I. Introduction

On October 21, 2024, The Options Clearing Corporation (“OCC”) filed with the Securities and Exchange Commission (“Commission” or “SEC”), pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (“Act” or “Exchange Act”),^[1] and Rule 19b-4 thereunder,^[2] a proposed rule change (the “Proposed Rule Change”) to amend its governance documents as part of an effort to achieve compliance with recently adopted governance requirements ^[3] and to make changes identified during OCC's annual review process. The Proposed Rule Change was published for comment in the Federal Register on October 31, 2024.^[4] The Commission has not received any comments on the Proposed Rule Change. For the reasons discussed ( print page 97128) below, the Commission is approving the Proposed Rule Change.

II. Description of the Proposed Rule Change

OCC is registered with the Commission as a clearing agency for the purpose of clearing standardized equity options. The Proposed Rule Change amends OCC's Board of Directors Charter and Corporate Governance Principles (“Board Charter”), Governance and Nominating Committee (“GNC”) Charter, Risk Committee Charter, Technology Committee Charter, Compensation and Performance Committee (“CPC”) Charter, Regulatory Committee Charter, Audit Committee Charter, Fitness Standards, Third-Party Risk Management Framework, and Article III of OCC's By-Laws (together, “governance documents”). OCC proposes such amendments in response to the new governance rules that apply to OCC.^[5] Specifically, OCC proposes changes to require that a majority of the Board and any Board-level committee are independent directors; establish policies and procedures to identify, mitigate, or eliminate conflicts of interest; and establish policies and procedures for monitoring and managing risks relating to third-party providers of core services. The amendments also make other conforming changes and typographical corrections.

A. Board Charter and By-Laws

OCC proposes to amend the Board Charter to provide that a majority of the Board and all Board-level committees be independent directors.^[6] As a conforming change, OCC would also remove references in the current Board Charter indicating that only the Audit Committee must be comprised of independent directors.

OCC proposes adding to the Board's mission an oversight role for service providers that provide core services to OCC. The oversight would be accomplished by overseeing senior management's review, risk assessment, and approval of agreements for service providers of core services, and by reviewing senior management's policies and procedures that govern relationships and manage risks for service providers of core services. The amendments to the Board Charter also would require the Board to evaluate certain of senior management's actions related to such service providers, including senior management's efforts to monitor identified material issues with, document weaknesses or deficiencies of, and remedy significant deterioration in performance of such service providers.

The proposed changes to the Board Charter would remove statements indicating that a substantial portion of directors must be independent “of OCC and OCC's management,” and instead state that the Board's policy is to require that a majority of directors be independent at all times. The proposed changes would also clarify the role of the GNC in selecting Exchange Directors, including a requirement that the GNC have a written evaluation process for Exchange Directors, and that the GNC will evaluate each Exchange Director before that director is elected by the Equity Exchange at each annual meeting of stockholders.

OCC proposes adding the word “additional” before “independence” to describe independence criteria for the Audit Committee. The amendments would also detail specific requirements the Board would use to determine whether an individual director meets the definition of Public Director in the Board Charter and Article III of the By-Laws. Further proposed amendments to the Board Charter would require the Board to have at least five directors who are not an associated person or employee of an entity or entity affiliate that is registered or exempt from registration with the Commission or Commodity Futures Trading Commission. The current requirement that a Public Director must not be affiliated with any national securities exchange or association, designated contract market, futures commission merchant, or broker or dealer in securities would be removed.

Finally, OCC proposes amending Article III, Section A of the By-Laws to require the GNC to nominate for Public Director a non-associated person or employee of an entity or entity affiliate that is registered or exempt from registration with the Commission or Commodity Futures Trading Commission before each annual meeting of stockholders where a Public Director is elected.

B. GNC Charter

OCC proposes amending the GNC Charter to provide that at least a majority of the Committee must be comprised of independent directors. The proposed changes also require the Chair to be a Public Director who is also an independent director. Under the amendments, the GNC would be required to assist the Board in overseeing OCC's corporate governance processes, including evaluating Board candidates, to more closely align existing practice with rule text. This evaluation would include a new written process and a packet of materials containing background and other relevant information for all Board candidates. In addition, as part of the written evaluation process, the GNC would be required to identify, screen, and review individuals qualified to serve as Directors, and to document the outcome of the written evaluation process once completed.

OCC also proposes eliminating from the GNC Charter the terms “Member Directors” and “Public Directors” and instead using the term “Directors.” Under the amendments, the GNC would be required to specify fitness standards for serving as a director that are documented in writing and approved by the Board. When evaluating director nominees, the GNC would be required to consider the views of other stakeholders who may be affected by the decisions of the Board, other than owners and Clearing Members. Finally, the GNC would be required to review and advise the board on whether directors are independent, and annually recommend for Board approval the appointment of directors to Board committees and assignment of Committee Chairs.

C. Risk Committee Charter

The proposed amendments to the Risk Committee Charter would require the GNC and the Board, in making their nominations, to take into consideration a broad array of market participants on risk management issues. The proposed amendments would also amend the Risk Committee Charter to provide that at least a majority of the Committee must be comprised of independent directors. Finally, the Risk Committee would be required to provide risk assessments to the Board for any service providers of core services.

D. Technology Committee Charter

OCC proposes amending the Technology Committee Charter to provide that at least a majority of the Technology Committee must be comprised of independent directors.

E. Compensation and Performance Committee (“CPC”) Charter

OCC proposes amending the CPC Charter to provide that at least a majority of the Committee must be comprised of independent directors. In addition, OCC proposes expanding the ( print page 97129) description of the role of the CPC in overseeing OCC's human resources programs and requiring the CPC to oversee the development of human resources programs and policies, including talent acquisition, compensation performance management, diversity, equity, and inclusion programs, training and development, benefits, and succession planning for critical roles.

F. Regulatory Committee Charter

OCC proposes amending the Regulatory Committee Charter to provide that at least a majority of the Committee must be comprised of independent directors. The Regulatory Committee Charter also would be amended to correct minor grammatical errors identified in OCC's annual review.

G. Audit Committee Charter

OCC proposes amending the Audit Committee Charter to provide that at least a majority of the Audit Committee must be comprised of independent directors.

H. Fitness Standards

OCC proposes amending its Fitness Standards to specify that, when considering nominees for election or appointment to the Board, the GNC must consider whether the individual would help demonstrate that the Board has diverse skills, knowledge, and experience and whether the individual understands and considers the views of stakeholders who may be affected by Board decisions other than OCC's owners and Clearing Members.

OCC also proposes amending its Fitness Standards to align with the proposed changes to the description of Public Director and the proposed changes in OCC's Board Charter and By-Laws.Specifically, the proposed amendments would replace current language in the Fitness Standards prohibiting a director from having an affiliation with any national securities exchange, national securities association, designated contract market, futures commission merchant, or broker-dealer in securities with language precluding the director from being an associated person or employee of an exempt or registered entity or affiliate of the Commission or Commodity Futures Trading Commission, as described above. OCC also proposes adding that this requirement will not prevent a person from serving as a Public Director solely based on some other relationship with an entity described in the previous sentence.

I. Third-Party Risk Management Framework

OCC proposes amending its Third-Party Risk Management Framework to require enhanced lifecycle management by OCC's management and Board for third-party service providers of core services. The amendments would require OCC's Management Committee, as part of the process for onboarding a service provider of core services, to evaluate and document risks related to the service agreement with the service provider, assess the risks, and submit its findings to the Board for review and approval prior to onboarding. OCC's Management Committee also would be required to conduct and report to the Board its evaluation of ongoing monitoring for service providers of core services. In addition, the Management Committee would be required to monitor service provider performance and: (i) remedy significant deterioration in services; (ii) address changing risks or material issues; or (iii) assess and document weaknesses or deficiencies if the risks or material issues cannot be remedied. The Management Committee would be required to report to the Board any action taken by senior management to remedy significant deterioration in performance of the service provider for core services or address material issues with the service provider for core services, or to assess and document deficiencies that cannot be remedied.

Under the Proposed Rule Change, the Third-Party Risk Management Framework would be amended to provide that each OCC staff working group responsible for identifying and escalating risks throughout the third-party relationship lifecycle will have a chair and designated Management Committee member responsible for identifying matters to be escalated to the Management Committee. The proposed changes would also add a definition of “Service Provider for Core Services” as a service provider for core services that directly supports the delivery of clearance or settlement functionality or any other material purpose on an going basis to OCC's business through a written agreement.

In Section I, Executive Summary, the description of Exchange-related risks would be broadened from those arising from “Exchanges” to those arising from “Exchange Relationships.” This definition would be moved from a footnote to section V, Definitions.

In Section II, Risk Identification, OCC proposes expanding the definitions of both Information Technology and Security risks and Legal and Regulatory risks to include when third-parties are unable to safeguard OCC's systems and data. The proposed changes would also add as specifically identified Legal and Regulatory risks: (i) when a third-party fails to fulfill its obligations to OCC; (ii) when OCC fails to fulfill its obligations to a third-party; and (iii) when a third-party fails to comply with regulatory standards and protocols.

In Section III, Relationship Lifecycle, OCC proposes changing the header to read “Third-Party Relationship Cycle,” and adding the language “in compliance with agreement terms” to clarify current risk management responsibilities relating to third-party off-boarding about off-boarding third-parties.

In Section IV, Third-Party Relationship Management, the proposed changes would broaden the header from “Exchanges” to “Exchange Relationships,” as noted above. As part of OCC's current on-boarding process, OCC staff is required to present a summary of due diligence and on-boarding activities to OCC's Board. Under the Proposed Rule Change, OCC staff would present such summaries to the Management Committee as well as a summary of legal documents and requirements to the Board of Directors. OCC proposes inserting language to require the escalation of identified legals risks to the Legal Department. Further, OCC proposes replacing “OCC Officer” with “authorized signatories” to define who would be responsible for executing agreements that address control and business requirements. OCC proposes removing language from the Off-Boarding section to avoid the implication that OCC is authorized to limit connectivity with an Exchange only in the context of off-boarding an exchange. The Vendors section would be amended to require Information Technology personnel to review requests for on-boarding new technology vendors and verify that the vendors meet enterprise requirements. The Framework would be amended to clarify that agreements with vendors are required to be negotiated through the process outlined in OCC's Legal Services Policy. Lastly, references that Third-Party Risk Management personnel monitor vendors throughout the Section IV would be eliminated because it is the vendor relationship managers who are responsible for monitoring vendors; Third-Party Risk Management personnel gather information and escalate if necessary.

In Definitions, Section V, the definition of “Watch Level” would be amended to add “risk management” to a list of events requiring a risk response.

Finally, OCC proposes combining the Exchange Working Group and Vendor ( print page 97130) Risk Working Group to create the Exchange and Vendor Working Group throughout the Third-Party Risk Management Framework. OCC also proposes making non-substantive conforming changes throughout for consistency.

III. Discussion and Commission Findings

Section 19(b)(2)(C) of the Act requires the Commission to approve a proposed rule change of a self-regulatory organization if it finds that the Proposed Rule Change is consistent with the requirements of the Act and the rules and regulations thereunder applicable to the organization.^[7] Under the Commission's Rules of Practice, the “burden to demonstrate that a proposed rule change is consistent with the Exchange Act and the rules and regulations issued thereunder . . . is on the self-regulatory organization [`SRO'] that proposed the rule change.” ^[8]

The description of a proposed rule change, its purpose and operation, its effect, and a legal analysis of its consistency with applicable requirements must all be sufficiently detailed and specific to support an affirmative Commission finding,^[9] and any failure of an SRO to provide this information may result in the Commission not having a sufficient basis to make an affirmative finding that a proposed rule change is consistent with the Exchange Act and the applicable rules and regulations.^[10] Moreover, “unquestioning reliance” on an SRO's representations in a proposed rule change is not sufficient to justify Commission approval of a proposed rule change.^[11]

After carefully considering the Proposed Rule Change, the Commission finds that the Proposed Rule Change is consistent with the requirements of the Exchange Act and the rules and regulations thereunder applicable to OCC. More specifically, for the reasons given below, the Commission finds that the Proposed Rule Change is consistent with Section 17A(b)(3)(A) and (F) of the Act ^[12] and Rules 17Ad-22(e)(2) and 17Ad-25 thereunder.^[13]

A. Consistency With Section 17A(b)(3) of the Act

Section 17A(b)(3) of the Act requires, among other things, that OCC be so organized and has the capacity to be able to comply with the provisions of the Act and the rules and regulations thereunder,^[14] and that OCC's rules be designed to foster cooperation and coordination with persons engaged in the clearance and settlement of securities transactions.^[15] Based on review of the record, and for the reasons discussed below,^[16] OCC's changes are consistent with OCC being so organized and having the capacity to comply with the provisions of the Act and the rules and regulations thereunder and with fostering cooperation and coordination with persons engaged in the clearance and settlement of securities transactions. Accordingly, the Proposed Rule Change is consistent with the requirements of Sections 17A(b)(3)(A) and (F) of the Act.^[17]

B. Consistency With Rule 17Ad-22(e)(2) Under the Act

Rule 17Ad-22(e)(2) requires covered clearing agencies to, among other things, provide for governance arrangements that are clear and transparent,^[18] establish that the board of directors and senior management have appropriate experience and skills to discharge their duties and responsibilities,^[19] and specify clear and direct lines of responsibility.^[20] In adopting Rule 17Ad-22(e)(2), the Commission provided guidance that a covered clearing agency generally should consider in establishing and maintaining policies and procedures, including, in part, whether the board of directors contains suitable members with the appropriate skills and incentives to fulfill the board's multiple roles, and whether the board of directors should include non-executive board members.^[21]

OCC's proposed changes would strengthen OCC's written fitness standards for board nominees. Strengthening the criteria by which OCC evaluates both directors and nominees would help OCC review each nominee in the broader context of the diversity of skills, knowledge, experience, and perspectives of the Board. Additionally, the proposed changes would insert independence requirements across OCC's governance documents ( e.g., Board and Board committee charters). An increased focus on director independence would help ensure that the members of OCC's board of directors have the appropriate incentives to fulfill the Board's roles. As a result, the proposed changes to fitness standards and as well as the broader changes across the governing documents are consistent with ensuring that OCC's board of directors contains members with the appropriate skills and incentives to discharge their duties.

The proposed changes further detail the lines of responsibility for management of third-party providers of core services. For example, the amendments to the Third-Party Risk Management Framework described above would require the Management Committee to evaluate and document risks for on-boarding, ongoing monitoring, and off-boarding and submit those findings to the Board for review and approval. Moreover, the proposed changes described above detail how each working group will have a chair and designated member responsible for identifying matters for escalation to the Management Committee. Separately, the proposed changes more clearly articulate certain reporting and escalation lines such as the escalating legal risks related to Exchange Relationships to OCC's Legal Department, Information Technology's role in on-boarding new vendors, and consolidation of certain working groups. Taken together, these procedures establish clear and direct lines of responsibility.

As described above, OCC proposes several changes to improve the clarity of its governance arrangements. For example, the proposed changes to the CPC Charter would, consistent with current practice, expand the description of the CPC's oversight role with regard to human resources at OCC. Similarly, OCC proposes to broaden the relationships contemplated in the Third-Party Risk Management Framework by replacing the references to “Exchanges” with references to “Exchange Relationships,” and to clarify the who can execute legal agreements by replacing a reference to “OCC Officers” with a reference to “authorized signatories.” Separately, the proposed changes would clarify the situations in which OCC can limit connectivity with an Exchange and that ( print page 97131) risk management issues may be a basis for Watch Level-related responses.

Based on the foregoing, the Proposed Rule Change is consistent with the requirements of Rule 17Ad-22(e)(2) under the Act.^[22]

C. Consistency With Rule 17Ad-25 Under the Act

Rule 17Ad-25 requires, among other things, that covered clearing agencies establish: requirements that a majority of the board of directors ^[23] and any committee ^[24] with Board authority be independent directors ^[25] ; a nominating committee, written evaluation process, fitness standards, and evaluation of the independence of nominees and directors ^[26] ; and policies and procedures requiring that senior management evaluate and document risks and whether the risks can be managed for service providers of core services.^[27]

The changes described above require that OCC's Board, and each committee with Board authority be composed of a majority of independent directors, and that such independence is determined in accordance with Rule 17Ad-25. The proposed changes also contemplate a written processes for nominating, evaluating, and electing directors.

The proposed changes revise the Board Charter and Third-Party Risk Management Framework to require that senior management review, approve, monitor, and remediate risks with service providers of core services.^[28] The proposed amendments also require that senior management perform ongoing monitoring of relationships with service providers of core services, and document whether the risks can be remedied, and to inform the Board of their evaluation. Further, the proposed changes articulate the Board's role in oversight of the management of service providers of core services through the reporting required of the Management Committee.

Based on the foregoing, the Proposed Rule Change is consistent with the requirements of Rule 17Ad-25 under the Act.^[29]

IV. Conclusion

On the basis of the foregoing, the Commission finds that the Proposed Rule Change is consistent with the requirements of the Act, and in particular, Sections 17A(b)(3)(A) and (F) of the Act ^[30] and Rules 17Ad-22(e)(2) and 17Ad-25.^[31]

It is Therefore Ordered pursuant to Section 19(b)(2) of the Act that the Proposed Rule Change (SR-OCC-2024-015) be, and hereby is, approved.^[32]