Self-Regulatory Organizations; ICE Clear Europe Limited; Notice of Filing of Proposed Rule Change, as Modified by Amendment No. 1 and Partial Amendment No. 2, Relating to Amendments to the Outsourcing Policy, 49545-49548 [2023-16118]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 88, Number 145 (Monday, July 31, 2023)]
[Notices]
[Pages 49545-49548]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-16118]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-97974; File No. SR-ICEEU-2023-018]


Self-Regulatory Organizations; ICE Clear Europe Limited; Notice 
of Filing of Proposed Rule Change, as Modified by Amendment No. 1 and 
Partial Amendment No. 2, Relating to Amendments to the Outsourcing 
Policy

July 25, 2023.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 
1934,\1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that on 
July 10, 2023, ICE Clear Europe Limited (``ICE Clear Europe'' or the 
``Clearing House'') filed with the Securities and Exchange Commission 
(``Commission'') the proposed rule changes described in Items I, II and 
III below, which Items have been primarily prepared by ICE Clear 
Europe. On July 11, 2023, ICE Clear Europe filed Amendment No. 1 to the 
proposed rule change to make certain changes to the Form 19b-4 and 
Exhibit 1A for file no. SR-ICEEU-2023-018.\3\ On July 24, 2023, ICE 
Clear Europe filed Partial Amendment No. 2 to the proposed rule change 
to make a certain change to Exhibit 5 of file no. SR-ICEEU-2023-018.\4\ 
The Commission is publishing this notice to solicit comments on the 
proposed rule change, as modified by Amendment No. 1 and Partial 
Amendment No. 2 (hereafter, ``the proposed rule change''), from 
interested persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
    \3\ Amendment No. 1 amends and restates in its entirety the Form 
19b-4 and Exhibit 1A to correct the narrative description of the 
proposed rule change. Amendment No. 1 did not change the purpose or 
basis of the proposed rule change.
    \4\ Partial Amendment No. 2 amends and restated in its entirety 
Exhibit 5 to correct an inadvertent omission of a single word. 
Partial Amendment No. 2 did not change the purpose or basis of the 
proposed rule change.
---------------------------------------------------------------------------

I. Clearing Agency's Statement of the Terms of Substance of the 
Proposed Rule Change

    ICE Clear Europe Limited (``ICE Clear Europe'' or the ``Clearing 
House'') is proposing to amend its Outsourcing Policy (to be renamed 
the Outsourcing and Third Party Risk Management Policy) (the 
``Outsourcing Policy'' or ``Policy'').\5\ The amendments would broaden 
the coverage of the Policy to address third party service provider 
arrangements that may not technically constitute outsourcing, to 
enhance third party risk management, to add the execution of risk 
assessments and to update the Document Governance and Exception 
Handling language, among other changes discussed herein.
---------------------------------------------------------------------------

    \5\ Capitalized terms used but not defined herein have the 
meanings specified in the ICE Clear Europe Clearing Rules and the 
Outsourcing Policy.
---------------------------------------------------------------------------

II. Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

    In its filing with the Commission, ICE Clear Europe included 
statements concerning the purpose of and basis for the proposed rule 
change and discussed any comments it received on the proposed rule 
change. The text of these statements may be examined at the places 
specified in Item IV below. ICE Clear Europe has prepared summaries, 
set forth in sections (A), (B), and (C) below, of the most significant 
aspects of such statements.

(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

(a) Purpose
    ICE Clear Europe is proposing to amend its Outsourcing Policy (to 
be renamed the Outsourcing and Third Party Risk Management Policy) to 
extend coverage of the policy to include risk management of third party 
arrangements that may not constitute outsourcing. The purpose of the 
Policy would reflect this change by clarifying that the Policy would 
generally extend to arrangements in which services are provided by 
third parties to the Clearing House, whether or not such services are 
considered outsourcing, including to assessing the risks of such 
services.
    The Outsourcing Policy would clarify its definition of outsourcing 
in the introduction section to be the use of third party service 
providers (which could be an external party or an affiliate), either 
directly or through sub-outsourcing, to provide a service that would 
otherwise be performed by ICE Clear Europe itself and is therefore 
subject to the Board's oversight. The amendment would further clarify 
that the Clearing House would remain responsible for discharging its 
obligations with respect to the outsourced activities, the outsourcing 
arrangement would not result in the

[[Page 49546]]

delegation of the Clearing House's responsibility, and the outsourced 
activities would conform to the same standards that would be required 
if the activities were completed internally. The amendments would also 
clarify the distinction between an outsourcing and a purchasing 
arrangement, which would not involve an arrangement otherwise performed 
by the Clearing House and therefore would not typically be subject to 
Board oversight.
    The amendments would also clarify the distinction between external 
third party providers of services and affiliated providers. The Policy 
would add a definition for third party, which would cover any 
organization (whether or not affiliated) that has entered into a 
relationship or contract with the Clearing House to provide products, 
services, processes, activities or business functions. Use of external 
third parties (i.e., those not affiliated with the Clearing House) 
would be managed consistently at the group level through the existing 
Vendor Management Policy (``VMP''). It would further clarify that 
outsourcing through the Clearing House's affiliates presents a lower 
residual risk profile because, among listed reasons in the existing 
Policy, the affiliates would have a similar higher standard of 
operational resilience generally (as opposed to referring only to 
business continuity) and the Clearing House would also have greater 
influence (as well as control) over the operation of the affiliate's 
services. These amendments are intended to more clearly describe 
current practice under the existing Policy.
    The amendments would revise statements in the existing Policy 
relating to objectives, assessments of service providers in various 
situations (including regulated parties and parties in different 
jurisdictions), management of outsourcing, conflicts of interest and 
audit to also extend to other third party service arrangements. The 
amendments would reference the Clearing House's outsourcing operating 
manual (renamed to reflect the broader goal of third party risk 
management as well of outsourcing). As so revised, the Policy would 
state that contracting with third parties is covered consistently at a 
group level under the VMP. The amendments would clarify, consistent 
with current practice, that ICE Clear Europe would use the VMP process 
as an input for the risk-based assessment of each service provider. The 
amendments would also provide that the Clearing House would make the 
third parties aware of relevant internal policies to gain a better 
understanding of the obligations and services expected. For contracting 
with affiliates, the amendments would clarify that the relevant 
assessment would be made by ICE Clear Europe, in accordance with its 
ordinary governance practices (and not necessarily by the senior 
management). The revised Policy would state that ICE Clear Europe would 
follow its Conflicts of Interest Policy when managing any potential 
conflicts of interests as a result of its service arrangements. (This 
reflects current practice but would add an appropriate reference in the 
Policy to the Conflicts of Interest Policy.) With respect to cloud 
outsourcing, the amendments would add that ICE Clear Europe would 
consider any risks related to the Clearing Members connecting to the 
Clearing House through cloud service providers.
    The Policy would also include a new Risk Assessments section that 
would set out the proportional risk assessment that would be performed 
on a service provider in order to identify, measure and mitigate risks. 
The section would include certain considerations (although not limited 
to those listed) that include whether the service is a critical or 
important function or a dependence to the delivery of one of ICE Clear 
Europe's services, whether the activity is outsourcing, whether the 
service relies on cloud-based technology that may pose new or 
additional risks, whether the service provider is an external third 
party or an affiliate, the legal jurisdiction of the service provider, 
conflicts of interest, operational resilience considerations, data 
security, exit plans, contractual terms, and availability of 
alternative or back-up providers, among others. For outsourced or 
critical non-outsourced services, this assessment would be performed at 
least annually and on an ad-hoc basis following a material incident or 
service disruption event or material service agreement breach. This 
would include comparing the performance of the service provider against 
the agreed service levels. The responsibilities of risk assessments and 
related testing would be overseen by the Clearing House's Chief 
Operating Officer or delegate, with ownership of each service and the 
related resiliency arrangements resting with the relevant Head of 
Department.
    The amendments would clarify and expand certain provisions relating 
to identification of critical or important functions, including to 
extend the existing provisions to apply to acquired services generally 
and not only outsourcing. In identifying critical or important 
functions the amendments would add that the Clearing House would 
consider continuity of ICE Clear Europe's important business services 
or operation as a CCP that could in turn threaten the Clearing House's 
financial stability or impact its resolvability. A third party would be 
treated as critical if it is contracted to perform such a critical 
function. Criticality would be reassessed on at least an annual basis.
    The revised Policy would also acknowledge that any outsourcing of 
critical or important functions could have an effect on the operational 
resilience measures of the Clearing House more generally (and not 
merely the narrower category of business continuity). The revised 
Policy further clarifies that exit plans for critical and important 
functions would be periodically tested. As part of its operational 
resilience framework, the Clearing House would examine purchased 
services as well as outsourced or sub-outsourced services that are a 
dependence for the Clearing House's important business services. In 
addition, the operational resilience framework would include extreme 
but plausible test scenarios resulting from the disruption of critical 
third party services.
    The Policy would also make various amendments to the discussion of 
additional important considerations for the Clearing House to ensure 
that considerations would be given to important business services and 
critical functions that are affected by third party service 
arrangements, including with respect to business continuity 
arrangements, incident management responsiveness and reporting, 
independent assurances, redundancies, notice periods and exit 
strategies. The amendments would add a new section on Contractual 
Agreements. The section would add that for outsourcing arrangements in 
particular, the Clearing House's legal team would review any written 
service agreements to confirm the inclusion of all relevant contractual 
safeguards so that ICE Clear Europe could monitor relevant risks, 
regulatory requirements and expectations. The aim would be for the 
agreements to outline the rights, obligations, and responsibilities of 
all the parties, and include provisions associated with data security, 
access, audit and information rights, sub-outsourcing, service 
resilience, service levels, incident management, termination and exit 
plans. Arrangements for purchased services should be similarly 
reviewed, but the Policy would acknowledge that some purchased services 
may be subject to non-negotiable terms set by the third party. This 
situation would be considered during the pre-execution risk assessment 
phase. The Outsourcing

[[Page 49547]]

Policy would also set out that ICE Clear Europe would periodically 
exercise its audit rights under agreements relating to outsourcing 
arrangements, perform audits as appropriate which could include on-site 
visits.
    Provisions relating to Board oversight would be revised to provide 
that the Board must approve new or materially amended outsourcing 
arrangements. Certain clarifications would be made to the requirements 
for the annual outsourcing assessment report to be prepared by the 
Chief Operating Officer, including the addition of a summary of 
critical non-outsourcing services received. A new provision would be 
added setting out that ICE Clear Europe will engage with regulatory 
authorities before executing or materially amending a critical service 
arrangement with regard to the relevant regulatory requirements or 
expectations.
    Finally, the amendments would make changes to the Policy's document 
governance, breach management and exception handling, to make it 
generally consistent with other ICE Clear Europe policies. The document 
owner identified by the Clearing House would be responsible for 
ensuring that the Policy remains up-to-date and reviewed in accordance 
with the Clearing House's governance processes. Document review would 
be conducted by the document owner and related staff, with sign off by 
the head of department and the Chief Risk Officer (or their respective 
delegates). Document reviews would encompass at the minimum regulatory 
compliance, documentation and purpose, implementation, use and open 
items from previous validations or reviews. Results of the review would 
have to be reported to the Executive Risk Committee or in certain cases 
to the Model Oversight Committee. The document owner would also aim to 
remediate the findings, complete internal governance and receive 
regulatory approvals before the following annual review is due. The 
document owner would also be responsible for reporting any material 
breaches or deviations to the Head of Department, Chief Risk Officer 
and Head of Regulation and Compliance in order to determine if further 
escalation is required. The amendments would state explicitly that 
changes to the Policy would have to be approved in accordance with the 
Clearing House's governance process and would take effect following 
completion of required internal and regulatory approvals. Exceptions to 
the Policy would also be approved in accordance with the governance 
processes for approvals of changes to the Policy.
(b) Statutory Basis
    ICE Clear Europe believes that the amendments to the Outsourcing 
Policy are consistent with the requirements of Section 17A of the 
Securities Exchange Act of 1934 (the ``Act'') \6\ and the regulations 
thereunder applicable to it. In particular, Section 17A(b)(3)(F) of the 
Act \7\ requires, among other things, that the rules of a clearing 
agency be designed to promote the prompt and accurate clearance and 
settlement of securities transactions and, to the extent applicable, 
derivative agreements, contracts, and transactions, the safeguarding of 
securities and funds in the custody or control of the clearing agency 
or for which it is responsible, and the protection of investors and the 
public interest.
---------------------------------------------------------------------------

    \6\ 15 U.S.C. 78q-1.
    \7\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------

    The changes to the Outsourcing Policy are designed to extend 
coverage of the existing policy to include third party risk management 
more generally, including purchased services as well as outsourced 
services. The amendments also add new requirements around risk 
assessments, identification of critical functions, operational 
resilience, and review of contractual arrangements with service 
providers. The amendments further update the Board oversight, document 
governance, regulatory engagement, and exception handling. The 
amendments would not make changes to the Rules or the rights or 
obligations of Clearing Members. In ICE Clear Europe's view, the 
amendments to the Policy will thus facilitate management of the risks 
related to outsourcing and other third party service arrangements, and 
thereby promote the efficient operation and stability of the Clearing 
House and the prompt and accurate clearance and settlement of cleared 
contracts. The enhanced risk management for third party service 
providers is therefore also generally consistent with the protection of 
investors and the public interest in the safe operation of the Clearing 
House. (ICE Clear Europe would not expect the changes to the Policy to 
affect materially the safeguarding of securities and funds in ICE Clear 
Europe's custody or control or for which it is responsible.) 
Accordingly, the amendments to the Policy satisfy the requirements of 
Section 17A(b)(3)(F).\8\
---------------------------------------------------------------------------

    \8\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------

    The amendments to the Outsourcing Policy are also consistent with 
relevant provisions of Rule 17Ad-22.\9\ Rule 17Ad-22(e)(3)(i) provides 
that ``[e]ach covered clearing agency shall establish, implement, 
maintain and enforce written policies and procedures reasonable [sic] 
designed to, as applicable [. . .] identify, measure, monitor, and 
manage the range of risks that arise in or are borne by the covered 
clearing agency''.\10\ The amendments to the Policy are intended to 
better document and to enhance the Clearing House's practices that 
relate to management of the Clearing House's use of outsourcing and 
other third party service providers, as set forth above. The changes to 
the Outsourcing Policy aim to extend certain Clearing House risk 
management practices to third party services that may not be covered by 
existing outsourcing practices. In ICE Clear Europe's view, as set out 
above, the amended Policy would facilitate overall risk management with 
respect to third party services, consistent with the requirements of 
Rule 17Ad-22(e)(3)(i).\11\
---------------------------------------------------------------------------

    \9\ 17 CFR 240.17 Ad-22.
    \10\ 17 CFR 240.17 Ad-22(e)(3)(i).
    \11\ 17 CFR 240.17 Ad-22(e)(3)(i).
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(2) provides that ``[e]ach covered clearing agency 
shall establish, implement, maintain and enforce written policies and 
procedures reasonable [sic] designed to, as applicable [. . .] provide 
for governance arrangements that are clear and transparent'' \12\ and 
``[s]pecify clear and direct lines of responsibility''.\13\ As 
discussed, the amendments to the Policy would update the provisions 
relating to Board oversight, including by stating that the Board must 
approve new or materially amended outsourcing arrangements. The 
amendments would also state more clearly requirements around document 
governance, regulatory engagement, and exception handling, generally in 
a manner consistent with other ICE Clear Europe policies. The Policy 
would describe the responsibilities of the document owner and 
appropriate escalation and notification requirements for responding to 
exceptions and deviations from the Policy. In ICE Clear Europe's view, 
the amendments are therefore consistent with the requirements of Rule 
17Ad-22(e)(2).\14\
---------------------------------------------------------------------------

    \12\ 17 CFR 240.17 Ad-22(e)(2)(i).
    \13\ 17 CFR 240.17 Ad-22(e)(2)(v).
    \14\ 17 CFR 240.17 Ad-22(e)(2).
---------------------------------------------------------------------------

(B) Clearing Agency's Statement on Burden on Competition

    ICE Clear Europe does not believe the amendments to the Outsourcing 
Policy would have any impact, or impose any burden, on competition not 
necessary or appropriate in furtherance of the purposes of the Act. The 
Policy changes are being adopted to better document and enhance the 
Clearing House's

[[Page 49548]]

practices related to risk management of third party service providers, 
including purchased services as well as outsourcing. The Policy does 
not change the rights or obligations of Clearing Members or the 
Clearing House under the Rules or Procedures. Accordingly, ICE Clear 
Europe does not believe that adoption of the Policy would adversely 
affect competition among Clearing Members, materially affect the costs 
of clearing, adversely affect the ability of market participants to 
access clearing or the market for clearing services generally, or 
otherwise adversely affect competition in clearing services. Therefore, 
ICE Clear Europe does not believe the proposed rule change would impose 
any burden on competition that is not necessary or appropriate in 
furtherance of the purposes of the Act.

(C) Clearing Agency's Statement on Comments on the Proposed Rule Change 
Received From Members, Participants or Others

    Written comments relating to the proposed amendments have not been 
solicited or received by ICE Clear Europe. ICE Clear Europe will notify 
the Commission of any written comments received with respect to the 
proposed rule change.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the self-regulatory organization consents, the Commission will:
    (A) by order approve or disapprove such proposed rule change, or
    (B) institute proceedings to determine whether the proposed rule 
change should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views, and 
arguments concerning the foregoing, including whether the proposed rule 
change, security-based swap submission or advance notice is consistent 
with the Act. Comments may be submitted by any of the following 
methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/sro.shtml) or
     Send an email to [email protected]. Please include 
File Number SR-ICEEU-2023-018 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.

All submissions should refer to File Number SR-ICEEU-2023-018. This 
file number should be included on the subject line if email is used. To 
help the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's internet website (https://www.sec.gov/rules/sro.shtml). 
Copies of the submission, all subsequent amendments, all written 
statements with respect to the proposed rule change that are filed with 
the Commission, and all written communications relating to the proposed 
rule change between the Commission and any person, other than those 
that may be withheld from the public in accordance with the provisions 
of 5 U.S.C. 552, will be available for website viewing and printing in 
the Commission's Public Reference Room, 100 F Street NE, Washington, DC 
20549, on official business days between the hours of 10:00 a.m. and 
3:00 p.m. Copies of such filings will also be available for inspection 
and copying at the principal office of ICE Clear Europe and on ICE 
Clear Europe's website at https://www.theice.com/clear-europe/regulation.
    Do not include personal identifiable information in submissions; 
you should submit only information that you wish to make available 
publicly. We may redact in part or withhold entirely from publication 
submitted material that is obscene or subject to copyright protection. 
All submissions should refer to File Number SR-ICEEU-2023-018 and 
should be submitted on or before August 21, 2023.

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\15\
---------------------------------------------------------------------------

    \15\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------

J. Matthew DeLesDernier,
Deputy Secretary.
[FR Doc. 2023-16118 Filed 7-28-23; 8:45 am]
BILLING CODE 8011-01-P