| Page Range | 27410-27441 | |
| FR Document | 2018-12377 |
[Federal Register Volume 83, Number 113 (Tuesday, June 12, 2018)] [Rules and Regulations] [Pages 27410-27441] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-12377] [[Page 27409]] Vol. 83 Tuesday, No. 113 June 12, 2018 Part III Commodity Futures Trading Commission ----------------------------------------------------------------------- 17 CFR Part 49 Amendments to the Swap Data Access Provisions of Part 49 and Certain Other Matters; Final Rule ��Federal Register / Vol. 83 , No. 113 / Tuesday, June 12, 2018 / Rules and Regulations�� [[Page 27410]] ----------------------------------------------------------------------- COMMODITY FUTURES TRADING COMMISSION 17 CFR Part 49 RIN Number 3038-AE44 Amendments to the Swap Data Access Provisions of Part 49 and Certain Other Matters AGENCY: Commodity Futures Trading Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: Pursuant to Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (``Dodd-Frank Act''), as amended by the Fixing America's Surface Transportation Act of 2015 (``FAST Act''), the Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is amending the Commission's regulations relating to access to swap data held by swap data repositories (``SDRs''). The amendments implement pertinent provisions of the FAST Act and make associated changes to the Commission's regulations governing the grant of access to swap data to certain foreign and domestic authorities by SDRs, as well as changes to certain other regulations unrelated to such access. DATES: The effective date for this final rule is August 13, 2018. For compliance dates, see SUPPLEMENTARY INFORMATION. FOR FURTHER INFORMATION CONTACT: Daniel Bucsa, Deputy Director, Division of Market Oversight--Data and Reporting Branch (``DMO-DAR''), (202) 418-5435, [email protected]; David E. Aron, Special Counsel, DMO- DAR, (202) 418-6621, [email protected]; Owen J. Kopon, Special Counsel, DMO-DAR, (202) 418-5360, [email protected]; or Stephen Kane, Research Economist, Office of the Chief Economist, (202) 418-5911, [email protected], Commodity Futures Trading Commission, Three Lafayette Centre, 1151 21st Street NW, Washington, DC 20581. SUPPLEMENTARY INFORMATION: The compliance date for an SDR to comply with its obligation under Sec. 49.17(d)(5)(iii) of the Commission's regulations \1\ to provide access to swap data requested by an Appropriate Domestic Regulator (as defined in Sec. 49.17(b)(1)) (``ADR'') or Appropriate Foreign Regulator (as defined in Sec. 49.17(b)(2)) (``AFR'') is, as discussed further below, the earlier of (1) the earliest date, after such SDR receives from such ADR or AFR the confidentiality arrangement required by Sec. 49.18(a), that such SDR, exercising commercially reasonable efforts in light of its obligations under the Act \2\ and the Commission's regulations, is able to provide such access to the ADR or AFR and (2) 180 days after the SDR receives from such ADR or AFR the confidentiality arrangement required by Sec. 49.18(a). The compliance date for all other regulations amended, added or revised by this final rule is August 13, 2018. --------------------------------------------------------------------------- \1\ 17 CFR 49.17(d)(5)(iii). All Commission regulations cited herein are set forth in Title 17 of the Code of Federal Regulations. \2\ 7 U.S.C. 1 et seq. --------------------------------------------------------------------------- Table of Contents I. Background and Introduction A. Statutory Background: The Dodd-Frank Act B. Regulatory History: The Part 49 Rules and the Commission's Interpretative Statement 1. Access to SDR Swap Data 2. Indemnification Requirement C. FAST Act Amendments to CEA Section 21 D. CEA Section 8 and the Confidentiality Provisions of CEA Section 21 E. High-Level Summary of Revisions to Part 49 F. Rescission of Interpretative Statement II. Discussion A. Definitions: Amendments to Sec. 49.2 B. Domestic and Foreign Regulators With Regulatory Responsibility Over SDRs: Amendments to Sec. 49.17(d)(2) and (3) 1. Current Rules 2. Proposed Amendments 3. Comments Received 4. Final Rules C. Appropriateness Determination for Foreign Regulators and Non- Enumerated Domestic Regulators: Amendments to Sec. 49.17(b) and New Sec. 49.17(h) 1. Current Rule 2. Proposed Amendments: Determination Order Process 3. Proposed Amendments: Factors Considered in Issuing a Determination Order a. Scope of Jurisdiction b. Robust Confidentiality Safeguards c. Swap Data Sharing Considerations 4. Proposed Amendments: Other Matters Regarding the Determination Order Process 5. Final Rules D. Amendments to Sec. 49.17(d)(4): SDR Notice and Verification Obligations 1. Proposed Amendments 2. Final Rules a. Sec. 49.17(d)(4)(i) i. Notices of Initial Access Requests and Requests Outside the Scope of Jurisdiction ii. Recordkeeping iii. Aggregated Data b. Sec. 49.17(d)(4)(ii) c. Sec. 49.17(d)(4)(iii) i. Scope of an ADR's or AFR's Jurisdiction ii. Changes to an ADR's or AFR's Scope of Jurisdiction iii. Written Notices d. Sec. 49.17(d)(4)(iv) E. New Sec. 49.17(i): Delegation of Authority F. CEA Section 21(d) Confidentiality Agreements: Amendments to Sec. 49.18 1. Current Rule 2. Proposed Amendments to Sec. 49.18(a): Confidentiality Arrangement Required Prior to Disclosure of Swap Data 3. Proposed Amendments to Sec. 49.18(b): Required Elements of the Confidentiality Arrangement 4. Proposed Removal of Sec. 49.18(c): ADRs and AFRs With Regulatory Responsibility Over an SDR 5. Proposed New Sec. 49.18(c) and (d): Failure To Fulfill the Terms of a Confidentiality Arrangement 6. Proposed New Sec. 49.18(e): Delegation of Authority 7. Conforming Changes 8. Comments Received 9. Final Rule G. Other Changes 1. Proposed Rule Changes 2. Final Rule Changes III. Request for Comment IV. Compliance Date V. Related Matters A. Regulatory Flexibility Act B. Paperwork Reduction Act 1. Summary of the Requirements 2. Collection of Information C. Cost-Benefit Considerations 1. Introduction 2. Benefits a. Background b. High-Level Benefits c. More Specific Benefits i. MOUs ii. Duty for SDRs To Notify the Commission of Swap Data Requests From ADRs and AFRs iii. Form of Electronic Notification by SDRs to the Commission iv. Clarification of SDR Recordkeeping Obligations v. Limitation, Suspension or Revocation of an ADR's or AFR's Swap Data Access vi. Confidentiality Arrangements vii. Means of Access 3. Costs a. Background b. High-Level Costs c. ADRs' and AFRs' Costs i. Determination Order Applications ii. Confidentiality Arrangements iii. Data Security iv. Onward Sharing v. Means of Access d. SDRs' Costs i. Providing New Access Generally ii. Providing Notice to the Commission iii. Verifying That a Swap Data Request is Within an ADR's/AFR's Scope of Jurisdiction iv. Means of Access v. Recordkeeping 4. Response to Comments 5. Alternatives Considered 6. Consideration of CEA Section 15(a) Factors a. Protection of Market Participants and the Public b. Efficiency, Competitiveness, and Financial Integrity of Futures Markets c. Price Discovery d. Sound Risk Management Practices e. Other Public Interest Considerations [[Page 27411]] D. Antitrust Considerations I. Background and Introduction A. Statutory Background: The Dodd-Frank Act Title VII of the Dodd-Frank Act \3\ amended the Commodity Exchange Act (``CEA'') to establish a comprehensive new regulatory framework for swaps including, in new CEA section 21, requirements addressing the registration and regulation of SDRs.\4\ CEA section 21 imposes on SDRs, among other duties and responsibilities, the duty to maintain the privacy of all swap transaction information received from a swap dealer, counterparty, or any other registered entity.\5\ CEA section 21(c)(7) directs SDRs to make swap data available on a confidential basis pursuant to section 8 of the CEA, upon request, and after notifying the Commission of the request,\6\ to certain enumerated domestic authorities and any other person (which may include certain types of foreign authorities) that the Commission determines to be appropriate (each such enumerated and Commission-determined entity, a ``21(c)(7) entity'').\7\ --------------------------------------------------------------------------- \3\ See Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376 (2010), available at http://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of the Dodd-Frank Act may be cited as the Wall Street Transparency and Accountability Act of 2010. \4\ See Dodd-Frank Act section 728 (adding new CEA section 21, 7 U.S.C. 24(a), to establish a registration requirement and regulatory regime for SDRs). \5\ 7 U.S.C. 24a(c)(6). \6\ CEA section 8, 7 U.S.C. 12, describes circumstances under which public disclosure of information in the Commission's possession is permitted and prohibited. As discussed more fully below, the principles underlying CEA section 8(e), in particular, are fundamental to CEA sections 21(c)(7) and (d) and to the access standards and confidentiality provisions adopted in this release. \7\ See 7 U.S.C. 24a(c)(7). See also Commission, Final Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77 FR 2136, Jan. 13, 2012 (``Data Final Rules''). The Data Final Rules set forth, among others, regulations governing SDR data collection and swap data reporting responsibilities under part 45 of the Commission's regulations. --------------------------------------------------------------------------- As originally enacted, CEA sections 21(d)(1) and (2), respectively, mandated that, prior to receipt of any requested data or information from an SDR, a 21(c)(7) entity agree in writing to abide by the confidentiality requirements described in CEA section 8 and, separately, to indemnify the SDR and the Commission for any expenses arising from litigation relating to the information provided under section 8.\8\ Congress's repeal of the CEA section 21(d)(2) indemnification requirement in the FAST Act \9\ in December 2015 prompted this rulemaking.\10\ --------------------------------------------------------------------------- \8\ 7 U.S.C. 24a(d). As noted above, the indemnification requirement was stricken from CEA section 21(d) by the FAST Act. See Public Law 114-94, section 86001(b)(2). \9\ FAST Act, Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015). \10\ FAST Act section 86002(b)(2) struck subsection (d) of CEA section 21 and inserted a new provision in in its place that stated that before the swap data repository may share information with any entity listed in section (c)(7), the swap data repository shall receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in section 8 of the CEA relating to the information on swap transactions that is provided. --------------------------------------------------------------------------- B. Regulatory History: The Part 49 Rules and the Commission's Interpretative Statement 1. Access to SDR Swap Data In 2011, the Commission adopted rules implementing the requirements for SDRs in CEA section 21.\11\ The Commission implemented the SDR swap data access provisions of CEA sections 21(c)(7) and (d) by establishing processes to allow two categories of entities to gain access to SDR swap data. The Commission defined one category, ADRs, in Sec. 49.17(b)(1) of the Commission's regulations as domestic authorities enumerated in CEA section 21(c)(7)(A)-(D) \12\ and certain other persons determined by the Commission to be appropriate recipients of such swap data pursuant to CEA section 21(c)(7)(E).\13\ --------------------------------------------------------------------------- \11\ Swap Data Repositories: Registration Standards, Duties and Core Principles; 76 FR 54538 (Sept. 1, 2011) (``SDR Final Rules''); see also Swap Data Repositories: Registration Standards, Duties and Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final Rules) (``SDR NPRM''). \12\ The domestic authorities enumerated in CEA section 21(c)(7) are: (A) Each appropriate prudential regulator; (B) the Financial Stability Oversight Council (``FSOC''); (C) the Securities and Exchange Commission (``SEC''); and (D) the Department of Justice. The term ``prudential regulator'' is defined in CEA section 1a(39) (7 U.S.C. 1a(39)). \13\ In addition to CEA section 21(c)(7) enumerating certain domestic authorities to which an SDR must grant swap data access, CEA section 21(c)(7)(E), as amended by the FAST Act, identifies as an eligible recipient of such access as any other person that the Commission determines to be appropriate, including foreign financial supervisors (including foreign futures authorities); foreign central banks; foreign ministries; and other foreign authorities. 7 U.S.C. 24a(c)(7)(E). Pursuant to this authority, in Sec. Sec. 49.17(b)(1)(v) and (vi), the Commission identified any Federal Reserve Bank and the Office of Financial Research (``OFR''), respectively, as ADRs. The Commission also defined as an ``Appropriate Domestic Regulator'' each prudential regulator identified in CEA section 1(a)(39), with respect to requests related to any such regulator's statutory authority, without limitation to the activities listed for each regulator in CEA section 1(a)(39). See Sec. 49.17(b)(1)(ii). The Commission further reserved the discretion, in Sec. 49.17(b)(1)(vii), to recognize any other person the Commission deems appropriate to be an ADR. --------------------------------------------------------------------------- The Commission defined the other category, AFRs,\14\ in Sec. 49.17(b)(2) as ``Foreign Regulators'' \15\ with existing memoranda of understanding (``MOUs'') or similar types of information sharing arrangements with the Commission, but did not identify any specific persons as AFRs in the SDR Final Rules. The SDR Final Rules also defined the term AFR to include a Foreign Regulator without an existing MOU with the Commission, as determined by the Commission on a case-by- case basis. Such a Foreign Regulator was required to file with the Commission an application providing sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator employed appropriate confidentiality procedures, and to satisfy the Commission that any SDR swap data or information accessed by the Foreign Regulator would be disclosed only as permitted by section 8(e) of the CEA.\16\ --------------------------------------------------------------------------- \14\ The Commission established the category of AFRs pursuant to CEA section 21(c)(7)(E), which, among other things, includes a list of the types of foreign entities that the Commission may determine to be appropriate recipients of swap data obtained by an SDR. \15\ The term ``Foreign Regulator'' is defined in current Sec. 49.2(a)(5) to mean a foreign futures authority as defined in CEA section 1(a)(26), foreign financial supervisors, foreign central banks and foreign ministries. \16\ 17 CFR 49.17(b)(2)(i)(B). --------------------------------------------------------------------------- An ADR or AFR seeking access to SDR swap data is required by current Sec. 49.17(d)(1) to file an access request with the SDR certifying that it is acting within the scope of its jurisdiction and is required by current Sec. 49.17(d)(6) to execute a ``Confidentiality and Indemnification Agreement'' with the SDR.\17\ --------------------------------------------------------------------------- \17\ Current Sec. 49.18(b) requires an SDR to receive such a Confidentiality and Indemnification Agreement from an ADR or AFR prior to releasing swap data to the ADR or AFR. --------------------------------------------------------------------------- 2. Indemnification Requirement In the preamble to the SDR Final Rules, the Commission acknowledged commenters' concerns that compliance with the statutory and regulatory requirements to indemnify the Commission, and the SDR providing access to swap data, for any expenses arising from litigation relating to the information provided under section 8 of the CEA, would be difficult for certain domestic and foreign regulators, due to various home country laws and other regulations prohibiting such arrangements.\18\ The Commission expressed its intent to continue to work to provide regulators sufficient access to SDR data. In this regard, the Commission outlined the circumstances under which it believed the indemnification provisions of CEA [[Page 27412]] section 21(d) and Sec. 49.18 would not apply. The Commission explained that, under the part 49 rules, ADRs with concurrent regulatory jurisdiction over SDRs may in some circumstances obtain access to swap data reported to and maintained by those SDRs without regard to the notice and indemnification requirements of CEA sections 21(c)(7) and (d).\19\ With respect to foreign regulatory authorities, the Commission determined in the SDR Final Rules that swap data reported to and maintained by an SDR may be accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR has supervisory authority over a Commission-registered SDR that is also registered with the AFR pursuant to foreign law and/or regulation. --------------------------------------------------------------------------- \18\ See SDR Final Rules at 54554. The Commission notes that, to date, no 21(c)(7) entity has entered into a confidentiality or indemnification agreement pursuant to CEA section 21(d) or the part 49 rules. \19\ See SDR Final Rules at 54554, n163. Accordingly, pursuant to the Commission's Part 49 rules, these provisions did not apply to an ADR that has regulatory jurisdiction over an SDR registered with the ADR pursuant to a separate statutory authority and also registered with the Commission, if the ADR executes an MOU or similar information sharing arrangement with the Commission and the Commission, consistent with CEA section 21(c)(4)(A), designates the ADR to receive direct electronic access. See 17 CFR 49.17(d)(2). --------------------------------------------------------------------------- Since concerns about the scope of the indemnification requirement persisted, the Commission issued an interpretative statement designed to provide guidance and greater clarity to interested members of the public and foreign regulators with respect to the scope and application of CEA section 21(d) and the part 49 rules.\20\ The Interpretative Statement clarified that a foreign regulatory authority's access to swap data held in a CFTC-registered SDR would not be subject to the confidentiality and indemnification provisions of CEA section 21(d) or the part 49 regulations if (i) the registered SDR is also registered in, or recognized or otherwise authorized by, the foreign authority's regulatory regime and (ii) the data sought to be accessed by the foreign authority has been reported to the registered SDR pursuant to such foreign regulatory regime.\21\ --------------------------------------------------------------------------- \20\ See Swap Data Repositories: Interpretative Statement Regarding the Confidentiality and Indemnification Provisions of the Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012) (``Interpretative Statement''). \21\ Interpretative Statement at 65181. --------------------------------------------------------------------------- C. FAST Act Amendments to CEA Section 21 Congress responded to regulators' access concerns by including in the FAST Act a repeal of the indemnification requirement in CEA section 21(d)(2).\22\ The confidentiality requirement in CEA section 21(d)(1) was retained in amended CEA section 21(d).\23\ --------------------------------------------------------------------------- \22\ Title LXXXVI (``Repeal of Indemnification Requirements'') of the FAST Act amends the CEA by repealing the indemnification requirements added by the Dodd-Frank Act for regulatory authorities to obtain access to swap data because foreign regulators and regulatory entities have indicated concerns regarding the indemnification requirements of the Dodd-Frank Act. The title removes such requirements so data can be shared with foreign authorities. The title would still require the regulatory agencies requesting the information to agree to certain confidentiality requirements prior to receiving the data. FAST Act: Conference Report to Accompany H.R. 22, Dec. 1, 2015 at 486-87. The repeal applied as well to the analogous provision in the Securities Exchange Act of 1934, 15 U.S.C. 78m(n)(5). \23\ As noted above, FAST Act section 86002(b)(2) struck subsection (d) of CEA section 21 and inserted a new provision in its place that stated that before the swap data repository may share information with any entity listed in section (c)(7), the swap data repository shall receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in section 8 of the CEA relating to the information on swap transactions that is provided. --------------------------------------------------------------------------- The FAST Act also modified CEA section 21(c)(7)(A) by clarifying that SDRs must make available the ``swap'' data they obtain to 21(c)(7) entities, and added to CEA section 21(c)(7)(E)'s non-exclusive list of persons that the Commission may determine to be appropriate recipients of SDR swap data the new category ``other foreign authorities.'' \24\ --------------------------------------------------------------------------- \24\ See FAST Act section 86001(b)(1). --------------------------------------------------------------------------- D. CEA Section 8 and the Confidentiality Provisions of CEA Section 21 CEA section 8 governs the Commission's treatment of nonpublic information in its possession in a number of circumstances. CEA section 8(e) permits the Commission to furnish to the specified types of domestic or foreign entities--upon their request and acting within the scope of their jurisdiction--any information in its possession obtained in connection with the administration of the Act.\25\ CEA section 8(e) specifies, with respect to federal U.S. entities, that any information furnished thereunder shall not be disclosed by the entity except in an action or proceeding under the laws of the United States to which the entity, the Commission or the United States is a party. CEA section 8(e) further specifies, with respect to the specified types of foreign entities, that the Commission shall not furnish information thereunder unless the Commission is satisfied that the information will not be disclosed by the entity except in connection with an adjudicatory action or proceeding to which the entity is a party brought under the laws to which such entity is subject. --------------------------------------------------------------------------- \25\ 7 U.S.C. 12(e). --------------------------------------------------------------------------- CEA sections 21(c)(7) and 21(d) incorporate CEA section 8 in establishing the disclosure restrictions and confidentiality standards that apply to SDRs when providing swap data to regulators. The Commission interprets these provisions as requiring consistency with the principles underlying CEA section 8(e) and therefore being fundamental to the access standards and confidentiality provisions adopted in this release. In adopting revised Sec. Sec. 49.17 and 49.18, the Commission is mindful of these foundational principles: Where information is sought to be accessed, the information must relate to the scope of the requesting entity's jurisdiction; and information provided by the SDR shall not be further disclosed except in limited, defined circumstances. E. High-Level Summary of Revisions to Part 49 Pursuant to its authority under the Act,\26\ the Commission proposed amendments in January 2017 to Sec. Sec. 49.2, 49.9, 49.17, 49.18, and 49.22 to (i) implement the statutory changes mandated by the FAST Act amendments; (ii) make certain conforming and clarifying changes related to such implementation; (iii) revise the process by which appropriateness is determined for purposes of access to SDR swap data; (iv) clarify the standards in connection with the Commission's appropriateness determinations; and (v) establish the form and substance of the written agreement mandated by CEA section 21(d), as amended.\27\ In formulating the proposed amendments, the Commission endeavored to achieve the goals of effective and consistent global regulation of swaps \28\ while adhering to the mandate of CEA sections 21(c)(7) and (d) that swap data be made available to a limited universe of [[Page 27413]] regulators on a confidential basis pursuant to CEA section 8. As explained in Section II below, the Commission is generally adopting, with certain modifications, the rules and rule amendments as proposed. --------------------------------------------------------------------------- \26\ See, e.g., CEA section 21(f)(4) (Additional duties developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules and regulations as, in the judgment of the Commission, are reasonably necessary to effectuate any of the provisions or to accomplish any of the purposes of the CEA. \27\ See Proposed Amendments To Swap Data Access Provisions and Certain Other Matters, 82 FR 8369 (Jan. 25, 2017) (``NPRM''). \28\ Section 752(a) of the Dodd-Frank Act directs the CFTC, the SEC and the prudential regulators, as appropriate, to consult and coordinate with foreign regulatory authorities in this regard and provides that these entities may agree to such information-sharing arrangements as may be deemed necessary or appropriate in the public interest or for the protection of investors, swap counterparties, and security-based swap counterparties. --------------------------------------------------------------------------- F. Rescission of Interpretative Statement The Commission has determined to rescind the Interpretative Statement. References to the indemnification requirement in the Interpretative Statement are no longer necessary, as the FAST Act repealed the indemnification requirement in CEA section 21(d). Additionally, the modifications to Sec. 49.17(d)(3) that are adopted by the Commission in this release are not inconsistent with the clarifications provided in the Interpretative Statement. II. Discussion A. Definitions: Amendments to Sec. 49.2 As originally adopted, Sec. 49.2(a)(5) defined the term ``Foreign Regulator'' to include a foreign futures authority as defined in CEA section 1a(26), foreign financial supervisors, foreign central banks and foreign ministries.\29\ The FAST Act amendments to the CEA added to section 21(c)(7)(E) a new category of entity--``other foreign authorities''--that the Commission may deem appropriate to obtain access to SDR swap data. The Commission proposed in the NPRM a corresponding amendment to the definition of ``Foreign Regulator'' in Sec. 49.2(a)(5) to conform this definition to amended CEA section 21(c)(7)(E). The Commission received no comments on that proposed amendment. Thus, for the foregoing reasons, the Commission is adopting the amendment as proposed. --------------------------------------------------------------------------- \29\ 17 CFR 49.2(a)(5). CEA Section 1a(26) defines a ``foreign futures authority'' as any foreign government, or any department, agency, governmental body, or regulatory organization empowered by a foreign government to administer or enforce a law, rule, or regulation as it relates to a futures or options matter, or any department or agency of a political subdivision of a foreign government empowered to administer or enforce a law, rule, or regulation as it relates to a futures or options matter. --------------------------------------------------------------------------- B. Domestic and Foreign Regulators With Regulatory Responsibility Over SDRs: Amendments to Sec. 49.17(d)(2) and (3) 1. Current Rules Commission regulation 49.17(d)(2) currently provides that an ADR with regulatory jurisdiction over an SDR that is registered with the ADR pursuant to a separate statutory authority and that is also registered with the Commission does not need to apply to the SDR for access to swap data and execute a confidentiality and indemnification agreement, as required by Sec. Sec. 49.17(d) and 49.18(b), as long as the following conditions are met: (i) The ADR executes an MOU or similar information sharing arrangement with the Commission; and (ii) the Commission, consistent with CEA section 21(c)(4)(A), designates the ADR to receive direct electronic access. The Commission provided in the SDR Final Rules that these ADRs may be provided access to the swap data reported and maintained by SDRs without being subject to the notice and indemnification provisions of CEA sections 21(c)(7) and (d).\30\ --------------------------------------------------------------------------- \30\ See SDR Final Rules at 54554. --------------------------------------------------------------------------- Commission regulation 49.17(d)(3) currently provides that an AFR with supervisory authority over an SDR registered with it pursuant to foreign law and/or regulation that is also registered with the Commission is not subject to the requirements of Sec. 49.17(d) and Sec. 49.18(b). As described in the SDR Final Rules and the Interpretative Statement, the Commission believes that swap data reported to, and maintained, by an SDR may be appropriately accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR is acting in a regulatory capacity with respect to an SDR that is also registered with the AFR, and the swap data was reported to such SDR pursuant to such AFR's regulatory regime. 2. Proposed Amendments With respect to domestic regulators with regulatory jurisdiction over an SDR, the Commission proposed in the NPRM to remove: (1) The reference to ``Appropriate Domestic Regulator'' in Sec. 49.17(d)(2) and replace it with the term ``domestic regulator'' to clarify that all domestic regulators, and not just ADRs, would fall under Sec. 49.17(d)(2); (2) Sec. 49.17(d)(2)(i) (information sharing arrangement condition); and (3) Sec. 49.17(d)(2)(ii) (direct electronic access condition). Based on its experience with SDR swap data access, the Commission believed an additional refinement of these rules was necessary in order to promote greater efficiency and cooperation among domestic regulators. Accordingly, the Commission proposed that a domestic regulator that has regulatory responsibility over an SDR registered with it pursuant to a separate statutory authority should be able to access SDR data reported to such SDR pursuant to such separate statutory authority irrespective of whether such domestic regulator has executed an MOU or similar information sharing arrangement with the Commission or been designated to receive direct electronic access by the Commission.\31\ --------------------------------------------------------------------------- \31\ The Commission's proposal for domestic regulators was consistent with the principle previously set forth in the Interpretative Statement with respect to the application of the confidentiality and indemnification provisions of the CEA to foreign regulators. In particular, the Commission stated that a foreign regulator's access to data from a registered SDR that is also registered, recognized, or otherwise authorized in a foreign jurisdiction's regulatory regime, where the data to be accessed has been reported pursuant to that other regulatory regime, will be dictated by that jurisdiction's regulatory regime and not by the CEA or Commission regulations. See Interpretative Statement at 65181. --------------------------------------------------------------------------- In connection with foreign regulatory authorities that have supervisory authority over an SDR, the Commission proposed in the NPRM to (i) replace the reference to ``Appropriate Foreign Regulator'' in Sec. 49.17(d)(3) with the term ``Foreign Regulator,'' as defined in Sec. 49.2, to clarify that all Foreign Regulators, not only those that have been determined ``appropriate'' by the Commission, would fall under Sec. 49.17(d)(3); and (ii) add qualifying language to Sec. 49.17(d)(3) so that Sec. 49.17(d)(3) applies not only to SDRs that are ``registered'' with the Foreign Regulator but also to those SDRs that are ``recognized or otherwise authorized'' by the Foreign Regulator, where the swap data being accessed has been reported to the SDR pursuant to the Foreign Regulator's regulatory regime.\32\ --------------------------------------------------------------------------- \32\ Id. --------------------------------------------------------------------------- 3. Comments Received The Commission received one comment, from Chicago Mercantile Exchange Inc. (``CME''), DTCC Data Repository (U.S.) LLC (``DDR''), and ICE Trade Vault, LLC (``ICETV'' and, collectively with CME and DDR, the ``SDR Commenters''), on its proposed modifications to Sec. 49.17(d)(2) and (3).\33\ The SDR Commenters supported the Commission's proposed modifications to Sec. 49.17(d)(2) and (3) stating that recognizing the separate jurisdictional authority of another domestic regulator or foreign regulator would further appropriate information sharing necessary for regulatory oversight and global systemic risk mitigation purposes.\34\ --------------------------------------------------------------------------- \33\ Joint Comment Letter submitted by CME, DDR, and ICETV at 2 (March 27, 2017) (``SDR Letter''). \34\ Id. --------------------------------------------------------------------------- 4. Final Rules After considering the comments it received with respect to its proposed amendments to Sec. 49.17(d)(2) and (3), and for the reason stated above in section II.B.2., the Commission continues to believe that swap data [[Page 27414]] reported to, and maintained by, an SDR may be appropriately accessed by a domestic regulator or Foreign Regulator without the execution of a confidentiality and indemnification agreement (1) when the regulator is acting in a regulatory or supervisory capacity with respect to an SDR that is also registered with, or recognized or otherwise authorized by, the regulator and (2) with respect to swap data reported to such SDR pursuant to such regulator's regulatory regime. The Commission, accordingly, is adopting the amendments to Sec. 49.17(d)(2) and (3) as proposed. C. Appropriateness Determination for Foreign Regulators and Non- Enumerated Domestic Regulators: Amendments to Sec. 49.17(b) and New Sec. 49.17(h) 1. Current Rule CEA section 21(c)(7) specifies U.S. entities to which swap data must be released by an SDR, provided certain prerequisites are satisfied. Because Congress has determined that access to SDR swap data by these entities is appropriate when the prerequisites are satisfied, no appropriateness determination by the Commission is necessary. These U.S. entities, along with any others the Commission determines to be appropriate pursuant to CEA section 21(c)(7)(E), are identified in Sec. 49.17(b)(1) as ADRs. The current part 49 rules do not include a process for how the Commission would determine a domestic regulator to be ``appropriate'' within the meaning of CEA section 21(c)(7)(E). Under current Sec. 49.17(b)(2)(i), in order for a Foreign Regulator that does not have a current MOU with the Commission to be determined to be an AFR,\35\ it must file with the Commission an application in the form and manner specified by the Commission.\36\ Current Sec. 49.17(b)(2)(i)(B) requires that the application provide sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator's confidentiality procedures are appropriate and to satisfy the Commission that information provided by an SDR will be disclosed by the Foreign Regulator only as permitted by CEA section 8(e). --------------------------------------------------------------------------- \35\ No specific Foreign Regulators are enumerated in CEA section 21(c)(7) or specifically identified as AFRs in Sec. 49.17(b)(2). \36\ To date, the Commission has not specified a form and manner for the application referenced in current Sec. 49.17(b)(2)(i)(A). --------------------------------------------------------------------------- 2. Proposed Amendments: Determination Order Process The Commission proposed to eliminate the current filing requirements set forth in current Sec. 49.17(b)(2)(i) and establish new filing requirements in proposed new Sec. 49.17(h) that would apply to both Foreign Regulators and domestic regulators. The Commission also proposed to include, in Sec. 49.17(h), CEA-section-8-related confidentiality considerations and the ability for the Commission to revisit or reassess appropriateness determinations. As proposed, new Sec. 49.17(h) would apply to each Foreign Regulator regardless of whether there was a current MOU or similar information sharing arrangement in place between such Foreign Regulator and the Commission, and to any domestic regulator other than an ADR enumerated in Sec. 49.17(b)(1)(i) through (vi) (``Enumerated ADR''). Proposed Sec. 49.17(h)(3) specified two threshold requirements for a finding of appropriateness: (i) The requesting entity has in place appropriate safeguards to maintain the confidentiality of swap data received from an SDR; and (ii) such entity is acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. Because the Commission stated that these requirements are necessary, but may or may not be sufficient to support an appropriateness determination, the Commission proposed to evaluate each filing on a case-by-case basis with reference to these and other factors that the Commission may find germane to its determination. The Commission proposed that, were it to find, based on information submitted to it, that an entity's access to SDR swap data was appropriate, the Commission would issue an order confirming the entity's status as an ADR or AFR and setting forth any conditions or limitations on access consistent with the relevant statutory and regulatory requirements (a ``Determination Order''). The Commission also proposed in Sec. 49.17(h)(4) to be able to revisit, reassess, limit, suspend or revoke a previously issued Determination Order. That proposal was based on the Commission's belief that it is necessary to reserve the authority to revisit an appropriateness determination, and potentially take one of the foregoing remedial actions, in order to be able to address situations that may arise subsequent to the determination, such as where an AFR or ADR violates the terms of a Determination Order or fails to keep SDR swap data confidential. 3. Proposed Amendments: Factors Considered in Issuing a Determination Order a. Scope of Jurisdiction CEA section 21(c)(7) directs SDRs to provide swap data to regulators on a confidential basis pursuant to section 8.\37\ The Commission interprets this provision to require consistency with the CEA section 8(e) mandate that information be furnished, on a confidential basis, only to other regulators acting within the scope of their jurisdiction. Accordingly, the Commission believes that an appropriateness determination must be informed by reference to a regulator's jurisdiction. --------------------------------------------------------------------------- \37\ 7 U.S.C. 24(c)(7). --------------------------------------------------------------------------- In this regard, the Commission proposed to add new Sec. 49.17(h)(2), which would require an applicant seeking a Determination Order to provide the Commission sufficient information to permit the Commission to analyze whether the applicant is acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. As part of this information, the Commission stated that it expected that an applicant would explain the relationship between its jurisdiction and its request for access to swap data maintained by SDRs, including an explanation of the applicant's need for swap data to carry out its regulatory mandate, legal authority or responsibility.\38\ --------------------------------------------------------------------------- \38\ The Commission expects that the applicant would provide a description of its scope of jurisdiction as part of these explanations. --------------------------------------------------------------------------- The Commission proposed in new Sec. 49.17(h)(3) that the Commission would not issue a Determination Order unless it were satisfied that an applicant was acting within the scope of its jurisdiction in seeking access to SDR swap data. The Commission also stated in the NPRM that it expected that each Determination Order would further require, as a condition of the appropriateness determination set forth therein, that a regulator that received a Determination Order promptly notify the Commission, and each SDR from which it received swap data, of any change to its jurisdiction that would relate to the swap data access requested.\39\ Proposed Sec. 49.17(d)(4)(iii) enabled the Commission to direct SDRs to limit, suspend or revoke an ADR's or AFR's SDR swap data access to reflect the new scope of its jurisdiction, and required the SDRs to so limit, suspend [[Page 27415]] or revoke such access in response to such Commission direction. The Commission expected that limiting access in this manner would reduce the risk of unauthorized or unnecessary disclosures because each appropriate regulator would have access to swap data only to the extent necessary to fulfill its amended jurisdictional mandate or regulatory responsibility. --------------------------------------------------------------------------- \39\ The form of confidentiality arrangement set forth in proposed Appendix B to part 49 (``Confidentiality Arrangement Form'') also would have required such notices. --------------------------------------------------------------------------- b. Robust Confidentiality Safeguards CEA section 21(c)(7) requires that SDRs make swap data available on a confidential basis pursuant to CEA section 8. Proposed Sec. 49.17(h)(2) accordingly would require that an applicant for a Determination Order submit to the Commission information sufficient to permit the Commission to analyze whether the applicant employs appropriate confidentiality safeguards to ensure that swap data the applicant receives from an SDR would not be disclosed other than as permitted by the confidentiality arrangement required by proposed Sec. 49.18(a). The Commission anticipated that this analysis would involve the Commission considering whether the applicant's confidentiality protocols, system safeguards and security compliance procedures could be expected to ensure the confidentiality of the swap data, and whether the applicant had in place protections sufficient to prevent unauthorized intrusions into the systems that maintain the swap data. In this regard, the Commission stated in the NPRM that it would also expect to consider the applicant's processes for limiting internal access to swap data to those persons with a need to know, as well as how the swap data would be stored and whether the swap data would be segregated from other information. The Commission stated in the NPRM its view that the confidentiality protections set forth in proposed Sec. 49.17(h)(2) strike an appropriate tradeoff between realizing the benefits of data access by regulators,\40\ and protecting confidential information in accordance with the dictates of CEA section 8(e), which, as described above, is incorporated into the access provisions of CEA sections 21(c)(7) and (d). In the NPRM, the Commission stated that it would consider these factors essential to a determination of appropriateness. --------------------------------------------------------------------------- \40\ See CEA section 21(c)(7); see also Section 752(a) of the Dodd-Frank Act (recognizing the goal of effective and consistent global regulation of swaps). --------------------------------------------------------------------------- c. Swap Data Sharing Considerations The Commission stated in the NPRM that other considerations not proposed to be codified may also contribute to the Commission's appropriateness analysis. Although the Commission proposed to eliminate the current regulatory provision conferring AFR status on a Foreign Regulator with an existing MOU or other similar type of information sharing arrangement executed with the Commission,\41\ it nonetheless stated in the NPRM its continued belief that the existence of such an arrangement fosters a cooperative relationship and encourages the development of shared understandings related to regulatory responsibilities. The Commission added in the NPRM that, although not dispositive, indications of a strong cooperative relationship with another authority, as established by the existence of such an arrangement and the Commission's experience working with such authority in finalizing and administering the arrangement, would likely be a factor supporting an appropriateness determination. The Commission also stated in the NPRM that a failure to cooperate fully or to comply with the terms of an existing or prior arrangement might be expected to weigh against an appropriateness determination. --------------------------------------------------------------------------- \41\ 17 CFR 49.17(b)(2). --------------------------------------------------------------------------- Similarly, when assessing appropriateness, the Commission expected to consider whether it receives access to swap data maintained by trade repositories subject to the applicant's jurisdiction. The Commission stated in the NPRM that it is mindful of the Dodd-Frank Act's encouragement of coordination and cooperation with foreign regulatory authorities.\42\ The Commission also stated in the NPRM its belief that increased data access by regulators has the potential to provide the Commission and other authorities with more complete information with which to monitor risk exposures and should be expected to promote global market stability through enhanced regulatory transparency. Accordingly, the Commission stated in the NPRM, it would view the following favorably in considering appropriateness: (i) Commission access to swap data maintained by trade repositories in a foreign regulator's jurisdiction; (ii) an arrangement to assist the Commission in obtaining data from other jurisdictions; and (iii) a history of assistance from a foreign regulator. --------------------------------------------------------------------------- \42\ See also Dodd-Frank Act section 752 (recognizing the goal of effective and consistent global regulation of swaps). --------------------------------------------------------------------------- 4. Proposed Amendments: Other Matters Regarding the Determination Order Process The Commission stated in the NPRM its preliminary belief that the Determination Order process and factors discussed above offer a reasonable approach to providing requesting entities access to SDR swap data based on clearly articulated factors and any additional considerations or circumstances the Commission may deem relevant on a case-by-case basis. The Commission added that both the required factors and the additional considerations support the mandates of CEA sections 8, 21(c)(7) and 21(d) and are consistent with the express intent of Congress that the Commission coordinate and cooperate with foreign regulatory authorities on matters related to the regulation of swaps. Through the issuance of Determination Orders, the Commission expected to be able to impose appropriate conditions or restrictions on an entity's access to SDR swap data such that the entity's access would be linked to its jurisdictional scope. Pursuant to proposed Sec. 49.17(h)(3), the Commission could, in its discretion, issue a Determination Order of limited duration. The Commission stated in the NPRM that it would expect SDRs to take into account any conditions or restrictions contained in a Determination Order when providing access to swap data to an ADR or AFR. The Commission further believed it appropriate to make the process and factors proposed in Sec. 49.17(h) applicable to any domestic entities that are not enumerated as ADRs in Sec. 49.17(b)(1)(i) through (vi), as scope of jurisdiction and confidentiality considerations are equally applicable to U.S. entities, and drafted proposed Sec. 49.17(h) accordingly. 5. Final Rules After considering the comments received in the SDR Letter, and for the reasons stated in the NPRM, stated above in sections II.C.2.-4. and stated in this section, the Commission is adopting amendments to Sec. 49.17(b) and new Sec. 49.17(h) as proposed. The Commission requested comment on all aspects of proposed Sec. 49.17(h), particularly on whether the proposed regulatory and other factors are sufficient to determine whether access to SDR swap data is appropriate. The Commission received one comment in response, from the SDR Commenters. The SDR Commenters expressed support for the Sec. 49.17(h) appropriateness determination process proposed in the NPRM with respect to [[Page 27416]] Foreign Regulators and non-enumerated domestic regulators, including the requirement that such regulators file an application with the Commission to be determined to be appropriate recipients of SDR swap data. The SDR Commenters added that they ``believe that a[n] MOU or other information sharing arrangement alone, by [its] nature, ha[s] the potential for imprecise language and bespoke arrangements that would not provide sufficient indication of a regulator's `appropriateness.' '' \43\ --------------------------------------------------------------------------- \43\ SDR Letter at 3. --------------------------------------------------------------------------- The SDR Commenters also suggested that the Commission revise proposed Sec. 49.17(h)(4), which provides that the Commission reserves the right to revisit, reassess, limit, suspend or revoke any appropriateness determination with respect to an ADR or AFR, consistent with the CEA, to require the Commission to provide a written notice to SDRs of such action to ensure that all SDRs are aware of any changes in status with respect to an appropriateness determination.\44\ The Commission agrees with the substance of the ``written notice'' comment but believes that this suggestion should be incorporated elsewhere in the Commission's regulations. Specifically, because proposed Sec. 49.17(h)(4) merely addresses the Commission's right to revisit, reassess, limit, suspend or revoke any appropriateness determination, whereas proposed Sec. 49.17(d)(5) required an SDR to take such action as directed by the Commission,\45\ the Commission believes that proposed Sec. 49.17(d)(5), rather than proposed Sec. 49.17(h)(4), should be amended in response to the ``written notice'' comment.\46\ Accordingly, the Commission is adopting Sec. 49.17(d)(5) as proposed but with a modification to require that any Commission direction to an SDR specified therein be in writing. --------------------------------------------------------------------------- \44\ SDR Letter at 7. \45\ As proposed, Sec. 49.17(d)(5) did not require that the Commission direct the SDR in writing to take any of such actions. \46\ Proposed Sec. 49.17(h)(4) stated that the Commission reserves the right, in connection with any appropriateness determination with respect to an Appropriate Domestic Regulator or Appropriate Foreign Regulator, to revisit, reassess, limit, suspend or revoke such determination consistent with the Act. Proposed Sec. 49.17(d)(5) stated that an SDR shall, as directed by the Commission, limit, suspend or revoke such access should the Commission limit, suspend or revoke the appropriateness determination for such ADR or AFR or otherwise direct the SDR to limit, suspend or revoke such access. --------------------------------------------------------------------------- Accordingly, for the reasons stated in the NPRM, stated above in sections II.C.2.-4. and stated in this section, the Commission is adopting amendments to Sec. 49.17(b) and new Sec. 49.17(h) as proposed. D. Amendments to Sec. 49.17(d)(4): SDR Notice and Verification Obligations 1. Proposed Amendments CEA section 21(c)(7) requires each SDR to notify the Commission of a swap data request received from an ADR or AFR.\47\ Currently, this statutory requirement is implemented in Sec. 49.17(d)(4)(i), which provides that an SDR must promptly notify the Commission regarding ``any'' request received by an ADR or AFR to gain access to swap data maintained by the SDR. --------------------------------------------------------------------------- \47\ See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7). --------------------------------------------------------------------------- To reduce the burden on SDRs and provide greater operational efficiency consistent with the intent of CEA section 21(c)(7), the Commission proposed to amend the SDR notification requirement in current Sec. 49.17(d)(4)(i) to require an SDR to notify the Commission (i) at the time that it receives the first request for access to swap data from a particular ADR or AFR and (ii) at any time that a swap data request from an ADR or AFR does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed Sec. 49.18(a). As proposed, the amendment provided that, upon receiving either such request for data by a particular ADR or AFR, the SDR would be required to provide prompt electronic notification to the Commission of the request, in a format specified by the Secretary of the Commission, pursuant to proposed Sec. 49.17(d)(4)(ii). The SDR would be required to keep such notification and related requests confidential consistent with the requirements of CEA sections 21(c)(6) and (7) and related regulatory requirements set forth in Sec. Sec. 49.16 and 49.17. The Commission stated in the NPRM its belief that the proposed approach to SDR notification supports the Commission's need to be aware of who is able to access SDR swap data and what data has been accessed, while eliminating potentially costly, unwieldy and inefficient notice of every swap data request. Under the proposal, the Commission would be notified that a particular ADR or AFR has requested access to SDR swap data and would be able to examine SDR records of the ADR's or AFR's individual swap data requests, and the swap data provided, as the Commission deemed necessary.\48\ --------------------------------------------------------------------------- \48\ The Commission stated in the NPRM that, consistent with the current recordkeeping requirements for SDRs in Sec. 45.2(f), SDRs are required to maintain records of all information related to the initial and all subsequent requests for swap data from ADRs and AFRs. The Commission stated that appropriate records would include, at a minimum, the identity of the ADR or AFR accessing the swap data, the date, time and substance of the request for access, confirmation that the request is consistent with the scope of the regulator's jurisdiction, and copies of all swap data provided by the SDR in connection with the request for access. The Commission added that, pursuant to Sec. 1.31, SDRs are required to maintain such records for a period of no less than five years after the date of such request and must provide this information to the Commission upon request. --------------------------------------------------------------------------- The Commission also proposed to amend Sec. 49.17(d)(4) by adding new paragraph (iii) to require each SDR that receives a request for access to its swap data from an ADR or AFR to determine, prior to providing such access, that the request is consistent with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed Sec. 49.18(a).\49\ This verification would need to incorporate any subsequent changes to such scope of jurisdiction. --------------------------------------------------------------------------- \49\ The scope of jurisdiction would have been described in Exhibit A to the form of confidentiality arrangement set forth in proposed Appendix B to part 49. --------------------------------------------------------------------------- The Commission also proposed to require an ADR or AFR that has executed a confidentiality arrangement with the Commission pursuant to Sec. 49.18(a) and provided such confidentiality arrangement to one or more SDRs to notify the Commission and each such SDR of any change to such ADR's or AFR's scope of jurisdiction as described in such confidentiality arrangement. Additionally, the proposal enabled the Commission to direct an SDR to suspend, limit, or revoke access to swap data maintained by such SDR based on any such change to an ADR's or AFR's scope of jurisdiction, and required that, if so directed, such SDR must suspend, limit, or revoke such access. Proposed Sec. 49.17(d)(4)(iv) required SDR verification only once with respect to a request for ongoing or recurring access to particular data. Additionally, if there was a change in the request, the ADR or AFR would be obligated to make a new determination pursuant to proposed Sec. 49.17(d)(4)(iii). The Commission recognized that the proposed requirement would impose a burden on SDRs but noted that SDRs are obliged by CEA section 21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which, as discussed above, the Commission interprets as requiring a jurisdictional nexus to the information requested, consistent with CEA section 8(e). The Commission stated that it believed that, in such circumstances, SDRs must take a role in ensuring [[Page 27417]] compliance with those statutory restrictions of CEA section 21(c)(7). 2. Final Rules The Commission received several comments from the SDR Commenters on the proposed amendments to Sec. 49.17(d)(4). For the reasons stated above in section II.D.1. and stated in this section II.D.2., the Commission is adopting Sec. 49.17(d)(4)(i) through (iv) as proposed, with one exception. Specifically, the Commission is adopting Sec. 49.17(d)(4)(iii) with one modification suggested by the SDR Commenters, as discussed below in section II.D.2.c.iii. In response to the SDR Commenters' comments, the Commission is also clarifying the guidance provided in the NPRM on Federal Register page 8,381, as discussed below in section II.D.2.a.ii. a. Sec. 49.17(d)(4)(i) i. Notices of Initial Access Requests and Requests Outside the Scope of Jurisdiction The SDR Commenters supported the proposed amendment to the notification provisions in current Sec. 49.17(d)(4)(i) to require SDRs to notify the Commission only of an initial ADR or AFR request for access to swap data (rather than every request for swap data), stating that this would reduce reporting burdens and increase operational efficiencies. However, the SDR Commenters stated that ``subsection Sec. 49.17(d)(4)(i) and (iii) should be modified to remove the requirement that an SDR determine whether swap data to which the ADR or AFR seeks access is within the then-current scope of such ADR's or AFR's jurisdiction.'' \50\ The SDR Commenters claimed that they ``are not the appropriate entities to determine the scope of a regulator's jurisdiction'' because ``[t]hey do not possess the means to do so correctly with current data fields'' \51\ and that the scope of jurisdiction determination ``must rest solely with the Commission.'' \52\ Accordingly, the SDR Commenters insisted that their responsibilities ``must be limited to providing access to the ADRs and AFRs in accordance with the specific, appended jurisdictional information clearly set forth in the documents describing the confidentiality arrangements negotiated by the Commission pursuant to Sec. 49.18.(a).'' \53\ --------------------------------------------------------------------------- \50\ SDR Letter at 4. Proposed Sec. 49.17(d)(4)(i) states that a registered SDR shall notify the Commission promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction, as described and appended to the confidentiality arrangement required by proposed Sec. 49.18(a). \51\ SDR Letter at 3. \52\ SDR Letter at 2. \53\ SDR Letter at 4. --------------------------------------------------------------------------- The Commission declines to modify Sec. 49.17(d)(4)(i) to provide that an SDR does not need to determine whether swap data to which an ADR or AFR seeks access is within the then-current scope of such ADR's or AFR's jurisdiction. As noted above, SDRs are obliged by CEA section 21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which the Commission interprets as requiring a jurisdictional nexus to the information requested, consistent with CEA section 8(e). However, for the reasons discussed below in response to the SDR Commenters' comments on proposed Sec. 49.17(d)(4)(iii) in relation to determining whether an ADR's or AFR's request for swap data is within the scope of its jurisdiction, the Commission expects SDRs' role in applying Sec. 49.17(d)(4)(i) to be straightforward. As discussed below, the Commission will ensure that each ADR and AFR seeking swap data access provides each SDR from which it seeks such access a description, appended to the confidentiality arrangement required by proposed Sec. 49.18(a), of the ADR's or AFR's scope of jurisdiction in a form that will lend itself to SDRs being readily able to determine whether a particular data request falls within the described scope of jurisdiction. As the Commission will have previously reviewed the described scope of jurisdiction before it is provided to an SDR as part of the confidentiality arrangement required by proposed Sec. 49.18(a), the SDR's role in ensuring that ADRs' and AFRs' swap data access is limited to swap data within the then-current scope of such ADR's or AFR's jurisdiction would be limited to appropriately circumscribing the scope of the swap data to which an ADR or AFR obtains access to match the ADR's or AFR's scope of jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a), and notifying the Commission if the SDR determines that a particular data request does not comport with the described scope of jurisdiction. Finally, Sec. 49.17(d)(4)(i) requires an SDR to notify the Commission of initial requests for data by an ADR or AFR and of requests for data that do not comport with the scope of jurisdiction of an ADR or AFR. These notifications are required to be provided, pursuant to Sec. 49.17(d)(4)(ii), in the format specified by the Secretary of the Commission. In response to a request from the SDR Commenters to specify that format, the Secretary of the Commission is now specifying that these notices should be provided to Commission staff at the email address [email protected]. ii. Recordkeeping Proposed Sec. 49.17(d)(4)(i) required each SDR to maintain records, pursuant to Sec. 49.12,\54\ of the details of an ADR's or AFR's initial request for SDR swap data access and of all subsequent requests by such ADR or AFR for such access. In the NPRM, the Commission explained that an SDR's obligation to maintain records of all information related to the initial and all subsequent requests by an ADR or AFR for swap data access, pursuant to proposed Sec. 49.17(d)(4)(i) and existing Sec. 45.2(f), would require the retention of records that included, at a minimum, the identity of the ADR or AFR accessing the swap data, the date, time and substance of the request for access, confirmation that the request is consistent with the scope of the regulator's jurisdiction, and copies of all data reports and other aggregation of data provided in connection with the request for access.\55\ --------------------------------------------------------------------------- \54\ Commission Regulation 49.12(a) requires SDRs to maintain their records in accordance with the requirements of part 45 of the Commission's regulations regarding the swap data required to be reported to SDRs. Commission Regulation 45.2(f) requires each SDR to keep complete records of all SDR-related business activities. \55\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork Reduction Act discussion of recordkeeping burdens). --------------------------------------------------------------------------- The SDR Commenters stated that ``the proposed requirement for SDRs to maintain copies of data reports and other aggregation of data provided in connection with the request [f]or access should be amended to avoid imposing unnecessary costs.'' \56\ The SDR Commenters also requested that ``additional detail as to what constitutes the `details of such initial request and of all subsequent requests' be included in the rule itself rather than merely mentioned in the preamble.'' \57\ The SDR Commenters characterized the recordkeeping requirements of proposed Sec. 49.17(d)(4)(i) as requiring that SDRs maintain data reports as financially burdensome, challenging to implement, and potentially decreasing information security, because the requirements could require an SDR ``to propagate a given data set more than once.'' \58\ --------------------------------------------------------------------------- \56\ SDR Letter at 6. \57\ SDR Letter at 5-6. \58\ SDR Letter at 6. --------------------------------------------------------------------------- As an alternative to maintaining such reports, the SDR Commenters suggested that they create pre-formatted data [[Page 27418]] reports and make them available for download by ADRs and AFRs ``so that the record of access to such reports [would] be easily identifiable, in lieu of maintaining logs of queries and query conditions . . . .'' \59\ The SDR Commenters added that, if the Commission adopted their alternative, ``the parameters of the reports and the logic which is used to populate the reports is all that should have to be maintained.'' \60\ The SDR Commenters contended that the Commission should require only ``the saving of metadata around reports rather than the actual reports[.]'' \61\ --------------------------------------------------------------------------- \59\ Id. \60\ Id. \61\ Id. --------------------------------------------------------------------------- After the NPRM was published in the Federal Register, Commission staff discussed the SDR Commenters' recordkeeping concerns, as set out in the SDR Letter, with the SDRs.\62\ Based on those discussions, the Commission understands that the SDR Commenters plan to provide swap data access to ADRs and AFRs in one of two ways: (1) Via pre-formatted reports that the SDR Commenters would make available for download by ADRs and AFRs or send to ADRs and AFRs, in each case on a regular basis; or (2) via a Web-based portal through which ADRs and AFRs could conduct customized searches of swap data.\63\ In those discussions, the SDR Commenters explained that they would not consider it unduly burdensome to maintain records of the pre-formatted reports (if they provide ADRs and AFRs access to swap data via pre-formatted reports) or records of both the parameters of the permitted access and the queries (if they provide such access via Web portal). --------------------------------------------------------------------------- \62\ Brief summaries of those ex parte communications are available on the Commission's website at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777. \63\ The swap data provided in the pre-formatted reports or through the Web-based portals would be limited to swap data within the particular ADR's or AFR's scope of jurisdiction, as described in the confidentiality arrangement required by Sec. 49.18(a). --------------------------------------------------------------------------- In response to the SDR Letter, and for the reasons explained by the SDR Commenters and described in this section, the Commission confirms that, as represented by the SDRs and consistent with the reasoning discussed in the NPRM,\64\ either of these means of providing swap data access to ADRs and AFRs would be acceptable. The Commission also confirms that SDRs may satisfy their recordkeeping duties under Sec. 49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre- formatted swap data reports; or (2)(a) the parameters of Web portal swap data access and (b) queries run by ADRs and AFRs using such access. --------------------------------------------------------------------------- \64\ See, e.g., NPRM at 8385 (stating that the Commission is proposing not to specify a particular means of ADRs and AFRs accessing swap data) and 8386 (stating that the Commission expects that SDRs would choose the lowest cost means of access consistent with their statutory obligation to provide ADRs and AFRs access to swap data and other constraints). --------------------------------------------------------------------------- iii. Aggregated Data The SDR Commenters also expressed concerns that the Commission's statement that proposed Sec. 49.17(d)(4)(i) and existing Sec. 42.5 would require retention of copies of all other aggregation of data provided in connection with the request for access was intended to impose a requirement to provide aggregated data to ADRs or AFRs. To address that concern, the SDR Commenters asked the Commission to specify that SDRs would not be required to provide ADRs or AFRs with aggregated data and that SDRs are required to provide only raw swap transaction data, in the form of, for example, pre-formatted reports or via Web-based portal access.\65\ --------------------------------------------------------------------------- \65\ See SDR Letter at 6. --------------------------------------------------------------------------- In response to the foregoing comment, and for the reasons explained by the SDR Commenters and described in this section, the Commission clarifies that SDRs are required to provide ADRs and AFRs only raw swap transaction data in the form in which SDRs maintain such data. The Commission further clarifies that SDRs are not required to aggregate or manipulate raw swap transaction data to provide it to ADRs or AFRs in customized formats or reports requested thereby. Through its consultations with certain ADRs as required by section 712(a)(1) of the Dodd-Frank Act,\66\ the Commission understands that those ADRs enumerated in Sec. 49.17(b)(1)(i) through (vi) that are interested in accessing SDR swap data are capable of receiving such data and manipulating and analyzing such data using their own systems. --------------------------------------------------------------------------- \66\ Section 712(a)(1) of the Dodd-Frank Act provides that before commencing any rulemaking or issuing an order regarding swap data repositories, the Commission shall consult and coordinate to the extent possible with the Securities and Exchange Commission and the prudential regulators for the purposes of assuring regulatory consistency and comparability. --------------------------------------------------------------------------- After considering the comments on proposed Sec. 49.17(d)(4)(i), for the reasons described above, the Commission is adopting the amendments to Sec. 49.17(d)(4)(i) as proposed. b. Sec. 49.17(d)(4)(ii) The Commission proposed only minor, clarifying changes to Sec. 49.17(d)(4)(ii) and did not receive any comments thereon. The Commission is adopting the amendments to Sec. 49.17(d)(4)(ii) as proposed. c. Sec. 49.17(d)(4)(iii) i. Scope of an ADR's or AFR's Jurisdiction The SDR Commenters commented that ``the determination as to scope of jurisdiction must rest solely with the Commission'' \67\ because ``[t]he SDRs do not have, and are not required to have[,] information sufficient to determine whether requested swap data is within the ADR['s] or AFR[']s scope of jurisdiction.'' \68\ The SDR Commenters contended that, if the Commission wants the SDRs to play a role in determining whether swap data is subject to the jurisdiction of any particular ADR or AFR, the Commission would need to ``amend the current Part 43 and Part 45 fields to provide the SDRs with the basis to make these determinations.'' \69\ The SDR Commenters added that they ``should not be expected to make interpretations about jurisdictional questions from ambiguous data points.'' \70\ --------------------------------------------------------------------------- \67\ SDR Letter at 2. \68\ Id. at 3. \69\ Id. at 4. \70\ Id. --------------------------------------------------------------------------- On this point, the SDR Commenters explained that ``[t]he current Part 43 and Part 45 data fields do not yield information that would allow an SDR to identify trades that fall within an ADR['s] or AFR's jurisdiction definitively.'' \71\ They recommended that ADRs and AFRs ``should be required to provide a[ ] . . . list of Part[ ] 43 and 45 data fields (e.g., legal entity identifiers (``LEIs'') of the reporting counterparty and non-reporting party[and] the unique product identifier (``UPI'')) and parameters for such data fields'' \72\ that would clearly indicate to the SDRs which swaps fall within an ADR's or AFR's jurisdiction. The SDR Commenters contended that such a list of Part 43 and 45 data fields is necessary because ``no Part 43 or 45 data fields . . . by themselves identify swaps that fall within an ADR['s] or AFR's jurisdiction.'' \73\ --------------------------------------------------------------------------- \71\ Id. \72\ Id. \73\ Id. --------------------------------------------------------------------------- The SDR Commenters contended that the benefits of their proposed approach would include ensuring that SDRs grant access in a consistent manner and that the security controls established by an SDR according to Part 43 or 45 parameters would prevent access to swap data outside the scope of an ADR's or AFR's jurisdiction. The SDR [[Page 27419]] Commenters recommended the following changes to the proposed regulations to effectuate their proposed approach:Removing proposed Sec. 49.17(d)(4)(iv) completely; removing the requirement in proposed Sec. 49.17(d)(4)(i) and (iii) that an SDR determine whether swap data to which an ADR or AFR seeks access is within the then-current scope of such ADR's or AFR's jurisdiction; replacing the ``negative requirement'' not to provide access unless such a determination has been made with a ``positive requirement'' to provide access that comports with the jurisdictional determination made by the Commission, which determination is clearly spelled out in the confidentiality arrangement; modifying paragraph Sec. 49.17(d)(4)(iii) to state that any requested change in an ADR's or AFR's scope of jurisdiction, as described in the confidentiality arrangement required by proposed Sec. 49.18(a), should be agreed to between the Commission and the ADR or AFR and the information appended to the confidentiality arrangement should be amended accordingly and provided to the SDRs for implementation; and revising the description of Exhibit A in the confidentiality arrangement to state that the ``description of scope of jurisdiction'' must include a list of part 43 and part 45 fields and specific parameters.\74\ --------------------------------------------------------------------------- \74\ Id. at 4 and 5. --------------------------------------------------------------------------- After considering the SDR Commenters' comments and consulting with certain ADRs as required by section 712(a)(1) of the Dodd-Frank Act, the Commission agrees with the SDR Commenters that SDRs should not be responsible for determining the scope of an ADR's or AFR's jurisdiction, for the reasons explained by the SDR Commenters and described in this section. The Commission believes, however, that SDRs should be responsible for limiting ADRs' and AFRs' access to swap data to those swap data within ADRs' and AFRs' then-current scopes of jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). As noted above, SDRs are obligated by CEA section 21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which the Commission interprets as requiring a jurisdictional nexus to the information requested, consistent with CEA section 8(e). For the swap data sharing goal of CEA section 21(c)(7) to be achieved, an ADR's or AFR's description of its scope of jurisdiction must allow the SDRs to establish objective parameters for determining whether a particular data request falls within such scope of jurisdiction, without undue obstacles. The Commission believes that a system requiring legal analysis by the SDRs (a possible result, depending on how ADRs and AFRs describe their scopes of jurisdiction) for each ADR/AFR swap data request is impractical at best and could lead to very slow data access and disparate results across SDRs. Consequently, the Commission supports the spirit of the SDR Commenters' proposal that relevant Part 43/45 data fields could be used to assist in clarifying an ADR's or AFR's scope of jurisdiction, for purposes of SDR swap data access.\75\ --------------------------------------------------------------------------- \75\ The SDR Commenters' approach, by permitting automation, could expedite swap data access. The SDR Commenters' approach could also eliminate the potential for inconsistent determinations by different SDRs. --------------------------------------------------------------------------- The Commission intends to review each ADR's and AFR's description of its scope of jurisdiction and ensure that such descriptions are presented in the confidentiality arrangement in a form SDRs can readily adapt to SDR-developed swap data reports and/or search parameters. The Commission also interprets CEA section 21(c)(7) as imposing on SDRs the duty to limit ADRs' and AFRs' access to swap data to those swap data within ADRs' and AFRs' scope of jurisdiction. The description of an ADR's or AFR's scope of jurisdiction will be appended to the confidentiality arrangement that is executed between the ADR or AFR and the Commission and provided to SDRs. An SDR's duty with respect to this description of the ADR's or AFR's scope of jurisdiction is to ensure that the swap data provided to the ADR or AFR is limited to those records that fall within the description appended to the confidentiality arrangement. For example, if the description is based on a list of LEIs representing entities that a particular ADR regulates, then the SDR's duty would be to provide all swap data associated with the fields in which those LEIs appear (e.g., the fields associated with counterparty identifiers), as those fields are set forth in the description provided by the ADR. As the SDR Commenters acknowledged in discussions with Commission staff, this would make fulfilling their obligations under CEA section 21(c)(7) and Sec. 49.17(d)(4), as proposed, straightforward to apply. The Commission anticipates that, as a practical matter, ADRs and AFRs generally will describe their then-current scopes of jurisdiction, as appended to the confidentiality arrangement required by Sec. 49.18(a), in terms of LEIs and possibly also UPIs or other product identifiers. Although there may be some limitations of using LEIs and product identifiers (e.g., in limited instances where blank or incorrect data entries remain in LEI fields, LEIs are masked in a number of cases to reflect certain other jurisdictions' privacy law limits on disclosure, and the Commission has yet to designate a UPI and product classification system), the Commission believes these data elements represent the most useful method of describing ADRs' and AFRs' scopes of jurisdiction.\76\ --------------------------------------------------------------------------- \76\ In addition, if the scope of an ADR's or AFR's jurisdiction supports receiving all swap data with respect to entities over which an ADR or AFR exercises oversight, the ADR or AFR may not need to use product identifiers at all--it may be able to use LEIs alone to describe the scope of its jurisdiction. --------------------------------------------------------------------------- It also is possible that an ADR or AFR will be able to convey its scope of jurisdiction without using part 43 or part 45 data fields in a way that SDRs will be able to easily apply. The SDR Letter itself acknowledged the possibility that other part 43 or part 45 data fields may be relevant in describing ADRs' and AFRs' scopes of jurisdiction.\77\ For example, it is conceivable that an ADR's scope of jurisdiction may include all swap data maintained at SDRs (though the Commission does not anticipate that this will be the case with respect to most ADRs). In such case, it would not be necessary to use part 43, part 45 or any other swap data fields to delineate the scope of an ADR's or AFR's jurisdiction. For the foregoing reasons, the Commission declines to specifically require the use of part 43 or part 45 data fields to describe an ADR's or AFR's scope of jurisdiction. --------------------------------------------------------------------------- \77\ For example, the SDR Letter noted that ``an indication of whether a swap is a mixed swap'' could constitute a part 43 or 45 data field that ``determine[s] . . . which swaps fall within an ADR or AFR's jurisdiction.'' SDR Letter at 4. Also, in ex parte communications following the publication of the NPRM, the SDR Commenters acknowledged that other fields could potentially be relevant as well. --------------------------------------------------------------------------- The Commission also declines to act on the SDR Commenters' request to delete proposed Sec. 49.17(d)(4)(iv), which provides that SDRs need only make a jurisdictional determination with respect to an ADR's or AFR's swap data access request once for a recurring request and once each time the parameters of the access requests change. The SDR Commenters expressed support in the SDR Letter for that single determination concept and appear to have requested the deletion of [[Page 27420]] proposed Sec. 49.17(d)(4)(iv) because it would impose a jurisdictional determination requirement on SDRs. As explained above, however, the requirement for an SDR to ensure that a data access request is within the then-current scope of an ADR's or AFR's jurisdiction, as described in an appendix to the confidentiality arrangement required by Sec. 49.18(a), is required by statute and should impose a minimal burden on SDRs. For the reasons described below in section II.D.2.c.ii., the Commission declines to modify proposed Sec. 49.17(d)(4)(iii) to state that any change in an ADR's or AFR's swap data access based on a change in its scope of jurisdiction should be agreed to between the Commission and the ADR or AFR, and the jurisdictional description appended to the confidentiality arrangement should be amended accordingly and provided to the SDRs for implementation. ii. Changes to an ADR's or AFR's Scope of Jurisdiction The SDR Commenters stated that the Commission should amend Sec. 49.17(d)(4)(iii) to require that the Commission and an ADR or AFR agree to any change to the SDR swap data that an ADR or AFR may access based on a change in the ADR's or AFR's scope of jurisdiction, which should then be reflected in an updated confidentiality arrangement provided to the SDRs.\78\ --------------------------------------------------------------------------- \78\ See SDR Letter at 4. --------------------------------------------------------------------------- The Commission believes Sec. 49.17(d)(4)(iii), as proposed, addresses the SDR Commenters' comment. The first sentence states that an SDR shall not grant an ADR or AFR access to swap data maintained by the SDR unless the SDR has determined that the swap data to which the ADR or AFR seeks access is within the then-current scope of such ADR's or AFR's jurisdiction, as described and appended to the confidentiality arrangement required by Sec. 49.18(a). Accordingly, once an SDR receives that jurisdictional description, it can rely on that description until it either receives a new jurisdictional description or is directed by the Commission to suspend, limit, or revoke an ADR's or AFR's swap data access. The second sentence of Sec. 49.17(d)(4)(iii), as proposed, requires that each ADR or AFR that has executed a confidentiality arrangement with the Commission pursuant to Sec. 49.18(a) and provided it to one or more SDRs shall notify the Commission and each such SDR of any change to such ADR's or AFR's scope of jurisdiction, as described in such confidentiality arrangement. This puts the burden on each ADR and AFR to inform the Commission, and each SDR from which an ADR and AFR receives swap data, of changes to such ADR's or AFR's jurisdiction.\79\ The Commission would review any such changes, which the Commission expects will be in the form of an updated jurisdictional description and, unless the Commission found an error or other issue in the updated jurisdictional description, expects to advise the relevant ADR or AFR that it could provide the relevant SDRs the updated scope of jurisdiction description. --------------------------------------------------------------------------- \79\ The Commission expects each ADR and AFR to also notify (in writing) the Commission and each SDR from which the ADR or AFR receives swap data of proposed changes to the ADR's or AFR's jurisdiction. With such advance notice, the Commission would seek to consider the implications, if any, of such changes, if finalized as proposed, for the scope of SDR swap data to which the ADR or AFR could have access. With suitable advance notice from the ADR or AFR, the SDRs could implement such changes contemporaneously with the time an ADR's or AFR's scope of jurisdiction changes. --------------------------------------------------------------------------- If the ADR's or AFR's scope of jurisdiction were to become more narrow, the Commission could use its authority pursuant to the third sentence of proposed Sec. 49.17(d)(4)(iii) to direct the relevant SDRs to suspend, limit, or revoke access to swap data maintained by such SDR based on any such change to such ADR's or AFR's scope of jurisdiction, in which case such SDR shall so suspend, limit, or revoke such access. If the ADR's or AFR's scope of jurisdiction were to expand, as a practical matter, the ADR or AFR could not obtain swap data relevant to such expanded jurisdiction until the SDRs could update the parameters of their means of providing access accordingly, which the Commission would expect them to do no later than the earlier of (1) the earliest date such SDR, exercising commercially reasonable efforts in light of its obligations under the CEA and the Commission's regulations, is able to update the parameters of swap data access to match the ADR's or AFR's new scope of jurisdiction and (2) 180 days after the SDR receives those new parameters. iii. Written Notices The SDR Commenters contended that ``[p]roposed Sec. 49.17(d)(4)(iii) should specify that any request by the Commission to the SDR to suspend, limit, or revoke access to swap data should be provided in writing.'' \80\ The Commission agrees that such an important action should be provided in writing to avoid misunderstandings and to provide a record on which SDRs can rely. Accordingly, Sec. 49.17(d)(4)(iii), as adopted, provides that an SDR is required to suspend, limit, or revoke an ADR's or AFR's access to the swap data maintained by such SDR only if the Commission communicates such instruction to the SDR in writing. --------------------------------------------------------------------------- \80\ SDR Letter at 7. --------------------------------------------------------------------------- d. Sec. 49.17(d)(4)(iv) The Commission proposed in Sec. 49.17(d)(4)(iv) that an SDR need not make the scope of jurisdiction determination required pursuant to proposed Sec. 49.17(d)(4)(iii) more than once with respect to a recurring swap data request but that, if such request changed, the SDR would have to make a new determination pursuant to Sec. 49.17(d)(4)(iii). The SDR Commenters requested that the Commission remove proposed Sec. 49.17(d)(4)(iv), but the Commission understands this request to have been rooted in the SDR Commenters' concern that SDRs are not well suited to make a jurisdictional determination with respect to an ADR's or AFR's request for swap data, as discussed above in section II.D.4.c.i. For the reasons discussed therein, the Commission considers those concerns otherwise addressed and is adopting Sec. 49.17(d)(4)(iv) as proposed.\81\ --------------------------------------------------------------------------- \81\ As discussed above, the Commission is not mandating that SDRs perform an analysis of an ADR's or AFR's scope of jurisdiction. Instead, the Commission is obligating SDRs to apply the scope of jurisdiction as defined in the confidentiality arrangement required by Sec. 49.18(a). --------------------------------------------------------------------------- E. New Sec. 49.17(i): Delegation of Authority In the interest of expedience and efficiency in determining appropriateness of access by ADRs and AFRs, the Commission proposed (1) to delegate all functions reserved to the Commission in Sec. 49.17 to the Director of the Division of Market Oversight (``DMO'') and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time and (2) that the DMO Director could submit any such delegated matter to the Commission for its consideration and that nothing prevents the Commission from exercising the delegated authority. The Commission received no comments in response to proposed Sec. 49.17(i) and is adopting it as proposed. F. CEA Section 21(d) Confidentiality Agreements: Amendments to Sec. 49.18 CEA section 21(d), as amended by the FAST Act, requires that, prior to providing swap data to a 21(c)(7) entity, an SDR shall receive a written agreement from each entity stating that the entity shall abide by the [[Page 27421]] confidentiality requirements described in CEA section 8 relating to the information on swap transactions that is provided.\82\ As originally adopted, the part 49 rules required that such confidentiality agreements be executed between the SDR and the 21(c)(7) entity.\83\ The Commission proposed in the NPRM to modify its part 49 rules to add a new Sec. 49.18(a) requiring that a confidentiality arrangement be executed by and between the ADR or AFR and the Commission.\84\ Once the ADR or AFR and the Commission have executed a confidentiality arrangement, the ADR or AFR may present the executed document to any SDR from which it requests access to swap data in satisfaction of CEA section 21(d). --------------------------------------------------------------------------- \82\ See CEA section 21(d). 7 U.S.C. 24a(d), as amended by the FAST Act. \83\ See Sec. Sec. 49.17(d)(6) and 49.18(b), as in effect prior to this adopting release. \84\ The Commission notes that the SEC has implemented a similar approach with respect to the execution of the required agreement. See Access to Data Obtained by Security-Based Swap Data Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2, 2016) (SEC rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and associated preamble text) (``SEC Indemnification Rule''). --------------------------------------------------------------------------- Based on its experience with SDRs and swap data access since the adoption of part 49 in 2011, and on further consideration of the relationship between CEA sections 21 and 8, the Commission believed this change was consistent with the statutory framework established by Congress in CEA sections 21(d) and 21(c)(7) and more directly conforms to the confidentiality mandate of CEA section 8. The Commission stated its belief that this change would promote regulatory efficiency and reduce costs to SDRs, ADRs and AFRs while ensuring the confidentiality of SDR swap data. To further promote regulatory efficiency, the Commission proposed a Confidentiality Arrangement Form for use by ADRs and AFRs. The Commission expects its use by ADRs and AFRs to significantly reduce the need for these entities to negotiate separate, SDR-specific confidentiality arrangements with the Commission. The Confidentiality Arrangement Form also will benefit the Commission by allowing it to use a single form of confidentiality arrangement rather than a different version for each ADR and AFR. This Confidentiality Arrangement Form also will eliminate the costs and potential inefficiencies for the SDRs that are inherent in requiring each SDR to negotiate confidentiality arrangements with a potentially large number of ADRs and AFRs. Similarly, the Confidentiality Arrangement Form will also eliminate costs and inefficiencies for ADRs and AFRs that would be incurred if each ADR and AFR has to negotiate and execute a unique confidentiality arrangement with each SDR. Finally, the Commission believes that widespread use of the Confidentiality Arrangement Form will facilitate timely access to SDR swap data by ADRs and AFRs by reducing or eliminating instances in which the Commission and its staff need to devote time and resources to developing and reviewing individualized confidentiality arrangements. 1. Current Rule The Commission adopted Sec. 49.18 to implement CEA sections 21(d)(1) and (2) as originally enacted. Accordingly, the current rule obligates SDRs to execute a ``Confidentiality and Indemnification Agreement'' before providing SDR swap data to an ADR or AFR. In the FAST Act, Congress repealed the indemnification requirement in CEA section 21(d)(2), and the Commission proposed in the NPRM certain conforming amendments to Sec. 49.18 to remove references to indemnification. Separately, the Commission proposed in the NPRM to amend Sec. 49.18 to modify the substantive requirements of the confidentiality arrangement and the parties to the confidentiality arrangement, to establish conditions for restricting or revoking access to SDR swap data, and to clarify the confidentiality obligations of ADRs and AFRs with regulatory responsibility over an SDR. 2. Proposed Amendments to Sec. 49.18(a): Confidentiality Arrangement Required Prior to Disclosure of Swap Data The Commission proposed to remove existing Sec. 49.18(a) \85\ and add a new Sec. 49.18(a) requiring that an SDR, before providing access to swap data maintained by the SDR to an ADR or AFR, receive a confidentiality arrangement executed by the Commission and the ADR or AFR that, at a minimum, contains all elements described in Sec. 49.18(b), as amended. --------------------------------------------------------------------------- \85\ Existing Sec. 49.18(a) describes the purpose of Sec. 49.18. --------------------------------------------------------------------------- 3. Proposed Amendments to Sec. 49.18(b): Required Elements of the Confidentiality Arrangement The Commission proposed to amend Sec. 49.18(b) \86\ to include a requirement that the confidentiality arrangement required pursuant to Sec. 49.18(a) shall, at a minimum, include all elements included in the Confidentiality Arrangement Form. As proposed, paragraph 5 of the Confidentiality Arrangement Form required an ADR or AFR to undertake that it will be acting within the scope of its jurisdiction each time it requests swap data from an SDR, and to promptly notify the Commission and each relevant SDR if the scope of the ADR's or AFR's jurisdiction changes. As proposed, paragraph 5 of the Confidentiality Arrangement Form also required ADRs and AFRs to employ procedures to maintain the confidentiality of swap data received from an SDR and any information and analyses derived therefrom (the swap data and such information are referred to collectively in the Confidentiality Arrangement Form as the ``Confidential Information''). --------------------------------------------------------------------------- \86\ Existing Sec. 49.18(b) requires an SDR to receive a confidentiality agreement from a 21(c)(7) entity before granting the 21(c)(7) entity access to swap data maintained by the SDR. As discussed above, the Commission proposes to address in Sec. 49.18(a), as adopted herein, the confidentiality agreement condition to swap data access. --------------------------------------------------------------------------- As proposed, paragraph 6 of the Confidentiality Arrangement Form required ADR and AFR signatories to employ the following safeguards to maintain the confidentiality of the Confidential Information: To the maximum extent practicable, maintain Confidential Information received from SDRs separately from other data and information; \87\ --------------------------------------------------------------------------- \87\ Without limitation, ADRs and AFRs seeking useful guidance for Confidential Information segregation can look to the data segregation standards contained in the National Institute of Standards and Technology (``NIST'') Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (April 2013) (``NIST Document''), available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. The NIST Document also references international security standards in Appendix H (International Information Security Standards). See also the Federal Information Security Management Act of 2002, as amended (``FISMA''), 44 U.S.C. 3541. As the Commission has previously noted in a different context, FISMA ``is a source of cybersecurity best practices and also establishes legal requirements for federal government agencies . . . .'' System Safeguards Testing Requirements, 80 FR 80139, 80142 Dec. 23, 2015) (``Registered Entity Cyber NPRM''). The Commission adopted final rules based on the Registered Entity Cyber NPRM. See System Safeguards Testing Requirements, 81 FR 64271 (Sept. 19, 2016) (``Final Registered Entity Cyber Rules''). --------------------------------------------------------------------------- protect such Confidential Information from misappropriation and misuse; \88\ --------------------------------------------------------------------------- \88\ This should include cybersecurity measures. As the Commission detailed in a different context in the Final Registered Entity Cyber Rules, ``cyber threats to the financial sector continue to expand.'' See id. at 64272. See also System Safeguards Testing Requirements for Derivatives Clearing Organizations, 80 FR 80113, 80114-80115 (Dec. 23, 2015) (describing escalating and evolving cybersecurity threats); Registered Entity Cyber NPRM at 80140-80141 (describing, inter alia, the then-current cybersecurity threat environment). --------------------------------------------------------------------------- [[Page 27422]] ensure that only ADR or AFR personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto and that such access is permitted only to the extent necessary to perform such job functions; \89\ --------------------------------------------------------------------------- \89\ One basic principle of data security is that only those with a need to access data to perform their work should be granted access to such data. See, e.g., Framework for Improving Critical Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the ``Protect'' element of a core cybersecurity framework as one where ``[a]ccess to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.''). --------------------------------------------------------------------------- prevent the disclosure of aggregated Confidential Information, unless sufficiently aggregated and anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; \90\ --------------------------------------------------------------------------- \90\ The Commission understands that ADRs and AFRs may want to use aggregated and anonymized information derived from SDR swap data in analyses that may be made public. Cf. U.S. GOV'T ACCOUNTABILITY OFFICE, GAO-16-175, FINANCIAL REGULATION: COMPLEX AND FRAGMENTED STRUCTURE COULD BE STREAMLINED TO IMPROVE EFFECTIVENESS 71-75 (2016) (``GAO Report''), available at http://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and related confidentiality issues and protections surrounding sharing aggregated and disaggregated information provided by other agencies). The Commission believes that, when properly aggregated and anonymized, information derived from SDR swap data generally can be disclosed without violating the requirement in CEA section 21(d) that a recipient of swap data agree, with respect to the information on swap transactions that is provided by an SDR, to abide by the confidentiality requirements described in CEA section 8. Cf. Sec. 49.16(c) (providing that subject to Section 8 of the Act, SDRs may disclose aggregated swap data on a voluntary basis or as requested in the form and manner prescribed by the Commission); SDR Final Rules at 54551 (providing that the Commission believes that it is permissible under the Dodd-Frank Act and part 49 of the Commission's regulations for an SDR to disclose, for non-commercial purposes, data on an aggregated basis such that the disclosed data reasonably cannot be attributed to individual transactions or market participants.). In certain cases, however, even aggregated information may enable a reader to determine a market participant's business transactions, trade secrets (e.g., algorithms) or positions. Thus, the Confidentiality Arrangement Form requires ADRs and AFRs to implement safeguards designed to appropriately limit the use of information that has been aggregated from SDR swap data and to disclose aggregated information only if it is sufficiently anonymized to prevent the identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties. ADRs and AFRs can look to Sec. 43.4(d)(1) and (4) and (g) for guidance on anonymization principles. --------------------------------------------------------------------------- prohibit the use of Confidential Information by ADR or AFR personnel for any improper purpose; and include a process for monitoring compliance with the confidentiality safeguards described in the Confidentiality Arrangement Form and for promptly notifying the CFTC and each relevant SDR of any violation of the safeguards or failure to fulfill the terms of the confidentiality arrangement. As proposed, paragraph 7 of the Confidentiality Arrangement Form also precluded, with limited exceptions, ADRs and AFRs from disclosing any Confidential Information, via onward sharing \91\ or otherwise. One exception was for aggregated Confidential Information that is anonymized to prevent identification (through disaggregation or otherwise) of a market participant's business transactions, trade data, market positions, customers or counterparties. The other exception was described in proposed paragraphs 8.a through 8.c., as described below. --------------------------------------------------------------------------- \91\ The Commission interprets the restrictions on disclosure contained in CEA section 8 that are incorporated in CEA sections 21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing swap data it obtains from an SDR. --------------------------------------------------------------------------- As proposed, paragraphs 8.a through 8.c. of the Confidentiality Arrangement Form required specified federal, state or local U.S. ADRs and specified foreign AFRs to undertake that they will not disclose Confidential Information except in specified actions, adjudicatory actions or proceedings under relevant law. As proposed, paragraph 9 of the Confidentiality Arrangement Form contained certain provisions requiring ADRs and AFRs to notify the Commission, and take certain protective actions, prior to disclosing Confidential Information in circumstances where an ADR or AFR receives a legally enforceable demand to disclose Confidential Information. As proposed, paragraph 11 of the Confidentiality Arrangement Form required ADRs and AFRs accessing swap data from SDRs to comply with all applicable security-related requirements imposed by an SDR in connection with access to such swap data, as such requirements may be revised from time to time. Because, subject to specified conditions, CEA sections 21(c)(7) and 21(d) require SDRs to provide ADRs and AFRs access to swap data, the Commission expects that SDRs will not impose security-related access requirements beyond those that are necessary to ensure the privacy and confidentiality of SDR swap data. The Commission further expects that SDRs' security-related access requirements for ADRs and AFRs would be akin, if not identical, to the requirements SDRs impose on others (e.g., the Commission, reporting counterparties) to whom SDRs provide swap data access. To further protect the confidentiality of SDR swap data, paragraph 12 of the Confidentiality Arrangement Form, as proposed, required ADR and AFR signatories to promptly destroy all Confidential Information for which they no longer have a need or which no longer falls within their scope of jurisdiction.\92\ The Commission stated in the proposal that, although it may be the case that ADRs or AFRs will use some or all Confidential Information in perpetuity, if they no longer have a need for Confidential Information, they should destroy such Confidential Information to prevent its misuse. Similarly, the Commission stated in the proposal that if an SDR inadvertently provides to an ADR or AFR swap data outside the scope of the ADR's or AFR's jurisdiction, such swap data also should be destroyed immediately after the ADR or AFR discovers that such swap data is outside the scope of its jurisdiction. The Commission clarifies here that, although it is adopting paragraph 12 of the Confidentiality Arrangement Form as proposed, if a recordkeeping obligation that is legally binding on an ADR or AFR would prohibit destroying swap data, the ADR or AFR would not need to destroy swap data in contravention of such prohibition. --------------------------------------------------------------------------- \92\ Paragraph 12 of the Confidentiality Arrangement Form, as proposed, also required ADR and AFR signatories to certify to the CFTC, upon request, that they have destroyed such swap data. --------------------------------------------------------------------------- The proposed rule required that a confidentiality arrangement include an exhibit (Exhibit A) describing the scope of jurisdiction of the ADR or AFR signatory. If such signatory is not an Enumerated ADR, the ADR or AFR would attach the Commission Determination Order described in Sec. 49.17(h) as Exhibit A to the confidentiality arrangement.\93\ If such signatory is an Enumerated ADR, it would attach, as Exhibit A to the confidentiality arrangement, a detailed description of its scope of jurisdiction as it relates to the swap data maintained by SDRs that the Enumerated ADR would seek to access. The description appended as Exhibit A to the confidentiality arrangement would be used by SDRs to verify that each particular swap data request is within the scope of the requesting entity's jurisdiction. --------------------------------------------------------------------------- \93\ As noted above, the Commission expects that the applicant would provide a description of its scope of jurisdiction as part of the Determination Order process. --------------------------------------------------------------------------- While the Confidentiality Arrangement Form, as proposed, would [[Page 27423]] require ADRs and AFRs to make certain undertakings before being granted access to SDR swap data, it afforded ADRs and AFRs the discretion to determine how to comply with those obligations with respect to swap data received from an SDR. Additionally, the Commission stated that to the extent the proposed rule did not address a relevant confidentiality issue that arose after an ADR or AFR commenced accessing swap data, the Commission expected affected ADRs and AFRs to take appropriate measures to safeguard affected swap data and advise the Commission of such issue promptly so that the Commission may consider appropriate action. 4. Proposed Removal of Sec. 49.18(c): ADRs and AFRs With Regulatory Responsibility Over an SDR The Commission proposed removing current Sec. 49.18(c), which provides that the indemnification and confidentiality requirements established in Sec. 49.18(b) do not apply to certain ADRs and AFRs with regulatory responsibility over an SDR, but requires such regulators to comply with CEA section 8 and any other relevant statutory confidentiality authorities. As noted above in section II.B. relating to Sec. 49.17(d)(2) and (3), the Commission believed that those domestic regulators and Foreign Regulators that have regulatory responsibility over an SDR should be able to access swap data reported to such SDR pursuant to such other regulator's regulatory regime, without the limitations set out in current Sec. 49.18(c). Therefore, the Commission submitted in the NPRM that Sec. 49.18(c) is not appropriate. In addition, the Commission noted that Sec. 49.17(d)(2) and (3) already provided that the confidentiality and indemnification requirements of Sec. 49.18(b) do not apply to these domestic regulators and Foreign Regulators with regulatory responsibility over SDRs. However, the Commission stated that insofar as such a regulator sought swap data that was not reported to the SDR pursuant to that regulator's regulatory regime, the exclusions set forth within Sec. Sec. 49.17(d)(2) and (3) would not apply. The Commission accordingly proposed to eliminate Sec. 49.18(c). 5. Proposed New Sec. 49.18(c) and (d): Failure to Fulfill the Terms of a Confidentiality Arrangement The Commission proposed new Sec. 49.18(c) to require SDRs to immediately report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that they receive pursuant to Sec. 49.18(a). The Commission also proposed new Sec. 49.18(d), which authorizes the Commission to direct an SDR to limit, suspend or revoke an ADR's or AFR's access to swap data, if the Commission determines that the ADR or AFR has failed to fulfill the terms of its confidentiality arrangement with the Commission.\94\ --------------------------------------------------------------------------- \94\ Proposed Sec. 49.18(d) provided that the Commission may, if an ADR or AFR fails to fulfill the terms of a confidentiality arrangement described in Sec. 49.18(a), direct each registered SDR to limit, suspend or revoke such ADR's or AFR's access to swap data held by such SDR. Similarly, proposed Sec. 49.17(d)(5) required an SDR, as directed by the Commission, to limit, suspend or revoke an ADR's or AFR's swap data access should the Commission limit, suspend or revoke the appropriateness determination for such ADR or AFR or otherwise direct the SDR to limit, suspend or revoke such access. --------------------------------------------------------------------------- 6. Proposed New Sec. 49.18(e): Delegation of Authority The Commission proposed to add new Sec. 49.18(e)(1) to delegate to the DMO Director, and to such Commission staff acting under his or her direction as he or she may designate from time to time, all functions reserved to the Commission in Sec. 49.18. Proposed 49.18(e)(2) reserved to the DMO Director the authority to submit to the Commission for its consideration any matter that has been delegated under Sec. 49.18(e)(1). Proposed Sec. 49.18(e)(3) expressly permitted the Commission, at its election, to exercise the authority delegated under Sec. 49.18(e)(1). This delegation is intended to conserve Commission resources and increase the effectiveness and efficiency of the Commission's oversight and supervision of SDR swap data access. The Commission anticipates that the delegation of authority will help facilitate timely access to SDR swap data by ADRs and AFRs consistent with the requirements set forth in part 49 of the Commission's regulations. However, the DMO Director may submit matters to the Commission for its consideration, as he or she deems appropriate. 7. Conforming Changes As a result of the FAST Act Amendments, the Commission proposed conforming changes to Sec. 49.17(d)(6) to delete references to an Indemnification Agreement. As a result of the amendments to Sec. 49.18, and in particular, Sec. 49.18(a), the Commission proposed conforming changes to Sec. 49.22(d)(4) relating to chief compliance officer compliance responsibilities and duties so that the appropriate rule provision reflecting the confidentiality arrangement is referenced. 8. Comments Received The Commission received comments related to proposed Sec. 49.18 from the SDR Commenters. The SDR Commenters supported the Commission's proposed transfer of responsibility for the execution of the confidentiality arrangement with the ADRs and AFRs from the SDRs to the Commission. The SDR Commenters advised that such transfer will significantly reduce regulatory costs and inefficiencies for the SDRs.\95\ The SDR Commenters also supported the use of a confidentiality arrangement form. The SDR Commenters stated that use of such a form would promote consistency and further reduce regulatory burdens.\96\ --------------------------------------------------------------------------- \95\ See SDR Letter at 3. \96\ See id. --------------------------------------------------------------------------- In response to the Commission's proposal to remove previously adopted Sec. 49.18(c), which, in part, applied the conditions of CEA section 8 to those ADRs and AFRs with regulatory responsibility over an SDR, the SDR Commenters agreed with the Commission that it is not appropriate to require a domestic regulator or Foreign Regulator to comply with CEA section 8 where such domestic regulator or Foreign Regulator has regulatory responsibility over an SDR and seeks access to SDR data that was reported pursuant to the regulator's supervisory authority.\97\ Accordingly, the SDR Commenters supported the Commission's proposal to remove Sec. 49.18(c) as previously adopted. --------------------------------------------------------------------------- \97\ See SDR Letter at 2-3. --------------------------------------------------------------------------- Proposed Sec. 49.18(a) and (d) both contemplated notifications being sent to the SDRs. Proposed Sec. 49.18(a) required an SDR that received a notice that an ADR's or AFR's confidentiality arrangement was no longer in effect to no longer provide swap data access to such ADR or AFR. Proposed Sec. 49.18(d) stated that the Commission may, if an ADR or AFR fails to fulfill the terms of a confidentiality arrangement described in Sec. 49.18(a), direct each registered SDR to limit, suspend or revoke such ADR's or AFR's access to swap data held by such SDR. The SDR Commenters recommended that the Commission modify proposed Sec. 49.18(a) and (d) to specify that the notifications contemplated in these provisions be in writing. 9. Final Rule After consideration of the comments that it received, and for the reasons set forth in sections II.F.1. through II.F.8. above and in this section the Commission is adopting Sec. 49.18 with modifications. First, as discussed above, [[Page 27424]] the Commission is accepting the SDR Commenters' comments that the notifications contemplated in proposed Sec. 49.18(a) and (d) should be provided in writing and is adopting revised Sec. 49.18(a) and (d) to reflect that change. The Commission is also modifying proposed Sec. 49.18(a) to promote the use of the Confidentiality Arrangement Form set forth in Appendix B. Specifically, as adopted, Sec. 49.18(a) provides that, prior to providing an ADR or AFR access to any requested swap data, an SDR shall receive therefrom an executed confidentiality arrangement, between the Commission and the ADR or AFR, in the form set out in Appendix B to this part 49. The Commission may, in its discretion, however, agree to execute an alternate confidentiality arrangement with an ADR or AFR if the confidentiality arrangement is consistent with the requirements set forth in Sec. 49.18(a).\98\ The Commission believes that widespread use of the Confidentiality Arrangement Form will facilitate timely access to SDR swap data by ADRs and AFRs by reducing or eliminating instances in which the Commission and its staff need to devote time and resources to developing and reviewing individualized confidentiality arrangements. The Commission therefore believes that this modification will increase the potential benefits and cost savings associated with use of the Confidentiality Arrangement Form while still providing ADRs and AFRs the flexibility to use an alternate arrangement if necessary, in consultation with the Commission. --------------------------------------------------------------------------- \98\ The Commission is also making similar clarifying modifications to proposed Sec. Sec. 49.17(d)(6) and 49.17(h)(3). --------------------------------------------------------------------------- The Commission is adopting all other modifications to Sec. 49.18 as proposed in the NPRM. G. Other Changes 1. Proposed Rule Changes In addition to those changes discussed throughout this release, the Commission proposed other changes to part 49, including a number of ministerial changes. The Commission proposed to amend Sec. 49.9(a)(9) to change the reference therein from ``certain appropriate domestic regulators and foreign regulators'' to ``Appropriate Domestic Regulators and Appropriate Foreign Regulators'' to make clear that an SDR is required to provide access to swap data, pursuant to Sec. 49.17, only to ADRs and AFRs. The Commission proposed to make a number of other changes to part 49 to more consistently refer to the defined term ``swap data.'' The Commission proposed to modify: The references in existing Sec. Sec. 49.9(a)(9) and 49.17(b)(2)(i) to ``swap data or information''; the reference in existing Sec. 49.17(d)(4)(i) to ``swaps transaction data''; and the reference in existing Sec. 49.17(d)(6) to ``requested data,'' to be, in each case, references to ``swap data,'' as that term is defined in Sec. 49.2(a)(15). The Commission proposed these changes to eliminate confusion and to conform part 49 to the FAST Act's amendment of CEA section 21(c)(7) to refer to ``swap data.'' The Commission also proposed to replace the reference in Sec. 49.17(a) to ``swaps data'' with a reference to ``swap data'' and to replace the reference in Sec. 49.17(a) to ``Regulation'' with a reference to ``Sec. 49.17'' to match the format of the reference in Sec. 49.17(b). The Commission did not intend to effect any substantive changes with these proposed amendments. The Commission proposed to change the references to ``swap transaction data'' in Sec. Sec. 49.17(c)(2) and 49.17(c)(3) to ``swap data'' as defined in Sec. 49.2(a)(15). The Commission also proposed to change the references to ``data'' in Sec. 49.17(d)(5) and (6), (e) introductory text, and (e)(1) to ``swap data'' in order to clarify the Commission's intent to refer to ``swap data'' within the meaning of Sec. 49.2(a)(15). For the same reason, the Commission also proposed to add ``swap data and'' before ``information'' in Sec. 49.17(e)(2) to conform it to Sec. 49.17(e)(1), as proposed to be amended.\99\ The Commission also proposed to add the term ``and information'' after the term ``swap data'' in the second sentence of Sec. 49.17(e) so that such sentence is consistent with the first sentence of Sec. 49.17(e), which permits access by third party service providers to both swap data and information maintained by a registered SDR, subject to certain conditions. --------------------------------------------------------------------------- \99\ Although Sec. 49.17(e) uses the terms ``data'' and ``swap data'' interchangeably, the Commission intended those paragraphs to reference the definition of ``swap data'' and, consequently, believes that these amendments do not represent a change to the Commission's original intent in promulgating Sec. 49.17(e). However, the term ``swap data'' is narrower than the term ``data''. Consequently, changing ``data'' to ``swap data'' arguably would narrow the scope of the confidentiality procedures and ``Confidentiality Agreement'' required, respectively, by Sec. 49.17(e)(1) and (2). --------------------------------------------------------------------------- In Sec. 49.17(f)(2), the Commission proposed to change both references to ``data and information'' to ``swap data and information'' in order to clarify, in each case, that the intended reference is to ``swap data'' as defined in Sec. 49.2(a)(15). In addition to those changes related to references to ``swap data,'' the Commission also proposed to amend Sec. 49.17(b)(1)(vii) to change the references to any other person the Commission deems appropriate to any other person the Commission determines to be appropriate pursuant to the process set forth in Sec. 49.17(h) to match the language in CEA section 21(c)(7). Commission regulation 49.17(f)(1) currently states that access of swap data maintained by the registered swap data repository to market participants is generally prohibited. The Commission proposed to amend Sec. 49.17(f)(1) to state that access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in Sec. 49.17(f)(2) in order to clarify its meaning. The Commission did not intend this to be a substantive change to Sec. 49.17(f)(1). Finally, the Commission proposed several minor clarifying changes to Sec. 49.18(b).\100\ These changes include: Replacing ``the swap data'' with ``swap data''; replacing the ``with any Appropriate Domestic Regulator or Appropriate Foreign Regulator'' reference with ``to any Appropriate Domestic Regulator or Appropriate Foreign Regulator''; and adding ``each'' before ``as defined in Sec. 49.17(b)'' to reflect that both ``Appropriate Domestic Regulator'' and ``Appropriate Foreign Regulator'' are defined terms in Sec. 49.17(b). --------------------------------------------------------------------------- \100\ These proposed changes appear in proposed Sec. 49.18(b). --------------------------------------------------------------------------- 2. Final Rule Changes The Commission received comment on only two of the proposed changes described in this section II.G. For the reasons set forth above in section II.G.1. and in this section, with one exception (i.e., Sec. 49.17(e)), the Commission is adopting the changes described in this section II.G. as proposed. The comments and the Commission's responses are described below. The SDR Commenters generally supported the proposed changes to part 49 to more consistently refer to the defined term ``swap data,'' stating their belief that the consistency ``will promote clarity as to the data to which ADRs and AFRs may be granted access[.]'' \101\ However, the SDR Commenters also noted that the term ``swap data'' is defined under Sec. 49.2(a)(15) as ``specific data elements and information set forth in part 45 of this chapter that is required to be reported by a reporting entity to a registered swap data repository.'' \102\ The [[Page 27425]] SDR Commenters asked the Commission to confirm that SDRs may provide ADRs and AFRs with Part 43 data in addition to Part 45 data and characterized this clarification as important because ``the SDRs use a combined message for Parts 43 and 45 reporting, making separation of Part 43 data from Part 45 data exceedingly difficult.'' \103\ --------------------------------------------------------------------------- \101\ SDR Letter at 8. \102\ Id. \103\ Id. --------------------------------------------------------------------------- In response to this comment, the Commission confirms that SDRs may provide ADRs and AFRs with Part 43 data in addition to Part 45 data. The Commission observes that most data reported pursuant to Part 43 is publicly disseminated and that, to the extent certain data is not publicly disseminated, such data is reported in equal or greater detail pursuant to part 45. The SDR Commenters also noted that, ``[u]nder Sec. 49.17(e), the Commission proposes to amend `data and information' to `swap data and information[ ]'' and commented that, in their view, the more appropriate term ``to ensure a third-party Service Provider may have access to all necessary data and information'' is ``swap data and SDR Information'' (as SDR Information is defined in Sec. 49.2).\104\ In response to this comment, the Commission is adopting Sec. 49.17(e) as the SDR Commenters recommended amending it, in part because this change does not change the intent or scope of what is required or what was proposed in the NPRM. --------------------------------------------------------------------------- \104\ Id. --------------------------------------------------------------------------- In addition to these final rule changes, the Commission is adopting three ministerial changes to the proposed rule text, each for greater clarity, and one ministerial change to the existing rule text, also for greater clarity. First, the Commission is changing the phrase ``as directed by the Commission'' in proposed Sec. 49.17(d)(5) to ``if directed by the Commission''. Second, the Commission is changing the phrase ``as described and appended to the confidentiality arrangement required by Sec. 49.18(a)'' to ``as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a)'' in both proposed Sec. 49.17(d)(4)(i) and (iii).\105\ --------------------------------------------------------------------------- \105\ These changes are to clarify that the scope of an ADR's or AFR's jurisdiction, which is the subject of the quoted text, is to be described in the appendix to the confidentiality arrangement required by Sec. 49.18(a) rather than in the confidentiality arrangement itself. The language as proposed was somewhat unclear in that regard. --------------------------------------------------------------------------- Third, the Commission is adding bracketed text at the end of Appendix B to part 49 (describing Exhibit A to the Confidentiality Arrangement Form) in response to the SDR Commenters comment discussed in section II.D.2.c.i. This additional bracketed text provides that in both cases, the description of the scope of jurisdiction must include elements allowing SDRs to establish, without undue obstacles, objective parameters for determining whether a particular Swap Data request falls within such scope of jurisdiction. Such elements could include LEIs of all jurisdictional entities and could also include UPIs of all jurisdictional products or, if no CFTC-approved UPI and product classification system is yet available, the internal product identifier or product description used by an SDR from which Swap Data is to be sought. Fourth, the Commission is amending existing Sec. 49.17(d)(1), which the Commission had not proposed to amend to provide a brief overview in one paragraph to those persons seeking to obtain swap data access from SDRs, both ADRs and AFRs and those seeking to become ADRs or AFRs, of the requirements to obtain such access and to alert such persons to exceptions to the otherwise applicable requirements. The Commission is also adopting these changes to Sec. 49.17(d)(1) to provide the aforementioned persons citations to the regulations relevant to obtaining SDR swap data access and to relevant exceptions to those regulations. These changes provide that except as set forth in Sec. 49.17(d)(2) or (3), a person who is not an Appropriate Domestic Regulator or an Appropriate Foreign Regulator and who seeks to gain access to the swap data maintained by a swap data repository is required to first become an Appropriate Domestic Regulator or Appropriate Foreign Regulator through the process set forth in Sec. 49.17. Additionally, these changes provide that Appropriate Domestic Regulators and Appropriate Foreign Regulators seeking to gain access to the swap data maintained by a swap data repository are required to comply with Sec. 49.17(d)(6) prior to receiving such access and, if applicable after receiving such access, comply with the notification requirement in Sec. 49.17(d)(4)(iii) applicable to Appropriate Domestic Regulators and Appropriate Foreign Regulators. III. Request for Comment In addition to the specific questions set forth throughout the NPRM, the Commission requested comment on all aspects of the proposal and on several specific questions set forth in section III of the NPRM. The Commission received some responsive comments, which it has summarized and responded to in the relevant sections of this adopting release, and two comments that were not responsive.\106\ --------------------------------------------------------------------------- \106\ In addition, the SDR Commenters commented on several issues relating to current Sec. 49.17(f)(2) that were unrelated to the non-substantive change that the Commission proposed to make to Sec. 49.17(f)(2). Because the SDR Commenters' comments on Sec. 49.17(f)(2) were unrelated to the proposed changes to Sec. 49.17(f)(2), they are beyond the scope of the NPRM and not a logical outgrowth of this rulemaking, as a result of which the Commission declines to address them here, in accordance with the Administrative Procedure Act. All comments received in response to the Commission's request for comment are available at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777. --------------------------------------------------------------------------- IV. Compliance Date The Commission received one comment related to the compliance date of the final rules. The SDR Commenters suggested that the Commission work with the SDRs to set an appropriately mutually agreeable timeframe for the compliance date.\107\ Commission staff subsequently engaged in multiple discussions with the SDR Commenters regarding the compliance date. The Commission, as set out below, is adopting a two part compliance date for the final rules adopted herein. The compliance date for the final rules will be 60 days after publication in the Federal Register, except for the compliance date for an SDR to comply with its obligation under Sec. 49.17(d)(5)(iii) of the Commission's regulations to provide access to swap data requested by an ADR or AFR. The compliance date for an SDR to comply with its obligation under Sec. 49.17(d)(5)(iii) of the Commission's regulations is the earlier of (1) the earliest date, after such SDR receives from such ADR or AFR the confidentiality arrangement required by Sec. 49.18(a), that such SDR, exercising commercially reasonable efforts in light of its obligations under the CEA and the Commission's regulations, is able to provide such access to the ADR or AFR and (2) 180 days after the SDR receives from such ADR or AFR the confidentiality arrangement required by Sec. 49.18(a). --------------------------------------------------------------------------- \107\ See SDR Letter at 9. --------------------------------------------------------------------------- V. Related Matters A. Regulatory Flexibility Act The Regulatory Flexibility Act (``RFA'') requires federal agencies, in promulgating rules, to consider the impact of those rules on small entities.\108\ The rules adopted herein will have a direct effect on the operations of SDRs and certain domestic regulators and foreign regulators seeking [[Page 27426]] access to swap data reported to, and maintained by, SDRs. --------------------------------------------------------------------------- \108\ See 5 U.S.C. 601 et seq. --------------------------------------------------------------------------- The Commission has previously established certain definitions of ``small entities'' to be used by the Commission in evaluating the impact of its rules on small entities in accordance with the RFA.\109\ The Commission has previously determined that SDRs are not small entities for purposes of the RFA.\110\ --------------------------------------------------------------------------- \109\ See Policy Statement and Establishment of ``Small Entities'' for purposes of the Regulatory Flexibility Act, 47 FR 18618, 18618-21 (Apr. 30, 1982). \110\ See Part 49 Adopting Release at 54575 and Notice of Proposed Rulemaking: Swap Data Repositories, 75 FR 80898, 80926 (Dec. 23, 2010). --------------------------------------------------------------------------- For purposes of the RFA, the definition of ``small entity'' encompasses ``small governmental jurisdictions,'' which in relevant part means governments of locales with a population of less than fifty thousand.\111\ Although the Commission anticipates that the final rules adopted herein may be expected to have an economic impact on various governmental entities that access data pursuant to the Dodd-Frank Act's data access provisions (i.e., ADRs and AFRs), the Commission does not anticipate that any of those governmental entities would be small governmental jurisdictions: The Commission believes that the universe of ADRs and AFRs will likely be limited to U.S. federal regulators and equivalent national, or state or provincial, foreign authorities, given that swap regulation does not occur at a local level globally, in the Commission's experience. As a result, the Commission does not believe that the final rules will have a significant economic impact on a substantial number of small entities. Therefore, the Chairman, on behalf of the Commission, pursuant to 5 U.S.C. 605(b), hereby certifies that the final rules will not have a significant economic impact on a substantial number of small entities. --------------------------------------------------------------------------- \111\ 5 U.S.C. 601(5), (6). --------------------------------------------------------------------------- B. Paperwork Reduction Act The amendments to part 49 result in new ``collection of information'' requirements within the meaning of the Paperwork Reduction Act of 1995 (``PRA'').\112\ An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (``OMB'') control number. The OMB control number for the information collection associated with part 49 is 3038-0086 (the ``Information Collection'').\113\ The Commission is revising the Information Collection because the rule amendments herein will impose information collection requirements that require approval from OMB under the PRA. The Commission is therefore submitting this final rule to OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11. --------------------------------------------------------------------------- \112\ 44 U.S.C. 3501 et seq. \113\ The most recent revision to OMB Control Number 3038-0086 was approved November 30, 2015 and is available at http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086. --------------------------------------------------------------------------- 1. Summary of the Requirements The modifications to part 49 require SDRs to make swap data available to requesting entities (i.e., ADRs and AFRs) if certain conditions are satisfied. These conditions include the requesting entity executing a confidentiality arrangement with the Commission and providing it to each SDR from which it seeks swap data and, in some cases, receiving an order from the Commission (which requesting entities must apply for, including certain specified types of information in support) determining that it is an appropriate entity to receive SDR swap data. The modifications further require each ADR and AFR to notify the Commission, and each SDR from which an ADR or AFR has received swap data, of any change to the scope of such ADR's or AFR's jurisdiction, as described in the confidentiality arrangement. The modifications also require SDRs to report to the Commission: (1) Each initial request from an ADR or AFR for access to swap data; (2) all ADR or AFR requests for swap data that do not comport with the described scope of the ADR's or AFR's jurisdiction that is appended to the confidentiality arrangement; and (3) failures to fulfill the terms of confidentiality arrangements. The modifications additionally require each SDR to maintain records of each initial, and all subsequent, requests from an ADR or AFR for access to swap data. 2. Collection of Information Currently, the Information Collection sets out burden estimates relating to a broad range of SDR obligations associated with registration requirements, reporting requirements, recordkeeping requirements, and disclosure requirements. Where the information collection associated with those obligations is modified by this rule, the Commission is revising the Information Collection accordingly. To the extent this rule introduces new information collections that were not previously incorporated into the Information Collection, the Commission is revising the Information Collection to account for the new information collections. Finally, many of the information collections discussed in the Information Collection are not implicated or modified by the Commission's revisions to part 49 in this release. The Commission, therefore, is not revising the estimated burdens associated with such information collections. New or revised information collections contained in these revisions to part 49 will affect SDRs as well as entities that request access to SDR swap data pursuant to part 49, as revised. As discussed above, the modifications to part 49 set out in this release are intended to provide a process by which other regulatory authorities may obtain access to SDR swap data. The information collections associated with this process are intended to ensure that SDR swap data is accessed only by appropriate entities and that the confidentiality of any accessed SDR swap data is adequately protected. The ultimate result of this process is intended to provide other regulatory authorities with information to assist with the oversight of the global swaps market and market participants. ADR/AFRs. As discussed throughout this release, certain conditions must be satisfied before a requesting entity is permitted to access SDR swap data. These conditions may implicate various PRA collections and burdens as discussed below. Pursuant to Sec. 49.18(a), every requesting entity seeking access to SDR swap data must execute a confidentiality arrangement with the Commission prior to receiving access. This requirement applies to both those entities that are Enumerated ADRs, and those entities, whether foreign or domestic, that require a determination from the Commission that they are appropriate entities to receive access to SDR swap data. The Commission believes the use of the Confidentiality Arrangement Form, or a similar form, if permitted by the Commission, will provide an efficient means to satisfy the requirements of Sec. 49.18(a). In addition to executing a confidentiality arrangement, requesting entities that are not Enumerated ADRs will be required to seek a Determination Order from the Commission to obtain access to SDR swap data. The Commission is requiring that an Enumerated ADR attach to the confidentiality arrangement a detailed description of its scope of jurisdiction, as it relates to the swap data maintained by SDRs that the Enumerated ADR seeks to access. The Commission, for PRA purposes, continues to believe that it is reasonable [[Page 27427]] to assume that 300 total entities will seek access to SDR swap data. This estimate is based on the Commission's experience in receiving data requests from other regulators and its experience in coordinating and cooperating with other regulators.\114\ For PRA purposes, the Commission assumes there are four SDRs, which is the number of SDRs that are currently provisionally registered with the Commission. As the confidentiality arrangement required by Sec. 49.18(a) will be between the ADR or AFR and the Commission, and will address swap data access from all SDRs, an ADR or AFR will need to execute only a single confidentiality arrangement for all SDRs from which it seeks swap data, rather than a separate confidentiality arrangement for each SDR. Accordingly, the Commission estimates, for PRA purposes, that the total number of confidentiality arrangements that will be executed under the amended part 49 rules is 300. --------------------------------------------------------------------------- \114\ The Commission continues to estimate that up to approximately 30 authorities in the United States may seek to access swap data from SDRs. In the context of potential AFRs, the Commission believes that most requests will come from authorities in G20 countries, each of which will have no more, and likely fewer, than 30 authorities that may request swap data from SDRs. In addition, certain authorities from outside the G20 also may request swap data from SDRs. Accounting for all of these entities, the Commission estimates that there likely will be a total of no more than 300 relevant domestic and foreign authorities that may request swap data from SDRs. --------------------------------------------------------------------------- Although the Commission may, in its discretion, execute a confidentiality arrangement with one or more ADRs/AFRs that is not in the form of the Confidentiality Arrangement Form, Sec. 49.18(b) requires that such alternative confidentiality arrangement include all elements of in the Confidentiality Arrangement Form. Consequently, the Commission is estimating the burden on ADRs and AFRs of negotiating the confidentiality arrangement required by Sec. 49.18(a) based on its estimate of the burden involved for an ADR or AFR to put in place the Confidentiality Arrangement Form. The Commission estimates that the review and execution of each confidentiality arrangement by an ADR or AFR will take approximately 40 hours, for a total burden of 12,000 hours. The burden estimates associated with entering into the confidentiality arrangement required by Sec. 49.18(a) are addressed in the revised Information Collection. Any requesting entity, other than an Enumerated ADR, that seeks access to SDR swap data must be determined by the Commission to be an appropriate recipient of such access. For Enumerated ADRs, there is no burden associated with seeking to be determined appropriate by the Commission because Enumerated ADRs have already been determined by Congress in CEA section 21(c)(7), or by the Commission through its adoption of Sec. 49.17(b)(1), to be appropriate recipients of SDR swap data access. Those entities that are not Enumerated ADRs and that seek SDR swap data access will be required to receive a Determination Order prior to receiving access to SDR swap data. The process for obtaining such a Determination Order is set out in general terms in Sec. 49.17(h) and requires the requesting entity to prepare and submit an application to the Commission. The preparation and submission of this application constitutes an information collection under the PRA. As discussed above, the Commission believes that for PRA purposes it is reasonable to assume that 300 domestic and foreign entities will seek access to SDR swap data. Very few of these entities have already been specifically identified by Congress in CEA section 21(c)(7), or by the Commission through its adoption of Sec. 49.17(b)(1), as appropriate recipients of SDR swap data access. The Commission estimates, for PRA purposes, that each entity seeking a Determination Order would expend 100 hours in connection with filing the necessary application with the Commission, for a total initial burden of no more than 30,000 hours (calculated as the product of 300 domestic and foreign entities seeking access to SDR swap data and 100 hours per application). This estimate considers the relevant information that would be required to be provided in such an application, including information regarding the entity's scope of jurisdiction, confidentiality safeguards, as well as any other information the Commission deems relevant to its determination. This burden estimate is included in the Commission's revisions to the Information Collection. Swap Data Repositories. As discussed throughout this release, SDRs are required to provide access to SDR swap data to ADRs and AFRs, provided certain conditions are met. This requirement may implicate PRA collections and burdens, some of which are already addressed in the existing Information Collection, and some of which constitute new collections, as discussed below. Currently, the burden on SDRs of making data available to ADRs and AFRs is accounted for in the Information Collection, as this is an existing obligation under existing Sec. 49.17(d). However, the rules set out in this release clarify and modify the requirements imposed on SDRs in providing access to SDR swap data to ADRs and AFRs. Consequently, the Commission is revising the Information Collection to account for these clarifications and modifications. The Commission expects SDRs to incur burdens and costs associated with setting up access to SDR swap data that is consistent with an ADR's or AFR's scope of jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). The Commission expects that each confidentiality arrangement will identify, either directly or through an attached Determination Order, the scope of access that is appropriate for a given requesting entity. The Commission expects SDRs to use these limitations to program their systems to reflect the scope of the ADR's or AFR's access to SDR swap data. These limits set out in the confidentiality arrangement are expected to reduce the burdens on SDRs of assessing whether a particular SDR swap data request falls within the scope of an ADR's or AFR's jurisdiction. The Commission received one comment estimating the burden on SDRs associated with setting up access restrictions to match an ADR's or AFR's scope of jurisdiction.\115\ CME estimated that its initial set up costs would be between 400 and 950 hours for all ADRs and AFRs in the aggregate.\116\ The Commission believes it is reasonable to accept CME's estimate of 950 hours, as CME is an SDR and, as such, is familiar with the costs required for setting up such access restrictions.\117\ Consequently, for PRA purposes, the Commission estimates that all SDRs in the aggregate would incur a total burden of 3,800 hours (i.e., the product of 4 SDRs and 950 hours of time) associated with setting up access for all ADRs and AFRs. The burdens associated with these permissioning requirements are [[Page 27428]] addressed in the revised Information Collection. --------------------------------------------------------------------------- \115\ See SDR Letter at 5, n.10. \116\ The SDR Letter stated that ``CME believes the initial set up cost will be between of 400 and 950 hours.'' Id. In subsequent communications, CME clarified that this estimate is for all ADRs and AFRs in the aggregate. The other SDRs did not opine on the Commission's estimate of 26 hours. \117\ The Commission, in its proposal, estimated that the burden on an SDR associated with setting up access restrictions to match a requesting entity's scope of jurisdiction will include 20 hours of programmer analyst time, five hours of senior programming time, and one hour of attorney time, for a total of 26 hours. The Commission notes that the SEC also estimated a set up time of 26 hours in its similar rulemaking. See Access to Data Obtained by Security-Based Swap Data Repositories, 81 FR 60585 at 60594 (Sept. 2, 2016) (SEC rule 13n-4(b)(9) and (10), 17 CFR 240.13n-4(b)(9) and (10). --------------------------------------------------------------------------- SDRs will also be required to provide electronic notice to the Commission of the first request for access to swap data from a particular ADR or AFR, and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). In addition to notifying the Commission of the foregoing, the Commission is requiring, in Sec. 49.17(d)(4)(i), SDRs to maintain records of the details of the initial and all subsequent requests for swap data from an ADR or AFR. The SDR shall maintain this information for a period of no less than five years after the date of such request and shall provide this information to the Commission upon request, pursuant to Sec. 1.31. Currently, the Information Collection estimates burdens associated with the various registration, reporting, recordkeeping, and disclosure requirements to which SDRs are subject. The reporting and recordkeeping requirements relating to ADR and AFR data requests constitute an information collection for PRA purposes and require the Commission to revise the reporting and recordkeeping burden estimates contained in the Information Collection. The reporting and recordkeeping requirements in this release may potentially impact each SDR. SDRs already have the ability to communicate electronically with the Commission and are subject to significant recordkeeping requirements pursuant to Sec. Sec. 45.2(f) and 49.12. Therefore, the requirements adopted herein should not result in SDRs having to incur initial costs to implement systems to notify the Commission when an ADR or AFR submits a data request for the first time that are in excess of what is already accounted for in the Information Collection. The Commission estimates that each SDR would incur an annual burden of 480 hours associated with the requirement to maintain records of the details of the initial and all subsequent requests for data from an ADR or AFR, for a total of 1,920 hours annually (i.e., the product of four SDRs and 480 hours). Although the Commission provided an estimate of 280 hours in the NPRM, CME commented that 480 hours was more likely. The Commission received one comment related to setup costs associated with its proposed recordkeeping requirements.\118\ The SDR Letter provided estimates for recordkeeping set up costs. CME subsequently provided updated estimates of these setup costs, which CME now estimates would be approximately 1,100-1,440 hours. The Commission believes it is reasonable to accept CME's estimate of 1,440 hours, as CME is an SDR and, as such, is familiar with the setup costs associated with SDR recordkeeping requirements. Therefore, the Commission estimates that initially each SDR may incur a burden of 1,440 hours associated with these recordkeeping requirements, for a total of 5,760 hours (i.e., the product of four SDRs and 1,440 hours). However, as discussed in this release, the recordkeeping requirements adopted herein may result in lower costs to the SDRs than estimated here, as the Commission is not requiring SDRs to keep records of all copies of swap data provided in response to data requests, as it had proposed in the NPRM.\119\ The burdens associated with the notification requirements adopted herein are addressed in the revised Information Collection. --------------------------------------------------------------------------- \118\ See SDR Letter at 7, n.15. \119\ Moreover, SDRs are already subject to extensive recordkeeping obligations under existing Commission rules, so SDRs may be able to reduce their costs by making use of existing recordkeeping resources to some extent. --------------------------------------------------------------------------- Finally, the current Information Collection accounts for the costs to SDRs of executing a ``Confidentiality and Indemnification Agreement'' with each requesting ADR and AFR. Under the Commission's final rule adopted herein, the SDR is no longer required to execute such an agreement with ADRs or AFRs. The confidentiality arrangements will be between each requesting ADR or AFR and the Commission. Accordingly, the total burden to SDRs, as currently reflected in the Information Collection, is reduced by the cost to execute such agreements. The reduction in burden associated with this change in the confidentiality arrangement requirement is addressed in the revised Information Collection. C. Cost-Benefit Considerations 1. Introduction As discussed in Section I above (``Background and Introduction''), the Commission is amending Part 49 to (i) implement the statutory changes mandated by the FAST Act amendments; (ii) make certain conforming and clarifying changes related to such implementation; (iii) revise the process by which a regulator is determined appropriate to receive access to SDR swap data; (iv) clarify the standards in connection with the Commission's appropriateness determinations; and (v) establish the form and substance of the written agreement mandated by CEA section 21(d), as amended. In the sections that follow, the Commission discusses the costs and benefits associated with the final rule and reasonable alternatives considered. Comments from commenters addressing the associated costs and benefits of the rule are addressed in the appropriate sections. Wherever possible, the Commission has considered the costs and benefits of the final rule in quantitative terms. Given, however, that SDRs do not yet have a history of providing swap data to other regulators, and the final rule does not dictate the means by which SDRs may provide such swap data access in the future, the availability to the Commission of relevant or useful quantitative terms to assess the potential costs and benefits of the final rule is limited. Accordingly, where a quantitative discussion is not feasible, the Commission has considered the costs and benefits of this rulemaking in qualitative terms. The baseline against which the costs and benefits of this final rule are being compared is the existing status quo for SDR swap data access under CEA section 21, as amended by the FAST Act, taken together with the swap data access requirements in the current Part 49 rules. As a general matter, the Commission recognizes that there are inherent costs and benefits to domestic and foreign regulators having access to SDR swap data. As discussed above, the Commission expects that access to SDR data by ADRs and AFRs will not only assist those regulators in fulfilling their own supervisory and regulatory functions but facilitate greater cooperation and collaboration among regulators across jurisdictions, promoting effective and consistent oversight of the global swaps market. At the same time, however, opening access to SDR data to other regulators may increase opportunities for unauthorized or unnecessary data disclosures, which could negatively impact swap market participants. Congress took into account these costs and benefits associated with broader SDR data access in adopting and amending CEA section 21, which supports access to swap data by appropriate regulators provided that, consistent with CEA section 8, the data accessed falls within their scope of jurisdiction and the data is provided on a confidential basis. In formulating the amendments to Part 49 that make up this final rule, the Commission has been mindful of the tradeoff between these dual objectives embodied in the [[Page 27429]] mandate of CEA sections 21(c)(7) and (d), endeavoring to reduce the costs to regulators of obtaining, and to SDRs of providing, access to swap data, while also establishing sufficient processes and conditions to ensure that data access is appropriately scoped and confidentiality is maintained.\120\ --------------------------------------------------------------------------- \120\ In support of its goal to reduce costs, the final rule is harmonized in many respects with the corollary SEC Indemnification Rule implementing changes to its security-based swap data access rules following adoption of the FAST Act. This rulemaking also is in accord with two recent recommendations issued by the U.S. Department of the Treasury (``Treasury'') in a recent report in which Treasury recommended greater harmonization between the CFTC and the SEC and stated that greater coordination is required among the CFTC, SEC and prudential regulators. See A Financial System That Creates Economic Opportunities[:] Capital Markets (Oct. 6, 2017) (``Report'') at 9, available at https://www.treasury.gov/press-center/press-releases/Documents/A-Financial-System-Capital-Markets-FINAL-FINAL.pdf. --------------------------------------------------------------------------- 2. Benefits a. Background In the fall of 2008, a series of large financial institution failures triggered a financial and economic crisis that threatened global financial markets. As a result of these failures, the government intervened to ensure the stability of the U.S. financial system. These failures revealed the vulnerability of the U.S. financial system and economy to widespread systemic risk resulting from, among other things, poor risk management practices of financial firms and the lack of supervisory oversight--specifically data concerning over-the-counter (``OTC'') derivatives activity--for a financial institution as a whole. The financial crisis also illustrated the significant risks that an uncleared, OTC derivatives market can pose to the financial system. Swap markets were opaque, and financial institutions were significantly interconnected through counterparty credit risk. This exposed the financial system to contagion through spreading defaults and losses. For example, concerned with the size of AIG's credit default swap exposure, the Federal government infused $180 billion of taxpayer money into AIG in order to prevent AIG's failure, which the Federal government was concerned may have led to cascading defaults by AIG creditors and counterparties and other creditors and counterparties indirectly exposed to AIG through credit and swap transactions. The legislative response to the Great Recession, the Dodd-Frank Act, stipulated that data representing OTC derivatives, in general, be reported to SDRs in order to cultivate robust oversight of financial entities and identify risks to the liquidity, stability, and functioning of the financial system.\121\ The Commission anticipates that access by ADRs and AFRs to swap data reported to SDRs, in combination with future sharing with the Commission of swap data reported to trade repositories in other jurisdictions, in part as a result of this rulemaking, will facilitate greater inter-agency cooperation, collaboration on matters concerning systemic risk, and identification and mitigation of future financial crises. --------------------------------------------------------------------------- \121\ See section 4r of the CEA, 7 U.S.C. 6r, added to the CEA by section 729 of the Dodd-Frank Act. --------------------------------------------------------------------------- b. High-Level Benefits At a high level, this rulemaking is expected to assist other regulators in performing their supervisory and regulatory functions by providing them, for the first time, access to SDR swap data, which would help regulators better understand the risks their regulated entities are assuming and the impact of such risks on the broader markets. These supervisory and regulatory functions may include: Monitoring and mitigating systemic risk; ensuring financial stability; registration and oversight of financial market infrastructures, trading venues and/or market participants; central bank activities; prudential supervision; restructuring or resolution of infrastructures and firms; and regulation of cash markets, in some of which swap counterparties are active.\122\ Regulators may also be able to increase the benefits of receiving SDR swap data by discussing the results of their analyses, subject to the conditions and limitations of the confidentiality arrangement required by Sec. 49.18(a), including restrictions on onward sharing. The Commission believes regulatory coordination is beneficial. --------------------------------------------------------------------------- \122\ See generally Data Final Rules at 2136-2137 (observing that Dodd-Frank was enacted to reduce systemic risk, increase transparency, and promote market integrity within the financial system by, among other things creating rigorous recordkeeping and data reporting regimes with respect to swaps); Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants-- Cross-Border Application of the Margin Requirements 81 FR 34817, 34819 (May 31, 2016) (observing that as the 2008 financial crisis illustrated, complex financial and operational relationships demonstrated how the transfer of risk associated with swaps is not always transparent and can be difficult to fully assess.). --------------------------------------------------------------------------- Access to SDR swap data may also facilitate collaboration among the Commission, ADRs and AFRs in comparing the results of their respective SDR swap data analyses. Providing regulators access to SDR swap data should also facilitate cooperation among market and prudential regulators, which sometimes view data in isolation, given their different responsibilities, regulated entities, missions, and--as it relates to this rule making--data sets. In particular, such access may improve early warning systems that might ultimately reduce the probability or severity of a crisis, or both. The benefits of regulatory collaboration and broader access to swap data are likely to persist, if not expand, over time as regulators gain experience working together, while the burden required for establishing access to swap data includes an upfront commitment of time and money that is likely to diminish over time (although some increased operating costs resulting from this rulemaking will remain). The Commission believes that the implementation of this rulemaking represents a critical element of effective financial market oversight by providing access to SDR data to ADRs and AFRs. The Commission acknowledges that performing systemic risk analysis is very difficult as a result of the fragmented regulatory structure that exists both domestically and internationally. The financial markets are global in nature and contain correlated instruments dispersed across different regulatory authorities and jurisdictions. Regulating such markets utilizing only the data and information available through one particular regulator's regime is suboptimal. For instance, when conducting oversight of treasury futures and interest rate swap markets, it is not sufficient to only assess the available futures and swaps data at the Commission's disposal. Oversight of activity in those markets and associated risk also requires trading activity and position information regarding treasury bonds, repurchase agreements and reverse repurchase agreements. Similarly, regulating the credit and equity asset classes would benefit from information concerning related cash market activity in equity securities, corporate bonds, derivatives (on broad and narrow CDS and equity indexes, single-name CDS and equities, and bespoke transactions), securitizations, repurchase agreements and securities lending. The same applies to conducting comprehensive risk analysis and oversight of other asset classes. Similarly, in regulating swap dealers, the Commission would benefit from obtaining visibility into their positions in other jurisdictions to form a complete picture of their risk profiles. The Commission may face challenges in analyzing overall market, counterparty, or systemic risk accurately with only the data at its disposal via recordkeeping and reporting pursuant to the CEA and the Commission's regulations promulgated thereunder. [[Page 27430]] Prudential, bank, and market regulators likely face similar challenges in assessing the overall market, understanding patterns and flows, and identifying concerning trends based solely on data available pursuant to their own individual regulatory regimes. These limitations presumably impact similarly situated regulators across the global financial system. In light of the issues flowing from incomplete data, the Commission expects this rule to generate substantial benefits by fostering a regulatory environment that supports broader data access across the regulatory community and expands the accessibility of SDR swap data to other regulators, thereby supporting holistic oversight and data driven policy making at the regulatory level. The probability of successfully overseeing the prevailing market structure of the financial system and preventing another crisis increases as more ADRs and AFRs access SDR swap data and incorporate it into their existing analysis and workflows. Although this rule only provides other regulators access to swap data maintained at SDRs regulated by the Commission, the Commission expects the rulemaking to encourage similar access by the Commission to swap data maintained at trade repositories regulated by other authorities, which would increase the benefits of the rule discussed above accordingly. c. More Specific Benefits i. MOUs Under current Sec. 49.17(b)(2), the existence of a current MOU or similar type of information sharing arrangement with the Commission automatically qualifies a Foreign Regulator as an AFR. The Commission is amending Sec. 49.17(b)(2) to require all ``Foreign Regulators'' who wish to receive swap data from SDRs to file an application with the Commission to be Commission-determined ``Appropriate Foreign Regulators'' and requires the Commission to issue an order finding each Foreign Regulator to be an ``appropriate'' recipient of SDR swap data. The Commission believes that this modification will ensure that Foreign Regulators are acting within the scope of their jurisdiction, consistent with CEA sections 21(c)(7) and 8(e) and should reduce the risk of unauthorized disclosure, misappropriation or misuse of swap data. The SDR Commenters also commented that an MOU or other information sharing agreement alone potentially could have imprecise language and bespoke arrangements that would not provide sufficient indication of a regulator's appropriateness.\123\ By requiring use of the Confidentiality Arrangement Form or permitting an alternative arrangement with the same elements, the Commission is establishing confidentiality safeguards that are tailored to the provision of swap data by an SDR to an ADR or an AFR. In addition, as the Commission stated in the NPRM and in the preamble above in sections II.B.4. and 5., it can take into account additional considerations or circumstances it may deem relevant on a case-by-case basis in making an appropriateness determination. This can benefit the appropriateness determination process by permitting the Commission to consider factors such as those identified by the SDR Commenters. --------------------------------------------------------------------------- \123\ SDR Letter at 3. --------------------------------------------------------------------------- ii. Duty for SDRs To Notify the Commission of Swap Data Requests From ADRs and AFRs Current Sec. 49.17(d)(4)(i) requires an SDR to promptly notify the Commission regarding any request from an ADR or AFR for access to swap data. The Commission is amending current Sec. 49.17(d)(4)(i) to require such notices only promptly after the SDR receives an initial request for access to swap data from a particular ADR or AFR and promptly after receiving a request from an ADR or AFR that does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). The Commission expects this to benefit SDRs by significantly reducing the number of notices and the associated costs. The change might also benefit ADRs and AFRs by expediting the time it takes for them to get access to SDR swap data. iii. Form of Electronic Notification by SDRs to the Commission Current Sec. 49.17(d)(4)(ii) requires an SDR to notify the Commission, electronically in a format specified by the Secretary of the Commission, of any request from an ADR or AFR for access to swap data. The Commission is specifying the format in the adopting release. This will benefit SDRs by providing clarity and specificity as to the particular means of notice required such that they can develop such means of notice expeditiously so that SDRs can provide such notices soon after they receive requests for SDR swap data from ADRs and AFRs. This, in turn, might benefit ADRs and AFRs by expediting their access to such swap data. iv. Clarification of SDR Recordkeeping Obligations In the NPRM, the Commission explained that an SDR's obligation to maintain records of all information related to the initial and all subsequent requests by an ADR or AFR for swap data access would require retaining records including, among other things, copies of all data reports and other aggregation of data provided in connection with the request for access.\124\ The SDR Commenters stated that that proposed requirement ``should be amended to avoid imposing unnecessary costs.'' \125\ The SDR Commenters characterized that proposed recordkeeping requirement as burdensome, challenging to implement, and potentially decreasing information security, because the requirements could require an SDR ``to propagate a given data set more than once.'' \126\ --------------------------------------------------------------------------- \124\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork Reduction Act discussion of recordkeeping burdens). \125\ SDR Letter at 6. \126\ See id. --------------------------------------------------------------------------- As an alternative to maintaining such reports, the SDR Commenters offered to create pre-formatted data reports, which they would make available for download by ADRs and AFRs ``so that the record of access to such reports [would] be easily identifiable, in lieu of maintaining logs of queries and query conditions . . . .''\127\ The SDR Commenters added that, if the Commission adopted their alternative, ``the parameters of the reports and the logic which is used to populate the reports is all that should have to be maintained.'' \128\ The SDR Commenters contended that the Commission should require only ``the saving of metadata around reports rather than the actual reports[.]'' \129\ --------------------------------------------------------------------------- \127\ Id. \128\ Id. \129\ Id. --------------------------------------------------------------------------- As discussed above in section II.D.2.ii., the SDR Commenters explained in discussions with staff that they plan to provide swap data access to ADRs and AFRs in one of two ways: (1) Via pre-formatted reports that the SDR Commenters would make available for download by ADRs and AFRs or send to ADRs and AFRs, in each case on a regular basis; or (2) via a Web-based portal through which ADRs and AFRs could conduct customized searches of swap data.\130\ In those discussions, the [[Page 27431]] SDR Commenters explained that they would not consider it unduly burdensome to maintain records in those formats. --------------------------------------------------------------------------- \130\ The swap data provided in the pre-formatted reports or through the Web-based portals would be limited to swap data within the particular ADR's or AFR's scope of jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). --------------------------------------------------------------------------- As discussed above in section II.D.2.ii., the Commission is confirming that SDRs may satisfy their recordkeeping duties under Sec. 49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre- formatted swap data reports; or (2)(a) the parameters of Web portal swap data access and (b) queries run by ADRs and AFRs using such access. This confirmation should lower costs to the SDRs by decreasing financial costs thereto, making recordkeeping simpler and decreasing cybersecurity risks, as the SDR Commenters noted. v. Limitation, Suspension or Revocation of an ADR's or AFR's Swap Data Access The Commission is requiring, in Sec. 49.17(d)(4)(iii), an SDR to limit, suspend, or revoke an ADR's or AFR's swap data access if the ADR's or AFR's scope of jurisdiction changes and the Commission directs the SDR to limit, suspend, or revoke the ADR's or AFR's swap data access.\131\ Similarly, Sec. 49.17(d)(5) requires an SDR to limit, suspend, or revoke an ADR's or AFR's swap data access if the Commission limits, suspends or revokes the ADR's or AFR's appropriateness determination or otherwise directs the SDR, in writing, to limit, suspend, or revoke the ADR's or AFR's swap data access. Although these sections will impose costs on both SDRs (which will be required to build into their systems a means of limiting, suspending, or revoking an ADR's or AFR's swap data access; this could be as simple as, for example, requiring a user name and password to obtain swap data access and deactivating such login credentials) and ADRs and AFRs (which may temporarily or permanently lose access to some or all SDR swap data), the Commission believes this is an unavoidable and appropriate corollary of the requirement in CEA section 21(c)(7) that ADRs' and AFRs' SDR swap data access be on a confidential basis pursuant to CEA section 8,'' which, as discussed throughout this release, requires, among other things, that the swap data provided be within the scope of an ADR's or AFR's jurisdiction. Although CEA section 21(c)(7) also directs SDRs to provide ADRs and AFRs SDR swap data access, such access is subject to the foregoing conditions, among others. Therefore, Sec. 49.17(d)(4)(iii) and (d)(5) will benefit market participants by keeping their swap data confidential, as intended by Congress, if an ADR's or AFR's jurisdiction changes such that it is no longer entitled to such swap data or if other factors lead the Commission to limit, suspend, or revoke an ADR's or AFR's swap data access to ensure that confidentiality is maintained. The ``in writing'' requirement of Sec. 49.17(d)(5) will benefit SDRs by ensuring that all SDRs are aware of any changes in status with respect to an appropriateness determination, as the SDR Commenters requested.\132\ --------------------------------------------------------------------------- \131\ The Commission also is reserving the right, in new Sec. 49.17(h)(4), to revisit, reassess, limit, suspend or revoke a Determination Order. The costs and benefits to ADRs, AFRs and SDRs are similar to the costs and benefits thereto discussed in this section with respect to Sec. 49.17(d)(4)(iii) and (d)(5). \132\ See discussion at section II.C.5., supra. --------------------------------------------------------------------------- vi. Confidentiality Arrangements Current Sec. Sec. 49.17(d)(6) and 49.18(b) require the confidentiality agreement required by CEA section 21(d) to be entered into between an ADR or AFR seeking SDR swap data access and each SDR from which the ADR or AFR seeks such access. The Commission is amending those rules to require that such confidentiality arrangements be entered into between an ADR or AFR, as one party, and the Commission, rather than an SDR, as the other party. This will benefit SDRs by shifting from SDRs to the Commission the costs of negotiating confidentiality arrangements with an estimated 300 \133\ ADRs and AFRs. This will also benefit ADRs and AFRs by enabling them to negotiate a single confidentiality arrangement with the CFTC to access swap data from each SDR rather than a separate agreement with each of the SDRs from which they would seek swap data. --------------------------------------------------------------------------- \133\ See, among other sections, section V.B.2. --------------------------------------------------------------------------- The Commission also is requiring the use of the Confidentiality Arrangement Form, unless the Commission waives this requirement. The Commission expects this to benefit ADRs and AFRs by allowing them to avoid expending resources coming up with their own confidentiality arrangement forms and avoid the uncertainty of not knowing what provisions the Commission would accept, reject or negotiate. The Commission expects this to benefit SDRs as well in that most, if not all, confidentiality arrangements will be the same, making them easier to incorporate into their policies and procedures and build swap data access around. Overall, the Commission believes that this rule will increase the potential benefits and cost savings associated with use of the Confidentiality Arrangement Form while still providing ADRs and AFRs the flexibility to use an alternate arrangement if necessary, in consultation with the Commission. vii. Means of Access The Commission is not requiring SDRs to provide access to swap data to ADRs and AFRs through a specific technological means. Each SDR operates with different legacy systems and infrastructure, preferred data formats and delivery methods, and unique change management processes. The Commission prescribing a specific means of access for the swap data could subject different SDRs to greater/lesser costs, thereby disadvantaging one/some over other(s). Presumably, SDRs will choose the least costly means of access, all else being equal, as a result of the flexibility provided by the Commission. Thus, the flexibility afforded SDRs to choose the means of access through which they provide swap data access to ADRs and AFRs will benefit SDRs. More ADRs and AFRs accessing SDR swap data (as a result of the removal of the statutory and regulatory indemnification requirements that ADRs and AFRs refused to submit to) also has the potential to improve the quality of swap data. For instance, ADRs and AFRs might assert their authority over the entities that they regulate to require or encourage them to submit better and/or more data. If swap data quality improves, ADRs and AFRs can make better-informed supervisory decisions to reduce risks. Although the Commission is not mandating the use of LEIs to delineate an ADR's or AFR's scope of jurisdiction for purposes of SDR swap data access, the Commission anticipates the use of LEIs to that end. If ADRs and AFRs do use LEIs for that purpose, the Commission believes that it will be relatively straightforward for SDRs to provide ADRs and AFRs access to appropriate swap data, relative to alternatives such as ADRs and AFRs providing legal memoranda describing the scope of their jurisdictions, which SDRs would then need to parse and translate into field descriptions, which is how SDR swap data are organized. Similarly, although the Commission is not mandating the use of UPIs (or if no CFTC-approved UPI and product classification system is yet available, the internal product identifier or product description used by the SDR) to delineate an ADR's or AFR's scope of jurisdiction, the Commission anticipates the potential use of UPIs to that end. If ADRs and AFRs do use UPIs for that purpose, the Commission believes that it will be relatively easier for SDRs to provide ADRs and AFRs access to appropriate swap data, relative to the [[Page 27432]] alternative of not using a UPI to describe the scope of their jurisdictions. 3. Costs a. Background The Commission recognizes that there are different types of costs associated with this rulemaking. In the NPRM, the Commission stated that: [o]ne cost is the potential harm to market participants and the public if swap data is misused--for example, inappropriately disclosed by ADRs and AFRs. Or, another harmful scenario might involve misappropriated data where hackers pilfer swap data from ADRs and AFRs to learn the positions of market participants so that the hackers, or other interested parties who may even pay for such information, scam the market. Such bad actors might be able to anticipate such market participants' trades and trade in front of them, raising swap trading costs to market participants, thereby reducing their profits.\134\ If the aforementioned scenario occurred frequently enough this might induce swap dealers to widen their spreads, making hedging more expensive. In turn, this might lead to sub-optimal business and investment strategies, as parties would be less willing to participate in swap markets, because it would be more costly. Further, the scenario posed could cause market participants to be concerned that their business strategies might be tipped to their competitors, because with stolen data, somebody might be able to infer their strategies from knowing their swap positions and how these positions change in response to relevant economic events.\135\ Such concerns could lead some market participants to withdraw to some extent from swap markets, reducing liquidity and potentially inducing them to use less effective hedging instruments or trading strategies in other markets.\136\ --------------------------------------------------------------------------- \134\ See, e.g., Registered Entity Cyber proposed rulemaking at 80141 (observing that ``there has . . . been a rise in attacks by . . . hacktivists . . . aimed at . . . [, among other things,] theft of data or intellectual property. . . . ''); id. at 80189 (Concurring Statement of then-Commissioner Bowen) (stating that ``our firms are facing an unrelenting onslaught of attacks from hackers with a number of motives ranging from petty fraud to international cyberwarfare.''). \135\ While the same risks of misuse and misappropriation exist with respect to swap data maintained at SDRs, SDRs are regulated, and subject to sanctions, by the Commission, whereas ADRs and AFRs are not. \136\ NPRM at 82 FR 8384. It is difficult to discern the likelihood of this misuse occurring, rendering it difficult to quantify related costs, for at least four reasons. First, data breaches can have different causes, from not upgrading to the most current software, to software glitches, to successful cyber attacks and improper procedures and protocols. Thus, it is difficult to develop a homogenous sample to use to analyze data breaches and what might reasonably be done to mitigate them (i.e., reduce the probability of their occurrence as well as their severity when they do occur). Furthermore, the Commission does not have access to such data even if they do exist. Second, data storage and dissemination technology is constantly changing. This may result in the manner in which data breaches occur changing over time in ways that are difficult to anticipate, as various parties adapt to new technology. Third, it is problematic to assess in advance the severity of a data breach because the severity is dependent on the particulars of a given breach that cannot be easily anticipated. Fourth, it would be difficult, ex ante, to link data misuse to related profits and harms from specific transactions. b. High-Level Costs At a high level regarding costs to ADRs and AFRs, the less access to SDR swap data granted to ADRs and AFRs, the less such swap data would help in performing ADRs' and AFRs' supervisory and other regulatory functions. Similarly, the more impediments to swap data access, the longer it would take ADRs and AFRs to use, or the less use ADRs and AFRs could make of, such swap data. It is not mandatory for ADRs and AFRs to ask for access to SDR swap data, however. Thus, ADRs and AFRs can reduce their costs by not asking for swap data or by limiting the swap data they seek and/or the frequency with which they seek it.\137\ The Commission expects ADRs and AFRs will seek access to SDR swap data when they believe that the benefits associated with the access are worth incurring the costs associated with obtaining such access. --------------------------------------------------------------------------- \137\ The Commission acknowledges, however, that it is in the best interest of ADRs and AFRs, as Congress recognized in passing the FAST Act, for the process and parameters established by this rulemaking to be utilized and swap data to be made accessible to ADRs and AFRs. --------------------------------------------------------------------------- c. ADRs' and AFRs' Costs The Commission is imposing several new obligations on Foreign Regulators and certain domestic regulators that will trigger costs for such regulators. i. Determination Order Applications Currently, Sec. 49.17(b)(2) defines Foreign Regulators with either an MOU or a similar information sharing agreement in place with the Commission as ``Appropriate Foreign Regulators.'' As amended, however, Sec. 49.17(b)(2) replaces such automatic AFR status with a requirement that Foreign Regulators be determined by the Commission to be AFRs before such Foreign Regulators can obtain swap data from SDRs. This change will impose costs on each Foreign Regulator with an MOU, or similar information sharing agreement, seeking AFR status. The obligation for Foreign Regulators, and domestic regulators that are not enumerated in Sec. 49.17(b)(1)(i) through (vi), to apply for a Determination Order conferring AFR or ADR status in order for such Foreign Regulators and unenumerated domestic regulators to be eligible to receive access to SDR swap data will, at a minimum, require such applicants to draft an application. Some applicants for ADR and AFR status may choose to retain outside counsel or another third party to draft the application, thereby incurring related costs; others might use their own staff. There also may be additional costs associated with the complexity of the application, because applicants for ADR and AFR status will have to explain their jurisdiction and link it to their requests for access to SDR swap data.\138\ While applicants will need to expend resources developing their ``appropriateness'' applications, the Commission expects that the requirements and guidance it has provided in this release should reduce such expenditures to a certain extent. Nonetheless, the level of such expenditures will depend on the particulars of a given applicant. --------------------------------------------------------------------------- \138\ Pursuant to Sec. 49.17(h), applicants will have to describe to the Commission the scope of their jurisdiction so that that description can be provided to SDRs so that SDRs will know the contours of the swap data access they can provide to applicants. --------------------------------------------------------------------------- The Commission estimates that each requesting entity would on average expend 100 hours in connection with filing an application to receive a Determination Order. This estimate considers the relevant information that would be required to be provided in such an application, including information regarding the entity's scope of jurisdiction, confidentiality safeguards, as well as any other information relevant for the Commission's determination. The Commission monetizes the 30,000 burden hours by multiplying by a wage rate of $85 \139\ or approximately $2.56 million. --------------------------------------------------------------------------- \139\ The wage rate used here is a composite (blended) wage rate by averaging the mean annual salaries of an Assistant/Associate General Counsel, an Assistant Compliance Director, and a Programmer (Senior) as published in the 2013 SIFMA Report and dividing that figure by 1,800 annual working hours and multiplying by 1.3 to account for the overhead for a government employee to arrive at the hourly rate of approximately $85. --------------------------------------------------------------------------- ii. Confidentiality Arrangements The requirement in Sec. 49.18(a) that SDRs receive an executed [[Page 27433]] confidentiality arrangement from an ADR or AFR before the SDR can provide the ADR or AFR swap data is based on a corresponding requirement set forth in CEA section 21(d) and will impose costs on ADRs and AFRs. CEA section 21(d) does not specify any details of the required written agreement other than that it must state that the ADR or AFR shall abide by CEA section 8's confidentiality requirements. The Commission, however, is adopting, in Appendix B to part 49, a Confidentiality Arrangement Form providing for ADRs and AFRs to implement a number of safeguards to effectuate the confidentiality protections mandated by CEA section 21(c)(7). The Confidentiality Arrangement Form can be expected to limit ADRs' and AFRs' flexibility to use confidentiality arrangements more tailored to their specific needs, but this is offset to some extent by corresponding benefits discussed above in section V.C.3.vi. and by the fact that the Commission retained the discretion to negotiate changes to the Confidentiality Arrangement Form. iii. Data Security Section 6 of the Confidentiality Arrangement Form contains a number of undertakings designed to prevent unauthorized disclosure of swap data. Given that ADRs and AFRs already likely have existing data security policies, procedures and safeguards, the Commission continues to believe that the costs of developing safeguards in response to such undertakings would likely be only a incremental addition to their existing data security costs, and the other costs of complying with these burdens, such as the costs to develop policies, procedures and safeguards, are within the scope of ADRs' and AFRs' expertise (and thus would likely not require ADRs or AFRs to retain outside experts to develop).\140\ Given that ADRs and AFRs can elect not to seek access to swap data from SDRs and that ADRs and AFRs who do seek such access have some control over the scope and frequency of the swap data they seek and the manner in which they seek to analyze such swap data, ADRs and AFRs themselves can influence to some degree the costs they impose on themselves by seeking access to swap data from SDRs. --------------------------------------------------------------------------- \140\ The Commission continues to believe that ADRs and AFRs would likely have established safeguards to protect sensitive data other than swap data and that such safeguards could be adapted to address the requirements of the confidentiality arrangement. --------------------------------------------------------------------------- iv. Onward Sharing Section 7 of the Confidentiality Arrangement Form would prohibit ADRs and AFRs from onward sharing Confidential Information with other parties, with limited exceptions. This could impose some costs in that ADRs and AFRs would not be able to freely share swap data among themselves, which could reduce the utility of the swap data to ADRs and AFRs, possibly reducing the effectiveness thereof. However, because CEA section 21(c)(7) requires that SDRs share swap data with ADRs and AFRs on a confidential basis pursuant to CEA section 8,'' and CEA section 8(e) also prohibits onward sharing, the onward sharing prohibition in section 7 of the Confidentiality Arrangement Form is required by the CEA. v. Means of Access In addition, the fact that the Commission is electing not to specify a particular means of ADRs and AFRs accessing swap data could result in SDRs providing a means of access other than a means preferred by ADRs and AFRs. This might impose additional costs on ADRs and AFRs relative to the potentially lesser costs of their preferred means of access. The Commission prescribing a particular means of access could result in costs to either ADRs/AFRs or SDRs. Specifically, costs borne by ADRs/AFRs might be shifted to SDRs or vice versa as a particular means of access changes. The Commission chooses to not force all SDRs to use a single means of providing access, thus requiring some or all SDRs to alter their systems, since it is not possible to distinguish a single means of access that would be preferable to all ADRs, AFRs and SDRs. Because of these uncertainties, the Commission is unable to quantify these costs but is able to identify such costs qualitatively. The Commission recognizes that allowing SDRs to choose the means by which they provide swap data access may impose costs of adapting to a particular means of access on ADRs and AFRs. However, given the large number of ADRs and AFRs who may seek SDR swap data access and the large potential variation in their preferred means of access, and given the limited number of SDRs and potential means of access, the Commission believes that ADRs and AFRs, in general, can more easily bear the burden of adapting to SDRs' choices of means of access than vice versa. d. SDRs' Costs i. Providing New Access Generally For SDRs, providing swap data access to so many potential ADRs and AFRs may be expensive. For example, SDRs may be forced to purchase new servers, hire new system administrators to oversee the new swap data/ system usage and troubleshoot related problems that may arise. Maintaining new records pursuant to new recordkeeping requirements also could require more resources. The requirement for an SDR not to provide swap data to an ADR or AFR unless the SDR has determined that the swap data is within the then-current scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a), may cause SDRs to elect to create new methods for parsing swap data to comply with the requirement to so limit swap data access. Further, if the SDRs send data to ADRs and AFRs, then they will incur costs to transmit the data. These costs include the cost of expanding their capacity to disseminate data as well as the cost to parse existing data to verify that it is within the then-current scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). ii. Providing Notice to the Commission Current Sec. 49.17(d)(4)(i) requires SDRs to notify the Commission of any request for access to swap data from a particular ADR or AFR. The Commission's amendments would reduce that burden by permitting SDRs to notify the Commission only of the first such request by each ADR or AFR and of any request that does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality arrangement required by Sec. 49.18(a). The obligation to notify the Commission of various other actions also will increase SDRs' costs, although to the extent that such notice obligations are not triggered, such cost increases would be tempered accordingly. Nevertheless, SDRs presumably would need to incur some costs to develop policies and procedures, and build out systems, to monitor potential events that would trigger the new notice requirements. iii. Verifying That a Swap Data Request Is Within an ADR's/AFR's Scope of Jurisdiction Other SDR costs will include those related to SDRs determining that each access request by an ADR or AFR is within the scope of the ADR's or AFR's [[Page 27434]] jurisdiction, as required by Sec. 49.17(d)(4)(iii). This will require SDRs to expend resources to ensure that they do not improperly disclose swap data to an ADR or AFR. However, the Commission believes these costs will be mitigated substantially in at least two ways. First, Sec. 49.17(d)(4)(iv) provides that an SDR must make the scope of jurisdiction determination only once with respect to a recurring swap data request, thus ensuring no duplication of effort.\141\ Second, Sec. 49.17(d)(4)(iii) provides that the only source an SDR must consult in determining an ADR's or AFR's scope of jurisdiction is the appendix to the confidentiality arrangement required by Sec. 49.18(a). To the extent ADRs and AFRs provide lists of LEIs, and possibly also UPIs of swaps, within the scope of ADRs' and AFRs' jurisdiction, which the Commission continues to expect that they will, this would limit the resources SDRs must expend to verify whether swap data access requests are within the scope of an ADR's or AFR's jurisdiction.\142\ No legal analysis would be required on an SDR's part, greatly reducing potential costs. SDRs' costs would come from ensuring that the access they provide ADRs and AFRs to swap data via SDRs' systems is no greater than or less than the swap data to which ADRs and AFRs are entitled based on the scope of the ADRs' or AFRs' jurisdiction, as described in the appendix to the confidentiality agreement required by Sec. 49.18(a). --------------------------------------------------------------------------- \141\ However, if the request changes, each affected SDR must make a new determination. The Commission believes this is unavoidable due to requirement in CEA section 21(c)(7) that swap data be provided by SDRs to ADRs and AFRs on a confidential basis pursuant to section 8, and that any related costs flow from this statutory requirement. \142\ This assumes that ADRs and AFRs choose to develop such lists, which the Commission continues to anticipate that they would. --------------------------------------------------------------------------- The Commission believes that the use of LEIs, and potentially UPIs, to effectively determine which SDR swap data should be provided to ADRs/AFRs is a reasonable option, although it has some relatively minor drawbacks unrelated to the amendments in this final rule (e.g., some blank or incorrect data entries remain in LEI fields, LEIs are masked in a number of cases to reflect certain other jurisdictions' privacy law limits on disclosure, and the Commission has yet to designate a UPI and product classification system, and SDRs each have developed their own separate pre-UPI product identifiers in the interim). Despite those drawbacks, the Commission believes LEIs and pre-UPI product identifiers may be useful in describing ADRs' and AFRs' scopes of jurisdiction.\143\ --------------------------------------------------------------------------- \143\ In addition, if the scope of an ADR's or AFR's jurisdiction supports receiving all swap data with respect to entities over which an ADR or AFR exercises oversight, the ADR or AFR may not need to use product identifiers at all--it may be able to use LEIs alone to describe the scope of its jurisdiction. --------------------------------------------------------------------------- The Commission acknowledges that lists of LEIs of ADRs' and AFRs' regulated entities and lists of UPIs or other product identifiers of swaps within ADRs' and AFRs' jurisdiction may have to be updated from time to time as regulated entities move in and out of ADRs' and AFRs' jurisdiction, ADRs' and AFRs' jurisdiction expands or contracts, swaps evolve, and new types of swaps are introduced. In these cases, for example, an ADR or AFR likely would have to modify periodically the list of LEIs and UPIs or product identifiers it gives to SDRs, imposing some costs on SDRs as they incorporate such changes (and imposing some costs on ADRs and AFRs to monitor their LEI and UPI or product identifier lists and update SDRs and the Commission periodically regarding any changes). The Commission continues to believe that the rule would further mitigate the costs to SDRs by permitting them to verify that a data access request falls within the scope of an ADR's or AFR's jurisdiction just once for a recurring request the details of which do not change. SDRs might incur additional costs, however, if the scope of an ADR's or AFR's jurisdiction, or other factors discussed in the prior paragraph, change. Such additional costs include some fraction of the costs, discussed above, of verifying that an ADR's or AFR's swap data access request falls within the scope of the ADR's or AFR's jurisdiction. Additionally, ADRs and AFRs would incur some costs to notify the Commission of changes in jurisdiction. iv. Means of Access The Commission is not requiring SDRs to use a particular means of providing access to swap data to ADRs and AFRs. The Commission is not specifying a means of access because the Commission has allowed SDRs to build their systems as they saw fit and does not want to impose undue costs by requiring SDRs to all grant access via a specific means, which could impose greater costs on certain SDRs based on how they chose to build their systems. The Commission notes that SDRs already provide the Commission and the National Futures Association (``NFA'') with swap data access. Given that SDRs have already incurred many fixed costs in granting access to the Commission and NFA, in providing ADRs and AFRs access, the SDRs may benefit from economies of scale, reducing SDRs' costs. The rule would also mitigate SDRs' costs by permitting them to choose the means by which they will provide access to swap data to ADRs and AFRs. The Commission expects that SDRs would choose the lowest cost means of access consistent with their statutory obligation to provide ADRs and AFRs access to swap data and other constraints. The Commission continues to believe that it cannot forecast what these costs are because they depend on particulars of each SDR that the Commission still does not know. Further, the Commission anticipates that many of these particulars will change over time as various parties adapt to technological changes. However, the Commission has estimated costs where it can, based in part on comments it received in the SDR Letter, as discussed below. v. Recordkeeping The Commission is amending current Sec. 49.17(d)(4)(i) to require SDRs to maintain records of the details of the initial, and all subsequent, requests for access to swap data from an ADR or AFR. Each SDR would have to maintain this information for the same period required for other SDR records. The Commission anticipates that such costs will be relatively small and anticipates using such data to, for example, monitor ADRs' and AFRs' access requests from time to time to ensure that they remain within the scope of their jurisdiction and, relatedly, to ensure that SDRs have been monitoring this access issue. 4. Response to Comments The Commission requested comments on all aspects of the NPRM and further requested that commenters provide any data or other information that would be useful in the estimation of the quantifiable costs and benefits of this rulemaking. The Commission received substantive comments from the SDR Commenters on the Commission's PRA burden hour estimates provided in the NPRM. Those comments are incorporated in the Commission's cost estimates for the burdens on SDRs, ADRs, and AFRs. The Commission is requiring, in Sec. 49.17(d)(4)(iii), that an SDR not provide an ADR or AFR access to swap data, unless the SDR has determined that the swap data is within the then-current scope of the ADR's or AFR's jurisdiction, as described in the appendix to the confidentiality [[Page 27435]] arrangement required by Sec. 49.18(a). The Commission received one comment estimating the burden on SDRs associated with setting up access restrictions to match an ADR's or AFR's described scope of jurisdiction.\144\ In the SDR Letter, CME estimated the initial setup cost to be between 400 and 950 hours for all ADRs and AFRs in the aggregate. The Commission believes it is reasonable to accept CME's estimate of 950 hours, as CME is an SDR and, as such, is familiar with the costs required for setting up such access restrictions. Consequently, for PRA and CBC purposes, the Commission estimates that SDRs would incur a total burden of 3,800 hours (i.e., the product of 950 hours of time and four SDRs) associated with setting up SDR swap data access for all ADRs and AFRs. The Commission monetizes these burden hours at an hourly wage rate of $329 \145\ yielding a cost of approximately $1,250,200. --------------------------------------------------------------------------- \144\ See SDR Letter at 5, n.10. \145\ The hourly wage rate used to estimate the costs associated with these requirements is $329, which is a weighted average of salaries and bonuses across different professions from the SIFMA Report on Management & Professional Earnings in the Securities Industry 2013, modified to account for an 1800-hour work-year and multiplied by 5.35 to account for overhead and other benefits. The Commission-estimated appropriate wage rate is a weighted national average of salary and bonuses for professionals with the following titles (and their relative weight): ``programmer (senior)'' (10% weight); ``programmer'' (30%); ``compliance advisor (intermediate)'' (20%); ``compliance attorney'' (30%), and ``assistant/associate general counsel'' (10%). --------------------------------------------------------------------------- As noted in the PRA discussion above, the Commission estimates that each SDR would incur an annual burden of 480 hours associated with the requirement to maintain records of the details of the initial and all subsequent requests for data from an ADR or AFR, for a total of 1,920 hours annually (i.e., the product of four SDRs and 480 hours). The Commission received one comment related to setup costs associated with its proposed recordkeeping requirements.\146\ The SDR Letter provided estimates for recordkeeping setup costs. CME subsequently provided updated estimates of the setup costs, which CME now estimates would be approximately 1,100-1,440 hours. The Commission believes it is reasonable to accept CME's estimate of 1,440 hours, as CME is an SDR and, as such, is familiar with the setup costs associated with SDR recordkeeping requirements. Therefore, the Commission estimates that initially each SDR may incur a burden of 1,440 hours associated with these recordkeeping requirements, for a total of 5,760 hours (i.e., the product of four SDRs and 1,440 hours). The Commission monetizes these burden hours by using a wage rate of $329 yielding a cost of $1,895,040. However, as discussed in this release, the recordkeeping requirements adopted herein may result in lower costs to the SDRs than estimated here, as the Commission is not requiring SDRs to keep records of all data reports provided in response to data requests, as it had proposed in the NPRM. --------------------------------------------------------------------------- \146\ See SDR Letter at 7, n.15. --------------------------------------------------------------------------- 5. Alternatives Considered As one alternative to comprehensive swap data safeguards, the Commission instead could have chosen to merely delete the indemnification references in its regulations. While that approach could have avoided imposing on ADRs, AFRs, and SDRs many of the costs related to protection of confidentiality discussed herein, it would have dramatically increased the risk of imposing on market participants and the public the costs discussed above in the first paragraph of section IV.C.4. and below in section IV.C.7.a.-c., which the Commission continues to believe is inconsistent with the historical importance Congress and the Commission have placed on protecting information covered by CEA section 8. Consequently, the Commission has determined to take the selected approach. The Commission also considered and rejected the idea of specifying a means of ADRs and AFRs accessing swap data. The Commission rejected this as being too prescriptive, given that the Commission previously permitted SDRs the discretion to build their systems as they saw fit and for the other reasons discussed above in the means of access discussion. The Commission also considered prohibiting SDRs from continuing to provide ADRs and AFRs swap data access during the period commencing with a contraction in an ADR's or AFR's scope of jurisdiction and considered reducing the time SDRs are permitted to update their systems to reflect the new jurisdiction. While the Commission retains the authority to do so, as stated above, it expects ADRs and AFRs will notify the Commission upon learning of a potential jurisdictional restriction. The Commission expects that, with such advance notice, SDRs can be more prepared to adjust their systems accordingly shortly after an ADR's or AFR's jurisdiction is limited. The Commission prefers to retain the discretion to address these situations, which it expects to be rare, case-by-case. 6. Consideration of CEA Section 15(a) Factors CEA section 15(a) requires the Commission to consider the costs and benefits of its actions before promulgating a regulation under the CEA or issuing certain orders. CEA section 15(a) further specifies that the costs and benefits shall be evaluated in light of the following five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness, and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The Commission considers the costs and benefits resulting from its discretionary determinations with respect to the CEA section 15(a) factors. a. Protection of Market Participants and the Public The Commission believes that the final rules will equip ADRs and AFRs to better understand the risks that are undertaken by their regulated entities, and thus be better positioned to take appropriate action as needed, because they will be able to better understand their regulatees' swap transactions by virtue of having access to SDR swap data. The Commission is adopting a number of safeguards to prevent market participants' swap data maintained at SDRs from being misappropriated or misused as a result of ADR and AFR access to such swap data. The safeguards include: Modifying the requirements for being an AFR; a requirement that the Commission issue a Determination Order for unenumerated authorities to obtain SDR swap data access; requiring authorities applying for a Determination Order to demonstrate that they are acting within the scope of their jurisdiction in seeking access to SDR swap data; imposing on ADRs and AFRs seeking access to swap data maintained by SDRs a number of required confidentiality safeguards; barring onward sharing of swap data; imposing on SDRs certain recordkeeping and reporting requirements; and ensuring the Commission's ability to revoke an ADR's or AFR's swap data access. b. Efficiency, Competitiveness, and Financial Integrity of Futures Markets The Commission continues to believe that there will be little effect on efficiency, competiveness, and financial integrity of futures markets if swap data is properly protected from being [[Page 27436]] misappropriated or misused. While the Commission believes that the final rules adopted herein will properly protect swap data from being misappropriated or misused, the possibility of such misconduct cannot be eliminated entirely. If such misappropriation or misuse occurs, the efficiency and competitiveness of markets might be affected. c. Price Discovery The Commission continues to believe that price discovery would not be affected by this rulemaking, provided that swap data is properly protected. However, the Commission notes that there might be some indirect effects on price discovery if the swap data protection safeguards in this rulemaking are ineffective. If such protections prove ineffective, market participants may be less willing to execute swaps, as their identities, strategies, and/or positions may be revealed. Ineffective data safeguards might harm price discovery if bid/ask spread widens as a result. If so, observed prices might become more volatile because they would oscillate between a wider bid/ask spread. d. Sound Risk Management Practices Access to SDR swap data will help ADRs and AFRs to better understand the risks posed by their regulated entities. With access to such swap data, ADRs and AFRs can more comprehensively supervise entities that engage in swap trading and better understand their exposure to losses. Allowing more ADRs and AFRs to access SDR swap data may improve SDR data, too. This improvement might occur by facilitating research and analysis that ultimately leads to better risk management by market participants. This can occur through ADR/AFR research directed at improving the risk management techniques through, for instance, better metrics, instruments, and hedging techniques. Further, swaps data reporting may also be improved by ADRs and AFRs asserting their authority over their regulated entities to encourage or compel them to improve their swap data reporting and risk management. e. Other Public Interest Considerations The Commission finds that the ministerial changes to Sec. 49.17(d)(1) discussed above in section II.G.2. may benefit ADRs, AFRs and those persons seeking to become ADRs and AFRs by providing, in one place, a brief overview of all of the requirements applicable to such persons obtaining access to SDR swap data and the circumstances in which such requirements are not applicable. The Commission also finds that the ministerial changes that it is adopting to the bracketed text at the end of Appendix B to part 49 (describing Exhibit A to the Confidentiality Arrangement Form), drawn from section II.D.2.c.i. of the preamble, may benefit ADRs and AFRs by also including in part 49 of the Commission regulations the instructions and guidance provided in the preamble as to how to describe their scopes of jurisdiction in practical terms SDRs can implement. As with the Commission's ministerial changes to Sec. 49.17(d)(1), such simplification should make obtaining SDR swap data modestly less burdensome and costly for ADRs and AFRs by reducing their staff time needed to go through the process. The Commission is also making changes to Sec. Sec. 49.17(d)(6) and 49.18(a) to promote the use of the Confidentiality Arrangement Form set forth in Appendix B, providing that the ability of an ADR or AFR to execute a confidentiality arrangement that is not in the form set forth in Appendix B to this part 49 is at the discretion of the Commission. To the extent that this clarification results in more ADRs and AFRs executing the Confidentiality Arrangement Form, the Commission expects that this could result in modest savings for ADRs and AFRs. The Commission also expects that using the Confidentiality Arrangement Form will save staff time in the negotiation and execution of alternative arrangements. Other than the foregoing, the Commission has not found any other public interest considerations to be implicated by this rulemaking. D. Antitrust Considerations CEA section 15(b) requires the Commission to take into consideration the public interest to be protected by the antitrust laws and endeavor to take the least anticompetitive means of achieving the objectives of the CEA, in issuing any order or adopting any Commission rule or regulation. The Commission does not anticipate that the amendments to part 49 that it is adopting today will result in anticompetitive behavior because, among other things, the Commission is allowing SDRs to determine which means of access they will use to provide ADRs and AFRs swap data access (thus, allowing SDRs to ``compete'' on that basis). However, in the NPRM the Commission encouraged comments from the public on any aspect of the proposal that may have had the potential to be inconsistent with the antitrust laws or be anticompetitive in nature. The Commission received no antitrust-related comments. Consequently, the Commission continues to not anticipate that the amendments to part 49 that it is adopting today will result in anticompetitive behavior. List of Subjects in 17 CFR Part 49 Swap data repositories; Registration and regulatory requirements; Access to swap data; Confidentiality; Commodity Exchange Act section 8. For the reasons stated in the preamble, the Commodity Futures Trading Commission amends 17 CFR part 49 as set forth below: PART 49--SWAP DATA REPOSITORIES 0 1. The authority citation for part 49 is revised to read as follows: Authority: 7 U.S.C. 12a, and 24a, unless otherwise noted. 0 2. In Sec. 49.2, revise paragraph (a)(5) to read as follows: Sec. 49.2 Definitions. (a) * * * (5) Foreign Regulator. The term ``foreign regulator'' means a foreign futures authority as defined in Section 1a(26) of the Act, foreign financial supervisors, foreign central banks, foreign ministries and other foreign authorities. * * * * * 0 3. In Sec. 49.9, revise paragraph (a)(9) to read as follows: Sec. 49.9 Duties of registered swap data repositories. (a) * * * (9) Upon request of Appropriate Domestic Regulators and Appropriate Foreign Regulators, provide access to swap data held and maintained by the swap data repository, as prescribed in Sec. 49.17; * * * * * 0 4. In Sec. 49.17: 0 a. Revise paragraphs (a), (b)(1)(vii), (b)(2), and (c)(2); 0 b. Revise the first sentence of paragraph (c)(2) and the first sentence of paragraph (c)(3); 0 c. Revise paragraphs (d)(1) through (3), (d)(4)(i) through (iv), and (d)(5) and (6), (e) and (f); and 0 d. Add paragraphs (h) and (i). The revisions and addtions read as follows: Sec. 49.17 Access to SDR data. (a) Purpose. This section provides a procedure by which the Commission, [[Page 27437]] other domestic regulators and foreign regulators may obtain access to the swap data held and maintained by registered swap data repositories. Except as specifically set forth in this section, the Commission's duties and obligations regarding the confidentiality of business transactions or market positions of any person and trade secrets or names of customers identified in Section 8 of the Act are not affected. (b) * * * (1) * * * (vii) Any other person the Commission determines to be appropriate pursuant to the process set forth in paragraph (h) of this section. (2) Appropriate Foreign Regulator. The term ``Appropriate Foreign Regulator'' shall mean those Foreign Regulators the Commission determines to be appropriate pursuant to the process set forth in paragraph (h) of this section. * * * * * (c) * * * (2) Monitoring tools. A registered swap data repository is required to provide the Commission with proper tools for the monitoring, screening and analyzing of swap data, including, but not limited to, Web-based services, services that provide automated transfer of data to Commission systems, various software and access to the staff of the swap data repository and/or third-party service providers or agents familiar with the operations of the registered swap data repository, which can provide assistance to the Commission regarding data structure and content. * * * (3) Authorized users. The swap data provided to the Commission by a registered swap data repository shall be accessible only by authorized users. * * * (d) Other Regulators--(1) General Procedure for Gaining Access to Registered Swap Data Repository Data. Except as set forth in paragraph (d)(2) or (3) of this section-- (i) A person who is not an Appropriate Domestic Regulator or an Appropriate Foreign Regulator and who seeks to gain access to the swap data maintained by a swap data repository is required to first become an Appropriate Domestic Regulator or Appropriate Foreign Regulator through the process set forth in paragraph (h) of this section, and (ii) Appropriate Domestic Regulators and Appropriate Foreign Regulators seeking to gain access to the swap data maintained by a swap data repository are required to apply for access by filing a request for access with the registered swap data repository and certifying that it is acting within the scope of its jurisdiction, comply with paragraph (d)(6) of this section prior to receiving such access and, if applicable after receiving such access, comply with the notification requirement in paragraph (d)(4)(iii) of this section applicable to Appropriate Domestic Regulators and Appropriate Foreign Regulators. (2) Domestic regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with a domestic regulator pursuant to a separate statutory authority, and such domestic regulator seeks access to swap data that has been reported to such swap data repository pursuant to the domestic regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or Sec. 49.18. (3) Foreign Regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with, or recognized or otherwise authorized by, a Foreign Regulator that has supervisory authority over such swap data repository pursuant to foreign law and/or regulation, and such Foreign Regulator seeks access to swap data that has been reported to such swap data repository pursuant to the Foreign Regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or Sec. 49.18. (4) * * * (i) A registered swap data repository shall notify the Commission promptly after receiving an initial request from an Appropriate Domestic Regulator or Appropriate Foreign Regulator to gain access to swap data maintained by such swap data repository and promptly after receiving any request that does not comport with the scope of the Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by Sec. 49.18(a). Each registered swap data repository shall maintain records thereafter, pursuant to Sec. 49.12, of the details of such initial request and of all subsequent requests by such Appropriate Domestic Regulator or Appropriate Foreign Regulator for such access. (ii) The registered swap data repository shall notify the Commission electronically, in a format specified by the Secretary of the Commission, of the receipt of a request specified in paragraph (d)(4)(i) of this section. (iii) The registered swap data repository shall not provide an Appropriate Domestic Regulator or Appropriate Foreign Regulator access to swap data maintained by the swap data repository unless the swap data repository has determined that the swap data to which the Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks access is within the then-current scope of such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by Sec. 49.18(a). An Appropriate Domestic Regulator or Appropriate Foreign Regulator that has executed a confidentiality arrangement with the Commission pursuant to Sec. 49.18(a) and provided such confidentiality arrangement to one or more swap data repositories shall notify the Commission and each such swap data repository of any change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction as described in such confidentiality arrangement. The Commission may direct a swap data repository to suspend, limit, or revoke access to swap data maintained by such swap data repository based on any such change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction, and, if so directed in writing, such swap data repository shall so suspend, limit, or revoke such access. (iv) The registered swap data repository need not make the determination required pursuant to paragraph (d)(4)(iii) of this section more than once with respect to a recurring swap data request. If such request changes, the swap data repository must make a new determination pursuant to paragraph (d)(4)(iii) of this section. (5) Timing; Limitation, Suspension or Revocation of Swap Data Access. Once a registered swap data repository has-- (i) Notified the Commission, pursuant to paragraphs (d)(4)(i) and (ii) of this section, of an initial request for swap data access by an Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, that was submitted pursuant to paragraph (d)(1) of this section, (ii) Received from such Appropriate Domestic Regulator or Appropriate Foreign Regulator a confidentiality arrangement executed by the Commission and such Appropriate Domestic Regulator or Appropriate Foreign Regulator as required by Sec. 49.18(a), and [[Page 27438]] (iii) Satisfied its obligations under paragraph (d)(4)(iii) of this section, such swap data repository shall provide access to the requested swap data; provided, however, that such swap data repository shall, if directed by the Commission in writing, limit, suspend or revoke such access should the Commission limit, suspend or revoke the appropriateness determination for such Appropriate Domestic Regulator or Appropriate Foreign Regulator or otherwise direct the swap data repository, in writing, to limit, suspend or revoke such access. (6) Confidentiality Arrangement. Consistent with Sec. 49.18(a), the Appropriate Domestic Regulator or Appropriate Foreign Regulator shall, prior to receiving access to any requested swap data, execute the form of confidentiality arrangement set out in Appendix B of this part with the Commission; provided, however, that the Commission may, in its discretion, agree to execute a confidentiality arrangement with an Appropriate Domestic Regulator or Appropriate Foreign Regulator that is not in the form set forth in Appendix B of this part, if the confidentiality arrangement is consistent with the requirements set forth in Sec. 49.18(b). (e) Third-party service providers to a registered swap data repository. Access to the swap data and SDR Information maintained by a registered swap data repository may be necessary for certain third parties that provide various technology and data-related services to a registered swap data repository. Third-party access to the swap data and SDR Information maintained by a swap data repository is permissible subject to the following conditions: (1) Both the registered swap data repository and the third party service provider shall have strict confidentiality procedures that protect swap data and SDR Information from improper disclosure. (2) Prior to a registered swap data repository granting access to swap data or SDR Information to a third-party service provider, the third-party service provider and the registered swap data repository shall execute a confidentiality agreement setting forth minimum confidentiality procedures and permissible uses of the swap data and SDR Information maintained by the swap data repository that are equivalent to the privacy procedures for swap data repositories outlined in Sec. 49.16. (f) Access by market participants--(1) General. Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in paragraph (f)(2) of this section. (2) Exception. Swap data and information related to a particular swap that is maintained by the registered swap data repository may be accessed by either counterparty to that particular swap. However, the swap data and information maintained by the registered swap data repository that may be accessed by either counterparty to a particular swap shall not include the identity or the legal entity identifier (as such term is used in part 45 of this chapter) of the other counterparty to the swap, or the other counterparty's clearing member for the swap, if the swap is executed anonymously on a swap execution facility or designated contract market, and cleared in accordance with Commission regulations in Sec. Sec. 1.74, 23.610, and 37.12(b)(7) of this chapter. * * * * * (h) Appropriateness determination process. (1) Each person seeking an appropriateness determination pursuant to this paragraph shall file an application with the Commission. (2) Each applicant seeking an appropriateness determination shall provide sufficient detail in its application to permit the Commission to analyze whether the applicant is acting within the scope of its jurisdiction in seeking access to swap data maintained by a registered swap data repository, and whether the applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not, except as allowed for in the form of confidentiality arrangement set forth in Appendix B to this part 49, be disclosed. (3) If the Commission determines that an applicant pursuant to this paragraph is, conditionally or unconditionally, appropriate for purposes of CEA section 21(c)(7), the Commission shall issue an order setting forth its appropriateness determination. The Commission shall not determine that an applicant pursuant to this paragraph is appropriate unless the Commission is satisfied that-- (i) The applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not be disclosed, except as allowed for in the form of confidentiality arrangement set forth in Appendix B to this part 49 or, in the Commission's discretion as set forth in paragraph (d)(6) of this section, in a different form, provided that such confidentiality arrangement contains the elements required in Sec. 49.18(b), and (ii) Such applicant is acting within the scope of its jurisdiction in seeking access to swap data from a registered swap data repository. (4) The Commission reserves the right, in connection with any appropriateness determination with respect to an Appropriate Domestic Regulator or Appropriate Foreign Regulator, to revisit, reassess, limit, suspend or revoke such determination consistent with the Act. (i) Delegation of Authority Relating to Certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section. (2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (i)(1) of this section to the Commission for its consideration. (3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (i)(1) of this section. 0 5. Revise Sec. 49.18 to read as follows: Sec. 49.18 Confidentiality arrangement. (a) Confidentiality arrangement required prior to disclosure of swap data by a registered swap data repository to an Appropriate Domestic Regulator or Appropriate Foreign Regulator. Prior to a registered swap data repository providing access to swap data to any Appropriate Domestic Regulator or Appropriate Foreign Regulator, each as defined in Sec. 49.17(b), the swap data repository shall receive from such Appropriate Domestic Regulator or Appropriate Foreign Regulator, pursuant to Section 21(d) of the Act, an executed confidentiality arrangement between the Commission and the Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, in the form set forth in Appendix B to this part 49 or, in the Commission's discretion as set forth in Sec. 49.17(d)(6), in a different form, provided that such confidentiality arrangement contains the elements required in paragraph (b) of this section. Such confidentiality arrangement must include, either as Exhibit A to the form set forth in Appendix B of this part or similarly appended, a description of the Appropriate Domestic Regulator's or [[Page 27439]] Appropriate Foreign Regulator's jurisdiction. Once a registered swap data repository is notified, in writing, that a confidentiality arrangement received from an Appropriate Domestic Regulator or Appropriate Foreign Regulator no longer is in effect, the swap data repository shall not provide access to swap data to such Appropriate Domestic Regulator or Appropriate Foreign Regulator. (b) Elements of confidentiality arrangement. The confidentiality arrangement required pursuant to paragraph (a) of this section shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in appendix B of this part. (c) Reporting failures to fulfill the terms of a confidentiality arrangement. A registered swap data repository shall immediately report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that it receives pursuant to paragraph (a) of this section. (d) Failures to fulfill the terms of the confidentiality arrangement. The Commission may, if an Appropriate Domestic Regulator or Appropriate Foreign Regulator fails to fulfill the terms of a confidentiality arrangement described in paragraph (a) of this section, direct, in writing, each registered swap data repository to limit, suspend or revoke such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's access to swap data held by such swap data repository. (e) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section. (2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (e)(1) of this section to the Commission for its consideration. (3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (e)(1) of this section. 0 6. In Sec. 49.22, revise paragraph (d)(4) to read as follows: Sec. 49.22 Chief compliance officer. * * * * * (d) * * * (4) Taking reasonable steps to ensure compliance with the Act and Commission regulations relating to agreements, contracts, or transactions, and with Commission regulations under Section 21 of the Act, including confidentiality arrangements received by the chief compliance officer's registered swap depository pursuant to Sec. 49.18(a); * * * * * 0 7. Add appendix B to part 49 to read as follows: Appendix B to Part 49--Confidentiality Arrangement for Appropriate Domestic Regulators and Appropriate Foreign Regulators To Obtain Access To Swap Data Maintained by Registered Swap Data Respositories Pursuant to Sec. Sec. 49.17(d)(6) and 49.18(a) [GRAPHIC] [TIFF OMITTED] TR12JN18.000 The U.S. Commodity Futures Trading Commission (``CFTC'') and the [name of foreign/domestic regulator (``ABC'')] (each an ``Authority'' and collectively the ``Authorities'') have entered into this Confidentiality Arrangement (``Arrangement'') in connection with [whichever is applicable] [CFTC Regulation 49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to [ABC] (``Order'')] and any request for swap data by [ABC] to any swap data repository (``SDR'') registered with the CFTC. Article One: General Provisions 1. ABC is permitted to request and receive swap data directly from a registered SDR (``Swap Data'') on the terms and subject to the conditions of this Arrangement. 2. This Arrangement is entered into to fulfill the requirements under Section 21(d) of the Commodity Exchange Act (``Act'') and CFTC Regulation 49.18. Upon receipt by a registered SDR, this Arrangement will satisfy the requirement for a written agreement pursuant to Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This Arrangement does not apply to information that is [reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with [ABC] pursuant to separate statutory authority, even if such information also is reported pursuant to the Act and CFTC regulations][reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with, or recognized or otherwise authorized by, [ABC], which has supervisory authority over the repository pursuant to foreign law and/or regulation, even if such information also is reported pursuant to the Act and CFTC regulations.] \1\ --------------------------------------------------------------------------- \1\ The first bracketed phrase will be used for ADRs; the second will be used for AFRs. The inapplicable phrase will be deleted. --------------------------------------------------------------------------- 3. This Arrangement is not intended to limit or condition the discretion of an Authority in any way in the discharge of its regulatory responsibilities or to prejudice the individual responsibilities or autonomy of any Authority. 4. This Arrangement does not alter the terms and conditions of any existing arrangements. Article Two: Confidentiality of Swap Data 5. ABC will be acting within the scope of its jurisdiction in requesting Swap Data and employs procedures to maintain the confidentiality of Swap Data and any information and analyses derived therefrom (collectively, the ``Confidential Information''). ABC undertakes to notify the CFTC and each relevant SDR promptly of any change to ABC's scope of jurisdiction. 6. ABC undertakes to treat Confidential Information as confidential and will employ safeguards that: a. To the maximum extent practicable, identify the Confidential Information and maintain it separately from other data and information; b. Protect the Confidential Information from misappropriation and misuse; c. Ensure that only authorized ABC personnel with a need to access particular Confidential Information to perform their job [[Page 27440]] functions related to such Confidential Information have access thereto, and that such access is permitted only to the extent necessary to perform their job functions related to such particular Confidential Information; d. Prevent the disclosure of aggregated Confidential Information; provided, however, that ABC is permitted to disclose any sufficiently aggregated Confidential Information that is anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; e. Prohibit use of the Confidential Information by ABC personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose; and f. Include a process for monitoring compliance with the confidentiality safeguards described herein and for promptly notifying the CFTC, and each SDR from which ABC has received Swap Data, of any violation of such safeguards or failure to fulfill the terms of this Arrangement. 7. Except as provided in Paragraphs 6.d. and 8, ABC will not onward share or otherwise disclose any Confidential Information. 8. ABC undertakes that: a. If a department, central bank, or agency of the Government of the United States, it will not disclose Confidential Information except in an action or proceeding under the laws of the United States to which it, the CFTC, or the United States is a party; b. If a department or agency of a State or political subdivision thereof, it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the Act or the laws of [name of either the State or the State and political subdivision] to which it is a party; or c. If a foreign futures authority or a department, central bank, ministry, or agency of a foreign government or subdivision thereof, or any other Foreign Regulator, as defined in Commission Regulation 49.2(a)(5), it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the laws of [name of country, political subdivision, or (if a supranational organization) supranational lawmaking body] to which it is a party. 9. Prior to complying with any legally enforceable demand for Confidential Information, ABC will notify the CFTC of such demand in writing, assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information. 10. ABC acknowledges that, if it does not fulfill the terms of this Arrangement, the CFTC may direct any registered SDR to suspend or revoke ABC's access to Swap Data. 11. ABC will comply with all applicable security-related requirements imposed by an SDR in connection with access to Swap Data maintained by the SDR, as such requirements may be revised from time to time. 12. ABC will promptly destroy all Confidential Information for which it no longer has a need or which no longer falls within the scope of its jurisdiction, and will certify to the CFTC, upon request, that ABC has destroyed such Confidential Information. Article Three: Administrative Provisions 13. This Arrangement may be amended with the written consent of the Authorities. 14. The text of this Arrangement will be executed in English, and may be made available to the public. 15. On the date this Arrangement is signed by the Authorities, it will become effective and may be provided to any registered SDR that holds and maintains Swap Data that falls within the scope of ABC's jurisdiction. 16. This Arrangement will expire 30 days after any Authority gives written notice to the other Authority of its intention to terminate the Arrangement. In the event of termination of this Arrangement, Confidential Information will continue to remain confidential and will continue to be covered by this Arrangement. This Arrangement is executed in duplicate, this ___ day of ___. ----------------------------------------------------------------------- [name of Chairman] Chairman U.S. Commodity Futures Trading Commission ----------------------------------------------------------------------- [name of signatory] [title] [name of foreign/domestic regulator] [Exhibit A: Description of Scope of Jurisdiction. If ABC is not enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach the Determination Order received from the Commission pursuant to Commission Regulation 49.17(h). If ABC is enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a sufficiently detailed description of the scope of ABC's jurisdiction as it relates to Swap Data maintained by SDRs. In both cases, the description of the scope of jurisdiction must include elements allowing SDRs to establish, without undue obstacles, objective parameters for determining whether a particular Swap Data request falls within such scope of jurisdiction. Such elements could include LEIs of all jurisdictional entities and could also include UPIs of all jurisdictional products or, if no CFTC-approved UPI and product classification system is yet available, the internal product identifier or product description used by an SDR from which Swap Data is to be sought.] Issued in Washington, DC, on June 5, 2018, by the Commission. Robert Sidman, Deputy Secretary of the Commission. Note: The following appendicies will not appear in the Code of Federal Regulations. Appendicies to Amendments to the Swap Data Access Provisions of Part 49 and Certain Other Matters--Commission Voting Summary, Chairman's Statement, and Commissioner's Statement Appendix 1--Commission Voting Summary On this matter, Chairman Giancarlo and Commissioners Quintenz and Behnam voted in the affirmative. No Commissioner voted in the negative. Appendix 2--Statement of Chairman J. Christopher Giancarlo Eight years ago, Congress included in the Dodd-Frank Act a requirement that foreign and domestic regulators indemnify SDRs and the Commission for any expenses arising from litigation relating to the information provided by SDRs. Foreign and domestic regulators were unable or unwilling to provide this indemnification hindering the ability to share swaps data. The indemnification requirement also hindered the ability of foreign and domestic regulators to access SDR data to assess risks their regulated entities are assuming, and the impact of such risks on the broader markets. I am pleased that Congress has since amended the Dodd-Frank Act to take out the indemnification requirement. We therefore can change our regulations accordingly, which we propose to do today. In addition to the removal of the indemnification requirement, the final rule adds a category of ``other regulators'' that the Commission may deem to be appropriate to receive access to SDR swap data. The final rule sets out the process by which appropriateness is determined for those entities that are not already specifically enumerated. This process is a change to current Commission regulations, as it would apply to any such entity, including domestic regulators not enumerated in Commission regulations and foreign regulators. The statute also now requires a SDR to receive a written agreement from each requesting entity stating that the entity shall abide by the confidentiality requirements described in the CEA prior to sharing information with the requesting entity. Commission regulations currently require the SDR and the requesting regulator to execute a confidentiality agreement, but do not provide a form or details of such an agreement. The final rule modifies the current Commission regulations by providing a form of confidentiality arrangement, as Appendix B to part 49, and by requiring the confidentiality arrangement to be between the requesting regulator and the Commission. The Commission expects that this will benefit SDRs in that most, if not all, confidentiality arrangements will be exactly the same, and the Commission will be in the place of entering into the confidentiality agreements with regulators. We received comments from the affected CFTC-registered SDRs on the proposed rule that I believe that we have sufficiently addressed. The final regulations provide [[Page 27441]] long-awaited clarity to the official sector regarding the CFTC's requirements to determine access to, and safeguard the confidentiality of, transactional information reported to SDRs. In my experience as a Commissioner and Chairman of the CFTC, I have found, as have other foreign and domestic regulators, that conducting oversight of global derivatives markets can be difficult as a result of the current fragmented financial regulatory structure. In this regard, I expect that the final rule will enable authorities to enhance their oversight of derivatives markets across product and asset classes by marrying up the trading and position data they receive from regulated entities with the data sets obtained directly from SDRs. In so doing, I believe we have made significant progress towards cross-border data sharing and enhancing transparency in the global swaps market. Because today's swaps markets are global in scope, utilizing the data and information available in only one jurisdiction does not provide a complete picture of cross border trading activity and systemic risk. To that end, I expect that CFTC staff will seek to facilitate access to SDR data for authorities with which we have a history of regulatory assistance and that similarly seek to facilitate CFTC access to data maintained by trade repositories in their jurisdiction. Such data sharing represents an opportunity for greater cooperation among market and prudential regulators, as well as among foreign and domestic regulators, providing more effective financial market oversight, expanding data driven policymaking, and improving early warning systems to reduce the probability or severity of a financial crisis. These regulations will have a direct positive impact on the operational readiness of the official sector, providing authorities with critical information to make sound near-term and long-term policy and oversight decisions. I am particularly pleased that this rule represents a final step in eliminating a major legal impediment to sharing swaps market data with overseas regulators. The Dodd-Frank Act's original insistence on an indemnification requirement may have been well-intentioned to protect the safety of data held in SDRs, but Congress wisely determined that any such benefit is outweighed by the greater public interest of allowing international regulators to share and access information to carry out the regulatory and supervisory functions necessary to protect the global financial markets. It is essential that policymakers in other jurisdictions make determinations similar to these before us today concerning current legal barriers to information sharing. Even a law, like the new EU General Data Protection Regulation (GDPR), which has laudable objectives, must not be applied in ways that hinder the sharing and access of information between European and U.S. regulators for regulatory and supervisory purposes. Such a result could have dangerous implications for our global markets. I hope today's action by the CFTC will encourage international regulators and policymakers to take affirmative steps to address other existing legal barriers to information sharing and access. Appendix 3--Supporting Statement of Commissioner Brian D. Quintenz I support today's final rule addressing indemnification and amendments to the swap data access provisions of Part 49. I would like to thank the staff in our Division of Market Oversight for their work to amend Part 49 of the Commission's Regulations to implement provisions of the Fixing America's Surface Transportation Act of 2015 (Fast Act) \1\. --------------------------------------------------------------------------- \1\ Public Law 114-94, 129 Stat 1312 (Dec. 4, 2015). --------------------------------------------------------------------------- The Fast Act amended provisions of Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) \2\ that proved unworkable. Most significantly, the Fast Act repealed the Dodd-Frank Act's requirement that to obtain data from swap data repositories (SDR) registered with the CFTC, domestic and foreign authorities must indemnify the CFTC and SDRs from any claims arising from a SDR's production of information to those authorities. Foreign regulators unfamiliar with the U.S. tort law concept of ``indemnification'' that is inconsistent with their traditions and legal structures, have opted against requesting any information from SDRs. Domestic regulators have also opted against requesting information from SDRs because of the indemnification requirement. Removing the indemnification requirement will facilitate the sharing of SDR information with domestic and foreign authorities and better enable regulators in the United States and abroad to monitor risk across the global financial system. --------------------------------------------------------------------------- \2\ Public Law 111-203, 124 Stat 1376 (July 21, 2010). [FR Doc. 2018-12377 Filed 6-11-18; 8:45 am] BILLING CODE 6351-01-P
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Rules and Regulations | |
| Action | Final rule. | |
| Dates | The effective date for this final rule is August 13, 2018. For compliance dates, see SUPPLEMENTARY INFORMATION. | |
| Contact | Daniel Bucsa, Deputy Director, Division of Market Oversight--Data and Reporting Branch (``DMO-DAR''), (202) 418-5435, [email protected]; David E. Aron, Special Counsel, DMO- DAR, (202) 418-6621, [email protected]; Owen J. Kopon, Special Counsel, DMO-DAR, (202) 418-5360, [email protected]; or Stephen Kane, Research Economist, Office of the Chief Economist, (202) 418-5911, [email protected], Commodity Futures Trading Commission, Three Lafayette Centre, 1151 21st Street NW, Washington, DC 20581. | |
| FR Citation | 83 FR 27410 | |
| RIN Number | 3038-AE44 |