Self-Regulatory Organizations; Options Clearing Corporation; Notice of Filing of Proposed Rule Change by The Options Clearing Corporation To Amend and Enhance the Options Clearing Corporation's Model Risk Management Policy, 31549-31554 [2023-10469]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 88, Number 95 (Wednesday, May 17, 2023)]
[Notices]
[Pages 31549-31554]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-10469]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-97484; File No. SR-OCC-2023-004]


Self-Regulatory Organizations; Options Clearing Corporation; 
Notice of Filing of Proposed Rule Change by The Options Clearing 
Corporation To Amend and Enhance the Options Clearing Corporation's 
Model Risk Management Policy

May 11, 2023.
    Pursuant to section 19(b)(1) of the Securities Exchange Act of 1934 
(``Exchange Act'' or ``Act''),\1\ and Rule 19b-4 thereunder,\2\ notice 
is hereby given that on April 27, 2023, the Options Clearing 
Corporation (``OCC'') filed with the Securities and Exchange Commission 
(``Commission'') the proposed rule changes described in Items I, II and 
III below, which Items have been prepared primarily by OCC. The 
Commission is publishing this notice to solicit comments on the 
proposed rule change from interested persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------

I. Clearing Agency's Statement of the Terms of Substance of the 
Proposed Rule Change

    This proposed rule change would amend and enhance OCC's Model Risk 
Management Policy. The Model Risk Management Policy is included as 
confidential Exhibit 5 to File Number SR-OCC-2023-004. The proposed 
rule change does not require any changes to the text of OCC's By-Laws 
or Rules. All terms with initial capitalization that are not defined 
herein have the same meaning as set forth in the OCC By-Laws and Rules.

II. Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

    In its filing with the Commission, OCC included statements 
concerning the purpose of and basis for the proposed rule change and 
discussed any comments it received on the proposed rule change. The 
text of these statements may be examined at the places specified in 
Item IV below. OCC has prepared summaries, set forth in sections (A), 
(B), and (C) below, of the most significant aspects of these 
statements.

(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

(1) Purpose
    This proposed rule change would make certain changes to OCC's Model 
Risk Management Policy (``MRM Policy'' or ``Policy'') to enhance the 
manner in which OCC manages the risk models and methodologies used in 
connection with OCC's business. OCC's use of risk models exposes OCC to 
model risk. Model risk is the potential for adverse consequences from 
decisions based on incorrect or misused model outputs. For example, a 
model that is not managed properly could potentially cause OCC to over-
collect or under-collect the appropriate amount of collateral to cover 
credit risk posed by Clearing Members. OCC notes that the MRM Policy is 
part of a broader framework regarding model risk management that is 
designed to further the appropriate design, validation, and operation 
of OCC's Risk Models.\3\
---------------------------------------------------------------------------

    \3\ For example, OCC's Margin Policy is also part of OCC's 
framework regarding model risk management in that it is designed to 
be consistent with the requirement in Rule 17Ad 22(e)(6)(vii) that 
OCC's policies and procedures provide for a risk-based margin system 
that requires a margin model validation not less than annually. See 
17 CFR 240.17Ad-22(e)(6)(vii).
---------------------------------------------------------------------------

    The MRM Policy is designed to outline OCC's framework for managing 
model risk and to define the roles and responsibilities throughout the 
risk model and methodology lifecycle.\4\ As detailed further below, the 
proposed changes to the MRM Policy primarily include amendments 
designed to: (1) more comprehensively address risk methodologies rather 
than just the underlying risk models; (2) revise the roles and 
responsibilities of various individuals, groups, and departments with 
respect to OCC's managing of model risk; (3) reflect certain non-
substantive changes, such as renaming certain policies and procedures; 
and (4) add a description of certain ``Risk Applications'' and ``User 
Developed Applications'' used by OCC.
---------------------------------------------------------------------------

    \4\ The Risk Methodology and Risk Model lifecycle generally 
includes the development, implementation, monitoring, and 
independent validation of Risk Methodologies and Risk Models.
---------------------------------------------------------------------------

Risk Methodologies
    OCC proposes to modify the MRM Policy to more directly contemplate 
``Risk Methodologies'' rather than just ``Risk Models.'' As currently 
defined in the MRM Policy, a Risk Model refers to any quantitative 
method or approach that applies statistical, economic, financial, or 
mathematical theories, techniques, and/or assumptions to process inputs 
into quantitative estimates, forecasts, or projections and can also be 
a quantitative method with inputs that are qualitative or based on 
business judgment. As also currently defined in the MRM Policy, a 
Methodology refers to a collection of Risk Models that are used to 
estimate financial risk exposures.
    OCC proposes to specify in the MRM Policy that Risk Models are 
integrated into ``Risk Methodologies'' to broaden and align OCC's 
internal model risk policies and procedures by the adoption of the more 
holistic and comprehensive Risk Methodologies framework consisting of a 
collection of components, related inputs and outputs, and potentially 
other tools and applications, as explained further below. Specifically, 
OCC proposes to replace the definition of Methodology with a definition 
of a ``Risk Methodology,'' providing that a Risk Methodology is a 
collection of Risk Models and related inputs and outputs, which are 
used to estimate or compute a distinct aspect of OCC's credit (i.e., 
Clearing Fund and margin) and liquidity resources.\5\ The purpose of 
the expanding the definition in this way is to facilitate a more 
holistic view of the

[[Page 31550]]

relevant processes and calculations, as described in more detail below.
---------------------------------------------------------------------------

    \5\ Under OCC's current MRM Policy, Risk Models are further 
defined in specific contexts whereby the MRM Policy states that Risk 
Models are ``credit risk models (i.e., Clearing Fund), and margin 
system and related models (i.e., STANS), and liquidity risk 
models.'' As part of the broader shift in this proposed rule change 
from a focus on individual Risk Models to Risk Methodologies, OCC 
proposes to incorporate these contexts into the definition of Risk 
Methodologies, providing that Risk Methodologies ``are used to 
estimate or compute a distinct aspect of OCC's credit (i.e., 
Clearing Fund and margin) and liquidity resources.'' The proposed 
new definition of Risk Methodologies would capture all existing Risk 
Models that address OCC's credit, margin and liquidity resources.
---------------------------------------------------------------------------

    A Risk Methodology is therefore broader than a particular Risk 
Model because a Risk Methodology may include multiple constituent Risk 
Models, as well as any other inputs or outputs that may not be part of 
any one particular constituent Risk Model but that nonetheless 
contribute to the overarching Risk Methodology.\6\ Because Risk Models 
typically do not operate in isolation, but rather as part of a broader 
Risk Methodology, OCC believes that expanding the MRM Policy to more 
comprehensively focus on Risk Methodologies would promote a more sound 
risk management framework, consistent with Rule 17Ad-22(e)(3).\7\ The 
proposed definition of Risk Methodology is designed to capture each of 
the constituent Risk Models of which the Risk Methodology is comprised 
as well as any other inputs or outputs that might be part of how OCC 
manages OCC's credit and liquidity resources. OCC believes that the 
proposed definition of Risk Methodology therefore takes a more holistic 
view toward the processes and calculations by which OCC manages risks 
arising in connection with the use of a Risk Model.
---------------------------------------------------------------------------

    \6\ For example, as part of OCC's Margin Methodology, OCC 
considers the settlement obligations of both an individual Clearing 
Member as well as its affiliates that comprise a Clearing Member 
Group. See OCC Rule 609, Interpretation and Policies .01 (providing 
that OCC will consider the margin assets of a Clearing Member's 
affiliates in determining whether a Clearing Member's forecasted 
settlement obligations to OCC could exceed the liquidity resources 
available to OCC to satisfy such obligations). The calculation of 
the relevant assets of a Clearing Member's affiliates as part of a 
Clearing Member Group are not part of a particular Risk Model (e.g., 
the quantitative method to determine intra-day margin obligations) 
but are an input to the broader OCC Margin Methodology.
    \7\ 17 CFR 240.17Ad-22(e)(3).
---------------------------------------------------------------------------

    Accordingly, OCC proposes to modify references to Risk Models in 
the MRM Policy to instead refer to Risk Methodologies in describing the 
manner in which OCC governs model risk and in describing the roles and 
responsibilities of various OCC groups and departments under the 
Policy.\8\ For example, rather than specifying that the design, theory, 
and logic of each Risk Model used by OCC shall take into consideration 
published literature and industry best practice, where it is available, 
the revised MRM Policy would provide that the design, theory, and logic 
of each Risk Methodology used by OCC will take into consideration 
published literature and industry best practice, where it is available. 
OCC notes that this proposed change to broaden the scope from Risk 
Models to Risk Methodologies would not modify OCC's processes with 
respect to any individual Risk Model. That is, OCC would continue to 
perform the same review of each individual Risk Model as it does today, 
but would now include a more comprehensive consideration of each Risk 
Model as part of a Risk Methodology as well as any calculations or 
inputs that may contribute to a Risk Methodology but that may not 
necessarily be part of a particular Risk Model.
---------------------------------------------------------------------------

    \8\ The current MRM Policy does address Risk Methodologies by 
providing that OCC's Quantitative Risk Management department is 
required to describe each Risk Model Methodology in a Methodology 
document.
---------------------------------------------------------------------------

Roles and Responsibilities of OCC Departments
    OCC proposes to modify the descriptions of the roles and 
responsibilities of various OCC departments and groups that are 
referenced in the MRM Policy to account for the broadened scope of the 
MRM Policy to focus on Risk Methodologies rather than individual Risk 
Models. For example, under the current Policy, OCC's Quantitative Risk 
Management (``QRM'') department is responsible for, among other things, 
monitoring the use and performance of Risk Models according to relevant 
procedures, maintaining risk tolerances and associated key risk 
indicators to measure and monitor risk models. Financial Risk 
Management (``FRM'') is the parent department of which QRM is a 
part.\9\ OCC proposes to modify the allocation of responsibility to 
instead provide that OCC's FRM department is responsible for the tasks 
currently performed by QRM, such as, among other things, monitoring the 
use and performance of Risk Methodologies according to relevant 
procedures and maintaining risk tolerances and associated key risk 
indicators to measure and monitor risk associated with Risk 
Methodologies.\10\ While QRM has, and will continue to have, primary 
responsibility for individual Risk Models, OCC proposes to change the 
references from QRM to FRM to encompass the responsibilities of other 
departments within FRM that may have responsibility for an input or 
output that is not necessarily part of a particular Risk Model, but 
which is part of a Risk Methodology.\11\ The particular 
responsibilities of each department within FRM depend on the particular 
Risk Methodology and the constituent Risk Models and any additional 
inputs or outputs, but all groups within FRM would be subject to the 
Policy.
---------------------------------------------------------------------------

    \9\ FRM includes, in addition to QRM, OCC's Credit Risk 
Management, Market Risk and Default Management, Pricing and Margins, 
Stress Testing and Liquidity Management departments.
    \10\ OCC also proposes certain other non-substantive changes to 
the MRM Policy intended to provide greater clarity. For example, 
currently the MRM Policy specifies that the Chief Financial Risk 
Officer (``CFRO'') (or his or her delegate) shall review and, if 
appropriate, approve Risk Model documentation. OCC proposes to 
revise the description by removing the reference to delegate and 
adding that these functions are performed by following OCC's Risk 
Methodology Documentation Procedure. OCC does not intend this 
outcome to result in any substantive change in the roles and 
responsibilities related to documentation of Risk Methodologies 
(other than the scope expanding from Risk Models to Risk 
Methodologies). Moreover, OCC's Risk Methodology Documentation 
Procedure establishes that the CFRO (or the CFRO's delegate) retains 
the same responsibilities for Risk Model and Risk Methodology 
documentation. As a result, OCC believes that OCC's policies and 
procedures will continue to ensure clear and direct lines of 
responsibility, consistent with Rule 17Ad-22(e)(2)(v). 17 CFR 
240.17Ad-22(e)(2)(v).
    \11\ OCC proposes that all references to QRM would be changed to 
FRM to account for the broadened scope from Risk Models to Risk 
Methodologies with the exception that the MRM Policy would continue 
to specify that QRM is responsible for the review of ``Assessment 
Reports,'' which are conclusions drawn from a review of individual 
Risk Model performance, parameters, and assumptions.
---------------------------------------------------------------------------

    In addition, OCC proposes to set forth the responsibilities of 
Model Risk Management (``MRM'') under the Policy with respect to Risk 
Methodologies. For example, MRM is currently responsible under the MRM 
Policy for, among other things, validating all Risk Models prior to 
implementation and evaluating the performance of each Risk Model by 
performing independent model validations, in each case in accordance 
with relevant procedures. As proposed, the MRM Policy would instead 
provide that MRM is responsible for, among other things, validating all 
Risk Models and Methodologies (including any changes to Risk 
Methodologies) prior to implementation and also for evaluating the 
performance of each Risk Model by performing independent model 
validations in each case in accordance with relevant procedures. 
Additionally, currently under the MRM Policy, the Executive Director of 
MRM is responsible for developing and maintaining the Annual Model 
Validation Plan. As proposed, the MRM Policy would provide that the 
head of MRM \12\ develops and maintains the, now renamed, Annual 
Validation Plan (``Annual Plan'') \13\ and schedule for all in-use Risk 
Methodologies, including

[[Page 31551]]

Risk Models.\14\ As proposed, there would be no change to the Annual 
Plan, other than that it would now encompass Risk Methodologies more 
broadly--rather than just individual Risk Models.
---------------------------------------------------------------------------

    \12\ The current title of the head of MRM is the ``Managing 
Director, Model Risk Management,'' rather than the ``Executive 
Director.'' As titles may change over time, OCC proposes to simply 
refer to ``the head of MRM'' rather than specifying the precise 
title of the current head of MRM at this time.
    \13\ OCC also proposes to make clear in a footnote to the MRM 
Policy that the term ``annual'' means ``12 months, or 365 days.''
    \14\ Similarly, the current MRM Policy specifies that the 
Executive Director of MRM has qualified staff with the expertise to 
perform model validations in accordance with relevant procedures and 
that MRM personnel shall be independent from and not report to OCC 
business areas involved in the development, implementation and 
operation of Risk Models. Under this proposed rule change, the MRM 
Policy would provide that the head of MRM maintains qualified 
personnel to perform validations in accordance with relevant 
procedures and that such MRM personnel are independent from OCC 
business areas involved in the development, implementation and 
operation of Risk Methodologies.
---------------------------------------------------------------------------

    OCC also proposes to provide some additional description of MRM's 
role by specifying that MRM independently validates all Risk 
Methodologies in accordance with the Methodology and Model Validation 
Procedure and the Methodology and Model Performance Monitoring 
Procedure, which includes reviewing the performance of each Risk 
Methodology and verifying the software is implemented as intended. As 
proposed, the MRM Policy would further specify that validation results, 
including any conclusions, are documented in validation reports, and 
are reviewed with FRM. These changes do not substantively alter the 
roles and responsibilities of MRM other than with respect to the 
expanded scope of assessing Risk Methodologies rather than just Risk 
Models. Instead, the changes are intended to provide greater 
specificity regarding MRM's current functions under the MRM Policy.
    OCC also proposes to make non-substantive changes to the 
description of the roles and responsibilities of OCC's Model Risk 
Working Group (``MRWG''). The MRWG is generally responsible for, among 
other things, assisting OCC's Management Committee in overseeing and 
governing OCC's model-related risk issues, reviewing and, if 
appropriate, approving new Risk Models, material changes to Risk 
Models, and proposals for decommissioning Risk Models prior to 
submission to OCC's Management Committee for review.\15\ Under the 
current MRM Policy, the MRWG consists of representatives from QRM, FRM, 
MRM, and OCC's Corporate Risk Management department. As proposed, the 
MRWG would consist of representatives from FRM and OCC's Corporate Risk 
Management department. OCC notes that the same groups would be 
represented as part of the MRWG, only under different names. For 
example, QRM is already part of FRM (as explained above), so references 
to FRM already include QRM. Similarly, the Corporate Risk Management 
department includes MRM. Pursuant to the MRWG Procedure, a 
representative of each of the subgroups within FRM and the Corporate 
Risk Management department that are currently part of the MRWG would 
continue to be represented as part of the MRWG. The MRWG would 
consequently consist of representatives from all of the same groups as 
under the current MRM Policy, and the MRWG's functions would remain 
substantively the same.
---------------------------------------------------------------------------

    \15\ As proposed, to account for the expansion of the MRM Policy 
to address Risk Methodologies rather than just Risk Models, this 
description of the MRWG's role would be amended to provide that, 
pursuant to the Model Risk Working Group Procedure, the MRWG reviews 
and, if appropriate, approves all new Risk Methodologies, changes to 
Risk Methodologies, and proposals for decommissioning Risk 
Methodologies prior to submitting to the Management Committee for 
review and approval.
---------------------------------------------------------------------------

Other Non-Substantive Changes
    OCC proposes to delete Part VI of MRM Policy, which sets forth the 
meaning of certain defined terms in the Policy, such as the terms 
``Methodology,'' ``Risk Model,'' ``Model Inventory,'' ``Material 
Change,'' ``Model Risk,'' and ``Risk Model Defect.'' Certain of these 
terms, such as ``Risk Model'' are already defined in the body of the 
MRM Policy, and OCC does not propose any substantive change to these 
defined terms.\16\ OCC proposes to delete the term ``Methodology'' from 
the MRM Policy and replace such term with ``Risk Methodology,'' as 
explained above, and set forth such new definition in the body of the 
MRM Policy. OCC proposes to delete the term ``Risk Model Defect'' \17\ 
because such term is not used in the body of the MRM Policy, and the 
concept of a Risk Model Defect is captured under the concept of 
``observations'' or ``conclusions'' arising from various reviews and 
validations of Risk Models and Risk Methodologies.\18\ OCC proposes to 
delete the definition of a ``Material Change'' because OCC believes 
that all changes to Risk Models and Risk Methodologies should be 
subject to the oversight processes outlined in the MRM Policy, rather 
than only those that might be considered ``material.'' OCC also 
proposes to delete the definition of ``Independent Model Validation,'' 
which is currently defined as evaluation of the performance of a Risk 
Model performed by a qualified person who is free from influence from 
the persons responsible for the development or operation of the models 
being validated. OCC believes that this change is not substantive 
because the MRM Policy, as proposed, would provide that MRM is 
responsible for independent model validations and that MRM personnel 
\19\ performing such validations are independent from, do not report 
to, and are otherwise free from influence from OCC business areas 
involved in the development, implementation and operation of Risk 
Methodologies.\20\
---------------------------------------------------------------------------

    \16\ This is also true with respect to the definition of ``Model 
Risk,'' which is currently defined as the potential for adverse 
consequences from decisions based on incorrect or misused model 
outputs. While OCC proposes to delete this defined term, this 
related description is preserved in the opening paragraph of the MRM 
Policy.
    \17\ The term ``Risk Model Defect'' is currently defined as an 
error, flaw, failure or fault in a computer program or system that 
causes a Risk Model to produce an incorrect or unexpected result, or 
to behave in unintended ways.
    \18\ Similarly, OCC proposes to delete the defined term 
``Decommissioned Model,'' which is currently defined as a Risk Model 
that has been approved by OCC's Risk Committee to no longer be used 
to estimate OCC's margin or clearing fund exposures. Such term is 
not currently used in the body of the MRM Policy. OCC is not 
proposing any substantive changes to the manner in which a Risk 
Model or Risk Methodology may be decommissioned under this proposed 
rule change. OCC also proposes to delete the definition of ``Model 
Inventory,'' referring to OCC's data base of in-use Risk Models and 
Risk Methodologies because references to OCC's Risk Model and Risk 
Methodology Inventory are self-explanatory.
    \19\ As noted above, under the proposed rule change, the head of 
MRM is responsible for maintaining ``qualified staff with the 
requisite knowledge, skills, and expertise to perform validations'' 
pursuant to relevant procedures. See infra n.16. As a result, the 
component of the ``Independent Model Validation'' referring to model 
validations being performed by a ``qualified person'' would be 
preserved to ensure that model validations are performed by 
qualified individuals.
    \20\ OCC also proposes to change references in the MRM Policy to 
``findings'' (e.g., findings from Risk Model or Risk Methodology 
validations) to instead refer to these items as ``observations.'' 
The purpose of this change is to avoid confusion with the use of the 
term ``findings'' in other OCC policies and procedures, such as in 
respect of regulatory findings or internal audit findings. But there 
would be no substantive change in any of the roles or 
responsibilities of the relevant OCC personnel with respect to Risk 
Model and Risk Methodology validation and performance monitoring. 
Relatedly, OCC also proposes to change the current reference to its 
``Model Findings Management Procedure'' and its ``Model Risk 
Management Findings Dashboard'' to the ``Model Risk Observations 
Management Procedure'' and the ``Model Risk Management Observations 
Dashboard'' respectively.
---------------------------------------------------------------------------

    OCC also proposes certain changes to the names of procedures 
mentioned in the MRM Policy. For example, the MRM Policy currently 
refers in certain places to the ``Risk Model Development Procedure,'' 
the ``Model Implementation Procedure,'' and the ``Model Validation 
Procedure.'' \21\ The Risk Model

[[Page 31552]]

Development Procedure and Model Implementation Procedure have been 
merged into a single procedure. It is referred to as the ``Risk 
Methodology Development and Implementation Procedure'' to reflect the 
expanded scope of covering Risk Methodologies rather than just Risk 
Models. Similarly, the ``Model Validation Procedure'' has been modified 
for the same reason to refer to the ``Methodology and Model Validation 
Procedure.''
---------------------------------------------------------------------------

    \21\ Similarly, OCC proposes to modify references to ``Model 
Assessment Reports'' to refer to just ``Assessment Reports'' in 
light of the broadened scope to capture Risk Methodologies rather 
than just ``Risk Models.'' Additionally, OCC proposes to change 
references to the Risk Model Documentation Procedure to the Risk 
Methodology Documentation Procedure.
---------------------------------------------------------------------------

    In certain other places within the MRM Policy, OCC proposes to 
modify references to certain specific procedures. Specifically, the MRM 
Policy currently specifies that QRM monitors the use and performance of 
Risk Models according to OCC's Model Backtesting Procedures, the 
Business Backtesting Procedure, and the Margin Model Parameter Review 
and Sensitivity Analysis Procedure. OCC proposes to add to this list 
that this also includes other ``related policies and procedures,'' and 
note that these additional related policies and procedures relate to 
OCC's Clearing Fund Methodology Policy, Liquidity Risk Management 
Framework and Margin Policy. OCC proposes to add ``and related policies 
and procedures'' because there are a number of additional policies or 
procedures (over 20) not specifically enumerated in the MRM Policy that 
OCC believes should be generally referenced in the MRM Policy given 
their relevance to Risk Methodology monitoring functions.
    Finally, OCC also proposes to make non-substantive amendments to 
streamline the description of the Management Committee's annual review 
and approval of any changes to MRM Policy.\22\
---------------------------------------------------------------------------

    \22\ Currently, the MRM Policy specifies that OCC's Management 
Committee shall review and approve the Policy on an annual basis and 
recommend approval of the Policy to the Risk Committee and that the 
Management Committee also shall review and approve any material 
changes to the Model Risk Management Policy and recommend further 
approval to the Risk Committee. As proposed, the MRM Policy would 
provide that the Management Committee reviews and approves any 
changes to the Model Risk Management Policy annually and recommends 
further approval to the Risk Committee.
---------------------------------------------------------------------------

Risk Applications
    OCC also proposes to add a description of ``Risk Applications'' to 
the MRM Policy. Risk Applications are tools with advanced quantitative 
or mathematical techniques that (a) apply to statistical, economic, or 
financial theories, and/or assumptions to process inputs into 
quantitative estimates, forecasts, or projections, and (b) do not have 
direct impact on OCC's margin, credit, or liquidity resources. OCC 
proposes to amend the MRM Policy to further specify that the Risk 
Application governance processes are outlined in the Risk Application 
Management Procedure and that, as part of this governance, MRM performs 
validations of the Risk Applications to verify the conceptual soundness 
of the Risk Application against its intended use, documented in 
validation reports, and that observations from such validations are 
addressed according to OCC's Model Risk Observation Management 
Procedure. OCC proposes to include mention of Risk Applications, which 
are used by OCC today, in the MRM Policy so that the MRM Policy 
describes these additional tools that are complementary to OCC's Risk 
Model and Risk Methodology management oversight. As noted, Risk 
Applications are tools that apply to processes (e.g., estimates, 
projections) that do not have a direct impact on OCC's margin, credit, 
or liquidity resources. As a result, Risk Applications do not directly 
impact Risk Models or Risk Methodologies, but are nonetheless related 
to OCC's processes for managing potential model risk.
    Similarly, OCC also proposes to amend the MRM Policy to provide 
that OCC utilizes User Developed Applications (``UDAs''), which are 
analytical applications designed to manipulate and analyze data that 
are used on a repetitive basis and might expose OCC to Model Risk. OCC 
also proposes to specify in the MRM Policy that UDAs are subject to 
governance processes outlined in OCC's User Developed Application (UDA) 
Management Procedure. Similar to Risk Applications, UDAs do not have a 
direct impact on OCC's Risk Models or Risk Methodologies, but reflect 
tools used by OCC to manage potential risks arising from routine 
calculations or data analysis performed by OCC.
(2) Statutory Basis
    Section 17A(b)(3)(F) of the Exchange Act requires, among other 
things, that the rules of a clearing agency be designed to assure the 
safeguarding of securities and funds in the custody or control of the 
clearing agency or for which it is responsible, and, in general, to 
protect investors and the public interest.\23\ OCC believes that the 
proposed amendments to the MRM Policy, which are primarily designed to 
expand the scope of the MRM Policy to more directly govern Risk 
Methodologies (i.e., a collection of Risk Models) rather than Risk 
Models individually, would help to ensure that OCC maintains policies 
and procedures that are reasonably designed to provide for a robust 
model risk management framework, which in turn promotes the protection 
of investors and the public interest. In particular, because Risk 
Models typically do not operate in isolation, but rather as part of a 
broader Risk Methodology, OCC believes that expanding the MRM Policy to 
more comprehensively focus on Risk Methodologies would promote a more 
sound risk management framework, consistent with Rule 17Ad-
22(e)(3).\24\ OCC believes that a more holistic approach would help to 
ensure that potential sources of model risk that may not have been 
formally subject to the MRM Policy are now subject to the MRM Policy, 
which in turn can further the protection of investors and the public 
interest which benefit from more sound risk management frameworks for 
registered clearing agencies.
---------------------------------------------------------------------------

    \23\ 15 U.S.C. 78q-1(b)(3)(F).
    \24\ 17 CFR 240.17Ad-22(e)(3).
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(2) requires a covered clearing agency to establish, 
implement, maintain and enforce written policies and procedures 
reasonably designed to provide for governance arrangements that, among 
other things: (i) clearly prioritize safety and efficiency of the 
covered clearing agency; (ii) support the public interest requirements 
in section 17A of the Exchange Act \25\ applicable to clearing 
agencies, and the objectives of owners and participants and (iii) 
specify clear and direct lines of responsibility.\26\ OCC believes that 
the proposed changes to the MRM Policy are consistent with Rule 17Ad-
22(e)(2) because they are designed to prioritize the safety and 
efficiency of OCC and support the public interest requirements in 
section 17A of the Exchange Act by helping to ensure that Risk 
Methodologies are reviewed holistically to evaluate potential model 
risk rather than evaluating model risk for Risk Models on a more 
individual basis. While OCC's current processes under the MRM Policy do 
contemplate the evaluation of Risk Methodologies, OCC believes that the 
proposed changes will better facilitate a review of Risk Methodologies 
in their entirety, which OCC believes helps prioritize the safety and 
efficiency of OCC by addressing additional

[[Page 31553]]

potential sources of model risk that may not have previously been 
directly subject to the MRM Policy. The safe and efficient management 
of risks related to the sufficiency of OCC's credit, margin, and 
liquidity resources--including arising from Risk Models and Risk 
Methodologies used to calculate and manage such risks--is necessary to 
allow OCC to effectively and continuously carry out its core clearing 
functions (such as transferring record ownership and safeguarding 
securities and funds). OCC notes that its current processes for 
reviewing Risk Models on an individual basis will not change under the 
proposed rule change, but will now encompass more directly a broader 
review of Risk Methodologies.
---------------------------------------------------------------------------

    \25\ 15 U.S.C. 78q-1. The public interest requirements in 
section 17A of the Act include that the ``prompt and accurate 
clearance and settlement of securities transactions, including the 
transfer of record ownership and the safeguarding of securities and 
funds related thereto, are necessary for the protection of investors 
and persons facilitating and acting on behalf of investors.'' See 15 
U.S.C. 78q-1(a)(1)(A).
    \26\ 17 CFR 240.17Ad-22(e)(2).
---------------------------------------------------------------------------

    In addition, OCC believes the proposed changes to describe the 
roles and responsibilities of different groups and departments (e.g., 
changing references from QRM to FRM) under the MRM Policy are also 
consistent with Rule 17Ad-22(e)(2) because they would specify clear and 
direct lines of responsibility among OCC personnel with 
responsibilities under the MRM Policy and would reflect internal 
organizational changes within OCC As described above, FRM encompasses 
different departments, including QRM, that collaborate with each other 
and that are tasked with responsibility for managing the Risk 
Methodology framework subject to the MRM Policy. QRM has and will 
continue to have primary responsibility for individual Risk Models, 
however, references in the MRM Policy would be changed to FRM to 
reflect that other departments within FRM may have responsibility for 
an input or output that is part of a Risk Methodology but not 
necessarily part of a Risk Model. This structure allows the processes 
related to Risk Models and Risk Methodology components to be aligned 
and managed under the one organizational umbrella of FRM, which in turn 
better addresses sources of model risk from a holistic perspective. The 
proposed changes in certain roles and responsibilities of different 
groups, such as providing that MRM is responsible for validating Risk 
Methodologies (including any changes to Risk Methodologies) prior to 
implementation, clearly and transparently reflects FRM's broadened 
scope of responsibility for the Risk Methodology framework. Moreover, 
the approach results in OCC having a coordinated strategy for managing 
the Risk Methodology framework and its components. None of the proposed 
changes, however, would change the CFRO's role or supervisory 
responsibility regarding all FRM's departments or change QRM's specific 
responsibilities for Risk Models.\27\
---------------------------------------------------------------------------

    \27\ OCC notes that it has modified the specific individual or 
title of the individual responsible for carrying out certain 
functions in two instances: (1) stating that FRM, rather than the 
CFRO, is responsible for writing, reviewing, and approving Risk 
Methodology documentation in accordance with OCC's Risk Methodology 
Documentation Procedure; and (2) changing the reference from the 
Executive Director of MRM to the ``head of MRM.'' See infra n.11 and 
14 and accompanying text. In the former case, while the FRM 
department is noted, the CFRO continues to be directly referenced 
for review and, if appropriate, approval of Risk Methodology 
documentation, and in the latter case, the change is non-substantive 
as it is intended to accommodate potential title changes to the head 
of MRM that may occur. See id. For these reasons, OCC does not 
believe that these changes would diminish clear or direct lines of 
responsibility under OCC's policies and procedures, including the 
proposed MRM Policy.
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(3)(i) requires a covered clearing agency to 
establish, implement, maintain, and enforce written policies and 
procedures reasonably designed to, among other things, maintain a sound 
risk management framework for comprehensively managing its risks, which 
includes risk management policies, procedures, and systems designed to 
identify, measure, monitor, and manage the range of risks that arise in 
or are borne by the covered clearing agency, that are subject to review 
on a specified periodic basis and approved by its board annually.\28\ 
OCC believes that the proposed Policy is consistent with Rule 17Ad-
22(e)(3)(i) \29\ because the proposed changes are designed to, among 
other things, expand the MRM Policy to address Risk Methodologies 
comprehensively rather than Risk Models on a more individual basis and 
that the proposed changes thereby promote a more sound risk management 
framework for comprehensively managing its risks. OCC notes that under 
the proposed rule change, the MRM Policy would continue to be reviewed 
on a periodic basis and reviewed by OCC's Board annually.\30\
---------------------------------------------------------------------------

    \28\ 17 CFR 240.17Ad-22(e)(3)(i).
    \29\ Id.
    \30\ OCC also notes that it is not proposing any substantive 
changes to its current processes related to performing independent 
model validations on its credit risk models, margin models, and 
liquidity risk models, and the proposed MRM Policy should therefore 
remain consistent with the requirements of Rules 17Ad-22(e)(4)(vii), 
(e)(6)(vii) and (e)(7)(vii). 17 CFR 240.17Ad-22(e)(4)(vii), 
(e)(6)(vii) and (e)(7)(vii).
---------------------------------------------------------------------------

(B) Clearing Agency's Statement on Burden on Competition

    Section 17A(b)(3)(I) of the Exchange Act \31\ requires that the 
rules of a clearing agency not impose any burden on competition not 
necessary or appropriate in furtherance of the purposes of the Exchange 
Act. OCC does not believe that the proposed rule change would impact or 
impose any burden on competition. The proposed rule change addresses 
OCC's internal framework surrounding the governance, development, 
implementation, use, monitoring, and validation of Risk Models and Risk 
Methodologies. Under this framework, OCC's controls regarding the 
design, use, implementation and validation of models, as set forth in 
the proposed MRM Policy, insofar as they affect margin or Clearing Fund 
requirements, would have an equal impact on all Clearing Members. 
Consequently, the proposed Policy does not provide any Clearing Member 
with a competitive advantage over any other Clearing Member. Further, 
the proposed rule change would not affect any Clearing Member's access 
to OCC's services or impose any direct burdens on Clearing Members. 
Accordingly, the proposed rule change would not unfairly inhibit access 
to OCC's services or disadvantage or favor any particular user in 
relationship to another user.
---------------------------------------------------------------------------

    \31\ 15 U.S.C. 78q-1(b)(3)(I).
---------------------------------------------------------------------------

    For the foregoing reasons, OCC believes that the proposed rule 
change is in the public interest, would be consistent with the 
requirements of the Exchange Act applicable to clearing agencies, and 
would not impact or impose a burden on competition.

(C) Clearing Agency's Statement on Comments on the Proposed Rule Change 
Received From Members, Participants or Others

    Written comments were not and are not intended to be solicited with 
respect to the proposed rule change and none have been received.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the self-regulatory organization consents, the Commission will:
    (A) by order approve or disapprove such proposed rule change, or
    (B) institute proceedings to determine whether the proposed rule 
change should be disapproved.
    The proposal shall not take effect until all regulatory actions 
required with respect to the proposal are completed.

[[Page 31554]]

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views, and 
arguments concerning the foregoing, including whether the proposed rule 
change, security-based swap submission or advance notice is consistent 
with the Act. Comments may be submitted by any of the following 
methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/sro.shtml) or
     Send an email to [email protected]. Please include 
File Number SR-OCC-2023-004 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street, NE Washington, DC 20549-1090.

All submissions should refer to File Number SR-OCC-2023-004. This file 
number should be included on the subject line if email is used. To help 
the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's internet website (https://www.sec.gov/rules/sro.shtml). 
Copies of the submission, all subsequent amendments, all written 
statements with respect to the proposed rule change that are filed with 
the Commission, and all written communications relating to the proposed 
rule change between the Commission and any person, other than those 
that may be withheld from the public in accordance with the provisions 
of 5 U.S.C. 552, will be available for website viewing and printing in 
the Commission's Public Reference Room, 100 F Street NE, Washington, DC 
20549, on official business days between the hours of 10:00 a.m. and 
3:00 p.m. Copies of such filing also will be available for inspection 
and copying at the principal office of OCC and on OCC's website at 
https://www.theocc.com/Company-Information/Documents-and-Archives/By-Laws-and-Rules48T.
    Do not include personal identifiable information in submissions; 
you should submit only information that you wish to make available 
publicly. We may redact in part or withhold entirely from publication 
submitted material that is obscene or subject to copyright protection. 
All submissions should refer to File Number SR-OCC-2023-004 and should 
be submitted on or before June 7, 2023.

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\32\
---------------------------------------------------------------------------

    \32\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------

Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2023-10469 Filed 5-16-23; 8:45 am]
BILLING CODE 8011-01-P