[Federal Register Volume 88, Number 145 (Monday, July 31, 2023)]
[Notices]
[Pages 49545-49548]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-16118]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-97974; File No. SR-ICEEU-2023-018]
Self-Regulatory Organizations; ICE Clear Europe Limited; Notice
of Filing of Proposed Rule Change, as Modified by Amendment No. 1 and
Partial Amendment No. 2, Relating to Amendments to the Outsourcing
Policy
July 25, 2023.
Pursuant to Section 19(b)(1) of the Securities Exchange Act of
1934,\1\ and Rule 19b-4 thereunder,\2\ notice is hereby given that on
July 10, 2023, ICE Clear Europe Limited (``ICE Clear Europe'' or the
``Clearing House'') filed with the Securities and Exchange Commission
(``Commission'') the proposed rule changes described in Items I, II and
III below, which Items have been primarily prepared by ICE Clear
Europe. On July 11, 2023, ICE Clear Europe filed Amendment No. 1 to the
proposed rule change to make certain changes to the Form 19b-4 and
Exhibit 1A for file no. SR-ICEEU-2023-018.\3\ On July 24, 2023, ICE
Clear Europe filed Partial Amendment No. 2 to the proposed rule change
to make a certain change to Exhibit 5 of file no. SR-ICEEU-2023-018.\4\
The Commission is publishing this notice to solicit comments on the
proposed rule change, as modified by Amendment No. 1 and Partial
Amendment No. 2 (hereafter, ``the proposed rule change''), from
interested persons.
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 17 CFR 240.19b-4.
\3\ Amendment No. 1 amends and restates in its entirety the Form
19b-4 and Exhibit 1A to correct the narrative description of the
proposed rule change. Amendment No. 1 did not change the purpose or
basis of the proposed rule change.
\4\ Partial Amendment No. 2 amends and restated in its entirety
Exhibit 5 to correct an inadvertent omission of a single word.
Partial Amendment No. 2 did not change the purpose or basis of the
proposed rule change.
---------------------------------------------------------------------------
I. Clearing Agency's Statement of the Terms of Substance of the
Proposed Rule Change
ICE Clear Europe Limited (``ICE Clear Europe'' or the ``Clearing
House'') is proposing to amend its Outsourcing Policy (to be renamed
the Outsourcing and Third Party Risk Management Policy) (the
``Outsourcing Policy'' or ``Policy'').\5\ The amendments would broaden
the coverage of the Policy to address third party service provider
arrangements that may not technically constitute outsourcing, to
enhance third party risk management, to add the execution of risk
assessments and to update the Document Governance and Exception
Handling language, among other changes discussed herein.
---------------------------------------------------------------------------
\5\ Capitalized terms used but not defined herein have the
meanings specified in the ICE Clear Europe Clearing Rules and the
Outsourcing Policy.
---------------------------------------------------------------------------
II. Clearing Agency's Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Change
In its filing with the Commission, ICE Clear Europe included
statements concerning the purpose of and basis for the proposed rule
change and discussed any comments it received on the proposed rule
change. The text of these statements may be examined at the places
specified in Item IV below. ICE Clear Europe has prepared summaries,
set forth in sections (A), (B), and (C) below, of the most significant
aspects of such statements.
(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Change
(a) Purpose
ICE Clear Europe is proposing to amend its Outsourcing Policy (to
be renamed the Outsourcing and Third Party Risk Management Policy) to
extend coverage of the policy to include risk management of third party
arrangements that may not constitute outsourcing. The purpose of the
Policy would reflect this change by clarifying that the Policy would
generally extend to arrangements in which services are provided by
third parties to the Clearing House, whether or not such services are
considered outsourcing, including to assessing the risks of such
services.
The Outsourcing Policy would clarify its definition of outsourcing
in the introduction section to be the use of third party service
providers (which could be an external party or an affiliate), either
directly or through sub-outsourcing, to provide a service that would
otherwise be performed by ICE Clear Europe itself and is therefore
subject to the Board's oversight. The amendment would further clarify
that the Clearing House would remain responsible for discharging its
obligations with respect to the outsourced activities, the outsourcing
arrangement would not result in the
[[Page 49546]]
delegation of the Clearing House's responsibility, and the outsourced
activities would conform to the same standards that would be required
if the activities were completed internally. The amendments would also
clarify the distinction between an outsourcing and a purchasing
arrangement, which would not involve an arrangement otherwise performed
by the Clearing House and therefore would not typically be subject to
Board oversight.
The amendments would also clarify the distinction between external
third party providers of services and affiliated providers. The Policy
would add a definition for third party, which would cover any
organization (whether or not affiliated) that has entered into a
relationship or contract with the Clearing House to provide products,
services, processes, activities or business functions. Use of external
third parties (i.e., those not affiliated with the Clearing House)
would be managed consistently at the group level through the existing
Vendor Management Policy (``VMP''). It would further clarify that
outsourcing through the Clearing House's affiliates presents a lower
residual risk profile because, among listed reasons in the existing
Policy, the affiliates would have a similar higher standard of
operational resilience generally (as opposed to referring only to
business continuity) and the Clearing House would also have greater
influence (as well as control) over the operation of the affiliate's
services. These amendments are intended to more clearly describe
current practice under the existing Policy.
The amendments would revise statements in the existing Policy
relating to objectives, assessments of service providers in various
situations (including regulated parties and parties in different
jurisdictions), management of outsourcing, conflicts of interest and
audit to also extend to other third party service arrangements. The
amendments would reference the Clearing House's outsourcing operating
manual (renamed to reflect the broader goal of third party risk
management as well of outsourcing). As so revised, the Policy would
state that contracting with third parties is covered consistently at a
group level under the VMP. The amendments would clarify, consistent
with current practice, that ICE Clear Europe would use the VMP process
as an input for the risk-based assessment of each service provider. The
amendments would also provide that the Clearing House would make the
third parties aware of relevant internal policies to gain a better
understanding of the obligations and services expected. For contracting
with affiliates, the amendments would clarify that the relevant
assessment would be made by ICE Clear Europe, in accordance with its
ordinary governance practices (and not necessarily by the senior
management). The revised Policy would state that ICE Clear Europe would
follow its Conflicts of Interest Policy when managing any potential
conflicts of interests as a result of its service arrangements. (This
reflects current practice but would add an appropriate reference in the
Policy to the Conflicts of Interest Policy.) With respect to cloud
outsourcing, the amendments would add that ICE Clear Europe would
consider any risks related to the Clearing Members connecting to the
Clearing House through cloud service providers.
The Policy would also include a new Risk Assessments section that
would set out the proportional risk assessment that would be performed
on a service provider in order to identify, measure and mitigate risks.
The section would include certain considerations (although not limited
to those listed) that include whether the service is a critical or
important function or a dependence to the delivery of one of ICE Clear
Europe's services, whether the activity is outsourcing, whether the
service relies on cloud-based technology that may pose new or
additional risks, whether the service provider is an external third
party or an affiliate, the legal jurisdiction of the service provider,
conflicts of interest, operational resilience considerations, data
security, exit plans, contractual terms, and availability of
alternative or back-up providers, among others. For outsourced or
critical non-outsourced services, this assessment would be performed at
least annually and on an ad-hoc basis following a material incident or
service disruption event or material service agreement breach. This
would include comparing the performance of the service provider against
the agreed service levels. The responsibilities of risk assessments and
related testing would be overseen by the Clearing House's Chief
Operating Officer or delegate, with ownership of each service and the
related resiliency arrangements resting with the relevant Head of
Department.
The amendments would clarify and expand certain provisions relating
to identification of critical or important functions, including to
extend the existing provisions to apply to acquired services generally
and not only outsourcing. In identifying critical or important
functions the amendments would add that the Clearing House would
consider continuity of ICE Clear Europe's important business services
or operation as a CCP that could in turn threaten the Clearing House's
financial stability or impact its resolvability. A third party would be
treated as critical if it is contracted to perform such a critical
function. Criticality would be reassessed on at least an annual basis.
The revised Policy would also acknowledge that any outsourcing of
critical or important functions could have an effect on the operational
resilience measures of the Clearing House more generally (and not
merely the narrower category of business continuity). The revised
Policy further clarifies that exit plans for critical and important
functions would be periodically tested. As part of its operational
resilience framework, the Clearing House would examine purchased
services as well as outsourced or sub-outsourced services that are a
dependence for the Clearing House's important business services. In
addition, the operational resilience framework would include extreme
but plausible test scenarios resulting from the disruption of critical
third party services.
The Policy would also make various amendments to the discussion of
additional important considerations for the Clearing House to ensure
that considerations would be given to important business services and
critical functions that are affected by third party service
arrangements, including with respect to business continuity
arrangements, incident management responsiveness and reporting,
independent assurances, redundancies, notice periods and exit
strategies. The amendments would add a new section on Contractual
Agreements. The section would add that for outsourcing arrangements in
particular, the Clearing House's legal team would review any written
service agreements to confirm the inclusion of all relevant contractual
safeguards so that ICE Clear Europe could monitor relevant risks,
regulatory requirements and expectations. The aim would be for the
agreements to outline the rights, obligations, and responsibilities of
all the parties, and include provisions associated with data security,
access, audit and information rights, sub-outsourcing, service
resilience, service levels, incident management, termination and exit
plans. Arrangements for purchased services should be similarly
reviewed, but the Policy would acknowledge that some purchased services
may be subject to non-negotiable terms set by the third party. This
situation would be considered during the pre-execution risk assessment
phase. The Outsourcing
[[Page 49547]]
Policy would also set out that ICE Clear Europe would periodically
exercise its audit rights under agreements relating to outsourcing
arrangements, perform audits as appropriate which could include on-site
visits.
Provisions relating to Board oversight would be revised to provide
that the Board must approve new or materially amended outsourcing
arrangements. Certain clarifications would be made to the requirements
for the annual outsourcing assessment report to be prepared by the
Chief Operating Officer, including the addition of a summary of
critical non-outsourcing services received. A new provision would be
added setting out that ICE Clear Europe will engage with regulatory
authorities before executing or materially amending a critical service
arrangement with regard to the relevant regulatory requirements or
expectations.
Finally, the amendments would make changes to the Policy's document
governance, breach management and exception handling, to make it
generally consistent with other ICE Clear Europe policies. The document
owner identified by the Clearing House would be responsible for
ensuring that the Policy remains up-to-date and reviewed in accordance
with the Clearing House's governance processes. Document review would
be conducted by the document owner and related staff, with sign off by
the head of department and the Chief Risk Officer (or their respective
delegates). Document reviews would encompass at the minimum regulatory
compliance, documentation and purpose, implementation, use and open
items from previous validations or reviews. Results of the review would
have to be reported to the Executive Risk Committee or in certain cases
to the Model Oversight Committee. The document owner would also aim to
remediate the findings, complete internal governance and receive
regulatory approvals before the following annual review is due. The
document owner would also be responsible for reporting any material
breaches or deviations to the Head of Department, Chief Risk Officer
and Head of Regulation and Compliance in order to determine if further
escalation is required. The amendments would state explicitly that
changes to the Policy would have to be approved in accordance with the
Clearing House's governance process and would take effect following
completion of required internal and regulatory approvals. Exceptions to
the Policy would also be approved in accordance with the governance
processes for approvals of changes to the Policy.
(b) Statutory Basis
ICE Clear Europe believes that the amendments to the Outsourcing
Policy are consistent with the requirements of Section 17A of the
Securities Exchange Act of 1934 (the ``Act'') \6\ and the regulations
thereunder applicable to it. In particular, Section 17A(b)(3)(F) of the
Act \7\ requires, among other things, that the rules of a clearing
agency be designed to promote the prompt and accurate clearance and
settlement of securities transactions and, to the extent applicable,
derivative agreements, contracts, and transactions, the safeguarding of
securities and funds in the custody or control of the clearing agency
or for which it is responsible, and the protection of investors and the
public interest.
---------------------------------------------------------------------------
\6\ 15 U.S.C. 78q-1.
\7\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
The changes to the Outsourcing Policy are designed to extend
coverage of the existing policy to include third party risk management
more generally, including purchased services as well as outsourced
services. The amendments also add new requirements around risk
assessments, identification of critical functions, operational
resilience, and review of contractual arrangements with service
providers. The amendments further update the Board oversight, document
governance, regulatory engagement, and exception handling. The
amendments would not make changes to the Rules or the rights or
obligations of Clearing Members. In ICE Clear Europe's view, the
amendments to the Policy will thus facilitate management of the risks
related to outsourcing and other third party service arrangements, and
thereby promote the efficient operation and stability of the Clearing
House and the prompt and accurate clearance and settlement of cleared
contracts. The enhanced risk management for third party service
providers is therefore also generally consistent with the protection of
investors and the public interest in the safe operation of the Clearing
House. (ICE Clear Europe would not expect the changes to the Policy to
affect materially the safeguarding of securities and funds in ICE Clear
Europe's custody or control or for which it is responsible.)
Accordingly, the amendments to the Policy satisfy the requirements of
Section 17A(b)(3)(F).\8\
---------------------------------------------------------------------------
\8\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
The amendments to the Outsourcing Policy are also consistent with
relevant provisions of Rule 17Ad-22.\9\ Rule 17Ad-22(e)(3)(i) provides
that ``[e]ach covered clearing agency shall establish, implement,
maintain and enforce written policies and procedures reasonable [sic]
designed to, as applicable [. . .] identify, measure, monitor, and
manage the range of risks that arise in or are borne by the covered
clearing agency''.\10\ The amendments to the Policy are intended to
better document and to enhance the Clearing House's practices that
relate to management of the Clearing House's use of outsourcing and
other third party service providers, as set forth above. The changes to
the Outsourcing Policy aim to extend certain Clearing House risk
management practices to third party services that may not be covered by
existing outsourcing practices. In ICE Clear Europe's view, as set out
above, the amended Policy would facilitate overall risk management with
respect to third party services, consistent with the requirements of
Rule 17Ad-22(e)(3)(i).\11\
---------------------------------------------------------------------------
\9\ 17 CFR 240.17 Ad-22.
\10\ 17 CFR 240.17 Ad-22(e)(3)(i).
\11\ 17 CFR 240.17 Ad-22(e)(3)(i).
---------------------------------------------------------------------------
Rule 17Ad-22(e)(2) provides that ``[e]ach covered clearing agency
shall establish, implement, maintain and enforce written policies and
procedures reasonable [sic] designed to, as applicable [. . .] provide
for governance arrangements that are clear and transparent'' \12\ and
``[s]pecify clear and direct lines of responsibility''.\13\ As
discussed, the amendments to the Policy would update the provisions
relating to Board oversight, including by stating that the Board must
approve new or materially amended outsourcing arrangements. The
amendments would also state more clearly requirements around document
governance, regulatory engagement, and exception handling, generally in
a manner consistent with other ICE Clear Europe policies. The Policy
would describe the responsibilities of the document owner and
appropriate escalation and notification requirements for responding to
exceptions and deviations from the Policy. In ICE Clear Europe's view,
the amendments are therefore consistent with the requirements of Rule
17Ad-22(e)(2).\14\
---------------------------------------------------------------------------
\12\ 17 CFR 240.17 Ad-22(e)(2)(i).
\13\ 17 CFR 240.17 Ad-22(e)(2)(v).
\14\ 17 CFR 240.17 Ad-22(e)(2).
---------------------------------------------------------------------------
(B) Clearing Agency's Statement on Burden on Competition
ICE Clear Europe does not believe the amendments to the Outsourcing
Policy would have any impact, or impose any burden, on competition not
necessary or appropriate in furtherance of the purposes of the Act. The
Policy changes are being adopted to better document and enhance the
Clearing House's
[[Page 49548]]
practices related to risk management of third party service providers,
including purchased services as well as outsourcing. The Policy does
not change the rights or obligations of Clearing Members or the
Clearing House under the Rules or Procedures. Accordingly, ICE Clear
Europe does not believe that adoption of the Policy would adversely
affect competition among Clearing Members, materially affect the costs
of clearing, adversely affect the ability of market participants to
access clearing or the market for clearing services generally, or
otherwise adversely affect competition in clearing services. Therefore,
ICE Clear Europe does not believe the proposed rule change would impose
any burden on competition that is not necessary or appropriate in
furtherance of the purposes of the Act.
(C) Clearing Agency's Statement on Comments on the Proposed Rule Change
Received From Members, Participants or Others
Written comments relating to the proposed amendments have not been
solicited or received by ICE Clear Europe. ICE Clear Europe will notify
the Commission of any written comments received with respect to the
proposed rule change.
III. Date of Effectiveness of the Proposed Rule Change and Timing for
Commission Action
Within 45 days of the date of publication of this notice in the
Federal Register or within such longer period up to 90 days (i) as the
Commission may designate if it finds such longer period to be
appropriate and publishes its reasons for so finding or (ii) as to
which the self-regulatory organization consents, the Commission will:
(A) by order approve or disapprove such proposed rule change, or
(B) institute proceedings to determine whether the proposed rule
change should be disapproved.
IV. Solicitation of Comments
Interested persons are invited to submit written data, views, and
arguments concerning the foregoing, including whether the proposed rule
change, security-based swap submission or advance notice is consistent
with the Act. Comments may be submitted by any of the following
methods:
Electronic Comments
Use the Commission's internet comment form (http://www.sec.gov/rules/sro.shtml) or
Send an email to [email protected]. Please include
File Number SR-ICEEU-2023-018 on the subject line.
Paper Comments
Send paper comments in triplicate to Secretary, Securities
and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number SR-ICEEU-2023-018. This
file number should be included on the subject line if email is used. To
help the Commission process and review your comments more efficiently,
please use only one method. The Commission will post all comments on
the Commission's internet website (http://www.sec.gov/rules/sro.shtml).
Copies of the submission, all subsequent amendments, all written
statements with respect to the proposed rule change that are filed with
the Commission, and all written communications relating to the proposed
rule change between the Commission and any person, other than those
that may be withheld from the public in accordance with the provisions
of 5 U.S.C. 552, will be available for website viewing and printing in
the Commission's Public Reference Room, 100 F Street NE, Washington, DC
20549, on official business days between the hours of 10:00 a.m. and
3:00 p.m. Copies of such filings will also be available for inspection
and copying at the principal office of ICE Clear Europe and on ICE
Clear Europe's website at https://www.theice.com/clear-europe/regulation.
Do not include personal identifiable information in submissions;
you should submit only information that you wish to make available
publicly. We may redact in part or withhold entirely from publication
submitted material that is obscene or subject to copyright protection.
All submissions should refer to File Number SR-ICEEU-2023-018 and
should be submitted on or before August 21, 2023.
For the Commission, by the Division of Trading and Markets,
pursuant to delegated authority.\15\
---------------------------------------------------------------------------
\15\ 17 CFR 200.30-3(a)(12).
---------------------------------------------------------------------------
J. Matthew DeLesDernier,
Deputy Secretary.
[FR Doc. 2023-16118 Filed 7-28-23; 8:45 am]
BILLING CODE 8011-01-P