2024-29037. Self-Regulatory Organizations; ICE Clear Credit LLC; Order Granting Accelerated Approval of Proposed Rule Change Relating to the ICC Operational Risk Management Framework

Document Headings

Document headings vary by document type but may contain the following:

the agency or agencies that issued and signed a document

the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to

the agency docket number / agency internal file number

the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions

See the Document Drafting Handbook for more details.
Securities and Exchange Commission

[Release No. 34-101819; File No. SR-ICC-2024-011]
December 5, 2024.
I. Introduction

On November 13, 2024, ICE Clear Credit LLC (“ICC”) filed with the Securities and Exchange Commission (the “Commission”), pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (the “Act”) ^[1] and Rule 19b-4 thereunder,^[2] a proposed rule change (hereafter, “Proposed Rule Change”) to revise the Operational Risk Management Framework (“ORMF”). The Proposed Rule Change was published for comment in the Federal Register on November 19, 2024.^[3] The Commission has not received comments regarding the Proposed Rule Change. For the reasons discussed below, the Commission is approving the Proposed Rule Change on an accelerated basis.

II. Description of the Proposed Rule Change

ICC is registered with the Commission as a clearing agency for the purpose of clearing Credit Default Swap (“CDS”) contracts.^[4] In its role as a CDS clearing agency, ICC faces operational risks stemming from the breakdown of systems and processes that that would impair ICC's ability to complete settlements or ICC's internal business operations. The ORMF outlines ICC's risk assessment and oversight program, which aims to address such operational risks, including by reducing operational incidents, encouraging process and control improvement, bringing transparency to operational performance standard monitoring, and fulfilling regulatory obligations. The ORMF also explains how ICC vets and manages service agreements with providers covering various aspects of ICC's operations. According to ICC, one of the purposes of the Proposed Rule Change ( print page 99950) is to align the ORMF with the requirements of Rule 17Ad-25(i) under the Act,^[5] primarily by adding to the ORMF details about ICC's relationships with service providers.^[6] Further changes in the ORMF would be included to more clearly describe ICC's risk mitigation process and technology control functions, among other revisions.

A. Management of Risks From Service Providers for Core Services

The Proposed Rule Change would amend the ORMF primarily by adding new Section II.B., titled “Management of Risks from Relationships with Service Providers for Core Services,” which would describe ICC's vetting and management processes regarding any service provider for critical services (“SPCS”).^[7] The new section would require ICC's senior management to:

(1) Evaluate and document the risks related to an agreement with a SPCS, including under changes to circumstances and potential disruptions, and whether the risks can be managed in a manner consistent with the ORMF;

(2) Submit to the ICC Board of Managers (“Board”) for review and approval any agreement that would establish a relationship with a SPCS, along with the above-mentioned risk evaluation;

(3) Be responsible for establishing the policies and procedures that govern relationships and manage risks related to such agreements with a SPCS (while the Board would be required to be responsible for reviewing and approving such policies and procedures); and

(4) Perform ongoing monitoring of the relationship, and report to the Board for its evaluation of any action taken by senior management to remedy significant deterioration in performance or address changing risks or material issues identified through such monitoring; or if the risks or issues cannot be remedied, to assess and document weaknesses or deficiencies in the relationship with the service provider for submission to the Board.

The Proposed Rule Change would introduce a two-pronged assessment approach when identifying and managing ICC's relationships with a SPCS, differentiating between internal and external service providers.

Under the first prong, ICC would conduct an assessment of internal service providers. Currently, ICC engages only one internal service provider: ICC's parent company, Intercontinental Exchange, Inc. (“ICE”).^[8] ICE is a SPCS because, pursuant to written service agreements, it provides core services to ICC that directly support the delivery of clearance and settlement functionality or other purposes material to ICC's business as a registered clearing agency. ICE provides business services such as staffing, finance, and accounting pursuant to a Master Services Agreement between ICC and ICE, and provides clearing and settlement-specific services to ICC pursuant to a Clearing Settlement Services Agreement (“CSSA”). The CSSA specifies that ICE provides clearing and settlement services pursuant to certain of ICE's “Key Policies.” ^[9] Each Key Policy sets forth its purpose and is applicable to all ICE and ICC employees impacted by such policy. Further, the CSSA provides for a governance structure (set forth in more detail in ICE's Technology Planning and Governance Policy) whereby the Key Policies may only be amended by ICE's Operational Oversight Committee (“OOC”) which includes representatives of both ICE and ICC. The OOC acts as the forum to discuss changes and improvements to the services provided to ICC by ICE. Further, changes to any Key Policy may not take effect until they have been approved by the OOC and any material proposed changes to the Key Policies are subject to a veto by ICC.

Under the second prong, ICC would conduct an assessment of external service providers, utilizing ICC's External Service Provider Assessment process. This process would be outlined in Section II.C. of the ORMF and in ICE's Third Party Risk Management (“TPRM”) program, which is applicable to ICC as a subsidiary of ICE. Further, with respect to ICC's Financial Service Providers ^[10] that are identified as SPCSs, ICC utilizes its Counterparty Monitoring Procedures. ICC's External Service Provider Assessment process is supplemental to ICE's TPRM program, which applies to external vendors and suppliers, service providers, and contractors/consultants of ICE and its subsidiaries, including ICC. The TPRM program establishes a comprehensive and structured approach for assessing, managing, monitoring, and governance of third-party risks at ICE and its subsidiaries, including ICC. It requires an assessment of operations and resiliency through, among other things, completion of initial on-boarding assessments of the third party's viability and capability to meet expected deliverables, business objectives, and compliance with contractual obligations, followed by ongoing monitoring.

The Proposed Rule Change would update vocabulary around and clarify the description of ICC's external service provider assessments in newly renumbered Section II.C of the ORMF. As proposed, this section would no longer refer to “critical vendors,” ^[11] but would instead use the term “external SPCS” to align the ORMF with Rule 17Ad-25 under the Exchange Act, which uses and defines the term “service provider for core services.” ^[12] Currently, Section II.C provides that external service providers are reviewed and evaluated for re-approval based on ICC's current risk ranking system, which is based on “tiers.” Under the Proposed Rule Change, Section II.C. would no longer describe the re-approval process for such external service providers with a “risk ranking” system based on “tiers” but would instead use a system of “risk ratings.” Despite the terminology change, the basic review methodology would not. Under the Proposed Rule Change, ICC would still assign the risk rating based on a schedule of risk assessments divided into low, moderate, and high risks, that considers the risk direction for strategic, reputational, compliance, legal and operational risk ( print page 99951) presented by the external service provider, in the same way that ICC currently assigns risk rankings.

Thus, when assessing an external SPCS, ICC would continue to analyze and manage risks posed by such external service providers, including strategic, reputational, compliance, legal, and operational risk, in the same manner as under the current ORMF. Similarly, ICC would use existing concepts when performing assessments of an external SPCS. As noted above, ICC is replacing the term “critical vendor” with the term “external SPCS.” ICC also is replacing the term “core processes” with the term “CDS core clearing services.” Currently, a critical vendor is any third party service provider which is deemed essential to complete ICC's core processes, which include acceptance of new trades, management of positions, production of risk and banking reports, and the movement of funds. The definition of external SPCS would include external service providers for core services, including CDS core clearing services, which would continue to include acceptance of new trades, management of positions, production of risk and banking reports, and the movement of funds.

Similarly, risk assessments are and would continue to be completed as part of the initial onboarding process, as well as periodically. Section II.C. would clarify that ICC's assessment of an external SPCS would be in addition to ICE's TPRM program, which applies to any external vendor or supplier, service provider, and contractors and consultants utilized by ICE or its subsidiaries, including ICC. Although ICC's Business Continuity Planning and Disaster Recovery programs Oversight Committee (“BDOC”) will continue to be the body performing these assessments, proposed Section II.C. would eliminate the current bullet point list of items that may be included in the risk assessments ^[13] and replace it with the requirement to “evaluate and document the risks related to an agreement with the external SPCS, including under changes to circumstances and potential disruptions, and whether the risks can be managed in a manner consistent with the ORMF,” thus mirroring the language found in Rule 17Ad-25(i)(1) under the Act.^[14] Although the BDOC will continue to review and recommend approval of the inventory of ICC external SPCSs and to assign risk ratings to the risk assessments in order to determine the frequency of ongoing risk assessment reviews, Section II.C. would be updated to state that the risk ratings will take into consideration ICC's plan to complete core processing if the service is unavailable. Additionally, Section II.C. would state explicitly that the BDOC reviews and recommends that the ICC Compliance Committee (“Compliance Committee”) approve the inventory of ICC external SPCS.^[15]

B. Further Changes to the ORMF

In addition to the above-described changes, which primarily address consistency with Rule 17Ad-25(i) under the Act,^[16] the Proposed Rule Change would:
- amend the `Introduction' section of the ORMF to provide uniform abbreviations to existing defined terms, which ICC believes will enhance the clarity and readability of the ORMF; ^[17]
- amend terms within the `Operational Risk Lifecycle' chart of Section I of the ORMF to ensure that it accurately reflects the description of the operational life cycle narrative and correct typographical errors; and
- revise Section II., `Operational Risk Focus Areas,' to update ICC's reference to certain functions performed by ICE, remove references to such functions being “outsourced,” and instead note that the functions are described in the ORMF and performed pursuant to services agreements between ICC and ICE.
The Proposed Rule Change would amend Section II.A., `Business Continuity Planning and Disaster Recovery,' to more clearly describe the steps in the collaboration process with respect to the business impact analysis (“BIA”) process. The proposed changes would reorder and restate the steps for completing BIA surveys used in creating test plans. Currently, the ORMF states that ICC ensures that it can recover from a wide-scale disruption and collaborates with each department to complete BIA surveys—specifically to ensure that each critical business unit:
- Defines the Mission Critical Tasks (“MCT”) to be performed;
- Creates test plans to ensure recovery staff are properly trained;
- Performs periodic tests to validate recovery staff's ability to perform MCT; and
- Reports the results of testing to document successes, and detail corrective actions.
As proposed, the first two bullet points would be deleted and replaced with:
- Identifies ICC business processes, as well as the associated criticality of these business process, by performing the BIA; [and]
- Creates Business Continuity Plans (BCPs) for those processes identified in the BIA.
The third and fourth bullet points would remain the same, except the third bullet point would specify that the periodic tests would be those of BCPs and that, since the MCT acronym would no longer apply, a reference would be made to mission critical tests.^[18]

The Proposed Rule Change also would revise Section II.F. of the ORMF (previously Section II.E.), `Technology Control Functions,' specifically to more accurately reflect the ICC Technology Department's responsibilities. Section II.F would be updated to specify that the ICC Technology Department is responsible for end-to-end design, development, testing, deployment, maintenance and day-to-day operations of all enterprise software systems needed for ICC core functions. Currently, the ORMF describes the Technology Department's responsibilities as risk analysis and oversight of systems operations, systems development/quality assurance and capacity/performance planning. The ORMF would be revised to state that ICC's Technology Department is responsible for end-to-end design, development, testing, deployment, maintenance, and day-to-day operations of enterprise software systems needed for ICC core functions of CDS clearing. In addition, the Proposed Rule Change would update an outdated reference to ICC's Credit Technology Delivery Method (“CTDM”), which is a separate policy from the ORMF. Currently the ORMF references the ICC Project Delivery Policy, which is the former title of the CTDM. Those references would be updated to refer to the CTDM instead. Similarly, in connection with a ( print page 99952) discussion of how technology releases are assessed, the Proposed Rule Change would replace a current reference to the ICC technology director with a reference to the ICC Technology leadership team. This change would more accurately reflect that technology releases are assessed by the entire ICC Technology leadership team, not just the ICC technology director.

Next, the Proposed Rule Change would amend Appendix 1 of the ORMF to include the titles of the relevant regulatory requirements while removing the existing summaries of such regulations. ICC indicated that the purpose of this change is to streamline the reference process to provide the reader with a more direct reference to all the applicable regulations and avoid the need to review and update summaries of applicable regulations as they are amended from time to time.^[19]

Lastly, the Proposed Rule Change would update the `Revision History' section of the ORMF to reflect the proposed changes described above, as well as to formalize a series of non-material updates previously made to the ORMF that were the output of the annual review of the ORMF conducted by the Compliance Committee, and that were reviewed and approved by the Board in 2021, 2022, and 2023.^[20]

III. Discussion

Section 19(b)(2)(C) of the Act directs the Commission to approve a proposed rule change of a self-regulatory organization if it finds that the Proposed Rule Change is consistent with the requirements of the Act and the rules and regulations thereunder applicable to such organization.^[21] Under the Commission's Rules of Practice, the “burden to demonstrate that a proposed rule change is consistent with the Act and the rules and regulations issued thereunder . . . is on the self-regulatory organization [`SRO'] that proposed the rule change.” ^[22]

The description of a proposed rule change, its purpose and operation, its effect, and a legal analysis of its consistency with applicable requirements must all be sufficiently detailed and specific to support an affirmative Commission finding,^[23] and any failure of an SRO to provide this information may result in the Commission not having a sufficient basis to make an affirmative finding that a proposed rule change is consistent with the Act and the applicable rules and regulations.^[24] Moreover, “unquestioning reliance” on an SRO's representations in a proposed rule change is not sufficient to justify Commission approval of a proposed rule change.^[25]

After carefully considering the Proposed Rule Change, the Commission finds that the Proposed Rule Change is consistent with the requirements of the Act and the rules and regulations thereunder applicable to ICC. More specifically, for the reasons discussed below, the proposed rule change is consistent with Section 17A(b)(3)(F) of the Act ^[26] and Rules 17Ad-25(i),^[27] 17Ad-22(e)(17)(i),^[28] and 17Ad-22(e)(2)(i) and (v) ^[29] thereunder.

A. Consistency With Section 17A(b)(3)(F) of the Act

Section 17A(b)(3)(F) of the Act requires, among other things, that the rules of ICC be designed to promote the prompt and accurate clearance and settlement of securities transactions and, to the extent applicable, derivative agreements, contracts, and transactions.^[30] Based on a review of the record, and for the reasons discussed below, the proposed changes to the ORMF are consistent with the promotion of the prompt and accurate clearance and settlement of transactions at ICC.

Newly added Section II.B. of the ORMF—addressing ICC's management of risks from relationships with SPCS—and updated and renumbered Section II.C. of the ORMF—titled `External Service Provider Assessments'—help facilitate ICC's ability to manage its relationships with SPCS and the inherent risks these relationships encompass. For instance, as discussed above, the Proposed Rule Change would add Section II.B. to the ORMF, which would specify the requirements and procedures for ICC to manage the risks arising from ICC's relationships with SPCS. Such requirements and procedures would include, among other things, evaluating and documenting risks associated with a SPCS, submitting a risk evaluation to the ICC Board related to a relationship with a SPCS, establishing policies and procedures governing the relationship and risk-management of a SPCS relationship, and performing ongoing monitoring of a SPCS relationship for purposes of identifying and remediating changing risks.^[31] Together, Sections II.B. and II.C. of the ORMF also would provide greater clarity around the approval and maintenance of ICC's relationships with SPCS that are contractually obligated not only to supply services material to running ICC's business, such as staffing, finance, and accounting, but also to support ICC's clearance and settlement functionality. By promoting ICC's ability to manage relationships with SPCS, both internal and external, the Proposed Rule Change is thereby designed to promote ICC's capabilities in promptly and accurately clearing and settling securities transactions, and, to the extent applicable, derivative agreements, contracts, and transactions.

For the reasons stated above, the Commission finds that the Proposed Rule Change is consistent with Section 17A(b)(3)(F) of the Act.^[32]

B. Consistency With Rule 17Ad-25(i) Under the Act

Rule 17Ad-25(i) requires each covered clearing agency to establish, implement, maintain, and enforce written policies and procedures reasonably designed to (1) require senior management to evaluate and document the risks related to an agreement with a service provider for core services, including under changes to circumstances and potential disruptions, and whether the risks can be managed in a manner consistent with the clearing agency's risk management framework; (2) require senior management to submit to the board of directors for review and approval any agreement that would establish a relationship with a service provider for core services, along with such risk evaluation; (3) require senior management to be responsible for establishing the policies and procedures that govern relationships and manage ( print page 99953) risks related to such agreements with service providers for core services and require the board of directors to be responsible for reviewing and approving such policies and procedures; and (4) require senior management to perform ongoing monitoring of the relationship, and report to the board of directors for its evaluation of any action taken by senior management to remedy significant deterioration in performance or address changing risks or material issues identified through such monitoring; or if the risks or issues cannot be remedied, require senior management to assess and document weaknesses or deficiencies in the relationship with the service provider for submission to the board of directors.^[33] In adopting Rule 17Ad-25(i), the Commission stated that the final rule would more clearly delineate the roles of senior management and the board so as not to require the board to undertake responsibilities reserved for senior management.^[34]

As described above, the Proposed Rule Change would help ensure that the ORMF codifies and implements policies and procedures designed to ensure that ICC appropriately manages relevant risks that arise from ICC's relationships with SPCS, including by increasing ORMF users' awareness of those risks, and ensuring that ICC identifies, assesses, measures, monitors, mitigates, and reports those risks. The ORMF also delineates the responsibilities between senior management and the Board regarding these risks. Specifically, the ORMF specifies that senior management provides the Board with information pertaining to relationships with SPCS, any relevant risk evaluations, and management's efforts to monitor, assess, document, and remedy risks associated with these relationships.

For these reasons, the Commission finds the Proposed Rule Change is consistent with Rule 17Ad-25(i).^[35]

C. Consistency With Rule 17Ad-22(e)(17)(i) Under the Act

Rule 17Ad-22(e)(17)(i) requires each covered clearing agency to establish, implement, maintain and enforce written policies and procedures reasonably designed to manage its operational risks by identifying the plausible sources of operational risk, both internal and external, and mitigating their impact through the use of appropriate systems, policies, procedures, and controls.^[36]

As described above, the Proposed Rule Change would update the ORMF to provide additional and current details regarding ICC's management of SPCS and assure that both ICC's relationships with SPCS and the risks associated with those relationships are continuously being monitored. The processes specified in the ORMF are intended to enhance ICC's ability to identify relevant internal and external sources of operational risk. As such, the Proposed Rule Change will define processes and controls that will facilitate ICC's ability to mitigate the impact of such risks through the use of appropriate systems, policies, procedures, and controls, consistent with the requirements of Rule 17Ad-22(e)(17)(i).^[37]

For the reasons stated above, the Commission finds the Proposed Rule Change is consistent with Rule 17Ad-22(e)(17)(i).^[38]

D. Consistency With Rule 17Ad-22(e)(2)(i) and (v) Under the Act

Rule 17Ad-22(e)(2)(i) and (v) requires each covered clearing agency to establish, implement, maintain and enforce written policies and procedures reasonably designed to provide for governance arrangements that are clear and transparent, and specify clear and direct lines of responsibility.^[39]

As described above, by adding new Section II.B. to the ORMF, the Proposed Rule Change would codify the responsibilities of ICC's management and the Board when managing risks arising from ICC's relationships with SPCS. The proposed changes also would update the ORMF to clarify the description of the Compliance Committee and ERM responsibilities, and the general updates described in Section II.B. above, would help ensure that the ORMF is accurate and current. Taken together, these revisions to the ORMF will help ICC maintain clear and transparent governance arrangements and specify clear and direct lines of responsibility, which in turn will help improve the accuracy and transparency of ICC's governance arrangements and improve the clarity of the lines of responsibility.

For these reasons, the Commission finds the Proposed Rule Change is consistent with Rule 17Ad-22(e)(2)(i) and (v).^[40]

IV. Accelerated Approval of the Proposed Rule Change

Under Section 19(b)(2) of the Act,^[41] the Commission may approve a proposed rule change prior to the 30th day after the date of publication of notice of filing of the proposed rule change in the Federal Register if the Commission finds good cause for doing so.

The Commission finds good cause, pursuant to Section 19(b)(2) of the Exchange Act,^[42] to approve the Proposed Rule Change prior to the 30th day after the date of publication of notice of filing of the Proposed Rule Change in the Federal Register . Rule 17Ad-25(i) requires, among other things, that covered clearing agencies establish, implement, maintain, and enforce written policies and procedures reasonably designed to require that senior management (i) evaluate and document the risks related to an agreement with a SPCS; (ii) submit to the board of directors for review and approval any agreement that would establish a relationship with a SPCS (iii) be responsible for establishing the policies and procedures that govern relationships and manage risks related to such agreements with SPCS; and (iv) perform ongoing monitoring of the relationship, and report to the board of directors for its evaluation of any action taken by senior management to remedy significant deterioration in performance or address changing risks or material issues identified through such monitoring.^[43] The proposed rule change would establish ICC's process for vetting and managing its relationships with SPCS, with specific processes for internal and external SPCS, consistent with Rule 17Ad-25(i).^[44] Based on the foregoing, and as discussed above, the Proposed Rule Change is consistent with the requirements of Rule 17Ad-25(i) under the Act.^[45]

The compliance date for Rule 17Ad-25(i) generally is December 5, 2024.^[46] Approving the Proposed Rule Change on an accelerated basis will allow ICC to establish its process for vetting and managing its relationships with SPCS by this compliance date. Accordingly, the Commission finds good cause to ( print page 99954) approve the Proposed Rule Change on an accelerated basis prior to the 30th day after the date of publication of notice of filing of the Proposed Rule Change in the Federal Register , pursuant to Section 19(b)(2) of the Exchange Act.^[47]

V. Conclusion

On the basis of the foregoing, the Commission finds that the proposed rule change is consistent with the requirements of the Act, and in particular, with the requirements of Section 17A(b)(3)(F) of the Act ^[48] and Rules 17Ad-25(i),^[49] 17Ad-22(e)(17)(i),^[50] and 17Ad-22(e)(2)(i) and (v) ^[51] thereunder.

It is therefore ordered pursuant to Section 19(b)(2) of the Act ^[52] that the Proposed Rule Change (SR-ICC-2024-011), be, and hereby is, approved, on an accelerated basis.^[53]

For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.^[54]

Sherry R. Haywood,

Assistant Secretary.
Footnotes
1. 15 U.S.C. 78s(b)(1).
Back to Citation

2. 17 CFR 240.19b-4.
Back to Citation

3. Self-Regulatory Organizations; ICE Clear Credit LLC; Notice of Filing of Proposed Rule Change Relating to the ICC Operational Risk Management Framework; Securities Exchange Act Release No. 34-101603 (Nov. 13, 2024), 89 FR 91443 (Nov. 19, 2024) (SR-ICC-2024-011) (“Notice”).
Back to Citation

4. Capitalized terms not otherwise defined herein have the meanings assigned to them in ICC Rules and the ORMF, as applicable.
Back to Citation

5. See generally Securities Exchange Act Release No. 98959 (Nov. 16, 2023), 88 FR 84454 (Dec. 5, 2023) (File No. S7-21-22) (“Clearing Agency Governance and Conflicts of Interest”).
Back to Citation

6. See Notice, 89 FR at 91443.
Back to Citation

7. A service provider for core services means any person that, through a written services provider agreement for services provided to or on behalf of the registered clearing agency, on an ongoing basis, directly supports the delivery of clearance or settlement functionality or any other purposes material to the business of the registered clearing agency. 17 CFR 240.17Ad-25(a). ICC's ORMF has adopted the same terminology and meaning of SPCS as Rule 17Ad-25(a).
Back to Citation

8. See Notice, 89 FR at 91444.
Back to Citation

9. ICE's Key Policies include the following, which may be updated from time to time: 1. Technology Planning and Governance Policy; 2. Capacity Planning Policy; 3. Change Management Policy; 4. Corporate Business Continuity Policy; 5. Corporate Information Security Policy; 6. Corporate Information Technology Policy; 7. Corporate Physical Security Policy; 8. Disaster Recovery Policy; 9. Enterprise Risk Management Policy; 10. Incident Management Policy; 11. Information Technology Asset Management Policy; 12. Infrastructure Observability Policy; 13. Software Development Lifecycle Policy; 14. Third Party Risk Management Policy.
Back to Citation

10. Financial service providers (“FSPs”) are not covered by the TPRM program. FSPs, as defined in ICC's Counterparty Monitoring Procedures, are the entities to which ICC has actual or potential credit exposure, e.g., settlement banks, custodians, depositories, reverse repurchase agreement (“repo”) counterparties, committed repo counterparties, and committed foreign exchange (“FX”) counterparties.
Back to Citation

11. Currently the ORMF defines a “critical vendor” as any third party service which is deemed essential to complete ICC's core processes. Core processes means acceptance of new trades, management of positions, production of risk and banking reports, and the movement of funds.
Back to Citation

12. See17 CFR 240.17Ad-25(a).
Back to Citation
13. Currently, the BDOC is responsible for conducting a service provider risk assessment for each critical vendor, which includes:
- Profiling critical vendor and services performed;
- Reviewing performance activity to date, if applicable;
- Validating or enhancing the contingency plan in the event that a critical vendor cannot perform as expected;
- Ensuring an ongoing oversight program of the critical vendor;
- Assessing the varying risks posed by the critical vendor.
Back to Citation
14. 17 CFR 240.17Ad-25(i)(1); s ee also Notice, 89 at 91444.
Back to Citation

15. The ICC Compliance Committee is an internal ICC committee that oversees and manages ICC's compliance program that establishes the framework for identifying, assessing, measuring, monitoring, mitigating, and reporting on compliance risks for ICC.
Back to Citation

16. 17 CFR 240.17Ad-25(i).
Back to Citation

17. See Notice, 89 at 91444.
Back to Citation

18. Id.
Back to Citation

19. Id.
Back to Citation

20. For example, updates approved by the Board in 2021 included language in Section I.A. `Risk Assessment,' clarifying that the Compliance Committee reviews risk assessments during their quarterly meetings. The 2021 updates also included minor clarifications to Section I.B. to clarify that one of the current responsibilities of the ICE Enterprise Risk Management (“ERM”) function is to observe and review the incident management mitigation process and, if necessary, challenge corrective action plan decisions and priority levels. See Notice, 89 at 91444-45. ICC indicated that these changes were intended to clarify the description of current practices and the readability of the ORMF, and as such, do not change current practices. Id. For further examples, see Notice, 89 at 91444-45.
Back to Citation

21. 15 U.S.C. 78s(b)(2)(C).
Back to Citation

22. Rule 700(b)(3), Commission Rules of Practice, 17 CFR 201.700(b)(3).
Back to Citation

23. Id.
Back to Citation

24. Id.
Back to Citation

25. Susquehanna Int'l Group, LLP v. Securities and Exchange Commission, 866 F.3d 442, 447 (D.C. Cir. 2017) (“Susquehanna”).
Back to Citation

26. 15 U.S.C. 78q-1(b)(3)(F).
Back to Citation

27. 17 CFR 240.17Ad-25(i).
Back to Citation

28. 17 CFR 240.17Ad-22(e)(17)(i).
Back to Citation

29. 17 CFR 240.17Ad-22(e)(2)(i), (v).
Back to Citation

30. 15 U.S.C. 78q-1(b)(3)(F).
Back to Citation

31. The requirements outlined in Section II.B. directly reflect language in Rule 17Ad-25(i), which was approved by the Commission in 2023. See n. 5, supra.
Back to Citation

32. Id.
Back to Citation

33. 17 CFR 240.17Ad-25(i).
Back to Citation

34. See Clearing Agency Governance and Conflicts of Interest, 88 FR at 84477.
Back to Citation

35. Id.
Back to Citation

36. 17 CFR 240.17Ad-22(e)(17)(i).
Back to Citation

37. Id.
Back to Citation

38. Id.
Back to Citation

39. 17 CFR 240.17Ad-22(e)(2)(i), (v).
Back to Citation

40. Id.
Back to Citation

41. 15 U.S.C. 78s(b)(2).
Back to Citation

42. 15 U.S.C. 78s(b)(2).
Back to Citation

43. 17 CFR 240.17Ad-25(i).
Back to Citation

44. 17 CFR 240.17Ad-25(i).
Back to Citation

45. Id.
Back to Citation

46. Clearing Agency Governance and Conflicts of Interest, 88 FR at 84454 (explaining that the compliance date for Rule 17Ad-25 is December 5, 2024, except that the compliance date for the independence requirements of the board and board committees in Rules 17Ad-25(b)(1), (c)(2), and (e) is December 5, 2025).
Back to Citation

47. 15 U.S.C. 78s(b)(2).
Back to Citation

48. 15 U.S.C. 78q-1(b)(3)(F).
Back to Citation

49. 17 CFR 240.17Ad-25(i).
Back to Citation

50. 17 CFR 240.17Ad-22(e)(17)(i).
Back to Citation

51. 17 CFR 240.17Ad-22(e)(2)(i), (v).
Back to Citation

52. 15 U.S.C. 78s(b)(2).
Back to Citation

53. In approving the proposed rule change, the Commission considered the proposal's impact on efficiency, competition, and capital formation. 15 U.S.C. 78c(f).
Back to Citation

54. 17 CFR 200.30-3(a)(12).
Back to Citation
[FR Doc. 2024-29037 Filed 12-10-24; 8:45 am]

BILLING CODE 8011-01-P

Visit the Official Version

Document Information

Published:: 12/11/2024
Department:: Securities and Exchange Commission
Entry Type:: Notice
Document Number:: 2024-29037
Pages:: 99949-99954 (6 pages)
Docket Numbers:: Release No. 34-101819, File No. SR-ICC-2024-011
PDF File:: 2024-29037.pdf

2024-29037. Self-Regulatory Organizations; ICE Clear Credit LLC; Order Granting Accelerated Approval of Proposed Rule Change Relating to the ICC Operational Risk Management Framework

Securities and Exchange Commission

I. Introduction

II. Description of the Proposed Rule Change

A. Management of Risks From Service Providers for Core Services

B. Further Changes to the ORMF

III. Discussion

A. Consistency With Section 17A(b)(3)(F) of the Act

B. Consistency With Rule 17Ad-25(i) Under the Act

C. Consistency With Rule 17Ad-22(e)(17)(i) Under the Act

D. Consistency With Rule 17Ad-22(e)(2)(i) and (v) Under the Act

IV. Accelerated Approval of the Proposed Rule Change

V. Conclusion

Footnotes

Document Information