[Federal Register Volume 83, Number 113 (Tuesday, June 12, 2018)]
[Rules and Regulations]
[Pages 27410-27441]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-12377]



[[Page 27409]]

Vol. 83

Tuesday,

No. 113

June 12, 2018

Part III





Commodity Futures Trading Commission





-----------------------------------------------------------------------





17 CFR Part 49





Amendments to the Swap Data Access Provisions of Part 49 and Certain 
Other Matters; Final Rule

  Federal Register / Vol. 83 , No. 113 / Tuesday, June 12, 2018 / Rules 
and Regulations  

[[Page 27410]]


-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION

17 CFR Part 49

RIN Number 3038-AE44


Amendments to the Swap Data Access Provisions of Part 49 and 
Certain Other Matters

AGENCY: Commodity Futures Trading Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: Pursuant to Title VII of the Dodd-Frank Wall Street Reform and 
Consumer Protection Act of 2010 (``Dodd-Frank Act''), as amended by the 
Fixing America's Surface Transportation Act of 2015 (``FAST Act''), the 
Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is 
amending the Commission's regulations relating to access to swap data 
held by swap data repositories (``SDRs''). The amendments implement 
pertinent provisions of the FAST Act and make associated changes to the 
Commission's regulations governing the grant of access to swap data to 
certain foreign and domestic authorities by SDRs, as well as changes to 
certain other regulations unrelated to such access.

DATES: The effective date for this final rule is August 13, 2018. For 
compliance dates, see SUPPLEMENTARY INFORMATION.

FOR FURTHER INFORMATION CONTACT: Daniel Bucsa, Deputy Director, 
Division of Market Oversight--Data and Reporting Branch (``DMO-DAR''), 
(202) 418-5435, [email protected]; David E. Aron, Special Counsel, DMO-
DAR, (202) 418-6621, [email protected]; Owen J. Kopon, Special Counsel, 
DMO-DAR, (202) 418-5360, [email protected]; or Stephen Kane, Research 
Economist, Office of the Chief Economist, (202) 418-5911, 
[email protected], Commodity Futures Trading Commission, Three Lafayette 
Centre, 1151 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION: The compliance date for an SDR to comply 
with its obligation under Sec.  49.17(d)(5)(iii) of the Commission's 
regulations \1\ to provide access to swap data requested by an 
Appropriate Domestic Regulator (as defined in Sec.  49.17(b)(1)) 
(``ADR'') or Appropriate Foreign Regulator (as defined in Sec.  
49.17(b)(2)) (``AFR'') is, as discussed further below, the earlier of 
(1) the earliest date, after such SDR receives from such ADR or AFR the 
confidentiality arrangement required by Sec.  49.18(a), that such SDR, 
exercising commercially reasonable efforts in light of its obligations 
under the Act \2\ and the Commission's regulations, is able to provide 
such access to the ADR or AFR and (2) 180 days after the SDR receives 
from such ADR or AFR the confidentiality arrangement required by Sec.  
49.18(a). The compliance date for all other regulations amended, added 
or revised by this final rule is August 13, 2018.
---------------------------------------------------------------------------

    \1\ 17 CFR 49.17(d)(5)(iii). All Commission regulations cited 
herein are set forth in Title 17 of the Code of Federal Regulations.
    \2\ 7 U.S.C. 1 et seq.
---------------------------------------------------------------------------

Table of Contents

I. Background and Introduction
    A. Statutory Background: The Dodd-Frank Act
    B. Regulatory History: The Part 49 Rules and the Commission's 
Interpretative Statement
    1. Access to SDR Swap Data
    2. Indemnification Requirement
    C. FAST Act Amendments to CEA Section 21
    D. CEA Section 8 and the Confidentiality Provisions of CEA 
Section 21
    E. High-Level Summary of Revisions to Part 49
    F. Rescission of Interpretative Statement
II. Discussion
    A. Definitions: Amendments to Sec.  49.2
    B. Domestic and Foreign Regulators With Regulatory 
Responsibility Over SDRs: Amendments to Sec.  49.17(d)(2) and (3)
    1. Current Rules
    2. Proposed Amendments
    3. Comments Received
    4. Final Rules
    C. Appropriateness Determination for Foreign Regulators and Non-
Enumerated Domestic Regulators: Amendments to Sec.  49.17(b) and New 
Sec.  49.17(h)
    1. Current Rule
    2. Proposed Amendments: Determination Order Process
    3. Proposed Amendments: Factors Considered in Issuing a 
Determination Order
    a. Scope of Jurisdiction
    b. Robust Confidentiality Safeguards
    c. Swap Data Sharing Considerations
    4. Proposed Amendments: Other Matters Regarding the 
Determination Order Process
    5. Final Rules
    D. Amendments to Sec.  49.17(d)(4): SDR Notice and Verification 
Obligations
    1. Proposed Amendments
    2. Final Rules
    a. Sec.  49.17(d)(4)(i)
    i. Notices of Initial Access Requests and Requests Outside the 
Scope of Jurisdiction
    ii. Recordkeeping
    iii. Aggregated Data
    b. Sec.  49.17(d)(4)(ii)
    c. Sec.  49.17(d)(4)(iii)
    i. Scope of an ADR's or AFR's Jurisdiction
    ii. Changes to an ADR's or AFR's Scope of Jurisdiction
    iii. Written Notices
    d. Sec.  49.17(d)(4)(iv)
    E. New Sec.  49.17(i): Delegation of Authority
    F. CEA Section 21(d) Confidentiality Agreements: Amendments to 
Sec.  49.18
    1. Current Rule
    2. Proposed Amendments to Sec.  49.18(a): Confidentiality 
Arrangement Required Prior to Disclosure of Swap Data
    3. Proposed Amendments to Sec.  49.18(b): Required Elements of 
the Confidentiality Arrangement
    4. Proposed Removal of Sec.  49.18(c): ADRs and AFRs With 
Regulatory Responsibility Over an SDR
    5. Proposed New Sec.  49.18(c) and (d): Failure To Fulfill the 
Terms of a Confidentiality Arrangement
    6. Proposed New Sec.  49.18(e): Delegation of Authority
    7. Conforming Changes
    8. Comments Received
    9. Final Rule
    G. Other Changes
    1. Proposed Rule Changes
    2. Final Rule Changes
III. Request for Comment
IV. Compliance Date
V. Related Matters
    A. Regulatory Flexibility Act
    B. Paperwork Reduction Act
    1. Summary of the Requirements
    2. Collection of Information
    C. Cost-Benefit Considerations
    1. Introduction
    2. Benefits
    a. Background
    b. High-Level Benefits
    c. More Specific Benefits
    i. MOUs
    ii. Duty for SDRs To Notify the Commission of Swap Data Requests 
From ADRs and AFRs
    iii. Form of Electronic Notification by SDRs to the Commission
    iv. Clarification of SDR Recordkeeping Obligations
    v. Limitation, Suspension or Revocation of an ADR's or AFR's 
Swap Data Access
    vi. Confidentiality Arrangements
    vii. Means of Access
    3. Costs
    a. Background
    b. High-Level Costs
    c. ADRs' and AFRs' Costs
    i. Determination Order Applications
    ii. Confidentiality Arrangements
    iii. Data Security
    iv. Onward Sharing
    v. Means of Access
    d. SDRs' Costs
    i. Providing New Access Generally
    ii. Providing Notice to the Commission
    iii. Verifying That a Swap Data Request is Within an ADR's/AFR's 
Scope of Jurisdiction
    iv. Means of Access
    v. Recordkeeping
    4. Response to Comments
    5. Alternatives Considered
    6. Consideration of CEA Section 15(a) Factors
    a. Protection of Market Participants and the Public
    b. Efficiency, Competitiveness, and Financial Integrity of 
Futures Markets
    c. Price Discovery
    d. Sound Risk Management Practices
    e. Other Public Interest Considerations

[[Page 27411]]

    D. Antitrust Considerations

I. Background and Introduction

A. Statutory Background: The Dodd-Frank Act

    Title VII of the Dodd-Frank Act \3\ amended the Commodity Exchange 
Act (``CEA'') to establish a comprehensive new regulatory framework for 
swaps including, in new CEA section 21, requirements addressing the 
registration and regulation of SDRs.\4\ CEA section 21 imposes on SDRs, 
among other duties and responsibilities, the duty to maintain the 
privacy of all swap transaction information received from a swap 
dealer, counterparty, or any other registered entity.\5\ CEA section 
21(c)(7) directs SDRs to make swap data available on a confidential 
basis pursuant to section 8 of the CEA, upon request, and after 
notifying the Commission of the request,\6\ to certain enumerated 
domestic authorities and any other person (which may include certain 
types of foreign authorities) that the Commission determines to be 
appropriate (each such enumerated and Commission-determined entity, a 
``21(c)(7) entity'').\7\
---------------------------------------------------------------------------

    \3\ See Dodd-Frank Wall Street Reform and Consumer Protection 
Act, Public Law 111-203, 124 Stat. 1376 (2010), available at http://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of 
the Dodd-Frank Act may be cited as the Wall Street Transparency and 
Accountability Act of 2010.
    \4\ See Dodd-Frank Act section 728 (adding new CEA section 21, 7 
U.S.C. 24(a), to establish a registration requirement and regulatory 
regime for SDRs).
    \5\ 7 U.S.C. 24a(c)(6).
    \6\ CEA section 8, 7 U.S.C. 12, describes circumstances under 
which public disclosure of information in the Commission's 
possession is permitted and prohibited. As discussed more fully 
below, the principles underlying CEA section 8(e), in particular, 
are fundamental to CEA sections 21(c)(7) and (d) and to the access 
standards and confidentiality provisions adopted in this release.
    \7\ See 7 U.S.C. 24a(c)(7). See also Commission, Final 
Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77 
FR 2136, Jan. 13, 2012 (``Data Final Rules''). The Data Final Rules 
set forth, among others, regulations governing SDR data collection 
and swap data reporting responsibilities under part 45 of the 
Commission's regulations.
---------------------------------------------------------------------------

    As originally enacted, CEA sections 21(d)(1) and (2), respectively, 
mandated that, prior to receipt of any requested data or information 
from an SDR, a 21(c)(7) entity agree in writing to abide by the 
confidentiality requirements described in CEA section 8 and, 
separately, to indemnify the SDR and the Commission for any expenses 
arising from litigation relating to the information provided under 
section 8.\8\ Congress's repeal of the CEA section 21(d)(2) 
indemnification requirement in the FAST Act \9\ in December 2015 
prompted this rulemaking.\10\
---------------------------------------------------------------------------

    \8\ 7 U.S.C. 24a(d). As noted above, the indemnification 
requirement was stricken from CEA section 21(d) by the FAST Act. See 
Public Law 114-94, section 86001(b)(2).
    \9\ FAST Act, Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015).
    \10\ FAST Act section 86002(b)(2) struck subsection (d) of CEA 
section 21 and inserted a new provision in in its place that stated 
that before the swap data repository may share information with any 
entity listed in section (c)(7), the swap data repository shall 
receive a written agreement from each entity stating that the entity 
shall abide by the confidentiality requirements described in section 
8 of the CEA relating to the information on swap transactions that 
is provided.
---------------------------------------------------------------------------

B. Regulatory History: The Part 49 Rules and the Commission's 
Interpretative Statement

1. Access to SDR Swap Data
    In 2011, the Commission adopted rules implementing the requirements 
for SDRs in CEA section 21.\11\ The Commission implemented the SDR swap 
data access provisions of CEA sections 21(c)(7) and (d) by establishing 
processes to allow two categories of entities to gain access to SDR 
swap data. The Commission defined one category, ADRs, in Sec.  
49.17(b)(1) of the Commission's regulations as domestic authorities 
enumerated in CEA section 21(c)(7)(A)-(D) \12\ and certain other 
persons determined by the Commission to be appropriate recipients of 
such swap data pursuant to CEA section 21(c)(7)(E).\13\
---------------------------------------------------------------------------

    \11\ Swap Data Repositories: Registration Standards, Duties and 
Core Principles; 76 FR 54538 (Sept. 1, 2011) (``SDR Final Rules''); 
see also Swap Data Repositories: Registration Standards, Duties and 
Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final 
Rules) (``SDR NPRM'').
    \12\ The domestic authorities enumerated in CEA section 21(c)(7) 
are: (A) Each appropriate prudential regulator; (B) the Financial 
Stability Oversight Council (``FSOC''); (C) the Securities and 
Exchange Commission (``SEC''); and (D) the Department of Justice. 
The term ``prudential regulator'' is defined in CEA section 1a(39) 
(7 U.S.C. 1a(39)).
    \13\ In addition to CEA section 21(c)(7) enumerating certain 
domestic authorities to which an SDR must grant swap data access, 
CEA section 21(c)(7)(E), as amended by the FAST Act, identifies as 
an eligible recipient of such access as any other person that the 
Commission determines to be appropriate, including foreign financial 
supervisors (including foreign futures authorities); foreign central 
banks; foreign ministries; and other foreign authorities. 7 U.S.C. 
24a(c)(7)(E). Pursuant to this authority, in Sec. Sec.  
49.17(b)(1)(v) and (vi), the Commission identified any Federal 
Reserve Bank and the Office of Financial Research (``OFR''), 
respectively, as ADRs. The Commission also defined as an 
``Appropriate Domestic Regulator'' each prudential regulator 
identified in CEA section 1(a)(39), with respect to requests related 
to any such regulator's statutory authority, without limitation to 
the activities listed for each regulator in CEA section 1(a)(39). 
See Sec.  49.17(b)(1)(ii). The Commission further reserved the 
discretion, in Sec.  49.17(b)(1)(vii), to recognize any other person 
the Commission deems appropriate to be an ADR.
---------------------------------------------------------------------------

    The Commission defined the other category, AFRs,\14\ in Sec.  
49.17(b)(2) as ``Foreign Regulators'' \15\ with existing memoranda of 
understanding (``MOUs'') or similar types of information sharing 
arrangements with the Commission, but did not identify any specific 
persons as AFRs in the SDR Final Rules. The SDR Final Rules also 
defined the term AFR to include a Foreign Regulator without an existing 
MOU with the Commission, as determined by the Commission on a case-by-
case basis. Such a Foreign Regulator was required to file with the 
Commission an application providing sufficient facts and procedures to 
permit the Commission to analyze whether the Foreign Regulator employed 
appropriate confidentiality procedures, and to satisfy the Commission 
that any SDR swap data or information accessed by the Foreign Regulator 
would be disclosed only as permitted by section 8(e) of the CEA.\16\
---------------------------------------------------------------------------

    \14\ The Commission established the category of AFRs pursuant to 
CEA section 21(c)(7)(E), which, among other things, includes a list 
of the types of foreign entities that the Commission may determine 
to be appropriate recipients of swap data obtained by an SDR.
    \15\ The term ``Foreign Regulator'' is defined in current Sec.  
49.2(a)(5) to mean a foreign futures authority as defined in CEA 
section 1(a)(26), foreign financial supervisors, foreign central 
banks and foreign ministries.
    \16\ 17 CFR 49.17(b)(2)(i)(B).
---------------------------------------------------------------------------

    An ADR or AFR seeking access to SDR swap data is required by 
current Sec.  49.17(d)(1) to file an access request with the SDR 
certifying that it is acting within the scope of its jurisdiction and 
is required by current Sec.  49.17(d)(6) to execute a ``Confidentiality 
and Indemnification Agreement'' with the SDR.\17\
---------------------------------------------------------------------------

    \17\ Current Sec.  49.18(b) requires an SDR to receive such a 
Confidentiality and Indemnification Agreement from an ADR or AFR 
prior to releasing swap data to the ADR or AFR.
---------------------------------------------------------------------------

2. Indemnification Requirement
    In the preamble to the SDR Final Rules, the Commission acknowledged 
commenters' concerns that compliance with the statutory and regulatory 
requirements to indemnify the Commission, and the SDR providing access 
to swap data, for any expenses arising from litigation relating to the 
information provided under section 8 of the CEA, would be difficult for 
certain domestic and foreign regulators, due to various home country 
laws and other regulations prohibiting such arrangements.\18\ The 
Commission expressed its intent to continue to work to provide 
regulators sufficient access to SDR data. In this regard, the 
Commission outlined the circumstances under which it believed the 
indemnification provisions of CEA

[[Page 27412]]

section 21(d) and Sec.  49.18 would not apply. The Commission explained 
that, under the part 49 rules, ADRs with concurrent regulatory 
jurisdiction over SDRs may in some circumstances obtain access to swap 
data reported to and maintained by those SDRs without regard to the 
notice and indemnification requirements of CEA sections 21(c)(7) and 
(d).\19\ With respect to foreign regulatory authorities, the Commission 
determined in the SDR Final Rules that swap data reported to and 
maintained by an SDR may be accessed by an AFR without the execution of 
a confidentiality and indemnification agreement when the AFR has 
supervisory authority over a Commission-registered SDR that is also 
registered with the AFR pursuant to foreign law and/or regulation.
---------------------------------------------------------------------------

    \18\ See SDR Final Rules at 54554. The Commission notes that, to 
date, no 21(c)(7) entity has entered into a confidentiality or 
indemnification agreement pursuant to CEA section 21(d) or the part 
49 rules.
    \19\ See SDR Final Rules at 54554, n163. Accordingly, pursuant 
to the Commission's Part 49 rules, these provisions did not apply to 
an ADR that has regulatory jurisdiction over an SDR registered with 
the ADR pursuant to a separate statutory authority and also 
registered with the Commission, if the ADR executes an MOU or 
similar information sharing arrangement with the Commission and the 
Commission, consistent with CEA section 21(c)(4)(A), designates the 
ADR to receive direct electronic access. See 17 CFR 49.17(d)(2).
---------------------------------------------------------------------------

    Since concerns about the scope of the indemnification requirement 
persisted, the Commission issued an interpretative statement designed 
to provide guidance and greater clarity to interested members of the 
public and foreign regulators with respect to the scope and application 
of CEA section 21(d) and the part 49 rules.\20\ The Interpretative 
Statement clarified that a foreign regulatory authority's access to 
swap data held in a CFTC-registered SDR would not be subject to the 
confidentiality and indemnification provisions of CEA section 21(d) or 
the part 49 regulations if (i) the registered SDR is also registered 
in, or recognized or otherwise authorized by, the foreign authority's 
regulatory regime and (ii) the data sought to be accessed by the 
foreign authority has been reported to the registered SDR pursuant to 
such foreign regulatory regime.\21\
---------------------------------------------------------------------------

    \20\ See Swap Data Repositories: Interpretative Statement 
Regarding the Confidentiality and Indemnification Provisions of the 
Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012) 
(``Interpretative Statement'').
    \21\ Interpretative Statement at 65181.
---------------------------------------------------------------------------

C. FAST Act Amendments to CEA Section 21

    Congress responded to regulators' access concerns by including in 
the FAST Act a repeal of the indemnification requirement in CEA section 
21(d)(2).\22\ The confidentiality requirement in CEA section 21(d)(1) 
was retained in amended CEA section 21(d).\23\
---------------------------------------------------------------------------

    \22\ Title LXXXVI (``Repeal of Indemnification Requirements'') 
of the FAST Act amends the CEA by repealing the indemnification 
requirements added by the Dodd-Frank Act for regulatory authorities 
to obtain access to swap data because foreign regulators and 
regulatory entities have indicated concerns regarding the 
indemnification requirements of the Dodd-Frank Act. The title 
removes such requirements so data can be shared with foreign 
authorities. The title would still require the regulatory agencies 
requesting the information to agree to certain confidentiality 
requirements prior to receiving the data. FAST Act: Conference 
Report to Accompany H.R. 22, Dec. 1, 2015 at 486-87. The repeal 
applied as well to the analogous provision in the Securities 
Exchange Act of 1934, 15 U.S.C. 78m(n)(5).
    \23\ As noted above, FAST Act section 86002(b)(2) struck 
subsection (d) of CEA section 21 and inserted a new provision in its 
place that stated that before the swap data repository may share 
information with any entity listed in section (c)(7), the swap data 
repository shall receive a written agreement from each entity 
stating that the entity shall abide by the confidentiality 
requirements described in section 8 of the CEA relating to the 
information on swap transactions that is provided.
---------------------------------------------------------------------------

    The FAST Act also modified CEA section 21(c)(7)(A) by clarifying 
that SDRs must make available the ``swap'' data they obtain to 21(c)(7) 
entities, and added to CEA section 21(c)(7)(E)'s non-exclusive list of 
persons that the Commission may determine to be appropriate recipients 
of SDR swap data the new category ``other foreign authorities.'' \24\
---------------------------------------------------------------------------

    \24\ See FAST Act section 86001(b)(1).
---------------------------------------------------------------------------

D. CEA Section 8 and the Confidentiality Provisions of CEA Section 21

    CEA section 8 governs the Commission's treatment of nonpublic 
information in its possession in a number of circumstances. CEA section 
8(e) permits the Commission to furnish to the specified types of 
domestic or foreign entities--upon their request and acting within the 
scope of their jurisdiction--any information in its possession obtained 
in connection with the administration of the Act.\25\ CEA section 8(e) 
specifies, with respect to federal U.S. entities, that any information 
furnished thereunder shall not be disclosed by the entity except in an 
action or proceeding under the laws of the United States to which the 
entity, the Commission or the United States is a party. CEA section 
8(e) further specifies, with respect to the specified types of foreign 
entities, that the Commission shall not furnish information thereunder 
unless the Commission is satisfied that the information will not be 
disclosed by the entity except in connection with an adjudicatory 
action or proceeding to which the entity is a party brought under the 
laws to which such entity is subject.
---------------------------------------------------------------------------

    \25\ 7 U.S.C. 12(e).
---------------------------------------------------------------------------

    CEA sections 21(c)(7) and 21(d) incorporate CEA section 8 in 
establishing the disclosure restrictions and confidentiality standards 
that apply to SDRs when providing swap data to regulators. The 
Commission interprets these provisions as requiring consistency with 
the principles underlying CEA section 8(e) and therefore being 
fundamental to the access standards and confidentiality provisions 
adopted in this release. In adopting revised Sec. Sec.  49.17 and 
49.18, the Commission is mindful of these foundational principles: 
Where information is sought to be accessed, the information must relate 
to the scope of the requesting entity's jurisdiction; and information 
provided by the SDR shall not be further disclosed except in limited, 
defined circumstances.

E. High-Level Summary of Revisions to Part 49

    Pursuant to its authority under the Act,\26\ the Commission 
proposed amendments in January 2017 to Sec. Sec.  49.2, 49.9, 49.17, 
49.18, and 49.22 to (i) implement the statutory changes mandated by the 
FAST Act amendments; (ii) make certain conforming and clarifying 
changes related to such implementation; (iii) revise the process by 
which appropriateness is determined for purposes of access to SDR swap 
data; (iv) clarify the standards in connection with the Commission's 
appropriateness determinations; and (v) establish the form and 
substance of the written agreement mandated by CEA section 21(d), as 
amended.\27\ In formulating the proposed amendments, the Commission 
endeavored to achieve the goals of effective and consistent global 
regulation of swaps \28\ while adhering to the mandate of CEA sections 
21(c)(7) and (d) that swap data be made available to a limited universe 
of

[[Page 27413]]

regulators on a confidential basis pursuant to CEA section 8. As 
explained in Section II below, the Commission is generally adopting, 
with certain modifications, the rules and rule amendments as proposed.
---------------------------------------------------------------------------

    \26\ See, e.g., CEA section 21(f)(4) (Additional duties 
developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also 
authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules 
and regulations as, in the judgment of the Commission, are 
reasonably necessary to effectuate any of the provisions or to 
accomplish any of the purposes of the CEA.
    \27\ See Proposed Amendments To Swap Data Access Provisions and 
Certain Other Matters, 82 FR 8369 (Jan. 25, 2017) (``NPRM'').
    \28\ Section 752(a) of the Dodd-Frank Act directs the CFTC, the 
SEC and the prudential regulators, as appropriate, to consult and 
coordinate with foreign regulatory authorities in this regard and 
provides that these entities may agree to such information-sharing 
arrangements as may be deemed necessary or appropriate in the public 
interest or for the protection of investors, swap counterparties, 
and security-based swap counterparties.
---------------------------------------------------------------------------

F. Rescission of Interpretative Statement

    The Commission has determined to rescind the Interpretative 
Statement. References to the indemnification requirement in the 
Interpretative Statement are no longer necessary, as the FAST Act 
repealed the indemnification requirement in CEA section 21(d). 
Additionally, the modifications to Sec.  49.17(d)(3) that are adopted 
by the Commission in this release are not inconsistent with the 
clarifications provided in the Interpretative Statement.

II. Discussion

A. Definitions: Amendments to Sec.  49.2

    As originally adopted, Sec.  49.2(a)(5) defined the term ``Foreign 
Regulator'' to include a foreign futures authority as defined in CEA 
section 1a(26), foreign financial supervisors, foreign central banks 
and foreign ministries.\29\ The FAST Act amendments to the CEA added to 
section 21(c)(7)(E) a new category of entity--``other foreign 
authorities''--that the Commission may deem appropriate to obtain 
access to SDR swap data. The Commission proposed in the NPRM a 
corresponding amendment to the definition of ``Foreign Regulator'' in 
Sec.  49.2(a)(5) to conform this definition to amended CEA section 
21(c)(7)(E). The Commission received no comments on that proposed 
amendment. Thus, for the foregoing reasons, the Commission is adopting 
the amendment as proposed.
---------------------------------------------------------------------------

    \29\ 17 CFR 49.2(a)(5). CEA Section 1a(26) defines a ``foreign 
futures authority'' as any foreign government, or any department, 
agency, governmental body, or regulatory organization empowered by a 
foreign government to administer or enforce a law, rule, or 
regulation as it relates to a futures or options matter, or any 
department or agency of a political subdivision of a foreign 
government empowered to administer or enforce a law, rule, or 
regulation as it relates to a futures or options matter.
---------------------------------------------------------------------------

B. Domestic and Foreign Regulators With Regulatory Responsibility Over 
SDRs: Amendments to Sec.  49.17(d)(2) and (3)

1. Current Rules
    Commission regulation 49.17(d)(2) currently provides that an ADR 
with regulatory jurisdiction over an SDR that is registered with the 
ADR pursuant to a separate statutory authority and that is also 
registered with the Commission does not need to apply to the SDR for 
access to swap data and execute a confidentiality and indemnification 
agreement, as required by Sec. Sec.  49.17(d) and 49.18(b), as long as 
the following conditions are met: (i) The ADR executes an MOU or 
similar information sharing arrangement with the Commission; and (ii) 
the Commission, consistent with CEA section 21(c)(4)(A), designates the 
ADR to receive direct electronic access. The Commission provided in the 
SDR Final Rules that these ADRs may be provided access to the swap data 
reported and maintained by SDRs without being subject to the notice and 
indemnification provisions of CEA sections 21(c)(7) and (d).\30\
---------------------------------------------------------------------------

    \30\ See SDR Final Rules at 54554.
---------------------------------------------------------------------------

    Commission regulation 49.17(d)(3) currently provides that an AFR 
with supervisory authority over an SDR registered with it pursuant to 
foreign law and/or regulation that is also registered with the 
Commission is not subject to the requirements of Sec.  49.17(d) and 
Sec.  49.18(b). As described in the SDR Final Rules and the 
Interpretative Statement, the Commission believes that swap data 
reported to, and maintained, by an SDR may be appropriately accessed by 
an AFR without the execution of a confidentiality and indemnification 
agreement when the AFR is acting in a regulatory capacity with respect 
to an SDR that is also registered with the AFR, and the swap data was 
reported to such SDR pursuant to such AFR's regulatory regime.
2. Proposed Amendments
    With respect to domestic regulators with regulatory jurisdiction 
over an SDR, the Commission proposed in the NPRM to remove: (1) The 
reference to ``Appropriate Domestic Regulator'' in Sec.  49.17(d)(2) 
and replace it with the term ``domestic regulator'' to clarify that all 
domestic regulators, and not just ADRs, would fall under Sec.  
49.17(d)(2); (2) Sec.  49.17(d)(2)(i) (information sharing arrangement 
condition); and (3) Sec.  49.17(d)(2)(ii) (direct electronic access 
condition). Based on its experience with SDR swap data access, the 
Commission believed an additional refinement of these rules was 
necessary in order to promote greater efficiency and cooperation among 
domestic regulators. Accordingly, the Commission proposed that a 
domestic regulator that has regulatory responsibility over an SDR 
registered with it pursuant to a separate statutory authority should be 
able to access SDR data reported to such SDR pursuant to such separate 
statutory authority irrespective of whether such domestic regulator has 
executed an MOU or similar information sharing arrangement with the 
Commission or been designated to receive direct electronic access by 
the Commission.\31\
---------------------------------------------------------------------------

    \31\ The Commission's proposal for domestic regulators was 
consistent with the principle previously set forth in the 
Interpretative Statement with respect to the application of the 
confidentiality and indemnification provisions of the CEA to foreign 
regulators. In particular, the Commission stated that a foreign 
regulator's access to data from a registered SDR that is also 
registered, recognized, or otherwise authorized in a foreign 
jurisdiction's regulatory regime, where the data to be accessed has 
been reported pursuant to that other regulatory regime, will be 
dictated by that jurisdiction's regulatory regime and not by the CEA 
or Commission regulations. See Interpretative Statement at 65181.
---------------------------------------------------------------------------

    In connection with foreign regulatory authorities that have 
supervisory authority over an SDR, the Commission proposed in the NPRM 
to (i) replace the reference to ``Appropriate Foreign Regulator'' in 
Sec.  49.17(d)(3) with the term ``Foreign Regulator,'' as defined in 
Sec.  49.2, to clarify that all Foreign Regulators, not only those that 
have been determined ``appropriate'' by the Commission, would fall 
under Sec.  49.17(d)(3); and (ii) add qualifying language to Sec.  
49.17(d)(3) so that Sec.  49.17(d)(3) applies not only to SDRs that are 
``registered'' with the Foreign Regulator but also to those SDRs that 
are ``recognized or otherwise authorized'' by the Foreign Regulator, 
where the swap data being accessed has been reported to the SDR 
pursuant to the Foreign Regulator's regulatory regime.\32\
---------------------------------------------------------------------------

    \32\ Id.
---------------------------------------------------------------------------

3. Comments Received
    The Commission received one comment, from Chicago Mercantile 
Exchange Inc. (``CME''), DTCC Data Repository (U.S.) LLC (``DDR''), and 
ICE Trade Vault, LLC (``ICETV'' and, collectively with CME and DDR, the 
``SDR Commenters''), on its proposed modifications to Sec.  49.17(d)(2) 
and (3).\33\ The SDR Commenters supported the Commission's proposed 
modifications to Sec.  49.17(d)(2) and (3) stating that recognizing the 
separate jurisdictional authority of another domestic regulator or 
foreign regulator would further appropriate information sharing 
necessary for regulatory oversight and global systemic risk mitigation 
purposes.\34\
---------------------------------------------------------------------------

    \33\ Joint Comment Letter submitted by CME, DDR, and ICETV at 2 
(March 27, 2017) (``SDR Letter'').
    \34\ Id.
---------------------------------------------------------------------------

4. Final Rules
    After considering the comments it received with respect to its 
proposed amendments to Sec.  49.17(d)(2) and (3), and for the reason 
stated above in section II.B.2., the Commission continues to believe 
that swap data

[[Page 27414]]

reported to, and maintained by, an SDR may be appropriately accessed by 
a domestic regulator or Foreign Regulator without the execution of a 
confidentiality and indemnification agreement (1) when the regulator is 
acting in a regulatory or supervisory capacity with respect to an SDR 
that is also registered with, or recognized or otherwise authorized by, 
the regulator and (2) with respect to swap data reported to such SDR 
pursuant to such regulator's regulatory regime. The Commission, 
accordingly, is adopting the amendments to Sec.  49.17(d)(2) and (3) as 
proposed.

C. Appropriateness Determination for Foreign Regulators and Non-
Enumerated Domestic Regulators: Amendments to Sec.  49.17(b) and New 
Sec.  49.17(h)

1. Current Rule
    CEA section 21(c)(7) specifies U.S. entities to which swap data 
must be released by an SDR, provided certain prerequisites are 
satisfied. Because Congress has determined that access to SDR swap data 
by these entities is appropriate when the prerequisites are satisfied, 
no appropriateness determination by the Commission is necessary. These 
U.S. entities, along with any others the Commission determines to be 
appropriate pursuant to CEA section 21(c)(7)(E), are identified in 
Sec.  49.17(b)(1) as ADRs. The current part 49 rules do not include a 
process for how the Commission would determine a domestic regulator to 
be ``appropriate'' within the meaning of CEA section 21(c)(7)(E).
    Under current Sec.  49.17(b)(2)(i), in order for a Foreign 
Regulator that does not have a current MOU with the Commission to be 
determined to be an AFR,\35\ it must file with the Commission an 
application in the form and manner specified by the Commission.\36\ 
Current Sec.  49.17(b)(2)(i)(B) requires that the application provide 
sufficient facts and procedures to permit the Commission to analyze 
whether the Foreign Regulator's confidentiality procedures are 
appropriate and to satisfy the Commission that information provided by 
an SDR will be disclosed by the Foreign Regulator only as permitted by 
CEA section 8(e).
---------------------------------------------------------------------------

    \35\ No specific Foreign Regulators are enumerated in CEA 
section 21(c)(7) or specifically identified as AFRs in Sec.  
49.17(b)(2).
    \36\ To date, the Commission has not specified a form and manner 
for the application referenced in current Sec.  49.17(b)(2)(i)(A).
---------------------------------------------------------------------------

2. Proposed Amendments: Determination Order Process
    The Commission proposed to eliminate the current filing 
requirements set forth in current Sec.  49.17(b)(2)(i) and establish 
new filing requirements in proposed new Sec.  49.17(h) that would apply 
to both Foreign Regulators and domestic regulators. The Commission also 
proposed to include, in Sec.  49.17(h), CEA-section-8-related 
confidentiality considerations and the ability for the Commission to 
revisit or reassess appropriateness determinations. As proposed, new 
Sec.  49.17(h) would apply to each Foreign Regulator regardless of 
whether there was a current MOU or similar information sharing 
arrangement in place between such Foreign Regulator and the Commission, 
and to any domestic regulator other than an ADR enumerated in Sec.  
49.17(b)(1)(i) through (vi) (``Enumerated ADR'').
    Proposed Sec.  49.17(h)(3) specified two threshold requirements for 
a finding of appropriateness: (i) The requesting entity has in place 
appropriate safeguards to maintain the confidentiality of swap data 
received from an SDR; and (ii) such entity is acting within the scope 
of its jurisdiction in seeking access to swap data maintained by an 
SDR. Because the Commission stated that these requirements are 
necessary, but may or may not be sufficient to support an 
appropriateness determination, the Commission proposed to evaluate each 
filing on a case-by-case basis with reference to these and other 
factors that the Commission may find germane to its determination. The 
Commission proposed that, were it to find, based on information 
submitted to it, that an entity's access to SDR swap data was 
appropriate, the Commission would issue an order confirming the 
entity's status as an ADR or AFR and setting forth any conditions or 
limitations on access consistent with the relevant statutory and 
regulatory requirements (a ``Determination Order'').
    The Commission also proposed in Sec.  49.17(h)(4) to be able to 
revisit, reassess, limit, suspend or revoke a previously issued 
Determination Order. That proposal was based on the Commission's belief 
that it is necessary to reserve the authority to revisit an 
appropriateness determination, and potentially take one of the 
foregoing remedial actions, in order to be able to address situations 
that may arise subsequent to the determination, such as where an AFR or 
ADR violates the terms of a Determination Order or fails to keep SDR 
swap data confidential.
3. Proposed Amendments: Factors Considered in Issuing a Determination 
Order
a. Scope of Jurisdiction
    CEA section 21(c)(7) directs SDRs to provide swap data to 
regulators on a confidential basis pursuant to section 8.\37\ The 
Commission interprets this provision to require consistency with the 
CEA section 8(e) mandate that information be furnished, on a 
confidential basis, only to other regulators acting within the scope of 
their jurisdiction. Accordingly, the Commission believes that an 
appropriateness determination must be informed by reference to a 
regulator's jurisdiction.
---------------------------------------------------------------------------

    \37\ 7 U.S.C. 24(c)(7).
---------------------------------------------------------------------------

    In this regard, the Commission proposed to add new Sec.  
49.17(h)(2), which would require an applicant seeking a Determination 
Order to provide the Commission sufficient information to permit the 
Commission to analyze whether the applicant is acting within the scope 
of its jurisdiction in seeking access to swap data maintained by an 
SDR. As part of this information, the Commission stated that it 
expected that an applicant would explain the relationship between its 
jurisdiction and its request for access to swap data maintained by 
SDRs, including an explanation of the applicant's need for swap data to 
carry out its regulatory mandate, legal authority or 
responsibility.\38\
---------------------------------------------------------------------------

    \38\ The Commission expects that the applicant would provide a 
description of its scope of jurisdiction as part of these 
explanations.
---------------------------------------------------------------------------

    The Commission proposed in new Sec.  49.17(h)(3) that the 
Commission would not issue a Determination Order unless it were 
satisfied that an applicant was acting within the scope of its 
jurisdiction in seeking access to SDR swap data. The Commission also 
stated in the NPRM that it expected that each Determination Order would 
further require, as a condition of the appropriateness determination 
set forth therein, that a regulator that received a Determination Order 
promptly notify the Commission, and each SDR from which it received 
swap data, of any change to its jurisdiction that would relate to the 
swap data access requested.\39\ Proposed Sec.  49.17(d)(4)(iii) enabled 
the Commission to direct SDRs to limit, suspend or revoke an ADR's or 
AFR's SDR swap data access to reflect the new scope of its 
jurisdiction, and required the SDRs to so limit, suspend

[[Page 27415]]

or revoke such access in response to such Commission direction. The 
Commission expected that limiting access in this manner would reduce 
the risk of unauthorized or unnecessary disclosures because each 
appropriate regulator would have access to swap data only to the extent 
necessary to fulfill its amended jurisdictional mandate or regulatory 
responsibility.
---------------------------------------------------------------------------

    \39\ The form of confidentiality arrangement set forth in 
proposed Appendix B to part 49 (``Confidentiality Arrangement 
Form'') also would have required such notices.
---------------------------------------------------------------------------

b. Robust Confidentiality Safeguards
    CEA section 21(c)(7) requires that SDRs make swap data available on 
a confidential basis pursuant to CEA section 8. Proposed Sec.  
49.17(h)(2) accordingly would require that an applicant for a 
Determination Order submit to the Commission information sufficient to 
permit the Commission to analyze whether the applicant employs 
appropriate confidentiality safeguards to ensure that swap data the 
applicant receives from an SDR would not be disclosed other than as 
permitted by the confidentiality arrangement required by proposed Sec.  
49.18(a). The Commission anticipated that this analysis would involve 
the Commission considering whether the applicant's confidentiality 
protocols, system safeguards and security compliance procedures could 
be expected to ensure the confidentiality of the swap data, and whether 
the applicant had in place protections sufficient to prevent 
unauthorized intrusions into the systems that maintain the swap data. 
In this regard, the Commission stated in the NPRM that it would also 
expect to consider the applicant's processes for limiting internal 
access to swap data to those persons with a need to know, as well as 
how the swap data would be stored and whether the swap data would be 
segregated from other information.
    The Commission stated in the NPRM its view that the confidentiality 
protections set forth in proposed Sec.  49.17(h)(2) strike an 
appropriate tradeoff between realizing the benefits of data access by 
regulators,\40\ and protecting confidential information in accordance 
with the dictates of CEA section 8(e), which, as described above, is 
incorporated into the access provisions of CEA sections 21(c)(7) and 
(d). In the NPRM, the Commission stated that it would consider these 
factors essential to a determination of appropriateness.
---------------------------------------------------------------------------

    \40\ See CEA section 21(c)(7); see also Section 752(a) of the 
Dodd-Frank Act (recognizing the goal of effective and consistent 
global regulation of swaps).
---------------------------------------------------------------------------

c. Swap Data Sharing Considerations
    The Commission stated in the NPRM that other considerations not 
proposed to be codified may also contribute to the Commission's 
appropriateness analysis. Although the Commission proposed to eliminate 
the current regulatory provision conferring AFR status on a Foreign 
Regulator with an existing MOU or other similar type of information 
sharing arrangement executed with the Commission,\41\ it nonetheless 
stated in the NPRM its continued belief that the existence of such an 
arrangement fosters a cooperative relationship and encourages the 
development of shared understandings related to regulatory 
responsibilities. The Commission added in the NPRM that, although not 
dispositive, indications of a strong cooperative relationship with 
another authority, as established by the existence of such an 
arrangement and the Commission's experience working with such authority 
in finalizing and administering the arrangement, would likely be a 
factor supporting an appropriateness determination. The Commission also 
stated in the NPRM that a failure to cooperate fully or to comply with 
the terms of an existing or prior arrangement might be expected to 
weigh against an appropriateness determination.
---------------------------------------------------------------------------

    \41\ 17 CFR 49.17(b)(2).
---------------------------------------------------------------------------

    Similarly, when assessing appropriateness, the Commission expected 
to consider whether it receives access to swap data maintained by trade 
repositories subject to the applicant's jurisdiction. The Commission 
stated in the NPRM that it is mindful of the Dodd-Frank Act's 
encouragement of coordination and cooperation with foreign regulatory 
authorities.\42\ The Commission also stated in the NPRM its belief that 
increased data access by regulators has the potential to provide the 
Commission and other authorities with more complete information with 
which to monitor risk exposures and should be expected to promote 
global market stability through enhanced regulatory transparency. 
Accordingly, the Commission stated in the NPRM, it would view the 
following favorably in considering appropriateness: (i) Commission 
access to swap data maintained by trade repositories in a foreign 
regulator's jurisdiction; (ii) an arrangement to assist the Commission 
in obtaining data from other jurisdictions; and (iii) a history of 
assistance from a foreign regulator.
---------------------------------------------------------------------------

    \42\ See also Dodd-Frank Act section 752 (recognizing the goal 
of effective and consistent global regulation of swaps).
---------------------------------------------------------------------------

4. Proposed Amendments: Other Matters Regarding the Determination Order 
Process
    The Commission stated in the NPRM its preliminary belief that the 
Determination Order process and factors discussed above offer a 
reasonable approach to providing requesting entities access to SDR swap 
data based on clearly articulated factors and any additional 
considerations or circumstances the Commission may deem relevant on a 
case-by-case basis. The Commission added that both the required factors 
and the additional considerations support the mandates of CEA sections 
8, 21(c)(7) and 21(d) and are consistent with the express intent of 
Congress that the Commission coordinate and cooperate with foreign 
regulatory authorities on matters related to the regulation of swaps. 
Through the issuance of Determination Orders, the Commission expected 
to be able to impose appropriate conditions or restrictions on an 
entity's access to SDR swap data such that the entity's access would be 
linked to its jurisdictional scope. Pursuant to proposed Sec.  
49.17(h)(3), the Commission could, in its discretion, issue a 
Determination Order of limited duration. The Commission stated in the 
NPRM that it would expect SDRs to take into account any conditions or 
restrictions contained in a Determination Order when providing access 
to swap data to an ADR or AFR.
    The Commission further believed it appropriate to make the process 
and factors proposed in Sec.  49.17(h) applicable to any domestic 
entities that are not enumerated as ADRs in Sec.  49.17(b)(1)(i) 
through (vi), as scope of jurisdiction and confidentiality 
considerations are equally applicable to U.S. entities, and drafted 
proposed Sec.  49.17(h) accordingly.
5. Final Rules
    After considering the comments received in the SDR Letter, and for 
the reasons stated in the NPRM, stated above in sections II.C.2.-4. and 
stated in this section, the Commission is adopting amendments to Sec.  
49.17(b) and new Sec.  49.17(h) as proposed.
    The Commission requested comment on all aspects of proposed Sec.  
49.17(h), particularly on whether the proposed regulatory and other 
factors are sufficient to determine whether access to SDR swap data is 
appropriate. The Commission received one comment in response, from the 
SDR Commenters. The SDR Commenters expressed support for the Sec.  
49.17(h) appropriateness determination process proposed in the NPRM 
with respect to

[[Page 27416]]

Foreign Regulators and non-enumerated domestic regulators, including 
the requirement that such regulators file an application with the 
Commission to be determined to be appropriate recipients of SDR swap 
data. The SDR Commenters added that they ``believe that a[n] MOU or 
other information sharing arrangement alone, by [its] nature, ha[s] the 
potential for imprecise language and bespoke arrangements that would 
not provide sufficient indication of a regulator's `appropriateness.' 
'' \43\
---------------------------------------------------------------------------

    \43\ SDR Letter at 3.
---------------------------------------------------------------------------

    The SDR Commenters also suggested that the Commission revise 
proposed Sec.  49.17(h)(4), which provides that the Commission reserves 
the right to revisit, reassess, limit, suspend or revoke any 
appropriateness determination with respect to an ADR or AFR, consistent 
with the CEA, to require the Commission to provide a written notice to 
SDRs of such action to ensure that all SDRs are aware of any changes in 
status with respect to an appropriateness determination.\44\ The 
Commission agrees with the substance of the ``written notice'' comment 
but believes that this suggestion should be incorporated elsewhere in 
the Commission's regulations. Specifically, because proposed Sec.  
49.17(h)(4) merely addresses the Commission's right to revisit, 
reassess, limit, suspend or revoke any appropriateness determination, 
whereas proposed Sec.  49.17(d)(5) required an SDR to take such action 
as directed by the Commission,\45\ the Commission believes that 
proposed Sec.  49.17(d)(5), rather than proposed Sec.  49.17(h)(4), 
should be amended in response to the ``written notice'' comment.\46\ 
Accordingly, the Commission is adopting Sec.  49.17(d)(5) as proposed 
but with a modification to require that any Commission direction to an 
SDR specified therein be in writing.
---------------------------------------------------------------------------

    \44\ SDR Letter at 7.
    \45\ As proposed, Sec.  49.17(d)(5) did not require that the 
Commission direct the SDR in writing to take any of such actions.
    \46\ Proposed Sec.  49.17(h)(4) stated that the Commission 
reserves the right, in connection with any appropriateness 
determination with respect to an Appropriate Domestic Regulator or 
Appropriate Foreign Regulator, to revisit, reassess, limit, suspend 
or revoke such determination consistent with the Act. Proposed Sec.  
49.17(d)(5) stated that an SDR shall, as directed by the Commission, 
limit, suspend or revoke such access should the Commission limit, 
suspend or revoke the appropriateness determination for such ADR or 
AFR or otherwise direct the SDR to limit, suspend or revoke such 
access.
---------------------------------------------------------------------------

    Accordingly, for the reasons stated in the NPRM, stated above in 
sections II.C.2.-4. and stated in this section, the Commission is 
adopting amendments to Sec.  49.17(b) and new Sec.  49.17(h) as 
proposed.

D. Amendments to Sec.  49.17(d)(4): SDR Notice and Verification 
Obligations

1. Proposed Amendments
    CEA section 21(c)(7) requires each SDR to notify the Commission of 
a swap data request received from an ADR or AFR.\47\ Currently, this 
statutory requirement is implemented in Sec.  49.17(d)(4)(i), which 
provides that an SDR must promptly notify the Commission regarding 
``any'' request received by an ADR or AFR to gain access to swap data 
maintained by the SDR.
---------------------------------------------------------------------------

    \47\ See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7).
---------------------------------------------------------------------------

    To reduce the burden on SDRs and provide greater operational 
efficiency consistent with the intent of CEA section 21(c)(7), the 
Commission proposed to amend the SDR notification requirement in 
current Sec.  49.17(d)(4)(i) to require an SDR to notify the Commission 
(i) at the time that it receives the first request for access to swap 
data from a particular ADR or AFR and (ii) at any time that a swap data 
request from an ADR or AFR does not comport with the scope of the ADR's 
or AFR's jurisdiction, as described in the confidentiality arrangement 
required by proposed Sec.  49.18(a). As proposed, the amendment 
provided that, upon receiving either such request for data by a 
particular ADR or AFR, the SDR would be required to provide prompt 
electronic notification to the Commission of the request, in a format 
specified by the Secretary of the Commission, pursuant to proposed 
Sec.  49.17(d)(4)(ii). The SDR would be required to keep such 
notification and related requests confidential consistent with the 
requirements of CEA sections 21(c)(6) and (7) and related regulatory 
requirements set forth in Sec. Sec.  49.16 and 49.17.
    The Commission stated in the NPRM its belief that the proposed 
approach to SDR notification supports the Commission's need to be aware 
of who is able to access SDR swap data and what data has been accessed, 
while eliminating potentially costly, unwieldy and inefficient notice 
of every swap data request. Under the proposal, the Commission would be 
notified that a particular ADR or AFR has requested access to SDR swap 
data and would be able to examine SDR records of the ADR's or AFR's 
individual swap data requests, and the swap data provided, as the 
Commission deemed necessary.\48\
---------------------------------------------------------------------------

    \48\ The Commission stated in the NPRM that, consistent with the 
current recordkeeping requirements for SDRs in Sec.  45.2(f), SDRs 
are required to maintain records of all information related to the 
initial and all subsequent requests for swap data from ADRs and 
AFRs. The Commission stated that appropriate records would include, 
at a minimum, the identity of the ADR or AFR accessing the swap 
data, the date, time and substance of the request for access, 
confirmation that the request is consistent with the scope of the 
regulator's jurisdiction, and copies of all swap data provided by 
the SDR in connection with the request for access. The Commission 
added that, pursuant to Sec.  1.31, SDRs are required to maintain 
such records for a period of no less than five years after the date 
of such request and must provide this information to the Commission 
upon request.
---------------------------------------------------------------------------

    The Commission also proposed to amend Sec.  49.17(d)(4) by adding 
new paragraph (iii) to require each SDR that receives a request for 
access to its swap data from an ADR or AFR to determine, prior to 
providing such access, that the request is consistent with the scope of 
the ADR's or AFR's jurisdiction, as described in the confidentiality 
arrangement required by proposed Sec.  49.18(a).\49\ This verification 
would need to incorporate any subsequent changes to such scope of 
jurisdiction.
---------------------------------------------------------------------------

    \49\ The scope of jurisdiction would have been described in 
Exhibit A to the form of confidentiality arrangement set forth in 
proposed Appendix B to part 49.
---------------------------------------------------------------------------

    The Commission also proposed to require an ADR or AFR that has 
executed a confidentiality arrangement with the Commission pursuant to 
Sec.  49.18(a) and provided such confidentiality arrangement to one or 
more SDRs to notify the Commission and each such SDR of any change to 
such ADR's or AFR's scope of jurisdiction as described in such 
confidentiality arrangement. Additionally, the proposal enabled the 
Commission to direct an SDR to suspend, limit, or revoke access to swap 
data maintained by such SDR based on any such change to an ADR's or 
AFR's scope of jurisdiction, and required that, if so directed, such 
SDR must suspend, limit, or revoke such access.
    Proposed Sec.  49.17(d)(4)(iv) required SDR verification only once 
with respect to a request for ongoing or recurring access to particular 
data. Additionally, if there was a change in the request, the ADR or 
AFR would be obligated to make a new determination pursuant to proposed 
Sec.  49.17(d)(4)(iii). The Commission recognized that the proposed 
requirement would impose a burden on SDRs but noted that SDRs are 
obliged by CEA section 21(c)(7) to provide access ``pursuant to section 
8'' of the CEA, which, as discussed above, the Commission interprets as 
requiring a jurisdictional nexus to the information requested, 
consistent with CEA section 8(e). The Commission stated that it 
believed that, in such circumstances, SDRs must take a role in ensuring

[[Page 27417]]

compliance with those statutory restrictions of CEA section 21(c)(7).
2. Final Rules
    The Commission received several comments from the SDR Commenters on 
the proposed amendments to Sec.  49.17(d)(4). For the reasons stated 
above in section II.D.1. and stated in this section II.D.2., the 
Commission is adopting Sec.  49.17(d)(4)(i) through (iv) as proposed, 
with one exception. Specifically, the Commission is adopting Sec.  
49.17(d)(4)(iii) with one modification suggested by the SDR Commenters, 
as discussed below in section II.D.2.c.iii. In response to the SDR 
Commenters' comments, the Commission is also clarifying the guidance 
provided in the NPRM on Federal Register page 8,381, as discussed below 
in section II.D.2.a.ii.
a. Sec.  49.17(d)(4)(i)
i. Notices of Initial Access Requests and Requests Outside the Scope of 
Jurisdiction
    The SDR Commenters supported the proposed amendment to the 
notification provisions in current Sec.  49.17(d)(4)(i) to require SDRs 
to notify the Commission only of an initial ADR or AFR request for 
access to swap data (rather than every request for swap data), stating 
that this would reduce reporting burdens and increase operational 
efficiencies. However, the SDR Commenters stated that ``subsection 
Sec.  49.17(d)(4)(i) and (iii) should be modified to remove the 
requirement that an SDR determine whether swap data to which the ADR or 
AFR seeks access is within the then-current scope of such ADR's or 
AFR's jurisdiction.'' \50\ The SDR Commenters claimed that they ``are 
not the appropriate entities to determine the scope of a regulator's 
jurisdiction'' because ``[t]hey do not possess the means to do so 
correctly with current data fields'' \51\ and that the scope of 
jurisdiction determination ``must rest solely with the Commission.'' 
\52\ Accordingly, the SDR Commenters insisted that their 
responsibilities ``must be limited to providing access to the ADRs and 
AFRs in accordance with the specific, appended jurisdictional 
information clearly set forth in the documents describing the 
confidentiality arrangements negotiated by the Commission pursuant to 
Sec.  49.18.(a).'' \53\
---------------------------------------------------------------------------

    \50\ SDR Letter at 4. Proposed Sec.  49.17(d)(4)(i) states that 
a registered SDR shall notify the Commission promptly after 
receiving any request that does not comport with the scope of the 
ADR's or AFR's jurisdiction, as described and appended to the 
confidentiality arrangement required by proposed Sec.  49.18(a).
    \51\ SDR Letter at 3.
    \52\ SDR Letter at 2.
    \53\ SDR Letter at 4.
---------------------------------------------------------------------------

    The Commission declines to modify Sec.  49.17(d)(4)(i) to provide 
that an SDR does not need to determine whether swap data to which an 
ADR or AFR seeks access is within the then-current scope of such ADR's 
or AFR's jurisdiction. As noted above, SDRs are obliged by CEA section 
21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which 
the Commission interprets as requiring a jurisdictional nexus to the 
information requested, consistent with CEA section 8(e). However, for 
the reasons discussed below in response to the SDR Commenters' comments 
on proposed Sec.  49.17(d)(4)(iii) in relation to determining whether 
an ADR's or AFR's request for swap data is within the scope of its 
jurisdiction, the Commission expects SDRs' role in applying Sec.  
49.17(d)(4)(i) to be straightforward. As discussed below, the 
Commission will ensure that each ADR and AFR seeking swap data access 
provides each SDR from which it seeks such access a description, 
appended to the confidentiality arrangement required by proposed Sec.  
49.18(a), of the ADR's or AFR's scope of jurisdiction in a form that 
will lend itself to SDRs being readily able to determine whether a 
particular data request falls within the described scope of 
jurisdiction. As the Commission will have previously reviewed the 
described scope of jurisdiction before it is provided to an SDR as part 
of the confidentiality arrangement required by proposed Sec.  49.18(a), 
the SDR's role in ensuring that ADRs' and AFRs' swap data access is 
limited to swap data within the then-current scope of such ADR's or 
AFR's jurisdiction would be limited to appropriately circumscribing the 
scope of the swap data to which an ADR or AFR obtains access to match 
the ADR's or AFR's scope of jurisdiction, as described in the appendix 
to the confidentiality arrangement required by Sec.  49.18(a), and 
notifying the Commission if the SDR determines that a particular data 
request does not comport with the described scope of jurisdiction.
    Finally, Sec.  49.17(d)(4)(i) requires an SDR to notify the 
Commission of initial requests for data by an ADR or AFR and of 
requests for data that do not comport with the scope of jurisdiction of 
an ADR or AFR. These notifications are required to be provided, 
pursuant to Sec.  49.17(d)(4)(ii), in the format specified by the 
Secretary of the Commission. In response to a request from the SDR 
Commenters to specify that format, the Secretary of the Commission is 
now specifying that these notices should be provided to Commission 
staff at the email address [email protected].
ii. Recordkeeping
    Proposed Sec.  49.17(d)(4)(i) required each SDR to maintain 
records, pursuant to Sec.  49.12,\54\ of the details of an ADR's or 
AFR's initial request for SDR swap data access and of all subsequent 
requests by such ADR or AFR for such access. In the NPRM, the 
Commission explained that an SDR's obligation to maintain records of 
all information related to the initial and all subsequent requests by 
an ADR or AFR for swap data access, pursuant to proposed Sec.  
49.17(d)(4)(i) and existing Sec.  45.2(f), would require the retention 
of records that included, at a minimum, the identity of the ADR or AFR 
accessing the swap data, the date, time and substance of the request 
for access, confirmation that the request is consistent with the scope 
of the regulator's jurisdiction, and copies of all data reports and 
other aggregation of data provided in connection with the request for 
access.\55\
---------------------------------------------------------------------------

    \54\ Commission Regulation 49.12(a) requires SDRs to maintain 
their records in accordance with the requirements of part 45 of the 
Commission's regulations regarding the swap data required to be 
reported to SDRs. Commission Regulation 45.2(f) requires each SDR to 
keep complete records of all SDR-related business activities.
    \55\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork 
Reduction Act discussion of recordkeeping burdens).
---------------------------------------------------------------------------

    The SDR Commenters stated that ``the proposed requirement for SDRs 
to maintain copies of data reports and other aggregation of data 
provided in connection with the request [f]or access should be amended 
to avoid imposing unnecessary costs.'' \56\ The SDR Commenters also 
requested that ``additional detail as to what constitutes the `details 
of such initial request and of all subsequent requests' be included in 
the rule itself rather than merely mentioned in the preamble.'' \57\ 
The SDR Commenters characterized the recordkeeping requirements of 
proposed Sec.  49.17(d)(4)(i) as requiring that SDRs maintain data 
reports as financially burdensome, challenging to implement, and 
potentially decreasing information security, because the requirements 
could require an SDR ``to propagate a given data set more than once.'' 
\58\
---------------------------------------------------------------------------

    \56\ SDR Letter at 6.
    \57\ SDR Letter at 5-6.
    \58\ SDR Letter at 6.
---------------------------------------------------------------------------

    As an alternative to maintaining such reports, the SDR Commenters 
suggested that they create pre-formatted data

[[Page 27418]]

reports and make them available for download by ADRs and AFRs ``so that 
the record of access to such reports [would] be easily identifiable, in 
lieu of maintaining logs of queries and query conditions . . . .'' \59\ 
The SDR Commenters added that, if the Commission adopted their 
alternative, ``the parameters of the reports and the logic which is 
used to populate the reports is all that should have to be 
maintained.'' \60\ The SDR Commenters contended that the Commission 
should require only ``the saving of metadata around reports rather than 
the actual reports[.]'' \61\
---------------------------------------------------------------------------

    \59\ Id.
    \60\ Id.
    \61\ Id.
---------------------------------------------------------------------------

    After the NPRM was published in the Federal Register, Commission 
staff discussed the SDR Commenters' recordkeeping concerns, as set out 
in the SDR Letter, with the SDRs.\62\ Based on those discussions, the 
Commission understands that the SDR Commenters plan to provide swap 
data access to ADRs and AFRs in one of two ways: (1) Via pre-formatted 
reports that the SDR Commenters would make available for download by 
ADRs and AFRs or send to ADRs and AFRs, in each case on a regular 
basis; or (2) via a Web-based portal through which ADRs and AFRs could 
conduct customized searches of swap data.\63\ In those discussions, the 
SDR Commenters explained that they would not consider it unduly 
burdensome to maintain records of the pre-formatted reports (if they 
provide ADRs and AFRs access to swap data via pre-formatted reports) or 
records of both the parameters of the permitted access and the queries 
(if they provide such access via Web portal).
---------------------------------------------------------------------------

    \62\ Brief summaries of those ex parte communications are 
available on the Commission's website at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777.
    \63\ The swap data provided in the pre-formatted reports or 
through the Web-based portals would be limited to swap data within 
the particular ADR's or AFR's scope of jurisdiction, as described in 
the confidentiality arrangement required by Sec.  49.18(a).
---------------------------------------------------------------------------

    In response to the SDR Letter, and for the reasons explained by the 
SDR Commenters and described in this section, the Commission confirms 
that, as represented by the SDRs and consistent with the reasoning 
discussed in the NPRM,\64\ either of these means of providing swap data 
access to ADRs and AFRs would be acceptable. The Commission also 
confirms that SDRs may satisfy their recordkeeping duties under Sec.  
49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre-
formatted swap data reports; or (2)(a) the parameters of Web portal 
swap data access and (b) queries run by ADRs and AFRs using such 
access.
---------------------------------------------------------------------------

    \64\ See, e.g., NPRM at 8385 (stating that the Commission is 
proposing not to specify a particular means of ADRs and AFRs 
accessing swap data) and 8386 (stating that the Commission expects 
that SDRs would choose the lowest cost means of access consistent 
with their statutory obligation to provide ADRs and AFRs access to 
swap data and other constraints).
---------------------------------------------------------------------------

iii. Aggregated Data
    The SDR Commenters also expressed concerns that the Commission's 
statement that proposed Sec.  49.17(d)(4)(i) and existing Sec.  42.5 
would require retention of copies of all other aggregation of data 
provided in connection with the request for access was intended to 
impose a requirement to provide aggregated data to ADRs or AFRs. To 
address that concern, the SDR Commenters asked the Commission to 
specify that SDRs would not be required to provide ADRs or AFRs with 
aggregated data and that SDRs are required to provide only raw swap 
transaction data, in the form of, for example, pre-formatted reports or 
via Web-based portal access.\65\
---------------------------------------------------------------------------

    \65\ See SDR Letter at 6.
---------------------------------------------------------------------------

    In response to the foregoing comment, and for the reasons explained 
by the SDR Commenters and described in this section, the Commission 
clarifies that SDRs are required to provide ADRs and AFRs only raw swap 
transaction data in the form in which SDRs maintain such data. The 
Commission further clarifies that SDRs are not required to aggregate or 
manipulate raw swap transaction data to provide it to ADRs or AFRs in 
customized formats or reports requested thereby. Through its 
consultations with certain ADRs as required by section 712(a)(1) of the 
Dodd-Frank Act,\66\ the Commission understands that those ADRs 
enumerated in Sec.  49.17(b)(1)(i) through (vi) that are interested in 
accessing SDR swap data are capable of receiving such data and 
manipulating and analyzing such data using their own systems.
---------------------------------------------------------------------------

    \66\ Section 712(a)(1) of the Dodd-Frank Act provides that 
before commencing any rulemaking or issuing an order regarding swap 
data repositories, the Commission shall consult and coordinate to 
the extent possible with the Securities and Exchange Commission and 
the prudential regulators for the purposes of assuring regulatory 
consistency and comparability.
---------------------------------------------------------------------------

    After considering the comments on proposed Sec.  49.17(d)(4)(i), 
for the reasons described above, the Commission is adopting the 
amendments to Sec.  49.17(d)(4)(i) as proposed.
b. Sec.  49.17(d)(4)(ii)
    The Commission proposed only minor, clarifying changes to Sec.  
49.17(d)(4)(ii) and did not receive any comments thereon. The 
Commission is adopting the amendments to Sec.  49.17(d)(4)(ii) as 
proposed.
c. Sec.  49.17(d)(4)(iii)
i. Scope of an ADR's or AFR's Jurisdiction
    The SDR Commenters commented that ``the determination as to scope 
of jurisdiction must rest solely with the Commission'' \67\ because 
``[t]he SDRs do not have, and are not required to have[,] information 
sufficient to determine whether requested swap data is within the 
ADR['s] or AFR[']s scope of jurisdiction.'' \68\ The SDR Commenters 
contended that, if the Commission wants the SDRs to play a role in 
determining whether swap data is subject to the jurisdiction of any 
particular ADR or AFR, the Commission would need to ``amend the current 
Part 43 and Part 45 fields to provide the SDRs with the basis to make 
these determinations.'' \69\ The SDR Commenters added that they 
``should not be expected to make interpretations about jurisdictional 
questions from ambiguous data points.'' \70\
---------------------------------------------------------------------------

    \67\ SDR Letter at 2.
    \68\ Id. at 3.
    \69\ Id. at 4.
    \70\ Id.
---------------------------------------------------------------------------

    On this point, the SDR Commenters explained that ``[t]he current 
Part 43 and Part 45 data fields do not yield information that would 
allow an SDR to identify trades that fall within an ADR['s] or AFR's 
jurisdiction definitively.'' \71\ They recommended that ADRs and AFRs 
``should be required to provide a[ ] . . . list of Part[ ] 43 and 45 
data fields (e.g., legal entity identifiers (``LEIs'') of the reporting 
counterparty and non-reporting party[and] the unique product identifier 
(``UPI'')) and parameters for such data fields'' \72\ that would 
clearly indicate to the SDRs which swaps fall within an ADR's or AFR's 
jurisdiction. The SDR Commenters contended that such a list of Part 43 
and 45 data fields is necessary because ``no Part 43 or 45 data fields 
. . . by themselves identify swaps that fall within an ADR['s] or AFR's 
jurisdiction.'' \73\
---------------------------------------------------------------------------

    \71\ Id.
    \72\ Id.
    \73\ Id.
---------------------------------------------------------------------------

    The SDR Commenters contended that the benefits of their proposed 
approach would include ensuring that SDRs grant access in a consistent 
manner and that the security controls established by an SDR according 
to Part 43 or 45 parameters would prevent access to swap data outside 
the scope of an ADR's or AFR's jurisdiction. The SDR

[[Page 27419]]

Commenters recommended the following changes to the proposed 
regulations to effectuate their proposed approach:
     Removing proposed Sec.  49.17(d)(4)(iv) completely;
     removing the requirement in proposed Sec.  49.17(d)(4)(i) 
and (iii) that an SDR determine whether swap data to which an ADR or 
AFR seeks access is within the then-current scope of such ADR's or 
AFR's jurisdiction;
     replacing the ``negative requirement'' not to provide 
access unless such a determination has been made with a ``positive 
requirement'' to provide access that comports with the jurisdictional 
determination made by the Commission, which determination is clearly 
spelled out in the confidentiality arrangement;
     modifying paragraph Sec.  49.17(d)(4)(iii) to state that 
any requested change in an ADR's or AFR's scope of jurisdiction, as 
described in the confidentiality arrangement required by proposed Sec.  
49.18(a), should be agreed to between the Commission and the ADR or AFR 
and the information appended to the confidentiality arrangement should 
be amended accordingly and provided to the SDRs for implementation; and
     revising the description of Exhibit A in the 
confidentiality arrangement to state that the ``description of scope of 
jurisdiction'' must include a list of part 43 and part 45 fields and 
specific parameters.\74\
---------------------------------------------------------------------------

    \74\ Id. at 4 and 5.
---------------------------------------------------------------------------

    After considering the SDR Commenters' comments and consulting with 
certain ADRs as required by section 712(a)(1) of the Dodd-Frank Act, 
the Commission agrees with the SDR Commenters that SDRs should not be 
responsible for determining the scope of an ADR's or AFR's 
jurisdiction, for the reasons explained by the SDR Commenters and 
described in this section. The Commission believes, however, that SDRs 
should be responsible for limiting ADRs' and AFRs' access to swap data 
to those swap data within ADRs' and AFRs' then-current scopes of 
jurisdiction, as described in the appendix to the confidentiality 
arrangement required by Sec.  49.18(a). As noted above, SDRs are 
obligated by CEA section 21(c)(7) to provide access ``pursuant to 
section 8'' of the CEA, which the Commission interprets as requiring a 
jurisdictional nexus to the information requested, consistent with CEA 
section 8(e).
    For the swap data sharing goal of CEA section 21(c)(7) to be 
achieved, an ADR's or AFR's description of its scope of jurisdiction 
must allow the SDRs to establish objective parameters for determining 
whether a particular data request falls within such scope of 
jurisdiction, without undue obstacles. The Commission believes that a 
system requiring legal analysis by the SDRs (a possible result, 
depending on how ADRs and AFRs describe their scopes of jurisdiction) 
for each ADR/AFR swap data request is impractical at best and could 
lead to very slow data access and disparate results across SDRs. 
Consequently, the Commission supports the spirit of the SDR Commenters' 
proposal that relevant Part 43/45 data fields could be used to assist 
in clarifying an ADR's or AFR's scope of jurisdiction, for purposes of 
SDR swap data access.\75\
---------------------------------------------------------------------------

    \75\ The SDR Commenters' approach, by permitting automation, 
could expedite swap data access. The SDR Commenters' approach could 
also eliminate the potential for inconsistent determinations by 
different SDRs.
---------------------------------------------------------------------------

    The Commission intends to review each ADR's and AFR's description 
of its scope of jurisdiction and ensure that such descriptions are 
presented in the confidentiality arrangement in a form SDRs can readily 
adapt to SDR-developed swap data reports and/or search parameters. The 
Commission also interprets CEA section 21(c)(7) as imposing on SDRs the 
duty to limit ADRs' and AFRs' access to swap data to those swap data 
within ADRs' and AFRs' scope of jurisdiction. The description of an 
ADR's or AFR's scope of jurisdiction will be appended to the 
confidentiality arrangement that is executed between the ADR or AFR and 
the Commission and provided to SDRs. An SDR's duty with respect to this 
description of the ADR's or AFR's scope of jurisdiction is to ensure 
that the swap data provided to the ADR or AFR is limited to those 
records that fall within the description appended to the 
confidentiality arrangement. For example, if the description is based 
on a list of LEIs representing entities that a particular ADR 
regulates, then the SDR's duty would be to provide all swap data 
associated with the fields in which those LEIs appear (e.g., the fields 
associated with counterparty identifiers), as those fields are set 
forth in the description provided by the ADR. As the SDR Commenters 
acknowledged in discussions with Commission staff, this would make 
fulfilling their obligations under CEA section 21(c)(7) and Sec.  
49.17(d)(4), as proposed, straightforward to apply.
    The Commission anticipates that, as a practical matter, ADRs and 
AFRs generally will describe their then-current scopes of jurisdiction, 
as appended to the confidentiality arrangement required by Sec.  
49.18(a), in terms of LEIs and possibly also UPIs or other product 
identifiers. Although there may be some limitations of using LEIs and 
product identifiers (e.g., in limited instances where blank or 
incorrect data entries remain in LEI fields, LEIs are masked in a 
number of cases to reflect certain other jurisdictions' privacy law 
limits on disclosure, and the Commission has yet to designate a UPI and 
product classification system), the Commission believes these data 
elements represent the most useful method of describing ADRs' and AFRs' 
scopes of jurisdiction.\76\
---------------------------------------------------------------------------

    \76\ In addition, if the scope of an ADR's or AFR's jurisdiction 
supports receiving all swap data with respect to entities over which 
an ADR or AFR exercises oversight, the ADR or AFR may not need to 
use product identifiers at all--it may be able to use LEIs alone to 
describe the scope of its jurisdiction.
---------------------------------------------------------------------------

    It also is possible that an ADR or AFR will be able to convey its 
scope of jurisdiction without using part 43 or part 45 data fields in a 
way that SDRs will be able to easily apply. The SDR Letter itself 
acknowledged the possibility that other part 43 or part 45 data fields 
may be relevant in describing ADRs' and AFRs' scopes of 
jurisdiction.\77\ For example, it is conceivable that an ADR's scope of 
jurisdiction may include all swap data maintained at SDRs (though the 
Commission does not anticipate that this will be the case with respect 
to most ADRs). In such case, it would not be necessary to use part 43, 
part 45 or any other swap data fields to delineate the scope of an 
ADR's or AFR's jurisdiction. For the foregoing reasons, the Commission 
declines to specifically require the use of part 43 or part 45 data 
fields to describe an ADR's or AFR's scope of jurisdiction.
---------------------------------------------------------------------------

    \77\ For example, the SDR Letter noted that ``an indication of 
whether a swap is a mixed swap'' could constitute a part 43 or 45 
data field that ``determine[s] . . . which swaps fall within an ADR 
or AFR's jurisdiction.'' SDR Letter at 4. Also, in ex parte 
communications following the publication of the NPRM, the SDR 
Commenters acknowledged that other fields could potentially be 
relevant as well.
---------------------------------------------------------------------------

    The Commission also declines to act on the SDR Commenters' request 
to delete proposed Sec.  49.17(d)(4)(iv), which provides that SDRs need 
only make a jurisdictional determination with respect to an ADR's or 
AFR's swap data access request once for a recurring request and once 
each time the parameters of the access requests change. The SDR 
Commenters expressed support in the SDR Letter for that single 
determination concept and appear to have requested the deletion of

[[Page 27420]]

proposed Sec.  49.17(d)(4)(iv) because it would impose a jurisdictional 
determination requirement on SDRs. As explained above, however, the 
requirement for an SDR to ensure that a data access request is within 
the then-current scope of an ADR's or AFR's jurisdiction, as described 
in an appendix to the confidentiality arrangement required by Sec.  
49.18(a), is required by statute and should impose a minimal burden on 
SDRs.
    For the reasons described below in section II.D.2.c.ii., the 
Commission declines to modify proposed Sec.  49.17(d)(4)(iii) to state 
that any change in an ADR's or AFR's swap data access based on a change 
in its scope of jurisdiction should be agreed to between the Commission 
and the ADR or AFR, and the jurisdictional description appended to the 
confidentiality arrangement should be amended accordingly and provided 
to the SDRs for implementation.
ii. Changes to an ADR's or AFR's Scope of Jurisdiction
    The SDR Commenters stated that the Commission should amend Sec.  
49.17(d)(4)(iii) to require that the Commission and an ADR or AFR agree 
to any change to the SDR swap data that an ADR or AFR may access based 
on a change in the ADR's or AFR's scope of jurisdiction, which should 
then be reflected in an updated confidentiality arrangement provided to 
the SDRs.\78\
---------------------------------------------------------------------------

    \78\ See SDR Letter at 4.
---------------------------------------------------------------------------

    The Commission believes Sec.  49.17(d)(4)(iii), as proposed, 
addresses the SDR Commenters' comment. The first sentence states that 
an SDR shall not grant an ADR or AFR access to swap data maintained by 
the SDR unless the SDR has determined that the swap data to which the 
ADR or AFR seeks access is within the then-current scope of such ADR's 
or AFR's jurisdiction, as described and appended to the confidentiality 
arrangement required by Sec.  49.18(a). Accordingly, once an SDR 
receives that jurisdictional description, it can rely on that 
description until it either receives a new jurisdictional description 
or is directed by the Commission to suspend, limit, or revoke an ADR's 
or AFR's swap data access.
    The second sentence of Sec.  49.17(d)(4)(iii), as proposed, 
requires that each ADR or AFR that has executed a confidentiality 
arrangement with the Commission pursuant to Sec.  49.18(a) and provided 
it to one or more SDRs shall notify the Commission and each such SDR of 
any change to such ADR's or AFR's scope of jurisdiction, as described 
in such confidentiality arrangement. This puts the burden on each ADR 
and AFR to inform the Commission, and each SDR from which an ADR and 
AFR receives swap data, of changes to such ADR's or AFR's 
jurisdiction.\79\ The Commission would review any such changes, which 
the Commission expects will be in the form of an updated jurisdictional 
description and, unless the Commission found an error or other issue in 
the updated jurisdictional description, expects to advise the relevant 
ADR or AFR that it could provide the relevant SDRs the updated scope of 
jurisdiction description.
---------------------------------------------------------------------------

    \79\ The Commission expects each ADR and AFR to also notify (in 
writing) the Commission and each SDR from which the ADR or AFR 
receives swap data of proposed changes to the ADR's or AFR's 
jurisdiction. With such advance notice, the Commission would seek to 
consider the implications, if any, of such changes, if finalized as 
proposed, for the scope of SDR swap data to which the ADR or AFR 
could have access. With suitable advance notice from the ADR or AFR, 
the SDRs could implement such changes contemporaneously with the 
time an ADR's or AFR's scope of jurisdiction changes.
---------------------------------------------------------------------------

    If the ADR's or AFR's scope of jurisdiction were to become more 
narrow, the Commission could use its authority pursuant to the third 
sentence of proposed Sec.  49.17(d)(4)(iii) to direct the relevant SDRs 
to suspend, limit, or revoke access to swap data maintained by such SDR 
based on any such change to such ADR's or AFR's scope of jurisdiction, 
in which case such SDR shall so suspend, limit, or revoke such access. 
If the ADR's or AFR's scope of jurisdiction were to expand, as a 
practical matter, the ADR or AFR could not obtain swap data relevant to 
such expanded jurisdiction until the SDRs could update the parameters 
of their means of providing access accordingly, which the Commission 
would expect them to do no later than the earlier of (1) the earliest 
date such SDR, exercising commercially reasonable efforts in light of 
its obligations under the CEA and the Commission's regulations, is able 
to update the parameters of swap data access to match the ADR's or 
AFR's new scope of jurisdiction and (2) 180 days after the SDR receives 
those new parameters.
iii. Written Notices
    The SDR Commenters contended that ``[p]roposed Sec.  
49.17(d)(4)(iii) should specify that any request by the Commission to 
the SDR to suspend, limit, or revoke access to swap data should be 
provided in writing.'' \80\ The Commission agrees that such an 
important action should be provided in writing to avoid 
misunderstandings and to provide a record on which SDRs can rely. 
Accordingly, Sec.  49.17(d)(4)(iii), as adopted, provides that an SDR 
is required to suspend, limit, or revoke an ADR's or AFR's access to 
the swap data maintained by such SDR only if the Commission 
communicates such instruction to the SDR in writing.
---------------------------------------------------------------------------

    \80\ SDR Letter at 7.
---------------------------------------------------------------------------

d. Sec.  49.17(d)(4)(iv)
    The Commission proposed in Sec.  49.17(d)(4)(iv) that an SDR need 
not make the scope of jurisdiction determination required pursuant to 
proposed Sec.  49.17(d)(4)(iii) more than once with respect to a 
recurring swap data request but that, if such request changed, the SDR 
would have to make a new determination pursuant to Sec.  
49.17(d)(4)(iii). The SDR Commenters requested that the Commission 
remove proposed Sec.  49.17(d)(4)(iv), but the Commission understands 
this request to have been rooted in the SDR Commenters' concern that 
SDRs are not well suited to make a jurisdictional determination with 
respect to an ADR's or AFR's request for swap data, as discussed above 
in section II.D.4.c.i. For the reasons discussed therein, the 
Commission considers those concerns otherwise addressed and is adopting 
Sec.  49.17(d)(4)(iv) as proposed.\81\
---------------------------------------------------------------------------

    \81\ As discussed above, the Commission is not mandating that 
SDRs perform an analysis of an ADR's or AFR's scope of jurisdiction. 
Instead, the Commission is obligating SDRs to apply the scope of 
jurisdiction as defined in the confidentiality arrangement required 
by Sec.  49.18(a).
---------------------------------------------------------------------------

E. New Sec.  49.17(i): Delegation of Authority

    In the interest of expedience and efficiency in determining 
appropriateness of access by ADRs and AFRs, the Commission proposed (1) 
to delegate all functions reserved to the Commission in Sec.  49.17 to 
the Director of the Division of Market Oversight (``DMO'') and to such 
members of the Commission's staff acting under his or her direction as 
he or she may designate from time to time and (2) that the DMO Director 
could submit any such delegated matter to the Commission for its 
consideration and that nothing prevents the Commission from exercising 
the delegated authority. The Commission received no comments in 
response to proposed Sec.  49.17(i) and is adopting it as proposed.

F. CEA Section 21(d) Confidentiality Agreements: Amendments to Sec.  
49.18

    CEA section 21(d), as amended by the FAST Act, requires that, prior 
to providing swap data to a 21(c)(7) entity, an SDR shall receive a 
written agreement from each entity stating that the entity shall abide 
by the

[[Page 27421]]

confidentiality requirements described in CEA section 8 relating to the 
information on swap transactions that is provided.\82\ As originally 
adopted, the part 49 rules required that such confidentiality 
agreements be executed between the SDR and the 21(c)(7) entity.\83\ The 
Commission proposed in the NPRM to modify its part 49 rules to add a 
new Sec.  49.18(a) requiring that a confidentiality arrangement be 
executed by and between the ADR or AFR and the Commission.\84\ Once the 
ADR or AFR and the Commission have executed a confidentiality 
arrangement, the ADR or AFR may present the executed document to any 
SDR from which it requests access to swap data in satisfaction of CEA 
section 21(d).
---------------------------------------------------------------------------

    \82\ See CEA section 21(d). 7 U.S.C. 24a(d), as amended by the 
FAST Act.
    \83\ See Sec. Sec.  49.17(d)(6) and 49.18(b), as in effect prior 
to this adopting release.
    \84\ The Commission notes that the SEC has implemented a similar 
approach with respect to the execution of the required agreement. 
See Access to Data Obtained by Security-Based Swap Data 
Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2, 2016) (SEC 
rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and associated preamble 
text) (``SEC Indemnification Rule'').
---------------------------------------------------------------------------

    Based on its experience with SDRs and swap data access since the 
adoption of part 49 in 2011, and on further consideration of the 
relationship between CEA sections 21 and 8, the Commission believed 
this change was consistent with the statutory framework established by 
Congress in CEA sections 21(d) and 21(c)(7) and more directly conforms 
to the confidentiality mandate of CEA section 8. The Commission stated 
its belief that this change would promote regulatory efficiency and 
reduce costs to SDRs, ADRs and AFRs while ensuring the confidentiality 
of SDR swap data.
    To further promote regulatory efficiency, the Commission proposed a 
Confidentiality Arrangement Form for use by ADRs and AFRs. The 
Commission expects its use by ADRs and AFRs to significantly reduce the 
need for these entities to negotiate separate, SDR-specific 
confidentiality arrangements with the Commission. The Confidentiality 
Arrangement Form also will benefit the Commission by allowing it to use 
a single form of confidentiality arrangement rather than a different 
version for each ADR and AFR. This Confidentiality Arrangement Form 
also will eliminate the costs and potential inefficiencies for the SDRs 
that are inherent in requiring each SDR to negotiate confidentiality 
arrangements with a potentially large number of ADRs and AFRs. 
Similarly, the Confidentiality Arrangement Form will also eliminate 
costs and inefficiencies for ADRs and AFRs that would be incurred if 
each ADR and AFR has to negotiate and execute a unique confidentiality 
arrangement with each SDR. Finally, the Commission believes that 
widespread use of the Confidentiality Arrangement Form will facilitate 
timely access to SDR swap data by ADRs and AFRs by reducing or 
eliminating instances in which the Commission and its staff need to 
devote time and resources to developing and reviewing individualized 
confidentiality arrangements.
1. Current Rule
    The Commission adopted Sec.  49.18 to implement CEA sections 
21(d)(1) and (2) as originally enacted. Accordingly, the current rule 
obligates SDRs to execute a ``Confidentiality and Indemnification 
Agreement'' before providing SDR swap data to an ADR or AFR. In the 
FAST Act, Congress repealed the indemnification requirement in CEA 
section 21(d)(2), and the Commission proposed in the NPRM certain 
conforming amendments to Sec.  49.18 to remove references to 
indemnification.
    Separately, the Commission proposed in the NPRM to amend Sec.  
49.18 to modify the substantive requirements of the confidentiality 
arrangement and the parties to the confidentiality arrangement, to 
establish conditions for restricting or revoking access to SDR swap 
data, and to clarify the confidentiality obligations of ADRs and AFRs 
with regulatory responsibility over an SDR.
2. Proposed Amendments to Sec.  49.18(a): Confidentiality Arrangement 
Required Prior to Disclosure of Swap Data
    The Commission proposed to remove existing Sec.  49.18(a) \85\ and 
add a new Sec.  49.18(a) requiring that an SDR, before providing access 
to swap data maintained by the SDR to an ADR or AFR, receive a 
confidentiality arrangement executed by the Commission and the ADR or 
AFR that, at a minimum, contains all elements described in Sec.  
49.18(b), as amended.
---------------------------------------------------------------------------

    \85\ Existing Sec.  49.18(a) describes the purpose of Sec.  
49.18.
---------------------------------------------------------------------------

3. Proposed Amendments to Sec.  49.18(b): Required Elements of the 
Confidentiality Arrangement
    The Commission proposed to amend Sec.  49.18(b) \86\ to include a 
requirement that the confidentiality arrangement required pursuant to 
Sec.  49.18(a) shall, at a minimum, include all elements included in 
the Confidentiality Arrangement Form. As proposed, paragraph 5 of the 
Confidentiality Arrangement Form required an ADR or AFR to undertake 
that it will be acting within the scope of its jurisdiction each time 
it requests swap data from an SDR, and to promptly notify the 
Commission and each relevant SDR if the scope of the ADR's or AFR's 
jurisdiction changes. As proposed, paragraph 5 of the Confidentiality 
Arrangement Form also required ADRs and AFRs to employ procedures to 
maintain the confidentiality of swap data received from an SDR and any 
information and analyses derived therefrom (the swap data and such 
information are referred to collectively in the Confidentiality 
Arrangement Form as the ``Confidential Information'').
---------------------------------------------------------------------------

    \86\ Existing Sec.  49.18(b) requires an SDR to receive a 
confidentiality agreement from a 21(c)(7) entity before granting the 
21(c)(7) entity access to swap data maintained by the SDR. As 
discussed above, the Commission proposes to address in Sec.  
49.18(a), as adopted herein, the confidentiality agreement condition 
to swap data access.
---------------------------------------------------------------------------

    As proposed, paragraph 6 of the Confidentiality Arrangement Form 
required ADR and AFR signatories to employ the following safeguards to 
maintain the confidentiality of the Confidential Information:
     To the maximum extent practicable, maintain Confidential 
Information received from SDRs separately from other data and 
information; \87\
---------------------------------------------------------------------------

    \87\ Without limitation, ADRs and AFRs seeking useful guidance 
for Confidential Information segregation can look to the data 
segregation standards contained in the National Institute of 
Standards and Technology (``NIST'') Special Publication 800-53, 
Revision 4, Security and Privacy Controls for Federal Information 
Systems and Organizations (April 2013) (``NIST Document''), 
available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. The NIST Document also references 
international security standards in Appendix H (International 
Information Security Standards). See also the Federal Information 
Security Management Act of 2002, as amended (``FISMA''), 44 U.S.C. 
3541. As the Commission has previously noted in a different context, 
FISMA ``is a source of cybersecurity best practices and also 
establishes legal requirements for federal government agencies . . . 
.'' System Safeguards Testing Requirements, 80 FR 80139, 80142 Dec. 
23, 2015) (``Registered Entity Cyber NPRM''). The Commission adopted 
final rules based on the Registered Entity Cyber NPRM. See System 
Safeguards Testing Requirements, 81 FR 64271 (Sept. 19, 2016) 
(``Final Registered Entity Cyber Rules'').
---------------------------------------------------------------------------

     protect such Confidential Information from 
misappropriation and misuse; \88\
---------------------------------------------------------------------------

    \88\ This should include cybersecurity measures. As the 
Commission detailed in a different context in the Final Registered 
Entity Cyber Rules, ``cyber threats to the financial sector continue 
to expand.'' See id. at 64272. See also System Safeguards Testing 
Requirements for Derivatives Clearing Organizations, 80 FR 80113, 
80114-80115 (Dec. 23, 2015) (describing escalating and evolving 
cybersecurity threats); Registered Entity Cyber NPRM at 80140-80141 
(describing, inter alia, the then-current cybersecurity threat 
environment).

---------------------------------------------------------------------------

[[Page 27422]]

     ensure that only ADR or AFR personnel with a need to 
access particular Confidential Information to perform their job 
functions related to such Confidential Information have access thereto 
and that such access is permitted only to the extent necessary to 
perform such job functions; \89\
---------------------------------------------------------------------------

    \89\ One basic principle of data security is that only those 
with a need to access data to perform their work should be granted 
access to such data. See, e.g., Framework for Improving Critical 
Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at 
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the ``Protect'' element of a core 
cybersecurity framework as one where ``[a]ccess to assets and 
associated facilities is limited to authorized users, processes, or 
devices, and to authorized activities and transactions.'').
---------------------------------------------------------------------------

     prevent the disclosure of aggregated Confidential 
Information, unless sufficiently aggregated and anonymized to prevent 
identification, through disaggregation or otherwise, of a market 
participant's business transactions, trade data, market positions, 
customers or counterparties; \90\
---------------------------------------------------------------------------

    \90\ The Commission understands that ADRs and AFRs may want to 
use aggregated and anonymized information derived from SDR swap data 
in analyses that may be made public. Cf. U.S. GOV'T ACCOUNTABILITY 
OFFICE, GAO-16-175, FINANCIAL REGULATION: COMPLEX AND FRAGMENTED 
STRUCTURE COULD BE STREAMLINED TO IMPROVE EFFECTIVENESS 71-75 (2016) 
(``GAO Report''), available at http://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and 
related confidentiality issues and protections surrounding sharing 
aggregated and disaggregated information provided by other 
agencies). The Commission believes that, when properly aggregated 
and anonymized, information derived from SDR swap data generally can 
be disclosed without violating the requirement in CEA section 21(d) 
that a recipient of swap data agree, with respect to the information 
on swap transactions that is provided by an SDR, to abide by the 
confidentiality requirements described in CEA section 8. Cf. Sec.  
49.16(c) (providing that subject to Section 8 of the Act, SDRs may 
disclose aggregated swap data on a voluntary basis or as requested 
in the form and manner prescribed by the Commission); SDR Final 
Rules at 54551 (providing that the Commission believes that it is 
permissible under the Dodd-Frank Act and part 49 of the Commission's 
regulations for an SDR to disclose, for non-commercial purposes, 
data on an aggregated basis such that the disclosed data reasonably 
cannot be attributed to individual transactions or market 
participants.). In certain cases, however, even aggregated 
information may enable a reader to determine a market participant's 
business transactions, trade secrets (e.g., algorithms) or 
positions. Thus, the Confidentiality Arrangement Form requires ADRs 
and AFRs to implement safeguards designed to appropriately limit the 
use of information that has been aggregated from SDR swap data and 
to disclose aggregated information only if it is sufficiently 
anonymized to prevent the identification, through disaggregation or 
otherwise, of a market participant's business transactions, trade 
data, market positions, customers or counterparties. ADRs and AFRs 
can look to Sec.  43.4(d)(1) and (4) and (g) for guidance on 
anonymization principles.
---------------------------------------------------------------------------

     prohibit the use of Confidential Information by ADR or AFR 
personnel for any improper purpose; and
     include a process for monitoring compliance with the 
confidentiality safeguards described in the Confidentiality Arrangement 
Form and for promptly notifying the CFTC and each relevant SDR of any 
violation of the safeguards or failure to fulfill the terms of the 
confidentiality arrangement.
    As proposed, paragraph 7 of the Confidentiality Arrangement Form 
also precluded, with limited exceptions, ADRs and AFRs from disclosing 
any Confidential Information, via onward sharing \91\ or otherwise. One 
exception was for aggregated Confidential Information that is 
anonymized to prevent identification (through disaggregation or 
otherwise) of a market participant's business transactions, trade data, 
market positions, customers or counterparties. The other exception was 
described in proposed paragraphs 8.a through 8.c., as described below.
---------------------------------------------------------------------------

    \91\ The Commission interprets the restrictions on disclosure 
contained in CEA section 8 that are incorporated in CEA sections 
21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing 
swap data it obtains from an SDR.
---------------------------------------------------------------------------

    As proposed, paragraphs 8.a through 8.c. of the Confidentiality 
Arrangement Form required specified federal, state or local U.S. ADRs 
and specified foreign AFRs to undertake that they will not disclose 
Confidential Information except in specified actions, adjudicatory 
actions or proceedings under relevant law.
    As proposed, paragraph 9 of the Confidentiality Arrangement Form 
contained certain provisions requiring ADRs and AFRs to notify the 
Commission, and take certain protective actions, prior to disclosing 
Confidential Information in circumstances where an ADR or AFR receives 
a legally enforceable demand to disclose Confidential Information.
    As proposed, paragraph 11 of the Confidentiality Arrangement Form 
required ADRs and AFRs accessing swap data from SDRs to comply with all 
applicable security-related requirements imposed by an SDR in 
connection with access to such swap data, as such requirements may be 
revised from time to time. Because, subject to specified conditions, 
CEA sections 21(c)(7) and 21(d) require SDRs to provide ADRs and AFRs 
access to swap data, the Commission expects that SDRs will not impose 
security-related access requirements beyond those that are necessary to 
ensure the privacy and confidentiality of SDR swap data. The Commission 
further expects that SDRs' security-related access requirements for 
ADRs and AFRs would be akin, if not identical, to the requirements SDRs 
impose on others (e.g., the Commission, reporting counterparties) to 
whom SDRs provide swap data access.
    To further protect the confidentiality of SDR swap data, paragraph 
12 of the Confidentiality Arrangement Form, as proposed, required ADR 
and AFR signatories to promptly destroy all Confidential Information 
for which they no longer have a need or which no longer falls within 
their scope of jurisdiction.\92\ The Commission stated in the proposal 
that, although it may be the case that ADRs or AFRs will use some or 
all Confidential Information in perpetuity, if they no longer have a 
need for Confidential Information, they should destroy such 
Confidential Information to prevent its misuse. Similarly, the 
Commission stated in the proposal that if an SDR inadvertently provides 
to an ADR or AFR swap data outside the scope of the ADR's or AFR's 
jurisdiction, such swap data also should be destroyed immediately after 
the ADR or AFR discovers that such swap data is outside the scope of 
its jurisdiction. The Commission clarifies here that, although it is 
adopting paragraph 12 of the Confidentiality Arrangement Form as 
proposed, if a recordkeeping obligation that is legally binding on an 
ADR or AFR would prohibit destroying swap data, the ADR or AFR would 
not need to destroy swap data in contravention of such prohibition.
---------------------------------------------------------------------------

    \92\ Paragraph 12 of the Confidentiality Arrangement Form, as 
proposed, also required ADR and AFR signatories to certify to the 
CFTC, upon request, that they have destroyed such swap data.
---------------------------------------------------------------------------

    The proposed rule required that a confidentiality arrangement 
include an exhibit (Exhibit A) describing the scope of jurisdiction of 
the ADR or AFR signatory. If such signatory is not an Enumerated ADR, 
the ADR or AFR would attach the Commission Determination Order 
described in Sec.  49.17(h) as Exhibit A to the confidentiality 
arrangement.\93\ If such signatory is an Enumerated ADR, it would 
attach, as Exhibit A to the confidentiality arrangement, a detailed 
description of its scope of jurisdiction as it relates to the swap data 
maintained by SDRs that the Enumerated ADR would seek to access. The 
description appended as Exhibit A to the confidentiality arrangement 
would be used by SDRs to verify that each particular swap data request 
is within the scope of the requesting entity's jurisdiction.
---------------------------------------------------------------------------

    \93\ As noted above, the Commission expects that the applicant 
would provide a description of its scope of jurisdiction as part of 
the Determination Order process.
---------------------------------------------------------------------------

    While the Confidentiality Arrangement Form, as proposed, would

[[Page 27423]]

require ADRs and AFRs to make certain undertakings before being granted 
access to SDR swap data, it afforded ADRs and AFRs the discretion to 
determine how to comply with those obligations with respect to swap 
data received from an SDR. Additionally, the Commission stated that to 
the extent the proposed rule did not address a relevant confidentiality 
issue that arose after an ADR or AFR commenced accessing swap data, the 
Commission expected affected ADRs and AFRs to take appropriate measures 
to safeguard affected swap data and advise the Commission of such issue 
promptly so that the Commission may consider appropriate action.
4. Proposed Removal of Sec.  49.18(c): ADRs and AFRs With Regulatory 
Responsibility Over an SDR
    The Commission proposed removing current Sec.  49.18(c), which 
provides that the indemnification and confidentiality requirements 
established in Sec.  49.18(b) do not apply to certain ADRs and AFRs 
with regulatory responsibility over an SDR, but requires such 
regulators to comply with CEA section 8 and any other relevant 
statutory confidentiality authorities. As noted above in section II.B. 
relating to Sec.  49.17(d)(2) and (3), the Commission believed that 
those domestic regulators and Foreign Regulators that have regulatory 
responsibility over an SDR should be able to access swap data reported 
to such SDR pursuant to such other regulator's regulatory regime, 
without the limitations set out in current Sec.  49.18(c). Therefore, 
the Commission submitted in the NPRM that Sec.  49.18(c) is not 
appropriate. In addition, the Commission noted that Sec.  49.17(d)(2) 
and (3) already provided that the confidentiality and indemnification 
requirements of Sec.  49.18(b) do not apply to these domestic 
regulators and Foreign Regulators with regulatory responsibility over 
SDRs. However, the Commission stated that insofar as such a regulator 
sought swap data that was not reported to the SDR pursuant to that 
regulator's regulatory regime, the exclusions set forth within 
Sec. Sec.  49.17(d)(2) and (3) would not apply. The Commission 
accordingly proposed to eliminate Sec.  49.18(c).
5. Proposed New Sec.  49.18(c) and (d): Failure to Fulfill the Terms of 
a Confidentiality Arrangement
    The Commission proposed new Sec.  49.18(c) to require SDRs to 
immediately report to the Commission any known failure to fulfill the 
terms of a confidentiality arrangement that they receive pursuant to 
Sec.  49.18(a). The Commission also proposed new Sec.  49.18(d), which 
authorizes the Commission to direct an SDR to limit, suspend or revoke 
an ADR's or AFR's access to swap data, if the Commission determines 
that the ADR or AFR has failed to fulfill the terms of its 
confidentiality arrangement with the Commission.\94\
---------------------------------------------------------------------------

    \94\ Proposed Sec.  49.18(d) provided that the Commission may, 
if an ADR or AFR fails to fulfill the terms of a confidentiality 
arrangement described in Sec.  49.18(a), direct each registered SDR 
to limit, suspend or revoke such ADR's or AFR's access to swap data 
held by such SDR. Similarly, proposed Sec.  49.17(d)(5) required an 
SDR, as directed by the Commission, to limit, suspend or revoke an 
ADR's or AFR's swap data access should the Commission limit, suspend 
or revoke the appropriateness determination for such ADR or AFR or 
otherwise direct the SDR to limit, suspend or revoke such access.
---------------------------------------------------------------------------

6. Proposed New Sec.  49.18(e): Delegation of Authority
    The Commission proposed to add new Sec.  49.18(e)(1) to delegate to 
the DMO Director, and to such Commission staff acting under his or her 
direction as he or she may designate from time to time, all functions 
reserved to the Commission in Sec.  49.18. Proposed 49.18(e)(2) 
reserved to the DMO Director the authority to submit to the Commission 
for its consideration any matter that has been delegated under Sec.  
49.18(e)(1). Proposed Sec.  49.18(e)(3) expressly permitted the 
Commission, at its election, to exercise the authority delegated under 
Sec.  49.18(e)(1).
    This delegation is intended to conserve Commission resources and 
increase the effectiveness and efficiency of the Commission's oversight 
and supervision of SDR swap data access. The Commission anticipates 
that the delegation of authority will help facilitate timely access to 
SDR swap data by ADRs and AFRs consistent with the requirements set 
forth in part 49 of the Commission's regulations. However, the DMO 
Director may submit matters to the Commission for its consideration, as 
he or she deems appropriate.
7. Conforming Changes
    As a result of the FAST Act Amendments, the Commission proposed 
conforming changes to Sec.  49.17(d)(6) to delete references to an 
Indemnification Agreement. As a result of the amendments to Sec.  
49.18, and in particular, Sec.  49.18(a), the Commission proposed 
conforming changes to Sec.  49.22(d)(4) relating to chief compliance 
officer compliance responsibilities and duties so that the appropriate 
rule provision reflecting the confidentiality arrangement is 
referenced.
8. Comments Received
    The Commission received comments related to proposed Sec.  49.18 
from the SDR Commenters. The SDR Commenters supported the Commission's 
proposed transfer of responsibility for the execution of the 
confidentiality arrangement with the ADRs and AFRs from the SDRs to the 
Commission. The SDR Commenters advised that such transfer will 
significantly reduce regulatory costs and inefficiencies for the 
SDRs.\95\ The SDR Commenters also supported the use of a 
confidentiality arrangement form. The SDR Commenters stated that use of 
such a form would promote consistency and further reduce regulatory 
burdens.\96\
---------------------------------------------------------------------------

    \95\ See SDR Letter at 3.
    \96\ See id.
---------------------------------------------------------------------------

    In response to the Commission's proposal to remove previously 
adopted Sec.  49.18(c), which, in part, applied the conditions of CEA 
section 8 to those ADRs and AFRs with regulatory responsibility over an 
SDR, the SDR Commenters agreed with the Commission that it is not 
appropriate to require a domestic regulator or Foreign Regulator to 
comply with CEA section 8 where such domestic regulator or Foreign 
Regulator has regulatory responsibility over an SDR and seeks access to 
SDR data that was reported pursuant to the regulator's supervisory 
authority.\97\ Accordingly, the SDR Commenters supported the 
Commission's proposal to remove Sec.  49.18(c) as previously adopted.
---------------------------------------------------------------------------

    \97\ See SDR Letter at 2-3.
---------------------------------------------------------------------------

    Proposed Sec.  49.18(a) and (d) both contemplated notifications 
being sent to the SDRs. Proposed Sec.  49.18(a) required an SDR that 
received a notice that an ADR's or AFR's confidentiality arrangement 
was no longer in effect to no longer provide swap data access to such 
ADR or AFR. Proposed Sec.  49.18(d) stated that the Commission may, if 
an ADR or AFR fails to fulfill the terms of a confidentiality 
arrangement described in Sec.  49.18(a), direct each registered SDR to 
limit, suspend or revoke such ADR's or AFR's access to swap data held 
by such SDR. The SDR Commenters recommended that the Commission modify 
proposed Sec.  49.18(a) and (d) to specify that the notifications 
contemplated in these provisions be in writing.
9. Final Rule
    After consideration of the comments that it received, and for the 
reasons set forth in sections II.F.1. through II.F.8. above and in this 
section the Commission is adopting Sec.  49.18 with modifications. 
First, as discussed above,

[[Page 27424]]

the Commission is accepting the SDR Commenters' comments that the 
notifications contemplated in proposed Sec.  49.18(a) and (d) should be 
provided in writing and is adopting revised Sec.  49.18(a) and (d) to 
reflect that change.
    The Commission is also modifying proposed Sec.  49.18(a) to promote 
the use of the Confidentiality Arrangement Form set forth in Appendix 
B. Specifically, as adopted, Sec.  49.18(a) provides that, prior to 
providing an ADR or AFR access to any requested swap data, an SDR shall 
receive therefrom an executed confidentiality arrangement, between the 
Commission and the ADR or AFR, in the form set out in Appendix B to 
this part 49. The Commission may, in its discretion, however, agree to 
execute an alternate confidentiality arrangement with an ADR or AFR if 
the confidentiality arrangement is consistent with the requirements set 
forth in Sec.  49.18(a).\98\ The Commission believes that widespread 
use of the Confidentiality Arrangement Form will facilitate timely 
access to SDR swap data by ADRs and AFRs by reducing or eliminating 
instances in which the Commission and its staff need to devote time and 
resources to developing and reviewing individualized confidentiality 
arrangements. The Commission therefore believes that this modification 
will increase the potential benefits and cost savings associated with 
use of the Confidentiality Arrangement Form while still providing ADRs 
and AFRs the flexibility to use an alternate arrangement if necessary, 
in consultation with the Commission.
---------------------------------------------------------------------------

    \98\ The Commission is also making similar clarifying 
modifications to proposed Sec. Sec.  49.17(d)(6) and 49.17(h)(3).
---------------------------------------------------------------------------

    The Commission is adopting all other modifications to Sec.  49.18 
as proposed in the NPRM.

G. Other Changes

1. Proposed Rule Changes
    In addition to those changes discussed throughout this release, the 
Commission proposed other changes to part 49, including a number of 
ministerial changes. The Commission proposed to amend Sec.  49.9(a)(9) 
to change the reference therein from ``certain appropriate domestic 
regulators and foreign regulators'' to ``Appropriate Domestic 
Regulators and Appropriate Foreign Regulators'' to make clear that an 
SDR is required to provide access to swap data, pursuant to Sec.  
49.17, only to ADRs and AFRs. The Commission proposed to make a number 
of other changes to part 49 to more consistently refer to the defined 
term ``swap data.'' The Commission proposed to modify: The references 
in existing Sec. Sec.  49.9(a)(9) and 49.17(b)(2)(i) to ``swap data or 
information''; the reference in existing Sec.  49.17(d)(4)(i) to 
``swaps transaction data''; and the reference in existing Sec.  
49.17(d)(6) to ``requested data,'' to be, in each case, references to 
``swap data,'' as that term is defined in Sec.  49.2(a)(15). The 
Commission proposed these changes to eliminate confusion and to conform 
part 49 to the FAST Act's amendment of CEA section 21(c)(7) to refer to 
``swap data.''
    The Commission also proposed to replace the reference in Sec.  
49.17(a) to ``swaps data'' with a reference to ``swap data'' and to 
replace the reference in Sec.  49.17(a) to ``Regulation'' with a 
reference to ``Sec.  49.17'' to match the format of the reference in 
Sec.  49.17(b). The Commission did not intend to effect any substantive 
changes with these proposed amendments.
    The Commission proposed to change the references to ``swap 
transaction data'' in Sec. Sec.  49.17(c)(2) and 49.17(c)(3) to ``swap 
data'' as defined in Sec.  49.2(a)(15). The Commission also proposed to 
change the references to ``data'' in Sec.  49.17(d)(5) and (6), (e) 
introductory text, and (e)(1) to ``swap data'' in order to clarify the 
Commission's intent to refer to ``swap data'' within the meaning of 
Sec.  49.2(a)(15). For the same reason, the Commission also proposed to 
add ``swap data and'' before ``information'' in Sec.  49.17(e)(2) to 
conform it to Sec.  49.17(e)(1), as proposed to be amended.\99\ The 
Commission also proposed to add the term ``and information'' after the 
term ``swap data'' in the second sentence of Sec.  49.17(e) so that 
such sentence is consistent with the first sentence of Sec.  49.17(e), 
which permits access by third party service providers to both swap data 
and information maintained by a registered SDR, subject to certain 
conditions.
---------------------------------------------------------------------------

    \99\ Although Sec.  49.17(e) uses the terms ``data'' and ``swap 
data'' interchangeably, the Commission intended those paragraphs to 
reference the definition of ``swap data'' and, consequently, 
believes that these amendments do not represent a change to the 
Commission's original intent in promulgating Sec.  49.17(e). 
However, the term ``swap data'' is narrower than the term ``data''. 
Consequently, changing ``data'' to ``swap data'' arguably would 
narrow the scope of the confidentiality procedures and 
``Confidentiality Agreement'' required, respectively, by Sec.  
49.17(e)(1) and (2).
---------------------------------------------------------------------------

    In Sec.  49.17(f)(2), the Commission proposed to change both 
references to ``data and information'' to ``swap data and information'' 
in order to clarify, in each case, that the intended reference is to 
``swap data'' as defined in Sec.  49.2(a)(15).
    In addition to those changes related to references to ``swap 
data,'' the Commission also proposed to amend Sec.  49.17(b)(1)(vii) to 
change the references to any other person the Commission deems 
appropriate to any other person the Commission determines to be 
appropriate pursuant to the process set forth in Sec.  49.17(h) to 
match the language in CEA section 21(c)(7).
    Commission regulation 49.17(f)(1) currently states that access of 
swap data maintained by the registered swap data repository to market 
participants is generally prohibited. The Commission proposed to amend 
Sec.  49.17(f)(1) to state that access by market participants to swap 
data maintained by the registered swap data repository is prohibited 
other than as set forth in Sec.  49.17(f)(2) in order to clarify its 
meaning. The Commission did not intend this to be a substantive change 
to Sec.  49.17(f)(1).
    Finally, the Commission proposed several minor clarifying changes 
to Sec.  49.18(b).\100\ These changes include: Replacing ``the swap 
data'' with ``swap data''; replacing the ``with any Appropriate 
Domestic Regulator or Appropriate Foreign Regulator'' reference with 
``to any Appropriate Domestic Regulator or Appropriate Foreign 
Regulator''; and adding ``each'' before ``as defined in Sec.  
49.17(b)'' to reflect that both ``Appropriate Domestic Regulator'' and 
``Appropriate Foreign Regulator'' are defined terms in Sec.  49.17(b).
---------------------------------------------------------------------------

    \100\ These proposed changes appear in proposed Sec.  49.18(b).
---------------------------------------------------------------------------

2. Final Rule Changes
    The Commission received comment on only two of the proposed changes 
described in this section II.G. For the reasons set forth above in 
section II.G.1. and in this section, with one exception (i.e., Sec.  
49.17(e)), the Commission is adopting the changes described in this 
section II.G. as proposed. The comments and the Commission's responses 
are described below.
    The SDR Commenters generally supported the proposed changes to part 
49 to more consistently refer to the defined term ``swap data,'' 
stating their belief that the consistency ``will promote clarity as to 
the data to which ADRs and AFRs may be granted access[.]'' \101\ 
However, the SDR Commenters also noted that the term ``swap data'' is 
defined under Sec.  49.2(a)(15) as ``specific data elements and 
information set forth in part 45 of this chapter that is required to be 
reported by a reporting entity to a registered swap data repository.'' 
\102\ The

[[Page 27425]]

SDR Commenters asked the Commission to confirm that SDRs may provide 
ADRs and AFRs with Part 43 data in addition to Part 45 data and 
characterized this clarification as important because ``the SDRs use a 
combined message for Parts 43 and 45 reporting, making separation of 
Part 43 data from Part 45 data exceedingly difficult.'' \103\
---------------------------------------------------------------------------

    \101\ SDR Letter at 8.
    \102\ Id.
    \103\ Id.
---------------------------------------------------------------------------

    In response to this comment, the Commission confirms that SDRs may 
provide ADRs and AFRs with Part 43 data in addition to Part 45 data. 
The Commission observes that most data reported pursuant to Part 43 is 
publicly disseminated and that, to the extent certain data is not 
publicly disseminated, such data is reported in equal or greater detail 
pursuant to part 45.
    The SDR Commenters also noted that, ``[u]nder Sec.  49.17(e), the 
Commission proposes to amend `data and information' to `swap data and 
information[ ]'' and commented that, in their view, the more 
appropriate term ``to ensure a third-party Service Provider may have 
access to all necessary data and information'' is ``swap data and SDR 
Information'' (as SDR Information is defined in Sec.  49.2).\104\ In 
response to this comment, the Commission is adopting Sec.  49.17(e) as 
the SDR Commenters recommended amending it, in part because this change 
does not change the intent or scope of what is required or what was 
proposed in the NPRM.
---------------------------------------------------------------------------

    \104\ Id.
---------------------------------------------------------------------------

    In addition to these final rule changes, the Commission is adopting 
three ministerial changes to the proposed rule text, each for greater 
clarity, and one ministerial change to the existing rule text, also for 
greater clarity. First, the Commission is changing the phrase ``as 
directed by the Commission'' in proposed Sec.  49.17(d)(5) to ``if 
directed by the Commission''. Second, the Commission is changing the 
phrase ``as described and appended to the confidentiality arrangement 
required by Sec.  49.18(a)'' to ``as described in the appendix to the 
confidentiality arrangement required by Sec.  49.18(a)'' in both 
proposed Sec.  49.17(d)(4)(i) and (iii).\105\
---------------------------------------------------------------------------

    \105\ These changes are to clarify that the scope of an ADR's or 
AFR's jurisdiction, which is the subject of the quoted text, is to 
be described in the appendix to the confidentiality arrangement 
required by Sec.  49.18(a) rather than in the confidentiality 
arrangement itself. The language as proposed was somewhat unclear in 
that regard.
---------------------------------------------------------------------------

    Third, the Commission is adding bracketed text at the end of 
Appendix B to part 49 (describing Exhibit A to the Confidentiality 
Arrangement Form) in response to the SDR Commenters comment discussed 
in section II.D.2.c.i. This additional bracketed text provides that in 
both cases, the description of the scope of jurisdiction must include 
elements allowing SDRs to establish, without undue obstacles, objective 
parameters for determining whether a particular Swap Data request falls 
within such scope of jurisdiction. Such elements could include LEIs of 
all jurisdictional entities and could also include UPIs of all 
jurisdictional products or, if no CFTC-approved UPI and product 
classification system is yet available, the internal product identifier 
or product description used by an SDR from which Swap Data is to be 
sought.
    Fourth, the Commission is amending existing Sec.  49.17(d)(1), 
which the Commission had not proposed to amend to provide a brief 
overview in one paragraph to those persons seeking to obtain swap data 
access from SDRs, both ADRs and AFRs and those seeking to become ADRs 
or AFRs, of the requirements to obtain such access and to alert such 
persons to exceptions to the otherwise applicable requirements. The 
Commission is also adopting these changes to Sec.  49.17(d)(1) to 
provide the aforementioned persons citations to the regulations 
relevant to obtaining SDR swap data access and to relevant exceptions 
to those regulations. These changes provide that except as set forth in 
Sec.  49.17(d)(2) or (3), a person who is not an Appropriate Domestic 
Regulator or an Appropriate Foreign Regulator and who seeks to gain 
access to the swap data maintained by a swap data repository is 
required to first become an Appropriate Domestic Regulator or 
Appropriate Foreign Regulator through the process set forth in Sec.  
49.17. Additionally, these changes provide that Appropriate Domestic 
Regulators and Appropriate Foreign Regulators seeking to gain access to 
the swap data maintained by a swap data repository are required to 
comply with Sec.  49.17(d)(6) prior to receiving such access and, if 
applicable after receiving such access, comply with the notification 
requirement in Sec.  49.17(d)(4)(iii) applicable to Appropriate 
Domestic Regulators and Appropriate Foreign Regulators.

III. Request for Comment

    In addition to the specific questions set forth throughout the 
NPRM, the Commission requested comment on all aspects of the proposal 
and on several specific questions set forth in section III of the NPRM. 
The Commission received some responsive comments, which it has 
summarized and responded to in the relevant sections of this adopting 
release, and two comments that were not responsive.\106\
---------------------------------------------------------------------------

    \106\ In addition, the SDR Commenters commented on several 
issues relating to current Sec.  49.17(f)(2) that were unrelated to 
the non-substantive change that the Commission proposed to make to 
Sec.  49.17(f)(2). Because the SDR Commenters' comments on Sec.  
49.17(f)(2) were unrelated to the proposed changes to Sec.  
49.17(f)(2), they are beyond the scope of the NPRM and not a logical 
outgrowth of this rulemaking, as a result of which the Commission 
declines to address them here, in accordance with the Administrative 
Procedure Act. All comments received in response to the Commission's 
request for comment are available at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777.
---------------------------------------------------------------------------

IV. Compliance Date

    The Commission received one comment related to the compliance date 
of the final rules. The SDR Commenters suggested that the Commission 
work with the SDRs to set an appropriately mutually agreeable timeframe 
for the compliance date.\107\ Commission staff subsequently engaged in 
multiple discussions with the SDR Commenters regarding the compliance 
date. The Commission, as set out below, is adopting a two part 
compliance date for the final rules adopted herein. The compliance date 
for the final rules will be 60 days after publication in the Federal 
Register, except for the compliance date for an SDR to comply with its 
obligation under Sec.  49.17(d)(5)(iii) of the Commission's regulations 
to provide access to swap data requested by an ADR or AFR. The 
compliance date for an SDR to comply with its obligation under Sec.  
49.17(d)(5)(iii) of the Commission's regulations is the earlier of (1) 
the earliest date, after such SDR receives from such ADR or AFR the 
confidentiality arrangement required by Sec.  49.18(a), that such SDR, 
exercising commercially reasonable efforts in light of its obligations 
under the CEA and the Commission's regulations, is able to provide such 
access to the ADR or AFR and (2) 180 days after the SDR receives from 
such ADR or AFR the confidentiality arrangement required by Sec.  
49.18(a).
---------------------------------------------------------------------------

    \107\ See SDR Letter at 9.
---------------------------------------------------------------------------

V. Related Matters

A. Regulatory Flexibility Act

    The Regulatory Flexibility Act (``RFA'') requires federal agencies, 
in promulgating rules, to consider the impact of those rules on small 
entities.\108\ The rules adopted herein will have a direct effect on 
the operations of SDRs and certain domestic regulators and foreign 
regulators seeking

[[Page 27426]]

access to swap data reported to, and maintained by, SDRs.
---------------------------------------------------------------------------

    \108\ See 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    The Commission has previously established certain definitions of 
``small entities'' to be used by the Commission in evaluating the 
impact of its rules on small entities in accordance with the RFA.\109\ 
The Commission has previously determined that SDRs are not small 
entities for purposes of the RFA.\110\
---------------------------------------------------------------------------

    \109\ See Policy Statement and Establishment of ``Small 
Entities'' for purposes of the Regulatory Flexibility Act, 47 FR 
18618, 18618-21 (Apr. 30, 1982).
    \110\ See Part 49 Adopting Release at 54575 and Notice of 
Proposed Rulemaking: Swap Data Repositories, 75 FR 80898, 80926 
(Dec. 23, 2010).
---------------------------------------------------------------------------

    For purposes of the RFA, the definition of ``small entity'' 
encompasses ``small governmental jurisdictions,'' which in relevant 
part means governments of locales with a population of less than fifty 
thousand.\111\ Although the Commission anticipates that the final rules 
adopted herein may be expected to have an economic impact on various 
governmental entities that access data pursuant to the Dodd-Frank Act's 
data access provisions (i.e., ADRs and AFRs), the Commission does not 
anticipate that any of those governmental entities would be small 
governmental jurisdictions: The Commission believes that the universe 
of ADRs and AFRs will likely be limited to U.S. federal regulators and 
equivalent national, or state or provincial, foreign authorities, given 
that swap regulation does not occur at a local level globally, in the 
Commission's experience. As a result, the Commission does not believe 
that the final rules will have a significant economic impact on a 
substantial number of small entities. Therefore, the Chairman, on 
behalf of the Commission, pursuant to 5 U.S.C. 605(b), hereby certifies 
that the final rules will not have a significant economic impact on a 
substantial number of small entities.
---------------------------------------------------------------------------

    \111\ 5 U.S.C. 601(5), (6).
---------------------------------------------------------------------------

B. Paperwork Reduction Act

    The amendments to part 49 result in new ``collection of 
information'' requirements within the meaning of the Paperwork 
Reduction Act of 1995 (``PRA'').\112\ An agency may not conduct or 
sponsor, and a person is not required to respond to, a collection of 
information unless it displays a currently valid Office of Management 
and Budget (``OMB'') control number. The OMB control number for the 
information collection associated with part 49 is 3038-0086 (the 
``Information Collection'').\113\ The Commission is revising the 
Information Collection because the rule amendments herein will impose 
information collection requirements that require approval from OMB 
under the PRA. The Commission is therefore submitting this final rule 
to OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 
1320.11.
---------------------------------------------------------------------------

    \112\ 44 U.S.C. 3501 et seq.
    \113\ The most recent revision to OMB Control Number 3038-0086 
was approved November 30, 2015 and is available at http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086.
---------------------------------------------------------------------------

1. Summary of the Requirements
    The modifications to part 49 require SDRs to make swap data 
available to requesting entities (i.e., ADRs and AFRs) if certain 
conditions are satisfied. These conditions include the requesting 
entity executing a confidentiality arrangement with the Commission and 
providing it to each SDR from which it seeks swap data and, in some 
cases, receiving an order from the Commission (which requesting 
entities must apply for, including certain specified types of 
information in support) determining that it is an appropriate entity to 
receive SDR swap data. The modifications further require each ADR and 
AFR to notify the Commission, and each SDR from which an ADR or AFR has 
received swap data, of any change to the scope of such ADR's or AFR's 
jurisdiction, as described in the confidentiality arrangement.
    The modifications also require SDRs to report to the Commission: 
(1) Each initial request from an ADR or AFR for access to swap data; 
(2) all ADR or AFR requests for swap data that do not comport with the 
described scope of the ADR's or AFR's jurisdiction that is appended to 
the confidentiality arrangement; and (3) failures to fulfill the terms 
of confidentiality arrangements. The modifications additionally require 
each SDR to maintain records of each initial, and all subsequent, 
requests from an ADR or AFR for access to swap data.
2. Collection of Information
    Currently, the Information Collection sets out burden estimates 
relating to a broad range of SDR obligations associated with 
registration requirements, reporting requirements, recordkeeping 
requirements, and disclosure requirements. Where the information 
collection associated with those obligations is modified by this rule, 
the Commission is revising the Information Collection accordingly. To 
the extent this rule introduces new information collections that were 
not previously incorporated into the Information Collection, the 
Commission is revising the Information Collection to account for the 
new information collections. Finally, many of the information 
collections discussed in the Information Collection are not implicated 
or modified by the Commission's revisions to part 49 in this release. 
The Commission, therefore, is not revising the estimated burdens 
associated with such information collections. New or revised 
information collections contained in these revisions to part 49 will 
affect SDRs as well as entities that request access to SDR swap data 
pursuant to part 49, as revised.
    As discussed above, the modifications to part 49 set out in this 
release are intended to provide a process by which other regulatory 
authorities may obtain access to SDR swap data. The information 
collections associated with this process are intended to ensure that 
SDR swap data is accessed only by appropriate entities and that the 
confidentiality of any accessed SDR swap data is adequately protected. 
The ultimate result of this process is intended to provide other 
regulatory authorities with information to assist with the oversight of 
the global swaps market and market participants.
    ADR/AFRs. As discussed throughout this release, certain conditions 
must be satisfied before a requesting entity is permitted to access SDR 
swap data. These conditions may implicate various PRA collections and 
burdens as discussed below.
    Pursuant to Sec.  49.18(a), every requesting entity seeking access 
to SDR swap data must execute a confidentiality arrangement with the 
Commission prior to receiving access. This requirement applies to both 
those entities that are Enumerated ADRs, and those entities, whether 
foreign or domestic, that require a determination from the Commission 
that they are appropriate entities to receive access to SDR swap data. 
The Commission believes the use of the Confidentiality Arrangement 
Form, or a similar form, if permitted by the Commission, will provide 
an efficient means to satisfy the requirements of Sec.  49.18(a).
    In addition to executing a confidentiality arrangement, requesting 
entities that are not Enumerated ADRs will be required to seek a 
Determination Order from the Commission to obtain access to SDR swap 
data. The Commission is requiring that an Enumerated ADR attach to the 
confidentiality arrangement a detailed description of its scope of 
jurisdiction, as it relates to the swap data maintained by SDRs that 
the Enumerated ADR seeks to access.
    The Commission, for PRA purposes, continues to believe that it is 
reasonable

[[Page 27427]]

to assume that 300 total entities will seek access to SDR swap data. 
This estimate is based on the Commission's experience in receiving data 
requests from other regulators and its experience in coordinating and 
cooperating with other regulators.\114\ For PRA purposes, the 
Commission assumes there are four SDRs, which is the number of SDRs 
that are currently provisionally registered with the Commission. As the 
confidentiality arrangement required by Sec.  49.18(a) will be between 
the ADR or AFR and the Commission, and will address swap data access 
from all SDRs, an ADR or AFR will need to execute only a single 
confidentiality arrangement for all SDRs from which it seeks swap data, 
rather than a separate confidentiality arrangement for each SDR. 
Accordingly, the Commission estimates, for PRA purposes, that the total 
number of confidentiality arrangements that will be executed under the 
amended part 49 rules is 300.
---------------------------------------------------------------------------

    \114\ The Commission continues to estimate that up to 
approximately 30 authorities in the United States may seek to access 
swap data from SDRs. In the context of potential AFRs, the 
Commission believes that most requests will come from authorities in 
G20 countries, each of which will have no more, and likely fewer, 
than 30 authorities that may request swap data from SDRs. In 
addition, certain authorities from outside the G20 also may request 
swap data from SDRs. Accounting for all of these entities, the 
Commission estimates that there likely will be a total of no more 
than 300 relevant domestic and foreign authorities that may request 
swap data from SDRs.
---------------------------------------------------------------------------

    Although the Commission may, in its discretion, execute a 
confidentiality arrangement with one or more ADRs/AFRs that is not in 
the form of the Confidentiality Arrangement Form, Sec.  49.18(b) 
requires that such alternative confidentiality arrangement include all 
elements of in the Confidentiality Arrangement Form. Consequently, the 
Commission is estimating the burden on ADRs and AFRs of negotiating the 
confidentiality arrangement required by Sec.  49.18(a) based on its 
estimate of the burden involved for an ADR or AFR to put in place the 
Confidentiality Arrangement Form. The Commission estimates that the 
review and execution of each confidentiality arrangement by an ADR or 
AFR will take approximately 40 hours, for a total burden of 12,000 
hours. The burden estimates associated with entering into the 
confidentiality arrangement required by Sec.  49.18(a) are addressed in 
the revised Information Collection.
    Any requesting entity, other than an Enumerated ADR, that seeks 
access to SDR swap data must be determined by the Commission to be an 
appropriate recipient of such access. For Enumerated ADRs, there is no 
burden associated with seeking to be determined appropriate by the 
Commission because Enumerated ADRs have already been determined by 
Congress in CEA section 21(c)(7), or by the Commission through its 
adoption of Sec.  49.17(b)(1), to be appropriate recipients of SDR swap 
data access. Those entities that are not Enumerated ADRs and that seek 
SDR swap data access will be required to receive a Determination Order 
prior to receiving access to SDR swap data. The process for obtaining 
such a Determination Order is set out in general terms in Sec.  
49.17(h) and requires the requesting entity to prepare and submit an 
application to the Commission. The preparation and submission of this 
application constitutes an information collection under the PRA.
    As discussed above, the Commission believes that for PRA purposes 
it is reasonable to assume that 300 domestic and foreign entities will 
seek access to SDR swap data. Very few of these entities have already 
been specifically identified by Congress in CEA section 21(c)(7), or by 
the Commission through its adoption of Sec.  49.17(b)(1), as 
appropriate recipients of SDR swap data access. The Commission 
estimates, for PRA purposes, that each entity seeking a Determination 
Order would expend 100 hours in connection with filing the necessary 
application with the Commission, for a total initial burden of no more 
than 30,000 hours (calculated as the product of 300 domestic and 
foreign entities seeking access to SDR swap data and 100 hours per 
application). This estimate considers the relevant information that 
would be required to be provided in such an application, including 
information regarding the entity's scope of jurisdiction, 
confidentiality safeguards, as well as any other information the 
Commission deems relevant to its determination. This burden estimate is 
included in the Commission's revisions to the Information Collection.
    Swap Data Repositories. As discussed throughout this release, SDRs 
are required to provide access to SDR swap data to ADRs and AFRs, 
provided certain conditions are met. This requirement may implicate PRA 
collections and burdens, some of which are already addressed in the 
existing Information Collection, and some of which constitute new 
collections, as discussed below. Currently, the burden on SDRs of 
making data available to ADRs and AFRs is accounted for in the 
Information Collection, as this is an existing obligation under 
existing Sec.  49.17(d). However, the rules set out in this release 
clarify and modify the requirements imposed on SDRs in providing access 
to SDR swap data to ADRs and AFRs. Consequently, the Commission is 
revising the Information Collection to account for these clarifications 
and modifications.
    The Commission expects SDRs to incur burdens and costs associated 
with setting up access to SDR swap data that is consistent with an 
ADR's or AFR's scope of jurisdiction, as described in the appendix to 
the confidentiality arrangement required by Sec.  49.18(a). The 
Commission expects that each confidentiality arrangement will identify, 
either directly or through an attached Determination Order, the scope 
of access that is appropriate for a given requesting entity. The 
Commission expects SDRs to use these limitations to program their 
systems to reflect the scope of the ADR's or AFR's access to SDR swap 
data. These limits set out in the confidentiality arrangement are 
expected to reduce the burdens on SDRs of assessing whether a 
particular SDR swap data request falls within the scope of an ADR's or 
AFR's jurisdiction.
    The Commission received one comment estimating the burden on SDRs 
associated with setting up access restrictions to match an ADR's or 
AFR's scope of jurisdiction.\115\ CME estimated that its initial set up 
costs would be between 400 and 950 hours for all ADRs and AFRs in the 
aggregate.\116\ The Commission believes it is reasonable to accept 
CME's estimate of 950 hours, as CME is an SDR and, as such, is familiar 
with the costs required for setting up such access restrictions.\117\ 
Consequently, for PRA purposes, the Commission estimates that all SDRs 
in the aggregate would incur a total burden of 3,800 hours (i.e., the 
product of 4 SDRs and 950 hours of time) associated with setting up 
access for all ADRs and AFRs. The burdens associated with these 
permissioning requirements are

[[Page 27428]]

addressed in the revised Information Collection.
---------------------------------------------------------------------------

    \115\ See SDR Letter at 5, n.10.
    \116\ The SDR Letter stated that ``CME believes the initial set 
up cost will be between of 400 and 950 hours.'' Id. In subsequent 
communications, CME clarified that this estimate is for all ADRs and 
AFRs in the aggregate. The other SDRs did not opine on the 
Commission's estimate of 26 hours.
    \117\ The Commission, in its proposal, estimated that the burden 
on an SDR associated with setting up access restrictions to match a 
requesting entity's scope of jurisdiction will include 20 hours of 
programmer analyst time, five hours of senior programming time, and 
one hour of attorney time, for a total of 26 hours. The Commission 
notes that the SEC also estimated a set up time of 26 hours in its 
similar rulemaking. See Access to Data Obtained by Security-Based 
Swap Data Repositories, 81 FR 60585 at 60594 (Sept. 2, 2016) (SEC 
rule 13n-4(b)(9) and (10), 17 CFR 240.13n-4(b)(9) and (10).
---------------------------------------------------------------------------

    SDRs will also be required to provide electronic notice to the 
Commission of the first request for access to swap data from a 
particular ADR or AFR, and promptly after receiving any request that 
does not comport with the scope of the ADR's or AFR's jurisdiction, as 
described in the appendix to the confidentiality arrangement required 
by Sec.  49.18(a). In addition to notifying the Commission of the 
foregoing, the Commission is requiring, in Sec.  49.17(d)(4)(i), SDRs 
to maintain records of the details of the initial and all subsequent 
requests for swap data from an ADR or AFR. The SDR shall maintain this 
information for a period of no less than five years after the date of 
such request and shall provide this information to the Commission upon 
request, pursuant to Sec.  1.31.
    Currently, the Information Collection estimates burdens associated 
with the various registration, reporting, recordkeeping, and disclosure 
requirements to which SDRs are subject. The reporting and recordkeeping 
requirements relating to ADR and AFR data requests constitute an 
information collection for PRA purposes and require the Commission to 
revise the reporting and recordkeeping burden estimates contained in 
the Information Collection. The reporting and recordkeeping 
requirements in this release may potentially impact each SDR.
    SDRs already have the ability to communicate electronically with 
the Commission and are subject to significant recordkeeping 
requirements pursuant to Sec. Sec.  45.2(f) and 49.12. Therefore, the 
requirements adopted herein should not result in SDRs having to incur 
initial costs to implement systems to notify the Commission when an ADR 
or AFR submits a data request for the first time that are in excess of 
what is already accounted for in the Information Collection.
    The Commission estimates that each SDR would incur an annual burden 
of 480 hours associated with the requirement to maintain records of the 
details of the initial and all subsequent requests for data from an ADR 
or AFR, for a total of 1,920 hours annually (i.e., the product of four 
SDRs and 480 hours). Although the Commission provided an estimate of 
280 hours in the NPRM, CME commented that 480 hours was more likely.
    The Commission received one comment related to setup costs 
associated with its proposed recordkeeping requirements.\118\ The SDR 
Letter provided estimates for recordkeeping set up costs. CME 
subsequently provided updated estimates of these setup costs, which CME 
now estimates would be approximately 1,100-1,440 hours. The Commission 
believes it is reasonable to accept CME's estimate of 1,440 hours, as 
CME is an SDR and, as such, is familiar with the setup costs associated 
with SDR recordkeeping requirements. Therefore, the Commission 
estimates that initially each SDR may incur a burden of 1,440 hours 
associated with these recordkeeping requirements, for a total of 5,760 
hours (i.e., the product of four SDRs and 1,440 hours). However, as 
discussed in this release, the recordkeeping requirements adopted 
herein may result in lower costs to the SDRs than estimated here, as 
the Commission is not requiring SDRs to keep records of all copies of 
swap data provided in response to data requests, as it had proposed in 
the NPRM.\119\ The burdens associated with the notification 
requirements adopted herein are addressed in the revised Information 
Collection.
---------------------------------------------------------------------------

    \118\ See SDR Letter at 7, n.15.
    \119\ Moreover, SDRs are already subject to extensive 
recordkeeping obligations under existing Commission rules, so SDRs 
may be able to reduce their costs by making use of existing 
recordkeeping resources to some extent.
---------------------------------------------------------------------------

    Finally, the current Information Collection accounts for the costs 
to SDRs of executing a ``Confidentiality and Indemnification 
Agreement'' with each requesting ADR and AFR. Under the Commission's 
final rule adopted herein, the SDR is no longer required to execute 
such an agreement with ADRs or AFRs. The confidentiality arrangements 
will be between each requesting ADR or AFR and the Commission. 
Accordingly, the total burden to SDRs, as currently reflected in the 
Information Collection, is reduced by the cost to execute such 
agreements. The reduction in burden associated with this change in the 
confidentiality arrangement requirement is addressed in the revised 
Information Collection.

C. Cost-Benefit Considerations

1. Introduction
    As discussed in Section I above (``Background and Introduction''), 
the Commission is amending Part 49 to (i) implement the statutory 
changes mandated by the FAST Act amendments; (ii) make certain 
conforming and clarifying changes related to such implementation; (iii) 
revise the process by which a regulator is determined appropriate to 
receive access to SDR swap data; (iv) clarify the standards in 
connection with the Commission's appropriateness determinations; and 
(v) establish the form and substance of the written agreement mandated 
by CEA section 21(d), as amended.
    In the sections that follow, the Commission discusses the costs and 
benefits associated with the final rule and reasonable alternatives 
considered. Comments from commenters addressing the associated costs 
and benefits of the rule are addressed in the appropriate sections. 
Wherever possible, the Commission has considered the costs and benefits 
of the final rule in quantitative terms. Given, however, that SDRs do 
not yet have a history of providing swap data to other regulators, and 
the final rule does not dictate the means by which SDRs may provide 
such swap data access in the future, the availability to the Commission 
of relevant or useful quantitative terms to assess the potential costs 
and benefits of the final rule is limited. Accordingly, where a 
quantitative discussion is not feasible, the Commission has considered 
the costs and benefits of this rulemaking in qualitative terms.
    The baseline against which the costs and benefits of this final 
rule are being compared is the existing status quo for SDR swap data 
access under CEA section 21, as amended by the FAST Act, taken together 
with the swap data access requirements in the current Part 49 rules. As 
a general matter, the Commission recognizes that there are inherent 
costs and benefits to domestic and foreign regulators having access to 
SDR swap data. As discussed above, the Commission expects that access 
to SDR data by ADRs and AFRs will not only assist those regulators in 
fulfilling their own supervisory and regulatory functions but 
facilitate greater cooperation and collaboration among regulators 
across jurisdictions, promoting effective and consistent oversight of 
the global swaps market. At the same time, however, opening access to 
SDR data to other regulators may increase opportunities for 
unauthorized or unnecessary data disclosures, which could negatively 
impact swap market participants. Congress took into account these costs 
and benefits associated with broader SDR data access in adopting and 
amending CEA section 21, which supports access to swap data by 
appropriate regulators provided that, consistent with CEA section 8, 
the data accessed falls within their scope of jurisdiction and the data 
is provided on a confidential basis. In formulating the amendments to 
Part 49 that make up this final rule, the Commission has been mindful 
of the tradeoff between these dual objectives embodied in the

[[Page 27429]]

mandate of CEA sections 21(c)(7) and (d), endeavoring to reduce the 
costs to regulators of obtaining, and to SDRs of providing, access to 
swap data, while also establishing sufficient processes and conditions 
to ensure that data access is appropriately scoped and confidentiality 
is maintained.\120\
---------------------------------------------------------------------------

    \120\ In support of its goal to reduce costs, the final rule is 
harmonized in many respects with the corollary SEC Indemnification 
Rule implementing changes to its security-based swap data access 
rules following adoption of the FAST Act. This rulemaking also is in 
accord with two recent recommendations issued by the U.S. Department 
of the Treasury (``Treasury'') in a recent report in which Treasury 
recommended greater harmonization between the CFTC and the SEC and 
stated that greater coordination is required among the CFTC, SEC and 
prudential regulators. See A Financial System That Creates Economic 
Opportunities[:] Capital Markets (Oct. 6, 2017) (``Report'') at 9, 
available at https://www.treasury.gov/press-center/press-releases/Documents/A-Financial-System-Capital-Markets-FINAL-FINAL.pdf.
---------------------------------------------------------------------------

2. Benefits
a. Background
    In the fall of 2008, a series of large financial institution 
failures triggered a financial and economic crisis that threatened 
global financial markets. As a result of these failures, the government 
intervened to ensure the stability of the U.S. financial system. These 
failures revealed the vulnerability of the U.S. financial system and 
economy to widespread systemic risk resulting from, among other things, 
poor risk management practices of financial firms and the lack of 
supervisory oversight--specifically data concerning over-the-counter 
(``OTC'') derivatives activity--for a financial institution as a whole.
    The financial crisis also illustrated the significant risks that an 
uncleared, OTC derivatives market can pose to the financial system. 
Swap markets were opaque, and financial institutions were significantly 
interconnected through counterparty credit risk. This exposed the 
financial system to contagion through spreading defaults and losses. 
For example, concerned with the size of AIG's credit default swap 
exposure, the Federal government infused $180 billion of taxpayer money 
into AIG in order to prevent AIG's failure, which the Federal 
government was concerned may have led to cascading defaults by AIG 
creditors and counterparties and other creditors and counterparties 
indirectly exposed to AIG through credit and swap transactions. The 
legislative response to the Great Recession, the Dodd-Frank Act, 
stipulated that data representing OTC derivatives, in general, be 
reported to SDRs in order to cultivate robust oversight of financial 
entities and identify risks to the liquidity, stability, and 
functioning of the financial system.\121\ The Commission anticipates 
that access by ADRs and AFRs to swap data reported to SDRs, in 
combination with future sharing with the Commission of swap data 
reported to trade repositories in other jurisdictions, in part as a 
result of this rulemaking, will facilitate greater inter-agency 
cooperation, collaboration on matters concerning systemic risk, and 
identification and mitigation of future financial crises.
---------------------------------------------------------------------------

    \121\ See section 4r of the CEA, 7 U.S.C. 6r, added to the CEA 
by section 729 of the Dodd-Frank Act.
---------------------------------------------------------------------------

b. High-Level Benefits
    At a high level, this rulemaking is expected to assist other 
regulators in performing their supervisory and regulatory functions by 
providing them, for the first time, access to SDR swap data, which 
would help regulators better understand the risks their regulated 
entities are assuming and the impact of such risks on the broader 
markets. These supervisory and regulatory functions may include: 
Monitoring and mitigating systemic risk; ensuring financial stability; 
registration and oversight of financial market infrastructures, trading 
venues and/or market participants; central bank activities; prudential 
supervision; restructuring or resolution of infrastructures and firms; 
and regulation of cash markets, in some of which swap counterparties 
are active.\122\ Regulators may also be able to increase the benefits 
of receiving SDR swap data by discussing the results of their analyses, 
subject to the conditions and limitations of the confidentiality 
arrangement required by Sec.  49.18(a), including restrictions on 
onward sharing. The Commission believes regulatory coordination is 
beneficial.
---------------------------------------------------------------------------

    \122\ See generally Data Final Rules at 2136-2137 (observing 
that Dodd-Frank was enacted to reduce systemic risk, increase 
transparency, and promote market integrity within the financial 
system by, among other things creating rigorous recordkeeping and 
data reporting regimes with respect to swaps); Margin Requirements 
for Uncleared Swaps for Swap Dealers and Major Swap Participants--
Cross-Border Application of the Margin Requirements 81 FR 34817, 
34819 (May 31, 2016) (observing that as the 2008 financial crisis 
illustrated, complex financial and operational relationships 
demonstrated how the transfer of risk associated with swaps is not 
always transparent and can be difficult to fully assess.).
---------------------------------------------------------------------------

    Access to SDR swap data may also facilitate collaboration among the 
Commission, ADRs and AFRs in comparing the results of their respective 
SDR swap data analyses. Providing regulators access to SDR swap data 
should also facilitate cooperation among market and prudential 
regulators, which sometimes view data in isolation, given their 
different responsibilities, regulated entities, missions, and--as it 
relates to this rule making--data sets. In particular, such access may 
improve early warning systems that might ultimately reduce the 
probability or severity of a crisis, or both. The benefits of 
regulatory collaboration and broader access to swap data are likely to 
persist, if not expand, over time as regulators gain experience working 
together, while the burden required for establishing access to swap 
data includes an upfront commitment of time and money that is likely to 
diminish over time (although some increased operating costs resulting 
from this rulemaking will remain).
    The Commission believes that the implementation of this rulemaking 
represents a critical element of effective financial market oversight 
by providing access to SDR data to ADRs and AFRs. The Commission 
acknowledges that performing systemic risk analysis is very difficult 
as a result of the fragmented regulatory structure that exists both 
domestically and internationally. The financial markets are global in 
nature and contain correlated instruments dispersed across different 
regulatory authorities and jurisdictions. Regulating such markets 
utilizing only the data and information available through one 
particular regulator's regime is suboptimal. For instance, when 
conducting oversight of treasury futures and interest rate swap 
markets, it is not sufficient to only assess the available futures and 
swaps data at the Commission's disposal. Oversight of activity in those 
markets and associated risk also requires trading activity and position 
information regarding treasury bonds, repurchase agreements and reverse 
repurchase agreements. Similarly, regulating the credit and equity 
asset classes would benefit from information concerning related cash 
market activity in equity securities, corporate bonds, derivatives (on 
broad and narrow CDS and equity indexes, single-name CDS and equities, 
and bespoke transactions), securitizations, repurchase agreements and 
securities lending. The same applies to conducting comprehensive risk 
analysis and oversight of other asset classes. Similarly, in regulating 
swap dealers, the Commission would benefit from obtaining visibility 
into their positions in other jurisdictions to form a complete picture 
of their risk profiles.
    The Commission may face challenges in analyzing overall market, 
counterparty, or systemic risk accurately with only the data at its 
disposal via recordkeeping and reporting pursuant to the CEA and the 
Commission's regulations promulgated thereunder.

[[Page 27430]]

Prudential, bank, and market regulators likely face similar challenges 
in assessing the overall market, understanding patterns and flows, and 
identifying concerning trends based solely on data available pursuant 
to their own individual regulatory regimes. These limitations 
presumably impact similarly situated regulators across the global 
financial system.
    In light of the issues flowing from incomplete data, the Commission 
expects this rule to generate substantial benefits by fostering a 
regulatory environment that supports broader data access across the 
regulatory community and expands the accessibility of SDR swap data to 
other regulators, thereby supporting holistic oversight and data driven 
policy making at the regulatory level. The probability of successfully 
overseeing the prevailing market structure of the financial system and 
preventing another crisis increases as more ADRs and AFRs access SDR 
swap data and incorporate it into their existing analysis and 
workflows. Although this rule only provides other regulators access to 
swap data maintained at SDRs regulated by the Commission, the 
Commission expects the rulemaking to encourage similar access by the 
Commission to swap data maintained at trade repositories regulated by 
other authorities, which would increase the benefits of the rule 
discussed above accordingly.
c. More Specific Benefits
i. MOUs
    Under current Sec.  49.17(b)(2), the existence of a current MOU or 
similar type of information sharing arrangement with the Commission 
automatically qualifies a Foreign Regulator as an AFR. The Commission 
is amending Sec.  49.17(b)(2) to require all ``Foreign Regulators'' who 
wish to receive swap data from SDRs to file an application with the 
Commission to be Commission-determined ``Appropriate Foreign 
Regulators'' and requires the Commission to issue an order finding each 
Foreign Regulator to be an ``appropriate'' recipient of SDR swap data. 
The Commission believes that this modification will ensure that Foreign 
Regulators are acting within the scope of their jurisdiction, 
consistent with CEA sections 21(c)(7) and 8(e) and should reduce the 
risk of unauthorized disclosure, misappropriation or misuse of swap 
data. The SDR Commenters also commented that an MOU or other 
information sharing agreement alone potentially could have imprecise 
language and bespoke arrangements that would not provide sufficient 
indication of a regulator's appropriateness.\123\ By requiring use of 
the Confidentiality Arrangement Form or permitting an alternative 
arrangement with the same elements, the Commission is establishing 
confidentiality safeguards that are tailored to the provision of swap 
data by an SDR to an ADR or an AFR. In addition, as the Commission 
stated in the NPRM and in the preamble above in sections II.B.4. and 
5., it can take into account additional considerations or circumstances 
it may deem relevant on a case-by-case basis in making an 
appropriateness determination. This can benefit the appropriateness 
determination process by permitting the Commission to consider factors 
such as those identified by the SDR Commenters.
---------------------------------------------------------------------------

    \123\ SDR Letter at 3.
---------------------------------------------------------------------------

ii. Duty for SDRs To Notify the Commission of Swap Data Requests From 
ADRs and AFRs
    Current Sec.  49.17(d)(4)(i) requires an SDR to promptly notify the 
Commission regarding any request from an ADR or AFR for access to swap 
data. The Commission is amending current Sec.  49.17(d)(4)(i) to 
require such notices only promptly after the SDR receives an initial 
request for access to swap data from a particular ADR or AFR and 
promptly after receiving a request from an ADR or AFR that does not 
comport with the scope of the ADR's or AFR's jurisdiction, as described 
in the appendix to the confidentiality arrangement required by Sec.  
49.18(a). The Commission expects this to benefit SDRs by significantly 
reducing the number of notices and the associated costs. The change 
might also benefit ADRs and AFRs by expediting the time it takes for 
them to get access to SDR swap data.
iii. Form of Electronic Notification by SDRs to the Commission
    Current Sec.  49.17(d)(4)(ii) requires an SDR to notify the 
Commission, electronically in a format specified by the Secretary of 
the Commission, of any request from an ADR or AFR for access to swap 
data. The Commission is specifying the format in the adopting release. 
This will benefit SDRs by providing clarity and specificity as to the 
particular means of notice required such that they can develop such 
means of notice expeditiously so that SDRs can provide such notices 
soon after they receive requests for SDR swap data from ADRs and AFRs. 
This, in turn, might benefit ADRs and AFRs by expediting their access 
to such swap data.
iv. Clarification of SDR Recordkeeping Obligations
    In the NPRM, the Commission explained that an SDR's obligation to 
maintain records of all information related to the initial and all 
subsequent requests by an ADR or AFR for swap data access would require 
retaining records including, among other things, copies of all data 
reports and other aggregation of data provided in connection with the 
request for access.\124\ The SDR Commenters stated that that proposed 
requirement ``should be amended to avoid imposing unnecessary costs.'' 
\125\ The SDR Commenters characterized that proposed recordkeeping 
requirement as burdensome, challenging to implement, and potentially 
decreasing information security, because the requirements could require 
an SDR ``to propagate a given data set more than once.'' \126\
---------------------------------------------------------------------------

    \124\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork 
Reduction Act discussion of recordkeeping burdens).
    \125\ SDR Letter at 6.
    \126\ See id.
---------------------------------------------------------------------------

    As an alternative to maintaining such reports, the SDR Commenters 
offered to create pre-formatted data reports, which they would make 
available for download by ADRs and AFRs ``so that the record of access 
to such reports [would] be easily identifiable, in lieu of maintaining 
logs of queries and query conditions . . . .''\127\ The SDR Commenters 
added that, if the Commission adopted their alternative, ``the 
parameters of the reports and the logic which is used to populate the 
reports is all that should have to be maintained.'' \128\ The SDR 
Commenters contended that the Commission should require only ``the 
saving of metadata around reports rather than the actual reports[.]'' 
\129\
---------------------------------------------------------------------------

    \127\ Id.
    \128\ Id.
    \129\ Id.
---------------------------------------------------------------------------

    As discussed above in section II.D.2.ii., the SDR Commenters 
explained in discussions with staff that they plan to provide swap data 
access to ADRs and AFRs in one of two ways: (1) Via pre-formatted 
reports that the SDR Commenters would make available for download by 
ADRs and AFRs or send to ADRs and AFRs, in each case on a regular 
basis; or (2) via a Web-based portal through which ADRs and AFRs could 
conduct customized searches of swap data.\130\ In those discussions, 
the

[[Page 27431]]

SDR Commenters explained that they would not consider it unduly 
burdensome to maintain records in those formats.
---------------------------------------------------------------------------

    \130\ The swap data provided in the pre-formatted reports or 
through the Web-based portals would be limited to swap data within 
the particular ADR's or AFR's scope of jurisdiction, as described in 
the appendix to the confidentiality arrangement required by Sec.  
49.18(a).
---------------------------------------------------------------------------

    As discussed above in section II.D.2.ii., the Commission is 
confirming that SDRs may satisfy their recordkeeping duties under Sec.  
49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre-
formatted swap data reports; or (2)(a) the parameters of Web portal 
swap data access and (b) queries run by ADRs and AFRs using such 
access. This confirmation should lower costs to the SDRs by decreasing 
financial costs thereto, making recordkeeping simpler and decreasing 
cybersecurity risks, as the SDR Commenters noted.
v. Limitation, Suspension or Revocation of an ADR's or AFR's Swap Data 
Access
    The Commission is requiring, in Sec.  49.17(d)(4)(iii), an SDR to 
limit, suspend, or revoke an ADR's or AFR's swap data access if the 
ADR's or AFR's scope of jurisdiction changes and the Commission directs 
the SDR to limit, suspend, or revoke the ADR's or AFR's swap data 
access.\131\ Similarly, Sec.  49.17(d)(5) requires an SDR to limit, 
suspend, or revoke an ADR's or AFR's swap data access if the Commission 
limits, suspends or revokes the ADR's or AFR's appropriateness 
determination or otherwise directs the SDR, in writing, to limit, 
suspend, or revoke the ADR's or AFR's swap data access. Although these 
sections will impose costs on both SDRs (which will be required to 
build into their systems a means of limiting, suspending, or revoking 
an ADR's or AFR's swap data access; this could be as simple as, for 
example, requiring a user name and password to obtain swap data access 
and deactivating such login credentials) and ADRs and AFRs (which may 
temporarily or permanently lose access to some or all SDR swap data), 
the Commission believes this is an unavoidable and appropriate 
corollary of the requirement in CEA section 21(c)(7) that ADRs' and 
AFRs' SDR swap data access be on a confidential basis pursuant to CEA 
section 8,'' which, as discussed throughout this release, requires, 
among other things, that the swap data provided be within the scope of 
an ADR's or AFR's jurisdiction. Although CEA section 21(c)(7) also 
directs SDRs to provide ADRs and AFRs SDR swap data access, such access 
is subject to the foregoing conditions, among others. Therefore, Sec.  
49.17(d)(4)(iii) and (d)(5) will benefit market participants by keeping 
their swap data confidential, as intended by Congress, if an ADR's or 
AFR's jurisdiction changes such that it is no longer entitled to such 
swap data or if other factors lead the Commission to limit, suspend, or 
revoke an ADR's or AFR's swap data access to ensure that 
confidentiality is maintained. The ``in writing'' requirement of Sec.  
49.17(d)(5) will benefit SDRs by ensuring that all SDRs are aware of 
any changes in status with respect to an appropriateness determination, 
as the SDR Commenters requested.\132\
---------------------------------------------------------------------------

    \131\ The Commission also is reserving the right, in new Sec.  
49.17(h)(4), to revisit, reassess, limit, suspend or revoke a 
Determination Order. The costs and benefits to ADRs, AFRs and SDRs 
are similar to the costs and benefits thereto discussed in this 
section with respect to Sec.  49.17(d)(4)(iii) and (d)(5).
    \132\ See discussion at section II.C.5., supra.
---------------------------------------------------------------------------

vi. Confidentiality Arrangements
    Current Sec. Sec.  49.17(d)(6) and 49.18(b) require the 
confidentiality agreement required by CEA section 21(d) to be entered 
into between an ADR or AFR seeking SDR swap data access and each SDR 
from which the ADR or AFR seeks such access. The Commission is amending 
those rules to require that such confidentiality arrangements be 
entered into between an ADR or AFR, as one party, and the Commission, 
rather than an SDR, as the other party. This will benefit SDRs by 
shifting from SDRs to the Commission the costs of negotiating 
confidentiality arrangements with an estimated 300 \133\ ADRs and AFRs. 
This will also benefit ADRs and AFRs by enabling them to negotiate a 
single confidentiality arrangement with the CFTC to access swap data 
from each SDR rather than a separate agreement with each of the SDRs 
from which they would seek swap data.
---------------------------------------------------------------------------

    \133\ See, among other sections, section V.B.2.
---------------------------------------------------------------------------

    The Commission also is requiring the use of the Confidentiality 
Arrangement Form, unless the Commission waives this requirement. The 
Commission expects this to benefit ADRs and AFRs by allowing them to 
avoid expending resources coming up with their own confidentiality 
arrangement forms and avoid the uncertainty of not knowing what 
provisions the Commission would accept, reject or negotiate. The 
Commission expects this to benefit SDRs as well in that most, if not 
all, confidentiality arrangements will be the same, making them easier 
to incorporate into their policies and procedures and build swap data 
access around. Overall, the Commission believes that this rule will 
increase the potential benefits and cost savings associated with use of 
the Confidentiality Arrangement Form while still providing ADRs and 
AFRs the flexibility to use an alternate arrangement if necessary, in 
consultation with the Commission.
vii. Means of Access
    The Commission is not requiring SDRs to provide access to swap data 
to ADRs and AFRs through a specific technological means. Each SDR 
operates with different legacy systems and infrastructure, preferred 
data formats and delivery methods, and unique change management 
processes. The Commission prescribing a specific means of access for 
the swap data could subject different SDRs to greater/lesser costs, 
thereby disadvantaging one/some over other(s). Presumably, SDRs will 
choose the least costly means of access, all else being equal, as a 
result of the flexibility provided by the Commission. Thus, the 
flexibility afforded SDRs to choose the means of access through which 
they provide swap data access to ADRs and AFRs will benefit SDRs.
    More ADRs and AFRs accessing SDR swap data (as a result of the 
removal of the statutory and regulatory indemnification requirements 
that ADRs and AFRs refused to submit to) also has the potential to 
improve the quality of swap data. For instance, ADRs and AFRs might 
assert their authority over the entities that they regulate to require 
or encourage them to submit better and/or more data. If swap data 
quality improves, ADRs and AFRs can make better-informed supervisory 
decisions to reduce risks. Although the Commission is not mandating the 
use of LEIs to delineate an ADR's or AFR's scope of jurisdiction for 
purposes of SDR swap data access, the Commission anticipates the use of 
LEIs to that end. If ADRs and AFRs do use LEIs for that purpose, the 
Commission believes that it will be relatively straightforward for SDRs 
to provide ADRs and AFRs access to appropriate swap data, relative to 
alternatives such as ADRs and AFRs providing legal memoranda describing 
the scope of their jurisdictions, which SDRs would then need to parse 
and translate into field descriptions, which is how SDR swap data are 
organized. Similarly, although the Commission is not mandating the use 
of UPIs (or if no CFTC-approved UPI and product classification system 
is yet available, the internal product identifier or product 
description used by the SDR) to delineate an ADR's or AFR's scope of 
jurisdiction, the Commission anticipates the potential use of UPIs to 
that end. If ADRs and AFRs do use UPIs for that purpose, the Commission 
believes that it will be relatively easier for SDRs to provide ADRs and 
AFRs access to appropriate swap data, relative to the

[[Page 27432]]

alternative of not using a UPI to describe the scope of their 
jurisdictions.
3. Costs
a. Background
    The Commission recognizes that there are different types of costs 
associated with this rulemaking. In the NPRM, the Commission stated 
that:

    [o]ne cost is the potential harm to market participants and the 
public if swap data is misused--for example, inappropriately 
disclosed by ADRs and AFRs. Or, another harmful scenario might 
involve misappropriated data where hackers pilfer swap data from 
ADRs and AFRs to learn the positions of market participants so that 
the hackers, or other interested parties who may even pay for such 
information, scam the market. Such bad actors might be able to 
anticipate such market participants' trades and trade in front of 
them, raising swap trading costs to market participants, thereby 
reducing their profits.\134\ If the aforementioned scenario occurred 
frequently enough this might induce swap dealers to widen their 
spreads, making hedging more expensive. In turn, this might lead to 
sub-optimal business and investment strategies, as parties would be 
less willing to participate in swap markets, because it would be 
more costly. Further, the scenario posed could cause market 
participants to be concerned that their business strategies might be 
tipped to their competitors, because with stolen data, somebody 
might be able to infer their strategies from knowing their swap 
positions and how these positions change in response to relevant 
economic events.\135\ Such concerns could lead some market 
participants to withdraw to some extent from swap markets, reducing 
liquidity and potentially inducing them to use less effective 
hedging instruments or trading strategies in other markets.\136\
---------------------------------------------------------------------------

    \134\ See, e.g., Registered Entity Cyber proposed rulemaking at 
80141 (observing that ``there has . . . been a rise in attacks by . 
. . hacktivists . . . aimed at . . . [, among other things,] theft 
of data or intellectual property. . . . ''); id. at 80189 
(Concurring Statement of then-Commissioner Bowen) (stating that 
``our firms are facing an unrelenting onslaught of attacks from 
hackers with a number of motives ranging from petty fraud to 
international cyberwarfare.'').
    \135\ While the same risks of misuse and misappropriation exist 
with respect to swap data maintained at SDRs, SDRs are regulated, 
and subject to sanctions, by the Commission, whereas ADRs and AFRs 
are not.
    \136\ NPRM at 82 FR 8384.

    It is difficult to discern the likelihood of this misuse occurring, 
rendering it difficult to quantify related costs, for at least four 
reasons. First, data breaches can have different causes, from not 
upgrading to the most current software, to software glitches, to 
successful cyber attacks and improper procedures and protocols. Thus, 
it is difficult to develop a homogenous sample to use to analyze data 
breaches and what might reasonably be done to mitigate them (i.e., 
reduce the probability of their occurrence as well as their severity 
when they do occur). Furthermore, the Commission does not have access 
to such data even if they do exist. Second, data storage and 
dissemination technology is constantly changing. This may result in the 
manner in which data breaches occur changing over time in ways that are 
difficult to anticipate, as various parties adapt to new technology. 
Third, it is problematic to assess in advance the severity of a data 
breach because the severity is dependent on the particulars of a given 
breach that cannot be easily anticipated. Fourth, it would be 
difficult, ex ante, to link data misuse to related profits and harms 
from specific transactions.
b. High-Level Costs
    At a high level regarding costs to ADRs and AFRs, the less access 
to SDR swap data granted to ADRs and AFRs, the less such swap data 
would help in performing ADRs' and AFRs' supervisory and other 
regulatory functions. Similarly, the more impediments to swap data 
access, the longer it would take ADRs and AFRs to use, or the less use 
ADRs and AFRs could make of, such swap data. It is not mandatory for 
ADRs and AFRs to ask for access to SDR swap data, however. Thus, ADRs 
and AFRs can reduce their costs by not asking for swap data or by 
limiting the swap data they seek and/or the frequency with which they 
seek it.\137\ The Commission expects ADRs and AFRs will seek access to 
SDR swap data when they believe that the benefits associated with the 
access are worth incurring the costs associated with obtaining such 
access.
---------------------------------------------------------------------------

    \137\ The Commission acknowledges, however, that it is in the 
best interest of ADRs and AFRs, as Congress recognized in passing 
the FAST Act, for the process and parameters established by this 
rulemaking to be utilized and swap data to be made accessible to 
ADRs and AFRs.
---------------------------------------------------------------------------

c. ADRs' and AFRs' Costs
    The Commission is imposing several new obligations on Foreign 
Regulators and certain domestic regulators that will trigger costs for 
such regulators.
i. Determination Order Applications
    Currently, Sec.  49.17(b)(2) defines Foreign Regulators with either 
an MOU or a similar information sharing agreement in place with the 
Commission as ``Appropriate Foreign Regulators.'' As amended, however, 
Sec.  49.17(b)(2) replaces such automatic AFR status with a requirement 
that Foreign Regulators be determined by the Commission to be AFRs 
before such Foreign Regulators can obtain swap data from SDRs. This 
change will impose costs on each Foreign Regulator with an MOU, or 
similar information sharing agreement, seeking AFR status. The 
obligation for Foreign Regulators, and domestic regulators that are not 
enumerated in Sec.  49.17(b)(1)(i) through (vi), to apply for a 
Determination Order conferring AFR or ADR status in order for such 
Foreign Regulators and unenumerated domestic regulators to be eligible 
to receive access to SDR swap data will, at a minimum, require such 
applicants to draft an application. Some applicants for ADR and AFR 
status may choose to retain outside counsel or another third party to 
draft the application, thereby incurring related costs; others might 
use their own staff. There also may be additional costs associated with 
the complexity of the application, because applicants for ADR and AFR 
status will have to explain their jurisdiction and link it to their 
requests for access to SDR swap data.\138\ While applicants will need 
to expend resources developing their ``appropriateness'' applications, 
the Commission expects that the requirements and guidance it has 
provided in this release should reduce such expenditures to a certain 
extent. Nonetheless, the level of such expenditures will depend on the 
particulars of a given applicant.
---------------------------------------------------------------------------

    \138\ Pursuant to Sec.  49.17(h), applicants will have to 
describe to the Commission the scope of their jurisdiction so that 
that description can be provided to SDRs so that SDRs will know the 
contours of the swap data access they can provide to applicants.
---------------------------------------------------------------------------

    The Commission estimates that each requesting entity would on 
average expend 100 hours in connection with filing an application to 
receive a Determination Order. This estimate considers the relevant 
information that would be required to be provided in such an 
application, including information regarding the entity's scope of 
jurisdiction, confidentiality safeguards, as well as any other 
information relevant for the Commission's determination. The Commission 
monetizes the 30,000 burden hours by multiplying by a wage rate of $85 
\139\ or approximately $2.56 million.
---------------------------------------------------------------------------

    \139\ The wage rate used here is a composite (blended) wage rate 
by averaging the mean annual salaries of an Assistant/Associate 
General Counsel, an Assistant Compliance Director, and a Programmer 
(Senior) as published in the 2013 SIFMA Report and dividing that 
figure by 1,800 annual working hours and multiplying by 1.3 to 
account for the overhead for a government employee to arrive at the 
hourly rate of approximately $85.
---------------------------------------------------------------------------

ii. Confidentiality Arrangements
    The requirement in Sec.  49.18(a) that SDRs receive an executed

[[Page 27433]]

confidentiality arrangement from an ADR or AFR before the SDR can 
provide the ADR or AFR swap data is based on a corresponding 
requirement set forth in CEA section 21(d) and will impose costs on 
ADRs and AFRs. CEA section 21(d) does not specify any details of the 
required written agreement other than that it must state that the ADR 
or AFR shall abide by CEA section 8's confidentiality requirements. The 
Commission, however, is adopting, in Appendix B to part 49, a 
Confidentiality Arrangement Form providing for ADRs and AFRs to 
implement a number of safeguards to effectuate the confidentiality 
protections mandated by CEA section 21(c)(7). The Confidentiality 
Arrangement Form can be expected to limit ADRs' and AFRs' flexibility 
to use confidentiality arrangements more tailored to their specific 
needs, but this is offset to some extent by corresponding benefits 
discussed above in section V.C.3.vi. and by the fact that the 
Commission retained the discretion to negotiate changes to the 
Confidentiality Arrangement Form.
iii. Data Security
    Section 6 of the Confidentiality Arrangement Form contains a number 
of undertakings designed to prevent unauthorized disclosure of swap 
data. Given that ADRs and AFRs already likely have existing data 
security policies, procedures and safeguards, the Commission continues 
to believe that the costs of developing safeguards in response to such 
undertakings would likely be only a incremental addition to their 
existing data security costs, and the other costs of complying with 
these burdens, such as the costs to develop policies, procedures and 
safeguards, are within the scope of ADRs' and AFRs' expertise (and thus 
would likely not require ADRs or AFRs to retain outside experts to 
develop).\140\ Given that ADRs and AFRs can elect not to seek access to 
swap data from SDRs and that ADRs and AFRs who do seek such access have 
some control over the scope and frequency of the swap data they seek 
and the manner in which they seek to analyze such swap data, ADRs and 
AFRs themselves can influence to some degree the costs they impose on 
themselves by seeking access to swap data from SDRs.
---------------------------------------------------------------------------

    \140\ The Commission continues to believe that ADRs and AFRs 
would likely have established safeguards to protect sensitive data 
other than swap data and that such safeguards could be adapted to 
address the requirements of the confidentiality arrangement.
---------------------------------------------------------------------------

iv. Onward Sharing
    Section 7 of the Confidentiality Arrangement Form would prohibit 
ADRs and AFRs from onward sharing Confidential Information with other 
parties, with limited exceptions. This could impose some costs in that 
ADRs and AFRs would not be able to freely share swap data among 
themselves, which could reduce the utility of the swap data to ADRs and 
AFRs, possibly reducing the effectiveness thereof. However, because CEA 
section 21(c)(7) requires that SDRs share swap data with ADRs and AFRs 
on a confidential basis pursuant to CEA section 8,'' and CEA section 
8(e) also prohibits onward sharing, the onward sharing prohibition in 
section 7 of the Confidentiality Arrangement Form is required by the 
CEA.
v. Means of Access
    In addition, the fact that the Commission is electing not to 
specify a particular means of ADRs and AFRs accessing swap data could 
result in SDRs providing a means of access other than a means preferred 
by ADRs and AFRs. This might impose additional costs on ADRs and AFRs 
relative to the potentially lesser costs of their preferred means of 
access.
    The Commission prescribing a particular means of access could 
result in costs to either ADRs/AFRs or SDRs. Specifically, costs borne 
by ADRs/AFRs might be shifted to SDRs or vice versa as a particular 
means of access changes. The Commission chooses to not force all SDRs 
to use a single means of providing access, thus requiring some or all 
SDRs to alter their systems, since it is not possible to distinguish a 
single means of access that would be preferable to all ADRs, AFRs and 
SDRs. Because of these uncertainties, the Commission is unable to 
quantify these costs but is able to identify such costs qualitatively. 
The Commission recognizes that allowing SDRs to choose the means by 
which they provide swap data access may impose costs of adapting to a 
particular means of access on ADRs and AFRs. However, given the large 
number of ADRs and AFRs who may seek SDR swap data access and the large 
potential variation in their preferred means of access, and given the 
limited number of SDRs and potential means of access, the Commission 
believes that ADRs and AFRs, in general, can more easily bear the 
burden of adapting to SDRs' choices of means of access than vice versa.
d. SDRs' Costs
i. Providing New Access Generally
    For SDRs, providing swap data access to so many potential ADRs and 
AFRs may be expensive. For example, SDRs may be forced to purchase new 
servers, hire new system administrators to oversee the new swap data/
system usage and troubleshoot related problems that may arise. 
Maintaining new records pursuant to new recordkeeping requirements also 
could require more resources. The requirement for an SDR not to provide 
swap data to an ADR or AFR unless the SDR has determined that the swap 
data is within the then-current scope of the ADR's or AFR's 
jurisdiction, as described in the appendix to the confidentiality 
arrangement required by Sec.  49.18(a), may cause SDRs to elect to 
create new methods for parsing swap data to comply with the requirement 
to so limit swap data access. Further, if the SDRs send data to ADRs 
and AFRs, then they will incur costs to transmit the data. These costs 
include the cost of expanding their capacity to disseminate data as 
well as the cost to parse existing data to verify that it is within the 
then-current scope of the ADR's or AFR's jurisdiction, as described in 
the appendix to the confidentiality arrangement required by Sec.  
49.18(a).
ii. Providing Notice to the Commission
    Current Sec.  49.17(d)(4)(i) requires SDRs to notify the Commission 
of any request for access to swap data from a particular ADR or AFR. 
The Commission's amendments would reduce that burden by permitting SDRs 
to notify the Commission only of the first such request by each ADR or 
AFR and of any request that does not comport with the scope of the 
ADR's or AFR's jurisdiction, as described in the appendix to the 
confidentiality arrangement required by Sec.  49.18(a). The obligation 
to notify the Commission of various other actions also will increase 
SDRs' costs, although to the extent that such notice obligations are 
not triggered, such cost increases would be tempered accordingly. 
Nevertheless, SDRs presumably would need to incur some costs to develop 
policies and procedures, and build out systems, to monitor potential 
events that would trigger the new notice requirements.
iii. Verifying That a Swap Data Request Is Within an ADR's/AFR's Scope 
of Jurisdiction
    Other SDR costs will include those related to SDRs determining that 
each access request by an ADR or AFR is within the scope of the ADR's 
or AFR's

[[Page 27434]]

jurisdiction, as required by Sec.  49.17(d)(4)(iii). This will require 
SDRs to expend resources to ensure that they do not improperly disclose 
swap data to an ADR or AFR. However, the Commission believes these 
costs will be mitigated substantially in at least two ways. First, 
Sec.  49.17(d)(4)(iv) provides that an SDR must make the scope of 
jurisdiction determination only once with respect to a recurring swap 
data request, thus ensuring no duplication of effort.\141\ Second, 
Sec.  49.17(d)(4)(iii) provides that the only source an SDR must 
consult in determining an ADR's or AFR's scope of jurisdiction is the 
appendix to the confidentiality arrangement required by Sec.  49.18(a). 
To the extent ADRs and AFRs provide lists of LEIs, and possibly also 
UPIs of swaps, within the scope of ADRs' and AFRs' jurisdiction, which 
the Commission continues to expect that they will, this would limit the 
resources SDRs must expend to verify whether swap data access requests 
are within the scope of an ADR's or AFR's jurisdiction.\142\ No legal 
analysis would be required on an SDR's part, greatly reducing potential 
costs. SDRs' costs would come from ensuring that the access they 
provide ADRs and AFRs to swap data via SDRs' systems is no greater than 
or less than the swap data to which ADRs and AFRs are entitled based on 
the scope of the ADRs' or AFRs' jurisdiction, as described in the 
appendix to the confidentiality agreement required by Sec.  49.18(a).
---------------------------------------------------------------------------

    \141\ However, if the request changes, each affected SDR must 
make a new determination. The Commission believes this is 
unavoidable due to requirement in CEA section 21(c)(7) that swap 
data be provided by SDRs to ADRs and AFRs on a confidential basis 
pursuant to section 8, and that any related costs flow from this 
statutory requirement.
    \142\ This assumes that ADRs and AFRs choose to develop such 
lists, which the Commission continues to anticipate that they would.
---------------------------------------------------------------------------

    The Commission believes that the use of LEIs, and potentially UPIs, 
to effectively determine which SDR swap data should be provided to 
ADRs/AFRs is a reasonable option, although it has some relatively minor 
drawbacks unrelated to the amendments in this final rule (e.g., some 
blank or incorrect data entries remain in LEI fields, LEIs are masked 
in a number of cases to reflect certain other jurisdictions' privacy 
law limits on disclosure, and the Commission has yet to designate a UPI 
and product classification system, and SDRs each have developed their 
own separate pre-UPI product identifiers in the interim). Despite those 
drawbacks, the Commission believes LEIs and pre-UPI product identifiers 
may be useful in describing ADRs' and AFRs' scopes of 
jurisdiction.\143\
---------------------------------------------------------------------------

    \143\ In addition, if the scope of an ADR's or AFR's 
jurisdiction supports receiving all swap data with respect to 
entities over which an ADR or AFR exercises oversight, the ADR or 
AFR may not need to use product identifiers at all--it may be able 
to use LEIs alone to describe the scope of its jurisdiction.
---------------------------------------------------------------------------

    The Commission acknowledges that lists of LEIs of ADRs' and AFRs' 
regulated entities and lists of UPIs or other product identifiers of 
swaps within ADRs' and AFRs' jurisdiction may have to be updated from 
time to time as regulated entities move in and out of ADRs' and AFRs' 
jurisdiction, ADRs' and AFRs' jurisdiction expands or contracts, swaps 
evolve, and new types of swaps are introduced. In these cases, for 
example, an ADR or AFR likely would have to modify periodically the 
list of LEIs and UPIs or product identifiers it gives to SDRs, imposing 
some costs on SDRs as they incorporate such changes (and imposing some 
costs on ADRs and AFRs to monitor their LEI and UPI or product 
identifier lists and update SDRs and the Commission periodically 
regarding any changes).
    The Commission continues to believe that the rule would further 
mitigate the costs to SDRs by permitting them to verify that a data 
access request falls within the scope of an ADR's or AFR's jurisdiction 
just once for a recurring request the details of which do not change. 
SDRs might incur additional costs, however, if the scope of an ADR's or 
AFR's jurisdiction, or other factors discussed in the prior paragraph, 
change. Such additional costs include some fraction of the costs, 
discussed above, of verifying that an ADR's or AFR's swap data access 
request falls within the scope of the ADR's or AFR's jurisdiction. 
Additionally, ADRs and AFRs would incur some costs to notify the 
Commission of changes in jurisdiction.
iv. Means of Access
    The Commission is not requiring SDRs to use a particular means of 
providing access to swap data to ADRs and AFRs. The Commission is not 
specifying a means of access because the Commission has allowed SDRs to 
build their systems as they saw fit and does not want to impose undue 
costs by requiring SDRs to all grant access via a specific means, which 
could impose greater costs on certain SDRs based on how they chose to 
build their systems.
    The Commission notes that SDRs already provide the Commission and 
the National Futures Association (``NFA'') with swap data access. Given 
that SDRs have already incurred many fixed costs in granting access to 
the Commission and NFA, in providing ADRs and AFRs access, the SDRs may 
benefit from economies of scale, reducing SDRs' costs. The rule would 
also mitigate SDRs' costs by permitting them to choose the means by 
which they will provide access to swap data to ADRs and AFRs. The 
Commission expects that SDRs would choose the lowest cost means of 
access consistent with their statutory obligation to provide ADRs and 
AFRs access to swap data and other constraints. The Commission 
continues to believe that it cannot forecast what these costs are 
because they depend on particulars of each SDR that the Commission 
still does not know. Further, the Commission anticipates that many of 
these particulars will change over time as various parties adapt to 
technological changes. However, the Commission has estimated costs 
where it can, based in part on comments it received in the SDR Letter, 
as discussed below.
v. Recordkeeping
    The Commission is amending current Sec.  49.17(d)(4)(i) to require 
SDRs to maintain records of the details of the initial, and all 
subsequent, requests for access to swap data from an ADR or AFR. Each 
SDR would have to maintain this information for the same period 
required for other SDR records. The Commission anticipates that such 
costs will be relatively small and anticipates using such data to, for 
example, monitor ADRs' and AFRs' access requests from time to time to 
ensure that they remain within the scope of their jurisdiction and, 
relatedly, to ensure that SDRs have been monitoring this access issue.
4. Response to Comments
    The Commission requested comments on all aspects of the NPRM and 
further requested that commenters provide any data or other information 
that would be useful in the estimation of the quantifiable costs and 
benefits of this rulemaking. The Commission received substantive 
comments from the SDR Commenters on the Commission's PRA burden hour 
estimates provided in the NPRM. Those comments are incorporated in the 
Commission's cost estimates for the burdens on SDRs, ADRs, and AFRs.
    The Commission is requiring, in Sec.  49.17(d)(4)(iii), that an SDR 
not provide an ADR or AFR access to swap data, unless the SDR has 
determined that the swap data is within the then-current scope of the 
ADR's or AFR's jurisdiction, as described in the appendix to the 
confidentiality

[[Page 27435]]

arrangement required by Sec.  49.18(a). The Commission received one 
comment estimating the burden on SDRs associated with setting up access 
restrictions to match an ADR's or AFR's described scope of 
jurisdiction.\144\ In the SDR Letter, CME estimated the initial setup 
cost to be between 400 and 950 hours for all ADRs and AFRs in the 
aggregate. The Commission believes it is reasonable to accept CME's 
estimate of 950 hours, as CME is an SDR and, as such, is familiar with 
the costs required for setting up such access restrictions. 
Consequently, for PRA and CBC purposes, the Commission estimates that 
SDRs would incur a total burden of 3,800 hours (i.e., the product of 
950 hours of time and four SDRs) associated with setting up SDR swap 
data access for all ADRs and AFRs. The Commission monetizes these 
burden hours at an hourly wage rate of $329 \145\ yielding a cost of 
approximately $1,250,200.
---------------------------------------------------------------------------

    \144\ See SDR Letter at 5, n.10.
    \145\ The hourly wage rate used to estimate the costs associated 
with these requirements is $329, which is a weighted average of 
salaries and bonuses across different professions from the SIFMA 
Report on Management & Professional Earnings in the Securities 
Industry 2013, modified to account for an 1800-hour work-year and 
multiplied by 5.35 to account for overhead and other benefits. The 
Commission-estimated appropriate wage rate is a weighted national 
average of salary and bonuses for professionals with the following 
titles (and their relative weight): ``programmer (senior)'' (10% 
weight); ``programmer'' (30%); ``compliance advisor (intermediate)'' 
(20%); ``compliance attorney'' (30%), and ``assistant/associate 
general counsel'' (10%).
---------------------------------------------------------------------------

    As noted in the PRA discussion above, the Commission estimates that 
each SDR would incur an annual burden of 480 hours associated with the 
requirement to maintain records of the details of the initial and all 
subsequent requests for data from an ADR or AFR, for a total of 1,920 
hours annually (i.e., the product of four SDRs and 480 hours). The 
Commission received one comment related to setup costs associated with 
its proposed recordkeeping requirements.\146\ The SDR Letter provided 
estimates for recordkeeping setup costs. CME subsequently provided 
updated estimates of the setup costs, which CME now estimates would be 
approximately 1,100-1,440 hours. The Commission believes it is 
reasonable to accept CME's estimate of 1,440 hours, as CME is an SDR 
and, as such, is familiar with the setup costs associated with SDR 
recordkeeping requirements. Therefore, the Commission estimates that 
initially each SDR may incur a burden of 1,440 hours associated with 
these recordkeeping requirements, for a total of 5,760 hours (i.e., the 
product of four SDRs and 1,440 hours). The Commission monetizes these 
burden hours by using a wage rate of $329 yielding a cost of 
$1,895,040. However, as discussed in this release, the recordkeeping 
requirements adopted herein may result in lower costs to the SDRs than 
estimated here, as the Commission is not requiring SDRs to keep records 
of all data reports provided in response to data requests, as it had 
proposed in the NPRM.
---------------------------------------------------------------------------

    \146\ See SDR Letter at 7, n.15.
---------------------------------------------------------------------------

5. Alternatives Considered
    As one alternative to comprehensive swap data safeguards, the 
Commission instead could have chosen to merely delete the 
indemnification references in its regulations. While that approach 
could have avoided imposing on ADRs, AFRs, and SDRs many of the costs 
related to protection of confidentiality discussed herein, it would 
have dramatically increased the risk of imposing on market participants 
and the public the costs discussed above in the first paragraph of 
section IV.C.4. and below in section IV.C.7.a.-c., which the Commission 
continues to believe is inconsistent with the historical importance 
Congress and the Commission have placed on protecting information 
covered by CEA section 8. Consequently, the Commission has determined 
to take the selected approach.
    The Commission also considered and rejected the idea of specifying 
a means of ADRs and AFRs accessing swap data. The Commission rejected 
this as being too prescriptive, given that the Commission previously 
permitted SDRs the discretion to build their systems as they saw fit 
and for the other reasons discussed above in the means of access 
discussion.
    The Commission also considered prohibiting SDRs from continuing to 
provide ADRs and AFRs swap data access during the period commencing 
with a contraction in an ADR's or AFR's scope of jurisdiction and 
considered reducing the time SDRs are permitted to update their systems 
to reflect the new jurisdiction. While the Commission retains the 
authority to do so, as stated above, it expects ADRs and AFRs will 
notify the Commission upon learning of a potential jurisdictional 
restriction. The Commission expects that, with such advance notice, 
SDRs can be more prepared to adjust their systems accordingly shortly 
after an ADR's or AFR's jurisdiction is limited. The Commission prefers 
to retain the discretion to address these situations, which it expects 
to be rare, case-by-case.
6. Consideration of CEA Section 15(a) Factors
    CEA section 15(a) requires the Commission to consider the costs and 
benefits of its actions before promulgating a regulation under the CEA 
or issuing certain orders. CEA section 15(a) further specifies that the 
costs and benefits shall be evaluated in light of the following five 
broad areas of market and public concern: (1) Protection of market 
participants and the public; (2) efficiency, competitiveness, and 
financial integrity of futures markets; (3) price discovery; (4) sound 
risk management practices; and (5) other public interest 
considerations. The Commission considers the costs and benefits 
resulting from its discretionary determinations with respect to the CEA 
section 15(a) factors.
a. Protection of Market Participants and the Public
    The Commission believes that the final rules will equip ADRs and 
AFRs to better understand the risks that are undertaken by their 
regulated entities, and thus be better positioned to take appropriate 
action as needed, because they will be able to better understand their 
regulatees' swap transactions by virtue of having access to SDR swap 
data.
    The Commission is adopting a number of safeguards to prevent market 
participants' swap data maintained at SDRs from being misappropriated 
or misused as a result of ADR and AFR access to such swap data. The 
safeguards include: Modifying the requirements for being an AFR; a 
requirement that the Commission issue a Determination Order for 
unenumerated authorities to obtain SDR swap data access; requiring 
authorities applying for a Determination Order to demonstrate that they 
are acting within the scope of their jurisdiction in seeking access to 
SDR swap data; imposing on ADRs and AFRs seeking access to swap data 
maintained by SDRs a number of required confidentiality safeguards; 
barring onward sharing of swap data; imposing on SDRs certain 
recordkeeping and reporting requirements; and ensuring the Commission's 
ability to revoke an ADR's or AFR's swap data access.
b. Efficiency, Competitiveness, and Financial Integrity of Futures 
Markets
    The Commission continues to believe that there will be little 
effect on efficiency, competiveness, and financial integrity of futures 
markets if swap data is properly protected from being

[[Page 27436]]

misappropriated or misused. While the Commission believes that the 
final rules adopted herein will properly protect swap data from being 
misappropriated or misused, the possibility of such misconduct cannot 
be eliminated entirely. If such misappropriation or misuse occurs, the 
efficiency and competitiveness of markets might be affected.
c. Price Discovery
    The Commission continues to believe that price discovery would not 
be affected by this rulemaking, provided that swap data is properly 
protected. However, the Commission notes that there might be some 
indirect effects on price discovery if the swap data protection 
safeguards in this rulemaking are ineffective. If such protections 
prove ineffective, market participants may be less willing to execute 
swaps, as their identities, strategies, and/or positions may be 
revealed. Ineffective data safeguards might harm price discovery if 
bid/ask spread widens as a result. If so, observed prices might become 
more volatile because they would oscillate between a wider bid/ask 
spread.
d. Sound Risk Management Practices
    Access to SDR swap data will help ADRs and AFRs to better 
understand the risks posed by their regulated entities. With access to 
such swap data, ADRs and AFRs can more comprehensively supervise 
entities that engage in swap trading and better understand their 
exposure to losses. Allowing more ADRs and AFRs to access SDR swap data 
may improve SDR data, too. This improvement might occur by facilitating 
research and analysis that ultimately leads to better risk management 
by market participants. This can occur through ADR/AFR research 
directed at improving the risk management techniques through, for 
instance, better metrics, instruments, and hedging techniques. Further, 
swaps data reporting may also be improved by ADRs and AFRs asserting 
their authority over their regulated entities to encourage or compel 
them to improve their swap data reporting and risk management.
e. Other Public Interest Considerations
    The Commission finds that the ministerial changes to Sec.  
49.17(d)(1) discussed above in section II.G.2. may benefit ADRs, AFRs 
and those persons seeking to become ADRs and AFRs by providing, in one 
place, a brief overview of all of the requirements applicable to such 
persons obtaining access to SDR swap data and the circumstances in 
which such requirements are not applicable.
    The Commission also finds that the ministerial changes that it is 
adopting to the bracketed text at the end of Appendix B to part 49 
(describing Exhibit A to the Confidentiality Arrangement Form), drawn 
from section II.D.2.c.i. of the preamble, may benefit ADRs and AFRs by 
also including in part 49 of the Commission regulations the 
instructions and guidance provided in the preamble as to how to 
describe their scopes of jurisdiction in practical terms SDRs can 
implement. As with the Commission's ministerial changes to Sec.  
49.17(d)(1), such simplification should make obtaining SDR swap data 
modestly less burdensome and costly for ADRs and AFRs by reducing their 
staff time needed to go through the process.
    The Commission is also making changes to Sec. Sec.  49.17(d)(6) and 
49.18(a) to promote the use of the Confidentiality Arrangement Form set 
forth in Appendix B, providing that the ability of an ADR or AFR to 
execute a confidentiality arrangement that is not in the form set forth 
in Appendix B to this part 49 is at the discretion of the Commission. 
To the extent that this clarification results in more ADRs and AFRs 
executing the Confidentiality Arrangement Form, the Commission expects 
that this could result in modest savings for ADRs and AFRs. The 
Commission also expects that using the Confidentiality Arrangement Form 
will save staff time in the negotiation and execution of alternative 
arrangements.
    Other than the foregoing, the Commission has not found any other 
public interest considerations to be implicated by this rulemaking.

D. Antitrust Considerations

    CEA section 15(b) requires the Commission to take into 
consideration the public interest to be protected by the antitrust laws 
and endeavor to take the least anticompetitive means of achieving the 
objectives of the CEA, in issuing any order or adopting any Commission 
rule or regulation.
    The Commission does not anticipate that the amendments to part 49 
that it is adopting today will result in anticompetitive behavior 
because, among other things, the Commission is allowing SDRs to 
determine which means of access they will use to provide ADRs and AFRs 
swap data access (thus, allowing SDRs to ``compete'' on that basis). 
However, in the NPRM the Commission encouraged comments from the public 
on any aspect of the proposal that may have had the potential to be 
inconsistent with the antitrust laws or be anticompetitive in nature.
    The Commission received no antitrust-related comments. 
Consequently, the Commission continues to not anticipate that the 
amendments to part 49 that it is adopting today will result in 
anticompetitive behavior.

List of Subjects in 17 CFR Part 49

    Swap data repositories; Registration and regulatory requirements; 
Access to swap data; Confidentiality; Commodity Exchange Act section 8.

    For the reasons stated in the preamble, the Commodity Futures 
Trading Commission amends 17 CFR part 49 as set forth below:

PART 49--SWAP DATA REPOSITORIES

0
1. The authority citation for part 49 is revised to read as follows:

    Authority:  7 U.S.C. 12a, and 24a, unless otherwise noted.

0
2. In Sec.  49.2, revise paragraph (a)(5) to read as follows:


Sec.  49.2   Definitions.

    (a) * * *
    (5) Foreign Regulator. The term ``foreign regulator'' means a 
foreign futures authority as defined in Section 1a(26) of the Act, 
foreign financial supervisors, foreign central banks, foreign 
ministries and other foreign authorities.
* * * * *

0
3. In Sec.  49.9, revise paragraph (a)(9) to read as follows:


Sec.  49.9   Duties of registered swap data repositories.

    (a) * * *
    (9) Upon request of Appropriate Domestic Regulators and Appropriate 
Foreign Regulators, provide access to swap data held and maintained by 
the swap data repository, as prescribed in Sec.  49.17;
* * * * *

0
4. In Sec.  49.17:
0
a. Revise paragraphs (a), (b)(1)(vii), (b)(2), and (c)(2);
0
b. Revise the first sentence of paragraph (c)(2) and the first sentence 
of paragraph (c)(3);
0
c. Revise paragraphs (d)(1) through (3), (d)(4)(i) through (iv), and 
(d)(5) and (6), (e) and (f); and
0
d. Add paragraphs (h) and (i).
    The revisions and addtions read as follows:


Sec.  49.17   Access to SDR data.

    (a) Purpose. This section provides a procedure by which the 
Commission,

[[Page 27437]]

other domestic regulators and foreign regulators may obtain access to 
the swap data held and maintained by registered swap data repositories. 
Except as specifically set forth in this section, the Commission's 
duties and obligations regarding the confidentiality of business 
transactions or market positions of any person and trade secrets or 
names of customers identified in Section 8 of the Act are not affected.
    (b) * * *
    (1) * * *
    (vii) Any other person the Commission determines to be appropriate 
pursuant to the process set forth in paragraph (h) of this section.
    (2) Appropriate Foreign Regulator. The term ``Appropriate Foreign 
Regulator'' shall mean those Foreign Regulators the Commission 
determines to be appropriate pursuant to the process set forth in 
paragraph (h) of this section.
* * * * *
    (c) * * *
    (2) Monitoring tools. A registered swap data repository is required 
to provide the Commission with proper tools for the monitoring, 
screening and analyzing of swap data, including, but not limited to, 
Web-based services, services that provide automated transfer of data to 
Commission systems, various software and access to the staff of the 
swap data repository and/or third-party service providers or agents 
familiar with the operations of the registered swap data repository, 
which can provide assistance to the Commission regarding data structure 
and content. * * *
    (3) Authorized users. The swap data provided to the Commission by a 
registered swap data repository shall be accessible only by authorized 
users. * * *
    (d) Other Regulators--(1) General Procedure for Gaining Access to 
Registered Swap Data Repository Data. Except as set forth in paragraph 
(d)(2) or (3) of this section--
    (i) A person who is not an Appropriate Domestic Regulator or an 
Appropriate Foreign Regulator and who seeks to gain access to the swap 
data maintained by a swap data repository is required to first become 
an Appropriate Domestic Regulator or Appropriate Foreign Regulator 
through the process set forth in paragraph (h) of this section, and
    (ii) Appropriate Domestic Regulators and Appropriate Foreign 
Regulators seeking to gain access to the swap data maintained by a swap 
data repository are required to apply for access by filing a request 
for access with the registered swap data repository and certifying that 
it is acting within the scope of its jurisdiction, comply with 
paragraph (d)(6) of this section prior to receiving such access and, if 
applicable after receiving such access, comply with the notification 
requirement in paragraph (d)(4)(iii) of this section applicable to 
Appropriate Domestic Regulators and Appropriate Foreign Regulators.
    (2) Domestic regulator with regulatory responsibility over a swap 
data repository. When a swap data repository that is registered with 
the Commission pursuant to this chapter is also registered with a 
domestic regulator pursuant to a separate statutory authority, and such 
domestic regulator seeks access to swap data that has been reported to 
such swap data repository pursuant to the domestic regulator's 
regulatory regime, such access is not subject to the requirements of 
sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or Sec.  
49.18.
    (3) Foreign Regulator with regulatory responsibility over a swap 
data repository. When a swap data repository that is registered with 
the Commission pursuant to this chapter is also registered with, or 
recognized or otherwise authorized by, a Foreign Regulator that has 
supervisory authority over such swap data repository pursuant to 
foreign law and/or regulation, and such Foreign Regulator seeks access 
to swap data that has been reported to such swap data repository 
pursuant to the Foreign Regulator's regulatory regime, such access is 
not subject to the requirements of sections 21(c)(7) or 21(d) of the 
Act, this paragraph (d) or Sec.  49.18.
    (4) * * *
    (i) A registered swap data repository shall notify the Commission 
promptly after receiving an initial request from an Appropriate 
Domestic Regulator or Appropriate Foreign Regulator to gain access to 
swap data maintained by such swap data repository and promptly after 
receiving any request that does not comport with the scope of the 
Appropriate Domestic Regulator's or Appropriate Foreign Regulator's 
jurisdiction, as described and appended to the confidentiality 
arrangement required by Sec.  49.18(a). Each registered swap data 
repository shall maintain records thereafter, pursuant to Sec.  49.12, 
of the details of such initial request and of all subsequent requests 
by such Appropriate Domestic Regulator or Appropriate Foreign Regulator 
for such access.
    (ii) The registered swap data repository shall notify the 
Commission electronically, in a format specified by the Secretary of 
the Commission, of the receipt of a request specified in paragraph 
(d)(4)(i) of this section.
    (iii) The registered swap data repository shall not provide an 
Appropriate Domestic Regulator or Appropriate Foreign Regulator access 
to swap data maintained by the swap data repository unless the swap 
data repository has determined that the swap data to which the 
Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks 
access is within the then-current scope of such Appropriate Domestic 
Regulator's or Appropriate Foreign Regulator's jurisdiction, as 
described and appended to the confidentiality arrangement required by 
Sec.  49.18(a). An Appropriate Domestic Regulator or Appropriate 
Foreign Regulator that has executed a confidentiality arrangement with 
the Commission pursuant to Sec.  49.18(a) and provided such 
confidentiality arrangement to one or more swap data repositories shall 
notify the Commission and each such swap data repository of any change 
to such Appropriate Domestic Regulator's or Appropriate Foreign 
Regulator's scope of jurisdiction as described in such confidentiality 
arrangement. The Commission may direct a swap data repository to 
suspend, limit, or revoke access to swap data maintained by such swap 
data repository based on any such change to such Appropriate Domestic 
Regulator's or Appropriate Foreign Regulator's scope of jurisdiction, 
and, if so directed in writing, such swap data repository shall so 
suspend, limit, or revoke such access.
    (iv) The registered swap data repository need not make the 
determination required pursuant to paragraph (d)(4)(iii) of this 
section more than once with respect to a recurring swap data request. 
If such request changes, the swap data repository must make a new 
determination pursuant to paragraph (d)(4)(iii) of this section.
    (5) Timing; Limitation, Suspension or Revocation of Swap Data 
Access. Once a registered swap data repository has--
    (i) Notified the Commission, pursuant to paragraphs (d)(4)(i) and 
(ii) of this section, of an initial request for swap data access by an 
Appropriate Domestic Regulator or Appropriate Foreign Regulator, as 
applicable, that was submitted pursuant to paragraph (d)(1) of this 
section,
    (ii) Received from such Appropriate Domestic Regulator or 
Appropriate Foreign Regulator a confidentiality arrangement executed by 
the Commission and such Appropriate Domestic Regulator or Appropriate 
Foreign Regulator as required by Sec.  49.18(a), and

[[Page 27438]]

    (iii) Satisfied its obligations under paragraph (d)(4)(iii) of this 
section, such swap data repository shall provide access to the 
requested swap data; provided, however, that such swap data repository 
shall, if directed by the Commission in writing, limit, suspend or 
revoke such access should the Commission limit, suspend or revoke the 
appropriateness determination for such Appropriate Domestic Regulator 
or Appropriate Foreign Regulator or otherwise direct the swap data 
repository, in writing, to limit, suspend or revoke such access.
    (6) Confidentiality Arrangement. Consistent with Sec.  49.18(a), 
the Appropriate Domestic Regulator or Appropriate Foreign Regulator 
shall, prior to receiving access to any requested swap data, execute 
the form of confidentiality arrangement set out in Appendix B of this 
part with the Commission; provided, however, that the Commission may, 
in its discretion, agree to execute a confidentiality arrangement with 
an Appropriate Domestic Regulator or Appropriate Foreign Regulator that 
is not in the form set forth in Appendix B of this part, if the 
confidentiality arrangement is consistent with the requirements set 
forth in Sec.  49.18(b).
    (e) Third-party service providers to a registered swap data 
repository. Access to the swap data and SDR Information maintained by a 
registered swap data repository may be necessary for certain third 
parties that provide various technology and data-related services to a 
registered swap data repository. Third-party access to the swap data 
and SDR Information maintained by a swap data repository is permissible 
subject to the following conditions:

    (1) Both the registered swap data repository and the third party 
service provider shall have strict confidentiality procedures that 
protect swap data and SDR Information from improper disclosure.
    (2) Prior to a registered swap data repository granting access to 
swap data or SDR Information to a third-party service provider, the 
third-party service provider and the registered swap data repository 
shall execute a confidentiality agreement setting forth minimum 
confidentiality procedures and permissible uses of the swap data and 
SDR Information maintained by the swap data repository that are 
equivalent to the privacy procedures for swap data repositories 
outlined in Sec.  49.16.
    (f) Access by market participants--(1) General. Access by market 
participants to swap data maintained by the registered swap data 
repository is prohibited other than as set forth in paragraph (f)(2) of 
this section.
    (2) Exception. Swap data and information related to a particular 
swap that is maintained by the registered swap data repository may be 
accessed by either counterparty to that particular swap. However, the 
swap data and information maintained by the registered swap data 
repository that may be accessed by either counterparty to a particular 
swap shall not include the identity or the legal entity identifier (as 
such term is used in part 45 of this chapter) of the other counterparty 
to the swap, or the other counterparty's clearing member for the swap, 
if the swap is executed anonymously on a swap execution facility or 
designated contract market, and cleared in accordance with Commission 
regulations in Sec. Sec.  1.74, 23.610, and 37.12(b)(7) of this 
chapter.
* * * * *
    (h) Appropriateness determination process. (1) Each person seeking 
an appropriateness determination pursuant to this paragraph shall file 
an application with the Commission.
    (2) Each applicant seeking an appropriateness determination shall 
provide sufficient detail in its application to permit the Commission 
to analyze whether the applicant is acting within the scope of its 
jurisdiction in seeking access to swap data maintained by a registered 
swap data repository, and whether the applicant employs appropriate 
confidentiality safeguards to ensure that any swap data such applicant 
receives from a registered swap data repository will not, except as 
allowed for in the form of confidentiality arrangement set forth in 
Appendix B to this part 49, be disclosed.
    (3) If the Commission determines that an applicant pursuant to this 
paragraph is, conditionally or unconditionally, appropriate for 
purposes of CEA section 21(c)(7), the Commission shall issue an order 
setting forth its appropriateness determination. The Commission shall 
not determine that an applicant pursuant to this paragraph is 
appropriate unless the Commission is satisfied that--
    (i) The applicant employs appropriate confidentiality safeguards to 
ensure that any swap data such applicant receives from a registered 
swap data repository will not be disclosed, except as allowed for in 
the form of confidentiality arrangement set forth in Appendix B to this 
part 49 or, in the Commission's discretion as set forth in paragraph 
(d)(6) of this section, in a different form, provided that such 
confidentiality arrangement contains the elements required in Sec.  
49.18(b), and
    (ii) Such applicant is acting within the scope of its jurisdiction 
in seeking access to swap data from a registered swap data repository.
    (4) The Commission reserves the right, in connection with any 
appropriateness determination with respect to an Appropriate Domestic 
Regulator or Appropriate Foreign Regulator, to revisit, reassess, 
limit, suspend or revoke such determination consistent with the Act.
    (i) Delegation of Authority Relating to Certain matters in this 
section. (1) The Commission hereby delegates, until such time as the 
Commission orders otherwise, the following functions to the Director of 
the Division of Market Oversight and to such members of the 
Commission's staff acting under his or her direction as he or she may 
designate from time to time: All functions reserved to the Commission 
in this section.
    (2) The Director of the Division of Market Oversight may submit any 
matter which has been delegated under paragraph (i)(1) of this section 
to the Commission for its consideration.
    (3) Nothing in this section may prohibit the Commission, at its 
election, from exercising the authority delegated under paragraph 
(i)(1) of this section.


0
5. Revise Sec.  49.18 to read as follows:


Sec.  49.18   Confidentiality arrangement.

    (a) Confidentiality arrangement required prior to disclosure of 
swap data by a registered swap data repository to an Appropriate 
Domestic Regulator or Appropriate Foreign Regulator. Prior to a 
registered swap data repository providing access to swap data to any 
Appropriate Domestic Regulator or Appropriate Foreign Regulator, each 
as defined in Sec.  49.17(b), the swap data repository shall receive 
from such Appropriate Domestic Regulator or Appropriate Foreign 
Regulator, pursuant to Section 21(d) of the Act, an executed 
confidentiality arrangement between the Commission and the Appropriate 
Domestic Regulator or Appropriate Foreign Regulator, as applicable, in 
the form set forth in Appendix B to this part 49 or, in the 
Commission's discretion as set forth in Sec.  49.17(d)(6), in a 
different form, provided that such confidentiality arrangement contains 
the elements required in paragraph (b) of this section. Such 
confidentiality arrangement must include, either as Exhibit A to the 
form set forth in Appendix B of this part or similarly appended, a 
description of the Appropriate Domestic Regulator's or

[[Page 27439]]

Appropriate Foreign Regulator's jurisdiction. Once a registered swap 
data repository is notified, in writing, that a confidentiality 
arrangement received from an Appropriate Domestic Regulator or 
Appropriate Foreign Regulator no longer is in effect, the swap data 
repository shall not provide access to swap data to such Appropriate 
Domestic Regulator or Appropriate Foreign Regulator.
    (b) Elements of confidentiality arrangement. The confidentiality 
arrangement required pursuant to paragraph (a) of this section shall, 
at a minimum, include all elements included in the form of 
confidentiality arrangement set forth in appendix B of this part.
    (c) Reporting failures to fulfill the terms of a confidentiality 
arrangement. A registered swap data repository shall immediately report 
to the Commission any known failure to fulfill the terms of a 
confidentiality arrangement that it receives pursuant to paragraph (a) 
of this section.
    (d) Failures to fulfill the terms of the confidentiality 
arrangement. The Commission may, if an Appropriate Domestic Regulator 
or Appropriate Foreign Regulator fails to fulfill the terms of a 
confidentiality arrangement described in paragraph (a) of this section, 
direct, in writing, each registered swap data repository to limit, 
suspend or revoke such Appropriate Domestic Regulator's or Appropriate 
Foreign Regulator's access to swap data held by such swap data 
repository.
    (e) Delegation of authority relating to certain matters in this 
section. (1) The Commission hereby delegates, until such time as the 
Commission orders otherwise, the following functions to the Director of 
the Division of Market Oversight and to such members of the 
Commission's staff acting under his or her direction as he or she may 
designate from time to time: All functions reserved to the Commission 
in this section.
    (2) The Director of the Division of Market Oversight may submit any 
matter which has been delegated under paragraph (e)(1) of this section 
to the Commission for its consideration.
    (3) Nothing in this section may prohibit the Commission, at its 
election, from exercising the authority delegated under paragraph 
(e)(1) of this section.


0
6. In Sec.  49.22, revise paragraph (d)(4) to read as follows:


Sec.  49.22   Chief compliance officer.

* * * * *
    (d) * * *
    (4) Taking reasonable steps to ensure compliance with the Act and 
Commission regulations relating to agreements, contracts, or 
transactions, and with Commission regulations under Section 21 of the 
Act, including confidentiality arrangements received by the chief 
compliance officer's registered swap depository pursuant to Sec.  
49.18(a);
* * * * *


0
7. Add appendix B to part 49 to read as follows:

Appendix B to Part 49--Confidentiality Arrangement for Appropriate 
Domestic Regulators and Appropriate Foreign Regulators To Obtain Access 
To Swap Data Maintained by Registered Swap Data Respositories Pursuant 
to Sec. Sec.  49.17(d)(6) and 49.18(a)
[GRAPHIC] [TIFF OMITTED] TR12JN18.000

    The U.S. Commodity Futures Trading Commission (``CFTC'') and the 
[name of foreign/domestic regulator (``ABC'')] (each an 
``Authority'' and collectively the ``Authorities'') have entered 
into this Confidentiality Arrangement (``Arrangement'') in 
connection with [whichever is applicable] [CFTC Regulation 
49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to 
[ABC] (``Order'')] and any request for swap data by [ABC] to any 
swap data repository (``SDR'') registered with the CFTC.

Article One: General Provisions

    1. ABC is permitted to request and receive swap data directly 
from a registered SDR (``Swap Data'') on the terms and subject to 
the conditions of this Arrangement.
    2. This Arrangement is entered into to fulfill the requirements 
under Section 21(d) of the Commodity Exchange Act (``Act'') and CFTC 
Regulation 49.18. Upon receipt by a registered SDR, this Arrangement 
will satisfy the requirement for a written agreement pursuant to 
Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This 
Arrangement does not apply to information that is [reported to a 
registered SDR pursuant to [ABC]'s regulatory regime where the SDR 
also is registered with [ABC] pursuant to separate statutory 
authority, even if such information also is reported pursuant to the 
Act and CFTC regulations][reported to a registered SDR pursuant to 
[ABC]'s regulatory regime where the SDR also is registered with, or 
recognized or otherwise authorized by, [ABC], which has supervisory 
authority over the repository pursuant to foreign law and/or 
regulation, even if such information also is reported pursuant to 
the Act and CFTC regulations.] \1\
---------------------------------------------------------------------------

    \1\ The first bracketed phrase will be used for ADRs; the second 
will be used for AFRs. The inapplicable phrase will be deleted.
---------------------------------------------------------------------------

    3. This Arrangement is not intended to limit or condition the 
discretion of an Authority in any way in the discharge of its 
regulatory responsibilities or to prejudice the individual 
responsibilities or autonomy of any Authority.
    4. This Arrangement does not alter the terms and conditions of 
any existing arrangements.

Article Two: Confidentiality of Swap Data

    5. ABC will be acting within the scope of its jurisdiction in 
requesting Swap Data and employs procedures to maintain the 
confidentiality of Swap Data and any information and analyses 
derived therefrom (collectively, the ``Confidential Information''). 
ABC undertakes to notify the CFTC and each relevant SDR promptly of 
any change to ABC's scope of jurisdiction.
    6. ABC undertakes to treat Confidential Information as 
confidential and will employ safeguards that:
    a. To the maximum extent practicable, identify the Confidential 
Information and maintain it separately from other data and 
information;
    b. Protect the Confidential Information from misappropriation 
and misuse;
    c. Ensure that only authorized ABC personnel with a need to 
access particular Confidential Information to perform their job

[[Page 27440]]

functions related to such Confidential Information have access 
thereto, and that such access is permitted only to the extent 
necessary to perform their job functions related to such particular 
Confidential Information;
    d. Prevent the disclosure of aggregated Confidential 
Information; provided, however, that ABC is permitted to disclose 
any sufficiently aggregated Confidential Information that is 
anonymized to prevent identification, through disaggregation or 
otherwise, of a market participant's business transactions, trade 
data, market positions, customers or counterparties;
    e. Prohibit use of the Confidential Information by ABC personnel 
for any improper purpose, including in connection with trading for 
their personal benefit or for the benefit of others or with respect 
to any commercial or business purpose; and
    f. Include a process for monitoring compliance with the 
confidentiality safeguards described herein and for promptly 
notifying the CFTC, and each SDR from which ABC has received Swap 
Data, of any violation of such safeguards or failure to fulfill the 
terms of this Arrangement.
    7. Except as provided in Paragraphs 6.d. and 8, ABC will not 
onward share or otherwise disclose any Confidential Information.
    8. ABC undertakes that:
    a. If a department, central bank, or agency of the Government of 
the United States, it will not disclose Confidential Information 
except in an action or proceeding under the laws of the United 
States to which it, the CFTC, or the United States is a party;
    b. If a department or agency of a State or political subdivision 
thereof, it will not disclose Confidential Information except in 
connection with an adjudicatory action or proceeding brought under 
the Act or the laws of [name of either the State or the State and 
political subdivision] to which it is a party; or
    c. If a foreign futures authority or a department, central bank, 
ministry, or agency of a foreign government or subdivision thereof, 
or any other Foreign Regulator, as defined in Commission Regulation 
49.2(a)(5), it will not disclose Confidential Information except in 
connection with an adjudicatory action or proceeding brought under 
the laws of [name of country, political subdivision, or (if a 
supranational organization) supranational lawmaking body] to which 
it is a party.
    9. Prior to complying with any legally enforceable demand for 
Confidential Information, ABC will notify the CFTC of such demand in 
writing, assert all available appropriate legal exemptions or 
privileges with respect to such Confidential Information, and use 
its best efforts to protect the confidentiality of the Confidential 
Information.
    10. ABC acknowledges that, if it does not fulfill the terms of 
this Arrangement, the CFTC may direct any registered SDR to suspend 
or revoke ABC's access to Swap Data.
    11. ABC will comply with all applicable security-related 
requirements imposed by an SDR in connection with access to Swap 
Data maintained by the SDR, as such requirements may be revised from 
time to time.
    12. ABC will promptly destroy all Confidential Information for 
which it no longer has a need or which no longer falls within the 
scope of its jurisdiction, and will certify to the CFTC, upon 
request, that ABC has destroyed such Confidential Information.

Article Three: Administrative Provisions

    13. This Arrangement may be amended with the written consent of 
the Authorities.
    14. The text of this Arrangement will be executed in English, 
and may be made available to the public.
    15. On the date this Arrangement is signed by the Authorities, 
it will become effective and may be provided to any registered SDR 
that holds and maintains Swap Data that falls within the scope of 
ABC's jurisdiction.
    16. This Arrangement will expire 30 days after any Authority 
gives written notice to the other Authority of its intention to 
terminate the Arrangement. In the event of termination of this 
Arrangement, Confidential Information will continue to remain 
confidential and will continue to be covered by this Arrangement.
    This Arrangement is executed in duplicate, this ___ day of ___.

-----------------------------------------------------------------------
[name of Chairman]

Chairman
U.S. Commodity Futures Trading Commission

-----------------------------------------------------------------------
[name of signatory]

[title]
[name of foreign/domestic regulator]

    [Exhibit A: Description of Scope of Jurisdiction. If ABC is not 
enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must 
attach the Determination Order received from the Commission pursuant 
to Commission Regulation 49.17(h). If ABC is enumerated in 
Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a 
sufficiently detailed description of the scope of ABC's jurisdiction 
as it relates to Swap Data maintained by SDRs. In both cases, the 
description of the scope of jurisdiction must include elements 
allowing SDRs to establish, without undue obstacles, objective 
parameters for determining whether a particular Swap Data request 
falls within such scope of jurisdiction. Such elements could include 
LEIs of all jurisdictional entities and could also include UPIs of 
all jurisdictional products or, if no CFTC-approved UPI and product 
classification system is yet available, the internal product 
identifier or product description used by an SDR from which Swap 
Data is to be sought.]

    Issued in Washington, DC, on June 5, 2018, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.


    Note:  The following appendicies will not appear in the Code of 
Federal Regulations.

Appendicies to Amendments to the Swap Data Access Provisions of Part 49 
and Certain Other Matters--Commission Voting Summary, Chairman's 
Statement, and Commissioner's Statement

Appendix 1--Commission Voting Summary

    On this matter, Chairman Giancarlo and Commissioners Quintenz 
and Behnam voted in the affirmative. No Commissioner voted in the 
negative.

Appendix 2--Statement of Chairman J. Christopher Giancarlo

    Eight years ago, Congress included in the Dodd-Frank Act a 
requirement that foreign and domestic regulators indemnify SDRs and 
the Commission for any expenses arising from litigation relating to 
the information provided by SDRs. Foreign and domestic regulators 
were unable or unwilling to provide this indemnification hindering 
the ability to share swaps data. The indemnification requirement 
also hindered the ability of foreign and domestic regulators to 
access SDR data to assess risks their regulated entities are 
assuming, and the impact of such risks on the broader markets.
    I am pleased that Congress has since amended the Dodd-Frank Act 
to take out the indemnification requirement. We therefore can change 
our regulations accordingly, which we propose to do today.
    In addition to the removal of the indemnification requirement, 
the final rule adds a category of ``other regulators'' that the 
Commission may deem to be appropriate to receive access to SDR swap 
data.
    The final rule sets out the process by which appropriateness is 
determined for those entities that are not already specifically 
enumerated. This process is a change to current Commission 
regulations, as it would apply to any such entity, including 
domestic regulators not enumerated in Commission regulations and 
foreign regulators.
    The statute also now requires a SDR to receive a written 
agreement from each requesting entity stating that the entity shall 
abide by the confidentiality requirements described in the CEA prior 
to sharing information with the requesting entity. Commission 
regulations currently require the SDR and the requesting regulator 
to execute a confidentiality agreement, but do not provide a form or 
details of such an agreement.
    The final rule modifies the current Commission regulations by 
providing a form of confidentiality arrangement, as Appendix B to 
part 49, and by requiring the confidentiality arrangement to be 
between the requesting regulator and the Commission. The Commission 
expects that this will benefit SDRs in that most, if not all, 
confidentiality arrangements will be exactly the same, and the 
Commission will be in the place of entering into the confidentiality 
agreements with regulators.
    We received comments from the affected CFTC-registered SDRs on 
the proposed rule that I believe that we have sufficiently 
addressed. The final regulations provide

[[Page 27441]]

long-awaited clarity to the official sector regarding the CFTC's 
requirements to determine access to, and safeguard the 
confidentiality of, transactional information reported to SDRs.
    In my experience as a Commissioner and Chairman of the CFTC, I 
have found, as have other foreign and domestic regulators, that 
conducting oversight of global derivatives markets can be difficult 
as a result of the current fragmented financial regulatory 
structure. In this regard, I expect that the final rule will enable 
authorities to enhance their oversight of derivatives markets across 
product and asset classes by marrying up the trading and position 
data they receive from regulated entities with the data sets 
obtained directly from SDRs. In so doing, I believe we have made 
significant progress towards cross-border data sharing and enhancing 
transparency in the global swaps market.
    Because today's swaps markets are global in scope, utilizing the 
data and information available in only one jurisdiction does not 
provide a complete picture of cross border trading activity and 
systemic risk. To that end, I expect that CFTC staff will seek to 
facilitate access to SDR data for authorities with which we have a 
history of regulatory assistance and that similarly seek to 
facilitate CFTC access to data maintained by trade repositories in 
their jurisdiction. Such data sharing represents an opportunity for 
greater cooperation among market and prudential regulators, as well 
as among foreign and domestic regulators, providing more effective 
financial market oversight, expanding data driven policymaking, and 
improving early warning systems to reduce the probability or 
severity of a financial crisis.
    These regulations will have a direct positive impact on the 
operational readiness of the official sector, providing authorities 
with critical information to make sound near-term and long-term 
policy and oversight decisions.
    I am particularly pleased that this rule represents a final step 
in eliminating a major legal impediment to sharing swaps market data 
with overseas regulators. The Dodd-Frank Act's original insistence 
on an indemnification requirement may have been well-intentioned to 
protect the safety of data held in SDRs, but Congress wisely 
determined that any such benefit is outweighed by the greater public 
interest of allowing international regulators to share and access 
information to carry out the regulatory and supervisory functions 
necessary to protect the global financial markets.
    It is essential that policymakers in other jurisdictions make 
determinations similar to these before us today concerning current 
legal barriers to information sharing. Even a law, like the new EU 
General Data Protection Regulation (GDPR), which has laudable 
objectives, must not be applied in ways that hinder the sharing and 
access of information between European and U.S. regulators for 
regulatory and supervisory purposes. Such a result could have 
dangerous implications for our global markets. I hope today's action 
by the CFTC will encourage international regulators and policymakers 
to take affirmative steps to address other existing legal barriers 
to information sharing and access.

Appendix 3--Supporting Statement of Commissioner Brian D. Quintenz

    I support today's final rule addressing indemnification and 
amendments to the swap data access provisions of Part 49. I would 
like to thank the staff in our Division of Market Oversight for 
their work to amend Part 49 of the Commission's Regulations to 
implement provisions of the Fixing America's Surface Transportation 
Act of 2015 (Fast Act) \1\.
---------------------------------------------------------------------------

    \1\ Public Law 114-94, 129 Stat 1312 (Dec. 4, 2015).
---------------------------------------------------------------------------

    The Fast Act amended provisions of Title VII of the Dodd-Frank 
Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank 
Act) \2\ that proved unworkable. Most significantly, the Fast Act 
repealed the Dodd-Frank Act's requirement that to obtain data from 
swap data repositories (SDR) registered with the CFTC, domestic and 
foreign authorities must indemnify the CFTC and SDRs from any claims 
arising from a SDR's production of information to those authorities. 
Foreign regulators unfamiliar with the U.S. tort law concept of 
``indemnification'' that is inconsistent with their traditions and 
legal structures, have opted against requesting any information from 
SDRs. Domestic regulators have also opted against requesting 
information from SDRs because of the indemnification requirement. 
Removing the indemnification requirement will facilitate the sharing 
of SDR information with domestic and foreign authorities and better 
enable regulators in the United States and abroad to monitor risk 
across the global financial system.
---------------------------------------------------------------------------

    \2\ Public Law 111-203, 124 Stat 1376 (July 21, 2010).

[FR Doc. 2018-12377 Filed 6-11-18; 8:45 am]
 BILLING CODE 6351-01-P