Self-Regulatory Organizations; ICE Clear Europe Limited; Order Approving Proposed Rule Change, as Modified by Amendment No. 1 and Partial Amendment No. 2, Relating to Amendments to the Outsourcing Policy, 64953-64957 [2023-20306]
Download as PDF
<![CDATA[
Federal Register / Vol. 88, No. 181 / Wednesday, September 20, 2023 / Notices
B. Self-Regulatory Organization’s
Statement on Burden on Competition
lotter on DSK11XQN23PROD with NOTICES1
The Exchange does not believe that
the proposed rule change will impose
any burden on competition that is not
necessary or appropriate in furtherance
of the purposes of the Act. The
proposed fee change will not impact
intramarket competition because it will
apply to all similarly situated Members
equally (i.e., all market participants that
choose to purchase the 10 Gb physical
port). Additionally, the Exchange does
not believe its proposed pricing will
impose a barrier to entry to smaller
participants and notes that its proposed
connectivity pricing is associated with
relative usage of the various market
participants. For example, market
participants with modest capacity needs
can continue to buy the less expensive
1 Gb physical port (which cost is not
changing) or may choose to obtain
access via a third-party re-seller. While
pricing may be increased for the larger
capacity physical ports, such options
provide far more capacity and are
purchased by those that consume more
resources from the network.
Accordingly, the proposed connectivity
fees do not favor certain categories of
market participants in a manner that
would impose a burden on competition;
rather, the allocation reflects the
network resources consumed by the
various size of market participants—
lowest bandwidth consuming members
pay the least, and highest bandwidth
consuming members pays the most.
The Exchange’s proposed fee is also
still lower than some fees for similar
connectivity on other exchanges and
therefore may stimulate intermarket
competition by attracting additional
firms to connect to the Exchange or at
least should not deter interested
participants from connecting directly to
the Exchange. Further, if the changes
proposed herein are unattractive to
market participants, the Exchange can,
and likely will, see a decline in
connectivity via 10 Gb physical ports as
a result. The Exchange operates in a
highly competitive market in which
market participants can determine
whether or not to connect directly to the
Exchange based on the value received
compared to the cost of doing so.
C. Self-Regulatory Organization’s
Statement on Comments on the
Proposed Rule Change Received From
Members, Participants, or Others
The Exchange neither solicited nor
received comments on the proposed
rule change.
VerDate Sep<11>2014
16:38 Sep 19, 2023
Jkt 259001
III. Date of Effectiveness of the
Proposed Rule Change and Timing for
Commission Action
The foregoing rule change has become
effective pursuant to Section 19(b)(3)(A)
of the Act 19 and paragraph (f) of Rule
19b–4 20 thereunder. At any time within
60 days of the filing of the proposed rule
change, the Commission summarily may
temporarily suspend such rule change if
it appears to the Commission that such
action is necessary or appropriate in the
public interest, for the protection of
investors, or otherwise in furtherance of
the purposes of the Act. If the
Commission takes such action, the
Commission will institute proceedings
to determine whether the proposed rule
change should be approved or
disapproved.
IV. Solicitation of Comments
Interested persons are invited to
submit written data, views, and
arguments concerning the foregoing,
including whether the proposed rule
change is consistent with the Act.
Comments may be submitted by any of
the following methods:
Electronic Comments
• Use the Commission’s internet
comment form (https://www.sec.gov/
rules/sro.shtml); or
• Send an email to rule-comments@
sec.gov. Please include file number SR–
CboeBZX–2023–067 on the subject line.
Paper Comments
• Send paper comments in triplicate
to Secretary, Securities and Exchange
Commission, 100 F Street NE,
Washington, DC 20549–1090.
All submissions should refer to file
number SR–CboeBZX–2023–067. This
file number should be included on the
subject line if email is used. To help the
Commission process and review your
comments more efficiently, please use
only one method. The Commission will
post all comments on the Commission’s
internet website (https://www.sec.gov/
rules/sro.shtml). Copies of the
submission, all subsequent
amendments, all written statements
with respect to the proposed rule
change that are filed with the
Commission, and all written
communications relating to the
proposed rule change between the
Commission and any person, other than
those that may be withheld from the
public in accordance with the
provisions of 5 U.S.C. 552, will be
available for website viewing and
printing in the Commission’s Public
19 15
20 17
PO 00000
U.S.C. 78s(b)(3)(A).
CFR 240.19b–4(f).
Frm 00073
Fmt 4703
Sfmt 4703
64953
Reference Room, 100 F Street NE,
Washington, DC 20549, on official
business days between the hours of 10
a.m. and 3 p.m. Copies of the filing also
will be available for inspection and
copying at the principal office of the
Exchange. Do not include personal
identifiable information in submissions;
you should submit only information
that you wish to make available
publicly. We may redact in part or
withhold entirely from publication
submitted material that is obscene or
subject to copyright protection. All
submissions should refer to file number
SR–CboeBZX–2023–067 and should be
submitted on or before October 11,
2023.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.21
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2023–20312 Filed 9–19–23; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–98387; File No. SR–ICEEU–
2023–018]
Self-Regulatory Organizations; ICE
Clear Europe Limited; Order Approving
Proposed Rule Change, as Modified by
Amendment No. 1 and Partial
Amendment No. 2, Relating to
Amendments to the Outsourcing
Policy
September 14, 2023.
I. Introduction
On July 10, 2023, ICE Clear Europe
Limited (‘‘ICE Clear Europe’’) filed with
the Securities and Exchange
Commission (‘‘Commission’’), pursuant
to Section 19(b)(1) of the Securities
Exchange Act of 1934 (the ‘‘Act’’),1 and
Rule 19b–4 thereunder,2 a proposed rule
change to amend its Outsourcing Policy
(to be renamed the Outsourcing and
Third Party Risk Management Policy)
(the ‘‘Outsourcing Policy’’). On July 11,
2023, ICE Clear Europe filed
Amendment No. 1 to the proposed rule
change to make certain changes to the
Form 19b–4 and Exhibit 1A for file no.
SR–ICEEU–2023–018; 3 and on July 24,
2023, ICE Clear Europe filed Partial
Amendment No. 2 to the proposed rule
21 17
CFR 200.30–3(a)(12).
U.S.C. 78s(b)(1).
2 17 CFR 240.19b–4.
3 Amendment No. 1 amended and restated in its
entirety the Form 19b–4 and Exhibit 1A to correct
the narrative description of the proposed rule
change. Amendment No. 1 did not change the
purpose or basis of the proposed rule change.
1 15
E:\FR\FM\20SEN1.SGM
20SEN1
64954
Federal Register / Vol. 88, No. 181 / Wednesday, September 20, 2023 / Notices
change to make a certain change to
Exhibit 5 of file no. SR–ICEEU–2023–
018 4 (together, ‘‘proposed rule
change’’). The proposed rule change was
published for comment in the Federal
Register on July 31, 2023.5 The
Commission did not receive comments
regarding the proposed rule change. For
the reasons discussed below, the
Commission is approving the proposed
rule change.
lotter on DSK11XQN23PROD with NOTICES1
II. Description of the Proposed Rule
Change
ICE Clear Europe is registered with
the Commission as a clearing agency for
the purpose of clearing security-based
swaps.6 In its role as a clearing agency
for clearing security-based swaps, ICE
Clear Europe regularly enters into
arrangements with affiliates and thirdparty service providers to perform
certain functions or activities. Such
arrangements often come with a variety
of risks, including legal, operational,
general business, and other types of
risks. To reduce risk exposure from such
outsourcing arrangements, ICE Clear
Europe created its Outsourcing Policy to
describe, in a consolidated document,
procedures for managing outsourcing
arrangements with affiliates and thirdparty service providers, including how
ICE Clear Europe’s Board of Directors
(‘‘Board’’) maintains oversight of these
outsourcing arrangements.7
The proposed rule change would
amend ICE Clear Europe’s Outsourcing
Policy to extend coverage to third-party
service provider arrangements that
technically may not constitute
outsourcing, to describe in more detail
third-party risk management, to add the
execution of risk assessments, and to
update the Document Governance and
Exception Handling language, among
other changes.
As proposed, the purpose of the
Outsourcing Policy would clarify that it
would extend to arrangements in which
services are provided by third parties to
4 Partial Amendment No. 2 amended and restated
in its entirety Exhibit 5 to correct an inadvertent
omission of a single word. Partial Amendment No.
2 did not change the purpose or basis of the
proposed rule change.
5 Self-Regulatory Organizations; ICE Clear Europe
Limited; Notice of Filing of Proposed Rule Change,
as Modified by Amendment No. 1 and Partial
Amendment No. 2, Relating to Amendments to the
Outsourcing Policy, Exchange Act Release No.
97974 (July 25, 2023); 88 FR 49545 (July 31, 2023)
(File No. SR–ICEEU–2023–018) (‘‘Notice’’).
6 Capitalized terms used but not defined herein
have the meanings specified in the ICE Clear
Europe Clearing Rules and the Outsourcing Policy.
7 Self-Regulatory Organizations; ICE Clear Europe
Limited; Order Approving Proposed Rule Change
Relating to the ICE Clear Europe Outsourcing
Policy, Exchange Act Release No. 95685 (Sept. 7,
2022); 87 FR 56129 (Sept. 13, 2022) (File No. SR–
ICEEU–2022–014).
VerDate Sep<11>2014
16:38 Sep 19, 2023
Jkt 259001
ICE Clear Europe, regardless of whether
such services are considered
outsourcing, including to assessing the
risks of such services. The definition of
‘‘outsourcing’’ would be clarified as the
use of third-party service providers,
either an external party or an affiliate,
and either directly or through suboutsourcing, to provide a service that
would otherwise be performed by ICE
Clear Europe itself and is therefore
subject to the Board’s oversight. The
proposed rule change would more
clearly distinguish outsourcing from a
purchasing arrangement, which would
not involve an arrangement otherwise
performed by ICE Clear Europe and
therefore typically would not be subject
to Board oversight. Regarding
outsourced activities, the Outsourcing
Policy would explicitly state that ICE
Clear Europe would remain responsible
for discharging its obligations, the
outsourcing arrangement would not
result in the delegation of ICE Clear
Europe’s responsibility, and the
outsourced activities would conform to
the same standards that would be
required if the activities were completed
internally.
Under the proposed rule change, the
Outsourcing Policy would more clearly
distinguish between affiliates and
external third-party service providers by
adding a definition of the term ‘‘third
party,’’ which would include any
organization (whether or not affiliated)
that has entered into a business
relationship or contract with ICE Clear
Europe to provide products, services,
processes, activities or business
functions. The use of external third
parties (i.e., those not affiliated with ICE
Clear Europe in any way) would be
managed consistently at the group level
through the existing Vendor
Management Policy (‘‘VMP’’). The
proposed rule change would more
clearly describe current practice under
the Outsourcing Policy by stating that
outsourcing through affiliates typically
has a lower residual risk profile
because, among listed reasons in the
existing Policy, the affiliates would have
a similar higher standard of operational
resilience (rather than referring to
business continuity resilience) and ICE
Clear Europe would have greater
influence (not just control) over the
operation of the affiliate’s services.
The proposed rule change would add
detail to existing statements in the
Outsourcing Policy about the objective
of and processes for entering into
different types of contracting
arrangements. Rather than covering
solely outsourcing arrangements, the
objective would extend to utilizing
service providers more generally. The
PO 00000
Frm 00074
Fmt 4703
Sfmt 4703
amended Outsourcing Policy would
clarify the process of making
assessments of service providers in
various situations, such as regulated
parties and parties in different
jurisdictions; the management of
outsourcing; and considerations about
conflicts of interest and independent
audit rights. The Outsourcing Policy
would continue to reference ICE Clear
Europe’s Outsourcing Operating
Manual, albeit renamed to cover risk
management of additional third-party
service providers, rather than just
outsourcing arrangements. The
Outsourcing Policy would state that
contracting with third parties is covered
consistently at a group level under the
VMP, and would clarify, consistent with
current practice, that ICE Clear Europe
would use the VMP process as an input
for the risk-based assessment of each
service provider. ICE Clear Europe,
where appropriate, would make external
third parties aware of relevant internal
policies so that they may gain a better
understanding of ICE Clear Europe’s
regulatory obligations and expected
service levels. When contracting with
affiliates, ICE Clear Europe’s relevant
assessment would be made in
accordance with its ordinary governance
practices, and not necessarily by the
senior management. As is current
practice, ICE Clear Europe follows its
Conflicts of Interest Policy when
managing any potential conflicts of
interests as a result of its service
arrangements, but the proposed rule
change would add an explicit reference
to the Conflicts of Interest Policy. An
additional assessment would be added
with respect to cloud outsourcing,
where ICE Clear Europe would consider,
understand, and manage any risks
related to Clearing Members connecting
to its services via cloud service
providers.
The proposed rule change would add
a new Risk Assessments subsection to
the processes for entering into different
types of contracting arrangements that
would set out the proportional risk
assessment that would be performed on
a service provider, regardless of whether
the proposed arrangement falls within
the definition of outsourcing, in order to
identify, measure, and mitigate risks.
The Risk Assessments subsection would
include but would not be limited to
certain considerations, such as whether
the service is a critical or important
function or a dependence to the delivery
of one of ICE Clear Europe’s services,
whether the activity is outsourcing,
whether the service relies on cloudbased technology that may pose new or
additional risks, whether the service
E:\FR\FM\20SEN1.SGM
20SEN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 181 / Wednesday, September 20, 2023 / Notices
provider is an external third party or an
affiliate, the legal jurisdiction of the
service provider, conflicts of interest,
operational resilience considerations,
data security, exit plans, contractual
terms, and availability of alternative or
back-up providers. For outsourced or
critical non-outsourced services, the risk
assessment would be performed at least
annually, and on an ad-hoc basis
following a material incident or service
disruption event or material service
agreement breach. Such risk
assessments would be required to
include a review of the service
provider’s performance against the
agreed service levels. The
responsibilities of executing risk
assessments and related testing would
be required to be overseen by ICE Clear
Europe’s Chief Operating Officer or the
COO’s delegate, with ownership of each
service and the related resiliency
arrangements resting with the relevant
Head of Department.
The proposed rule change would
extend existing provisions about the
identification of critical or important
functions to acquired services generally,
rather than applying only to
outsourcing, as is currently written. The
proposed rule change would clarify that
in identifying critical or important
functions, ICE Clear Europe would
consider the continuity of its important
business services or operation as a CCP
that could threaten its financial stability
or impact its resolvability. As proposed,
a third party would be treated as critical
if it is contracted to perform such a
critical function, with the determination
of criticality to be reassessed on at least
an annual basis. The Outsourcing Policy
would clarify that any outsourcing of
critical or important functions could
impact ICE Clear Europe’s operational
resilience measures more generally,
rather than affecting the narrower
category of business continuity
measures. Exit plans for critical and
important functions would be required
to be tested periodically. As part of its
operational resilience framework, ICE
Clear Europe would examine purchased
services, as well as outsourced or suboutsourced services, that are a
dependence for its important business
services. Additional language would
require that the operational resilience
framework shall include extreme but
plausible test scenarios relating to the
disruption of critical third-party
services.
Under the proposed rule change, the
Outsourcing Policy would amend the
discussion of additional considerations
of particular importance to ICE Clear
Europe to ensure that considerations
would be given to important business
VerDate Sep<11>2014
16:38 Sep 19, 2023
Jkt 259001
services and critical functions that are
affected by third party service
arrangements, including with respect to
business continuity arrangements,
incident management responsiveness
and reporting, independent assurances,
redundancies, and notice periods and
exit strategies. A new subsection
detailing Contractual Agreements would
be added, specifying that for
outsourcing arrangements in particular,
ICE Clear Europe’s Legal team would
review any written service agreements
to confirm the inclusion of all relevant
contractual safeguards so that ICE Clear
Europe could monitor relevant risks,
regulatory requirements, and
expectations. ICE Clear Europe would
look to ensure that the agreements
outline the rights, obligations, and
responsibilities of all the parties, and
include provisions associated with data
security; access, audit and information
rights; sub-outsourcing; service
resilience; service levels; incident
management; termination; and exit
plans. Arrangements for purchased
services would be similarly reviewed,
but the Outsourcing Policy would
acknowledge that some purchased
services may be subject to nonnegotiable terms set by the third party,
which would be considered during the
pre-execution risk assessment phase.
The new Contractual Agreements
subsection also would require that ICE
Clear Europe periodically exercise its
audit rights, as appropriate, regarding
critical outsourcing arrangements, and
that this may include on-site visits.
The proposed rule change would
revise provisions related to Board
oversight to provide that the Board must
approve new or materially amended
outsourcing arrangements. Certain
clarifications would be made to the
requirements for the annual outsourcing
assessment report to be prepared by the
Chief Operating Officer, including the
addition of a summary of critical nonoutsourcing services received. The
proposed rule change would add a new
subsection on regulatory engagement,
setting out that ICE Clear Europe shall
engage with regulatory authorities
before executing or materially amending
a critical service arrangement, regardless
of whether it falls within the definition
of outsourcing, with due regard to
relevant regulatory requirements or
expectations.
Lastly, the proposed rule change
would revise provisions related to
document governance, breach
management, and exception handling,
to ensure consistency with other ICE
Clear Europe policies. As proposed, the
document owner identified by ICE Clear
Europe would be responsible for
PO 00000
Frm 00075
Fmt 4703
Sfmt 4703
64955
ensuring that the Outsourcing Policy
remains up-to-date and reviewed in
accordance with the internal governance
processes. Document reviews would be
conducted by the document owner and
related staff, with sign off by the head
of department and the Chief Risk
Officer, or their respective delegates.
Document reviews would encompass at
the minimum regulatory compliance,
documentation and purpose,
implementation, use and open items
from previous validations or reviews.
Results of the review would be reported
to the Executive Risk Committee or, in
certain cases, to the Model Oversight
Committee. The document owner would
aim to remediate the findings, complete
internal governance, and receive
regulatory approvals before the next
annual review is due. The document
owner also would be responsible for
reporting any material breaches or
deviations to the Head of Department,
Chief Risk Officer and Head of
Regulation and Compliance in order to
determine if further escalation is
required. The Outsourcing Policy would
state explicitly that changes to it would
have to be approved in accordance with
ICE Clear Europe’s governance process
and would take effect following
completion of required internal and
regulatory approvals. Exceptions to the
Outsourcing Policy likewise would be
approved according to the governance
processes for approvals of changes to
the Outsourcing Policy.
III. Discussion and Commission
Findings
Section 19(b)(2)(C) of the Act directs
the Commission to approve a proposed
rule change of a self-regulatory
organization if it finds that such
proposed rule change is consistent with
the requirements of the Act and the
rules and regulations thereunder
applicable to such organization.8 For the
reasons discussed below, the
Commission finds that the proposed
rule change is consistent with Section
17A(b)(3)(F) of the Act,9 and Rules
17Ad–22(e)(2)(v) and (e)(3)(i)
thereunder.10
A. Consistency With Section
17A(b)(3)(F) of the Act
Section 17A(b)(3)(F) of the Act
requires, among other things, that the
rules of ICE Clear Europe be designed to
promote the prompt and accurate
clearance and settlement of securities
transactions and, to the extent
applicable, derivative agreements,
8 15
U.S.C. 78s(b)(2)(C).
U.S.C. 78q–1(b)(3)(F).
10 17 CFR 240.17Ad–22(e)(2)(v) and (e)(3)(i).
9 15
E:\FR\FM\20SEN1.SGM
20SEN1
64956
Federal Register / Vol. 88, No. 181 / Wednesday, September 20, 2023 / Notices
lotter on DSK11XQN23PROD with NOTICES1
contracts, and transactions.11 As noted
above, the proposed rule change would
revise ICE Clear Europe’s Outsourcing
Policy to expand its application to a
wider variety of affiliated and third
party service arrangements, rather than
solely covering outsourcing, as well as
clarify and add to existing provisions
that govern agreements for performing
certain functions and activities. Some of
these functions and activities relate to
ICE Clear Europe’s operations and
business, while others may have to do
with its clearance and settlement
obligations. As proposed, the
Outsourcing Policy would provide
greater clarity as to the processes for
entering into different types of
contracting arrangements; and add
detailed and, where applicable, annual
risk assessments of potential service
providers. Such detailed risk
assessments would include
considerations of whether the service is
a critical or important function or a
dependence to the delivery of one of ICE
Clear Europe’s services, among other
things. The proposed rule change also
would clarify provisions about the
identification of critical or important
functions, including that in identifying
such functions, ICE Clear Europe would
consider the continuity of its important
business services or operation as a CCP
that could threaten its financial stability
or impact its resolvability. Additional
language on Contractual Agreements
would more clearly guide ICE Clear
Europe in making sure that service
agreements outline the rights,
obligations, and responsibilities of all
involved parties, and include provisions
regarding service levels, service
resilience, and incident management,
among others. Taken together, these
amendments would clarify how ICE
Clear Europe can continue to meet its
security-based swap obligations and
help prevent service interruptions
through carefully drafted and managed
service agreements with third parties or
affiliates, thus promoting the prompt
and accurate clearance and settlement of
securities transactions and, to the extent
applicable, derivative agreements,
contracts, and transactions.
For these reasons, the Commission
believes that the proposed rule change
is consistent with Section 17A(b)(3)(F)
of the Act.12
B. Consistency With Rule 17Ad–
22(e)(2)(v) Under the Act
Rule 17Ad–22(e)(2)(v) requires, in
relevant part, that ICE Clear Europe
establish, implement, maintain, and
11 15
12 15
U.S.C. 78q–1(b)(3)(F).
U.S.C. 78q–1(b)(3)(F).
VerDate Sep<11>2014
16:38 Sep 19, 2023
enforce written policies and procedures
reasonably designed, as applicable, to
provide for governance arrangements
that specify clear and direct lines of
responsibility.13
As amended, the Outsourcing Policy
would clarify, in various provisions
throughout the document, the
responsibilities, ownership, and
reporting obligations of certain
personnel and departments in relation
to risk management of service
arrangements. For example, the
proposed rule change would more
clearly distinguish between outsourcing,
which is subject to Board oversight, and
purchasing arrangements, which are
not. The Board would additionally and
explicitly be responsible for the
approval of new or materially amended
outsourcing arrangements. When
contracting with affiliates, ICE Clear
Europe’s relevant assessment would be
made in accordance with its ordinary
governance practices, and not
necessarily by the senior management.
The responsibilities of executing
detailed risk assessments and related
testing would be overseen by ICE Clear
Europe’s Chief Operating Officer or
delegate, with ownership of each service
and the related resiliency arrangements
resting with the relevant Head of
Department. The proposed Outsourcing
Policy specifies that the Legal team
would be responsible for drafting and/
or reviewing written service agreements
to ensure that relevant contractual
safeguards are in place. New provisions
would be added to ensure appropriate
document governance and exception
handling. Overall, the proposed rule
change inserted and clarified the
decision-making responsibilities and
reporting chains of command with
respect to a variety of aspects of the
Outsourcing Policy, thus providing for
governance arrangements that specify
clear and direct lines of responsibility.
For these reasons, the Commission
believes that the proposed rule change
is consistent with Rule 17Ad–
22(e)(2)(v).14
Europe, which includes risk
management policies, procedures, and
systems designed to identify, measure,
monitor, and manage the range of risks
that arise in or are borne by ICE Clear
Europe, that are subject to review on a
specified periodic basis and approved
by ICE Clear Europe’s board of directors
annually.15
The Commission believes that the
proposed revisions to the existing
Outsourcing Policy not only would
extend the scope of its application
beyond traditional outsourcing
arrangements to more comprehensively
capture other types of service
agreements with similar risks, but also
would detail the factors against which
risk assessments and contractual
agreements are to be made and
monitored, with existing relevant
provisions for the Board’s annual review
of the Outsourcing Policy. As noted
above, the new Risk Assessments
subsection would require ICE Clear
Europe to consider, among other things,
whether the service is a critical or
important function or a dependence to
the delivery of one of ICE Clear Europe’s
services, whether the service relies on
cloud-based technology that may pose
new or additional risks, conflicts of
interest, and data security. Likewise, the
newly added Contractual Agreements
subsection requires such contracts
address data security; access, audit and
information rights; and incident
management, among other things.
Overall, these considerations touch
upon the various risks that may emerge
when contracting with affiliates or third
parties for services and by addressing
them in detail in the proposed revisions
to the Outsourcing Policy, the
Commission believes that ICE Clear
Europe is strengthening its ability to
identify, monitor, and measure the risks
related to such arrangements.
For these reasons, the Commission
believes that the proposed rule change
is consistent with Rule 17Ad–
22(e)(3)(i).16
C. Consistency With Rule 17Ad–
22(e)(3)(i) Under the Act
Rule 17Ad–22(e)(3)(i) requires that
ICE Clear Europe establish, implement,
maintain, and enforce written policies
and procedures reasonably designed to,
as applicable, maintain a sound risk
management framework for
comprehensively managing legal, credit,
liquidity, operational, general business,
investment, custody, and other risks
that arise in or are borne by ICE Clear
IV. Conclusion
13 17
14 17
Jkt 259001
PO 00000
CFR 240.17Ad–22(e)(2)(v).
CFR 240.17 Ad–22(e)(2)(v).
Frm 00076
Fmt 4703
Sfmt 4703
On the basis of the foregoing, the
Commission finds that the proposed
rule change is consistent with the
requirements of the Act, and in
particular, with the requirements of
Section 17A(b)(3)(F) of the Act,17 and
Rules 17Ad–22(e)(2)(v) and 17Ad–
22(e)(3)(i).18
15 17
CFR 240.17 Ad–22(e)(3)(i).
CFR 240.17Ad–22(e)(3)(i).
17 15 U.S.C. 78q–1(b)(3)(F).
18 17 CFR 240.17Ad–22(e)(2)(i) and (v) and 17
CFR 240.17Ad–22(e)(3)(i).
16 17
E:\FR\FM\20SEN1.SGM
20SEN1
Federal Register / Vol. 88, No. 181 / Wednesday, September 20, 2023 / Notices
It is therefore ordered pursuant to
Section 19(b)(2) of the Act 19 that the
proposed rule change (SR–ICEEU–2023–
018), be, and hereby is, approved.20
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.21
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2023–20306 Filed 9–19–23; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–98389; File No. SR–
CboeBZX–2023–068]
Self-Regulatory Organizations; Cboe
BZX Exchange, Inc.; Notice of Filing
and Immediate Effectiveness of a
Proposed Rule Change To Amend Its
Fees Schedule Related to Physical
Port Fees
September 14, 2023.
Pursuant to Section 19(b)(1) of the
Securities Exchange Act of 1934
(‘‘Act’’),1 and Rule 19b–4 thereunder,2
notice is hereby given that on
September 1, 2023, Cboe BZX Exchange,
Inc. (the ‘‘Exchange’’ or ‘‘BZX’’) filed
with the Securities and Exchange
Commission (‘‘Commission’’) the
proposed rule change as described in
Items I, II, and III below, which Items
have been prepared by the Exchange.
The Commission is publishing this
notice to solicit comments on the
proposed rule change from interested
persons.
I. Self-Regulatory Organization’s
Statement of the Terms of Substance of
the Proposed Rule Change
lotter on DSK11XQN23PROD with NOTICES1
Cboe BZX Exchange, Inc. (the
‘‘Exchange’’ or ‘‘BZX Options’’)
proposes to amend its Fees Schedule.
The text of the proposed rule change is
provided in Exhibit 5.
The text of the proposed rule change
is also available on the Exchange’s
website (https://markets.cboe.com/us/
equities/regulation/rule_filings/bzx/), at
the Exchange’s Office of the Secretary,
and at the Commission’s Public
Reference Room.
19 15
U.S.C. 78s(b)(2).
20 In approving the proposed rule change, the
Commission considered the proposal’s impact on
efficiency, competition, and capital formation. 15
U.S.C. 78c(f).
21 17 CFR 200.30–3(a)(12).
1 15 U.S.C. 78s(b)(1).
2 17 CFR 240.19b–4.
VerDate Sep<11>2014
16:38 Sep 19, 2023
Jkt 259001
II. Self-Regulatory Organization’s
Statement of the Purpose of, and
Statutory Basis for, the Proposed Rule
Change
In its filing with the Commission, the
Exchange included statements
concerning the purpose of and basis for
the proposed rule change and discussed
any comments it received on the
proposed rule change. The text of these
statements may be examined at the
places specified in Item IV below. The
Exchange has prepared summaries, set
forth in sections A, B, and C below, of
the most significant aspects of such
statements.
A. Self-Regulatory Organization’s
Statement of the Purpose of, and
Statutory Basis for, the Proposed Rule
Change
1. Purpose
The Exchange proposes to amend its
fee schedule for its equity options
platform (‘‘BZX Options’’) relating to
physical connectivity fees.3
By way of background, a physical port
is utilized by a Member or non-Member
to connect to the Exchange at the data
centers where the Exchange’s servers are
located. The Exchange currently
assesses the following physical
connectivity fees for Members and nonMembers on a monthly basis: $2,500 per
physical port for a 1 gigabit (‘‘Gb’’)
circuit and $7,500 per physical port for
a 10 Gb circuit. The Exchange proposes
to increase the monthly fee for 10 Gb
physical ports from $7,500 to $8,500 per
port. The Exchange notes the proposed
fee change better enables it to continue
to maintain and improve its market
technology and services and also notes
that the proposed fee amount, even as
amended, continues to be in line with,
or even lower than, amounts assessed by
other exchanges for similar
connections.4 The physical ports may
also be used to access the Systems for
the following affiliate exchanges and
only one monthly fee currently (and
will continue) to apply per port: the
Exchange’s equities platform (BZX
3 The Exchange initially filed the proposed fee
changes on July 3, 2023 (SR–CboeBZX–2023–047).
On September 1, 2023, the Exchange withdrew that
filing and submitted this proposal.
4 See e.g., The Nasdaq Stock Market LLC
(‘‘Nasdaq’’), General 8, Connectivity to the
Exchange. Nasdaq and its affiliated exchanges
charge a monthly fee of $15,000 for each 10Gb Ultra
fiber connection to the respective exchange, which
is analogous to the Exchange’s 10Gb physical port.
See also New York Stock Exchange LLC, NYSE
American LLC, NYSE Arca, Inc., NYSE Chicago
Inc., NYSE National, Inc. Connectivity Fee
Schedule, which provides that 10 Gb LX LCN
Circuits (which are analogous to the Exchange’s 10
Gb physical port) are assessed $22,000 per month,
per port.
PO 00000
Frm 00077
Fmt 4703
Sfmt 4703
64957
Equities), Cboe EDGX Exchange, Inc.
(options and equities platforms), Cboe
BYX Exchange, Inc., Cboe EDGA
Exchange, Inc., and Cboe C2 Exchange,
Inc. (‘‘Affiliate Exchanges’’).5
2. Statutory Basis
The Exchange believes the proposed
rule change is consistent with the
Securities Exchange Act of 1934 (the
‘‘Act’’) and the rules and regulations
thereunder applicable to the Exchange
and, in particular, the requirements of
Section 6(b) of the Act.6 Specifically,
the Exchange believes the proposed rule
change is consistent with the Section
6(b)(5) 7 requirements that the rules of
an exchange be designed to prevent
fraudulent and manipulative acts and
practices, to promote just and equitable
principles of trade, to foster cooperation
and coordination with persons engaged
in regulating, clearing, settling,
processing information with respect to,
and facilitating transactions in
securities, to remove impediments to
and perfect the mechanism of a free and
open market and a national market
system, and, in general, to protect
investors and the public interest.
Additionally, the Exchange believes the
proposed rule change is consistent with
the Section 6(b)(5) 8 requirement that
the rules of an exchange not be designed
to permit unfair discrimination between
customers, issuers, brokers, or dealers.
The Exchange also believes the
proposed rule change is consistent with
Section 6(b)(4) 9 of the Act, which
requires that Exchange rules provide for
the equitable allocation of reasonable
dues, fees, and other charges among its
Members and other persons using its
facilities.
The Exchange believes the proposed
fee change is reasonable as it reflects a
moderate increase in physical
connectivity fees for 10 Gb physical
ports. Further, the current 10 Gb
physical port fee has remained
unchanged since June 2018.10 Since its
last increase 5 years ago however, there
has been notable inflation. Particularly,
the dollar has had an average inflation
rate of 3.9% per year between 2018 and
today, producing a cumulative price
increase of approximately 21.1%
inflation since the fee for the 10 Gb
5 The Affiliate Exchanges are also submitting
contemporaneous identical rule filings.
6 15 U.S.C. 78f(b).
7 15 U.S.C. 78f(b)(5).
8 Id.
9 15 U.S.C. 78f(b)(4).
10 See Securities and Exchange Release No. 83429
(June 14, 2018), 83 FR 28685 (June 20, 2018) (SR–
CboeBZX–2018–038).
E:\FR\FM\20SEN1.SGM
20SEN1
]]>Agencies
[Federal Register Volume 88, Number 181 (Wednesday, September 20, 2023)]
[Notices]
[Pages 64953-64957]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-20306]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-98387; File No. SR-ICEEU-2023-018]
Self-Regulatory Organizations; ICE Clear Europe Limited; Order
Approving Proposed Rule Change, as Modified by Amendment No. 1 and
Partial Amendment No. 2, Relating to Amendments to the Outsourcing
Policy
September 14, 2023.
I. Introduction
On July 10, 2023, ICE Clear Europe Limited (``ICE Clear Europe'')
filed with the Securities and Exchange Commission (``Commission''),
pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934
(the ``Act''),\1\ and Rule 19b-4 thereunder,\2\ a proposed rule change
to amend its Outsourcing Policy (to be renamed the Outsourcing and
Third Party Risk Management Policy) (the ``Outsourcing Policy''). On
July 11, 2023, ICE Clear Europe filed Amendment No. 1 to the proposed
rule change to make certain changes to the Form 19b-4 and Exhibit 1A
for file no. SR-ICEEU-2023-018; \3\ and on July 24, 2023, ICE Clear
Europe filed Partial Amendment No. 2 to the proposed rule
[[Page 64954]]
change to make a certain change to Exhibit 5 of file no. SR-ICEEU-2023-
018 \4\ (together, ``proposed rule change''). The proposed rule change
was published for comment in the Federal Register on July 31, 2023.\5\
The Commission did not receive comments regarding the proposed rule
change. For the reasons discussed below, the Commission is approving
the proposed rule change.
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 17 CFR 240.19b-4.
\3\ Amendment No. 1 amended and restated in its entirety the
Form 19b-4 and Exhibit 1A to correct the narrative description of
the proposed rule change. Amendment No. 1 did not change the purpose
or basis of the proposed rule change.
\4\ Partial Amendment No. 2 amended and restated in its entirety
Exhibit 5 to correct an inadvertent omission of a single word.
Partial Amendment No. 2 did not change the purpose or basis of the
proposed rule change.
\5\ Self-Regulatory Organizations; ICE Clear Europe Limited;
Notice of Filing of Proposed Rule Change, as Modified by Amendment
No. 1 and Partial Amendment No. 2, Relating to Amendments to the
Outsourcing Policy, Exchange Act Release No. 97974 (July 25, 2023);
88 FR 49545 (July 31, 2023) (File No. SR-ICEEU-2023-018)
(``Notice'').
---------------------------------------------------------------------------
II. Description of the Proposed Rule Change
ICE Clear Europe is registered with the Commission as a clearing
agency for the purpose of clearing security-based swaps.\6\ In its role
as a clearing agency for clearing security-based swaps, ICE Clear
Europe regularly enters into arrangements with affiliates and third-
party service providers to perform certain functions or activities.
Such arrangements often come with a variety of risks, including legal,
operational, general business, and other types of risks. To reduce risk
exposure from such outsourcing arrangements, ICE Clear Europe created
its Outsourcing Policy to describe, in a consolidated document,
procedures for managing outsourcing arrangements with affiliates and
third-party service providers, including how ICE Clear Europe's Board
of Directors (``Board'') maintains oversight of these outsourcing
arrangements.\7\
---------------------------------------------------------------------------
\6\ Capitalized terms used but not defined herein have the
meanings specified in the ICE Clear Europe Clearing Rules and the
Outsourcing Policy.
\7\ Self-Regulatory Organizations; ICE Clear Europe Limited;
Order Approving Proposed Rule Change Relating to the ICE Clear
Europe Outsourcing Policy, Exchange Act Release No. 95685 (Sept. 7,
2022); 87 FR 56129 (Sept. 13, 2022) (File No. SR-ICEEU-2022-014).
---------------------------------------------------------------------------
The proposed rule change would amend ICE Clear Europe's Outsourcing
Policy to extend coverage to third-party service provider arrangements
that technically may not constitute outsourcing, to describe in more
detail third-party risk management, to add the execution of risk
assessments, and to update the Document Governance and Exception
Handling language, among other changes.
As proposed, the purpose of the Outsourcing Policy would clarify
that it would extend to arrangements in which services are provided by
third parties to ICE Clear Europe, regardless of whether such services
are considered outsourcing, including to assessing the risks of such
services. The definition of ``outsourcing'' would be clarified as the
use of third-party service providers, either an external party or an
affiliate, and either directly or through sub-outsourcing, to provide a
service that would otherwise be performed by ICE Clear Europe itself
and is therefore subject to the Board's oversight. The proposed rule
change would more clearly distinguish outsourcing from a purchasing
arrangement, which would not involve an arrangement otherwise performed
by ICE Clear Europe and therefore typically would not be subject to
Board oversight. Regarding outsourced activities, the Outsourcing
Policy would explicitly state that ICE Clear Europe would remain
responsible for discharging its obligations, the outsourcing
arrangement would not result in the delegation of ICE Clear Europe's
responsibility, and the outsourced activities would conform to the same
standards that would be required if the activities were completed
internally.
Under the proposed rule change, the Outsourcing Policy would more
clearly distinguish between affiliates and external third-party service
providers by adding a definition of the term ``third party,'' which
would include any organization (whether or not affiliated) that has
entered into a business relationship or contract with ICE Clear Europe
to provide products, services, processes, activities or business
functions. The use of external third parties (i.e., those not
affiliated with ICE Clear Europe in any way) would be managed
consistently at the group level through the existing Vendor Management
Policy (``VMP''). The proposed rule change would more clearly describe
current practice under the Outsourcing Policy by stating that
outsourcing through affiliates typically has a lower residual risk
profile because, among listed reasons in the existing Policy, the
affiliates would have a similar higher standard of operational
resilience (rather than referring to business continuity resilience)
and ICE Clear Europe would have greater influence (not just control)
over the operation of the affiliate's services.
The proposed rule change would add detail to existing statements in
the Outsourcing Policy about the objective of and processes for
entering into different types of contracting arrangements. Rather than
covering solely outsourcing arrangements, the objective would extend to
utilizing service providers more generally. The amended Outsourcing
Policy would clarify the process of making assessments of service
providers in various situations, such as regulated parties and parties
in different jurisdictions; the management of outsourcing; and
considerations about conflicts of interest and independent audit
rights. The Outsourcing Policy would continue to reference ICE Clear
Europe's Outsourcing Operating Manual, albeit renamed to cover risk
management of additional third-party service providers, rather than
just outsourcing arrangements. The Outsourcing Policy would state that
contracting with third parties is covered consistently at a group level
under the VMP, and would clarify, consistent with current practice,
that ICE Clear Europe would use the VMP process as an input for the
risk-based assessment of each service provider. ICE Clear Europe, where
appropriate, would make external third parties aware of relevant
internal policies so that they may gain a better understanding of ICE
Clear Europe's regulatory obligations and expected service levels. When
contracting with affiliates, ICE Clear Europe's relevant assessment
would be made in accordance with its ordinary governance practices, and
not necessarily by the senior management. As is current practice, ICE
Clear Europe follows its Conflicts of Interest Policy when managing any
potential conflicts of interests as a result of its service
arrangements, but the proposed rule change would add an explicit
reference to the Conflicts of Interest Policy. An additional assessment
would be added with respect to cloud outsourcing, where ICE Clear
Europe would consider, understand, and manage any risks related to
Clearing Members connecting to its services via cloud service
providers.
The proposed rule change would add a new Risk Assessments
subsection to the processes for entering into different types of
contracting arrangements that would set out the proportional risk
assessment that would be performed on a service provider, regardless of
whether the proposed arrangement falls within the definition of
outsourcing, in order to identify, measure, and mitigate risks. The
Risk Assessments subsection would include but would not be limited to
certain considerations, such as whether the service is a critical or
important function or a dependence to the delivery of one of ICE Clear
Europe's services, whether the activity is outsourcing, whether the
service relies on cloud-based technology that may pose new or
additional risks, whether the service
[[Page 64955]]
provider is an external third party or an affiliate, the legal
jurisdiction of the service provider, conflicts of interest,
operational resilience considerations, data security, exit plans,
contractual terms, and availability of alternative or back-up
providers. For outsourced or critical non-outsourced services, the risk
assessment would be performed at least annually, and on an ad-hoc basis
following a material incident or service disruption event or material
service agreement breach. Such risk assessments would be required to
include a review of the service provider's performance against the
agreed service levels. The responsibilities of executing risk
assessments and related testing would be required to be overseen by ICE
Clear Europe's Chief Operating Officer or the COO's delegate, with
ownership of each service and the related resiliency arrangements
resting with the relevant Head of Department.
The proposed rule change would extend existing provisions about the
identification of critical or important functions to acquired services
generally, rather than applying only to outsourcing, as is currently
written. The proposed rule change would clarify that in identifying
critical or important functions, ICE Clear Europe would consider the
continuity of its important business services or operation as a CCP
that could threaten its financial stability or impact its
resolvability. As proposed, a third party would be treated as critical
if it is contracted to perform such a critical function, with the
determination of criticality to be reassessed on at least an annual
basis. The Outsourcing Policy would clarify that any outsourcing of
critical or important functions could impact ICE Clear Europe's
operational resilience measures more generally, rather than affecting
the narrower category of business continuity measures. Exit plans for
critical and important functions would be required to be tested
periodically. As part of its operational resilience framework, ICE
Clear Europe would examine purchased services, as well as outsourced or
sub-outsourced services, that are a dependence for its important
business services. Additional language would require that the
operational resilience framework shall include extreme but plausible
test scenarios relating to the disruption of critical third-party
services.
Under the proposed rule change, the Outsourcing Policy would amend
the discussion of additional considerations of particular importance to
ICE Clear Europe to ensure that considerations would be given to
important business services and critical functions that are affected by
third party service arrangements, including with respect to business
continuity arrangements, incident management responsiveness and
reporting, independent assurances, redundancies, and notice periods and
exit strategies. A new subsection detailing Contractual Agreements
would be added, specifying that for outsourcing arrangements in
particular, ICE Clear Europe's Legal team would review any written
service agreements to confirm the inclusion of all relevant contractual
safeguards so that ICE Clear Europe could monitor relevant risks,
regulatory requirements, and expectations. ICE Clear Europe would look
to ensure that the agreements outline the rights, obligations, and
responsibilities of all the parties, and include provisions associated
with data security; access, audit and information rights; sub-
outsourcing; service resilience; service levels; incident management;
termination; and exit plans. Arrangements for purchased services would
be similarly reviewed, but the Outsourcing Policy would acknowledge
that some purchased services may be subject to non-negotiable terms set
by the third party, which would be considered during the pre-execution
risk assessment phase. The new Contractual Agreements subsection also
would require that ICE Clear Europe periodically exercise its audit
rights, as appropriate, regarding critical outsourcing arrangements,
and that this may include on-site visits.
The proposed rule change would revise provisions related to Board
oversight to provide that the Board must approve new or materially
amended outsourcing arrangements. Certain clarifications would be made
to the requirements for the annual outsourcing assessment report to be
prepared by the Chief Operating Officer, including the addition of a
summary of critical non-outsourcing services received. The proposed
rule change would add a new subsection on regulatory engagement,
setting out that ICE Clear Europe shall engage with regulatory
authorities before executing or materially amending a critical service
arrangement, regardless of whether it falls within the definition of
outsourcing, with due regard to relevant regulatory requirements or
expectations.
Lastly, the proposed rule change would revise provisions related to
document governance, breach management, and exception handling, to
ensure consistency with other ICE Clear Europe policies. As proposed,
the document owner identified by ICE Clear Europe would be responsible
for ensuring that the Outsourcing Policy remains up-to-date and
reviewed in accordance with the internal governance processes. Document
reviews would be conducted by the document owner and related staff,
with sign off by the head of department and the Chief Risk Officer, or
their respective delegates. Document reviews would encompass at the
minimum regulatory compliance, documentation and purpose,
implementation, use and open items from previous validations or
reviews. Results of the review would be reported to the Executive Risk
Committee or, in certain cases, to the Model Oversight Committee. The
document owner would aim to remediate the findings, complete internal
governance, and receive regulatory approvals before the next annual
review is due. The document owner also would be responsible for
reporting any material breaches or deviations to the Head of
Department, Chief Risk Officer and Head of Regulation and Compliance in
order to determine if further escalation is required. The Outsourcing
Policy would state explicitly that changes to it would have to be
approved in accordance with ICE Clear Europe's governance process and
would take effect following completion of required internal and
regulatory approvals. Exceptions to the Outsourcing Policy likewise
would be approved according to the governance processes for approvals
of changes to the Outsourcing Policy.
III. Discussion and Commission Findings
Section 19(b)(2)(C) of the Act directs the Commission to approve a
proposed rule change of a self-regulatory organization if it finds that
such proposed rule change is consistent with the requirements of the
Act and the rules and regulations thereunder applicable to such
organization.\8\ For the reasons discussed below, the Commission finds
that the proposed rule change is consistent with Section 17A(b)(3)(F)
of the Act,\9\ and Rules 17Ad-22(e)(2)(v) and (e)(3)(i) thereunder.\10\
---------------------------------------------------------------------------
\8\ 15 U.S.C. 78s(b)(2)(C).
\9\ 15 U.S.C. 78q-1(b)(3)(F).
\10\ 17 CFR 240.17Ad-22(e)(2)(v) and (e)(3)(i).
---------------------------------------------------------------------------
A. Consistency With Section 17A(b)(3)(F) of the Act
Section 17A(b)(3)(F) of the Act requires, among other things, that
the rules of ICE Clear Europe be designed to promote the prompt and
accurate clearance and settlement of securities transactions and, to
the extent applicable, derivative agreements,
[[Page 64956]]
contracts, and transactions.\11\ As noted above, the proposed rule
change would revise ICE Clear Europe's Outsourcing Policy to expand its
application to a wider variety of affiliated and third party service
arrangements, rather than solely covering outsourcing, as well as
clarify and add to existing provisions that govern agreements for
performing certain functions and activities. Some of these functions
and activities relate to ICE Clear Europe's operations and business,
while others may have to do with its clearance and settlement
obligations. As proposed, the Outsourcing Policy would provide greater
clarity as to the processes for entering into different types of
contracting arrangements; and add detailed and, where applicable,
annual risk assessments of potential service providers. Such detailed
risk assessments would include considerations of whether the service is
a critical or important function or a dependence to the delivery of one
of ICE Clear Europe's services, among other things. The proposed rule
change also would clarify provisions about the identification of
critical or important functions, including that in identifying such
functions, ICE Clear Europe would consider the continuity of its
important business services or operation as a CCP that could threaten
its financial stability or impact its resolvability. Additional
language on Contractual Agreements would more clearly guide ICE Clear
Europe in making sure that service agreements outline the rights,
obligations, and responsibilities of all involved parties, and include
provisions regarding service levels, service resilience, and incident
management, among others. Taken together, these amendments would
clarify how ICE Clear Europe can continue to meet its security-based
swap obligations and help prevent service interruptions through
carefully drafted and managed service agreements with third parties or
affiliates, thus promoting the prompt and accurate clearance and
settlement of securities transactions and, to the extent applicable,
derivative agreements, contracts, and transactions.
---------------------------------------------------------------------------
\11\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
For these reasons, the Commission believes that the proposed rule
change is consistent with Section 17A(b)(3)(F) of the Act.\12\
---------------------------------------------------------------------------
\12\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
B. Consistency With Rule 17Ad-22(e)(2)(v) Under the Act
Rule 17Ad-22(e)(2)(v) requires, in relevant part, that ICE Clear
Europe establish, implement, maintain, and enforce written policies and
procedures reasonably designed, as applicable, to provide for
governance arrangements that specify clear and direct lines of
responsibility.\13\
---------------------------------------------------------------------------
\13\ 17 CFR 240.17Ad-22(e)(2)(v).
---------------------------------------------------------------------------
As amended, the Outsourcing Policy would clarify, in various
provisions throughout the document, the responsibilities, ownership,
and reporting obligations of certain personnel and departments in
relation to risk management of service arrangements. For example, the
proposed rule change would more clearly distinguish between
outsourcing, which is subject to Board oversight, and purchasing
arrangements, which are not. The Board would additionally and
explicitly be responsible for the approval of new or materially amended
outsourcing arrangements. When contracting with affiliates, ICE Clear
Europe's relevant assessment would be made in accordance with its
ordinary governance practices, and not necessarily by the senior
management. The responsibilities of executing detailed risk assessments
and related testing would be overseen by ICE Clear Europe's Chief
Operating Officer or delegate, with ownership of each service and the
related resiliency arrangements resting with the relevant Head of
Department. The proposed Outsourcing Policy specifies that the Legal
team would be responsible for drafting and/or reviewing written service
agreements to ensure that relevant contractual safeguards are in place.
New provisions would be added to ensure appropriate document governance
and exception handling. Overall, the proposed rule change inserted and
clarified the decision-making responsibilities and reporting chains of
command with respect to a variety of aspects of the Outsourcing Policy,
thus providing for governance arrangements that specify clear and
direct lines of responsibility.
For these reasons, the Commission believes that the proposed rule
change is consistent with Rule 17Ad-22(e)(2)(v).\14\
---------------------------------------------------------------------------
\14\ 17 CFR 240.17 Ad-22(e)(2)(v).
---------------------------------------------------------------------------
C. Consistency With Rule 17Ad-22(e)(3)(i) Under the Act
Rule 17Ad-22(e)(3)(i) requires that ICE Clear Europe establish,
implement, maintain, and enforce written policies and procedures
reasonably designed to, as applicable, maintain a sound risk management
framework for comprehensively managing legal, credit, liquidity,
operational, general business, investment, custody, and other risks
that arise in or are borne by ICE Clear Europe, which includes risk
management policies, procedures, and systems designed to identify,
measure, monitor, and manage the range of risks that arise in or are
borne by ICE Clear Europe, that are subject to review on a specified
periodic basis and approved by ICE Clear Europe's board of directors
annually.\15\
---------------------------------------------------------------------------
\15\ 17 CFR 240.17 Ad-22(e)(3)(i).
---------------------------------------------------------------------------
The Commission believes that the proposed revisions to the existing
Outsourcing Policy not only would extend the scope of its application
beyond traditional outsourcing arrangements to more comprehensively
capture other types of service agreements with similar risks, but also
would detail the factors against which risk assessments and contractual
agreements are to be made and monitored, with existing relevant
provisions for the Board's annual review of the Outsourcing Policy. As
noted above, the new Risk Assessments subsection would require ICE
Clear Europe to consider, among other things, whether the service is a
critical or important function or a dependence to the delivery of one
of ICE Clear Europe's services, whether the service relies on cloud-
based technology that may pose new or additional risks, conflicts of
interest, and data security. Likewise, the newly added Contractual
Agreements subsection requires such contracts address data security;
access, audit and information rights; and incident management, among
other things. Overall, these considerations touch upon the various
risks that may emerge when contracting with affiliates or third parties
for services and by addressing them in detail in the proposed revisions
to the Outsourcing Policy, the Commission believes that ICE Clear
Europe is strengthening its ability to identify, monitor, and measure
the risks related to such arrangements.
For these reasons, the Commission believes that the proposed rule
change is consistent with Rule 17Ad-22(e)(3)(i).\16\
---------------------------------------------------------------------------
\16\ 17 CFR 240.17Ad-22(e)(3)(i).
---------------------------------------------------------------------------
IV. Conclusion
On the basis of the foregoing, the Commission finds that the
proposed rule change is consistent with the requirements of the Act,
and in particular, with the requirements of Section 17A(b)(3)(F) of the
Act,\17\ and Rules 17Ad-22(e)(2)(v) and 17Ad-22(e)(3)(i).\18\
---------------------------------------------------------------------------
\17\ 15 U.S.C. 78q-1(b)(3)(F).
\18\ 17 CFR 240.17Ad-22(e)(2)(i) and (v) and 17 CFR 240.17Ad-
22(e)(3)(i).
---------------------------------------------------------------------------
[[Page 64957]]
It is therefore ordered pursuant to Section 19(b)(2) of the Act
\19\ that the proposed rule change (SR-ICEEU-2023-018), be, and hereby
is, approved.\20\
---------------------------------------------------------------------------
\19\ 15 U.S.C. 78s(b)(2).
\20\ In approving the proposed rule change, the Commission
considered the proposal's impact on efficiency, competition, and
capital formation. 15 U.S.C. 78c(f).
For the Commission, by the Division of Trading and Markets,
pursuant to delegated authority.\21\
---------------------------------------------------------------------------
\21\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2023-20306 Filed 9-19-23; 8:45 am]
BILLING CODE 8011-01-P
