82_FR_38097 82 FR 37942 - Self-Regulatory Organizations; The Depository Trust Company; Fixed Income Clearing Corporation; National Securities Clearing Corporation; Notice of Filings of Proposed Rule Changes To Adopt the Clearing Agency Operational Risk Management Framework

82 FR 37942 - Self-Regulatory Organizations; The Depository Trust Company; Fixed Income Clearing Corporation; National Securities Clearing Corporation; Notice of Filings of Proposed Rule Changes To Adopt the Clearing Agency Operational Risk Management Framework

SECURITIES AND EXCHANGE COMMISSION

Federal Register Volume 82, Issue 155 (August 14, 2017)

Page Range37942-37946
FR Document2017-17043

Federal Register, Volume 82 Issue 155 (Monday, August 14, 2017)
[Federal Register Volume 82, Number 155 (Monday, August 14, 2017)]
[Notices]
[Pages 37942-37946]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-17043]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-81338; File Nos. SR-DTC-2017-014; SR-FICC-2017-017; SR-
NSCC-2017-013]


Self-Regulatory Organizations; The Depository Trust Company; 
Fixed Income Clearing Corporation; National Securities Clearing 
Corporation; Notice of Filings of Proposed Rule Changes To Adopt the 
Clearing Agency Operational Risk Management Framework

DATE: August 8, 2017.
    Pursuant to Section 19(b)(1) of the Securities Exchange Act of 
1934, as amended (``Act'') \1\ and Rule 19b-4 thereunder,\2\ notice is 
hereby given that on July 25, 2017, The Depository Trust Company 
(``DTC''), Fixed Income Clearing Corporation (``FICC''), and National 
Securities Clearing Corporation (``NSCC,'' and together with DTC and 
FICC, the ``Clearing Agencies'') filed with the Securities and Exchange 
Commission (``Commission'') the proposed rule changes as described in 
Items I and II below, which Items have been prepared primarily by the 
Clearing Agencies. The Commission is publishing this notice to solicit 
comments on the proposed rule changes from interested persons.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
---------------------------------------------------------------------------

I. Clearing Agencies' Statement of the Terms of Substance of the 
Proposed Rule Changes

    The proposed rule changes would adopt the Clearing Agency 
Operational Risk Management Framework (``Framework'') of the Clearing 
Agencies, described below. The Framework would apply to both of FICC's 
divisions, the Government Securities Division (``GSD'') and the 
Mortgage-Backed Securities Division (``MBSD''). The Framework would be 
maintained by the Clearing Agencies to support their compliance with 
Rule 17Ad-22(e)(17) under the Act, as described below.\3\
---------------------------------------------------------------------------

    \3\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------

    Although the Clearing Agencies would consider the Framework to be a 
rule, the proposed rule changes do not require any changes to the 
Rules, By-laws and Organization Certificate of DTC (``DTC Rules''), the 
Rulebook of GSD (``GSD Rules''), the Clearing Rules of MBSD (``MBSD 
Rules''), or the Rules & Procedures of NSCC (``NSCC Rules''), as the 
Framework would be a standalone document.\4\
---------------------------------------------------------------------------

    \4\ Capitalized terms not defined herein are defined in the DTC 
Rules, GSD Rules, MBSD Rules, or NSCC Rules, as applicable, 
available at http://dtcc.com/legal/rules-and-procedures.

---------------------------------------------------------------------------

[[Page 37943]]

II. Clearing Agencies' Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Changes

    In their filings with the Commission, the Clearing Agencies 
included statements concerning the purpose of and basis for the 
proposed rule changes and discussed any comments they received on the 
proposed rule changes. The text of these statements may be examined at 
the places specified in Item IV below. The Clearing Agencies have 
prepared summaries, set forth in sections A, B, and C below, of the 
most significant aspects of such statements.

(A) Clearing Agencies' Statement of the Purpose of, and Statutory Basis 
for, the Proposed Rule Changes

1. Purpose
    The Clearing Agencies are proposing to adopt the Framework, which 
would describe the manner in which each of the Clearing Agencies 
manages operational risk, which is defined by the Clearing Agencies in 
the Framework as the risk of direct or indirect loss or reputational 
harm resulting from an event, internal or external, that is the result 
of inadequate or failed processes, people, and systems (``Operational 
Risk''). As described in more detail below, the Framework would set 
forth the manner in which the Clearing Agencies (1) generally manage 
Operational Risk; (2) more specifically manage their information 
technology risks; and (3) more specifically manage their business 
continuity risks. The processes and systems described in the Framework, 
and any policies, procedures or other documents created to support 
those processes, support the Clearing Agencies' compliance with the 
requirements of Rule 17Ad-22(e)(17).\5\ The Framework would be 
maintained by the DTCC Operational Risk Management group (``ORM''), on 
behalf of the Clearing Agencies.\6\
---------------------------------------------------------------------------

    \5\ 17 CFR 240.17Ad-22(e)(17).
    \6\ The parent company of the Clearing Agencies is The 
Depository Trust & Clearing Corporation (``DTCC''). DTCC operates on 
a shared services model with respect to the Clearing Agencies. Most 
corporate functions are established and managed on an enterprise-
wide basis pursuant to intercompany agreements under which it is 
generally DTCC that provides a relevant service to a Clearing 
Agency.
---------------------------------------------------------------------------

Operational Risk Management
    The Framework would describe how the Clearing Agencies generally 
manage their Operational Risks. The Framework would describe how ORM is 
specifically charged with establishing appropriate systems, policies, 
procedures, and controls to enable management to identify plausible 
sources of Operational Risk in order to mitigate their impact to the 
Clearing Agencies, including through the Risk Tolerance Statements and 
Risk Profiles, as described below.
    The Framework would describe how the Clearing Agencies identify key 
risks and set metrics to categorize such risks (from ``no impact'' to 
``severe impact'') through ``Risk Tolerance Statements.'' The Framework 
would describe how the Risk Tolerance Statements document the overall 
risk reduction or mitigation objectives for the Clearing Agencies with 
respect to identified risks to the Clearing Agencies. The Framework 
would also describe how the Risk Tolerance Statements document the risk 
controls and other measures used to manage such identified risks, 
including escalation requirements in the event of risk metric breaches. 
The Framework would state that each Risk Tolerance Statement is 
reviewed, revised, updated, and/or created, as necessary, by ORM on an 
annual basis.
    The Framework would also describe how the Clearing Agencies monitor 
key risks, including Operational Risk, through ``Risk Profiles,'' which 
document the assessment of risk for each of the Clearing Agencies' 
businesses and support areas (each a ``Clearing Agency Business'' and/
or ``Clearing Agency Support Area''). The risk assessment documented in 
these profiles includes (1) identification and assessment of inherent 
risk, which is risk without any mitigating controls; (2) identification 
of existing controls, and, as appropriate, any new additional controls, 
and evaluation of the same risk against the strength of such controls; 
and (3) identification of any residual risk and a determination to 
either further mitigate such risk or accept such risk by the applicable 
Clearing Agency Business or Clearing Agency Support Area.
    The Framework would also provide a description of the 
responsibilities of ORM, which is a part of the second line of defense 
within the Clearing Agencies' Three Lines of Defense approach to risk 
management.\7\ The Framework would identify some of those 
responsibilities as including, for example, management of the Risk 
Tolerance Statements and working with the Clearing Agency Businesses 
and Clearing Agency Support Areas to create and monitor Risk Profiles.
---------------------------------------------------------------------------

    \7\ The Three Lines of Defense approach to risk management 
identifies the roles and responsibilities of different Clearing 
Agency Businesses or Clearing Agency Support Areas in identifying, 
assessing, measuring, monitoring, mitigating, and reporting certain 
key risks faced by the Clearing Agencies. The Three Lines of Defense 
approach is more fully described in a separate framework, the 
Clearing Agency Risk Management Framework, maintained by the DTCC 
General Counsel's Office. See SR-DTC-2017-013, SR-FICC-2017-016, SR-
NSCC-2017-012, which was filed with the Commission but has not yet 
been published in the Federal Register. A copy of these proposed 
rule change filings is available at http://www.dtcc.com/legal/sec-rule-filings.
---------------------------------------------------------------------------

Information Technology Risk
    The Framework would describe how the Clearing Agencies address 
information technology risks. The Framework would state that the DTCC 
Technology Risk Management group (``TRM''), on behalf of the Clearing 
Agencies, is responsible for establishing appropriate programs, 
policies, procedures, and controls with respect to the Clearing 
Agencies' information technology risks to help management ensure that 
systems have a high degree of security, resiliency, operational 
reliability, and adequate, scalable capacity. The Framework would 
identify some of the recognized information technology standards that 
may be used by TRM, as applicable, in support of executing its 
responsibilities.
    The Framework would also identify some of TRM's responsibilities, 
which include, for example, (1) performing risk assessments to, among 
other things, facilitate the determination of the Clearing Agencies' 
investment and remediation priorities; (2) facilitating annual 
mandatory and periodic information security awareness, education, 
training, and communication to personnel of Clearing Agency Businesses 
and Clearing Agency Support Areas and relevant external parties; and 
(3) creating, implementing, and managing certain programs, including 
programs that (i) address information security throughout a system's 
lifecycle, (ii) facilitate compliance with evolving and established 
regulatory rules and guidelines that govern protection of the 
information assets of the Clearing Agencies and their participants, 
(iii) identify, prioritize, and manage the level of cyber threats to 
the Clearing Agencies, and (iv) assure that access to Clearing Agency 
information assets is appropriately authorized and authenticated based 
on current business need.
    The Framework would state that TRM's risk strategy is closely 
aligned to the Clearing Agencies' business drivers and future strategic 
direction, such that efforts to achieve information security threat 
mitigation objectives, resiliency of infrastructure supporting Clearing 
Agency critical business applications,

[[Page 37944]]

and operational reliability are prioritized. The Framework would state 
this is also accomplished through TRM's early and consistent 
involvement in initiatives to develop new products and systems. The 
Framework would state that, by involving TRM from the initial planning 
phase, through the design, build and operative phases of those 
initiatives, resiliency, operational effectiveness, reliability, and 
availability requirements are addressed and incorporated into design 
and execution from both a technology and cyber security perspective.
    The Framework would also describe the Clearing Agencies' security 
strategy and defense, and would state that the Clearing Agencies' 
network security framework and preventive controls are designed to 
support a reliable and robust tiered security strategy and defense. 
These controls include modern and technically advanced security 
firewalls, intrusion detection, system and data monitoring, and data 
protection tools. The Framework would describe the Clearing Agencies' 
enhanced security features and the standards they use to assess 
vulnerabilities and potential threats.
Business Continuity Risk
    Finally, the Framework would describe how the Clearing Agencies 
have established and maintain business continuity plans to address 
events that may pose a significant risk of disrupting their operations. 
The Framework would describe how the business continuity process for 
each Clearing Agency Business and Clearing Agency Support Area is 
ranked within a range of tiers, from 0 to 5, based on criticality to 
each applicable Clearing Agency's operations (each a ``Tier''), where 
Tier 0 equates to critical operations or support of such operations for 
which virtually no downtime is permitted under applicable regulatory 
standards, and Tier 5 equates to non-essential operations or support of 
such operations for which recovery times of greater than five days is 
permitted.
    The Framework would state that, on an annual basis, each Clearing 
Agency Business and Clearing Agency Support Area updates its own 
business continuity plan and reviews and ratifies its business impact 
analysis. These analyses are used by the DTCC Business Continuity 
Management department (``BCM''), on behalf of the Clearing Agencies, to 
validate that business' or area's current Tier ranking. The Framework 
would identify the key elements of these business impact analyses, 
which include (1) an assessment of the criticality of the applicable 
Clearing Agency Business or Clearing Agency Support Area, based on 
potential impact to the Clearing Agency; (2) an estimation of the 
maximum allowable downtime for the applicable Clearing Agency Business 
or Clearing Agency Support Area; and (3) the identification of 
dependencies, and ranking such dependencies to align with the process 
criticality for recovery, of the applicable Clearing Agency Business or 
Clearing Agency Support Area.
    The Framework would describe the Clearing Agencies' multiple data 
centers, and the emergency monitoring and back up systems available at 
each site. The Framework would describe the capacity of the various 
data centers. The Framework would also describe the Clearing Agencies' 
operating centers, and would describe how each Clearing Agency Business 
and Clearing Agency Support Area creates and deploys its own work area 
recovery strategy to mitigate the loss of primary workspace and/or 
associated desktop technology, as well as for purposes of social 
distancing among personnel. The Framework would describe how each of 
these work area recovery strategies is developed and executed, based on 
the applicable Clearing Agency Business' and Clearing Agency Support 
Area's current Tier ranking, as described above.
    The Framework would describe the responsibilities of BCM in 
managing a disruptive business event, which includes coordination with 
a team of representatives from each Clearing Agency Business and 
Clearing Agency Support Area. Finally, the Framework would describe how 
the Clearing Agencies conduct regular exercises used to simulate loss 
of Clearing Agency locations, and would describe some of the preventive 
measures the Clearing Agencies take with respect to business continuity 
risk management.
2. Statutory Basis
    The Clearing Agencies believe that the proposed rule changes are 
consistent with the requirements of the Act and the rules and 
regulations thereunder applicable to a registered clearing agency. In 
particular, the Clearing Agencies believe that the Framework is 
consistent with Section 17A(b)(3)(F) of the Act \8\ and the subsections 
cited below of Rule 17Ad-22(e)(17),\9\ promulgated under the Act, for 
the reasons described below.
---------------------------------------------------------------------------

    \8\ 15 U.S.C. 78q-1(b)(3)(F).
    \9\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------

    Section 17A(b)(3)(F) of the Act requires, in part, that the rules 
of a registered clearing agency be designed to promote the prompt and 
accurate clearance and settlement of securities transactions, and to 
assure the safeguarding of securities and funds which are in the 
custody or control of the clearing agency or for which it is 
responsible.\10\ As described above, the Framework would describe how 
the Clearing Agencies manage their Operational Risk, technology and 
information security risks, and their business continuity risks. The 
processes, systems, and controls used by the Clearing Agencies to 
identify, manage, and mitigate these risks, as described in the 
Framework, and the policies and procedures that support these 
activities, assist the Clearing Agencies to continue the prompt and 
accurate clearance and settlement of securities transactions and 
continue to assure the safeguarding of securities and funds which are 
in their custody or control or for which they are responsible 
notwithstanding the realization of these risks. Therefore, the Clearing 
Agencies believe the Framework is consistent with the requirements of 
Section 17A(b)(3)(F) of the Act.\11\
---------------------------------------------------------------------------

    \10\ 15 U.S.C. 78q-1(b)(3)(F).
    \11\ Id.
---------------------------------------------------------------------------

    The Clearing Agencies believe that the Framework is consistent with 
the requirements of each of the subsections of Rule 17Ad-22(e)(17),\12\ 
cited below, for the reasons described below.
---------------------------------------------------------------------------

    \12\ 17 CFR 240.17Ad-22(e)(17).
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(17)(i) under the Act requires, in part, that each 
covered clearing agency establish, implement, maintain and enforce 
written policies and procedures reasonably designed to manage the 
covered clearing agency's operational risks by identifying the 
plausible sources of operational risk, both internal and external, and 
mitigating their impact through the use of appropriate systems, 
policies, procedures, and controls.\13\ The Framework would describe 
how the Risk Tolerance Statements and the Risk Profiles both assist the 
Clearing Agencies to identify the plausible sources of Operational 
Risk, both internal and external. As described above, the Risk 
Tolerance Statements identify both internal and external Clearing 
Agency risks, categorize the respective Clearing Agencies' tolerance 
for those risks, and then identify governance process applicable to any 
breach of those tolerances. In this way, the Risk Tolerance Statements 
allow the Clearing Agencies to identify and manage the risks they face. 
As described above, the Risk Profiles serve a similar

[[Page 37945]]

function, by serving as a tool for identifying and assessing inherent 
risks, and evaluating the controls around those risks. The Framework 
also describes the role of ORM, which includes oversight of the Risk 
Tolerance Statements and Risk Profiles. By describing the functions of 
the Risk Tolerance Statements and Risk Profiles, which, together, 
assist the Clearing Agencies in effectively managing their operational 
risks by identifying the plausible sources of operational risk, both 
internal and external, and by assisting the Clearing Agencies in 
mitigating the impact of those risks, and by describing the role of ORM 
in facilitating these tools, the Clearing Agencies believe the 
Framework is consistent with the requirements of Rule 17Ad-
22(e)(17)(i).\14\
---------------------------------------------------------------------------

    \13\ 17 CFR 240.17Ad-22(e)(17)(i).
    \14\ Id.
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(17)(ii) under the Act requires, in part, that each 
covered clearing agency establish, implement, maintain and enforce 
written policies and procedures reasonably designed to manage the 
covered clearing agency's operational risks by ensuring that systems 
have a high degree of security, resiliency, operational reliability, 
and adequate, scalable capacity.\15\ The Framework would describe the 
role, and some of the responsibilities, of TRM, in managing the 
Clearing Agencies' information technology risks and in helping the 
Clearing Agencies maintain systems with a high degree of security, 
resiliency, operational reliability, and adequate, scalable capacity. 
The Framework would also describe the programs, systems, and controls 
used by TRM in performing this function, and would identify some of the 
standards on information technology risk management that may be used by 
TRM in support of its responsibilities. The Framework would also 
describe TRM's role in product and project initiatives to address 
security issues through the lifecycle of an initiative. Therefore, by 
describing the role and responsibilities of TRM in managing the 
Clearing Agencies' information technology risks and in helping the 
Clearing Agencies maintain systems with a high degree of security, 
resiliency, operational reliability, and adequate, scalable capacity, 
the Clearing Agencies believe the Framework is consistent with the 
requirements of Rule 17Ad-22(e)(17)(ii).\16\
---------------------------------------------------------------------------

    \15\ 17 CFR 240.17Ad-22(e)(17)(ii).
    \16\ Id.
---------------------------------------------------------------------------

    Rule 17Ad-22(e)(17)(iii) under the Act requires, in part, that each 
covered clearing agency establish, implement, maintain and enforce 
written policies and procedures reasonably designed to manage the 
covered clearing agency's operational risks by establishing and 
maintaining a business continuity plan that addresses events posing a 
significant risk of disrupting operations.\17\ The Framework would 
describe how the Clearing Agencies have established and maintain 
business continuity plans, and would describe the critical features of 
those plans to demonstrate how such plans address events posing a 
significant risk of disrupting the Clearing Agencies' operations. The 
Framework would also describe how each Clearing Agency Business and 
Clearing Agency Support Area reviews and ratifies its respective plan 
and its business impact analysis, relative to its assigned Tier. 
Therefore, through this description of the establishment, management 
and maintenance of the business continuity plans of the Clearing 
Agencies, the Clearing Agencies believe the Framework is consistent 
with the requirements of Rule 17Ad-22(e)(17)(iii).\18\
---------------------------------------------------------------------------

    \17\ 17 CFR 240.17Ad-22(e)(17)(iii).
    \18\ Id.
---------------------------------------------------------------------------

(B) Clearing Agencies' Statement on Burden on Competition

    None of the Clearing Agencies believe that the Framework would have 
any impact, or impose any burden, on competition because the proposed 
rule changes reflect some of the existing methods by which the Clearing 
Agencies manage Operational Risk, including their management of 
information technology and business continuity risks, and would not 
effectuate any changes to the Clearing Agencies' processes described 
therein as they currently apply to their respective participants.

(C) Clearing Agencies' Statement on Comments on the Proposed Rule 
Changes Received From Members, Participants, or Others

    The Clearing Agencies have not solicited or received any written 
comments relating to this proposal. The Clearing Agencies will notify 
the Commission of any written comments received by the Clearing 
Agencies.

III. Date of Effectiveness of the Proposed Rule Changes, and Timing for 
Commission Action

    Within 45 days of the date of publication of this notice in the 
Federal Register or within such longer period up to 90 days (i) as the 
Commission may designate if it finds such longer period to be 
appropriate and publishes its reasons for so finding or (ii) as to 
which the clearing agency consents, the Commission will:
    (A) By order approve or disapprove such proposed rule changes, or
    (B) institute proceedings to determine whether the proposed rule 
changes should be disapproved.

IV. Solicitation of Comments

    Interested persons are invited to submit written data, views and 
arguments concerning the foregoing, including whether the proposed rule 
changes are consistent with the Act. Comments may be submitted by any 
of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (http://www.sec.gov/rules/sro.shtml); or
     Send an email to [email protected]. Please include 
File Number SR-DTC-2017-014, SR-FICC-2017-017, or SR-NSCC-2017-013 on 
the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street NE., Washington, DC 20549.

All submissions should refer to File Number SR-DTC-2017-014, SR-FICC-
2017-017, or SR-NSCC-2017-013. One of these file numbers should be 
included on the subject line if email is used. To help the Commission 
process and review your comments more efficiently, please use only one 
method. The Commission will post all comments on the Commission's 
Internet Web site (http://www.sec.gov/rules/sro.shtml). Copies of the 
submission, all subsequent amendments, all written statements with 
respect to the proposed rule changes that are filed with the 
Commission, and all written communications relating to the proposed 
rule changes between the Commission and any person, other than those 
that may be withheld from the public in accordance with the provisions 
of 5 U.S.C. 552, will be available for Web site viewing and printing in 
the Commission's Public Reference Room, 100 F Street NE., Washington, 
DC 20549 on official business days between the hours of 10:00 a.m. and 
3:00 p.m. Copies of the filing also will be available for inspection 
and copying at the principal office of the Clearing Agencies and on 
DTCC's Web site (http://dtcc.com/legal/sec-rule-filings.aspx). All 
comments received will be posted without change; the Commission does 
not edit personal identifying information from submissions. You should 
submit only

[[Page 37946]]

information that you wish to make available publicly. All submissions 
should refer to File Number SR-DTC-2017-014, SR-FICC-2017-017, or SR-
NSCC-2017-013 and should be submitted on or before September 5, 2017.
---------------------------------------------------------------------------

    \19\ 17 CFR 200.30-3(a)(12).

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\19\
Eduardo A. Aleman,
Assistant Secretary.
[FR Doc. 2017-17043 Filed 8-11-17; 8:45 am]
 BILLING CODE 8011-01-P



                                                37942                            Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices

                                                the marketplace for violations of                          Paper Comments                                         SECURITIES AND EXCHANGE
                                                Exchange Rules. The ORF assists the                                                                               COMMISSION
                                                Exchange to fund the cost of this                            • Send paper comments in triplicate
                                                                                                           to Secretary, Securities and Exchange                  [Release No. 34–81338; File Nos. SR–DTC–
                                                regulation of the marketplace.                                                                                    2017–014; SR–FICC–2017–017; SR–NSCC–
                                                                                                           Commission, 100 F Street NE.,
                                                B. Self-Regulatory Organization’s                                                                                 2017–013]
                                                                                                           Washington, DC 20549–1090.
                                                Statement on Burden on Competition
                                                                                                           All submissions should refer to File No.               Self-Regulatory Organizations; The
                                                   The Exchange does not believe that                      SR–ISE–2017–71. This file number                       Depository Trust Company; Fixed
                                                the proposed rule change will impose                       should be included on the subject line                 Income Clearing Corporation; National
                                                any burden on competition not                                                                                     Securities Clearing Corporation;
                                                                                                           if email is used. To help the
                                                necessary or appropriate in furtherance                                                                           Notice of Filings of Proposed Rule
                                                                                                           Commission process and review your
                                                of the purposes of the Act. The ORF is                                                                            Changes To Adopt the Clearing
                                                not intended to have any impact on                         comments more efficiently, please use                  Agency Operational Risk Management
                                                competition. Rather, it is designed to                     only one method. The Commission will                   Framework
                                                enable the Exchange to recover a                           post all comments on the Commission’s
                                                material portion of the Exchange’s cost                    Internet Web site (http://www.sec.gov/                 DATE: August 8, 2017.
                                                related to its regulatory activities. The                  rules/sro.shtml). Copies of the                           Pursuant to Section 19(b)(1) of the
                                                Exchange is obligated to ensure that the                   submission, all subsequent                             Securities Exchange Act of 1934, as
                                                amount of regulatory revenue collected                     amendments, all written statements                     amended (‘‘Act’’) 1 and Rule 19b–4
                                                from the ORF, in combination with its                      with respect to the proposed rule                      thereunder,2 notice is hereby given that
                                                other regulatory fees and fines, does not                  change that are filed with the                         on July 25, 2017, The Depository Trust
                                                exceed regulatory costs.                                   Commission, and all written                            Company (‘‘DTC’’), Fixed Income
                                                                                                           communications relating to the                         Clearing Corporation (‘‘FICC’’), and
                                                C. Self-Regulatory Organization’s                                                                                 National Securities Clearing Corporation
                                                                                                           proposed rule change between the
                                                Statement on Comments on the                                                                                      (‘‘NSCC,’’ and together with DTC and
                                                                                                           Commission and any person, other than
                                                Proposed Rule Change Received From                                                                                FICC, the ‘‘Clearing Agencies’’) filed
                                                Members, Participants, or Others                           those that may be withheld from the
                                                                                                                                                                  with the Securities and Exchange
                                                                                                           public in accordance with the                          Commission (‘‘Commission’’) the
                                                  No written comments were either                          provisions of 5 U.S.C. 552, will be                    proposed rule changes as described in
                                                solicited or received.                                     available for Web site viewing and                     Items I and II below, which Items have
                                                III. Date of Effectiveness of the                          printing in the Commission’s Public                    been prepared primarily by the Clearing
                                                Proposed Rule Change and Timing for                        Reference Room, 100 F Street NE.,                      Agencies. The Commission is
                                                Commission Action                                          Washington, DC 20549, on official                      publishing this notice to solicit
                                                                                                           business days between the hours of                     comments on the proposed rule changes
                                                   The foregoing rule change has become                    10:00 a.m. and 3:00 p.m. Copies of the                 from interested persons.
                                                effective pursuant to Section
                                                                                                           filing also will be available for
                                                19(b)(3)(A)(ii) of the Act.15 At any time                                                                         I. Clearing Agencies’ Statement of the
                                                                                                           inspection and copying at the principal                Terms of Substance of the Proposed
                                                within 60 days of the filing of the
                                                                                                           office of the Exchange. All comments                   Rule Changes
                                                proposed rule change, the Commission
                                                summarily may temporarily suspend                          received will be posted without change;
                                                                                                           the Commission does not edit personal                     The proposed rule changes would
                                                such rule change if it appears to the                                                                             adopt the Clearing Agency Operational
                                                Commission that such action is: (i)                        identifying information from
                                                                                                                                                                  Risk Management Framework
                                                necessary or appropriate in the public                     submissions. You should submit only
                                                                                                                                                                  (‘‘Framework’’) of the Clearing
                                                interest; (ii) for the protection of                       information that you wish to make
                                                                                                                                                                  Agencies, described below. The
                                                investors; or (iii) otherwise in                           available publicly. All submissions                    Framework would apply to both of
                                                furtherance of the purposes of the Act.                    should refer to File No. SR–ISE–2017–                  FICC’s divisions, the Government
                                                If the Commission takes such action, the                   71, and should be submitted on or                      Securities Division (‘‘GSD’’) and the
                                                Commission shall institute proceedings                     before September 5, 2017.                              Mortgage-Backed Securities Division
                                                to determine whether the proposed rule                       For the Commission, by the Division of               (‘‘MBSD’’). The Framework would be
                                                should be approved or disapproved.                         Trading and Markets, pursuant to delegated             maintained by the Clearing Agencies to
                                                IV. Solicitation of Comments                               authority.16                                           support their compliance with Rule
                                                                                                           Eduardo A. Aleman,                                     17Ad–22(e)(17) under the Act, as
                                                  Interested persons are invited to                                                                               described below.3
                                                                                                           Assistant Secretary.
                                                submit written data, views, and                                                                                      Although the Clearing Agencies
                                                arguments concerning the foregoing,                        [FR Doc. 2017–17050 Filed 8–11–17; 8:45 am]            would consider the Framework to be a
                                                including whether the proposed rule                        BILLING CODE 8011–01–P                                 rule, the proposed rule changes do not
                                                change is consistent with the Act.                                                                                require any changes to the Rules, By-
                                                Comments may be submitted by any of                                                                               laws and Organization Certificate of
                                                the following methods:                                                                                            DTC (‘‘DTC Rules’’), the Rulebook of
                                                                                                                                                                  GSD (‘‘GSD Rules’’), the Clearing Rules
                                                Electronic Comments
                                                                                                                                                                  of MBSD (‘‘MBSD Rules’’), or the Rules
                                                  • Use the Commission’s Internet                                                                                 & Procedures of NSCC (‘‘NSCC Rules’’),
sradovich on DSK3GMQ082PROD with NOTICES




                                                comment form (http://www.sec.gov/                                                                                 as the Framework would be a
                                                rules/sro.shtml); or                                                                                              standalone document.4
                                                  • Send an email to rule-comments@
                                                                                                                                                                    1 15 U.S.C. 78s(b)(1).
                                                sec.gov. Please include File No. SR–ISE–                                                                            2 17 CFR 240.19b–4.
                                                2017–71 on the subject line.                                                                                        3 17 CFR 240.17Ad–22(e)(17).
                                                                                                                                                                    4 Capitalized terms not defined herein are defined
                                                  15 15   U.S.C. 78s(b)(3)(A)(ii).                           16 17   CFR 200.30–3(a)(12).                         in the DTC Rules, GSD Rules, MBSD Rules, or



                                           VerDate Sep<11>2014      16:45 Aug 11, 2017   Jkt 241001   PO 00000   Frm 00104    Fmt 4703   Sfmt 4703   E:\FR\FM\14AUN1.SGM   14AUN1


                                                                             Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices                                                      37943

                                                II. Clearing Agencies’ Statement of the                 identify plausible sources of                          identify some of those responsibilities
                                                Purpose of, and Statutory Basis for, the                Operational Risk in order to mitigate                  as including, for example, management
                                                Proposed Rule Changes                                   their impact to the Clearing Agencies,                 of the Risk Tolerance Statements and
                                                   In their filings with the Commission,                including through the Risk Tolerance                   working with the Clearing Agency
                                                the Clearing Agencies included                          Statements and Risk Profiles, as                       Businesses and Clearing Agency
                                                statements concerning the purpose of                    described below.                                       Support Areas to create and monitor
                                                and basis for the proposed rule changes                    The Framework would describe how                    Risk Profiles.
                                                and discussed any comments they                         the Clearing Agencies identify key risks
                                                                                                                                                               Information Technology Risk
                                                received on the proposed rule changes.                  and set metrics to categorize such risks
                                                                                                        (from ‘‘no impact’’ to ‘‘severe impact’’)                 The Framework would describe how
                                                The text of these statements may be
                                                                                                        through ‘‘Risk Tolerance Statements.’’                 the Clearing Agencies address
                                                examined at the places specified in Item
                                                                                                        The Framework would describe how the                   information technology risks. The
                                                IV below. The Clearing Agencies have
                                                                                                        Risk Tolerance Statements document                     Framework would state that the DTCC
                                                prepared summaries, set forth in
                                                                                                        the overall risk reduction or mitigation               Technology Risk Management group
                                                sections A, B, and C below, of the most
                                                                                                        objectives for the Clearing Agencies                   (‘‘TRM’’), on behalf of the Clearing
                                                significant aspects of such statements.
                                                                                                        with respect to identified risks to the                Agencies, is responsible for establishing
                                                (A) Clearing Agencies’ Statement of the                 Clearing Agencies. The Framework                       appropriate programs, policies,
                                                Purpose of, and Statutory Basis for, the                would also describe how the Risk                       procedures, and controls with respect to
                                                Proposed Rule Changes                                   Tolerance Statements document the risk                 the Clearing Agencies’ information
                                                                                                        controls and other measures used to                    technology risks to help management
                                                1. Purpose
                                                                                                        manage such identified risks, including                ensure that systems have a high degree
                                                   The Clearing Agencies are proposing                                                                         of security, resiliency, operational
                                                                                                        escalation requirements in the event of
                                                to adopt the Framework, which would                                                                            reliability, and adequate, scalable
                                                                                                        risk metric breaches. The Framework
                                                describe the manner in which each of                                                                           capacity. The Framework would
                                                                                                        would state that each Risk Tolerance
                                                the Clearing Agencies manages                                                                                  identify some of the recognized
                                                                                                        Statement is reviewed, revised, updated,
                                                operational risk, which is defined by the                                                                      information technology standards that
                                                Clearing Agencies in the Framework as                   and/or created, as necessary, by ORM on
                                                                                                        an annual basis.                                       may be used by TRM, as applicable, in
                                                the risk of direct or indirect loss or                                                                         support of executing its responsibilities.
                                                                                                           The Framework would also describe
                                                reputational harm resulting from an                                                                               The Framework would also identify
                                                event, internal or external, that is the                how the Clearing Agencies monitor key
                                                                                                        risks, including Operational Risk,                     some of TRM’s responsibilities, which
                                                result of inadequate or failed processes,                                                                      include, for example, (1) performing risk
                                                people, and systems (‘‘Operational                      through ‘‘Risk Profiles,’’ which
                                                                                                        document the assessment of risk for                    assessments to, among other things,
                                                Risk’’). As described in more detail                                                                           facilitate the determination of the
                                                below, the Framework would set forth                    each of the Clearing Agencies’
                                                                                                        businesses and support areas (each a                   Clearing Agencies’ investment and
                                                the manner in which the Clearing                                                                               remediation priorities; (2) facilitating
                                                Agencies (1) generally manage                           ‘‘Clearing Agency Business’’ and/or
                                                                                                        ‘‘Clearing Agency Support Area’’). The                 annual mandatory and periodic
                                                Operational Risk; (2) more specifically                                                                        information security awareness,
                                                manage their information technology                     risk assessment documented in these
                                                                                                        profiles includes (1) identification and               education, training, and communication
                                                risks; and (3) more specifically manage                                                                        to personnel of Clearing Agency
                                                their business continuity risks. The                    assessment of inherent risk, which is
                                                                                                        risk without any mitigating controls; (2)              Businesses and Clearing Agency
                                                processes and systems described in the                                                                         Support Areas and relevant external
                                                Framework, and any policies,                            identification of existing controls, and,
                                                                                                        as appropriate, any new additional                     parties; and (3) creating, implementing,
                                                procedures or other documents created                                                                          and managing certain programs,
                                                to support those processes, support the                 controls, and evaluation of the same risk
                                                                                                        against the strength of such controls;                 including programs that (i) address
                                                Clearing Agencies’ compliance with the                                                                         information security throughout a
                                                requirements of Rule 17Ad–22(e)(17).5                   and (3) identification of any residual
                                                                                                        risk and a determination to either                     system’s lifecycle, (ii) facilitate
                                                The Framework would be maintained                                                                              compliance with evolving and
                                                by the DTCC Operational Risk                            further mitigate such risk or accept such
                                                                                                        risk by the applicable Clearing Agency                 established regulatory rules and
                                                Management group (‘‘ORM’’), on behalf                                                                          guidelines that govern protection of the
                                                of the Clearing Agencies.6                              Business or Clearing Agency Support
                                                                                                        Area.                                                  information assets of the Clearing
                                                Operational Risk Management                                The Framework would also provide a                  Agencies and their participants, (iii)
                                                                                                        description of the responsibilities of                 identify, prioritize, and manage the
                                                  The Framework would describe how
                                                                                                        ORM, which is a part of the second line                level of cyber threats to the Clearing
                                                the Clearing Agencies generally manage
                                                                                                        of defense within the Clearing Agencies’               Agencies, and (iv) assure that access to
                                                their Operational Risks. The Framework
                                                                                                        Three Lines of Defense approach to risk                Clearing Agency information assets is
                                                would describe how ORM is specifically
                                                                                                        management.7 The Framework would                       appropriately authorized and
                                                charged with establishing appropriate
                                                                                                                                                               authenticated based on current business
                                                systems, policies, procedures, and
                                                                                                          7 The Three Lines of Defense approach to risk        need.
                                                controls to enable management to                                                                                  The Framework would state that
                                                                                                        management identifies the roles and responsibilities
                                                                                                        of different Clearing Agency Businesses or Clearing    TRM’s risk strategy is closely aligned to
                                                NSCC Rules, as applicable, available at http://         Agency Support Areas in identifying, assessing,
                                                dtcc.com/legal/rules-and-procedures.                                                                           the Clearing Agencies’ business drivers
                                                                                                        measuring, monitoring, mitigating, and reporting
sradovich on DSK3GMQ082PROD with NOTICES




                                                   5 17 CFR 240.17Ad–22(e)(17).
                                                                                                        certain key risks faced by the Clearing Agencies.      and future strategic direction, such that
                                                   6 The parent company of the Clearing Agencies is     The Three Lines of Defense approach is more fully      efforts to achieve information security
                                                The Depository Trust & Clearing Corporation             described in a separate framework, the Clearing        threat mitigation objectives, resiliency
                                                (‘‘DTCC’’). DTCC operates on a shared services          Agency Risk Management Framework, maintained           of infrastructure supporting Clearing
                                                model with respect to the Clearing Agencies. Most       by the DTCC General Counsel’s Office. See SR–
                                                corporate functions are established and managed on      DTC–2017–013, SR–FICC–2017–016, SR–NSCC–               Agency critical business applications,
                                                an enterprise-wide basis pursuant to intercompany       2017–012, which was filed with the Commission
                                                agreements under which it is generally DTCC that        but has not yet been published in the Federal          filings is available at http://www.dtcc.com/legal/
                                                provides a relevant service to a Clearing Agency.       Register. A copy of these proposed rule change         sec-rule-filings.



                                           VerDate Sep<11>2014   16:45 Aug 11, 2017   Jkt 241001   PO 00000   Frm 00105   Fmt 4703   Sfmt 4703   E:\FR\FM\14AUN1.SGM   14AUN1


                                                37944                        Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices

                                                and operational reliability are                         applicable Clearing Agency Business or                to promote the prompt and accurate
                                                prioritized. The Framework would state                  Clearing Agency Support Area, based on                clearance and settlement of securities
                                                this is also accomplished through                       potential impact to the Clearing Agency;              transactions, and to assure the
                                                TRM’s early and consistent involvement                  (2) an estimation of the maximum                      safeguarding of securities and funds
                                                in initiatives to develop new products                  allowable downtime for the applicable                 which are in the custody or control of
                                                and systems. The Framework would                        Clearing Agency Business or Clearing                  the clearing agency or for which it is
                                                state that, by involving TRM from the                   Agency Support Area; and (3) the                      responsible.10 As described above, the
                                                initial planning phase, through the                     identification of dependencies, and                   Framework would describe how the
                                                design, build and operative phases of                   ranking such dependencies to align with               Clearing Agencies manage their
                                                those initiatives, resiliency, operational              the process criticality for recovery, of              Operational Risk, technology and
                                                effectiveness, reliability, and availability            the applicable Clearing Agency Business               information security risks, and their
                                                requirements are addressed and                          or Clearing Agency Support Area.                      business continuity risks. The
                                                incorporated into design and execution                     The Framework would describe the                   processes, systems, and controls used by
                                                from both a technology and cyber                        Clearing Agencies’ multiple data                      the Clearing Agencies to identify,
                                                security perspective.                                   centers, and the emergency monitoring                 manage, and mitigate these risks, as
                                                   The Framework would also describe                    and back up systems available at each                 described in the Framework, and the
                                                the Clearing Agencies’ security strategy                site. The Framework would describe the                policies and procedures that support
                                                and defense, and would state that the                   capacity of the various data centers. The             these activities, assist the Clearing
                                                Clearing Agencies’ network security                     Framework would also describe the                     Agencies to continue the prompt and
                                                framework and preventive controls are                   Clearing Agencies’ operating centers,                 accurate clearance and settlement of
                                                designed to support a reliable and                      and would describe how each Clearing                  securities transactions and continue to
                                                robust tiered security strategy and                     Agency Business and Clearing Agency                   assure the safeguarding of securities and
                                                defense. These controls include modern                  Support Area creates and deploys its                  funds which are in their custody or
                                                and technically advanced security                       own work area recovery strategy to                    control or for which they are
                                                firewalls, intrusion detection, system                  mitigate the loss of primary workspace                responsible notwithstanding the
                                                and data monitoring, and data                           and/or associated desktop technology,                 realization of these risks. Therefore, the
                                                protection tools. The Framework would                   as well as for purposes of social                     Clearing Agencies believe the
                                                describe the Clearing Agencies’                         distancing among personnel. The                       Framework is consistent with the
                                                enhanced security features and the                      Framework would describe how each of                  requirements of Section 17A(b)(3)(F) of
                                                standards they use to assess                            these work area recovery strategies is                the Act.11
                                                vulnerabilities and potential threats.                  developed and executed, based on the                     The Clearing Agencies believe that the
                                                                                                        applicable Clearing Agency Business’                  Framework is consistent with the
                                                Business Continuity Risk
                                                                                                        and Clearing Agency Support Area’s                    requirements of each of the subsections
                                                   Finally, the Framework would                         current Tier ranking, as described                    of Rule 17Ad–22(e)(17),12 cited below,
                                                describe how the Clearing Agencies                      above.                                                for the reasons described below.
                                                have established and maintain business                     The Framework would describe the                      Rule 17Ad–22(e)(17)(i) under the Act
                                                continuity plans to address events that                 responsibilities of BCM in managing a                 requires, in part, that each covered
                                                may pose a significant risk of disrupting               disruptive business event, which                      clearing agency establish, implement,
                                                their operations. The Framework would                   includes coordination with a team of                  maintain and enforce written policies
                                                describe how the business continuity                    representatives from each Clearing                    and procedures reasonably designed to
                                                process for each Clearing Agency                        Agency Business and Clearing Agency                   manage the covered clearing agency’s
                                                Business and Clearing Agency Support                    Support Area. Finally, the Framework                  operational risks by identifying the
                                                Area is ranked within a range of tiers,                 would describe how the Clearing                       plausible sources of operational risk,
                                                from 0 to 5, based on criticality to each               Agencies conduct regular exercises used               both internal and external, and
                                                applicable Clearing Agency’s operations                 to simulate loss of Clearing Agency                   mitigating their impact through the use
                                                (each a ‘‘Tier’’), where Tier 0 equates to              locations, and would describe some of                 of appropriate systems, policies,
                                                critical operations or support of such                  the preventive measures the Clearing                  procedures, and controls.13 The
                                                operations for which virtually no                       Agencies take with respect to business                Framework would describe how the
                                                downtime is permitted under applicable                  continuity risk management.                           Risk Tolerance Statements and the Risk
                                                regulatory standards, and Tier 5 equates                                                                      Profiles both assist the Clearing
                                                to non-essential operations or support of               2. Statutory Basis                                    Agencies to identify the plausible
                                                such operations for which recovery                         The Clearing Agencies believe that the             sources of Operational Risk, both
                                                times of greater than five days is                      proposed rule changes are consistent                  internal and external. As described
                                                permitted.                                              with the requirements of the Act and the              above, the Risk Tolerance Statements
                                                   The Framework would state that, on                   rules and regulations thereunder                      identify both internal and external
                                                an annual basis, each Clearing Agency                   applicable to a registered clearing                   Clearing Agency risks, categorize the
                                                Business and Clearing Agency Support                    agency. In particular, the Clearing                   respective Clearing Agencies’ tolerance
                                                Area updates its own business                           Agencies believe that the Framework is                for those risks, and then identify
                                                continuity plan and reviews and ratifies                consistent with Section 17A(b)(3)(F) of               governance process applicable to any
                                                its business impact analysis. These                     the Act 8 and the subsections cited                   breach of those tolerances. In this way,
                                                analyses are used by the DTCC Business                  below of Rule 17Ad–22(e)(17),9                        the Risk Tolerance Statements allow the
                                                Continuity Management department
sradovich on DSK3GMQ082PROD with NOTICES




                                                                                                        promulgated under the Act, for the                    Clearing Agencies to identify and
                                                (‘‘BCM’’), on behalf of the Clearing                    reasons described below.                              manage the risks they face. As described
                                                Agencies, to validate that business’ or                    Section 17A(b)(3)(F) of the Act                    above, the Risk Profiles serve a similar
                                                area’s current Tier ranking. The                        requires, in part, that the rules of a
                                                Framework would identify the key                        registered clearing agency be designed                  10 15    U.S.C. 78q–1(b)(3)(F).
                                                elements of these business impact                                                                               11 Id.

                                                analyses, which include (1) an                            8 15   U.S.C. 78q–1(b)(3)(F).                         12 17    CFR 240.17Ad–22(e)(17).
                                                assessment of the criticality of the                      9 17   CFR 240.17Ad–22(e)(17).                        13 17    CFR 240.17Ad–22(e)(17)(i).



                                           VerDate Sep<11>2014   16:45 Aug 11, 2017   Jkt 241001   PO 00000   Frm 00106   Fmt 4703   Sfmt 4703   E:\FR\FM\14AUN1.SGM      14AUN1


                                                                                Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices                                              37945

                                                function, by serving as a tool for                         and procedures reasonably designed to                   reasons for so finding or (ii) as to which
                                                identifying and assessing inherent risks,                  manage the covered clearing agency’s                    the clearing agency consents, the
                                                and evaluating the controls around                         operational risks by establishing and                   Commission will:
                                                those risks. The Framework also                            maintaining a business continuity plan                    (A) By order approve or disapprove
                                                describes the role of ORM, which                           that addresses events posing a                          such proposed rule changes, or
                                                includes oversight of the Risk Tolerance                   significant risk of disrupting                            (B) institute proceedings to determine
                                                Statements and Risk Profiles. By                           operations.17 The Framework would                       whether the proposed rule changes
                                                describing the functions of the Risk                       describe how the Clearing Agencies                      should be disapproved.
                                                Tolerance Statements and Risk Profiles,                    have established and maintain business                  IV. Solicitation of Comments
                                                which, together, assist the Clearing                       continuity plans, and would describe
                                                Agencies in effectively managing their                     the critical features of those plans to                   Interested persons are invited to
                                                operational risks by identifying the                       demonstrate how such plans address                      submit written data, views and
                                                plausible sources of operational risk,                     events posing a significant risk of                     arguments concerning the foregoing,
                                                both internal and external, and by                         disrupting the Clearing Agencies’                       including whether the proposed rule
                                                assisting the Clearing Agencies in                         operations. The Framework would also                    changes are consistent with the Act.
                                                mitigating the impact of those risks, and                  describe how each Clearing Agency                       Comments may be submitted by any of
                                                by describing the role of ORM in                           Business and Clearing Agency Support                    the following methods:
                                                facilitating these tools, the Clearing                     Area reviews and ratifies its respective                Electronic Comments
                                                Agencies believe the Framework is                          plan and its business impact analysis,                    • Use the Commission’s Internet
                                                consistent with the requirements of Rule                   relative to its assigned Tier. Therefore,
                                                17Ad–22(e)(17)(i).14                                                                                               comment form (http://www.sec.gov/
                                                                                                           through this description of the                         rules/sro.shtml); or
                                                   Rule 17Ad–22(e)(17)(ii) under the Act                   establishment, management and
                                                requires, in part, that each covered                                                                                 • Send an email to rule-comments@
                                                                                                           maintenance of the business continuity                  sec.gov. Please include File Number SR–
                                                clearing agency establish, implement,                      plans of the Clearing Agencies, the
                                                maintain and enforce written policies                                                                              DTC–2017–014, SR–FICC–2017–017, or
                                                                                                           Clearing Agencies believe the                           SR–NSCC–2017–013 on the subject line.
                                                and procedures reasonably designed to                      Framework is consistent with the
                                                manage the covered clearing agency’s                       requirements of Rule 17Ad–                              Paper Comments
                                                operational risks by ensuring that                         22(e)(17)(iii).18                                          • Send paper comments in triplicate
                                                systems have a high degree of security,                                                                            to Secretary, Securities and Exchange
                                                resiliency, operational reliability, and                   (B) Clearing Agencies’ Statement on
                                                                                                           Burden on Competition                                   Commission, 100 F Street NE.,
                                                adequate, scalable capacity.15 The                                                                                 Washington, DC 20549.
                                                Framework would describe the role, and                        None of the Clearing Agencies believe
                                                some of the responsibilities, of TRM, in                                                                           All submissions should refer to File
                                                                                                           that the Framework would have any                       Number SR–DTC–2017–014, SR–FICC–
                                                managing the Clearing Agencies’                            impact, or impose any burden, on
                                                information technology risks and in                                                                                2017–017, or SR–NSCC–2017–013. One
                                                                                                           competition because the proposed rule                   of these file numbers should be
                                                helping the Clearing Agencies maintain                     changes reflect some of the existing
                                                systems with a high degree of security,                                                                            included on the subject line if email is
                                                                                                           methods by which the Clearing                           used. To help the Commission process
                                                resiliency, operational reliability, and                   Agencies manage Operational Risk,
                                                adequate, scalable capacity. The                                                                                   and review your comments more
                                                                                                           including their management of                           efficiently, please use only one method.
                                                Framework would also describe the                          information technology and business
                                                programs, systems, and controls used by                                                                            The Commission will post all comments
                                                                                                           continuity risks, and would not                         on the Commission’s Internet Web site
                                                TRM in performing this function, and                       effectuate any changes to the Clearing
                                                would identify some of the standards on                                                                            (http://www.sec.gov/rules/sro.shtml).
                                                                                                           Agencies’ processes described therein as                Copies of the submission, all subsequent
                                                information technology risk                                they currently apply to their respective
                                                management that may be used by TRM                                                                                 amendments, all written statements
                                                                                                           participants.                                           with respect to the proposed rule
                                                in support of its responsibilities. The
                                                Framework would also describe TRM’s                        (C) Clearing Agencies’ Statement on                     changes that are filed with the
                                                role in product and project initiatives to                 Comments on the Proposed Rule                           Commission, and all written
                                                address security issues through the                        Changes Received From Members,                          communications relating to the
                                                lifecycle of an initiative. Therefore, by                  Participants, or Others                                 proposed rule changes between the
                                                describing the role and responsibilities                     The Clearing Agencies have not                        Commission and any person, other than
                                                of TRM in managing the Clearing                            solicited or received any written                       those that may be withheld from the
                                                Agencies’ information technology risks                     comments relating to this proposal. The                 public in accordance with the
                                                and in helping the Clearing Agencies                       Clearing Agencies will notify the                       provisions of 5 U.S.C. 552, will be
                                                maintain systems with a high degree of                     Commission of any written comments                      available for Web site viewing and
                                                security, resiliency, operational                          received by the Clearing Agencies.                      printing in the Commission’s Public
                                                reliability, and adequate, scalable                                                                                Reference Room, 100 F Street NE.,
                                                                                                           III. Date of Effectiveness of the                       Washington, DC 20549 on official
                                                capacity, the Clearing Agencies believe
                                                                                                           Proposed Rule Changes, and Timing for                   business days between the hours of
                                                the Framework is consistent with the
                                                                                                           Commission Action                                       10:00 a.m. and 3:00 p.m. Copies of the
                                                requirements of Rule 17Ad–
                                                22(e)(17)(ii).16                                              Within 45 days of the date of                        filing also will be available for
                                                                                                                                                                   inspection and copying at the principal
sradovich on DSK3GMQ082PROD with NOTICES




                                                   Rule 17Ad–22(e)(17)(iii) under the                      publication of this notice in the Federal
                                                Act requires, in part, that each covered                   Register or within such longer period                   office of the Clearing Agencies and on
                                                clearing agency establish, implement,                      up to 90 days (i) as the Commission may                 DTCC’s Web site (http://dtcc.com/legal/
                                                maintain and enforce written policies                      designate if it finds such longer period                sec-rule-filings.aspx). All comments
                                                                                                           to be appropriate and publishes its                     received will be posted without change;
                                                  14 Id.                                                                                                           the Commission does not edit personal
                                                  15 17    CFR 240.17Ad–22(e)(17)(ii).                       17 17    CFR 240.17Ad–22(e)(17)(iii).                 identifying information from
                                                  16 Id.                                                     18 Id.                                                submissions. You should submit only


                                           VerDate Sep<11>2014      16:45 Aug 11, 2017   Jkt 241001   PO 00000   Frm 00107     Fmt 4703   Sfmt 4703   E:\FR\FM\14AUN1.SGM   14AUN1


                                                37946                          Federal Register / Vol. 82, No. 155 / Monday, August 14, 2017 / Notices

                                                information that you wish to make                       II. Self-Regulatory Organization’s                    its regulatory costs, while not exceeding
                                                available publicly. All submissions                     Statement of the Purpose of, and                      regulatory costs.
                                                should refer to File Number SR–DTC–                     Statutory Basis for, the Proposed Rule                   The Exchange notified its Participants
                                                2017–014, SR–FICC–2017–017, or SR–                      Change                                                of this ORF adjustment thirty (30)
                                                NSCC–2017–013 and should be                                                                                   calendar days prior to the proposed
                                                submitted on or before September 5,                       In its filing with the Commission, the              operative date.5
                                                2017.                                                   Exchange included statements
                                                                                                        concerning the purpose of and basis for               Proposal 2—Reflect the Manner in
                                                  For the Commission, by the Division of                the proposed rule change and discussed                Which BX Assesses and Collects its ORF
                                                Trading and Markets, pursuant to delegated              any comments it received on the
                                                authority.19
                                                                                                                                                                 Currently, BX assesses its ORF for
                                                                                                        proposed rule change. The text of these               each Customer option transaction that is
                                                Eduardo A. Aleman,                                      statements may be examined at the                     either: (1) Executed by a Participant on
                                                Assistant Secretary.                                    places specified in Item IV below. The                BX; or (2) cleared by a BX Participant
                                                [FR Doc. 2017–17043 Filed 8–11–17; 8:45 am]             Exchange has prepared summaries, set                  at The Options Clearing Corporation
                                                BILLING CODE 8011–01–P                                  forth in sections A, B, and C below, of               (‘‘OCC’’) in the Customer range,6 even if
                                                                                                        the most significant aspects of such                  the transaction was executed by a non-
                                                                                                        statements.                                           member of BX, regardless of the
                                                SECURITIES AND EXCHANGE                                                                                       exchange on which the transaction
                                                COMMISSION                                              A. Self-Regulatory Organization’s
                                                                                                                                                              occurs.7 If the OCC clearing member is
                                                                                                        Statement of the Purpose of, and the
                                                                                                                                                              a BX Participant, ORF is assessed and
                                                                                                        Statutory Basis for, the Proposed Rule
                                                [Release No. 34–81341; File No. SR–BX–                                                                        collected on all cleared Customer
                                                                                                        Change
                                                2017–032]                                                                                                     contracts (after adjustment for CMTA 8);
                                                                                                        1. Purpose                                            and (2) if the OCC clearing member is
                                                Self-Regulatory Organizations;                                                                                not a BX Participant, ORF is collected
                                                NASDAQ BX, Inc.; Notice of Filing and                     BX initially filed to establish its ORF             only on the cleared Customer contracts
                                                Immediate Effectiveness of Proposed                     in 2016.3 The Exchange has amended its                executed at BX, taking into account any
                                                Rule Change To Revise the Rules                         ORF several times since the inception of              CMTA instructions which may result in
                                                Regarding the Exchange’s Options                        this fee.4 At this time, the Exchange                 collecting the ORF from a non-member.
                                                Regulatory Fee                                          proposes to: (i) Amend the amount of its                 By way of example, if Broker A, a BX
                                                                                                        ORF; and (ii) revise BX Rules at Chapter              Participant, routes a Customer order to
                                                DATES:   August 8, 2017.                                XV, Section 5 to more closely reflect the             CBOE and the transaction executes on
                                                   Pursuant to Section 19(b)(1) of the                  manner in which BX assesses and                       CBOE and clears in Broker A’s OCC
                                                Securities Exchange Act of 1934                         collects its ORF.                                     Clearing account, ORF will be collected
                                                (‘‘Act’’) 1, and Rule 19b–4 thereunder,2                  The Exchange supports a common                      by BX from Broker A’s clearing account
                                                notice is hereby given that on July 26,                 approach for the assessment and                       at OCC via direct debit. While this
                                                2017, NASDAQ BX, Inc. (‘‘BX’’ or                        collection of ORF among the various                   transaction was executed on a market
                                                ‘‘Exchange’’) filed with the Securities                 options exchanges that assess such a fee.             other than BX, it was cleared by a BX
                                                and Exchange Commission (‘‘SEC’’ or                     Furthermore, the Exchange supports                    Participant in the Participant’s OCC
                                                ‘‘Commission’’) the proposed rule                       guidance from the Commission                          clearing account in the Customer range,
                                                change as described in Items I, II, and                 regarding regulatory cost structures to               therefore there is a regulatory nexus
                                                III, below, which Items have been                       ensure equal knowledge and treatment                  between BX and the transaction. If
                                                prepared by the Exchange. The                           among options markets assessing ORF.                  Broker A was not a BX Participant, then
                                                Commission is publishing this notice to                                                                       no ORF should be assessed and
                                                solicit comments on the proposed rule                   Proposal 1—Amend the Amount of the
                                                                                                        ORF                                                   collected because there is no nexus; the
                                                change from interested persons.                                                                               transaction did not execute on BX nor
                                                I. Self-Regulatory Organization’s                         The Exchange assesses an ORF of                     was it cleared by a BX Participant.
                                                Statement of the Terms of Substance of                  $0.0004 per contract side. The Exchange                  In the case where a Participant both
                                                the Proposed Rule Change                                proposes to increase the ORF from                     executes a transaction and clears the
                                                                                                        $0.0004 per contract side to $0.0005 per              transaction, the ORF is assessed to and
                                                   The Exchange proposes to revise BX                   contract side as of August 1, 2017 to                 collected from the Participant only
                                                Rules at Chapter XV, Section 5 to: (i)                  account for a reduction in market                     once. In the case where a Participant
                                                Make adjustments to the amount of its                   volume. The Exchange’s proposed                       executes a transaction and a different
                                                Options Regulatory Fee (‘‘ORF’’); and                   change to the ORF should balance the                  Participant clears the transaction, the
                                                (ii) more closely reflect the manner in                 Exchange’s regulatory cost [sic] against              ORF is assessed to and collected from
                                                which BX assesses and collects its ORF.                 the anticipated revenue. The Exchange                 the Participant who clears the
                                                   While the changes proposed herein                    regularly reviews its ORF to ensure that              transaction and not the Participant who
                                                are effective upon filing, the Exchange                 the ORF, in combination with its other                executes the transaction. In the case
                                                has designated the amendments [sic]                     regulatory fees and fines, does not
                                                become operative on August 1, 2017.                     exceed regulatory costs. The Exchange                   5 See Options Trader Alert #2017–54.
                                                   The text of the proposed rule change                 believes this adjustment will permit the                6 Exchange   Rules require each member to record
                                                is available on the Exchange’s Web site                                                                       the appropriate account origin code on all orders at
                                                                                                        Exchange to cover a material portion of               the time of entry in order to allow the Exchange to
sradovich on DSK3GMQ082PROD with NOTICES




                                                at http://nasdaqbx.cchwallstreet.com/,                                                                        properly prioritize and route orders and assess
                                                at the principal office of the Exchange,                   3 See Securities Exchange Act Release Nos. 77053   transaction fees pursuant to the Rules of the
                                                and at the Commission’s Public                          (February 4, 3016), 81 FR 7163 (February 10, 2016)    Exchange and report resulting transactions to OCC.
                                                Reference Room.                                         (SR–BX–2016–007); (Notice of Filing and                  7 The Exchange uses reports from OCC to

                                                                                                        Immediate Effectiveness of Proposed Rule Change       determine the identity of the executing clearing
                                                                                                        Relating To Adopt an Options Regulatory Fee).         firm and ultimate clearing firm.
                                                  19 17 CFR 200.30–3(a)(12).                               4 See Securities Exchange Act Release No. 78361       8 CMTA or Clearing Member Trade Assignment is
                                                  1 15 U.S.C. 78s(b)(1).                                (July 19, 2016), 81 FR 48485 (July 25, 2016) (SR–     a form of ‘‘give-up’’ whereby the position will be
                                                  2 17 CFR 240.19b–4.                                   BX–2016–043).                                         assigned to a specific clearing firm at OCC.



                                           VerDate Sep<11>2014   16:45 Aug 11, 2017   Jkt 241001   PO 00000   Frm 00108   Fmt 4703   Sfmt 4703   E:\FR\FM\14AUN1.SGM    14AUN1



Document Created: 2018-10-24 11:52:12
Document Modified: 2018-10-24 11:52:12
CategoryRegulatory Information
CollectionFederal Register
sudoc ClassAE 2.7:
GS 4.107:
AE 2.106:
PublisherOffice of the Federal Register, National Archives and Records Administration
SectionNotices
DatesAugust 8, 2017.
FR Citation82 FR 37942 

2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR