Self-Regulatory Organizations; The Options Clearing Corporation; Notice of Filing of Proposed Rule Change Related to a Comprehensive Risk Management Framework, 49456-49462 [2017-23121]

Download as PDF 49456 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices • Send an email to rule-comments@ sec.gov. Please include File Number SR– GEMX–2017–48 on the subject line. Paper Comments • Send paper comments in triplicate to Brent J. Fields, Secretary, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549–1090. All submissions should refer to File Number SR–GEMX–2017–48. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s Internet Web site (http://www.sec.gov/ rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for Web site viewing and printing in the Commission’s Public Reference Room, 100 F Street NE., Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of the filing also will be available for inspection and copying at the principal office of the Exchange. All comments received will be posted without change. Persons submitting comments are cautioned that we do not redact or edit personal identifying information from comment submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR–GEMX–2017–48 and should be submitted on or before November 15, 2017. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.15 Eduardo A. Aleman, Assistant Secretary. sradovich on DSK3GMQ082PROD with NOTICES [FR Doc. 2017–23117 Filed 10–24–17; 8:45 am] BILLING CODE 8011–01–P SECURITIES AND EXCHANGE COMMISSION [Release No. 34–81909; File No. SR–OCC– 2017–005] Self-Regulatory Organizations; The Options Clearing Corporation; Notice of Filing of Proposed Rule Change Related to a Comprehensive Risk Management Framework October 19, 2017. Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (‘‘Act’’),1 and Rule 19b–4 thereunder,2 notice is hereby given that on October 10, 2017, The Options Clearing Corporation (‘‘OCC’’) filed with the Securities and Exchange Commission (‘‘Commission’’) the proposed rule change as described in Items I, II, and III below, which Items have been prepared by OCC. The Commission is publishing this notice to solicit comments on the proposed rule change from interested persons. I. Clearing Agency’s Statement of the Terms of Substance of the Proposed Rule Change This purpose of the proposed rule change is to adopt a comprehensive Risk Management Framework Policy, which would describe OCC’s framework for comprehensive risk management, including OCC’s framework to identify, measure, monitor, and manage all risks faced by OCC in the provision of clearing, settlement and risk management services. The Risk Management Framework Policy is included in confidential Exhibit 5 of the filing. The proposed rule change does not require any changes to the text of OCC’s By-Laws or Rules. All terms with initial capitalization that are not otherwise defined herein have the same meaning as set forth in the OCC ByLaws and Rules.3 II. Clearing Agency’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change In its filing with the Commission, OCC included statements concerning the purpose of and basis for the proposed rule change and discussed any comments it received on the proposed rule change. The text of these statements may be examined at the places specified in Item IV below. OCC has prepared summaries, set forth in sections (A), (B), and (C) below, of the most significant aspects of these statements. 1 15 U.S.C. 78s(b)(1). CFR 240.19b–4. 3 OCC’s By-Laws and Rules can be found on OCC’s public Web site: http://optionsclearing.com/ about/publications/bylaws.jsp. 2 17 15 17 CFR 200.30–3(a)(12). VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 PO 00000 Frm 00146 Fmt 4703 Sfmt 4703 (A) Clearing Agency’s Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change (1) Purpose Background On September 28, 2016, the Commission adopted amendments to Rule 17Ad–22 4 and added new Rule 17Ab2–2 5 pursuant to Section 17A of the Securities Exchange Act of 1934 (‘‘Exchange Act’’) 6 and the Payment, Clearing and Settlement Supervision Act of 2010 (‘‘Clearing Supervision Act’’) 7 to establish enhanced standards for the operation and governance of those clearing agencies registered with the Commission that meet the definition of a ‘‘covered clearing agency,’’ as defined by Rule 17Ad–22(a)(5) 8 (collectively, the new and amended rules are herein referred to as ‘‘CCA’’ rules). The CCA rules require that covered clearing agencies, among other things: ‘‘[E]stablish, implement, maintain and enforce written policies and procedures reasonably designed to . . . [m]aintain a sound risk management framework for comprehensively managing legal, credit, liquidity, operational, general business, investment, custody, and other risks that arise in or are borne by the covered clearing agency, which . . . [i]ncludes risk management policies, procedures, and systems designed to identify, measure, monitor, and manage the range of risks that arise in or are borne by the covered clearing agency, that are subject to review on a specified periodic basis and approved by the board of directors annually . . .’’ 9 OCC is defined as a covered clearing agency under the CCA rules, and therefore is subject to the requirements of the CCA rules, including Rule 17Ad– 22(e)(3).10 Accordingly, OCC proposes to adopt a Risk Management Framework Policy (‘‘RMF’’), as described below, to formalize and update its overall framework for comprehensively managing the Key Risks 11 that arise in or are borne by OCC to promote compliance with Rule 17Ad–22(e)(3).12 Proposed Policy OCC proposes to adopt a new RMF document. The purpose of the RMF is to describe OCC’s framework for 4 17 CFR 240.17Ad–22. CFR 240.17Ab2–2. 6 15 U.S.C. 78q–1. 7 12 U.S.C. 5461 et seq. 8 17 CFR 240.17Ad–22(a)(5). 9 17 CFR 240.17Ad–22(e)(3). 10 Id. 11 Under the proposed RMF, ‘‘Key Risks’’ would be defined as risks that are related to the foundational aspects of CCP clearing, settlement and risk management services. 12 17 CFR 240.17Ad–22(e)(3). 5 17 E:\FR\FM\25OCN1.SGM 25OCN1 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices comprehensive risk management, including OCC’s framework to identify, measure, monitor, and manage all risks faced by OCC in the provision of clearing, settlement and risk management services. Specifically, the RMF would establish the context for OCC’s risk management framework, outline OCC’s risk management philosophy, describe OCC’s Risk Appetite Framework and use of Risk Tolerances,13 describe the governance arrangements that implement risk management, outline OCC’s identification of Key Risks, and describe OCC’s program for enterprise-wide risk management, including the three lines of defense structure (discussed below), and describe OCC’s approach to risk monitoring, assessment and reporting. As a single risk management framework addressing risks across all facets of OCC’s business, the RMF would foster OCC’s compliance with the requirements of the CCA rules, and in particular the requirement of Rule 17Ad–22(e)(3) 14 that it maintain a sound framework for comprehensively managing risks. Context of OCC’s Risk Management Framework The RMF would begin by establishing the context for OCC’s risk management framework. Specifically, OCC is a Systemically Important Financial Market Utility (‘‘SIFMU’’) 15 that serves a critical role in financial markets as the sole central counterparty (‘‘CCP’’) that provides clearance and settlement services for U.S. listed options and guarantees the obligations associated with the contracts that it clears. As a SIFMU, OCC recognizes its role in promoting financial stability for market participants, investors and the economy and that it must therefore maintain a sound risk management framework for comprehensively managing the risks that it presents. sradovich on DSK3GMQ082PROD with NOTICES OCC’s Risk Management Philosophy The proposed RMF would describe OCC’s risk management philosophy. As a SIFMU, OCC must be mindful of the public interest and its obligation to promote financial stability, reduce the potential for systemic contagion and support the smooth functioning of the U.S. financial markets. Furthermore, as 13 Under the proposed RMF, ‘‘Risk Tolerances’’ would be defined as the application of risk appetite to a specific sub-category or aspect of a Key Risk, typically in quantitative form, used to set an acceptable levels of risk. 14 17 CFR 240.17Ad–22(e)(3). 15 The Financial Stability Oversight Council designated OCC a SIFMU on July 18, 2012 pursuant to the Clearing Supervision Act. See 12 U.S.C. 5463. VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 a CCP, OCC concentrates financial risks for the markets it serves by acting as the CCP for all of the transactions that it clears. As a result of this concentration, OCC’s primary objective is to ensure that it properly manages the financial risks associated with functioning as a CCP, which primarily relate to potential clearing member default scenarios. As a CCP, OCC’s daily operations, among other things, involve managing financial, operational and business risks. In managing these risks, OCC’s daily operations—which are guided by policies, procedures and controls—are designed to ensure that financial exposures and service disruptions are within acceptable limits set by OCC as part of its Risk Appetite Framework (‘‘RAF’’) as described below. Risk Appetite Framework The proposed RMF would describe OCC’s RAF and use of Risk Tolerances. The purpose of the RAF is to establish OCC’s overall approach to managing risks at the enterprise level in an effective and integrated fashion. The RAF establishes the level and types of Key Risks, described in further detail below, that OCC is willing and able to assume in accordance with OCC’s mission as a SIFMU. Under the RAF, Risk Appetite Statements 16 would be used to express OCC’s judgment, for each of OCC’s Key Risks, regarding the level of risk that OCC is willing to accept related to the provision of CCP services. These statements would be qualitative indications of appetite that set the tone for OCC’s approach to risk taking, and are indicative of the level of resources or effort OCC puts forth to prevent or mitigate the impact of a Key Risk. Under the RMF, Risk Appetite Statements would be set annually by each department associated with a Key Risk in cooperation with OCC’s Enterprise Risk Management department (‘‘ERM’’) according to applicable procedures. OCC’s risk appetite levels would be classified into four categories: 1. No appetite: OCC is unwilling to deliberately accept any level of risk. 2. Low appetite: OCC devotes significant resources to managing risk but may choose to accept certain risks that do not materially affect core clearing and settlement because the level of resources that OCC would be required to put forth to mitigate the risks would be impractical. 16 Under the proposed RMF, ‘‘Risk Appetite Statement’’ would be defined as a statement that expresses OCC’s judgment, for each of OCC’s Key Risks, regarding the level of risk OCC is willing to accept related to the provision of CCP services. PO 00000 Frm 00147 Fmt 4703 Sfmt 4703 49457 3. Moderate appetite: OCC is willing to engage in certain activities that pose risks because those activities may bring longer-term efficiencies or result in business opportunities even though the activities or new businesses may pose new risks to OCC. 4. High appetite: OCC is willing to implement a new high-risk process or business opportunity; however, it is unlikely OCC would apply this level of appetite to a Key Risk absent a compelling, urgent business need. Under the RMF, OCC’s Board would have ultimate responsibility for reviewing and approving the Risk Appetite Statements in connection with each Key Risk on an annual basis upon recommendation of OCC’s Management Committee. The Risk Appetite Statements allow OCC to carefully calibrate the levels of risk it accepts for each of its Key Risks to be consistent with OCC’s core mission of promoting financial stability in the markets it serves. Accordingly, the RAF helps to ensure that OCC has an effective and comprehensive framework for managing its Key Risks (e.g., legal, credit, liquidity, operational, general business, investment, custody and other risks that arise in or are borne by OCC).17 In addition to Risk Appetite Statements, the RMF would require that OCC assign Risk Tolerances to the Key Risks contained within the RMF as approved by OCC’s Board. While the Risk Appetite Statements would be more high-level and principles-based, Risk Tolerances would comparatively be more granular and represent the application of OCC’s risk appetite to specific sub-categories or aspects of Key Risks. The purpose of the proposed Risk Tolerances is to ensure that OCC sets acceptable levels of risk within those specified sub-categories of Key Risks. Risk Tolerances would be stated in either quantitative or qualitative terms, depending on the nature of the risk and OCC’s ability to measure it. Under the RMF, each department would be required to establish Risk Tolerances at least annually for subcategories of Key Risks that are within their relevant domains of responsibility and would be responsible for managing applicable risks within established tolerance levels. ERM staff would monitor Risk Tolerances through quantitative metrics, where applicable, and compile such monitoring in a report that the Chief Risk Officer shall present to OCC’s Management Committee and 17 OCC’s Key Risks are described below in the discussion covering OCC’s identification of its material risks. E:\FR\FM\25OCN1.SGM 25OCN1 49458 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices Financial Risk event of participant default and a process for replenishing resources. In addition, the RMF would require OCC’s liquidity risk framework to encompass sizing liquidity resources to cover liquidity needs in the event of the default of the largest Clearing Member Group, forecasting daily settlements needs under normal market conditions, maintaining liquid resources in the form of cash and committed facilities, maintaining a contingency funding plan and periodically reviewing the size of liquidity resources, maintaining liquidity resources at creditworthy custodians and monitoring the financial and operational performance of financial institutions and committed liquidity facilities, and investing liquidity resources in safe overnight investments or at a Federal Reserve Bank. Moreover, the RMF would require OCC to address investment risks by maintaining an account at a Federal Reserve Bank, which bears no investment risk, and investing funds not held at the Federal Reserve Bank in high quality liquid assets. The RMF would also require OCC to manage model risk through a model development program, independent model validation and strong governance arrangements for the approval of new models or models with material changes in accordance with relevant policies. The RMF would indicate that financial risk encompasses many aspects of risk at OCC, including the risks that a Clearing Member will be unable to meet its obligations when due or that OCC will not maintain sufficient financial resources to cover exposures (i.e., credit risk), the risk that OCC will not maintain sufficient liquid resources to meet its same day and, where appropriate, intraday and multiday settlement of payment obligations (i.e., liquidity risk), the risk that OCC will incur losses on overnight investments (i.e., investment risk), and the risk that financial models are inaccurate (i.e., model risk). The proposed RMF would require OCC’s credit risk management framework to encompass policies and procedures for maintaining sufficient prefunded resources in the form of margin and Clearing Fund deposits, accepting collateral from participants that is low risk and high quality, monitoring the creditworthiness and operational reliability of all counterparties, including participants, custodians, settlement banks, liquidity providers, and linked financial market utilities (‘‘FMUs’’), and maintaining a waterfall of resources to be used in the Operational Risk The RMF would define operational risk as the risk of disruptions in OCC’s CCP services due to: (i) Deficiencies in internal controls, processes or information systems, (ii) human error or misconduct, or (iii) external events or intrusions. The definition of operational risk would also cover deficiencies related to information technology (‘‘IT’’), such as data security and IT systems reliability. To reflect the importance OCC assigns to managing IT risks, the RMF would also categorize IT risk as a separate Key Risk, discussed below. The RMF would also assert that OCC manages operational risks in number of ways, including that OCC: (i) Maintains an Enterprise Project Management Program that performs initial assessments of proposed projects and manages project execution, to ensure that proper oversight exists during the initiation, planning, execution and delivery of OCC corporate projects, (ii) maintains a Business Continuity Program to support continuance of critical services in the event of a catastrophic loss of infrastructure and/ or staff (including a Crisis Management Plan, which outlines OCC’s processes Board (or a committee thereof) at least quarterly. In addition, the RMF would require that OCC’s Board evaluate its Risk Tolerances at least annually, and more frequently if necessary as a result of changes to products, processes, market conventions or other changes to OCC’s material risks. Identification of Key Risks sradovich on DSK3GMQ082PROD with NOTICES The proposed RMF would identify risks that could affect OCC’s ability to perform services as expected, and the process for identifying such risks would take a broad view to include: (i) Direct financial and operational risks that may prevent the smooth functioning of CCP services, (ii) reputational risks that could undermine the perception of OCC as a sound pillar in the financial market and (iii) the risks OCC faces from third parties, such as custodians and settlement banks, that are critical to the design and operation of OCC’s infrastructure and risk management. Identifying Key Risks in this manner would facilitate OCC’s ability to comprehensively manage the legal, credit, liquidity, operational, general business, investment, custody and other risks that arise in or are borne by it. Based on this identification process, the RMF would define OCC’s Key Risks as described below. VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 PO 00000 Frm 00148 Fmt 4703 Sfmt 4703 for decision-making in crisis or emergency circumstances), (iii) maintains a comprehensive third-party risk management program which includes requirements for onboarding and ongoing monitoring of third parties on which OCC relies (such as vendors, settlement banks and FMUs with linkages to OCC) performed by various areas of the organization, including National Operations, Collateral Services, Credit Risk, and ERM, (iv) provides training and development through its Human Resources Department to ensure staff maintains and develops the necessary knowledge and skills to perform their jobs, and (v) conducts training on business ethics and OCC’s Code of Conduct. Operational Risk—Information Technology The RMF also would address operational risks specifically related to IT as a distinct Key Risk. Operational risk related to IT would be defined as the risk that inadequate levels of system functionality, confidentiality, integrity, availability, capacity or resiliency for systems that support core clearing, settlement or risk management services or critical business functions results in disruptions in OCC services. In addition to the ways described above that OCC manages operational risks generally, the RMF would also provide that OCC manages IT operational risks by maintaining a: (i) Quality Standards Program, which includes targets that set performance standards for systems operations, (ii) cybersecurity program, and (iii) program to maintain system functionality and capacity. Legal Risk The RMF would define legal risk as the risk that OCC’s by-laws, rules, policies and procedures do not provide for a well-founded, clear, transparent, and enforceable legal basis for each aspect of its activities in all relevant jurisdictions. The RMF would also provide that OCC manages legal risk by: (i) Maintaining rules, policies, and contracts that are consistent with applicable laws and regulations and (ii) maintaining legal agreements that establish counterparty obligations regarding the material aspects of its clearing, settlement and risk management services, including, but not limited to, settlement finality, vendor performance, exchange performance, options exercise and cross-margining obligations. General Business Risk The RMF would define general business risk as the risk of any potential E:\FR\FM\25OCN1.SGM 25OCN1 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices sradovich on DSK3GMQ082PROD with NOTICES impairment of OCC’s financial condition due to declines in its revenue or growth in its expenses arising from OCC’s administration and operation as a business enterprise (as opposed to a participant’s default), resulting in expenses that exceed revenues and losses that must be charged against OCC’s capital. The RMF would provide that OCC manages general business risk by: (i) Maintaining a target capital level of liquid net assets funded by equity equal to the greater of six-months’ operating expenses or the amount sufficient to ensure a recovery or orderly wind-down of OCC’s operations as set forth in OCC’s recovery and wind-down plan, and a plan that provides for capital replenishment in the event of nondefault losses in excess of target capital, (ii) maintaining a corporate planning program to manage new business activity, and (iii) actively managing the public perception of OCC. Risk Management Governance The RMF would describe the governance arrangements through which OCC implements its risk management philosophy. These governance arrangements would include the responsibilities of the Board, the Board’s committees and management in establishing and executing OCC’s risk management framework. These responsibilities are described in further detail below. The RMF would provide that OCC’s risk governance framework follows a hierarchical structure that begins with the Board, which has ultimate oversight responsibility for OCC’s risk management activities. The Board performs an oversight role to ensure that OCC is managed and operated in a manner consistent with OCC’s regulatory responsibilities as a SIFMU providing clearance and settlement services. The Board also is responsible for ensuring that OCC has governance arrangements that, among other things, prioritize the safety and efficiency of OCC through the proposed risk management framework. Moreover, under the RMF, the Board is responsible for overseeing OCC’s risk management policies, procedures and systems designed to identify, measure, monitor and manage risks consistent within the Risk Appetite Statements and Risk Tolerances approved by the Board. The RMF also provides that the Board is responsible for overseeing and approving OCC’s recovery and orderly wind-down plan (consistent with OCC’s Board of Directors Charter). To carry out these responsibilities, the RMF would indicate that the Board has VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 established Committees to assist in overseeing OCC’s Key Risks. These Committees are: (i) The Audit Committee, (ii) the Compensation and Performance Committee, (iii) the Governance and Nominating Committee, (iv) the Risk Committee, and (v) the Technology Committee. The responsibilities of these committees to manage OCC’s Key Risks are outlined in their respective committee charters.18 The RMF would also provide that OCC’s Management Committee is responsible for annually reviewing and approving the RMF—and the Risk Appetite Statements and Risk Tolerances established thereunder—and recommending further approval thereof to the Board. The Management Committee would also review reports related to metrics for assessing Risk Tolerances to determine whether OCC’s Key Risks are behaving within established tolerances and take or recommend action as needed to return Key Risks to their appropriate levels and escalate exceptions to Risk Tolerances and Risk Appetite Statements to relevant Board committees. The Management Committee would also be permitted to establish working groups to assist it in the management of Key Risks. Risk Management Practice The RMF would describe OCC’s program for enterprise-wide risk management. The internal structures for risk management described in the proposed RMF are intended to follow programs generally accepted in the financial services industry, including the ‘‘three lines of defense’’ model (i.e., front line employees, enterprise risk/ compliance functions and internal audit) and a program for internal controls that includes risk assessment and reporting. ‘‘Three Lines of Defense’’ To maintain a resilient risk management and internal control infrastructure, the RMF would formalize OCC’s ‘‘three lines of defense’’ model, which allows OCC to manage its control infrastructure with clarity of ownership and accountability. The first line of defense consists of OCC’s operational business units, including Financial Risk Management, National Operations, technology, legal, regulatory affairs and corporate functions such as human resources, finance, accounting and project management. The first line is responsible and accountable for 18 OCC’s Board and Board committee charters are available on OCC’s public Web site: https:// www.theocc.com/about/corporate-information/ what-is-occ.jsp. PO 00000 Frm 00149 Fmt 4703 Sfmt 4703 49459 designing, owning and managing risks by maintaining policies, procedures, processes and controls to manage relevant risks. The first line would also be responsible and accountable for internal controls and implementing corrective action to address control deficiencies. The first line is supported and monitored by the second line of defense, which consists of the ERM, Compliance, Security Services and Model Validation Group functions. The second line is an oversight function and is responsible for designing, implementing and maintaining an enterprise-wide risk management and compliance program and tools to assess and manage risk at the enterprise level. The second line would also work with the first line to assess risks and establish policies and guidelines, and advise, monitor and report on the first line’s effectiveness in managing risk and maintaining and operating a resilient control infrastructure. The second line reports to OCC’s Management Committee and Board (or committee thereof) on the first line of defense’s effectiveness in managing risk and compliance and an assessment of whether OCC’s services are being delivered within Risk Appetite Statements and Risk Tolerances. The third line of defense consists of OCC’s internal audit function. The third line reports to the Audit Committee of the Board and is accountable for designing, implementing and maintaining a comprehensive audit program that allows senior management and the Board to receive independent and objective assurance that the quality of OCC’s risk management and internal control infrastructure is consistent with OCC’s risk appetite and Risk Tolerances. The RMF also would require that OCC’s Internal Audit department maintains a diverse and skilled team of professionals with a variety of business, technology and audit skills, and perform all of its activities in compliance with the Institute of Internal Auditors’ standards found in the International Professional Practices Framework. The three lines of defense model is designed to provide for a robust governance structure that distinguishes among the three lines involved in the effective and comprehensive management of risk at OCC: The functions that own and manage risks, the functions that oversee and provide guidance on the management of risks, and the functions that provide independent and objective assurance of the robustness and appropriateness of risk management and internal controls. E:\FR\FM\25OCN1.SGM 25OCN1 sradovich on DSK3GMQ082PROD with NOTICES 49460 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices Risk Assessments In furtherance of the three lines of defense model, the RMF would provide for risk identification and assessment programs described below to identify, measure, and monitor current and emerging risks at OCC. Findings or recommendations that result from the assessments would be documented, monitored and escalated through the appropriate governance according to applicable OCC policies and procedures. One such assessment—the Enterprise Risk Assessment—would be conducted by OCC’s first line of defense in conjunction with ERM. The Enterprise Risk Assessment would analyze risks based on: (i) Inherent Risk,19 (ii) quality of risk management, and (iii) Residual Risk 20 to provide OCC information on the quantity of risk in a certain functional area or business area, and provide a mechanism to prioritize risk mitigation activities. ERM would use analysis of Residual Risk in conjunction with metrics related to Risk Tolerances to develop a risk profile and determine whether a Key Risk is within in appetite and provide OCC’s Management Committee and Board (or committee thereof) information on the quantity of risk in a certain functional area or business area, which would provide a mechanism to prioritize risk mitigation activities. Another such assessment—the Scenario Analysis Program—would be a method for identifying risks that may not be otherwise captured in OCC’s risk statements. ERM, in cooperation with the first line of defense, would design simulations of potential disruptions, and business unit staff would be able to identify risks that may not have been previously uncovered or identify weaknesses in current controls. ERM would include potential risks identified through the Scenario Analysis Program in its analysis of, and reporting on, the quantity of risk within a certain Key Risk and whether the Key Risk is within appetite. A third assessment—the IT Risk Assessment Program—would be conducted by OCC’s Security Services department prior to the procurement, development, installation, and operation of IT services and systems. This assessment would be triggered by certain events that may affect the nature 19 Under the Policy, ‘‘Inherent Risk’’ would be defined as the absolute level of risk exposure posed by a process or activity prior to the application of controls or other risk-mitigating factors. 20 Under the Policy, ‘‘Residual Risk’’ would be defined as t level of risk exposure posed by a process or activity after the application of controls or other risk-mitigating factors. VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 or level of IT risks OCC faces, such as evaluation or procurement of a new system or technology, changes in OCC business processes that affect current services and systems, and the emergence of new threats that subvert existing controls and that require a new technology mitigation. OCC would also conduct periodic assessments. A fourth assessment would be conducted by OCC’s compliance function to identify and measure regulatory compliance risks. The assessment would also provide OCC’s compliance function with a basis for prioritizing testing and training activities. Risk Reporting Under the RMF, ERM would be responsible for completing a review and reporting process that provides OCC’s Management Committee and Board (or committee thereof) with the information necessary to fulfill their obligations for risk management and oversight of risk management activities, respectively. This reporting would be designed to assist OCC’s Management Committee and Board (or committee thereof) in understanding the most significant risks faced by OCC from a process perspective and determining whether Risk Tolerances are being managed in accordance with Risk Appetite Statements. On a quarterly basis, ERM would provide a risk report with a summary analysis of risk appetite and risk profile that includes analysis of Residual Risks from the Enterprise Risk Assessment program, reporting on Risk Tolerances and recommendations for prioritization of risk mitigation activities. The reporting process would indicate procedures for escalation in the event of a breach of Risk Tolerance. Control Activities Under the RMF, the Compliance Department would be responsible for maintaining an inventory of all business processes and associated controls. OCC would also provide guides to assist staff in documenting their control activities in a consistent way and periodically conduct training on the importance of a strong risk and control environment. In addition, on at least an annual basis, the Compliance Department would be required to conduct training to assist OCC staff in understanding their respective responsibilities in implementing OCC’s risk and control environment. PO 00000 (2) Statutory Basis Section 17A(b)(3)(F) of the Act 21 requires, in part, that the rules of a clearing agency be designed to promote the prompt and accurate clearance and settlement of securities transactions, to assure the safeguarding of securities and funds in the custody or control of the clearing agency or for which it is responsible, and in general, to protect investors and the public interest. As described above, the RMF is designed to formalize, clarify, and streamline OCC’s overall framework for comprehensively managing risks. Specifically, the RMF would describe OCCs overall framework for comprehensive risk management, including OCC’s framework to identify, measure, monitor and manage all risks faced by OCC in the provision of clearing, settlement and risk management services. In particular, the RMF would establish the context for OCC’s risk management framework, outline OCC’s risk management philosophy, describe OCC’s Risk Appetite Framework and use of Risk Tolerances, describe the governance arrangements that implement risk management, outline OCC’s identification of Key Risks and describe OCC’s program for enterprise-wide risk management, including the three lines of defense structure and OCC’s approach to risk monitoring, assessment and reporting. The proposed rule change would formalize the risk management framework OCC currently employs in a single document and would therefore serve as a guide for readers to understand OCC’s comprehensive framework for managing risk and its universe of risk management policies. Moreover, by describing some of the ways that OCC manages its risks, the RMF would serve as a basis for the processes, policies, procedures and other documents that OCC may develop and maintain to facilitate those risk management activities. As a result, OCC believes the proposed rule change is designed to promote the prompt and accurate clearance and settlement of securities transactions, assure the safeguarding of securities and funds in the custody or control of the clearing agency or for which it is responsible, and in general, to protect investors and the public interest in accordance with Section 17A(b)(3)(F) of the Act.22 Rule 17Ad–22(e)(3) 23 requires, in part, that a covered clearing agency ‘‘establish, implement, maintain and enforce written policies and procedures 21 15 23 17 Frm 00150 Fmt 4703 Sfmt 4703 U.S.C. 78q–1(b)(3)(F). 22 Id. E:\FR\FM\25OCN1.SGM CFR 240.17Ad–22(e)(3). 25OCN1 sradovich on DSK3GMQ082PROD with NOTICES Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices reasonably designed to . . . [m]aintain a sound risk management framework for comprehensively managing legal, credit, liquidity, operational, general business, investment, custody, and other risks that arise in or are borne by the covered clearing agency, which . . . [i]ncludes risk management policies, procedures, and systems designed to identify, measure, monitor, and manage the range of risks that arise in or are borne by the covered clearing agency, that are subject to review on a specified periodic basis and approved by the board of directors annually . . .’’ OCC believes that the proposed rule change is also consistent with Rule 17Ad–22(e)(3) 24 because the RMF describes OCC’s comprehensive framework for identifying, measuring, monitoring and managing the risks that arise within OCC or are borne by it, including legal, credit, liquidity, operational, general business, investment and custody risk. For example, the RMF describes OCC’s framework for identifying its Key Risks and the relevant policies that OCC maintains to address those risks. Moreover, the RMF would establish a foundation of OCC’s risk management practice by describing OCC’s enterprisewide risk management framework. This framework incorporates established principles employed across the financial services industry, such as the ‘‘three lines of defense’’ model for enterprisewide risk management, to ensure that OCC maintains and operates a resilient, effective and reliable risk management and internal control infrastructure that assures risk management and processing outcomes expected by OCC stakeholders. This framework also describes how OCC’s second line of defense monitors the risks that arise in or are borne by OCC through a variety of risk assessment, risk reporting and internal control management activities, consistent with the requirements of Rule 17Ad–22(e)(3).25 The RMF also describes OCC’s RAF and use of Risk Appetite Statements and Risk Tolerances to ensure that OCC sets appropriate levels and types of Key Risks that OCC is willing and able to assume in accordance with OCC’s mission as a SIFMU. For example, the use of Risk Appetite Statements ensures that OCC can carefully calibrate the levels of risk it accepts for each Key Risk in a manner consistent with OCC’s core mission of promoting financial stability in the markets it serves. In addition, the use of Risk Tolerances helps to ensure that OCC sets acceptable levels of risk within specified sub- categories of Key Risks, and which may also be used to set thresholds for acceptable variability in risk levels and to provide clear and transparent escalation triggers when the thresholds are breached. As a result, OCC believes the RMF is reasonably designed to provide for a sound, comprehensive framework for identifying, measuring, monitoring and managing the range of risks that arise in or are borne by OCC in a manner consistent with Rule 17Ad– 22(e)(3).26 The proposed rule change is not inconsistent with the existing rules of OCC, including any other rules proposed to be amended. (B) Clearing Agency’s Statement on Burden on Competition Section 17A(b)(3)(I) of the Act 27 requires that the rules of a clearing agency not impose any burden on competition not necessary or appropriate in furtherance of the purposes of the Act. OCC does not believe that the proposed rule change would impact or impose any burden on competition. The proposed rule change would formalize the framework OCC uses internally to identify, monitor and manage its risks in a more transparent and understandable way. While the proposed rule change would update OCC’s internal risk management framework document, this update does not affect Clearing Members’ access to OCC’s services or impose any direct burdens on Clearing Members. Accordingly, the proposed rule change would not unfairly inhibit access to OCC’s services or disadvantage or favor any particular user in relationship to another user. (C) Clearing Agency’s Statement on Comments on the Proposed Rule Change Received From Members, Participants or Others Written comments on the proposed rule change were not and are not intended to be solicited with respect to the proposed rule change and none have been received. III. Date of Effectiveness of the Proposed Rule Change and Timing for Commission Action Within 45 days of the date of publication of this notice in the Federal Register or within such longer period up to 90 days (i) as the Commission may designate if it finds such longer period to be appropriate and publishes its reasons for so finding or (ii) as to which 24 Id. 26 Id. 25 Id. 27 15 VerDate Sep<11>2014 22:06 Oct 24, 2017 Jkt 244001 PO 00000 U.S.C. 78q–1(b)(3)(I). Frm 00151 Fmt 4703 Sfmt 4703 49461 the self- regulatory organization consents, the Commission will: (A) By order approve or disapprove the proposed rule change, or (B) institute proceedings to determine whether the proposed rule change should be disapproved. IV. Solicitation of Comments Interested persons are invited to submit written data, views and arguments concerning the foregoing, including whether the proposed rule change is consistent with the Act. Comments may be submitted by any of the following methods: Electronic Comments • Use the Commission’s Internet comment form (http://www.sec.gov/ rules/sro.shtml); or • Send an email to rule-comments@ sec.gov. Please include File Number SR– OCC–2017–005 on the subject line. Paper Comments • Send paper comments in triplicate to Secretary, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549–1090. All submissions should refer to File Number SR–OCC–2017–005. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s Internet Web site (http://www.sec.gov/ rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for Web site viewing and printing in the Commission’s Public Reference Room, 100 F Street NE., Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of such filing also will be available for inspection and copying at the principal office of OCC and on OCC’s Web site at http://www.theocc.com/components/ docs/legal/rules_and_bylaws/sr_occ_17_ 005.pdf. All comments received will be posted without change; the Commission does not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File E:\FR\FM\25OCN1.SGM 25OCN1 49462 Federal Register / Vol. 82, No. 205 / Wednesday, October 25, 2017 / Notices Number SR–OCC–2017–005 and should be submitted on or before November 15, 2017. For the Commission, by the Division of Trading and Markets, pursuant to delegated Authority.28 Eduardo A. Aleman, Assistant Secretary. [FR Doc. 2017–23121 Filed 10–24–17; 8:45 am] (Catalog of Federal Domestic Assistance Number 59008) James E. Rivera, Associate Administrator for Disaster Assistance. [FR Doc. 2017–23181 Filed 10–24–17; 8:45 am] BILLING CODE 8025–01–P SMALL BUSINESS ADMINISTRATION BILLING CODE 8011–01–P [Disaster Declaration #15274 and #15275; Texas Disaster Number TX–00487] SMALL BUSINESS ADMINISTRATION [Disaster Declaration #15338 and #15339; Georgia Disaster Number GA–00101] Presidential Declaration Amendment of a Major Disaster for the State of Texas U.S. Small Business Administration. ACTION: Amendment 7. AGENCY: Presidential Declaration Amendment of a Major Disaster for Public Assistance Only for the State of Georgia This is an amendment of the Presidential declaration of a major disaster for Public Assistance Only for the State of Georgia (FEMA–4338–DR), dated 09/28/2017. Incident: Hurricane Irma. Incident Period: 09/07/2017 through 09/20/2017. DATES: Issued on 10/18/2017. Physical Loan Application Deadline Date: 11/27/2017. Economic Injury (EIDL) Loan Application Deadline Date: 06/28/2018. ADDRESSES: Submit completed loan applications to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX 76155. FOR FURTHER INFORMATION CONTACT: Alan Escobar, Office of Disaster Assistance, U.S. Small Business Administration, 409 3rd Street SW., Suite 6050, Washington, DC 20416, (202) 205–6734. SUPPLEMENTARY INFORMATION: The notice of the President’s major disaster declaration for Private Non-Profit organizations in the State of Georgia, dated 09/28/2017, is hereby amended to include the following areas as adversely affected by the disaster. Primary Counties: Bibb, Chattahoochee, Clarke, Clinch, Decatur, Dodge, Dooly, Glascock, Grady, Gwinnett, Heard, Henry, Jefferson, Lanier, Lee, McDuffie, Mitchell, Pulaski, Stewart, Sumter, Terrell, Thomas, Towns, Twiggs, Union, Upson, Webster, White, Wilkinson All other information in the original declaration remains unchanged. sradovich on DSK3GMQ082PROD with NOTICES SUMMARY: 28 17 22:06 Oct 24, 2017 (Catalog of Federal Domestic Assistance Number 59008) James E. Rivera, Associate Administrator for Disaster Assistance. [FR Doc. 2017–23183 Filed 10–24–17; 8:45 am] BILLING CODE 8025–01–P SOCIAL SECURITY ADMINISTRATION [Docket No. SSA–2015–0055] Social Security Ruling 16–3p Titles II And XVI: Evaluation Of Symptoms In Disability Claims AGENCY: CFR 200.30–3(a)(12). VerDate Sep<11>2014 This is an amendment of the Presidential declaration of a major disaster for the State of Texas (FEMA– 4332–DR), dated 08/25/2017. Incident: Hurricane Harvey. Incident Period: 08/23/2017 through 09/15/2017. DATES: Issued on 10/19/2017. Physical Loan Application Deadline Date: 11/24/2017. Economic Injury (EIDL) Loan Application Deadline Date: 05/25/2018. ADDRESSES: Submit completed loan applications to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX 76155. FOR FURTHER INFORMATION CONTACT: A. Escobar, Office of Disaster Assistance, U.S. Small Business Administration, 409 3rd Street SW., Suite 6050, Washington, DC 20416, (202) 205–6734. SUPPLEMENTARY INFORMATION: The notice of the President’s major disaster declaration for the State of Texas, dated 08/25/2017, is hereby amended to extend the deadline for filing applications for physical damages as a result of this disaster to 11/24/2017. All other information in the original declaration remains unchanged. SUMMARY: U.S. Small Business Administration. ACTION: Amendment 2. AGENCY: Jkt 244001 PO 00000 Social Security Administration. Frm 00152 Fmt 4703 Sfmt 4703 ACTION: Notice of Social Security Ruling (SSR). We are republishing SSR 16– 3p, a ruling that rescinded and superseded SSR 96–7p, with a revision detailing how we apply the SSR as it relates to the applicable date. We changed our terminology from ‘‘effective date’’ to ‘‘applicable date’’ based on guidance from the Office of the Federal Register. We also updated citations to reflect the revised regulations that became effective on March 27, 2017. This Ruling is otherwise unchanged, and provides guidance about how we evaluate statements regarding the intensity, persistence, and limiting effects of symptoms in disability claims under Titles II and XVI of the Social Security Act (Act) and blindness claims under Title XVI of the Act. FOR FURTHER INFORMATION CONTACT: Elaine Tocco, Office of Disability Policy, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235–6401, (410) 966–6356. For information on eligibility or filing for benefits, call our national toll-free number, 1–800–772–1213 or TTY 1– 800–325–0778, or visit our internet site, Social Security Online, at http:// www.socialsecurity.gov. SUMMARY: Although 5 U.S.C. 552(a)(1) and (a)(2) do not require us to publish this SSR, we are doing so in accordance with 20 CFR 402.35(b)(1). Through SSRs, we convey to the public SSA precedential decisions relating to the Federal old age, survivors, disability, supplemental security income, and special veterans benefits programs. We may base SSRs on determinations or decisions made at all levels of administrative adjudication, Federal court decisions, Commissioner’s decisions, opinions of the Office of the General Counsel, or other interpretations of the law and regulations. Although SSRs do not have the same force and effect as statutes or regulations, they are binding on all components of the Social Security Administration. 20 CFR 402.35(b)(1). This SSR will remain in effect until we publish a notice in the Federal Register that rescinds it, or we publish a new SSR that replaces or modifies it. This SSR, republished in its entirety, includes a revision to clarify that our adjudicators will apply SSR 16–3p when we make determinations and decisions on or after March 28, 2016. When a Federal court reviews our final decision in a claim, we also explain that we expect the court to review the final SUPPLEMENTARY INFORMATION: E:\FR\FM\25OCN1.SGM 25OCN1

Agencies

[Federal Register Volume 82, Number 205 (Wednesday, October 25, 2017)]
[Notices]
[Pages 49456-49462]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-23121]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-81909; File No. SR-OCC-2017-005]


Self-Regulatory Organizations; The Options Clearing Corporation; 
Notice of Filing of Proposed Rule Change Related to a Comprehensive 
Risk Management Framework

October 19, 2017.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 
(``Act''),\1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that 
on October 10, 2017, The Options Clearing Corporation (``OCC'') filed 
with the Securities and Exchange Commission (``Commission'') the 
proposed rule change as described in Items I, II, and III below, which 
Items have been prepared by OCC. The Commission is publishing this 
notice to solicit comments on the proposed rule change from interested 
persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------

I. Clearing Agency's Statement of the Terms of Substance of the 
Proposed Rule Change

    This purpose of the proposed rule change is to adopt a 
comprehensive Risk Management Framework Policy, which would describe 
OCC's framework for comprehensive risk management, including OCC's 
framework to identify, measure, monitor, and manage all risks faced by 
OCC in the provision of clearing, settlement and risk management 
services. The Risk Management Framework Policy is included in 
confidential Exhibit 5 of the filing. The proposed rule change does not 
require any changes to the text of OCC's By-Laws or Rules. All terms 
with initial capitalization that are not otherwise defined herein have 
the same meaning as set forth in the OCC By-Laws and Rules.\3\
---------------------------------------------------------------------------

    \3\ OCC's By-Laws and Rules can be found on OCC's public Web 
site: http://optionsclearing.com/about/publications/bylaws.jsp.
---------------------------------------------------------------------------

II. Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

    In its filing with the Commission, OCC included statements 
concerning the purpose of and basis for the proposed rule change and 
discussed any comments it received on the proposed rule change. The 
text of these statements may be examined at the places specified in 
Item IV below. OCC has prepared summaries, set forth in sections (A), 
(B), and (C) below, of the most significant aspects of these 
statements.

(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

(1) Purpose
Background
    On September 28, 2016, the Commission adopted amendments to Rule 
17Ad-22 \4\ and added new Rule 17Ab2-2 \5\ pursuant to Section 17A of 
the Securities Exchange Act of 1934 (``Exchange Act'') \6\ and the 
Payment, Clearing and Settlement Supervision Act of 2010 (``Clearing 
Supervision Act'') \7\ to establish enhanced standards for the 
operation and governance of those clearing agencies registered with the 
Commission that meet the definition of a ``covered clearing agency,'' 
as defined by Rule 17Ad-22(a)(5) \8\ (collectively, the new and amended 
rules are herein referred to as ``CCA'' rules). The CCA rules require 
that covered clearing agencies, among other things:
---------------------------------------------------------------------------

    \4\ 17 CFR 240.17Ad-22.
    \5\ 17 CFR 240.17Ab2-2.
    \6\ 15 U.S.C. 78q-1.
    \7\ 12 U.S.C. 5461 et seq.
    \8\ 17 CFR 240.17Ad-22(a)(5).

    ``[E]stablish, implement, maintain and enforce written policies 
and procedures reasonably designed to . . . [m]aintain a sound risk 
management framework for comprehensively managing legal, credit, 
liquidity, operational, general business, investment, custody, and 
other risks that arise in or are borne by the covered clearing 
agency, which . . . [i]ncludes risk management policies, procedures, 
and systems designed to identify, measure, monitor, and manage the 
range of risks that arise in or are borne by the covered clearing 
agency, that are subject to review on a specified periodic basis and 
approved by the board of directors annually . . .'' \9\
---------------------------------------------------------------------------

    \9\ 17 CFR 240.17Ad-22(e)(3).

    OCC is defined as a covered clearing agency under the CCA rules, 
and therefore is subject to the requirements of the CCA rules, 
including Rule 17Ad-22(e)(3).\10\ Accordingly, OCC proposes to adopt a 
Risk Management Framework Policy (``RMF''), as described below, to 
formalize and update its overall framework for comprehensively managing 
the Key Risks \11\ that arise in or are borne by OCC to promote 
compliance with Rule 17Ad-22(e)(3).\12\
---------------------------------------------------------------------------

    \10\ Id.
    \11\ Under the proposed RMF, ``Key Risks'' would be defined as 
risks that are related to the foundational aspects of CCP clearing, 
settlement and risk management services.
    \12\ 17 CFR 240.17Ad-22(e)(3).
---------------------------------------------------------------------------

Proposed Policy
    OCC proposes to adopt a new RMF document. The purpose of the RMF is 
to describe OCC's framework for

[[Page 49457]]

comprehensive risk management, including OCC's framework to identify, 
measure, monitor, and manage all risks faced by OCC in the provision of 
clearing, settlement and risk management services. Specifically, the 
RMF would establish the context for OCC's risk management framework, 
outline OCC's risk management philosophy, describe OCC's Risk Appetite 
Framework and use of Risk Tolerances,\13\ describe the governance 
arrangements that implement risk management, outline OCC's 
identification of Key Risks, and describe OCC's program for enterprise-
wide risk management, including the three lines of defense structure 
(discussed below), and describe OCC's approach to risk monitoring, 
assessment and reporting. As a single risk management framework 
addressing risks across all facets of OCC's business, the RMF would 
foster OCC's compliance with the requirements of the CCA rules, and in 
particular the requirement of Rule 17Ad-22(e)(3) \14\ that it maintain 
a sound framework for comprehensively managing risks.
---------------------------------------------------------------------------

    \13\ Under the proposed RMF, ``Risk Tolerances'' would be 
defined as the application of risk appetite to a specific sub-
category or aspect of a Key Risk, typically in quantitative form, 
used to set an acceptable levels of risk.
    \14\ 17 CFR 240.17Ad-22(e)(3).
---------------------------------------------------------------------------

Context of OCC's Risk Management Framework
    The RMF would begin by establishing the context for OCC's risk 
management framework. Specifically, OCC is a Systemically Important 
Financial Market Utility (``SIFMU'') \15\ that serves a critical role 
in financial markets as the sole central counterparty (``CCP'') that 
provides clearance and settlement services for U.S. listed options and 
guarantees the obligations associated with the contracts that it 
clears. As a SIFMU, OCC recognizes its role in promoting financial 
stability for market participants, investors and the economy and that 
it must therefore maintain a sound risk management framework for 
comprehensively managing the risks that it presents.
---------------------------------------------------------------------------

    \15\ The Financial Stability Oversight Council designated OCC a 
SIFMU on July 18, 2012 pursuant to the Clearing Supervision Act. See 
12 U.S.C. 5463.
---------------------------------------------------------------------------

OCC's Risk Management Philosophy
    The proposed RMF would describe OCC's risk management philosophy. 
As a SIFMU, OCC must be mindful of the public interest and its 
obligation to promote financial stability, reduce the potential for 
systemic contagion and support the smooth functioning of the U.S. 
financial markets. Furthermore, as a CCP, OCC concentrates financial 
risks for the markets it serves by acting as the CCP for all of the 
transactions that it clears. As a result of this concentration, OCC's 
primary objective is to ensure that it properly manages the financial 
risks associated with functioning as a CCP, which primarily relate to 
potential clearing member default scenarios.
    As a CCP, OCC's daily operations, among other things, involve 
managing financial, operational and business risks. In managing these 
risks, OCC's daily operations--which are guided by policies, procedures 
and controls--are designed to ensure that financial exposures and 
service disruptions are within acceptable limits set by OCC as part of 
its Risk Appetite Framework (``RAF'') as described below.
Risk Appetite Framework
    The proposed RMF would describe OCC's RAF and use of Risk 
Tolerances. The purpose of the RAF is to establish OCC's overall 
approach to managing risks at the enterprise level in an effective and 
integrated fashion. The RAF establishes the level and types of Key 
Risks, described in further detail below, that OCC is willing and able 
to assume in accordance with OCC's mission as a SIFMU. Under the RAF, 
Risk Appetite Statements \16\ would be used to express OCC's judgment, 
for each of OCC's Key Risks, regarding the level of risk that OCC is 
willing to accept related to the provision of CCP services. These 
statements would be qualitative indications of appetite that set the 
tone for OCC's approach to risk taking, and are indicative of the level 
of resources or effort OCC puts forth to prevent or mitigate the impact 
of a Key Risk.
---------------------------------------------------------------------------

    \16\ Under the proposed RMF, ``Risk Appetite Statement'' would 
be defined as a statement that expresses OCC's judgment, for each of 
OCC's Key Risks, regarding the level of risk OCC is willing to 
accept related to the provision of CCP services.
---------------------------------------------------------------------------

    Under the RMF, Risk Appetite Statements would be set annually by 
each department associated with a Key Risk in cooperation with OCC's 
Enterprise Risk Management department (``ERM'') according to applicable 
procedures. OCC's risk appetite levels would be classified into four 
categories:
    1. No appetite: OCC is unwilling to deliberately accept any level 
of risk.
    2. Low appetite: OCC devotes significant resources to managing risk 
but may choose to accept certain risks that do not materially affect 
core clearing and settlement because the level of resources that OCC 
would be required to put forth to mitigate the risks would be 
impractical.
    3. Moderate appetite: OCC is willing to engage in certain 
activities that pose risks because those activities may bring longer-
term efficiencies or result in business opportunities even though the 
activities or new businesses may pose new risks to OCC.
    4. High appetite: OCC is willing to implement a new high-risk 
process or business opportunity; however, it is unlikely OCC would 
apply this level of appetite to a Key Risk absent a compelling, urgent 
business need.
    Under the RMF, OCC's Board would have ultimate responsibility for 
reviewing and approving the Risk Appetite Statements in connection with 
each Key Risk on an annual basis upon recommendation of OCC's 
Management Committee.
    The Risk Appetite Statements allow OCC to carefully calibrate the 
levels of risk it accepts for each of its Key Risks to be consistent 
with OCC's core mission of promoting financial stability in the markets 
it serves. Accordingly, the RAF helps to ensure that OCC has an 
effective and comprehensive framework for managing its Key Risks (e.g., 
legal, credit, liquidity, operational, general business, investment, 
custody and other risks that arise in or are borne by OCC).\17\
---------------------------------------------------------------------------

    \17\ OCC's Key Risks are described below in the discussion 
covering OCC's identification of its material risks.
---------------------------------------------------------------------------

    In addition to Risk Appetite Statements, the RMF would require that 
OCC assign Risk Tolerances to the Key Risks contained within the RMF as 
approved by OCC's Board. While the Risk Appetite Statements would be 
more high-level and principles-based, Risk Tolerances would 
comparatively be more granular and represent the application of OCC's 
risk appetite to specific sub-categories or aspects of Key Risks. The 
purpose of the proposed Risk Tolerances is to ensure that OCC sets 
acceptable levels of risk within those specified sub-categories of Key 
Risks. Risk Tolerances would be stated in either quantitative or 
qualitative terms, depending on the nature of the risk and OCC's 
ability to measure it.
    Under the RMF, each department would be required to establish Risk 
Tolerances at least annually for sub-categories of Key Risks that are 
within their relevant domains of responsibility and would be 
responsible for managing applicable risks within established tolerance 
levels. ERM staff would monitor Risk Tolerances through quantitative 
metrics, where applicable, and compile such monitoring in a report that 
the Chief Risk Officer shall present to OCC's Management Committee and

[[Page 49458]]

Board (or a committee thereof) at least quarterly. In addition, the RMF 
would require that OCC's Board evaluate its Risk Tolerances at least 
annually, and more frequently if necessary as a result of changes to 
products, processes, market conventions or other changes to OCC's 
material risks.
Identification of Key Risks
    The proposed RMF would identify risks that could affect OCC's 
ability to perform services as expected, and the process for 
identifying such risks would take a broad view to include: (i) Direct 
financial and operational risks that may prevent the smooth functioning 
of CCP services, (ii) reputational risks that could undermine the 
perception of OCC as a sound pillar in the financial market and (iii) 
the risks OCC faces from third parties, such as custodians and 
settlement banks, that are critical to the design and operation of 
OCC's infrastructure and risk management. Identifying Key Risks in this 
manner would facilitate OCC's ability to comprehensively manage the 
legal, credit, liquidity, operational, general business, investment, 
custody and other risks that arise in or are borne by it. Based on this 
identification process, the RMF would define OCC's Key Risks as 
described below.
Financial Risk
    The RMF would indicate that financial risk encompasses many aspects 
of risk at OCC, including the risks that a Clearing Member will be 
unable to meet its obligations when due or that OCC will not maintain 
sufficient financial resources to cover exposures (i.e., credit risk), 
the risk that OCC will not maintain sufficient liquid resources to meet 
its same day and, where appropriate, intraday and multiday settlement 
of payment obligations (i.e., liquidity risk), the risk that OCC will 
incur losses on overnight investments (i.e., investment risk), and the 
risk that financial models are inaccurate (i.e., model risk).
    The proposed RMF would require OCC's credit risk management 
framework to encompass policies and procedures for maintaining 
sufficient prefunded resources in the form of margin and Clearing Fund 
deposits, accepting collateral from participants that is low risk and 
high quality, monitoring the creditworthiness and operational 
reliability of all counterparties, including participants, custodians, 
settlement banks, liquidity providers, and linked financial market 
utilities (``FMUs''), and maintaining a waterfall of resources to be 
used in the event of participant default and a process for replenishing 
resources.
    In addition, the RMF would require OCC's liquidity risk framework 
to encompass sizing liquidity resources to cover liquidity needs in the 
event of the default of the largest Clearing Member Group, forecasting 
daily settlements needs under normal market conditions, maintaining 
liquid resources in the form of cash and committed facilities, 
maintaining a contingency funding plan and periodically reviewing the 
size of liquidity resources, maintaining liquidity resources at 
creditworthy custodians and monitoring the financial and operational 
performance of financial institutions and committed liquidity 
facilities, and investing liquidity resources in safe overnight 
investments or at a Federal Reserve Bank.
    Moreover, the RMF would require OCC to address investment risks by 
maintaining an account at a Federal Reserve Bank, which bears no 
investment risk, and investing funds not held at the Federal Reserve 
Bank in high quality liquid assets. The RMF would also require OCC to 
manage model risk through a model development program, independent 
model validation and strong governance arrangements for the approval of 
new models or models with material changes in accordance with relevant 
policies.
Operational Risk
    The RMF would define operational risk as the risk of disruptions in 
OCC's CCP services due to: (i) Deficiencies in internal controls, 
processes or information systems, (ii) human error or misconduct, or 
(iii) external events or intrusions. The definition of operational risk 
would also cover deficiencies related to information technology 
(``IT''), such as data security and IT systems reliability. To reflect 
the importance OCC assigns to managing IT risks, the RMF would also 
categorize IT risk as a separate Key Risk, discussed below.
    The RMF would also assert that OCC manages operational risks in 
number of ways, including that OCC: (i) Maintains an Enterprise Project 
Management Program that performs initial assessments of proposed 
projects and manages project execution, to ensure that proper oversight 
exists during the initiation, planning, execution and delivery of OCC 
corporate projects, (ii) maintains a Business Continuity Program to 
support continuance of critical services in the event of a catastrophic 
loss of infrastructure and/or staff (including a Crisis Management 
Plan, which outlines OCC's processes for decision-making in crisis or 
emergency circumstances), (iii) maintains a comprehensive third-party 
risk management program which includes requirements for onboarding and 
ongoing monitoring of third parties on which OCC relies (such as 
vendors, settlement banks and FMUs with linkages to OCC) performed by 
various areas of the organization, including National Operations, 
Collateral Services, Credit Risk, and ERM, (iv) provides training and 
development through its Human Resources Department to ensure staff 
maintains and develops the necessary knowledge and skills to perform 
their jobs, and (v) conducts training on business ethics and OCC's Code 
of Conduct.
Operational Risk--Information Technology
    The RMF also would address operational risks specifically related 
to IT as a distinct Key Risk. Operational risk related to IT would be 
defined as the risk that inadequate levels of system functionality, 
confidentiality, integrity, availability, capacity or resiliency for 
systems that support core clearing, settlement or risk management 
services or critical business functions results in disruptions in OCC 
services. In addition to the ways described above that OCC manages 
operational risks generally, the RMF would also provide that OCC 
manages IT operational risks by maintaining a: (i) Quality Standards 
Program, which includes targets that set performance standards for 
systems operations, (ii) cybersecurity program, and (iii) program to 
maintain system functionality and capacity.
Legal Risk
    The RMF would define legal risk as the risk that OCC's by-laws, 
rules, policies and procedures do not provide for a well-founded, 
clear, transparent, and enforceable legal basis for each aspect of its 
activities in all relevant jurisdictions. The RMF would also provide 
that OCC manages legal risk by: (i) Maintaining rules, policies, and 
contracts that are consistent with applicable laws and regulations and 
(ii) maintaining legal agreements that establish counterparty 
obligations regarding the material aspects of its clearing, settlement 
and risk management services, including, but not limited to, settlement 
finality, vendor performance, exchange performance, options exercise 
and cross-margining obligations.
General Business Risk
    The RMF would define general business risk as the risk of any 
potential

[[Page 49459]]

impairment of OCC's financial condition due to declines in its revenue 
or growth in its expenses arising from OCC's administration and 
operation as a business enterprise (as opposed to a participant's 
default), resulting in expenses that exceed revenues and losses that 
must be charged against OCC's capital.
    The RMF would provide that OCC manages general business risk by: 
(i) Maintaining a target capital level of liquid net assets funded by 
equity equal to the greater of six-months' operating expenses or the 
amount sufficient to ensure a recovery or orderly wind-down of OCC's 
operations as set forth in OCC's recovery and wind-down plan, and a 
plan that provides for capital replenishment in the event of non-
default losses in excess of target capital, (ii) maintaining a 
corporate planning program to manage new business activity, and (iii) 
actively managing the public perception of OCC.
Risk Management Governance
    The RMF would describe the governance arrangements through which 
OCC implements its risk management philosophy. These governance 
arrangements would include the responsibilities of the Board, the 
Board's committees and management in establishing and executing OCC's 
risk management framework. These responsibilities are described in 
further detail below.
    The RMF would provide that OCC's risk governance framework follows 
a hierarchical structure that begins with the Board, which has ultimate 
oversight responsibility for OCC's risk management activities. The 
Board performs an oversight role to ensure that OCC is managed and 
operated in a manner consistent with OCC's regulatory responsibilities 
as a SIFMU providing clearance and settlement services. The Board also 
is responsible for ensuring that OCC has governance arrangements that, 
among other things, prioritize the safety and efficiency of OCC through 
the proposed risk management framework. Moreover, under the RMF, the 
Board is responsible for overseeing OCC's risk management policies, 
procedures and systems designed to identify, measure, monitor and 
manage risks consistent within the Risk Appetite Statements and Risk 
Tolerances approved by the Board. The RMF also provides that the Board 
is responsible for overseeing and approving OCC's recovery and orderly 
wind-down plan (consistent with OCC's Board of Directors Charter).
    To carry out these responsibilities, the RMF would indicate that 
the Board has established Committees to assist in overseeing OCC's Key 
Risks. These Committees are: (i) The Audit Committee, (ii) the 
Compensation and Performance Committee, (iii) the Governance and 
Nominating Committee, (iv) the Risk Committee, and (v) the Technology 
Committee. The responsibilities of these committees to manage OCC's Key 
Risks are outlined in their respective committee charters.\18\
---------------------------------------------------------------------------

    \18\ OCC's Board and Board committee charters are available on 
OCC's public Web site: https://www.theocc.com/about/corporate-information/what-is-occ.jsp.
---------------------------------------------------------------------------

    The RMF would also provide that OCC's Management Committee is 
responsible for annually reviewing and approving the RMF--and the Risk 
Appetite Statements and Risk Tolerances established thereunder--and 
recommending further approval thereof to the Board. The Management 
Committee would also review reports related to metrics for assessing 
Risk Tolerances to determine whether OCC's Key Risks are behaving 
within established tolerances and take or recommend action as needed to 
return Key Risks to their appropriate levels and escalate exceptions to 
Risk Tolerances and Risk Appetite Statements to relevant Board 
committees. The Management Committee would also be permitted to 
establish working groups to assist it in the management of Key Risks.
Risk Management Practice
    The RMF would describe OCC's program for enterprise-wide risk 
management. The internal structures for risk management described in 
the proposed RMF are intended to follow programs generally accepted in 
the financial services industry, including the ``three lines of 
defense'' model (i.e., front line employees, enterprise risk/compliance 
functions and internal audit) and a program for internal controls that 
includes risk assessment and reporting.
``Three Lines of Defense''
    To maintain a resilient risk management and internal control 
infrastructure, the RMF would formalize OCC's ``three lines of 
defense'' model, which allows OCC to manage its control infrastructure 
with clarity of ownership and accountability. The first line of defense 
consists of OCC's operational business units, including Financial Risk 
Management, National Operations, technology, legal, regulatory affairs 
and corporate functions such as human resources, finance, accounting 
and project management. The first line is responsible and accountable 
for designing, owning and managing risks by maintaining policies, 
procedures, processes and controls to manage relevant risks. The first 
line would also be responsible and accountable for internal controls 
and implementing corrective action to address control deficiencies.
    The first line is supported and monitored by the second line of 
defense, which consists of the ERM, Compliance, Security Services and 
Model Validation Group functions. The second line is an oversight 
function and is responsible for designing, implementing and maintaining 
an enterprise-wide risk management and compliance program and tools to 
assess and manage risk at the enterprise level. The second line would 
also work with the first line to assess risks and establish policies 
and guidelines, and advise, monitor and report on the first line's 
effectiveness in managing risk and maintaining and operating a 
resilient control infrastructure. The second line reports to OCC's 
Management Committee and Board (or committee thereof) on the first line 
of defense's effectiveness in managing risk and compliance and an 
assessment of whether OCC's services are being delivered within Risk 
Appetite Statements and Risk Tolerances.
    The third line of defense consists of OCC's internal audit 
function. The third line reports to the Audit Committee of the Board 
and is accountable for designing, implementing and maintaining a 
comprehensive audit program that allows senior management and the Board 
to receive independent and objective assurance that the quality of 
OCC's risk management and internal control infrastructure is consistent 
with OCC's risk appetite and Risk Tolerances. The RMF also would 
require that OCC's Internal Audit department maintains a diverse and 
skilled team of professionals with a variety of business, technology 
and audit skills, and perform all of its activities in compliance with 
the Institute of Internal Auditors' standards found in the 
International Professional Practices Framework.
    The three lines of defense model is designed to provide for a 
robust governance structure that distinguishes among the three lines 
involved in the effective and comprehensive management of risk at OCC: 
The functions that own and manage risks, the functions that oversee and 
provide guidance on the management of risks, and the functions that 
provide independent and objective assurance of the robustness and 
appropriateness of risk management and internal controls.

[[Page 49460]]

Risk Assessments
    In furtherance of the three lines of defense model, the RMF would 
provide for risk identification and assessment programs described below 
to identify, measure, and monitor current and emerging risks at OCC. 
Findings or recommendations that result from the assessments would be 
documented, monitored and escalated through the appropriate governance 
according to applicable OCC policies and procedures.
    One such assessment--the Enterprise Risk Assessment--would be 
conducted by OCC's first line of defense in conjunction with ERM. The 
Enterprise Risk Assessment would analyze risks based on: (i) Inherent 
Risk,\19\ (ii) quality of risk management, and (iii) Residual Risk \20\ 
to provide OCC information on the quantity of risk in a certain 
functional area or business area, and provide a mechanism to prioritize 
risk mitigation activities. ERM would use analysis of Residual Risk in 
conjunction with metrics related to Risk Tolerances to develop a risk 
profile and determine whether a Key Risk is within in appetite and 
provide OCC's Management Committee and Board (or committee thereof) 
information on the quantity of risk in a certain functional area or 
business area, which would provide a mechanism to prioritize risk 
mitigation activities.
---------------------------------------------------------------------------

    \19\ Under the Policy, ``Inherent Risk'' would be defined as the 
absolute level of risk exposure posed by a process or activity prior 
to the application of controls or other risk-mitigating factors.
    \20\ Under the Policy, ``Residual Risk'' would be defined as t 
level of risk exposure posed by a process or activity after the 
application of controls or other risk-mitigating factors.
---------------------------------------------------------------------------

    Another such assessment--the Scenario Analysis Program--would be a 
method for identifying risks that may not be otherwise captured in 
OCC's risk statements. ERM, in cooperation with the first line of 
defense, would design simulations of potential disruptions, and 
business unit staff would be able to identify risks that may not have 
been previously uncovered or identify weaknesses in current controls. 
ERM would include potential risks identified through the Scenario 
Analysis Program in its analysis of, and reporting on, the quantity of 
risk within a certain Key Risk and whether the Key Risk is within 
appetite.
    A third assessment--the IT Risk Assessment Program--would be 
conducted by OCC's Security Services department prior to the 
procurement, development, installation, and operation of IT services 
and systems. This assessment would be triggered by certain events that 
may affect the nature or level of IT risks OCC faces, such as 
evaluation or procurement of a new system or technology, changes in OCC 
business processes that affect current services and systems, and the 
emergence of new threats that subvert existing controls and that 
require a new technology mitigation. OCC would also conduct periodic 
assessments.
    A fourth assessment would be conducted by OCC's compliance function 
to identify and measure regulatory compliance risks. The assessment 
would also provide OCC's compliance function with a basis for 
prioritizing testing and training activities.
Risk Reporting
    Under the RMF, ERM would be responsible for completing a review and 
reporting process that provides OCC's Management Committee and Board 
(or committee thereof) with the information necessary to fulfill their 
obligations for risk management and oversight of risk management 
activities, respectively. This reporting would be designed to assist 
OCC's Management Committee and Board (or committee thereof) in 
understanding the most significant risks faced by OCC from a process 
perspective and determining whether Risk Tolerances are being managed 
in accordance with Risk Appetite Statements. On a quarterly basis, ERM 
would provide a risk report with a summary analysis of risk appetite 
and risk profile that includes analysis of Residual Risks from the 
Enterprise Risk Assessment program, reporting on Risk Tolerances and 
recommendations for prioritization of risk mitigation activities. The 
reporting process would indicate procedures for escalation in the event 
of a breach of Risk Tolerance.
Control Activities
    Under the RMF, the Compliance Department would be responsible for 
maintaining an inventory of all business processes and associated 
controls. OCC would also provide guides to assist staff in documenting 
their control activities in a consistent way and periodically conduct 
training on the importance of a strong risk and control environment. In 
addition, on at least an annual basis, the Compliance Department would 
be required to conduct training to assist OCC staff in understanding 
their respective responsibilities in implementing OCC's risk and 
control environment.
(2) Statutory Basis
    Section 17A(b)(3)(F) of the Act \21\ requires, in part, that the 
rules of a clearing agency be designed to promote the prompt and 
accurate clearance and settlement of securities transactions, to assure 
the safeguarding of securities and funds in the custody or control of 
the clearing agency or for which it is responsible, and in general, to 
protect investors and the public interest. As described above, the RMF 
is designed to formalize, clarify, and streamline OCC's overall 
framework for comprehensively managing risks. Specifically, the RMF 
would describe OCCs overall framework for comprehensive risk 
management, including OCC's framework to identify, measure, monitor and 
manage all risks faced by OCC in the provision of clearing, settlement 
and risk management services. In particular, the RMF would establish 
the context for OCC's risk management framework, outline OCC's risk 
management philosophy, describe OCC's Risk Appetite Framework and use 
of Risk Tolerances, describe the governance arrangements that implement 
risk management, outline OCC's identification of Key Risks and describe 
OCC's program for enterprise-wide risk management, including the three 
lines of defense structure and OCC's approach to risk monitoring, 
assessment and reporting.
---------------------------------------------------------------------------

    \21\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------

    The proposed rule change would formalize the risk management 
framework OCC currently employs in a single document and would 
therefore serve as a guide for readers to understand OCC's 
comprehensive framework for managing risk and its universe of risk 
management policies. Moreover, by describing some of the ways that OCC 
manages its risks, the RMF would serve as a basis for the processes, 
policies, procedures and other documents that OCC may develop and 
maintain to facilitate those risk management activities. As a result, 
OCC believes the proposed rule change is designed to promote the prompt 
and accurate clearance and settlement of securities transactions, 
assure the safeguarding of securities and funds in the custody or 
control of the clearing agency or for which it is responsible, and in 
general, to protect investors and the public interest in accordance 
with Section 17A(b)(3)(F) of the Act.\22\
---------------------------------------------------------------------------

    \22\ Id.
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(3) \23\ requires, in part, that a covered clearing 
agency ``establish, implement, maintain and enforce written policies 
and procedures

[[Page 49461]]

reasonably designed to . . . [m]aintain a sound risk management 
framework for comprehensively managing legal, credit, liquidity, 
operational, general business, investment, custody, and other risks 
that arise in or are borne by the covered clearing agency, which . . . 
[i]ncludes risk management policies, procedures, and systems designed 
to identify, measure, monitor, and manage the range of risks that arise 
in or are borne by the covered clearing agency, that are subject to 
review on a specified periodic basis and approved by the board of 
directors annually . . .'' OCC believes that the proposed rule change 
is also consistent with Rule 17Ad-22(e)(3) \24\ because the RMF 
describes OCC's comprehensive framework for identifying, measuring, 
monitoring and managing the risks that arise within OCC or are borne by 
it, including legal, credit, liquidity, operational, general business, 
investment and custody risk. For example, the RMF describes OCC's 
framework for identifying its Key Risks and the relevant policies that 
OCC maintains to address those risks. Moreover, the RMF would establish 
a foundation of OCC's risk management practice by describing OCC's 
enterprise-wide risk management framework. This framework incorporates 
established principles employed across the financial services industry, 
such as the ``three lines of defense'' model for enterprise-wide risk 
management, to ensure that OCC maintains and operates a resilient, 
effective and reliable risk management and internal control 
infrastructure that assures risk management and processing outcomes 
expected by OCC stakeholders. This framework also describes how OCC's 
second line of defense monitors the risks that arise in or are borne by 
OCC through a variety of risk assessment, risk reporting and internal 
control management activities, consistent with the requirements of Rule 
17Ad-22(e)(3).\25\
---------------------------------------------------------------------------

    \23\ 17 CFR 240.17Ad-22(e)(3).
    \24\ Id.
    \25\ Id.
---------------------------------------------------------------------------

    The RMF also describes OCC's RAF and use of Risk Appetite 
Statements and Risk Tolerances to ensure that OCC sets appropriate 
levels and types of Key Risks that OCC is willing and able to assume in 
accordance with OCC's mission as a SIFMU. For example, the use of Risk 
Appetite Statements ensures that OCC can carefully calibrate the levels 
of risk it accepts for each Key Risk in a manner consistent with OCC's 
core mission of promoting financial stability in the markets it serves. 
In addition, the use of Risk Tolerances helps to ensure that OCC sets 
acceptable levels of risk within specified sub-categories of Key Risks, 
and which may also be used to set thresholds for acceptable variability 
in risk levels and to provide clear and transparent escalation triggers 
when the thresholds are breached. As a result, OCC believes the RMF is 
reasonably designed to provide for a sound, comprehensive framework for 
identifying, measuring, monitoring and managing the range of risks that 
arise in or are borne by OCC in a manner consistent with Rule 17Ad-
22(e)(3).\26\
---------------------------------------------------------------------------

    \26\ Id.
---------------------------------------------------------------------------

    The proposed rule change is not inconsistent with the existing 
rules of OCC, including any other rules proposed to be amended.

(B) Clearing Agency's Statement on Burden on Competition

    Section 17A(b)(3)(I) of the Act \27\ requires that the rules of a 
clearing agency not impose any burden on competition not necessary or 
appropriate in furtherance of the purposes of the Act. OCC does not 
believe that the proposed rule change would impact or impose any burden 
on competition. The proposed rule change would formalize the framework 
OCC uses internally to identify, monitor and manage its risks in a more 
transparent and understandable way. While the proposed rule change 
would update OCC's internal risk management framework document, this 
update does not affect Clearing Members' access to OCC's services or 
impose any direct burdens on Clearing Members. Accordingly, the 
proposed rule change would not unfairly inhibit access to OCC's 
services or disadvantage or favor any particular user in relationship 
to another user.
---------------------------------------------------------------------------

    \27\ 15 U.S.C. 78q-1(b)(3)(I).
---------------------------------------------------------------------------

(C) Clearing Agency's Statement on Comments on the Proposed Rule Change 
Received From Members, Participants or Others

    Written comments on the proposed rule change were not and are not 
intended to be solicited with respect to the proposed rule change and 
none have been received.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the self- regulatory organization consents, the Commission will:
    (A) By order approve or disapprove the proposed rule change, or
    (B) institute proceedings to determine whether the proposed rule 
change should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views and 
arguments concerning the foregoing, including whether the proposed rule 
change is consistent with the Act. Comments may be submitted by any of 
the following methods:

Electronic Comments

     Use the Commission's Internet comment form (http://www.sec.gov/rules/sro.shtml); or
     Send an email to [email protected]. Please include 
File Number SR-OCC-2017-005 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street NE., Washington, DC 20549-1090.

All submissions should refer to File Number SR-OCC-2017-005. This file 
number should be included on the subject line if email is used. To help 
the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's Internet Web site (http://www.sec.gov/rules/sro.shtml). Copies of the submission, all subsequent amendments, all 
written statements with respect to the proposed rule change that are 
filed with the Commission, and all written communications relating to 
the proposed rule change between the Commission and any person, other 
than those that may be withheld from the public in accordance with the 
provisions of 5 U.S.C. 552, will be available for Web site viewing and 
printing in the Commission's Public Reference Room, 100 F Street NE., 
Washington, DC 20549, on official business days between the hours of 
10:00 a.m. and 3:00 p.m. Copies of such filing also will be available 
for inspection and copying at the principal office of OCC and on OCC's 
Web site at http://www.theocc.com/components/docs/legal/rules_and_bylaws/sr_occ_17_005.pdf. All comments received will be 
posted without change; the Commission does not edit personal 
identifying information from submissions. You should submit only 
information that you wish to make available publicly. All submissions 
should refer to File

[[Page 49462]]

Number SR-OCC-2017-005 and should be submitted on or before November 
15, 2017.

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated Authority.\28\
---------------------------------------------------------------------------

    \28\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------

Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2017-23121 Filed 10-24-17; 8:45 am]
 BILLING CODE 8011-01-P