88 FR 145 pgs. 49545-49548 - Self-Regulatory Organizations; ICE Clear Europe Limited; Notice of Filing of Proposed Rule Change, as Modified by Amendment No. 1 and Partial Amendment No. 2, Relating to Amendments to the Outsourcing Policy
Type: NOTICEVolume: 88Number: 145Pages: 49545 - 49548
Pages: 49545, 49546, 49547, 49548Docket number: [Release No. 34-97974; File No. SR-ICEEU-2023-018]
FR document: [FR Doc. 2023-16118 Filed 7-28-23; 8:45 am]
Agency: Securities and Exchange Commission
Official PDF Version: PDF Version
[top]
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-97974; File No. SR-ICEEU-2023-018]
Self-Regulatory Organizations; ICE Clear Europe Limited; Notice of Filing of Proposed Rule Change, as Modified by Amendment No. 1 and Partial Amendment No. 2, Relating to Amendments to the Outsourcing Policy
July 25, 2023.
Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934, 1 and Rule 19b-4 thereunder, 2 notice is hereby given that on July 10, 2023, ICE Clear Europe Limited ("ICE Clear Europe" or the "Clearing House") filed with the Securities and Exchange Commission ("Commission") the proposed rule changes described in Items I, II and III below, which Items have been primarily prepared by ICE Clear Europe. On July 11, 2023, ICE Clear Europe filed Amendment No. 1 to the proposed rule change to make certain changes to the Form 19b-4 and Exhibit 1A for file no. SR-ICEEU-2023-018. 3 On July 24, 2023, ICE Clear Europe filed Partial Amendment No. 2 to the proposed rule change to make a certain change to Exhibit 5 of file no. SR-ICEEU-2023-018. 4 The Commission is publishing this notice to solicit comments on the proposed rule change, as modified by Amendment No. 1 and Partial Amendment No. 2 (hereafter, "the proposed rule change"), from interested persons.
Footnotes:
1 ?15 U.S.C. 78s(b)(1).
2 ?17 CFR 240.19b-4.
3 ?Amendment No. 1 amends and restates in its entirety the Form 19b-4 and Exhibit 1A to correct the narrative description of the proposed rule change. Amendment No. 1 did not change the purpose or basis of the proposed rule change.
4 ?Partial Amendment No. 2 amends and restated in its entirety Exhibit 5 to correct an inadvertent omission of a single word. Partial Amendment No. 2 did not change the purpose or basis of the proposed rule change.
I. Clearing Agency's Statement of the Terms of Substance of the Proposed Rule Change
ICE Clear Europe Limited ("ICE Clear Europe" or the "Clearing House") is proposing to amend its Outsourcing Policy (to be renamed the Outsourcing and Third Party Risk Management Policy) (the "Outsourcing Policy" or "Policy"). 5 The amendments would broaden the coverage of the Policy to address third party service provider arrangements that may not technically constitute outsourcing, to enhance third party risk management, to add the execution of risk assessments and to update the Document Governance and Exception Handling language, among other changes discussed herein.
Footnotes:
5 ?Capitalized terms used but not defined herein have the meanings specified in the ICE Clear Europe Clearing Rules and the Outsourcing Policy.
II. Clearing Agency's Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change
In its filing with the Commission, ICE Clear Europe included statements concerning the purpose of and basis for the proposed rule change and discussed any comments it received on the proposed rule change. The text of these statements may be examined at the places specified in Item IV below. ICE Clear Europe has prepared summaries, set forth in sections (A), (B), and (C) below, of the most significant aspects of such statements.
(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis for, the Proposed Rule Change
(a) Purpose
ICE Clear Europe is proposing to amend its Outsourcing Policy (to be renamed the Outsourcing and Third Party Risk Management Policy) to extend coverage of the policy to include risk management of third party arrangements that may not constitute outsourcing. The purpose of the Policy would reflect this change by clarifying that the Policy would generally extend to arrangements in which services are provided by third parties to the Clearing House, whether or not such services are considered outsourcing, including to assessing the risks of such services.
[top] The Outsourcing Policy would clarify its definition of outsourcing in the introduction section to be the use of third party service providers (which could be an external party or an affiliate), either directly or through sub-outsourcing, to provide a service that would otherwise be performed by ICE Clear Europe itself and is therefore subject to the Board's oversight. The amendment would further clarify that the Clearing House would remain responsible for discharging its obligations with respect to the outsourced activities, the outsourcing arrangement would not result in the
The amendments would also clarify the distinction between external third party providers of services and affiliated providers. The Policy would add a definition for third party, which would cover any organization (whether or not affiliated) that has entered into a relationship or contract with the Clearing House to provide products, services, processes, activities or business functions. Use of external third parties ( i.e., those not affiliated with the Clearing House) would be managed consistently at the group level through the existing Vendor Management Policy ("VMP"). It would further clarify that outsourcing through the Clearing House's affiliates presents a lower residual risk profile because, among listed reasons in the existing Policy, the affiliates would have a similar higher standard of operational resilience generally (as opposed to referring only to business continuity) and the Clearing House would also have greater influence (as well as control) over the operation of the affiliate's services. These amendments are intended to more clearly describe current practice under the existing Policy.
The amendments would revise statements in the existing Policy relating to objectives, assessments of service providers in various situations (including regulated parties and parties in different jurisdictions), management of outsourcing, conflicts of interest and audit to also extend to other third party service arrangements. The amendments would reference the Clearing House's outsourcing operating manual (renamed to reflect the broader goal of third party risk management as well of outsourcing). As so revised, the Policy would state that contracting with third parties is covered consistently at a group level under the VMP. The amendments would clarify, consistent with current practice, that ICE Clear Europe would use the VMP process as an input for the risk-based assessment of each service provider. The amendments would also provide that the Clearing House would make the third parties aware of relevant internal policies to gain a better understanding of the obligations and services expected. For contracting with affiliates, the amendments would clarify that the relevant assessment would be made by ICE Clear Europe, in accordance with its ordinary governance practices (and not necessarily by the senior management). The revised Policy would state that ICE Clear Europe would follow its Conflicts of Interest Policy when managing any potential conflicts of interests as a result of its service arrangements. (This reflects current practice but would add an appropriate reference in the Policy to the Conflicts of Interest Policy.) With respect to cloud outsourcing, the amendments would add that ICE Clear Europe would consider any risks related to the Clearing Members connecting to the Clearing House through cloud service providers.
The Policy would also include a new Risk Assessments section that would set out the proportional risk assessment that would be performed on a service provider in order to identify, measure and mitigate risks. The section would include certain considerations (although not limited to those listed) that include whether the service is a critical or important function or a dependence to the delivery of one of ICE Clear Europe's services, whether the activity is outsourcing, whether the service relies on cloud-based technology that may pose new or additional risks, whether the service provider is an external third party or an affiliate, the legal jurisdiction of the service provider, conflicts of interest, operational resilience considerations, data security, exit plans, contractual terms, and availability of alternative or back-up providers, among others. For outsourced or critical non-outsourced services, this assessment would be performed at least annually and on an ad-hoc basis following a material incident or service disruption event or material service agreement breach. This would include comparing the performance of the service provider against the agreed service levels. The responsibilities of risk assessments and related testing would be overseen by the Clearing House's Chief Operating Officer or delegate, with ownership of each service and the related resiliency arrangements resting with the relevant Head of Department.
The amendments would clarify and expand certain provisions relating to identification of critical or important functions, including to extend the existing provisions to apply to acquired services generally and not only outsourcing. In identifying critical or important functions the amendments would add that the Clearing House would consider continuity of ICE Clear Europe's important business services or operation as a CCP that could in turn threaten the Clearing House's financial stability or impact its resolvability. A third party would be treated as critical if it is contracted to perform such a critical function. Criticality would be reassessed on at least an annual basis.
The revised Policy would also acknowledge that any outsourcing of critical or important functions could have an effect on the operational resilience measures of the Clearing House more generally (and not merely the narrower category of business continuity). The revised Policy further clarifies that exit plans for critical and important functions would be periodically tested. As part of its operational resilience framework, the Clearing House would examine purchased services as well as outsourced or sub-outsourced services that are a dependence for the Clearing House's important business services. In addition, the operational resilience framework would include extreme but plausible test scenarios resulting from the disruption of critical third party services.
[top] The Policy would also make various amendments to the discussion of additional important considerations for the Clearing House to ensure that considerations would be given to important business services and critical functions that are affected by third party service arrangements, including with respect to business continuity arrangements, incident management responsiveness and reporting, independent assurances, redundancies, notice periods and exit strategies. The amendments would add a new section on Contractual Agreements. The section would add that for outsourcing arrangements in particular, the Clearing House's legal team would review any written service agreements to confirm the inclusion of all relevant contractual safeguards so that ICE Clear Europe could monitor relevant risks, regulatory requirements and expectations. The aim would be for the agreements to outline the rights, obligations, and responsibilities of all the parties, and include provisions associated with data security, access, audit and information rights, sub-outsourcing, service resilience, service levels, incident management, termination and exit plans. Arrangements for purchased services should be similarly reviewed, but the Policy would acknowledge that some purchased services may be subject to non-negotiable terms set by the third party. This situation would be considered during the pre-execution risk assessment phase. The Outsourcing
Provisions relating to Board oversight would be revised to provide that the Board must approve new or materially amended outsourcing arrangements. Certain clarifications would be made to the requirements for the annual outsourcing assessment report to be prepared by the Chief Operating Officer, including the addition of a summary of critical non-outsourcing services received. A new provision would be added setting out that ICE Clear Europe will engage with regulatory authorities before executing or materially amending a critical service arrangement with regard to the relevant regulatory requirements or expectations.
Finally, the amendments would make changes to the Policy's document governance, breach management and exception handling, to make it generally consistent with other ICE Clear Europe policies. The document owner identified by the Clearing House would be responsible for ensuring that the Policy remains up-to-date and reviewed in accordance with the Clearing House's governance processes. Document review would be conducted by the document owner and related staff, with sign off by the head of department and the Chief Risk Officer (or their respective delegates). Document reviews would encompass at the minimum regulatory compliance, documentation and purpose, implementation, use and open items from previous validations or reviews. Results of the review would have to be reported to the Executive Risk Committee or in certain cases to the Model Oversight Committee. The document owner would also aim to remediate the findings, complete internal governance and receive regulatory approvals before the following annual review is due. The document owner would also be responsible for reporting any material breaches or deviations to the Head of Department, Chief Risk Officer and Head of Regulation and Compliance in order to determine if further escalation is required. The amendments would state explicitly that changes to the Policy would have to be approved in accordance with the Clearing House's governance process and would take effect following completion of required internal and regulatory approvals. Exceptions to the Policy would also be approved in accordance with the governance processes for approvals of changes to the Policy.
(b) Statutory Basis
ICE Clear Europe believes that the amendments to the Outsourcing Policy are consistent with the requirements of Section 17A of the Securities Exchange Act of 1934 (the "Act")? 6 and the regulations thereunder applicable to it. In particular, Section 17A(b)(3)(F) of the Act? 7 requires, among other things, that the rules of a clearing agency be designed to promote the prompt and accurate clearance and settlement of securities transactions and, to the extent applicable, derivative agreements, contracts, and transactions, the safeguarding of securities and funds in the custody or control of the clearing agency or for which it is responsible, and the protection of investors and the public interest.
Footnotes:
6 ?15 U.S.C. 78q-1.
7 ?15 U.S.C. 78q-1(b)(3)(F).
The changes to the Outsourcing Policy are designed to extend coverage of the existing policy to include third party risk management more generally, including purchased services as well as outsourced services. The amendments also add new requirements around risk assessments, identification of critical functions, operational resilience, and review of contractual arrangements with service providers. The amendments further update the Board oversight, document governance, regulatory engagement, and exception handling. The amendments would not make changes to the Rules or the rights or obligations of Clearing Members. In ICE Clear Europe's view, the amendments to the Policy will thus facilitate management of the risks related to outsourcing and other third party service arrangements, and thereby promote the efficient operation and stability of the Clearing House and the prompt and accurate clearance and settlement of cleared contracts. The enhanced risk management for third party service providers is therefore also generally consistent with the protection of investors and the public interest in the safe operation of the Clearing House. (ICE Clear Europe would not expect the changes to the Policy to affect materially the safeguarding of securities and funds in ICE Clear Europe's custody or control or for which it is responsible.) Accordingly, the amendments to the Policy satisfy the requirements of Section 17A(b)(3)(F). 8
Footnotes:
8 ?15 U.S.C. 78q-1(b)(3)(F).
The amendments to the Outsourcing Policy are also consistent with relevant provisions of Rule 17Ad-22. 9 Rule 17Ad-22(e)(3)(i) provides that "[e]ach covered clearing agency shall establish, implement, maintain and enforce written policies and procedures reasonable [sic] designed to, as applicable [. . .] identify, measure, monitor, and manage the range of risks that arise in or are borne by the covered clearing agency". 10 The amendments to the Policy are intended to better document and to enhance the Clearing House's practices that relate to management of the Clearing House's use of outsourcing and other third party service providers, as set forth above. The changes to the Outsourcing Policy aim to extend certain Clearing House risk management practices to third party services that may not be covered by existing outsourcing practices. In ICE Clear Europe's view, as set out above, the amended Policy would facilitate overall risk management with respect to third party services, consistent with the requirements of Rule 17Ad-22(e)(3)(i). 11
Footnotes:
9 ?17 CFR 240.17 Ad-22.
10 ?17 CFR 240.17 Ad-22(e)(3)(i).
11 ?17 CFR 240.17 Ad-22(e)(3)(i).
Rule 17Ad-22(e)(2) provides that "[e]ach covered clearing agency shall establish, implement, maintain and enforce written policies and procedures reasonable [sic] designed to, as applicable [. . .] provide for governance arrangements that are clear and transparent"? 12 and "[s]pecify clear and direct lines of responsibility". 13 As discussed, the amendments to the Policy would update the provisions relating to Board oversight, including by stating that the Board must approve new or materially amended outsourcing arrangements. The amendments would also state more clearly requirements around document governance, regulatory engagement, and exception handling, generally in a manner consistent with other ICE Clear Europe policies. The Policy would describe the responsibilities of the document owner and appropriate escalation and notification requirements for responding to exceptions and deviations from the Policy. In ICE Clear Europe's view, the amendments are therefore consistent with the requirements of Rule 17Ad-22(e)(2). 14
Footnotes:
12 ?17 CFR 240.17 Ad-22(e)(2)(i).
13 ?17 CFR 240.17 Ad-22(e)(2)(v).
14 ?17 CFR 240.17 Ad-22(e)(2).
(B) Clearing Agency's Statement on Burden on Competition
[top] ICE Clear Europe does not believe the amendments to the Outsourcing Policy would have any impact, or impose any burden, on competition not necessary or appropriate in furtherance of the purposes of the Act. The Policy changes are being adopted to better document and enhance the Clearing House's
(C) Clearing Agency's Statement on Comments on the Proposed Rule Change Received From Members, Participants or Others
Written comments relating to the proposed amendments have not been solicited or received by ICE Clear Europe. ICE Clear Europe will notify the Commission of any written comments received with respect to the proposed rule change.
III. Date of Effectiveness of the Proposed Rule Change and Timing for Commission Action
Within 45 days of the date of publication of this notice in the Federal Register or within such longer period up to 90 days (i) as the Commission may designate if it finds such longer period to be appropriate and publishes its reasons for so finding or (ii) as to which the self-regulatory organization consents, the Commission will:
(A) by order approve or disapprove such proposed rule change, or
(B) institute proceedings to determine whether the proposed rule change should be disapproved.
IV. Solicitation of Comments
Interested persons are invited to submit written data, views, and arguments concerning the foregoing, including whether the proposed rule change, security-based swap submission or advance notice is consistent with the Act. Comments may be submitted by any of the following methods:
Electronic Comments
• Use the Commission's internet comment form ( http://www.sec.gov/rules/sro.shtml ) or
• Send an email to rule-comments@sec.gov. Please include File Number SR-ICEEU-2023-018 on the subject line.
Paper Comments
• Send paper comments in triplicate to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.
All submissions should refer to File Number SR-ICEEU-2023-018. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission's internet website ( http://www.sec.gov/rules/sro.shtml ). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission's Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of such filings will also be available for inspection and copying at the principal office of ICE Clear Europe and on ICE Clear Europe's website at https://www.theice.com/clear-europe/regulation.
Do not include personal identifiable information in submissions; you should submit only information that you wish to make available publicly. We may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection. All submissions should refer to File Number SR-ICEEU-2023-018 and should be submitted on or before August 21, 2023.
For the Commission, by the Division of Trading and Markets, pursuant to delegated authority. 15
Footnotes:
15 ?17 CFR 200.30-3(a)(12).
J. Matthew DeLesDernier,
Deputy Secretary.
[FR Doc. 2023-16118 Filed 7-28-23; 8:45 am]
BILLING CODE 8011-01-P