Self-Regulatory Organizations; ICE Clear Credit LLC; Order Granting Accelerated Approval of Proposed Rule Change Relating to the ICC Operational Risk Management Framework, 99949-99954 [2024-29037]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
will be available for inspection and
copying at the principal office of the
Exchange. Do not include personal
identifiable information in submissions;
you should submit only information
that you wish to make available
publicly. We may redact in part or
withhold entirely from publication
submitted material that is obscene or
subject to copyright protection. All
submissions should refer to file number
SR–CboeBYX–2024–047 and should be
submitted on or before December 31,
2024.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.25
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024–29045 Filed 12–10–24; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
[SEC File No. 270–620, OMB Control No.
3235–0675]
lotter on DSK11XQN23PROD with NOTICES1
Submission for OMB Review;
Comment Request; Extension: Rule
15Ga–2 and Form ABS–15G
Upon Written Request Copies Available
From: Securities and Exchange
Commission, Office of FOIA Services,
100 F Street NE, Washington, DC
20549–2736
Notice is hereby given that, pursuant
to the Paperwork Reduction Act of 1995
(44 U.S.C. 3501 et seq.), the Securities
and Exchange Commission
(‘‘Commission’’) has submitted to the
Office of Management and Budget this
request for extension of the previously
approved collection of information
discussed below.
Rule 15Ga–2 and Form ABS–15G (17
CFR 249.1400) is used for reports of
information required under Rule 15Ga–
1 and Rule 15Ga–2 (17 CFR 240.15Ga–
1) (17 CFR 240.15Ga–2) of the Exchange
Act of 1934 (‘‘Exchange Act’’). Exchange
Act Rule 15Ga–1 requires asset-backed
securitizers to provide disclosure
regarding fulfilled an unfulfilled
repurchase requests with respect to
asset-backed securities. The purpose of
the information collected on Form ABS–
15G is to implement the disclosure
requirements of Section 943 of the
Dodd-Frank Wall Street Reform and
Consumer Protection Act to provide
information regarding the use of
representations and warranties in the
asset-backed securities markets.
Form ABS–15G is a collection of
information required by Rules 15Ga–1
25 17
and 15Ga–2 under the Exchange Act.
For just Rule 15Ga–1, Form ABS–15G
takes approximately 27.2234 hours per
response and is filed by approximately
1,142 respondents. We estimate that
75% of the 27.2234 hours per response
(20.4176 hours) is prepared by the filer
for a total annual reporting burden of
23,317 hours (20.4176 hours per
response × 1,142 responses).
For just Rule 15Ga–2, Form ABS–15G
takes approximately 2.1279 hours per
response and is filed by approximately
864 respondents. We estimate that
100% of the 2.1279 hours per response
(2.1279 hours) is prepared by the filer
for a total annual reporting burden of
1,839 hours (2.1279 hours per response
× 864 responses).
Rule 15Ga–1 and Rule 15Ga–2
combined filing on Form ABS–15G we
estimate that approximately 2006
securitizers will file Form ABS–15G
annually at estimated (16.7205 hours)
burden hours per response. In addition,
we estimate that 75% of the 16.7205
hours per response (12.5403 hours) is
carried internally by the securitizers for
a total annual reporting burden of
25,156 hours (12.5403 hours per
response × 2006 responses).
An agency may not conduct or
sponsor, and a person is not required to
respond to, a collection of information
unless it displays a currently valid
control number.
Public Comment Instructions: The 30day public comment period for this
information collection request opens on
December 12, 2024 and closes at the end
of the day on January 13, 2025. The
public may view the full information
request and submit comments at https://
www.reginfo.gov/public/do/
PRAViewICR?ref_nbr=202411-3235-012
or email comments to
MBX.OMB.OIRA.SEC_desk_officer@
omb.eop.gov.
Dated: December 6, 2024.
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024–29120 Filed 12–10–24; 8:45 am]
BILLING CODE 8011–01–P
18:17 Dec 10, 2024
Jkt 265001
PO 00000
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–101819; File No. SR–ICC–
2024–011]
Self-Regulatory Organizations; ICE
Clear Credit LLC; Order Granting
Accelerated Approval of Proposed
Rule Change Relating to the ICC
Operational Risk Management
Framework
December 5, 2024.
I. Introduction
On November 13, 2024, ICE Clear
Credit LLC (‘‘ICC’’) filed with the
Securities and Exchange Commission
(the ‘‘Commission’’), pursuant to
Section 19(b)(1) of the Securities
Exchange Act of 1934 (the ‘‘Act’’) 1 and
Rule 19b–4 thereunder,2 a proposed rule
change (hereafter, ‘‘Proposed Rule
Change’’) to revise the Operational Risk
Management Framework (‘‘ORMF’’).
The Proposed Rule Change was
published for comment in the Federal
Register on November 19, 2024.3 The
Commission has not received comments
regarding the Proposed Rule Change.
For the reasons discussed below, the
Commission is approving the Proposed
Rule Change on an accelerated basis.
II. Description of the Proposed Rule
Change
ICC is registered with the Commission
as a clearing agency for the purpose of
clearing Credit Default Swap (‘‘CDS’’)
contracts.4 In its role as a CDS clearing
agency, ICC faces operational risks
stemming from the breakdown of
systems and processes that that would
impair ICC’s ability to complete
settlements or ICC’s internal business
operations. The ORMF outlines ICC’s
risk assessment and oversight program,
which aims to address such operational
risks, including by reducing operational
incidents, encouraging process and
control improvement, bringing
transparency to operational performance
standard monitoring, and fulfilling
regulatory obligations. The ORMF also
explains how ICC vets and manages
service agreements with providers
covering various aspects of ICC’s
operations. According to ICC, one of the
purposes of the Proposed Rule Change
1 15
U.S.C. 78s(b)(1).
CFR 240.19b–4.
3 Self-Regulatory Organizations; ICE Clear Credit
LLC; Notice of Filing of Proposed Rule Change
Relating to the ICC Operational Risk Management
Framework; Securities Exchange Act Release No.
34–101603 (Nov. 13, 2024), 89 FR 91443 (Nov. 19,
2024) (SR–ICC–2024–011) (‘‘Notice’’).
4 Capitalized terms not otherwise defined herein
have the meanings assigned to them in ICC Rules
and the ORMF, as applicable.
2 17
CFR 200.30–3(a)(12).
VerDate Sep<11>2014
99949
Frm 00123
Fmt 4703
Sfmt 4703
E:\FR\FM\11DEN1.SGM
11DEN1
99950
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
is to align the ORMF with the
requirements of Rule 17Ad–25(i) under
the Act,5 primarily by adding to the
ORMF details about ICC’s relationships
with service providers.6 Further changes
in the ORMF would be included to more
clearly describe ICC’s risk mitigation
process and technology control
functions, among other revisions.
lotter on DSK11XQN23PROD with NOTICES1
A. Management of Risks From Service
Providers for Core Services
The Proposed Rule Change would
amend the ORMF primarily by adding
new Section II.B., titled ‘‘Management
of Risks from Relationships with Service
Providers for Core Services,’’ which
would describe ICC’s vetting and
management processes regarding any
service provider for critical services
(‘‘SPCS’’).7 The new section would
require ICC’s senior management to:
(1) Evaluate and document the risks
related to an agreement with a SPCS,
including under changes to
circumstances and potential
disruptions, and whether the risks can
be managed in a manner consistent with
the ORMF;
(2) Submit to the ICC Board of
Managers (‘‘Board’’) for review and
approval any agreement that would
establish a relationship with a SPCS,
along with the above-mentioned risk
evaluation;
(3) Be responsible for establishing the
policies and procedures that govern
relationships and manage risks related
to such agreements with a SPCS (while
the Board would be required to be
responsible for reviewing and approving
such policies and procedures); and
(4) Perform ongoing monitoring of the
relationship, and report to the Board for
its evaluation of any action taken by
senior management to remedy
significant deterioration in performance
or address changing risks or material
issues identified through such
monitoring; or if the risks or issues
cannot be remedied, to assess and
document weaknesses or deficiencies in
the relationship with the service
provider for submission to the Board.
The Proposed Rule Change would
introduce a two-pronged assessment
5 See generally Securities Exchange Act Release
No. 98959 (Nov. 16, 2023), 88 FR 84454 (Dec. 5,
2023) (File No. S7–21–22) (‘‘Clearing Agency
Governance and Conflicts of Interest’’).
6 See Notice, 89 FR at 91443.
7 A service provider for core services means any
person that, through a written services provider
agreement for services provided to or on behalf of
the registered clearing agency, on an ongoing basis,
directly supports the delivery of clearance or
settlement functionality or any other purposes
material to the business of the registered clearing
agency. 17 CFR 240.17Ad–25(a). ICC’s ORMF has
adopted the same terminology and meaning of
SPCS as Rule 17Ad–25(a).
VerDate Sep<11>2014
18:17 Dec 10, 2024
Jkt 265001
approach when identifying and
managing ICC’s relationships with a
SPCS, differentiating between internal
and external service providers.
Under the first prong, ICC would
conduct an assessment of internal
service providers. Currently, ICC
engages only one internal service
provider: ICC’s parent company,
Intercontinental Exchange, Inc.
(‘‘ICE’’).8 ICE is a SPCS because,
pursuant to written service agreements,
it provides core services to ICC that
directly support the delivery of
clearance and settlement functionality
or other purposes material to ICC’s
business as a registered clearing agency.
ICE provides business services such as
staffing, finance, and accounting
pursuant to a Master Services
Agreement between ICC and ICE, and
provides clearing and settlementspecific services to ICC pursuant to a
Clearing Settlement Services Agreement
(‘‘CSSA’’). The CSSA specifies that ICE
provides clearing and settlement
services pursuant to certain of ICE’s
‘‘Key Policies.’’ 9 Each Key Policy sets
forth its purpose and is applicable to all
ICE and ICC employees impacted by
such policy. Further, the CSSA provides
for a governance structure (set forth in
more detail in ICE’s Technology
Planning and Governance Policy)
whereby the Key Policies may only be
amended by ICE’s Operational Oversight
Committee (‘‘OOC’’) which includes
representatives of both ICE and ICC. The
OOC acts as the forum to discuss
changes and improvements to the
services provided to ICC by ICE.
Further, changes to any Key Policy may
not take effect until they have been
approved by the OOC and any material
proposed changes to the Key Policies
are subject to a veto by ICC.
Under the second prong, ICC would
conduct an assessment of external
service providers, utilizing ICC’s
External Service Provider Assessment
process. This process would be outlined
in Section II.C. of the ORMF and in
ICE’s Third Party Risk Management
(‘‘TPRM’’) program, which is applicable
to ICC as a subsidiary of ICE. Further,
8 See
Notice, 89 FR at 91444.
Key Policies include the following, which
may be updated from time to time: 1. Technology
Planning and Governance Policy; 2. Capacity
Planning Policy; 3. Change Management Policy; 4.
Corporate Business Continuity Policy; 5. Corporate
Information Security Policy; 6. Corporate
Information Technology Policy; 7. Corporate
Physical Security Policy; 8. Disaster Recovery
Policy; 9. Enterprise Risk Management Policy; 10.
Incident Management Policy; 11. Information
Technology Asset Management Policy; 12.
Infrastructure Observability Policy; 13. Software
Development Lifecycle Policy; 14. Third Party Risk
Management Policy.
9 ICE’s
PO 00000
Frm 00124
Fmt 4703
Sfmt 4703
with respect to ICC’s Financial Service
Providers 10 that are identified as SPCSs,
ICC utilizes its Counterparty Monitoring
Procedures. ICC’s External Service
Provider Assessment process is
supplemental to ICE’s TPRM program,
which applies to external vendors and
suppliers, service providers, and
contractors/consultants of ICE and its
subsidiaries, including ICC. The TPRM
program establishes a comprehensive
and structured approach for assessing,
managing, monitoring, and governance
of third-party risks at ICE and its
subsidiaries, including ICC. It requires
an assessment of operations and
resiliency through, among other things,
completion of initial on-boarding
assessments of the third party’s viability
and capability to meet expected
deliverables, business objectives, and
compliance with contractual
obligations, followed by ongoing
monitoring.
The Proposed Rule Change would
update vocabulary around and clarify
the description of ICC’s external service
provider assessments in newly
renumbered Section II.C of the ORMF.
As proposed, this section would no
longer refer to ‘‘critical vendors,’’ 11 but
would instead use the term ‘‘external
SPCS’’ to align the ORMF with Rule
17Ad–25 under the Exchange Act,
which uses and defines the term
‘‘service provider for core services.’’ 12
Currently, Section II.C provides that
external service providers are reviewed
and evaluated for re-approval based on
ICC’s current risk ranking system, which
is based on ‘‘tiers.’’ Under the Proposed
Rule Change, Section II.C. would no
longer describe the re-approval process
for such external service providers with
a ‘‘risk ranking’’ system based on ‘‘tiers’’
but would instead use a system of ‘‘risk
ratings.’’ Despite the terminology
change, the basic review methodology
would not. Under the Proposed Rule
Change, ICC would still assign the risk
rating based on a schedule of risk
assessments divided into low, moderate,
and high risks, that considers the risk
direction for strategic, reputational,
compliance, legal and operational risk
10 Financial service providers (‘‘FSPs’’) are not
covered by the TPRM program. FSPs, as defined in
ICC’s Counterparty Monitoring Procedures, are the
entities to which ICC has actual or potential credit
exposure, e.g., settlement banks, custodians,
depositories, reverse repurchase agreement (‘‘repo’’)
counterparties, committed repo counterparties, and
committed foreign exchange (‘‘FX’’) counterparties.
11 Currently the ORMF defines a ‘‘critical vendor’’
as any third party service which is deemed essential
to complete ICC’s core processes. Core processes
means acceptance of new trades, management of
positions, production of risk and banking reports,
and the movement of funds.
12 See 17 CFR 240.17Ad–25(a).
E:\FR\FM\11DEN1.SGM
11DEN1
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
lotter on DSK11XQN23PROD with NOTICES1
presented by the external service
provider, in the same way that ICC
currently assigns risk rankings.
Thus, when assessing an external
SPCS, ICC would continue to analyze
and manage risks posed by such
external service providers, including
strategic, reputational, compliance,
legal, and operational risk, in the same
manner as under the current ORMF.
Similarly, ICC would use existing
concepts when performing assessments
of an external SPCS. As noted above,
ICC is replacing the term ‘‘critical
vendor’’ with the term ‘‘external SPCS.’’
ICC also is replacing the term ‘‘core
processes’’ with the term ‘‘CDS core
clearing services.’’ Currently, a critical
vendor is any third party service
provider which is deemed essential to
complete ICC’s core processes, which
include acceptance of new trades,
management of positions, production of
risk and banking reports, and the
movement of funds. The definition of
external SPCS would include external
service providers for core services,
including CDS core clearing services,
which would continue to include
acceptance of new trades, management
of positions, production of risk and
banking reports, and the movement of
funds.
Similarly, risk assessments are and
would continue to be completed as part
of the initial onboarding process, as well
as periodically. Section II.C. would
clarify that ICC’s assessment of an
external SPCS would be in addition to
ICE’s TPRM program, which applies to
any external vendor or supplier, service
provider, and contractors and
consultants utilized by ICE or its
subsidiaries, including ICC. Although
ICC’s Business Continuity Planning and
Disaster Recovery programs Oversight
Committee (‘‘BDOC’’) will continue to
be the body performing these
assessments, proposed Section II.C.
would eliminate the current bullet point
list of items that may be included in the
risk assessments 13 and replace it with
the requirement to ‘‘evaluate and
document the risks related to an
agreement with the external SPCS,
including under changes to
13 Currently, the BDOC is responsible for
conducting a service provider risk assessment for
each critical vendor, which includes:
• Profiling critical vendor and services
performed;
• Reviewing performance activity to date, if
applicable;
• Validating or enhancing the contingency plan
in the event that a critical vendor cannot perform
as expected;
• Ensuring an ongoing oversight program of the
critical vendor;
• Assessing the varying risks posed by the critical
vendor.
VerDate Sep<11>2014
18:17 Dec 10, 2024
Jkt 265001
circumstances and potential
disruptions, and whether the risks can
be managed in a manner consistent with
the ORMF,’’ thus mirroring the language
found in Rule 17Ad–25(i)(1) under the
Act.14 Although the BDOC will continue
to review and recommend approval of
the inventory of ICC external SPCSs and
to assign risk ratings to the risk
assessments in order to determine the
frequency of ongoing risk assessment
reviews, Section II.C. would be updated
to state that the risk ratings will take
into consideration ICC’s plan to
complete core processing if the service
is unavailable. Additionally, Section
II.C. would state explicitly that the
BDOC reviews and recommends that the
ICC Compliance Committee
(‘‘Compliance Committee’’) approve the
inventory of ICC external SPCS.15
B. Further Changes to the ORMF
In addition to the above-described
changes, which primarily address
consistency with Rule 17Ad–25(i) under
the Act,16 the Proposed Rule Change
would:
• amend the ‘Introduction’ section of
the ORMF to provide uniform
abbreviations to existing defined terms,
which ICC believes will enhance the
clarity and readability of the ORMF; 17
• amend terms within the
‘Operational Risk Lifecycle’ chart of
Section I of the ORMF to ensure that it
accurately reflects the description of the
operational life cycle narrative and
correct typographical errors; and
• revise Section II., ‘Operational Risk
Focus Areas,’ to update ICC’s reference
to certain functions performed by ICE,
remove references to such functions
being ‘‘outsourced,’’ and instead note
that the functions are described in the
ORMF and performed pursuant to
services agreements between ICC and
ICE.
The Proposed Rule Change would
amend Section II.A., ‘Business
Continuity Planning and Disaster
Recovery,’ to more clearly describe the
steps in the collaboration process with
respect to the business impact analysis
(‘‘BIA’’) process. The proposed changes
would reorder and restate the steps for
completing BIA surveys used in creating
test plans. Currently, the ORMF states
that ICC ensures that it can recover from
14 17 CFR 240.17Ad–25(i)(1); see also Notice, 89
at 91444.
15 The ICC Compliance Committee is an internal
ICC committee that oversees and manages ICC’s
compliance program that establishes the framework
for identifying, assessing, measuring, monitoring,
mitigating, and reporting on compliance risks for
ICC.
16 17 CFR 240.17Ad–25(i).
17 See Notice, 89 at 91444.
PO 00000
Frm 00125
Fmt 4703
Sfmt 4703
99951
a wide-scale disruption and collaborates
with each department to complete BIA
surveys—specifically to ensure that
each critical business unit:
• Defines the Mission Critical Tasks
(‘‘MCT’’) to be performed;
• Creates test plans to ensure
recovery staff are properly trained;
• Performs periodic tests to validate
recovery staff’s ability to perform MCT;
and
• Reports the results of testing to
document successes, and detail
corrective actions.
As proposed, the first two bullet
points would be deleted and replaced
with:
• Identifies ICC business processes, as
well as the associated criticality of these
business process, by performing the
BIA; [and]
• Creates Business Continuity Plans
(BCPs) for those processes identified in
the BIA.
The third and fourth bullet points
would remain the same, except the third
bullet point would specify that the
periodic tests would be those of BCPs
and that, since the MCT acronym would
no longer apply, a reference would be
made to mission critical tests.18
The Proposed Rule Change also
would revise Section II.F. of the ORMF
(previously Section II.E.), ‘Technology
Control Functions,’ specifically to more
accurately reflect the ICC Technology
Department’s responsibilities. Section
II.F would be updated to specify that the
ICC Technology Department is
responsible for end-to-end design,
development, testing, deployment,
maintenance and day-to-day operations
of all enterprise software systems
needed for ICC core functions.
Currently, the ORMF describes the
Technology Department’s
responsibilities as risk analysis and
oversight of systems operations, systems
development/quality assurance and
capacity/performance planning. The
ORMF would be revised to state that
ICC’s Technology Department is
responsible for end-to-end design,
development, testing, deployment,
maintenance, and day-to-day operations
of enterprise software systems needed
for ICC core functions of CDS clearing.
In addition, the Proposed Rule Change
would update an outdated reference to
ICC’s Credit Technology Delivery
Method (‘‘CTDM’’), which is a separate
policy from the ORMF. Currently the
ORMF references the ICC Project
Delivery Policy, which is the former
title of the CTDM. Those references
would be updated to refer to the CTDM
instead. Similarly, in connection with a
18 Id.
E:\FR\FM\11DEN1.SGM
11DEN1
99952
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
discussion of how technology releases
are assessed, the Proposed Rule Change
would replace a current reference to the
ICC technology director with a reference
to the ICC Technology leadership team.
This change would more accurately
reflect that technology releases are
assessed by the entire ICC Technology
leadership team, not just the ICC
technology director.
Next, the Proposed Rule Change
would amend Appendix 1 of the ORMF
to include the titles of the relevant
regulatory requirements while removing
the existing summaries of such
regulations. ICC indicated that the
purpose of this change is to streamline
the reference process to provide the
reader with a more direct reference to
all the applicable regulations and avoid
the need to review and update
summaries of applicable regulations as
they are amended from time to time.19
Lastly, the Proposed Rule Change
would update the ‘Revision History’
section of the ORMF to reflect the
proposed changes described above, as
well as to formalize a series of nonmaterial updates previously made to the
ORMF that were the output of the
annual review of the ORMF conducted
by the Compliance Committee, and that
were reviewed and approved by the
Board in 2021, 2022, and 2023.20
III. Discussion
Section 19(b)(2)(C) of the Act directs
the Commission to approve a proposed
rule change of a self-regulatory
organization if it finds that the Proposed
Rule Change is consistent with the
requirements of the Act and the rules
and regulations thereunder applicable to
such organization.21 Under the
Commission’s Rules of Practice, the
‘‘burden to demonstrate that a proposed
rule change is consistent with the Act
and the rules and regulations issued
thereunder . . . is on the self-regulatory
organization [‘SRO’] that proposed the
rule change.’’ 22
lotter on DSK11XQN23PROD with NOTICES1
19 Id.
20 For example, updates approved by the Board in
2021 included language in Section I.A. ‘Risk
Assessment,’ clarifying that the Compliance
Committee reviews risk assessments during their
quarterly meetings. The 2021 updates also included
minor clarifications to Section I.B. to clarify that
one of the current responsibilities of the ICE
Enterprise Risk Management (‘‘ERM’’) function is to
observe and review the incident management
mitigation process and, if necessary, challenge
corrective action plan decisions and priority levels.
See Notice, 89 at 91444–45. ICC indicated that these
changes were intended to clarify the description of
current practices and the readability of the ORMF,
and as such, do not change current practices. Id. For
further examples, see Notice, 89 at 91444–45.
21 15 U.S.C. 78s(b)(2)(C).
22 Rule 700(b)(3), Commission Rules of Practice,
17 CFR 201.700(b)(3).
VerDate Sep<11>2014
18:17 Dec 10, 2024
Jkt 265001
The description of a proposed rule
change, its purpose and operation, its
effect, and a legal analysis of its
consistency with applicable
requirements must all be sufficiently
detailed and specific to support an
affirmative Commission finding,23 and
any failure of an SRO to provide this
information may result in the
Commission not having a sufficient
basis to make an affirmative finding that
a proposed rule change is consistent
with the Act and the applicable rules
and regulations.24 Moreover,
‘‘unquestioning reliance’’ on an SRO’s
representations in a proposed rule
change is not sufficient to justify
Commission approval of a proposed rule
change.25
After carefully considering the
Proposed Rule Change, the Commission
finds that the Proposed Rule Change is
consistent with the requirements of the
Act and the rules and regulations
thereunder applicable to ICC. More
specifically, for the reasons discussed
below, the proposed rule change is
consistent with Section 17A(b)(3)(F) of
the Act 26 and Rules 17Ad–25(i),27
17Ad–22(e)(17)(i),28 and 17Ad–
22(e)(2)(i) and (v) 29 thereunder.
A. Consistency With Section
17A(b)(3)(F) of the Act
Section 17A(b)(3)(F) of the Act
requires, among other things, that the
rules of ICC be designed to promote the
prompt and accurate clearance and
settlement of securities transactions
and, to the extent applicable, derivative
agreements, contracts, and
transactions.30 Based on a review of the
record, and for the reasons discussed
below, the proposed changes to the
ORMF are consistent with the
promotion of the prompt and accurate
clearance and settlement of transactions
at ICC.
Newly added Section II.B. of the
ORMF—addressing ICC’s management
of risks from relationships with SPCS—
and updated and renumbered Section
II.C. of the ORMF—titled ‘External
Service Provider Assessments’—help
facilitate ICC’s ability to manage its
relationships with SPCS and the
inherent risks these relationships
encompass. For instance, as discussed
above, the Proposed Rule Change would
23 Id.
24 Id.
25 Susquehanna Int’l Group, LLP v. Securities and
Exchange Commission, 866 F.3d 442, 447 (D.C. Cir.
2017) (‘‘Susquehanna’’).
26 15 U.S.C. 78q–1(b)(3)(F).
27 17 CFR 240.17Ad–25(i).
28 17 CFR 240.17Ad–22(e)(17)(i).
29 17 CFR 240.17Ad–22(e)(2)(i), (v).
30 15 U.S.C. 78q–1(b)(3)(F).
PO 00000
Frm 00126
Fmt 4703
Sfmt 4703
add Section II.B. to the ORMF, which
would specify the requirements and
procedures for ICC to manage the risks
arising from ICC’s relationships with
SPCS. Such requirements and
procedures would include, among other
things, evaluating and documenting
risks associated with a SPCS, submitting
a risk evaluation to the ICC Board
related to a relationship with a SPCS,
establishing policies and procedures
governing the relationship and riskmanagement of a SPCS relationship, and
performing ongoing monitoring of a
SPCS relationship for purposes of
identifying and remediating changing
risks.31 Together, Sections II.B. and II.C.
of the ORMF also would provide greater
clarity around the approval and
maintenance of ICC’s relationships with
SPCS that are contractually obligated
not only to supply services material to
running ICC’s business, such as staffing,
finance, and accounting, but also to
support ICC’s clearance and settlement
functionality. By promoting ICC’s ability
to manage relationships with SPCS,
both internal and external, the Proposed
Rule Change is thereby designed to
promote ICC’s capabilities in promptly
and accurately clearing and settling
securities transactions, and, to the
extent applicable, derivative
agreements, contracts, and transactions.
For the reasons stated above, the
Commission finds that the Proposed
Rule Change is consistent with Section
17A(b)(3)(F) of the Act.32
B. Consistency With Rule 17Ad–25(i)
Under the Act
Rule 17Ad–25(i) requires each
covered clearing agency to establish,
implement, maintain, and enforce
written policies and procedures
reasonably designed to (1) require senior
management to evaluate and document
the risks related to an agreement with a
service provider for core services,
including under changes to
circumstances and potential
disruptions, and whether the risks can
be managed in a manner consistent with
the clearing agency’s risk management
framework; (2) require senior
management to submit to the board of
directors for review and approval any
agreement that would establish a
relationship with a service provider for
core services, along with such risk
evaluation; (3) require senior
management to be responsible for
establishing the policies and procedures
that govern relationships and manage
31 The requirements outlined in Section II.B.
directly reflect language in Rule 17Ad–25(i), which
was approved by the Commission in 2023. See n.
5, supra.
32 Id.
E:\FR\FM\11DEN1.SGM
11DEN1
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
risks related to such agreements with
service providers for core services and
require the board of directors to be
responsible for reviewing and approving
such policies and procedures; and (4)
require senior management to perform
ongoing monitoring of the relationship,
and report to the board of directors for
its evaluation of any action taken by
senior management to remedy
significant deterioration in performance
or address changing risks or material
issues identified through such
monitoring; or if the risks or issues
cannot be remedied, require senior
management to assess and document
weaknesses or deficiencies in the
relationship with the service provider
for submission to the board of
directors.33 In adopting Rule 17Ad–
25(i), the Commission stated that the
final rule would more clearly delineate
the roles of senior management and the
board so as not to require the board to
undertake responsibilities reserved for
senior management.34
As described above, the Proposed
Rule Change would help ensure that the
ORMF codifies and implements policies
and procedures designed to ensure that
ICC appropriately manages relevant
risks that arise from ICC’s relationships
with SPCS, including by increasing
ORMF users’ awareness of those risks,
and ensuring that ICC identifies,
assesses, measures, monitors, mitigates,
and reports those risks. The ORMF also
delineates the responsibilities between
senior management and the Board
regarding these risks. Specifically, the
ORMF specifies that senior management
provides the Board with information
pertaining to relationships with SPCS,
any relevant risk evaluations, and
management’s efforts to monitor, assess,
document, and remedy risks associated
with these relationships.
For these reasons, the Commission
finds the Proposed Rule Change is
consistent with Rule 17Ad–25(i).35
lotter on DSK11XQN23PROD with NOTICES1
C. Consistency With Rule 17Ad–
22(e)(17)(i) Under the Act
Rule 17Ad–22(e)(17)(i) requires each
covered clearing agency to establish,
implement, maintain and enforce
written policies and procedures
reasonably designed to manage its
operational risks by identifying the
plausible sources of operational risk,
both internal and external, and
mitigating their impact through the use
of appropriate systems, policies,
procedures, and controls.36
As described above, the Proposed
Rule Change would update the ORMF to
provide additional and current details
regarding ICC’s management of SPCS
and assure that both ICC’s relationships
with SPCS and the risks associated with
those relationships are continuously
being monitored. The processes
specified in the ORMF are intended to
enhance ICC’s ability to identify
relevant internal and external sources of
operational risk. As such, the Proposed
Rule Change will define processes and
controls that will facilitate ICC’s ability
to mitigate the impact of such risks
through the use of appropriate systems,
policies, procedures, and controls,
consistent with the requirements of Rule
17Ad–22(e)(17)(i).37
For the reasons stated above, the
Commission finds the Proposed Rule
Change is consistent with Rule 17Ad–
22(e)(17)(i).38
D. Consistency With Rule 17Ad–
22(e)(2)(i) and (v) Under the Act
Rule 17Ad–22(e)(2)(i) and (v) requires
each covered clearing agency to
establish, implement, maintain and
enforce written policies and procedures
reasonably designed to provide for
governance arrangements that are clear
and transparent, and specify clear and
direct lines of responsibility.39
As described above, by adding new
Section II.B. to the ORMF, the Proposed
Rule Change would codify the
responsibilities of ICC’s management
and the Board when managing risks
arising from ICC’s relationships with
SPCS. The proposed changes also would
update the ORMF to clarify the
description of the Compliance
Committee and ERM responsibilities,
and the general updates described in
Section II.B. above, would help ensure
that the ORMF is accurate and current.
Taken together, these revisions to the
ORMF will help ICC maintain clear and
transparent governance arrangements
and specify clear and direct lines of
responsibility, which in turn will help
improve the accuracy and transparency
of ICC’s governance arrangements and
improve the clarity of the lines of
responsibility.
For these reasons, the Commission
finds the Proposed Rule Change is
consistent with Rule 17Ad–22(e)(2)(i)
and (v).40
36 17
33 17
CFR 240.17Ad–25(i).
34 See Clearing Agency Governance and Conflicts
of Interest, 88 FR at 84477.
35 Id.
VerDate Sep<11>2014
18:17 Dec 10, 2024
Jkt 265001
CFR 240.17Ad–22(e)(17)(i).
37 Id.
38 Id.
39 17
CFR 240.17Ad–22(e)(2)(i), (v).
40 Id.
PO 00000
Frm 00127
Fmt 4703
Sfmt 4703
99953
IV. Accelerated Approval of the
Proposed Rule Change
Under Section 19(b)(2) of the Act,41
the Commission may approve a
proposed rule change prior to the 30th
day after the date of publication of
notice of filing of the proposed rule
change in the Federal Register if the
Commission finds good cause for doing
so.
The Commission finds good cause,
pursuant to Section 19(b)(2) of the
Exchange Act,42 to approve the
Proposed Rule Change prior to the 30th
day after the date of publication of
notice of filing of the Proposed Rule
Change in the Federal Register. Rule
17Ad–25(i) requires, among other
things, that covered clearing agencies
establish, implement, maintain, and
enforce written policies and procedures
reasonably designed to require that
senior management (i) evaluate and
document the risks related to an
agreement with a SPCS; (ii) submit to
the board of directors for review and
approval any agreement that would
establish a relationship with a SPCS (iii)
be responsible for establishing the
policies and procedures that govern
relationships and manage risks related
to such agreements with SPCS; and (iv)
perform ongoing monitoring of the
relationship, and report to the board of
directors for its evaluation of any action
taken by senior management to remedy
significant deterioration in performance
or address changing risks or material
issues identified through such
monitoring.43 The proposed rule change
would establish ICC’s process for vetting
and managing its relationships with
SPCS, with specific processes for
internal and external SPCS, consistent
with Rule 17Ad–25(i).44 Based on the
foregoing, and as discussed above, the
Proposed Rule Change is consistent
with the requirements of Rule 17Ad–
25(i) under the Act.45
The compliance date for Rule 17Ad–
25(i) generally is December 5, 2024.46
Approving the Proposed Rule Change
on an accelerated basis will allow ICC
to establish its process for vetting and
managing its relationships with SPCS by
this compliance date. Accordingly, the
Commission finds good cause to
41 15
U.S.C. 78s(b)(2).
U.S.C. 78s(b)(2).
43 17 CFR 240.17Ad–25(i).
44 17 CFR 240.17Ad–25(i).
45 Id.
46 Clearing Agency Governance and Conflicts of
Interest, 88 FR at 84454 (explaining that the
compliance date for Rule 17Ad–25 is December 5,
2024, except that the compliance date for the
independence requirements of the board and board
committees in Rules 17Ad–25(b)(1), (c)(2), and (e)
is December 5, 2025).
42 15
E:\FR\FM\11DEN1.SGM
11DEN1
99954
Federal Register / Vol. 89, No. 238 / Wednesday, December 11, 2024 / Notices
comments on the proposed rule change
from interested persons.
approve the Proposed Rule Change on
an accelerated basis prior to the 30th
day after the date of publication of
notice of filing of the Proposed Rule
Change in the Federal Register,
pursuant to Section 19(b)(2) of the
Exchange Act.47
I. Self-Regulatory Organization’s
Statement of the Terms of Substance of
the Proposed Rule Change
V. Conclusion
On the basis of the foregoing, the
Commission finds that the proposed
rule change is consistent with the
requirements of the Act, and in
particular, with the requirements of
Section 17A(b)(3)(F) of the Act 48 and
Rules 17Ad–25(i),49 17Ad–22(e)(17)(i),50
and 17Ad–22(e)(2)(i) and (v) 51
thereunder.
It is therefore ordered pursuant to
Section 19(b)(2) of the Act 52 that the
Proposed Rule Change (SR–ICC–2024–
011), be, and hereby is, approved, on an
accelerated basis.53
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.54
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024–29037 Filed 12–10–24; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–101826; File No. SR–BX–
2024–053]
Self-Regulatory Organizations; Nasdaq
BX, Inc.; Notice of Filing and
Immediate Effectiveness of Proposed
Rule Change To Amend Equity 4, Rule
4759 Concerning Data Feeds Utilized
December 5, 2024.
Pursuant to Section 19(b)(1) of the
Securities Exchange Act of 1934
(‘‘Act’’),1 and Rule 19b–4 thereunder,2
notice is hereby given that on November
25, 2024, Nasdaq BX, Inc. (‘‘BX’’ or
‘‘Exchange’’) filed with the Securities
and Exchange Commission (‘‘SEC’’ or
‘‘Commission’’) the proposed rule
change as described in Items I and II
below, which Items have been prepared
by the Exchange. The Commission is
publishing this notice to solicit
47 15
U.S.C. 78s(b)(2).
U.S.C. 78q–1(b)(3)(F).
49 17 CFR 240.17Ad–25(i).
50 17 CFR 240.17Ad–22(e)(17)(i).
51 17 CFR 240.17Ad–22(e)(2)(i), (v).
52 15 U.S.C. 78s(b)(2).
53 In approving the proposed rule change, the
Commission considered the proposal’s impact on
efficiency, competition, and capital formation. 15
U.S.C. 78c(f).
54 17 CFR 200.30–3(a)(12).
1 15 U.S.C. 78s(b)(1).
2 17 CFR 240.19b–4.
lotter on DSK11XQN23PROD with NOTICES1
48 15
VerDate Sep<11>2014
18:17 Dec 10, 2024
Jkt 265001
The Exchange proposes to amend
Equity 4, Rule 4759 (Data Feeds
Utilized) to change the primary and
secondary source of quotation data of
certain market centers in the list of
proprietary and network processor feeds
that the Exchange utilizes for the
handling, routing, and execution of
orders as well as regulatory compliance
processes related to those functions.
The text of the proposed rule change
is available on the Exchange’s website at
https://listingcenter.nasdaq.com/
rulebook/nasdaq/rules, at the principal
office of the Exchange, and at the
Commission’s Public Reference Room.
II. Self-Regulatory Organization’s
Statement of the Purpose of, and
Statutory Basis for, the Proposed Rule
Change
In its filing with the Commission, the
Exchange included statements
concerning the purpose of and basis for
the proposed rule change and discussed
any comments it received on the
proposed rule change. The text of these
statements may be examined at the
places specified in Item IV below. The
Exchange has prepared summaries, set
forth in sections A, B, and C below, of
the most significant aspects of such
statements.
A. Self-Regulatory Organization’s
Statement of the Purpose of, and
Statutory Basis for, the Proposed Rule
Change
1. Purpose
The Exchange proposes to update and
amend the data feeds table in Equity 4,
Rule 4759, which sets forth on a marketby-market basis the specific proprietary
and network processor feeds that the
Exchange utilizes for the handling,
routing, and execution of orders, and for
performing the regulatory compliance
processes related to each of those
functions. Specifically, the table would
be amended to reflect that the Exchange
will receive a direct feed from the LongTerm Stock Exchange (‘‘LTSE’’) as its
primary quotation data source and CQS/
UQDF will become its secondary data
source for the handling, routing and
execution of orders and for performing
regulatory compliance processes related
to each of those functions. The change
to the primary sources reflects the
Exchange’s effort to include an
additional source and the use of
secondary sources in the event the
PO 00000
Frm 00128
Fmt 4703
Sfmt 4703
primary source is unable to provide
data.
The operative date of the proposed
rule change shall be November 25, 2024.
2. Statutory Basis
The Exchange believes that its
proposal is consistent with Section 6(b)
of the Act,3 in general, and furthers the
objectives of Section 6(b)(5) of the Act,4
in particular, in that it is designed to
promote just and equitable principles of
trade, to remove impediments to and
perfect the mechanism of a free and
open market and a national market
system, and, in general to protect
investors and the public interest.
The Exchange believes that the
proposed rule change removes
impediments to and perfects the
mechanism of a free and open market
because updating its data feeds table of
market centers for which the exchange
consumes quotation data through a
direct feed will provide clarity to market
participants. Additionally, it is
necessary and consistent with the
public interest and the protection of
investors to update the Exchange’s table
of market centers in Equity 4, Rule 4759
in order to provide transparency with
respect to all the direct proprietary and
network processor feeds from which the
Exchange obtains market data.
B. Self-Regulatory Organization’s
Statement on Burden on Competition
The Exchange does not believe that
the proposed rule change will impose
any burden on competition not
necessary or appropriate in furtherance
of the purposes of the Act. The
proposed rule change is not designed to
address any competitive issue; instead,
its purpose is to enhance transparency
with respect to the operation of the
Exchange and its use of market data
feeds.
C. Self-Regulatory Organization’s
Statement on Comments on the
Proposed Rule Change Received From
Members, Participants, or Others
No written comments were either
solicited or received.
III. Date of Effectiveness of the
Proposed Rule Change and Timing for
Commission Action
The Exchange has filed the proposed
rule change pursuant to Section
19(b)(3)(A)(iii) of the Act 5 and Rule
19b–4(f)(6) thereunder.6 Because the
proposed rule change does not: (i)
3 15
U.S.C. 78f(b).
U.S.C. 78f(b)(5).
5 15 U.S.C. 78s(b)(3)(A)(iii).
6 17 CFR 240.19b–4(f)(6).
4 15
E:\FR\FM\11DEN1.SGM
11DEN1
]]>Agencies
[Federal Register Volume 89, Number 238 (Wednesday, December 11, 2024)]
[Notices]
[Pages 99949-99954]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-29037]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-101819; File No. SR-ICC-2024-011]
Self-Regulatory Organizations; ICE Clear Credit LLC; Order
Granting Accelerated Approval of Proposed Rule Change Relating to the
ICC Operational Risk Management Framework
December 5, 2024.
I. Introduction
On November 13, 2024, ICE Clear Credit LLC (``ICC'') filed with the
Securities and Exchange Commission (the ``Commission''), pursuant to
Section 19(b)(1) of the Securities Exchange Act of 1934 (the ``Act'')
\1\ and Rule 19b-4 thereunder,\2\ a proposed rule change (hereafter,
``Proposed Rule Change'') to revise the Operational Risk Management
Framework (``ORMF''). The Proposed Rule Change was published for
comment in the Federal Register on November 19, 2024.\3\ The Commission
has not received comments regarding the Proposed Rule Change. For the
reasons discussed below, the Commission is approving the Proposed Rule
Change on an accelerated basis.
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 17 CFR 240.19b-4.
\3\ Self-Regulatory Organizations; ICE Clear Credit LLC; Notice
of Filing of Proposed Rule Change Relating to the ICC Operational
Risk Management Framework; Securities Exchange Act Release No. 34-
101603 (Nov. 13, 2024), 89 FR 91443 (Nov. 19, 2024) (SR-ICC-2024-
011) (``Notice'').
---------------------------------------------------------------------------
II. Description of the Proposed Rule Change
ICC is registered with the Commission as a clearing agency for the
purpose of clearing Credit Default Swap (``CDS'') contracts.\4\ In its
role as a CDS clearing agency, ICC faces operational risks stemming
from the breakdown of systems and processes that that would impair
ICC's ability to complete settlements or ICC's internal business
operations. The ORMF outlines ICC's risk assessment and oversight
program, which aims to address such operational risks, including by
reducing operational incidents, encouraging process and control
improvement, bringing transparency to operational performance standard
monitoring, and fulfilling regulatory obligations. The ORMF also
explains how ICC vets and manages service agreements with providers
covering various aspects of ICC's operations. According to ICC, one of
the purposes of the Proposed Rule Change
[[Page 99950]]
is to align the ORMF with the requirements of Rule 17Ad-25(i) under the
Act,\5\ primarily by adding to the ORMF details about ICC's
relationships with service providers.\6\ Further changes in the ORMF
would be included to more clearly describe ICC's risk mitigation
process and technology control functions, among other revisions.
---------------------------------------------------------------------------
\4\ Capitalized terms not otherwise defined herein have the
meanings assigned to them in ICC Rules and the ORMF, as applicable.
\5\ See generally Securities Exchange Act Release No. 98959
(Nov. 16, 2023), 88 FR 84454 (Dec. 5, 2023) (File No. S7-21-22)
(``Clearing Agency Governance and Conflicts of Interest'').
\6\ See Notice, 89 FR at 91443.
---------------------------------------------------------------------------
A. Management of Risks From Service Providers for Core Services
The Proposed Rule Change would amend the ORMF primarily by adding
new Section II.B., titled ``Management of Risks from Relationships with
Service Providers for Core Services,'' which would describe ICC's
vetting and management processes regarding any service provider for
critical services (``SPCS'').\7\ The new section would require ICC's
senior management to:
---------------------------------------------------------------------------
\7\ A service provider for core services means any person that,
through a written services provider agreement for services provided
to or on behalf of the registered clearing agency, on an ongoing
basis, directly supports the delivery of clearance or settlement
functionality or any other purposes material to the business of the
registered clearing agency. 17 CFR 240.17Ad-25(a). ICC's ORMF has
adopted the same terminology and meaning of SPCS as Rule 17Ad-25(a).
---------------------------------------------------------------------------
(1) Evaluate and document the risks related to an agreement with a
SPCS, including under changes to circumstances and potential
disruptions, and whether the risks can be managed in a manner
consistent with the ORMF;
(2) Submit to the ICC Board of Managers (``Board'') for review and
approval any agreement that would establish a relationship with a SPCS,
along with the above-mentioned risk evaluation;
(3) Be responsible for establishing the policies and procedures
that govern relationships and manage risks related to such agreements
with a SPCS (while the Board would be required to be responsible for
reviewing and approving such policies and procedures); and
(4) Perform ongoing monitoring of the relationship, and report to
the Board for its evaluation of any action taken by senior management
to remedy significant deterioration in performance or address changing
risks or material issues identified through such monitoring; or if the
risks or issues cannot be remedied, to assess and document weaknesses
or deficiencies in the relationship with the service provider for
submission to the Board.
The Proposed Rule Change would introduce a two-pronged assessment
approach when identifying and managing ICC's relationships with a SPCS,
differentiating between internal and external service providers.
Under the first prong, ICC would conduct an assessment of internal
service providers. Currently, ICC engages only one internal service
provider: ICC's parent company, Intercontinental Exchange, Inc.
(``ICE'').\8\ ICE is a SPCS because, pursuant to written service
agreements, it provides core services to ICC that directly support the
delivery of clearance and settlement functionality or other purposes
material to ICC's business as a registered clearing agency. ICE
provides business services such as staffing, finance, and accounting
pursuant to a Master Services Agreement between ICC and ICE, and
provides clearing and settlement-specific services to ICC pursuant to a
Clearing Settlement Services Agreement (``CSSA''). The CSSA specifies
that ICE provides clearing and settlement services pursuant to certain
of ICE's ``Key Policies.'' \9\ Each Key Policy sets forth its purpose
and is applicable to all ICE and ICC employees impacted by such policy.
Further, the CSSA provides for a governance structure (set forth in
more detail in ICE's Technology Planning and Governance Policy) whereby
the Key Policies may only be amended by ICE's Operational Oversight
Committee (``OOC'') which includes representatives of both ICE and ICC.
The OOC acts as the forum to discuss changes and improvements to the
services provided to ICC by ICE. Further, changes to any Key Policy may
not take effect until they have been approved by the OOC and any
material proposed changes to the Key Policies are subject to a veto by
ICC.
---------------------------------------------------------------------------
\8\ See Notice, 89 FR at 91444.
\9\ ICE's Key Policies include the following, which may be
updated from time to time: 1. Technology Planning and Governance
Policy; 2. Capacity Planning Policy; 3. Change Management Policy; 4.
Corporate Business Continuity Policy; 5. Corporate Information
Security Policy; 6. Corporate Information Technology Policy; 7.
Corporate Physical Security Policy; 8. Disaster Recovery Policy; 9.
Enterprise Risk Management Policy; 10. Incident Management Policy;
11. Information Technology Asset Management Policy; 12.
Infrastructure Observability Policy; 13. Software Development
Lifecycle Policy; 14. Third Party Risk Management Policy.
---------------------------------------------------------------------------
Under the second prong, ICC would conduct an assessment of external
service providers, utilizing ICC's External Service Provider Assessment
process. This process would be outlined in Section II.C. of the ORMF
and in ICE's Third Party Risk Management (``TPRM'') program, which is
applicable to ICC as a subsidiary of ICE. Further, with respect to
ICC's Financial Service Providers \10\ that are identified as SPCSs,
ICC utilizes its Counterparty Monitoring Procedures. ICC's External
Service Provider Assessment process is supplemental to ICE's TPRM
program, which applies to external vendors and suppliers, service
providers, and contractors/consultants of ICE and its subsidiaries,
including ICC. The TPRM program establishes a comprehensive and
structured approach for assessing, managing, monitoring, and governance
of third-party risks at ICE and its subsidiaries, including ICC. It
requires an assessment of operations and resiliency through, among
other things, completion of initial on-boarding assessments of the
third party's viability and capability to meet expected deliverables,
business objectives, and compliance with contractual obligations,
followed by ongoing monitoring.
---------------------------------------------------------------------------
\10\ Financial service providers (``FSPs'') are not covered by
the TPRM program. FSPs, as defined in ICC's Counterparty Monitoring
Procedures, are the entities to which ICC has actual or potential
credit exposure, e.g., settlement banks, custodians, depositories,
reverse repurchase agreement (``repo'') counterparties, committed
repo counterparties, and committed foreign exchange (``FX'')
counterparties.
---------------------------------------------------------------------------
The Proposed Rule Change would update vocabulary around and clarify
the description of ICC's external service provider assessments in newly
renumbered Section II.C of the ORMF. As proposed, this section would no
longer refer to ``critical vendors,'' \11\ but would instead use the
term ``external SPCS'' to align the ORMF with Rule 17Ad-25 under the
Exchange Act, which uses and defines the term ``service provider for
core services.'' \12\ Currently, Section II.C provides that external
service providers are reviewed and evaluated for re-approval based on
ICC's current risk ranking system, which is based on ``tiers.'' Under
the Proposed Rule Change, Section II.C. would no longer describe the
re-approval process for such external service providers with a ``risk
ranking'' system based on ``tiers'' but would instead use a system of
``risk ratings.'' Despite the terminology change, the basic review
methodology would not. Under the Proposed Rule Change, ICC would still
assign the risk rating based on a schedule of risk assessments divided
into low, moderate, and high risks, that considers the risk direction
for strategic, reputational, compliance, legal and operational risk
[[Page 99951]]
presented by the external service provider, in the same way that ICC
currently assigns risk rankings.
---------------------------------------------------------------------------
\11\ Currently the ORMF defines a ``critical vendor'' as any
third party service which is deemed essential to complete ICC's core
processes. Core processes means acceptance of new trades, management
of positions, production of risk and banking reports, and the
movement of funds.
\12\ See 17 CFR 240.17Ad-25(a).
---------------------------------------------------------------------------
Thus, when assessing an external SPCS, ICC would continue to
analyze and manage risks posed by such external service providers,
including strategic, reputational, compliance, legal, and operational
risk, in the same manner as under the current ORMF. Similarly, ICC
would use existing concepts when performing assessments of an external
SPCS. As noted above, ICC is replacing the term ``critical vendor''
with the term ``external SPCS.'' ICC also is replacing the term ``core
processes'' with the term ``CDS core clearing services.'' Currently, a
critical vendor is any third party service provider which is deemed
essential to complete ICC's core processes, which include acceptance of
new trades, management of positions, production of risk and banking
reports, and the movement of funds. The definition of external SPCS
would include external service providers for core services, including
CDS core clearing services, which would continue to include acceptance
of new trades, management of positions, production of risk and banking
reports, and the movement of funds.
Similarly, risk assessments are and would continue to be completed
as part of the initial onboarding process, as well as periodically.
Section II.C. would clarify that ICC's assessment of an external SPCS
would be in addition to ICE's TPRM program, which applies to any
external vendor or supplier, service provider, and contractors and
consultants utilized by ICE or its subsidiaries, including ICC.
Although ICC's Business Continuity Planning and Disaster Recovery
programs Oversight Committee (``BDOC'') will continue to be the body
performing these assessments, proposed Section II.C. would eliminate
the current bullet point list of items that may be included in the risk
assessments \13\ and replace it with the requirement to ``evaluate and
document the risks related to an agreement with the external SPCS,
including under changes to circumstances and potential disruptions, and
whether the risks can be managed in a manner consistent with the
ORMF,'' thus mirroring the language found in Rule 17Ad-25(i)(1) under
the Act.\14\ Although the BDOC will continue to review and recommend
approval of the inventory of ICC external SPCSs and to assign risk
ratings to the risk assessments in order to determine the frequency of
ongoing risk assessment reviews, Section II.C. would be updated to
state that the risk ratings will take into consideration ICC's plan to
complete core processing if the service is unavailable. Additionally,
Section II.C. would state explicitly that the BDOC reviews and
recommends that the ICC Compliance Committee (``Compliance Committee'')
approve the inventory of ICC external SPCS.\15\
---------------------------------------------------------------------------
\13\ Currently, the BDOC is responsible for conducting a service
provider risk assessment for each critical vendor, which includes:
Profiling critical vendor and services performed;
Reviewing performance activity to date, if applicable;
Validating or enhancing the contingency plan in the
event that a critical vendor cannot perform as expected;
Ensuring an ongoing oversight program of the critical
vendor;
Assessing the varying risks posed by the critical
vendor.
\14\ 17 CFR 240.17Ad-25(i)(1); see also Notice, 89 at 91444.
\15\ The ICC Compliance Committee is an internal ICC committee
that oversees and manages ICC's compliance program that establishes
the framework for identifying, assessing, measuring, monitoring,
mitigating, and reporting on compliance risks for ICC.
---------------------------------------------------------------------------
B. Further Changes to the ORMF
In addition to the above-described changes, which primarily address
consistency with Rule 17Ad-25(i) under the Act,\16\ the Proposed Rule
Change would:
---------------------------------------------------------------------------
\16\ 17 CFR 240.17Ad-25(i).
---------------------------------------------------------------------------
amend the `Introduction' section of the ORMF to provide
uniform abbreviations to existing defined terms, which ICC believes
will enhance the clarity and readability of the ORMF; \17\
---------------------------------------------------------------------------
\17\ See Notice, 89 at 91444.
---------------------------------------------------------------------------
amend terms within the `Operational Risk Lifecycle' chart
of Section I of the ORMF to ensure that it accurately reflects the
description of the operational life cycle narrative and correct
typographical errors; and
revise Section II., `Operational Risk Focus Areas,' to
update ICC's reference to certain functions performed by ICE, remove
references to such functions being ``outsourced,'' and instead note
that the functions are described in the ORMF and performed pursuant to
services agreements between ICC and ICE.
The Proposed Rule Change would amend Section II.A., `Business
Continuity Planning and Disaster Recovery,' to more clearly describe
the steps in the collaboration process with respect to the business
impact analysis (``BIA'') process. The proposed changes would reorder
and restate the steps for completing BIA surveys used in creating test
plans. Currently, the ORMF states that ICC ensures that it can recover
from a wide-scale disruption and collaborates with each department to
complete BIA surveys--specifically to ensure that each critical
business unit:
Defines the Mission Critical Tasks (``MCT'') to be
performed;
Creates test plans to ensure recovery staff are properly
trained;
Performs periodic tests to validate recovery staff's
ability to perform MCT; and
Reports the results of testing to document successes, and
detail corrective actions.
As proposed, the first two bullet points would be deleted and
replaced with:
Identifies ICC business processes, as well as the
associated criticality of these business process, by performing the
BIA; [and]
Creates Business Continuity Plans (BCPs) for those
processes identified in the BIA.
The third and fourth bullet points would remain the same, except
the third bullet point would specify that the periodic tests would be
those of BCPs and that, since the MCT acronym would no longer apply, a
reference would be made to mission critical tests.\18\
---------------------------------------------------------------------------
\18\ Id.
---------------------------------------------------------------------------
The Proposed Rule Change also would revise Section II.F. of the
ORMF (previously Section II.E.), `Technology Control Functions,'
specifically to more accurately reflect the ICC Technology Department's
responsibilities. Section II.F would be updated to specify that the ICC
Technology Department is responsible for end-to-end design,
development, testing, deployment, maintenance and day-to-day operations
of all enterprise software systems needed for ICC core functions.
Currently, the ORMF describes the Technology Department's
responsibilities as risk analysis and oversight of systems operations,
systems development/quality assurance and capacity/performance
planning. The ORMF would be revised to state that ICC's Technology
Department is responsible for end-to-end design, development, testing,
deployment, maintenance, and day-to-day operations of enterprise
software systems needed for ICC core functions of CDS clearing. In
addition, the Proposed Rule Change would update an outdated reference
to ICC's Credit Technology Delivery Method (``CTDM''), which is a
separate policy from the ORMF. Currently the ORMF references the ICC
Project Delivery Policy, which is the former title of the CTDM. Those
references would be updated to refer to the CTDM instead. Similarly, in
connection with a
[[Page 99952]]
discussion of how technology releases are assessed, the Proposed Rule
Change would replace a current reference to the ICC technology director
with a reference to the ICC Technology leadership team. This change
would more accurately reflect that technology releases are assessed by
the entire ICC Technology leadership team, not just the ICC technology
director.
Next, the Proposed Rule Change would amend Appendix 1 of the ORMF
to include the titles of the relevant regulatory requirements while
removing the existing summaries of such regulations. ICC indicated that
the purpose of this change is to streamline the reference process to
provide the reader with a more direct reference to all the applicable
regulations and avoid the need to review and update summaries of
applicable regulations as they are amended from time to time.\19\
---------------------------------------------------------------------------
\19\ Id.
---------------------------------------------------------------------------
Lastly, the Proposed Rule Change would update the `Revision
History' section of the ORMF to reflect the proposed changes described
above, as well as to formalize a series of non-material updates
previously made to the ORMF that were the output of the annual review
of the ORMF conducted by the Compliance Committee, and that were
reviewed and approved by the Board in 2021, 2022, and 2023.\20\
---------------------------------------------------------------------------
\20\ For example, updates approved by the Board in 2021 included
language in Section I.A. `Risk Assessment,' clarifying that the
Compliance Committee reviews risk assessments during their quarterly
meetings. The 2021 updates also included minor clarifications to
Section I.B. to clarify that one of the current responsibilities of
the ICE Enterprise Risk Management (``ERM'') function is to observe
and review the incident management mitigation process and, if
necessary, challenge corrective action plan decisions and priority
levels. See Notice, 89 at 91444-45. ICC indicated that these changes
were intended to clarify the description of current practices and
the readability of the ORMF, and as such, do not change current
practices. Id. For further examples, see Notice, 89 at 91444-45.
---------------------------------------------------------------------------
III. Discussion
Section 19(b)(2)(C) of the Act directs the Commission to approve a
proposed rule change of a self-regulatory organization if it finds that
the Proposed Rule Change is consistent with the requirements of the Act
and the rules and regulations thereunder applicable to such
organization.\21\ Under the Commission's Rules of Practice, the
``burden to demonstrate that a proposed rule change is consistent with
the Act and the rules and regulations issued thereunder . . . is on the
self-regulatory organization [`SRO'] that proposed the rule change.''
\22\
---------------------------------------------------------------------------
\21\ 15 U.S.C. 78s(b)(2)(C).
\22\ Rule 700(b)(3), Commission Rules of Practice, 17 CFR
201.700(b)(3).
---------------------------------------------------------------------------
The description of a proposed rule change, its purpose and
operation, its effect, and a legal analysis of its consistency with
applicable requirements must all be sufficiently detailed and specific
to support an affirmative Commission finding,\23\ and any failure of an
SRO to provide this information may result in the Commission not having
a sufficient basis to make an affirmative finding that a proposed rule
change is consistent with the Act and the applicable rules and
regulations.\24\ Moreover, ``unquestioning reliance'' on an SRO's
representations in a proposed rule change is not sufficient to justify
Commission approval of a proposed rule change.\25\
---------------------------------------------------------------------------
\23\ Id.
\24\ Id.
\25\ Susquehanna Int'l Group, LLP v. Securities and Exchange
Commission, 866 F.3d 442, 447 (D.C. Cir. 2017) (``Susquehanna'').
---------------------------------------------------------------------------
After carefully considering the Proposed Rule Change, the
Commission finds that the Proposed Rule Change is consistent with the
requirements of the Act and the rules and regulations thereunder
applicable to ICC. More specifically, for the reasons discussed below,
the proposed rule change is consistent with Section 17A(b)(3)(F) of the
Act \26\ and Rules 17Ad-25(i),\27\ 17Ad-22(e)(17)(i),\28\ and 17Ad-
22(e)(2)(i) and (v) \29\ thereunder.
---------------------------------------------------------------------------
\26\ 15 U.S.C. 78q-1(b)(3)(F).
\27\ 17 CFR 240.17Ad-25(i).
\28\ 17 CFR 240.17Ad-22(e)(17)(i).
\29\ 17 CFR 240.17Ad-22(e)(2)(i), (v).
---------------------------------------------------------------------------
A. Consistency With Section 17A(b)(3)(F) of the Act
Section 17A(b)(3)(F) of the Act requires, among other things, that
the rules of ICC be designed to promote the prompt and accurate
clearance and settlement of securities transactions and, to the extent
applicable, derivative agreements, contracts, and transactions.\30\
Based on a review of the record, and for the reasons discussed below,
the proposed changes to the ORMF are consistent with the promotion of
the prompt and accurate clearance and settlement of transactions at
ICC.
---------------------------------------------------------------------------
\30\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
Newly added Section II.B. of the ORMF--addressing ICC's management
of risks from relationships with SPCS--and updated and renumbered
Section II.C. of the ORMF--titled `External Service Provider
Assessments'--help facilitate ICC's ability to manage its relationships
with SPCS and the inherent risks these relationships encompass. For
instance, as discussed above, the Proposed Rule Change would add
Section II.B. to the ORMF, which would specify the requirements and
procedures for ICC to manage the risks arising from ICC's relationships
with SPCS. Such requirements and procedures would include, among other
things, evaluating and documenting risks associated with a SPCS,
submitting a risk evaluation to the ICC Board related to a relationship
with a SPCS, establishing policies and procedures governing the
relationship and risk-management of a SPCS relationship, and performing
ongoing monitoring of a SPCS relationship for purposes of identifying
and remediating changing risks.\31\ Together, Sections II.B. and II.C.
of the ORMF also would provide greater clarity around the approval and
maintenance of ICC's relationships with SPCS that are contractually
obligated not only to supply services material to running ICC's
business, such as staffing, finance, and accounting, but also to
support ICC's clearance and settlement functionality. By promoting
ICC's ability to manage relationships with SPCS, both internal and
external, the Proposed Rule Change is thereby designed to promote ICC's
capabilities in promptly and accurately clearing and settling
securities transactions, and, to the extent applicable, derivative
agreements, contracts, and transactions.
---------------------------------------------------------------------------
\31\ The requirements outlined in Section II.B. directly reflect
language in Rule 17Ad-25(i), which was approved by the Commission in
2023. See n. 5, supra.
---------------------------------------------------------------------------
For the reasons stated above, the Commission finds that the
Proposed Rule Change is consistent with Section 17A(b)(3)(F) of the
Act.\32\
---------------------------------------------------------------------------
\32\ Id.
---------------------------------------------------------------------------
B. Consistency With Rule 17Ad-25(i) Under the Act
Rule 17Ad-25(i) requires each covered clearing agency to establish,
implement, maintain, and enforce written policies and procedures
reasonably designed to (1) require senior management to evaluate and
document the risks related to an agreement with a service provider for
core services, including under changes to circumstances and potential
disruptions, and whether the risks can be managed in a manner
consistent with the clearing agency's risk management framework; (2)
require senior management to submit to the board of directors for
review and approval any agreement that would establish a relationship
with a service provider for core services, along with such risk
evaluation; (3) require senior management to be responsible for
establishing the policies and procedures that govern relationships and
manage
[[Page 99953]]
risks related to such agreements with service providers for core
services and require the board of directors to be responsible for
reviewing and approving such policies and procedures; and (4) require
senior management to perform ongoing monitoring of the relationship,
and report to the board of directors for its evaluation of any action
taken by senior management to remedy significant deterioration in
performance or address changing risks or material issues identified
through such monitoring; or if the risks or issues cannot be remedied,
require senior management to assess and document weaknesses or
deficiencies in the relationship with the service provider for
submission to the board of directors.\33\ In adopting Rule 17Ad-25(i),
the Commission stated that the final rule would more clearly delineate
the roles of senior management and the board so as not to require the
board to undertake responsibilities reserved for senior management.\34\
---------------------------------------------------------------------------
\33\ 17 CFR 240.17Ad-25(i).
\34\ See Clearing Agency Governance and Conflicts of Interest,
88 FR at 84477.
---------------------------------------------------------------------------
As described above, the Proposed Rule Change would help ensure that
the ORMF codifies and implements policies and procedures designed to
ensure that ICC appropriately manages relevant risks that arise from
ICC's relationships with SPCS, including by increasing ORMF users'
awareness of those risks, and ensuring that ICC identifies, assesses,
measures, monitors, mitigates, and reports those risks. The ORMF also
delineates the responsibilities between senior management and the Board
regarding these risks. Specifically, the ORMF specifies that senior
management provides the Board with information pertaining to
relationships with SPCS, any relevant risk evaluations, and
management's efforts to monitor, assess, document, and remedy risks
associated with these relationships.
For these reasons, the Commission finds the Proposed Rule Change is
consistent with Rule 17Ad-25(i).\35\
---------------------------------------------------------------------------
\35\ Id.
---------------------------------------------------------------------------
C. Consistency With Rule 17Ad-22(e)(17)(i) Under the Act
Rule 17Ad-22(e)(17)(i) requires each covered clearing agency to
establish, implement, maintain and enforce written policies and
procedures reasonably designed to manage its operational risks by
identifying the plausible sources of operational risk, both internal
and external, and mitigating their impact through the use of
appropriate systems, policies, procedures, and controls.\36\
---------------------------------------------------------------------------
\36\ 17 CFR 240.17Ad-22(e)(17)(i).
---------------------------------------------------------------------------
As described above, the Proposed Rule Change would update the ORMF
to provide additional and current details regarding ICC's management of
SPCS and assure that both ICC's relationships with SPCS and the risks
associated with those relationships are continuously being monitored.
The processes specified in the ORMF are intended to enhance ICC's
ability to identify relevant internal and external sources of
operational risk. As such, the Proposed Rule Change will define
processes and controls that will facilitate ICC's ability to mitigate
the impact of such risks through the use of appropriate systems,
policies, procedures, and controls, consistent with the requirements of
Rule 17Ad-22(e)(17)(i).\37\
---------------------------------------------------------------------------
\37\ Id.
---------------------------------------------------------------------------
For the reasons stated above, the Commission finds the Proposed
Rule Change is consistent with Rule 17Ad-22(e)(17)(i).\38\
---------------------------------------------------------------------------
\38\ Id.
---------------------------------------------------------------------------
D. Consistency With Rule 17Ad-22(e)(2)(i) and (v) Under the Act
Rule 17Ad-22(e)(2)(i) and (v) requires each covered clearing agency
to establish, implement, maintain and enforce written policies and
procedures reasonably designed to provide for governance arrangements
that are clear and transparent, and specify clear and direct lines of
responsibility.\39\
---------------------------------------------------------------------------
\39\ 17 CFR 240.17Ad-22(e)(2)(i), (v).
---------------------------------------------------------------------------
As described above, by adding new Section II.B. to the ORMF, the
Proposed Rule Change would codify the responsibilities of ICC's
management and the Board when managing risks arising from ICC's
relationships with SPCS. The proposed changes also would update the
ORMF to clarify the description of the Compliance Committee and ERM
responsibilities, and the general updates described in Section II.B.
above, would help ensure that the ORMF is accurate and current. Taken
together, these revisions to the ORMF will help ICC maintain clear and
transparent governance arrangements and specify clear and direct lines
of responsibility, which in turn will help improve the accuracy and
transparency of ICC's governance arrangements and improve the clarity
of the lines of responsibility.
For these reasons, the Commission finds the Proposed Rule Change is
consistent with Rule 17Ad-22(e)(2)(i) and (v).\40\
---------------------------------------------------------------------------
\40\ Id.
---------------------------------------------------------------------------
IV. Accelerated Approval of the Proposed Rule Change
Under Section 19(b)(2) of the Act,\41\ the Commission may approve a
proposed rule change prior to the 30th day after the date of
publication of notice of filing of the proposed rule change in the
Federal Register if the Commission finds good cause for doing so.
---------------------------------------------------------------------------
\41\ 15 U.S.C. 78s(b)(2).
---------------------------------------------------------------------------
The Commission finds good cause, pursuant to Section 19(b)(2) of
the Exchange Act,\42\ to approve the Proposed Rule Change prior to the
30th day after the date of publication of notice of filing of the
Proposed Rule Change in the Federal Register. Rule 17Ad-25(i) requires,
among other things, that covered clearing agencies establish,
implement, maintain, and enforce written policies and procedures
reasonably designed to require that senior management (i) evaluate and
document the risks related to an agreement with a SPCS; (ii) submit to
the board of directors for review and approval any agreement that would
establish a relationship with a SPCS (iii) be responsible for
establishing the policies and procedures that govern relationships and
manage risks related to such agreements with SPCS; and (iv) perform
ongoing monitoring of the relationship, and report to the board of
directors for its evaluation of any action taken by senior management
to remedy significant deterioration in performance or address changing
risks or material issues identified through such monitoring.\43\ The
proposed rule change would establish ICC's process for vetting and
managing its relationships with SPCS, with specific processes for
internal and external SPCS, consistent with Rule 17Ad-25(i).\44\ Based
on the foregoing, and as discussed above, the Proposed Rule Change is
consistent with the requirements of Rule 17Ad-25(i) under the Act.\45\
---------------------------------------------------------------------------
\42\ 15 U.S.C. 78s(b)(2).
\43\ 17 CFR 240.17Ad-25(i).
\44\ 17 CFR 240.17Ad-25(i).
\45\ Id.
---------------------------------------------------------------------------
The compliance date for Rule 17Ad-25(i) generally is December 5,
2024.\46\ Approving the Proposed Rule Change on an accelerated basis
will allow ICC to establish its process for vetting and managing its
relationships with SPCS by this compliance date. Accordingly, the
Commission finds good cause to
[[Page 99954]]
approve the Proposed Rule Change on an accelerated basis prior to the
30th day after the date of publication of notice of filing of the
Proposed Rule Change in the Federal Register, pursuant to Section
19(b)(2) of the Exchange Act.\47\
---------------------------------------------------------------------------
\46\ Clearing Agency Governance and Conflicts of Interest, 88 FR
at 84454 (explaining that the compliance date for Rule 17Ad-25 is
December 5, 2024, except that the compliance date for the
independence requirements of the board and board committees in Rules
17Ad-25(b)(1), (c)(2), and (e) is December 5, 2025).
\47\ 15 U.S.C. 78s(b)(2).
---------------------------------------------------------------------------
V. Conclusion
On the basis of the foregoing, the Commission finds that the
proposed rule change is consistent with the requirements of the Act,
and in particular, with the requirements of Section 17A(b)(3)(F) of the
Act \48\ and Rules 17Ad-25(i),\49\ 17Ad-22(e)(17)(i),\50\ and 17Ad-
22(e)(2)(i) and (v) \51\ thereunder.
---------------------------------------------------------------------------
\48\ 15 U.S.C. 78q-1(b)(3)(F).
\49\ 17 CFR 240.17Ad-25(i).
\50\ 17 CFR 240.17Ad-22(e)(17)(i).
\51\ 17 CFR 240.17Ad-22(e)(2)(i), (v).
---------------------------------------------------------------------------
It is therefore ordered pursuant to Section 19(b)(2) of the Act
\52\ that the Proposed Rule Change (SR-ICC-2024-011), be, and hereby
is, approved, on an accelerated basis.\53\
---------------------------------------------------------------------------
\52\ 15 U.S.C. 78s(b)(2).
\53\ In approving the proposed rule change, the Commission
considered the proposal's impact on efficiency, competition, and
capital formation. 15 U.S.C. 78c(f).
For the Commission, by the Division of Trading and Markets,
pursuant to delegated authority.\54\
---------------------------------------------------------------------------
\54\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024-29037 Filed 12-10-24; 8:45 am]
BILLING CODE 8011-01-P
