishing appropriate programs,
policies, procedures, and controls with respect to the Clearing
Agencies' information technology risks to help management ensure that
systems have a high degree of security, resiliency, operational
reliability, and adequate, scalable capacity. The Framework would
identify some of the recognized information technology standards that
may be used by TRM, as applicable, in support of executing its
responsibilities.
The Framework would also identify some of TRM's responsibilities,
which include, for example, (1) performing risk assessments to, among
other things, facilitate the determination of the Clearing Agencies'
investment and remediation priorities; (2) facilitating annual
mandatory and periodic information security awareness, education,
training, and communication to personnel of Clearing Agency Businesses
and Clearing Agency Support Areas and relevant external parties; and
(3) creating, implementing, and managing certain programs, including
programs that (i) address information security throughout a system's
lifecycle, (ii) facilitate compliance with evolving and established
regulatory rules and guidelines that govern protection of the
information assets of the Clearing Agencies and their participants,
(iii) identify, prioritize, and manage the level of cyber threats to
the Clearing Agencies, and (iv) assure that access to Clearing Agency
information assets is appropriately authorized and authenticated based
on current business need.
The Framework would state that TRM's risk strategy is closely
aligned to the Clearing Agencies' business drivers and future strategic
direction, such that efforts to achieve information security threat
mitigation objectives, resiliency of infrastructure supporting Clearing
Agency critical business applications,
[[Page 37944]]
and operational reliability are prioritized. The Framework would state
this is also accomplished through TRM's early and consistent
involvement in initiatives to develop new products and systems. The
Framework would state that, by involving TRM from the initial planning
phase, through the design, build and operative phases of those
initiatives, resiliency, operational effectiveness, reliability, and
availability requirements are addressed and incorporated into design
and execution from both a technology and cyber security perspective.
The Framework would also describe the Clearing Agencies' security
strategy and defense, and would state that the Clearing Agencies'
network security framework and preventive controls are designed to
support a reliable and robust tiered security strategy and defense.
These controls include modern and technically advanced security
firewalls, intrusion detection, system and data monitoring, and data
protection tools. The Framework would describe the Clearing Agencies'
enhanced security features and the standards they use to assess
vulnerabilities and potential threats.
Business Continuity Risk
Finally, the Framework would describe how the Clearing Agencies
have established and maintain business continuity plans to address
events that may pose a significant risk of disrupting their operations.
The Framework would describe how the business continuity process for
each Clearing Agency Business and Clearing Agency Support Area is
ranked within a range of tiers, from 0 to 5, based on criticality to
each applicable Clearing Agency's operations (each a ``Tier''), where
Tier 0 equates to critical operations or support of such operations for
which virtually no downtime is permitted under applicable regulatory
standards, and Tier 5 equates to non-essential operations or support of
such operations for which recovery times of greater than five days is
permitted.
The Framework would state that, on an annual basis, each Clearing
Agency Business and Clearing Agency Support Area updates its own
business continuity plan and reviews and ratifies its business impact
analysis. These analyses are used by the DTCC Business Continuity
Management department (``BCM''), on behalf of the Clearing Agencies, to
validate that business' or area's current Tier ranking. The Framework
would identify the key elements of these business impact analyses,
which include (1) an assessment of the criticality of the applicable
Clearing Agency Business or Clearing Agency Support Area, based on
potential impact to the Clearing Agency; (2) an estimation of the
maximum allowable downtime for the applicable Clearing Agency Business
or Clearing Agency Support Area; and (3) the identification of
dependencies, and ranking such dependencies to align with the process
criticality for recovery, of the applicable Clearing Agency Business or
Clearing Agency Support Area.
The Framework would describe the Clearing Agencies' multiple data
centers, and the emergency monitoring and back up systems available at
each site. The Framework would describe the capacity of the various
data centers. The Framework would also describe the Clearing Agencies'
operating centers, and would describe how each Clearing Agency Business
and Clearing Agency Support Area creates and deploys its own work area
recovery strategy to mitigate the loss of primary workspace and/or
associated desktop technology, as well as for purposes of social
distancing among personnel. The Framework would describe how each of
these work area recovery strategies is developed and executed, based on
the applicable Clearing Agency Business' and Clearing Agency Support
Area's current Tier ranking, as described above.
The Framework would describe the responsibilities of BCM in
managing a disruptive business event, which includes coordination with
a team of representatives from each Clearing Agency Business and
Clearing Agency Support Area. Finally, the Framework would describe how
the Clearing Agencies conduct regular exercises used to simulate loss
of Clearing Agency locations, and would describe some of the preventive
measures the Clearing Agencies take with respect to business continuity
risk management.
2. Statutory Basis
The Clearing Agencies believe that the proposed rule changes are
consistent with the requirements of the Act and the rules and
regulations thereunder applicable to a registered clearing agency. In
particular, the Clearing Agencies believe that the Framework is
consistent with Section 17A(b)(3)(F) of the Act \8\ and the subsections
cited below of Rule 17Ad-22(e)(17),\9\ promulgated under the Act, for
the reasons described below.
---------------------------------------------------------------------------
\8\ 15 U.S.C. 78q-1(b)(3)(F).
\9\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------
Section 17A(b)(3)(F) of the Act requires, in part, that the rules
of a registered clearing agency be designed to promote the prompt and
accurate clearance and settlement of securities transactions, and to
assure the safeguarding of securities and funds which are in the
custody or control of the clearing agency or for which it is
responsible.\10\ As described above, the Framework would describe how
the Clearing Agencies manage their Operational Risk, technology and
information security risks, and their business continuity risks. The
processes, systems, and controls used by the Clearing Agencies to
identify, manage, and mitigate these risks, as described in the
Framework, and the policies and procedures that support these
activities, assist the Clearing Agencies to continue the prompt and
accurate clearance and settlement of securities transactions and
continue to assure the safeguarding of securities and funds which are
in their custody or control or for which they are responsible
notwithstanding the realization of these risks. Therefore, the Clearing
Agencies believe the Framework is consistent with the requirements of
Section 17A(b)(3)(F) of the Act.\11\
---------------------------------------------------------------------------
\10\ 15 U.S.C. 78q-1(b)(3)(F).
\11\ Id.
---------------------------------------------------------------------------
The Clearing Agencies believe that the Framework is consistent with
the requirements of each of the subsections of Rule 17Ad-22(e)(17),\12\
cited below, for the reasons described below.
---------------------------------------------------------------------------
\12\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------
Rule 17Ad-22(e)(17)(i) under the Act requires, in part, that each
covered clearing agency establish, implement, maintain and enforce
written policies and procedures reasonably designed to manage the
covered clearing agency's operational risks by identifying the
plausible sources of operational risk, both internal and external, and
mitigating their impact through the use of appropriate systems,
policies, procedures, and controls.\13\ The Framework would describe
how the Risk Tolerance Statements and the Risk Profiles both assist the
Clearing Agencies to identify the plausible sources of Operational
Risk, both internal and external. As described above, the Risk
Tolerance Statements identify both internal and external Clearing
Agency risks, categorize the respective Clearing Agencies' tolerance
for those risks, and then identify governance process applicable to any
breach of those tolerances. In this way, the Risk Tolerance Statements
allow the Clearing Agencies to identify and manage the risks they face.
As described above, the Risk Profiles serve a similar
[[Page 37945]]
function, by serving as a tool for identifying and assessing inherent
risks, and evaluating the controls around those risks. The Framework
also describes the role of ORM, which includes oversight of the Risk
Tolerance Statements and Risk Profiles. By describing the functions of
the Risk Tolerance Statements and Risk Profiles, which, together,
assist the Clearing Agencies in effectively managing their operational
risks by identifying the plausible sources of operational risk, both
internal and external, and by assisting the Clearing Agencies in
mitigating the impact of those risks, and by describing the role of ORM
in facilitating these tools, the Clearing Agencies believe the
Framework is consistent with the requirements of Rule 17Ad-
22(e)(17)(i).\14\
---------------------------------------------------------------------------
\13\ 17 CFR 240.17Ad-22(e)(17)(i).
\14\ Id.
---------------------------------------------------------------------------
Rule 17Ad-22(e)(17)(ii) under the Act requires, in part, that each
covered clearing agency establish, implement, maintain and enforce
written policies and procedures reasonably designed to manage the
covered clearing agency's operational risks by ensuring that systems
have a high degree of security, resiliency, operational reliability,
and adequate, scalable capacity.\15\ The Framework would describe the
role, and some of the responsibilities, of TRM, in managing the
Clearing Agencies' information technology risks and in helping the
Clearing Agencies maintain systems with a high degree of security,
resiliency, operational reliability, and adequate, scalable capacity.
The Framework would also describe the programs, systems, and controls
used by TRM in performing this function, and would identify some of the
standards on information technology risk management that may be used by
TRM in support of its responsibilities. The Framework would also
describe TRM's role in product and project initiatives to address
security issues through the lifecycle of an initiative. Therefore, by
describing the role and responsibilities of TRM in managing the
Clearing Agencies' information technology risks and in helping the
Clearing Agencies maintain systems with a high degree of security,
resiliency, operational reliability, and adequate, scalable capacity,
the Clearing Agencies believe the Framework is consistent with the
requirements of Rule 17Ad-22(e)(17)(ii).\16\
---------------------------------------------------------------------------
\15\ 17 CFR 240.17Ad-22(e)(17)(ii).
\16\ Id.
---------------------------------------------------------------------------
Rule 17Ad-22(e)(17)(iii) under the Act requires, in part, that each
covered clearing agency establish, implement, maintain and enforce
written policies and procedures reasonably designed to manage the
covered clearing agency's operational risks by establishing and
maintaining a business continuity plan that addresses events posing a
significant risk of disrupting operations.\17\ The Framework would
describe how the Clearing Agencies have established and maintain
business continuity plans, and would describe the critical features of
those plans to demonstrate how such plans address events posing a
significant risk of disrupting the Clearing Agencies' operations. The
Framework would also describe how each Clearing Agency Business and
Clearing Agency Support Area reviews and ratifies its respective plan
and its business impact analysis, relative to its assigned Tier.
Therefore, through this description of the establishment, management
and maintenance of the business continuity plans of the Clearing
Agencies, the Clearing Agencies believe the Framework is consistent
with the requirements of Rule 17Ad-22(e)(17)(iii).\18\
---------------------------------------------------------------------------
\17\ 17 CFR 240.17Ad-22(e)(17)(iii).
\18\ Id.
---------------------------------------------------------------------------
(B) Clearing Agencies' Statement on Burden on Competition
None of the Clearing Agencies believe that the Framework would have
any impact, or impose any burden, on competition because the proposed
rule changes reflect some of the existing methods by which the Clearing
Agencies manage Operational Risk, including their management of
information technology and business continuity risks, and would not
effectuate any changes to the Clearing Agencies' processes described
therein as they currently apply to their respective participants.
(C) Clearing Agencies' Statement on Comments on the Proposed Rule
Changes Received From Members, Participants, or Others
The Clearing Agencies have not solicited or received any written
comments relating to this proposal. The Clearing Agencies will notify
the Commission of any written comments received by the Clearing
Agencies.
III. Date of Effectiveness of the Proposed Rule Changes, and Timing for
Commission Action
Within 45 days of the date of publication of this notice in the
Federal Register or within such longer period up to 90 days (i) as the
Commission may designate if it finds such longer period to be
appropriate and publishes its reasons for so finding or (ii) as to
which the clearing agency consents, the Commission will:
(A) By order approve or disapprove such proposed rule changes, or
(B) institute proceedings to determine whether the proposed rule
changes should be disapproved.
IV. Solicitation of Comments
Interested persons are invited to submit written data, views and
arguments concerning the foregoing, including whether the proposed rule
changes are consistent with the Act. Comments may be submitted by any
of the following methods:
Electronic Comments
Use the Commission's Internet comment form (https://www.sec.gov/rules/sro.shtml); or
Send an email to rule-comments@sec.gov. Please include
File Number SR-DTC-2017-014, SR-FICC-2017-017, or SR-NSCC-2017-013 on
the subject line.
Paper Comments
Send paper comments in triplicate to Secretary, Securities
and Exchange Commission, 100 F Street NE., Washington, DC 20549.
All submissions should refer to File Number SR-DTC-2017-014, SR-FICC-
2017-017, or SR-NSCC-2017-013. One of these file numbers should be
included on the subject line if email is used. To help the Commission
process and review your comments more efficiently, please use only one
method. The Commission will post all comments on the Commission's
Internet Web site (https://www.sec.gov/rules/sro.shtml). Copies of the
submission, all subsequent amendments, all written statements with
respect to the proposed rule changes that are filed with the
Commission, and all written communications relating to the proposed
rule changes between the Commission and any person, other than those
that may be withheld from the public in accordance with the provisions
of 5 U.S.C. 552, will be available for Web site viewing and printing in
the Commission's Public Reference Room, 100 F Street NE., Washington,
DC 20549 on official business days between the hours of 10:00 a.m. and
3:00 p.m. Copies of the filing also will be available for inspection
and copying at the principal office of the Clearing Agencies and on
DTCC's Web site (https://dtcc.com/legal/sec-rule-filings.aspx). All
comments received will be posted without change; the Commission does
not edit personal identifying information from submissions. You should
submit only
[[Page 37946]]
information that you wish to make available publicly. All submissions
should refer to File Number SR-DTC-2017-014, SR-FICC-2017-017, or SR-
NSCC-2017-013 and should be submitted on or before September 5, 2017.
---------------------------------------------------------------------------
\19\ 17 CFR 200.30-3(a)(12).
For the Commission, by the Division of Trading and Markets,
pursuant to delegated authority.\19\
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2017-17043 Filed 8-11-17; 8:45 am]
BILLING CODE 8011-01-P
