[Federal Register Volume 81, Number 91 (Wednesday, May 11, 2016)]
[Notices]
[Pages 29312-29313]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-11010]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-77769; File No. SR-ICC-2016-003]


Self-Regulatory Organizations; ICE Clear Credit LLC; Order 
Approving Proposed Rule Change To Revise the ICC Operational Risk 
Management Framework

May 5, 2016.

I. Introduction

    On March 10, 2016, ICE Clear Credit LLC (``ICC'') filed with the 
Securities and Exchange Commission (``Commission''), pursuant to 
Section 19(b)(1) of the Securities Exchange Act of 1934 (``Act'') \1\ 
and Rule 19b-4 thereunder,\2\ a proposed rule change (SR-ICC-2016-003) 
to update ICC's Operational Risk Management Framework. The proposed 
rule change was published for comment in the Federal Register on March 
21, 2016.\3\ The Commission did not receive comments on the proposed 
rule change. For the reasons discussed below, the Commission is 
approving the proposed rule change.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 78s(b)(1).
    \2\ 17 CFR 240.19b-4.
    \3\ Securities Exchange Act Release No. 34-77413 (March 21, 
2016), 81 FR 16245 (March 25, 2016) (SR-ICC-2016-003).
---------------------------------------------------------------------------

II. Description of the Proposed Rule Change

    The ICC Operational Risk Management Framework details ICC's program 
of risk assessment and oversight, managed by the Operational Risk 
Manager (``ORM''), which, according to ICC, aims to reduce operational 
incidents, encourage process and control improvement, bring 
transparency to operational performance standard monitoring, and 
fulfill regulatory obligations. ICC proposes organizational changes to 
its Operational Risk Management Framework related to its operational 
risk management processes.
    ICC will revise the Operational Risk Management Framework to frame 
its existing operational risk program and processes around an 
operational risk lifecycle, which according to ICC, is designed to 
highlight certain aspects of the processes and present the processes in 
a more efficient manner. The operational risk lifecycle utilized by ICC 
will have five components: Identify, assess, monitor, mitigate and 
report. Each of these lifecycle components will be first defined 
generally in the document then applied to each of ICC's two operational 
risk processes: Risk assessment; and performance objectives setting and 
monitoring. Specifically, the content for each risk process will be 
reorganized to fall into each of the operational risk lifecycle 
components (i.e., identify, assess, monitor, mitigate, and report).
    In addition, ICC will add information regarding the `assess' and 
`report' component of the risk assessment process. Specifically, ICC 
represents that it will assess each of its risk scenarios to determine 
the inherent risk rating associated with the occurrence of an event or 
incident, as well as the effectiveness of any relevant risk controls. 
Further, in the `report' component, ICC will clarify that the ORM 
presents operational risk reporting to an internal committee which 
includes members of senior management. The responsibilities of the ORM, 
which is currently listed out in the document, will be incorporated 
into the risk lifecycles. ICC respresents that the ORM will continue to 
provide management and staff with advice and guidance related to the 
development of controls designed to increase performance and reduce 
processing risk, as part of the `mitigate' risk lifecycle component. 
Similarly, the responsibilities of senior management, which is 
currently listed out in the document, will be incorporated into the 
risk lifecycles.
    ICC will categorize those aspects of the operational risk 
management program which do not fall within this lifecycle as 
``Operational Risk Focus Areas.'' These risk focus areas include: 
Business continuity planning and disaster recovery; vendor assessment; 
new products and initiatives; information security; and technology 
control functions. ICC will reorganize the order of these risk focus 
areas to better distinguish which functions may, with oversight by the 
ORM, be outsourced to Intercontinental Exchange, Inc. (``ICE, Inc.'') 
or performed by departments dedicated to that particular risk area.
    ICC will make several clarifying and organizational enhancements to 
the various risk focus area descriptions. Further, specific details 
contained within other ICC policies and procedures will be removed and 
described more generally within the Operational Risk Management 
Framework, in an effort to reduce redundancy amongst ICC policies and 
procedures. ICC will continue to maintain business continuity planning 
and disaster recovery as two separate programs with separate and 
distinct components; however, ICC will group the description of these 
programs together for purposes of the Operational

[[Page 29313]]

Risk Management Framework. ICC will amend the ``Vendor Assessment'' 
risk focus area description to note that the ORM is responsible for 
conducting a service provider risk assessment for critical vendors, and 
to list the specific steps taken as part of such risk assessment. ICC 
also will amend the ``Information Security'' risk focus area 
description to note that the ICE, Inc. Information Security Department 
conducts its own risk assessments related to information security and 
physical security/environmental controls, pursuant to internal policies 
which are maintained by an ICE, Inc. internal committee. Information 
regarding the Firm Wide Incident Management Program will be included in 
the new `Technology Controls Section.' ICC will amend the `Technology 
Control Functions' risk focus area description to note that the ICC 
Systems Operations team is responsible for executing daily clearing 
functions within established service expectations and performing 
incident management. ICC will describe this incident management process 
generally within the framework, and will remove more detailed aspects 
of the program which are contained in specific program documentation.
    General information regarding the development and enforcement of a 
firm-wide operational risk framework will be removed, as the revised 
framework will more clearly lay out in each particular section who is 
responsible for the development and enforcement of that component of 
the operational risk management framework. Information regarding the 
human resource reporting line of the ORM and specific references to 
titles of documents utilized as part of the risk assessment process 
will be removed. As the Vendor Risk Management policy will be retired 
and encompassed within the Operational Risk Management Framework, 
reference to the policy will be removed from the document. ICC will 
also remove internal audit responsibilities from the Operational Risk 
Management Framework as such responsibilities are contained within 
internal audit documentation.
    ICC represents that the overall governance of the Operational Risk 
Framework will also be updated to reflect current practices. 
Specifically, material amendments are reviewed by the Risk Committee, 
and approved by the Board. The Board reviews the Operational Risk 
Management Framework at least annually.
    Other non-material changes will be made to the framework to improve 
readability. Previously, ICC included regulatory requirements and 
industry guidance information within the framework; this information 
will be moved to a separate appendix to the framework. Further, 
information regarding Regulation Systems, Compliance, and Integrity 
will be added for completeness. Certain information regarding 
governance and governing committees will be resituated to the reporting 
section of the relevant operational risk lifecycle. Similarly, 
information regarding the roles and responsibilities of the ORM and 
senior management will be resituated to the appropriate section the 
operational risk lifecycle.

III. Discussion and Commission Findings

    Section 19(b)(2)(C) of the Act \4\ directs the Commission to 
approve a proposed rule change of a self-regulatory organization if the 
Commission finds that the proposed rule change is consistent with the 
requirements of the Act and the rules and regulations thereunder 
applicable to such self-regulatory organization. Section 17A(b)(3)(F) 
of the Act \5\ requires, among other things, that the rules of a 
clearing agency are designed to promote the prompt and accurate 
clearance and settlement of securities transactions and, to the extent 
applicable, derivative agreements, contracts, and transactions, to 
assure the safeguarding of securities and funds which are in the 
custody or control of the clearing agency or for which it is 
responsible and, in general, to protect investors and the public 
interest. Rule 17Ad-22(d)(4),\6\ in part, requires clearing agencies to 
establish, implement, maintain and enforce written policies and 
procedures reasonably designed to identify sources of operational risk 
and minimize them through the development of appropriate systems, 
controls, and procedures.
---------------------------------------------------------------------------

    \4\ 15 U.S.C. 78s(b)(2)(C).
    \5\ 15 U.S.C. 78q-1(b)(3)(F).
    \6\ 17 CFR 240.17Ad-22(d)(4).
---------------------------------------------------------------------------

    The Commission finds that the proposed rule change is consistent 
with the requirements of Section 17A of the Act \7\ and the rules and 
regulations thereunder applicable to ICC. The proposed rule change 
updates the Operational Risk Management Framework to frame its existing 
operational risk program and processes around an operational risk 
lifestyle. In addition, the proposed rule change categorizes the 
operational risk management programs that do not fall within this 
lifecycle as Operational Risk Focus Areas. The Commission finds that 
the reorganization of ICC's existing operational risk processes around 
the operational risk lifecycle is designed to promote readability and 
efficiency, and should alleviate potential confusion in the 
implementation of the Operational Risk Management Framework. In that 
the Operational Risk Management Framework is intended, among other 
things, to reduce or mitigate operational incidents that would impair 
ICC's ability to provide clearance and settlement services, the 
Commission finds that the proposed rule change is designed to 
facilitate the prompt and accurate clearance and settlement of 
securities transaction and, to the extent applicable, derivative 
agreements, contracts, and transactions in accordance with Section 
17A(b)(3)(F) of the Act.\8\ In addition, the Commission finds that the 
proposed rule change is consistent with the relevant requirements of 
Rule 17Ad-22(d)(4) \9\ because the change to the ICC Operational Risk 
Management Framework is intended to further ensure that ICC, through 
its operational risk program, is able to identify sources of 
operational risk and minimize them through the development of 
appropriate systems, control, and procedures.
---------------------------------------------------------------------------

    \7\ 15 U.S.C. 78q-1.
    \8\ 15 U.S.C. 78q-1(b)(3)(F).
    \9\ 17 CFR 240.17Ad-22(d)(4).
---------------------------------------------------------------------------

IV. Conclusion

    On the basis of the foregoing, the Commission finds that the 
proposal is consistent with the requirements of the Act and in 
particular with the requirements of Section 17A of the Act \10\ and the 
rules and regulations thereunder.
---------------------------------------------------------------------------

    \10\ 15 U.S.C. 78q-1.
---------------------------------------------------------------------------

    IT IS THEREFORE ORDERED, pursuant to Section 19(b)(2) of the 
Act,\11\ that the proposed rule change (File No. SR-ICC-2016-003) be, 
and hereby is, approved.\12\
---------------------------------------------------------------------------

    \11\ 15 U.S.C. 78s(b)(2).
    \12\ In approving the proposed rule change, the Commission 
considered the proposal's impact on efficiency, competition and 
capital formation. 15 U.S.C. 78c(f).

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\13\
---------------------------------------------------------------------------

    \13\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------

Robert W. Errett,
Deputy Secretary.
[FR Doc. 2016-11010 Filed 5-10-16; 8:45 am]
 BILLING CODE 8011-01-P