Self-Regulatory Organizations; ICE Clear Europe Limited; Notice of Filing of Proposed Rule Change Relating to the ICE Clear Europe Outsourcing Policy, 47809-47811 [2022-16661]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 87, Number 149 (Thursday, August 4, 2022)]
[Notices]
[Pages 47809-47811]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-16661]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-95394; File No. SR-ICEEU-2022-014]


Self-Regulatory Organizations; ICE Clear Europe Limited; Notice 
of Filing of Proposed Rule Change Relating to the ICE Clear Europe 
Outsourcing Policy

July 29, 2022.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 
(``Act''),\1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that 
on July 19, 2022, ICE Clear Europe Limited filed with the Securities 
and Exchange Commission (``Commission'') the proposed rule changes 
described in Items I, II, and III below, which Items have been prepared 
primarily by ICE Clear Europe. The Commission is publishing this notice 
to solicit comments on the proposed rule change from interested 
persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------

I. Clearing Agency's Statement of the Terms of Substance of the 
Proposed Rule Change

    ICE Clear Europe Limited (``ICE Clear Europe'' or the ``Clearing 
House'') is submitting its Outsourcing Policy (``Outsourcing Policy'' 
or ``Policy''), which would set out in a consolidated document how the 
Clearing House manages outsourcing arrangements with third party 
providers and affiliates of the Clearing House, as well as how the ICE 
Clear Europe Board maintains oversight of its outsourcing arrangements. 
A copy of the proposed Outsourcing Policy is set forth in Exhibit 
5[sic].\3\
---------------------------------------------------------------------------

    \3\ Capitalized terms used but not defined herein have the 
meanings specified in the ICE Clear Europe Clearing Rules and the 
Outsourcing Policy.
---------------------------------------------------------------------------

II. Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

    In its filing with the Commission, ICE Clear Europe included 
statements concerning the purpose of and basis for the proposed rule 
change and discussed any comments it received on the proposed rule 
change. The text of these statements may be examined at the places 
specified in Item IV below. ICE Clear Europe has prepared summaries, 
set forth in sections (A), (B), and (C) below, of the most significant 
aspects of such statements.

(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

(a) Purpose
    ICE Clear Europe is submitting its Outsourcing Policy which would 
describe, in a consolidated document, the Clearing House's procedures 
for management of its outsourcing arrangements. The Outsourcing Policy 
would complement the existing ICE Clear Europe Vendor Management Policy 
(``VMP''), which describes certain group-wide policies of the Clearing 
House's ultimate parent, Intercontinental Exchange, Inc., with respect 
to its outsourcing arrangements with third parties. The Outsourcing 
Policy also references ICE Clear Europe's Outsourcing Operating Manual 
(``OOM''), which sets out additional details concerning the steps it 
follows in order to introduce, amend and/or maintain outsourcing 
arrangements.
    The purpose of the Outsourcing Policy would be to set out, in a 
consolidated document, how the Clearing House manages its outsourcing 
arrangements, both with third party providers and its affiliates, and 
how the Clearing House's Board maintains oversight of the outsourcing 
arrangements. Together with the VMP, the Outsourcing Policy is intended 
to document how the Clearing House assesses the risks of outsourcing 
certain functions. The Policy is not expected to represent a change in 
the Clearing House's current practices, but rather to more clearly 
document those practices in a Clearing House level policy.
    The Outsourcing Policy would include an introduction section which 
describes the differences between outsourcing and purchasing services, 
the former being the Clearing House's use of a service provider to 
perform an ongoing activity that would usually be performed by the 
Clearing House and which often involves transferring or sharing related 
non-public proprietary information, and the latter being the Clearing 
House's purchases of services, goods and facilities and which would 
typically not include any transfer of non-public proprietary 
information.
    The Outsourcing Policy would also differentiate the Clearing 
House's outsourcing practices and purchasing arrangements in respect of 
third-party providers, which would be managed through the VMP, from 
outsourcing through its affiliates, which would typically have a lower 
risk profile for the Clearing House because such affiliates tend to be 
regulated entities with the same or similar systems, risk appetites, 
standards and processes, among other commonalities, as the Clearing 
House.
    The Policy would set out the Clearing House's overall objectives 
when considering outsourcing.
    The Policy would include a discussion of outsourcing to third 
parties and outsourcing to the Clearing House's affiliates. As 
mentioned, outsourcing to third parties is covered under the VMP, which 
covers due diligence, risk assessment, suitability, and performance 
management, among other topics. Outsourcing to affiliates of the 
Clearing House would follow the same process and standards as under the 
VMP; however, assessment would be performed by ICE Clear Europe's 
senior management rather than the Clearing House's Vendor Management 
Office. In all cases, the Clearing House would look to ensure that all 
service provider related incidents (such as service interruptions) are 
recorded and monitored and escalated to the Clearing House's senior 
management in a consistent manner.
    The Policy would provide the Clearing House would consider in its 
assessment of service providers that there can be lower risk in 
outsourcing functions to third parties that are also regulated or 
authorized. The Clearing House would consider in its assessment of a 
service provider how the service provider's jurisdiction impacts the 
risks associated with outsourcing functions to that service providers.
    ICE Clear Europe proposes to include in the Policy that it looks to 
manage any potential or actual conflicts of interest resulting from its 
outsourcing arrangements, particularly in respect of outsourcing 
arrangements it has with its affiliates.
    Additionally, ICE Clear Europe proposes to include in the Policy 
that it looks to reserve independent audit rights to check compliance 
with legal and regulatory requirements and policies in its outsourcing 
agreements with third party and affiliate service providers, as 
required.
    ICE Clear Europe also proposes to include in the Policy information 
about its cloud-based outsourcing arrangements. Outsourcing to the 
cloud is generally covered under the existing VMP. Relevant ICE Clear 
Europe and ICE Group policies, such as the Corporate Information 
Security Policy would also be considered when

[[Page 47810]]

engaging in cloud outsourcing arrangements. Adding a new or 
significantly change an existing cloud outsource arrangement would be 
covered under the OOM.
    The Policy would include a section describing the Clearing House's 
considerations when deciding whether to outsource a function considered 
``critical or important''. A function is considered by the Clearing 
House to be ``critical or important'' where a defect or failure in its 
performance would materially impair the Clearing House's continuing 
compliance with the conditions and obligations or its authorizations or 
other obligations, financial performance or the soundness or continuity 
of its services and activities.
    The Policy would include an acknowledgment by the Clearing House 
that outsourcing ``critical or important'' functions could impact the 
Clearing House's risk profile, ability to oversee the service provider 
and manage risks, business continuity measures and performance of its 
business activities, to name a few. The Clearing House would ensure 
that such matters would be considered in the decision-making processes 
in respect of outsourcing. Additionally, ``critical or important'' 
functions would impact how the Clearing House would assess how an 
outsourcing arrangement is assessed, documented and managed by the 
Clearing House (including by having an exit plan, if practical). Also, 
if a function to be outsourced is or would be a dependency to the 
delivery of one or more of the Clearing House's important business 
services under its operational resilience framework, such function 
would be mapped accordingly with appropriate consideration given to 
potential vulnerabilities, resiliency and impact to the relevant impact 
tolerances.
    The Policy would include a discussion of additional considerations 
of particular importance to the Clearing House in light of its position 
as a systemically important financial market infrastructure and in 
alignment with its regulatory oversight. The Clearing House places 
particular importance on the following additional considerations when 
considering its outsourcing arrangements, each described in further 
detail in the proposed Policy: (i) business continuity arrangements, 
(ii) incident management responsiveness and reporting, (iii) 
independent assurances, and (iv) redundancies, notice periods and exit 
strategies. Regarding business continuity arrangements, during the 
onboarding process and through periodic reviews and testing the 
Clearing House would assess the service provider's business continuity 
plans to ensure that they are fit for the relevant purposes. Next, the 
Policy would state that incident management and responsiveness and 
timely reporting are important factors in the Clearing House's 
outsourcing arrangements, given the services that the Clearing House 
operates. Accordingly, the Clearing House would require that 
outsourcing providers have appropriate mechanisms for timely response 
and incident management. Regarding independent assurances, the Clearing 
House would, where possible and practicable, look to collect 
independent assurances of the outsourcing providers' services, which 
may include but are not limited to SOC2 audits, Regulation SCI audits 
and enterprise technology risk assessments. Finally, where possible and 
practicable, the Clearing House would look to mitigate the risk of 
disruption to its services from outsourcing providers ceasing to 
provide their services to the Clearing Houses, through redundancies 
(the use of multiple providers), sufficient notice periods, or exit 
strategies.
    The Policy would also include a section describing ICE Clear 
Europe's Board oversight of outsourcing arrangements. The Board 
oversees the Clearing House's outsourcing arrangement through risk 
appetite metrics that include service and incident reporting, 
operational risk reporting that covers typically Priority 3 incidents 
or higher, observed in the relevant period, their resolution and other 
performance metrics, and an Annual Outsourcing Assessment Report.
    The COO or its delegate would prepare the Annual Outsourcing 
Assessment Report, which would be reviewed by the Board each year 
directly or via its committees. The Annual Outsourcing Assessment 
Report would cover the following topics: (i) the activities and 
services that are outsourced, (ii) the identities of the outsource 
providers (iii) the performance of the outsourcing providers and their 
adherence to agreed service levels, (iv) where relevant, the security 
measures of the outsourcing providers, (v) risk reviews of the 
outsourcing providers, particularly those providing critical or 
important cloud outsourcing arrangements, (vi) exit strategies and 
contingency arrangements associated with outsourcing critical or 
important functions and (vii) results and conclusions of additional 
assurance mechanisms (for example, SOC2 audits) where applicable.
    Finally, the Policy would describe governance and exception 
handling. The document owner would be responsible for ensuring that it 
remains up-to-date and reviewed in accordance with the Clearing House's 
governance processes. Exceptions to the Policy would also be approved 
in accordance with such governance processes. Any deviations from the 
Policy would have to be appropriately escalated and reported in a 
timely manner by the document owner, and the document owner would also 
be responsible for reporting any material breaches or deviations to the 
President of ICE Clear Europe and the Risk Oversight Department in 
order to determine the appropriate governance escalation and 
notification requirements.
(b) Statutory Basis
    ICE Clear Europe believes that the Outsourcing Policy is consistent 
with the requirements of Section 17A of the Act \4\ and the regulations 
thereunder applicable to it. In particular, Section 17A(b)(3)(F) of the 
Act \5\ requires, among other things, that the rules of a clearing 
agency be designed to promote the prompt and accurate clearance and 
settlement of securities transactions and, to the extent applicable, 
derivative agreements, contracts, and transactions, the safeguarding of 
securities and funds in the custody or control of the clearing agency 
or for which it is responsible, and the protection of investors and the 
public interest.
---------------------------------------------------------------------------

    \4\ 15 U.S.C. 78q-1.
    \5\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------

    The Outsourcing Policy is designed to consolidate and document ICE 
Clear Europe's existing procedures for considering whether to 
outsourcing functions and managing related risks. The Policy would, 
among other matters, document the objectives of the Clearing House in 
outsourcing responsibilities to various third parties (including 
affiliates) and managing related risks, including conflict of interest 
risks and legal and regulatory requirements. The Policy would also set 
out in detail certain key considerations of the Clearing House in 
outsourcing ``critical or important'' functions. In ICE Clear Europe's 
view, the Policy will thus facilitate management of the risks related 
to outsourcing functions, and thereby promote the efficient operation 
and stability of the Clearing House and the prompt and accurate 
clearance and settlement of cleared contracts. The enhanced risk 
management for outsourcing is therefore also generally consistent with 
the protection of investors and the public interest in the

[[Page 47811]]

safe operation of the Clearing House. (ICE Clear Europe would not 
expect the adoption of the Policy to affect materially the safeguarding 
of securities and funds in ICE Clear Europe's custody or control or for 
which it is responsible.) Accordingly, the Policy satisfies the 
requirements of Section 17A(b)(3)(F).\6\
---------------------------------------------------------------------------

    \6\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------

    The Outsourcing Policy is also consistent with relevant provisions 
of Rule 17Ad-22.\7\ Rule 17Ad-22(e)(3)(i) provides that ``[e]ach 
covered clearing agency shall establish, implement, maintain and 
enforce written policies and procedures reasonable designed to, as 
applicable [. . .] identify, measure, monitor and manage the range of 
risks that arise in or are borne by the covered clearing agency''.\8\ 
The Outsourcing Policy is intended to document the Clearing House's 
practices that relate to management of the Clearing House's outsourcing 
functions and builds on the existing VMP. In ICE Clear Europe's view, 
as set out above, the Policy would facilitate overall risk management 
with respect to outsourcing, consistent with the requirements of Rule 
17Ad-22(e)(3)(i).\9\
---------------------------------------------------------------------------

    \7\ 17 CFR 240.17 Ad-22.
    \8\ 17 CFR 240.17 Ad-22(e)(3)(i).
    \9\ 17 CFR 240.17 Ad-22(e)(3)(i).
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(2) provides that ``[e]ach covered clearing agency 
shall establish, implement, maintain and enforce written policies and 
procedures reasonable designed to, as applicable [. . .] provide for 
governance arrangements that are clear and transparent'' \10\ and 
``[s]pecify clear and direct lines of responsibility''.\11\ As 
discussed, the Outsourcing Policy would clarify certain 
responsibilities of the Clearing House Board and COO in relation to 
oversight of the Clearing House's outsourcing arrangements. In line 
with the Clearing House's other policies and procedures, the Policy 
would also describe the responsibilities of the document owner and 
appropriate escalation and notification requirements for responding to 
exceptions and deviations from the Policy. In ICE Clear Europe's view, 
the Policy is therefore consistent with the requirements of Rule 17Ad-
22(e)(2).\12\
---------------------------------------------------------------------------

    \10\ 17 CFR 240.17 Ad-22(e)(2)(i).
    \11\ 17 CFR 240.17 Ad-22(e)(2)(v).
    \12\ 17 CFR 240.17 Ad-22(e)(2).
---------------------------------------------------------------------------

(B) Clearing Agency's Statement on Burden on Competition

    ICE Clear Europe does not believe the Outsourcing Policy would have 
any impact, or impose any burden, on competition not necessary or 
appropriate in furtherance of the purposes of the Act. The Policy is 
being adopted to document the Clearing House's practices relating to 
management of outsourcing arrangements, both with third parties and 
affiliates. The Policy does not change the rights or obligations of 
Clearing Members or the Clearing House under the Rules or Procedures. 
Accordingly, ICE Clear Europe does not believe that adoption of the 
Policy would adversely affect competition among Clearing Members, 
materially affect the costs of clearing, adversely the ability of 
market participants to access clearing or the market for clearing 
services generally, or otherwise adversely affect competition in 
clearing services. Therefore, ICE Clear Europe does not believe the 
proposed rule change imposes any burden on competition that is not 
necessary or appropriate in furtherance of the purposes of the Act.

(C) Clearing Agency's Statement on Comments on the Proposed Rule Change 
Received From Members, Participants or Others

    Written comments relating to the proposed amendments have not been 
solicited or received by ICE Clear Europe. ICE Clear Europe will notify 
the Commission of any written comments received with respect to the 
proposed rule change.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the self-regulatory organization consents, the Commission will:
    (A) by order approve or disapprove such proposed rule change, or
    (B) institute proceedings to determine whether the proposed rule 
change should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views, and 
arguments concerning the foregoing, including whether the proposed rule 
change is consistent with the Act. Comments may be submitted by any of 
the following methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/sro.shtml) or
     Send an email to [email protected]. Please include 
File Number SR-ICEEU-2022-014 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street, NE, Washington, DC 20549-1090.

All submissions should refer to File Number SR-ICEEU-2022-014. This 
file number should be included on the subject line if email is used. To 
help the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's internet website (https://www.sec.gov/rules/sro.shtml). 
Copies of the submission, all subsequent amendments, all written 
statements with respect to the proposed rule change that are filed with 
the Commission, and all written communications relating to the proposed 
rule change between the Commission and any person, other than those 
that may be withheld from the public in accordance with the provisions 
of 5 U.S.C. 552, will be available for website viewing and printing in 
the Commission's Public Reference Room, 100 F Street, NE, Washington, 
DC 20549, on official business days between the hours of 10:00 a.m. and 
3:00 p.m. Copies of such filings will also be available for inspection 
and copying at the principal office of ICE Clear Europe and on ICE 
Clear Europe's website at https://www.theice.com/clear-europe/regulation.
    All comments received will be posted without change. Persons 
submitting comments are cautioned that we do not redact or edit 
personal identifying information from comment submissions. You should 
submit only information that you wish to make available publicly. All 
submissions should refer to File Number SR-ICEEU-2022-014 and should be 
submitted on or before August 25, 2022.

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\13\
---------------------------------------------------------------------------

    \13\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------

J. Matthew DeLesDernier,
Deputy Secretary.
[FR Doc. 2022-16661 Filed 8-3-22; 8:45 am]
BILLING CODE 8011-01-P