Self-Regulatory Organizations; ICE Clear Credit LLC; Notice of Filing of Proposed Rule Change Relating to the ICC Operational Risk Management Framework, 91443-91446 [2024-26869]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 89, Number 223 (Tuesday, November 19, 2024)]
[Notices]
[Pages 91443-91446]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-26869]


=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-101603; File No. SR-ICC-2024-011]


Self-Regulatory Organizations; ICE Clear Credit LLC; Notice of 
Filing of Proposed Rule Change Relating to the ICC Operational Risk 
Management Framework

November 13, 2024.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 
1934,\1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that on 
October 31, 2024, ICE Clear Credit LLC (``ICC'') filed with the 
Securities and Exchange Commission (``Commission'') the proposed rule 
change, as described in Items I, II and III below, which Items have 
been primarily prepared by ICC. The Commission is publishing this 
notice to solicit comments on the proposed rule change from interested 
persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------

I. Clearing Agency's Statement of the Terms of Substance of the 
Proposed Rule Change

    The principal purpose of the proposed rule change is to revise the 
Operational Risk Management Framework. These revisions do not require 
any changes to the ICC Clearing Rules (the ``Rules'').

II. Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

    In its filing with the Commission, ICC included statements 
concerning the purpose of and basis for the proposed rule change, 
security-based swap submission, or advance notice and discussed any 
comments it received on the proposed rule change, security-based swap 
submission, or advance notice. The text of these statements may be 
examined at the places specified in Item IV below. ICC has prepared 
summaries, set forth in sections (A), (B), and (C) below, of the most 
significant aspects of these statements.

(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Change

(a) Purpose
    ICC proposes to revise its ORMF. The ORMF details ICC's dynamic and 
independent program of risk assessment and oversight that aims to 
reduce operational incidents, encourage process, and control 
improvement, bring transparency to operational performance standard 
monitoring, and fulfill regulatory obligations. ICC believes such 
proposed revisions will facilitate the prompt and accurate clearance 
and settlement of securities transactions and derivative agreements, 
contracts, and transactions for which it is responsible. ICC proposes 
to make such changes effective following Commission approval of the 
proposed rule change. The proposed revisions are described in detail as 
follows.
    The primary purpose of the proposed revisions is to incorporate 
procedures designed to comply with Commission Rule 17Ad-25(i) \3\ which 
imposes requirements on ICC related to the management of risks from 
relationships with service providers for core services \4\ (``SPCS''). 
ICC proposes adding new Section II.B. `Management of Risks from 
Relationships with Service Providers for Core Services' to the ORMF 
which adds procedures regarding ICC's management of the risks related 
to relationships with SPCS. Specifically, proposed Section II.B. 
imposes the following requirements on ICC: (1) ICC senior management is 
required to evaluate and document the risks related to an agreement 
with a SPCS, including under changes to circumstances and potential 
disruptions, and whether the risks can be managed in a manner 
consistent with the ORMF; (2) ICC senior management is required to 
submit to the Board for review and approval any agreement that would 
establish a relationship with a SPCS, along with a risk evaluation 
described in (1) above; (3) ICC senior management is required to 
establish policies and procedures that govern relationships and manage 
risks related to such agreements with SPCS and the Board is required to 
be responsible for reviewing and approving such policies and 
procedures; and (4) ICC senior management is required to perform 
ongoing monitoring of the relationships with SPCS, and report to the 
Board which will provide its evaluation of any action taken by ICC 
senior management to remedy significant deterioration in performance or 
address changing risks or material issues identified through such 
monitoring, or if the risks or issues cannot be remedied, require ICC 
senior management to assess and document weaknesses or deficiencies in 
the relationship with the SPCS for submission to the Board. Also, ICC 
proposes to include in new Section II.B. a description of how ICC will 
identify

[[Page 91444]]

and manage its SPCS using a two-pronged assessment approach broken down 
between internal and external service providers. With respect to 
internal service providers, the proposed addition to the ORMF describes 
certain services provided by ICC's ultimate parent, Intercontinental 
Exchange, Inc. (``ICE, Inc.'') and the applicable legal agreements 
between ICC and ICE, Inc. With respect to the identification and 
oversight of external service providers, the proposed revisions to the 
ORMF describe the use of ICE, Inc.'s third party risk management 
program and of ICC's counterparty monitoring procedures. As a result of 
the proposed addition of new Section II.B., the remainder of the ORMF 
has been re-lettered.
---------------------------------------------------------------------------

    \3\ 17 CFR 240.17ad-25(i).
    \4\ Commission Rule 17ad-25(a) defines `Service Provider for 
Core Services' as any person that, through a written services 
provider agreement for services provided to or on behalf of a 
registered clearing agency, on an ongoing basis, directly supports 
the delivery of clearance or settlement functionality or any other 
purposes material to the business of the registered clearing agency.
---------------------------------------------------------------------------

    ICC further proposes to revise and replace the former `Vendor 
Assessment' processes in Section II.B. with updated Section II.C. 
`External Service Provider Assessments' processes. Accordingly, the 
proposed revisions include renaming ``critical vendors'' as ``external 
SPCS'' and, together with new Section II.B., clarifying that ICC's 
assessment of external SPCS is in addition to, and will take into 
consideration, ICE, Inc.'s third party risk management program. ICC 
proposes to remove the bullet point list of items that may be included 
in the risk assessments and replace it with language to mirror the 
regulatory requirement of new Commission Rule 17ad-25(i).\5\ In 
particular, ICC, through its BCP and DR Oversight Committee \6\ 
(``BDOC''), must evaluate and document the risks related to an 
agreement with an external SPCS, including under changes to 
circumstances and potential disruptions, and whether the risks can be 
managed in a manner consistent with the ORMF. ICC also proposes 
updating and reordering the language describing the responsibilities of 
the BDOC. The BDOC will continue to review and recommend approval of 
the inventory of ICC external SPCS (formerly the ``critical vendor'' 
inventory) and will continue to assign risk ratings to the risk 
assessments in order to determine the frequency of ongoing risk 
assessment reviews. The risk ratings continue to be based on the risk 
assessments and consideration of the risk direction for strategic, 
reputational, compliance, legal, and operational risk presented by the 
external SPCS (formerly critical vendor). ICC is proposing to also 
clarify that the risk ratings will take into consideration ICC's plan 
to complete core processing if the service is unavailable. In order to 
provide for more internal consistency, ICC is proposing to replace the 
terminology of ``Tier'' with ``Risk Rating'' noting that the criteria 
and schedule for periodic reviews remains the same.
---------------------------------------------------------------------------

    \5\ 17 CFR 240.17ad-25(i).
    \6\ The ICC BCP and DR Oversight Committee is a subcommittee of 
the ICC Compliance Committee and assists the ICC Compliance 
Committee in fulfilling its oversight responsibilities with respect 
to: (i) providing Business Continuity Planning (``BCP'') and 
Disaster Recovery (``DR'') guidance; (ii) approving BCP and DR 
program documentation; (iii) reviewing reports on the effectiveness 
of BCP and DR testing; and (iv) the performance of such other 
functions as the ICC Compliance Committee may assign from time to 
time.
---------------------------------------------------------------------------

    Furthermore, ICC proposes clarifications to the `Introduction' 
section of the ORMF to provide uniform abbreviations to existing 
defined terms. By incorporating these abbreviations, ICC aims to 
enhance the clarity and readability of the ORMF.
    Also, ICC proposes revising the `Operational Risk Lifecycle' chart 
in Section I. of the ORMF to replace ``Respond'' with ``Monitor,'' and 
to replace ``Monitor'' with ``Mitigate.'' The purpose of the revisions 
to the Operational Risk Lifecycle chart is to ensure that it accurately 
reflects the description of the operational life cycle narrative 
contained in Section I. Furthermore, ICC proposes to correct 
typographical errors in Sections I.A. and I.B., to, in each case, 
delete an erroneous ``The.''
    ICC also proposes revisions to Section II., `Operational Risk Focus 
Areas', to update ICC's reference to certain functions performed by 
ICE, Inc. ICC proposes to remove the reference to functions being 
``outsourced'' to ICE, Inc. and instead notes that the functions 
performed by ICE, Inc. are described in the ORMF (e.g., the newly added 
Section II.B.) and such functions are performed pursuant to services 
agreements entered into between ICC and ICE, Inc.
    In addition, ICC proposes to amend Section II.A., `Business 
Continuity Planning and Disaster Recovery,' to better describe the 
steps in the collaboration process with respect to the business impact 
analysis (``BIA'') process. Specifically, ICC is proposing to reorder 
and restate the steps for completing BIA surveys used in creating test 
plans. Specifically, ICC is clarifying that each critical business unit 
begins by performing the BIA; then business continuity plans (``BCPs'') 
are created for those processes identified in the BIA; finally, the 
BCPs are tested, and the results of such testing are reported. This 
refresh of the language in Section II.A. better describes the order of 
ICC's process with respect to recovery from a wide-scale disruption.
    ICC proposes revisions to Section II.F. (previously Section II.E.) 
`Technology Control Functions.' Specifically, ICC proposes changes to 
the description of the responsibilities of the ICC Technology 
Department to more accurately reflect the responsibilities of the ICC 
Technology Department control functions. Such proposed changes clarify 
that the ICC Technology Department is responsible for end to end 
design, development, testing, deployment, maintenance and day to day 
operations of enterprise software systems needed for ICC core 
functions. In addition, ICC proposes to update the reference to the 
title of the `ICC Project Delivery Policy' to the document's current 
title which is the ICC `Credit Technology Delivery Method.' Also, ICC 
proposes a minor revision to change a reference to the ICC technology 
director to rather reference the ICC Technology leadership team to more 
accurately reflect that technology releases are assessed by the entire 
ICC Technology leadership team and not just the ICC technology 
director.
    Furthermore, ICC proposes to amend Appendix 1 in the ORMF to 
include the titles of the relevant regulatory requirements while 
removing the summaries of such regulations. The purpose of this 
proposed amendment is to streamline the reference process in order to 
provide the reader with a more direct reference to all the applicable 
regulations and to avoid the need to review and update summaries of 
applicable regulations as they are amended from time-to-time. By 
removing the summaries, employees instead should refer to the full 
current regulation which will ensure employees are reviewing the most 
up-to-date language in the regulations.
    Lastly, ICC proposes to revise the `Revision History' section of 
the ORMF to reflect the proposed changes described above.
    In addition to the foregoing proposed modifications to the ORMF, 
ICC also proposes to formalize a series of non-material updates to the 
ORMF which were reviewed and approved by the Board in 2021, 2022 and 
2023. Such proposed changes, which are described below, are the output 
of the annual review of the ORMF conducted by the ICC Compliance 
Committee \7\ (the ``Compliance Committee'') and reviewed and approved 
by the Board.
---------------------------------------------------------------------------

    \7\ The ICC Compliance Committee is an internal ICC committee 
that oversees and manages ICC's compliance program that establishes 
the framework for identifying, assessing, measuring, monitoring, 
mitigating, and reporting on compliance risks for ICC.
---------------------------------------------------------------------------

    In 2021 the Board approved non-material changes to the ORMF \8\ to

[[Page 91445]]

clarify language in Section I.A. `Risk Assessment.' Specifically, 
revisions were made to clarify the language which describes the 
Compliance Committee's review of risk assessments. In addition, such 
Board approved changes in 2021 made minor clarifications to Section 
I.B. to provide further clarity regarding one of the current 
responsibilities of the ICE, Inc. Enterprise Risk Management (``ERM'') 
function. Specifically, such change clarified that, with respect to the 
incident management and mitigation process, ERM may review and 
challenge corrective action plan decisions and priority levels. Both 
2021 changes are non-material as they are intended to clarify the 
description of current practices and the readability of the ORMF, and 
as such, do not change current practices. As part of these 2021 
changes, the ORMF was re-dated December 8, 2021, the version was 
changed to 4.0.4 and the version history was updated to reflect these 
changes.
---------------------------------------------------------------------------

    \8\ Version 4.0.4 of the ORMF was reviewed and approved by the 
Compliance Committee on November 18, 2021, recommended by the Risk 
Committee for approval by the Board on December 8, 2021, and 
approved by the Board on December 8, 2021.
---------------------------------------------------------------------------

    In 2022 the Board approved non-material changes to the ORMF \9\ in 
connection with the annual review of the document. No changes were made 
to the ORMF as a result of the 2022 review. However, the document was 
re-dated December 13, 2022, the version was changed to 4.0.5 and the 
version history was updated to reflect the annual review.
---------------------------------------------------------------------------

    \9\ Version 4.0.5 of the ORMF was reviewed and approved by the 
Compliance Committee on November 29, 2022, recommended by the Risk 
Committee for approval by the Board on December 13, 2022, and 
approved by the Board on December 13, 2022.
---------------------------------------------------------------------------

    In 2023 the Board approved non-material changes to the ORMF \10\ to 
make minor language clarifications and to update the title of a cross- 
referenced ICE, Inc. procedures document. To date, the 2023 changes 
have not been incorporated into the ORMF and ICC is proposing to add 
the 2023 changes to the changes described herein. Specifically, ICC 
proposes to revise Section II.E. (previously Section II.D.), `ICE 
Information Security' to update the title of a cross-referenced ICE, 
Inc. procedures document from `ICE Information Security Risk Management 
and Assessment Procedures' to `ICE IS GRC Risk Assessment Profile 
Procedures' \11\ (the ``Cross-Referenced Procedure''). The Cross- 
Referenced Procedure was renamed in order to better reflect the 
subjects covered in the procedures. Such renaming does not affect the 
content, ownership, or use of the Cross-Referenced Procedure. In 
addition, ICC proposes to clarify language in paragraph 2 of Section 
II.E. Specifically, ICC proposes to delete the word ``potential'' from 
the reference to security controls because the word improperly narrows 
the sentence's meaning and does not accurately describe ICC's current 
practice of reviewing not only potential security controls but also 
existing security controls. In connection with the 2023 changes, ICC 
proposes updating the version history to reflect these changes.
---------------------------------------------------------------------------

    \10\ Proposed modifications to Version 4.0.5 of the ORMF was 
reviewed and approved by the Compliance Committee on November 28, 
2023, recommended by the Risk Committee for approval by the Board on 
December 13, 2023, and approved by the Board on December 13, 2023.
    \11\ ``IS'' stands for Information Security and ``GRC'' stands 
for Governance, Risk and Compliance.
---------------------------------------------------------------------------

(b) Statutory Basis
    ICC believes that the proposed changes are consistent with the 
requirements of Section 17A of the Securities Exchange Act of 1934 
(``Act'') \12\ and the regulations thereunder applicable to it, 
including the applicable standards under Rule 17Ad-22.\13\ In 
particular, Section 17A(b)(3)(F) of the Act \14\ requires that the rule 
change be consistent with the prompt and accurate clearance and 
settlement of securities transactions and derivative agreements, 
contracts and transactions cleared by ICC, the safeguarding of 
securities and funds in the custody or control of ICC or for which it 
is responsible, and the protection of investors and the public 
interest. ICC believes that the proposed rule change is consistent with 
the requirements of the Act and the rules and regulations thereunder 
applicable to ICC, in particular, to Section 17A(b)(3)(F),\15\ because 
the proposed rule change enhances ICC's ability to control its 
operational risk by ensuring that ICC is incorporating detailed 
practices on managing relationship and risks with SPCS. As such, the 
proposed rule change is designed to promote the prompt and accurate 
clearance and settlement of securities transactions, derivatives 
agreements, contracts, and transactions; to contribute to the 
safeguarding of securities and funds associated with security-based 
swap transactions in ICC's custody or control, or for which ICC is 
responsible; and, in general, to protect investors and the public 
interest within the meaning of Section 17A(b)(3)(F) of the Act.\16\
---------------------------------------------------------------------------

    \12\ 15 U.S.C. 78q-1.
    \13\ 17 CFR 240.17ad-22.
    \14\ 15 U.S.C. 78q-1(b)(3)(F).
    \15\ Id.
    \16\ Id.
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(17) \17\ requires each covered clearing agency to 
establish, implement, maintain, and enforce written policies and 
procedures reasonably designed to manage its operational risks by (i) 
identifying the plausible sources of operational risk, both internal 
and external, and mitigating their impact through the use of 
appropriate systems, policies, procedures, and controls; (ii) ensuring 
that systems have a high degree of security, resiliency, operational 
reliability, and adequate, scalable capacity; and (iii) establishing 
and maintaining a business continuity plan that addresses events posing 
a significant risk of disrupting operations. The proposed revisions 
provide details and updates with respect to ICC's management of SPCS 
and assuring that risks and relationships between ICC and the SPCS are 
continuously being monitored. Such detailed processes are intended to 
enhance ICC's ability to identify relevant sources of operational risk, 
both internal and external, and define processes and controls for the 
mitigation of the impact of such identified risks through the use of 
appropriate systems, policies, procedures, and controls, thereby 
ensuring that ICC will continue to fulfill regulatory obligations, 
consistent with the requirements of Rule 17Ad-22(e)(17).\18\
---------------------------------------------------------------------------

    \17\ 17 CFR 240.17ad-22(e)(17).
    \18\ Id.
---------------------------------------------------------------------------

    Rule 17Ad-25(i) requires that a registered clearing agency must 
establish, implement, maintain, and enforce written policies and 
procedures reasonably designed to (1) Require senior management to 
evaluate and document the risks related to an agreement with a service 
provider for core services, including under changes to circumstances 
and potential disruptions, and whether the risks can be managed in a 
manner consistent with the clearing agency's risk management framework; 
(2) Require senior management to submit to the board of directors for 
review and approval any agreement that would establish a relationship 
with a service provider for core services, along with the required risk 
evaluation; (3) Require senior management to be responsible for 
establishing the policies and procedures that govern relationships and 
manage risks related to such agreements with service providers for core 
services and require the board of directors to be responsible for 
reviewing and approving

[[Page 91446]]

such policies and procedures; and (4) Require senior management to 
perform ongoing monitoring of the relationship, and report to the board 
of directors for its evaluation of any action taken by senior 
management to remedy significant deterioration in performance or 
address changing risks or material issues identified through such 
monitoring; or if the risks or issues cannot be remedied, require 
senior management to assess and document weaknesses or deficiencies in 
the relationship with the service provider for submission to the board 
of directors.\19\ The proposed revisions add detailed procedures with 
respect to ICC's management of the risks associated with relationships 
with SPCS. Such procedures include the requirement that ICC evaluate 
and document the risks related to an agreement with a SPCS and whether 
such risks can be managed in a manner consistent with the ORMF. The new 
procedures also require that such risk evaluation be provided to the 
Board, along with any agreement that would establish a relationship 
with a SPCS, for the Board's review and approval. Furthermore, such new 
procedures establish ICC's processes for managing and monitoring the 
risks associated with such relationships with SPCS, including 
procedures for remediation of any significant deterioration in 
performance or to address changing risks. Such detailed procedures are 
intended to enhance ICC's ability to identify and manage risks 
associated with SPCS, consistent with the requirements of Rule 17Ad-
25(i).\20\
---------------------------------------------------------------------------

    \19\ 17 CFR 240.17ad-25(i).
    \20\ Id.
---------------------------------------------------------------------------

    Furthermore, the proposed changes are consistent with the 
requirements of Rule 17Ad-22(e)(2)(i) and (v) \21\ which requires, in 
part, that a covered clearing agency establish, implement, maintain and 
enforce written policies and procedures reasonably designed to provide 
for governance arrangements that are clear and transparent and specify 
clear and direct lines of responsibility. The non-material changes 
approved by the Board in 2021 and 2023 to update the ORMF to clarify 
the description of the Compliance Committee and ERM responsibilities, 
as well as the general updates to ensure the ORMF is accurate and up-
to-date, are consistent with the requirement to maintain clear and 
transparent governance arrangements, and with the requirement to 
specify clear and direct lines of responsibility. Such changes improve 
the accuracy and transparency of ICC's governance arrangements and 
improve the clarity of the lines of responsibility. In ICC's view, the 
proposed changes are therefore consistent with the requirements of Rule 
17Ad-22(e)(2)(i) and (v).\22\
---------------------------------------------------------------------------

    \21\ 17 CFR 240.17ad-22(e)(2)(i) and (v).
    \22\ Id.
---------------------------------------------------------------------------

(B) Clearing Agency's Statement on Burden on Competition

    ICC does not believe the proposed rule change would have any 
impact, or impose any burden, on competition. The proposed changes to 
revise the ORMF will apply uniformly across all market participants. 
Therefore, ICC does not believe the proposed rule change would impose 
any burden on competition that is inappropriate in furtherance of the 
purposes of the Act.

(C) Clearing Agency's Statement on Comments on the Proposed Rule Change 
Received From Members, Participants or Others

    Written comments relating to the proposed rule change have not been 
solicited or received. ICC will notify the Commission of any written 
comments received by ICC.

III. Date of Effectiveness of the Proposed Rule Change and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the self-regulatory organization consents, the Commission will:
    (A) by order approve or disapprove such proposed rule change, or
    (B) institute proceedings to determine whether the proposed rule 
change should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views, and 
arguments concerning the foregoing, including whether the proposed rule 
change is consistent with the Act. Comments may be submitted by any of 
the following methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules-regulations/self-regulatory-organization-rulemaking); 
or
     Send an email to [email protected]. Please include 
file number SR-ICC-2024-011 on the subject line.

Paper Comments

    Send paper comments in triplicate to Secretary, Securities and 
Exchange Commission, 100 F Street NE, Washington, DC 20549.

All submissions should refer to file number SR-ICC-2024-011. This file 
number should be included on the subject line if email is used. To help 
the Commission process and review your comments more efficiently, 
please use only one method. The Commission will post all comments on 
the Commission's internet website (https://www.sec.gov/rules-regulations/self-regulatory-organization-rulemaking). Copies of the 
submission, all subsequent amendments, all written statements with 
respect to the proposed rule change that are filed with the Commission, 
and all written communications relating to the proposed rule change 
between the Commission and any person, other than those that may be 
withheld from the public in accordance with the provisions of 5 U.S.C. 
552, will be available for website viewing and printing in the 
Commission's Public Reference Room, 100 F Street NE, Washington, DC 
20549, on official business days between the hours of 10 a.m. and 3 
p.m. Copies of such filings will also be available for inspection and 
copying at ICC's principal office and on ICC's website at https://www.ice.com/clear-credit/regulation.
    Do not include personal identifiable information in submissions; 
you should submit only information that you wish to make available 
publicly. We may redact in part or withhold entirely from publication 
submitted material that is obscene or subject to copyright protection.
    All submissions should refer to file number SR-ICC-2024-011 and 
should be submitted on or before December 10, 2024.
---------------------------------------------------------------------------

    \23\ 17 CFR 200.30-3(a)(12).

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\23\
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024-26869 Filed 11-18-24; 8:45 am]
BILLING CODE 8011-01-P