81 FR 29312 - Self-Regulatory Organizations; ICE Clear Credit LLC; Order Approving Proposed Rule Change To Revise the ICC Operational Risk Management Framework
SECURITIES AND EXCHANGE COMMISSION Federal Register Volume 81, Issue 91 (May 11, 2016)
Federal Register Volume 81, Issue 91 (May 11, 2016)
| Page Range | 29312-29313 | |
| FR Document | 2016-11010 |
[Federal Register Volume 81, Number 91 (Wednesday, May 11, 2016)] [Notices] [Pages 29312-29313] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-11010] ----------------------------------------------------------------------- SECURITIES AND EXCHANGE COMMISSION [Release No. 34-77769; File No. SR-ICC-2016-003] Self-Regulatory Organizations; ICE Clear Credit LLC; Order Approving Proposed Rule Change To Revise the ICC Operational Risk Management Framework May 5, 2016. I. Introduction On March 10, 2016, ICE Clear Credit LLC (``ICC'') filed with the Securities and Exchange Commission (``Commission''), pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (``Act'') \1\ and Rule 19b-4 thereunder,\2\ a proposed rule change (SR-ICC-2016-003) to update ICC's Operational Risk Management Framework. The proposed rule change was published for comment in the Federal Register on March 21, 2016.\3\ The Commission did not receive comments on the proposed rule change. For the reasons discussed below, the Commission is approving the proposed rule change. --------------------------------------------------------------------------- \1\ 15 U.S.C. 78s(b)(1). \2\ 17 CFR 240.19b-4. \3\ Securities Exchange Act Release No. 34-77413 (March 21, 2016), 81 FR 16245 (March 25, 2016) (SR-ICC-2016-003). --------------------------------------------------------------------------- II. Description of the Proposed Rule Change The ICC Operational Risk Management Framework details ICC's program of risk assessment and oversight, managed by the Operational Risk Manager (``ORM''), which, according to ICC, aims to reduce operational incidents, encourage process and control improvement, bring transparency to operational performance standard monitoring, and fulfill regulatory obligations. ICC proposes organizational changes to its Operational Risk Management Framework related to its operational risk management processes. ICC will revise the Operational Risk Management Framework to frame its existing operational risk program and processes around an operational risk lifecycle, which according to ICC, is designed to highlight certain aspects of the processes and present the processes in a more efficient manner. The operational risk lifecycle utilized by ICC will have five components: Identify, assess, monitor, mitigate and report. Each of these lifecycle components will be first defined generally in the document then applied to each of ICC's two operational risk processes: Risk assessment; and performance objectives setting and monitoring. Specifically, the content for each risk process will be reorganized to fall into each of the operational risk lifecycle components (i.e., identify, assess, monitor, mitigate, and report). In addition, ICC will add information regarding the `assess' and `report' component of the risk assessment process. Specifically, ICC represents that it will assess each of its risk scenarios to determine the inherent risk rating associated with the occurrence of an event or incident, as well as the effectiveness of any relevant risk controls. Further, in the `report' component, ICC will clarify that the ORM presents operational risk reporting to an internal committee which includes members of senior management. The responsibilities of the ORM, which is currently listed out in the document, will be incorporated into the risk lifecycles. ICC respresents that the ORM will continue to provide management and staff with advice and guidance related to the development of controls designed to increase performance and reduce processing risk, as part of the `mitigate' risk lifecycle component. Similarly, the responsibilities of senior management, which is currently listed out in the document, will be incorporated into the risk lifecycles. ICC will categorize those aspects of the operational risk management program which do not fall within this lifecycle as ``Operational Risk Focus Areas.'' These risk focus areas include: Business continuity planning and disaster recovery; vendor assessment; new products and initiatives; information security; and technology control functions. ICC will reorganize the order of these risk focus areas to better distinguish which functions may, with oversight by the ORM, be outsourced to Intercontinental Exchange, Inc. (``ICE, Inc.'') or performed by departments dedicated to that particular risk area. ICC will make several clarifying and organizational enhancements to the various risk focus area descriptions. Further, specific details contained within other ICC policies and procedures will be removed and described more generally within the Operational Risk Management Framework, in an effort to reduce redundancy amongst ICC policies and procedures. ICC will continue to maintain business continuity planning and disaster recovery as two separate programs with separate and distinct components; however, ICC will group the description of these programs together for purposes of the Operational [[Page 29313]] Risk Management Framework. ICC will amend the ``Vendor Assessment'' risk focus area description to note that the ORM is responsible for conducting a service provider risk assessment for critical vendors, and to list the specific steps taken as part of such risk assessment. ICC also will amend the ``Information Security'' risk focus area description to note that the ICE, Inc. Information Security Department conducts its own risk assessments related to information security and physical security/environmental controls, pursuant to internal policies which are maintained by an ICE, Inc. internal committee. Information regarding the Firm Wide Incident Management Program will be included in the new `Technology Controls Section.' ICC will amend the `Technology Control Functions' risk focus area description to note that the ICC Systems Operations team is responsible for executing daily clearing functions within established service expectations and performing incident management. ICC will describe this incident management process generally within the framework, and will remove more detailed aspects of the program which are contained in specific program documentation. General information regarding the development and enforcement of a firm-wide operational risk framework will be removed, as the revised framework will more clearly lay out in each particular section who is responsible for the development and enforcement of that component of the operational risk management framework. Information regarding the human resource reporting line of the ORM and specific references to titles of documents utilized as part of the risk assessment process will be removed. As the Vendor Risk Management policy will be retired and encompassed within the Operational Risk Management Framework, reference to the policy will be removed from the document. ICC will also remove internal audit responsibilities from the Operational Risk Management Framework as such responsibilities are contained within internal audit documentation. ICC represents that the overall governance of the Operational Risk Framework will also be updated to reflect current practices. Specifically, material amendments are reviewed by the Risk Committee, and approved by the Board. The Board reviews the Operational Risk Management Framework at least annually. Other non-material changes will be made to the framework to improve readability. Previously, ICC included regulatory requirements and industry guidance information within the framework; this information will be moved to a separate appendix to the framework. Further, information regarding Regulation Systems, Compliance, and Integrity will be added for completeness. Certain information regarding governance and governing committees will be resituated to the reporting section of the relevant operational risk lifecycle. Similarly, information regarding the roles and responsibilities of the ORM and senior management will be resituated to the appropriate section the operational risk lifecycle. III. Discussion and Commission Findings Section 19(b)(2)(C) of the Act \4\ directs the Commission to approve a proposed rule change of a self-regulatory organization if the Commission finds that the proposed rule change is consistent with the requirements of the Act and the rules and regulations thereunder applicable to such self-regulatory organization. Section 17A(b)(3)(F) of the Act \5\ requires, among other things, that the rules of a clearing agency are designed to promote the prompt and accurate clearance and settlement of securities transactions and, to the extent applicable, derivative agreements, contracts, and transactions, to assure the safeguarding of securities and funds which are in the custody or control of the clearing agency or for which it is responsible and, in general, to protect investors and the public interest. Rule 17Ad-22(d)(4),\6\ in part, requires clearing agencies to establish, implement, maintain and enforce written policies and procedures reasonably designed to identify sources of operational risk and minimize them through the development of appropriate systems, controls, and procedures. --------------------------------------------------------------------------- \4\ 15 U.S.C. 78s(b)(2)(C). \5\ 15 U.S.C. 78q-1(b)(3)(F). \6\ 17 CFR 240.17Ad-22(d)(4). --------------------------------------------------------------------------- The Commission finds that the proposed rule change is consistent with the requirements of Section 17A of the Act \7\ and the rules and regulations thereunder applicable to ICC. The proposed rule change updates the Operational Risk Management Framework to frame its existing operational risk program and processes around an operational risk lifestyle. In addition, the proposed rule change categorizes the operational risk management programs that do not fall within this lifecycle as Operational Risk Focus Areas. The Commission finds that the reorganization of ICC's existing operational risk processes around the operational risk lifecycle is designed to promote readability and efficiency, and should alleviate potential confusion in the implementation of the Operational Risk Management Framework. In that the Operational Risk Management Framework is intended, among other things, to reduce or mitigate operational incidents that would impair ICC's ability to provide clearance and settlement services, the Commission finds that the proposed rule change is designed to facilitate the prompt and accurate clearance and settlement of securities transaction and, to the extent applicable, derivative agreements, contracts, and transactions in accordance with Section 17A(b)(3)(F) of the Act.\8\ In addition, the Commission finds that the proposed rule change is consistent with the relevant requirements of Rule 17Ad-22(d)(4) \9\ because the change to the ICC Operational Risk Management Framework is intended to further ensure that ICC, through its operational risk program, is able to identify sources of operational risk and minimize them through the development of appropriate systems, control, and procedures. --------------------------------------------------------------------------- \7\ 15 U.S.C. 78q-1. \8\ 15 U.S.C. 78q-1(b)(3)(F). \9\ 17 CFR 240.17Ad-22(d)(4). --------------------------------------------------------------------------- IV. Conclusion On the basis of the foregoing, the Commission finds that the proposal is consistent with the requirements of the Act and in particular with the requirements of Section 17A of the Act \10\ and the rules and regulations thereunder. --------------------------------------------------------------------------- \10\ 15 U.S.C. 78q-1. --------------------------------------------------------------------------- IT IS THEREFORE ORDERED, pursuant to Section 19(b)(2) of the Act,\11\ that the proposed rule change (File No. SR-ICC-2016-003) be, and hereby is, approved.\12\ --------------------------------------------------------------------------- \11\ 15 U.S.C. 78s(b)(2). \12\ In approving the proposed rule change, the Commission considered the proposal's impact on efficiency, competition and capital formation. 15 U.S.C. 78c(f). For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.\13\ --------------------------------------------------------------------------- \13\ 17 CFR 200.30-3(a)(12). --------------------------------------------------------------------------- Robert W. Errett, Deputy Secretary. [FR Doc. 2016-11010 Filed 5-10-16; 8:45 am] BILLING CODE 8011-01-P
![29312 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Notices
Federal Register on March 22, 2016.3 SECURITIES AND EXCHANGE assessment; and performance objectives
On April 8, 2016, the Exchange COMMISSION setting and monitoring. Specifically, the
submitted Amendment No. 1 to the content for each risk process will be
[Release No. 34–77769; File No. SR–ICC–
proposed rule change, and on April 14, 2016–003]
reorganized to fall into each of the
2016, the Exchange submitted operational risk lifecycle components
Amendment No. 2 to the proposed rule Self-Regulatory Organizations; ICE (i.e., identify, assess, monitor, mitigate,
change.4 The Commission received no Clear Credit LLC; Order Approving and report).
comment letters on the proposed rule Proposed Rule Change To Revise the In addition, ICC will add information
ICC Operational Risk Management regarding the ‘assess’ and ‘report’
change.
Framework component of the risk assessment
Section 19(b)(2) of the Act 5 provides process. Specifically, ICC represents
that, within 45 days of the publication May 5, 2016. that it will assess each of its risk
of notice of the filing of a proposed rule scenarios to determine the inherent risk
I. Introduction
change, or within such longer period up rating associated with the occurrence of
to 90 days as the Commission may On March 10, 2016, ICE Clear Credit an event or incident, as well as the
designate if it finds such longer period LLC (‘‘ICC’’) filed with the Securities effectiveness of any relevant risk
to be appropriate and publishes its and Exchange Commission controls. Further, in the ‘report’
reasons for so finding or as to which the (‘‘Commission’’), pursuant to Section component, ICC will clarify that the
19(b)(1) of the Securities Exchange Act ORM presents operational risk reporting
self-regulatory organization consents,
of 1934 (‘‘Act’’) 1 and Rule 19b–4 to an internal committee which includes
the Commission shall either approve the
thereunder,2 a proposed rule change members of senior management. The
proposed rule change, disapprove the (SR–ICC–2016–003) to update ICC’s
proposed rule change, or institute responsibilities of the ORM, which is
Operational Risk Management currently listed out in the document,
proceedings to determine whether the Framework. The proposed rule change will be incorporated into the risk
proposed rule change should be was published for comment in the lifecycles. ICC respresents that the ORM
disapproved. The Commission is Federal Register on March 21, 2016.3 will continue to provide management
extending this 45-day time period. The Commission did not receive and staff with advice and guidance
The Commission finds that it is comments on the proposed rule change. related to the development of controls
appropriate to designate a longer period For the reasons discussed below, the designed to increase performance and
within which to take action on the Commission is approving the proposed reduce processing risk, as part of the
proposed rule change so that it has rule change. ‘mitigate’ risk lifecycle component.
sufficient time to consider the proposed II. Description of the Proposed Rule Similarly, the responsibilities of senior
rule change. Accordingly, the Change management, which is currently listed
Commission, pursuant to section out in the document, will be
The ICC Operational Risk incorporated into the risk lifecycles.
19(b)(2) of the Act,6 designates June 20, Management Framework details ICC’s
2016, as the date by which the ICC will categorize those aspects of
program of risk assessment and the operational risk management
Commission should either approve or oversight, managed by the Operational program which do not fall within this
disapprove or institute proceedings to Risk Manager (‘‘ORM’’), which, lifecycle as ‘‘Operational Risk Focus
determine whether to disapprove the according to ICC, aims to reduce Areas.’’ These risk focus areas include:
proposed rule change (File Number SR– operational incidents, encourage Business continuity planning and
BATS–2016–16), as modified by process and control improvement, bring disaster recovery; vendor assessment;
Amendment Nos. 1 and 2. transparency to operational performance new products and initiatives;
For the Commission, by the Division of
standard monitoring, and fulfill information security; and technology
Trading and Markets, pursuant to delegated
regulatory obligations. ICC proposes control functions. ICC will reorganize
authority.7
organizational changes to its the order of these risk focus areas to
Operational Risk Management better distinguish which functions may,
Robert W. Errett, Framework related to its operational
Deputy Secretary.
with oversight by the ORM, be
risk management processes. outsourced to Intercontinental
[FR Doc. 2016–11011 Filed 5–10–16; 8:45 am] ICC will revise the Operational Risk Exchange, Inc. (‘‘ICE, Inc.’’) or
BILLING CODE 8011–01–P Management Framework to frame its performed by departments dedicated to
existing operational risk program and that particular risk area.
processes around an operational risk ICC will make several clarifying and
lifecycle, which according to ICC, is organizational enhancements to the
designed to highlight certain aspects of various risk focus area descriptions.
the processes and present the processes Further, specific details contained
in a more efficient manner. The within other ICC policies and
operational risk lifecycle utilized by ICC procedures will be removed and
3 See Securities Exchange Act Release No. 77379 will have five components: Identify, described more generally within the
(March 16, 2016), 81 FR 15387. assess, monitor, mitigate and report. Operational Risk Management
4 Amendment No. 1 replaced and superseded the Each of these lifecycle components will Framework, in an effort to reduce
original filing in its entirety. Amendment No. 1 is be first defined generally in the redundancy amongst ICC policies and
mstockstill on DSK3G9T082PROD with NOTICES
available at http://www.sec.gov/comments/sr-bats- document then applied to each of ICC’s procedures. ICC will continue to
2016-16/bats201616-1.pdf. Amendment No. 2 two operational risk processes: Risk
amended the filing. Amendment No. 2 is available maintain business continuity planning
at http://www.sec.gov/comments/sr-bats-2016-16/ 1 15
and disaster recovery as two separate
U.S.C. 78s(b)(1).
bats201616-2.pdf. 2 17
programs with separate and distinct
CFR 240.19b–4.
5 15 U.S.C. 78s(b)(2).
3 Securities Exchange Act Release No. 34–77413 components; however, ICC will group
6 Id.
(March 21, 2016), 81 FR 16245 (March 25, 2016) the description of these programs
7 17 CFR 200.30–3(a)(31). (SR–ICC–2016–003). together for purposes of the Operational
VerDate Sep<11>2014 17:20 May 10, 2016 Jkt 238001 PO 00000 Frm 00064 Fmt 4703 Sfmt 4703 E:\FR\FM\11MYN1.SGM 11MYN1](https://thefederalregister.org/doc/81_FR_29403/page/1.svg)
![Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Notices 29313
Risk Management Framework. ICC will regulatory requirements and industry the reorganization of ICC’s existing
amend the ‘‘Vendor Assessment’’ risk guidance information within the operational risk processes around the
focus area description to note that the framework; this information will be operational risk lifecycle is designed to
ORM is responsible for conducting a moved to a separate appendix to the promote readability and efficiency, and
service provider risk assessment for framework. Further, information should alleviate potential confusion in
critical vendors, and to list the specific regarding Regulation Systems, the implementation of the Operational
steps taken as part of such risk Compliance, and Integrity will be added Risk Management Framework. In that
assessment. ICC also will amend the for completeness. Certain information the Operational Risk Management
‘‘Information Security’’ risk focus area regarding governance and governing Framework is intended, among other
description to note that the ICE, Inc. committees will be resituated to the
things, to reduce or mitigate operational
Information Security Department reporting section of the relevant
incidents that would impair ICC’s
conducts its own risk assessments operational risk lifecycle. Similarly,
related to information security and information regarding the roles and ability to provide clearance and
physical security/environmental responsibilities of the ORM and senior settlement services, the Commission
controls, pursuant to internal policies management will be resituated to the finds that the proposed rule change is
which are maintained by an ICE, Inc. appropriate section the operational risk designed to facilitate the prompt and
internal committee. Information lifecycle. accurate clearance and settlement of
regarding the Firm Wide Incident securities transaction and, to the extent
III. Discussion and Commission applicable, derivative agreements,
Management Program will be included
Findings contracts, and transactions in
in the new ‘Technology Controls
Section.’ ICC will amend the Section 19(b)(2)(C) of the Act 4 directs accordance with Section 17A(b)(3)(F) of
‘Technology Control Functions’ risk the Commission to approve a proposed the Act.8 In addition, the Commission
focus area description to note that the rule change of a self-regulatory finds that the proposed rule change is
ICC Systems Operations team is organization if the Commission finds consistent with the relevant
responsible for executing daily clearing that the proposed rule change is requirements of Rule 17Ad–22(d)(4) 9
functions within established service consistent with the requirements of the because the change to the ICC
expectations and performing incident Act and the rules and regulations Operational Risk Management
management. ICC will describe this thereunder applicable to such self- Framework is intended to further ensure
incident management process generally regulatory organization. Section
that ICC, through its operational risk
within the framework, and will remove 17A(b)(3)(F) of the Act 5 requires, among
program, is able to identify sources of
more detailed aspects of the program other things, that the rules of a clearing
operational risk and minimize them
which are contained in specific program agency are designed to promote the
prompt and accurate clearance and through the development of appropriate
documentation.
General information regarding the settlement of securities transactions systems, control, and procedures.
development and enforcement of a firm- and, to the extent applicable, derivative IV. Conclusion
wide operational risk framework will be agreements, contracts, and transactions,
removed, as the revised framework will to assure the safeguarding of securities On the basis of the foregoing, the
more clearly lay out in each particular and funds which are in the custody or Commission finds that the proposal is
section who is responsible for the control of the clearing agency or for consistent with the requirements of the
development and enforcement of that which it is responsible and, in general, Act and in particular with the
component of the operational risk to protect investors and the public requirements of Section 17A of the
management framework. Information interest. Rule 17Ad–22(d)(4),6 in part, Act 10 and the rules and regulations
regarding the human resource reporting requires clearing agencies to establish, thereunder.
line of the ORM and specific references implement, maintain and enforce
to titles of documents utilized as part of IT IS THEREFORE ORDERED,
written policies and procedures
the risk assessment process will be pursuant to Section 19(b)(2) of the
reasonably designed to identify sources
removed. As the Vendor Risk of operational risk and minimize them Act,11 that the proposed rule change
Management policy will be retired and through the development of appropriate (File No. SR–ICC–2016–003) be, and
encompassed within the Operational systems, controls, and procedures. hereby is, approved.12
Risk Management Framework, reference The Commission finds that the For the Commission, by the Division of
to the policy will be removed from the proposed rule change is consistent with Trading and Markets, pursuant to delegated
document. ICC will also remove internal the requirements of Section 17A of the authority.13
audit responsibilities from the Act 7 and the rules and regulations Robert W. Errett,
Operational Risk Management thereunder applicable to ICC. The Deputy Secretary.
Framework as such responsibilities are proposed rule change updates the
contained within internal audit [FR Doc. 2016–11010 Filed 5–10–16; 8:45 am]
Operational Risk Management
documentation. Framework to frame its existing BILLING CODE 8011–01–P
ICC represents that the overall operational risk program and processes
governance of the Operational Risk around an operational risk lifestyle. In
Framework will also be updated to addition, the proposed rule change
reflect current practices. Specifically, categorizes the operational risk 8 15 U.S.C. 78q–1(b)(3)(F).
material amendments are reviewed by
mstockstill on DSK3G9T082PROD with NOTICES
management programs that do not fall 9 17 CFR 240.17Ad–22(d)(4).
the Risk Committee, and approved by within this lifecycle as Operational Risk 10 15 U.S.C. 78q–1.
the Board. The Board reviews the Focus Areas. The Commission finds that 11 15 U.S.C. 78s(b)(2).
Operational Risk Management 12 In approving the proposed rule change, the
Framework at least annually. 4 15 U.S.C. 78s(b)(2)(C). Commission considered the proposal’s impact on
Other non-material changes will be 5 15 U.S.C. 78q–1(b)(3)(F). efficiency, competition and capital formation. 15
made to the framework to improve 6 17 CFR 240.17Ad–22(d)(4). U.S.C. 78c(f).
readability. Previously, ICC included 7 15 U.S.C. 78q–1. 13 17 CFR 200.30–3(a)(12).
VerDate Sep<11>2014 17:20 May 10, 2016 Jkt 238001 PO 00000 Frm 00065 Fmt 4703 Sfmt 9990 E:\FR\FM\11MYN1.SGM 11MYN1](https://thefederalregister.org/doc/81_FR_29403/page/2.svg)
Document Created: 2016-05-11 01:11:34
Document Modified: 2016-05-11 01:11:34
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| FR Citation | 81 FR 29312 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR