I. Introduction

On December 22, 2020, DTCC Data Repository (U.S.), LLC (“DDR”) filed with the Securities and Exchange Commission (“Commission”) an application on Form SDR to register as a security-based swap data repository (“SDR”) pursuant to Section 13(n)(1) of the Securities Exchange Act of 1934 (“Exchange Act”) and 17 CFR 240.13n-1 (“Rule 13n-1”) thereunder,^[1] and as a securities information processor (“SIP”) under Section 11A(b) of the Exchange Act.^[2] DDR intends to operate as a registered SDR for security-based swap (“SBS”) transactions in the equity, credit, and interest rate derivatives asset classes.^[3] The Commission is publishing this notice to solicit comments from interested persons regarding DDR's application,^[4] and the Commission will consider any comments it receives in making its determination whether to approve DDR's application for registration as an SDR and as a SIP.

II. Background

A. SDR Registration, Duties, and Core Principles

Section 13(n) of the Exchange Act makes it unlawful for any person, unless registered with the Commission, directly or indirectly, to make use of the mails or any means or instrumentality of interstate commerce to perform the functions of an SDR.^[5] To be registered and maintain registration, an SDR must comply with certain requirements and core principles described in Section 13(n), as well as any requirements that the Commission may impose by rule or regulation.^[6] In 2015, the Commission adopted 17 CFR 240.13n-1 to 13n-12 under the Exchange Act to establish Form SDR, the procedures for registration as an SDR, and the duties and core principles applicable to an SDR (“SDR Rules”).^[7] The Commission provided a temporary exemption from compliance with the SDR Rules and also extended exemptions from the provisions of the Dodd-Frank Act set forth in a Commission order providing temporary exemptions and other temporary relief from compliance with certain provisions of the Exchange Act concerning security-based swaps, and these temporary exemptions expired in 2017.^[8]

The Commission also has adopted 17 CFR 242.900 to 909 under the Exchange Act (collectively, “Regulation SBSR”), which governs regulatory reporting and public dissemination of security-based swap transactions.^[9] Among other things, Regulation SBSR requires each registered SDR to register with the Commission as a SIP,^[10] and the Form SDR constitutes an application for Start Printed Page 8978registration as a SIP, as well as an SDR.^[11]

In 2019, the Commission stated that implementation of the SBS Reporting Rules can and should be done in a manner that carries out the fundamental policy goals of the SBS Reporting Rules while minimizing burdens as much as practicable.^[12] Noting ongoing concerns among market participants about incurring unnecessary burdens and the Commission's efforts to promote harmonization between the SBS Reporting Rules and swap reporting rules, the Commission took the position that, for four years following Regulation SBSR's Compliance Date 1 in each asset class,^[13] certain actions with respect to the SBS Reporting Rules would not provide a basis for a Commission enforcement action.^[14] The no-action statement's relevance to DDR's application for registration as an SDR and SIP is discussed further below.

B. Standard for Registration

As noted above, to be registered with the Commission as an SDR and maintain such registration, an SDR is required to comply with the requirements and core principles described in Section 13(n) of the Exchange Act, as well as with any requirement that the Commission may impose by rule or regulation.^[15] In addition, Rule 13n-1(c)(3) under the Exchange Act provides that the Commission shall grant the registration of an SDR if it finds that the SDR is so organized, and has the capacity, to be able to: (i) Assure the prompt, accurate, and reliable performance of its functions as an SDR; (ii) comply with any applicable provisions of the securities laws and the rules and regulations thereunder; and (iii) carry out its functions in a manner consistent with the purposes of Section 13(n) of the Exchange Act and the rules and regulations thereunder.^[16] The Commission shall deny the registration of an SDR if it does not make any such finding.^[17] Similarly, to be registered with the Commission as a SIP, the Commission must find that such applicant is so organized, and has the capacity, to be able to assure the prompt, accurate, and reliable performance of its functions as a SIP, comply with the provisions of the Exchange Act and the rules and regulations thereunder, carry out its functions in a manner consistent with the purposes of the Exchange Act, and, insofar as it is acting as an exclusive processor, operate fairly and efficiently.^[18]

In determining whether an applicant meets the criteria set forth in Rule 13n-1(c), the Commission will consider the information reflected by the applicant on its Form SDR, as well as any additional information obtained from the applicant. For example, Form SDR requires an applicant to provide a list of the asset classes for which the applicant is collecting and maintaining data or for which it proposes to collect and maintain data, a description of the functions that it performs or proposes to perform, general information regarding its business organization, and contact information.^[19] Obtaining this information and other information reflected on Form SDR and the exhibits thereto—including the applicant's overall business structure, financial condition, track record in providing access to its services and data, technological reliability, and policies and procedures to comply with its statutory and regulatory obligations—will enable the Commission to determine whether to grant or deny an application for registration.^[20] Furthermore, the information requested in Form SDR will enable the Commission to assess whether the applicant is so organized and has the capacity to comply and carry out its functions in a manner consistent with the federal securities laws and the rules and regulations thereunder, including the SBS Reporting Rules.^[21]

Consistent with the Commission's no-action statement in the ANE Adopting Release,^[22] an entity wishing to register with the Commission as an SDR must still submit an application on Form SDR but can address the rule provisions included in the no-action statement by discussing how the SDR complies with comparable Commodity Futures Trading Commission (“CFTC”) requirements.^[23] Accordingly, in such instances the Commission will not assess an SDR application for consistency or compliance with the rule provisions included in the Commission's no-action statement. Specifically, the Commission identified the following provisions as not providing a basis for an enforcement action against a registered SDR for the duration of the relief provided in the Commission statement: Under Regulation SBSR, aspects of 17 CFR 242.901(a), 901(c)(2) through (7), 901(d), 901(e), 902, 903(b), 906(a) and (b), and 907(a)(1), (a)(3), and (a)(4) through (6); under the SDR Rules, aspects of Section 13(n)(5)(B) of the Exchange Act and 17 CFR 240.13n-4(b)(3) thereunder, and aspects of 17 CFR 240.13n-5(b)(1)(iii); and under Section 11A(b) of the Exchange Act, any provision pertaining to SIPs.^[24] Thus, an SDR applicant will not need to include materials in its application explaining how it would comply with the provisions noted above, and could instead rely on its discussion about how it complies with comparable CFTC requirements.^[25] The applicant may instead represent in its application that it: (i) Is registered with the CFTC as a swap data repository; (ii) is in compliance with applicable requirements under the swap reporting rules; (iii) satisfies the standard for Commission registration of an SDR under Rule 13n-1(c); and (iv) intends to rely on the no-action statement included in the ANE Adopting Release for the period set forth in the ANE Adopting Release with respect to any SBS asset class or classes for which it intends to accept transaction reports.^[26]

III. Summary of DDR's Application on Form SDR

As noted above, DDR intends to operate as a registered SDR for the equity, credit, and interest rate derivatives asset classes.^[27] In its application, DDR represents that it is provisionally registered with the CFTC as a swap data repository, is in compliance with applicable requirements under the CFTC reporting rules applicable to a registered swap data repository, and intends to rely on Start Printed Page 8979the Commission's position outlined in the ANE Adopting Release for applicable reporting rules and SBSDR duties for the period set forth therein.^[28] Below is an overview of the representations made in the application materials.

A. Organization and Governance

DDR is a New York limited liability company and a wholly owned subsidiary of DTCC Deriv/SERV LLC (“Deriv/SERV”), which in turn is a wholly owned subsidiary of The Depository Trust & Clearing Corporation (“DTCC”).^[29] DDR is governed by a board of directors (“DDR Board”).^[30] The number of directors on the DDR Board is determined by Deriv/SERV as the sole LLC member of DDR.^[31] The DDR Board is composed of individuals selected from the following groups: Employees of DDR's users (either fees paying users or end users) with derivatives industry experience, buy-side representatives, independents, and members of senior management or the Board of DTCC.^[32] The Deriv/SERV Nominations Committee shall periodically review the composition of the DDR Board to assure that the level of representation of directors from users, management and non-users is appropriate for the interests of these constituencies in DDR.^[33]

In addition, the DDR Board is responsible for the appointment and removal of the chief compliance officer (“CCO”) and approval of CCO compensation, which is at the discretion of the Board and effected by a majority vote.^[34] The CCO is responsible for establishing and administering the compliance program that is designed to prevent violations of the obligations of a swap data repository under the Dodd-Frank Act and other applicable regulations and is ultimately responsible for ensuring that DDR complies with the requirements of the Commodity Exchange Act, the Securities Exchange Act and other applicable laws and regulations.^[35] The Chief Compliance Officer has oversight over all compliance functions and staff related to DDR's compliance program.^[36] The duties of the CCO include, but are not limited to, the following: (a) Oversee and review DDR's compliance with applicable law in jurisdictions where DDR is registered, designated, recognized or otherwise licensed; (b) in consultation with the DDR Board or the Senior Officer, resolve any conflicts of interests that may arise, including, but not limited to, conflicts between business considerations and compliance requirements, conflicts between business considerations and compliance requirements for fair and open access, and conflicts between the management and members of the DDR Board; (c) establish and administer written policies and procedures reasonably designed to prevent violation of law; (d) take reasonable steps to ensure compliance with applicable law relating to agreements, contracts or transactions and confidentiality agreements entered into with foreign or domestic regulators; (e) establish procedures for the remediation of non-compliance issues identified by the CCO through a compliance office review, look-back, internal or external audit finding, self-reported error, or validated complaint; (f) notify the DDR Board as soon as practicable upon becoming aware of a circumstance indicating that DDR, or an individual acting on its behalf, is in non-compliance with the applicable laws of a jurisdiction in which it operates and either: (1) The non-compliance creates a risk to a user; (2) the non-compliance creates a risk of harm to the capital markets in which it operates; (3) the non-compliance is part of a pattern of non-compliance; or (4) the non-compliance may have an impact on DDR's ability to carry on business as a trade repository in compliance with applicable law; (g) establish and follow appropriate procedures for the handling, management response, remediation, retesting and closing of noncompliance issues; (h) establish and administer a written code of ethics; and (i) prepare and sign an annual compliance report in accordance with applicable regulations and associated recordkeeping.^[37] In addition, the application provides that the CCO or a delegate thereof has the authority to investigate any potential rule violation and is responsible for enforcing sanctions related to violations and for following the procedures outlined for DDR system restrictions.^[38]

The CCO, in consultation with the DDR Audit Committee, will resolve all conflicts of interest.^[39] Any conflict of interest not resolved by the DDR Audit Committee shall be escalated to the DDR Board for resolution.^[40] When resolving conflicts of interest involving DDR staff, the DDR CCO, DDR's senior officer, the audit committee, and the DDR Board consider all relevant facts and circumstances.^[41] With regard to director conflicts of interest, the application provides that a director conflict is present whenever the interests of DDR compete with the interests of a director or any party associated with a director.^[42] The application also provides that a director conflict is present whenever a director's corporate or personal interests could be reasonably viewed as affecting his or her objectivity or independence in fulfilling his or her duties.^[43] According to the application materials, DDR expects its directors to act on the side of caution and immediately bring to the attention of the DDR CCO and either the Board Chairman or DDR's legal counsel any matters involving conflicts of interest.^[44]

B. Access and Information Security

According to DDR, access to and usage of its SDR service will be available to all market participants that engage in SBS transactions, and DDR does not and will not bundle or tie its SDR services with any other services.^[45] The application provides that DDR's services would be available to all market participants on a fair, open, and equal basis.^[46] Further, DDR does not impose membership qualifications on users of its services beyond (i) requiring execution of membership documents, such as a user agreement, (ii) the ability to comply with the technical specifications published by DDR, and (iii) compliance with applicable law, specifically those related to sanctions administered and enforced by the Office of Foreign Assets Control of the U.S. Department of the Treasury (“OFAC”).^[47]

To be granted access to the DDR system, receive trade information, confirm or verify transactions, submit messages, or receive reports, a market participant must be an onboarded user.^[48] For those market participants that onboard, DDR will provide a mechanism for users to access the DDR system to confirm and verify transactions. Users are required to maintain at least two Super Access Coordinators (“SuperACs”) on the DDR System; SuperACs are responsible for: (1) Providing access to other individuals (referred to as “ACs”) who are eligible Start Printed Page 8980to access the System and use the SDR Services on behalf of the user; and (2) removing access for any individuals who should no longer access the System on behalf of the user.^[49]

To participate in the SDR services offered by DDR, each user will be required to enter into a user agreement; by entering into a user agreement each user agrees to be bound by the terms of the user agreement and DDR Operating Procedures, which incorporate terms of DDR's Rulebook.^[50] In addition, the DDR Rulebook provides that each user must comply with all reasonable requests by DDR for information, documentation, or data concerning such user and related to such user's use of the DDR system as DDR may deem necessary.^[51] The DDR Rulebook also states that DDR has the right to audit or inspect a user (and its facilities) with respect to its use of the DDR system, upon reasonable notice.^[52] Furthermore, the DDR Rulebook provides that users must cooperate with such audits or inspections and with other inquiries by DDR concerning their use of the DDR system.^[53]

The DDR Operating Procedures provide that each user agrees to defend and indemnify DDR from and against all reasonable losses, liabilities, damages, judgments, settlements, fines, costs, and expenses DDR may incur directly arising out of or directly relating to the acts or omissions of a user's participation or failure to participate (for itself or on behalf of others) in DDR's services or DDR's system, any unauthorized access to DDR's system through such user's interface with DDR's system, or any other matter directly relating to such user that is not the responsibility of DDR under the DDR Operating Procedures, except to the extent that such losses arise out of or relate to the DDR's negligence or willful misconduct.^[54]

With respect to prohibiting or limiting a person's access to SDR services, the DDR Rulebook outlines the process required for DDR to decline an application to become a user of SDR services.^[55] For example, DDR may deny an applicant's access to the DDR system if required pursuant to applicable law (e.g., due to sanctions against the application administered and enforced by OFAC or the Canadian Government's Office of the Superintendent of Financial Institutions).^[56] The DDR Rulebook provides that any such applicants would receive notice and an opportunity for a hearing in the event that DDR declines an application.^[57] The DDR Rulebook also provides that, if the denial of an application is reversed by the DDR Board or by the Commission pursuant to Section 11A of the Exchange Act, such application will be accepted and the applicant granted access following completion of onboarding requirements.^[58]

With respect to DDR temporarily denying a user access to or imposing restrictions on its use of the DDR system, the DDR Rulebook provides that DDR may take such action where a user: (i) Violates DDR rules; (ii) refuses to or neglects to comply with any direction DDR deems reasonably necessary to protect its systems and other users; (iii) or any error, delay, or other conduct that materially and adversely affects the operations of DDR (each a “Subject Event”).^[59] Limits to the activities, functions, or operation of users may include, but are not limited to, restricting access to the DDR system or a user's ability to submit data via a non-approved source and assessing users with all costs incurred by DDR in connection with a “Subject Event” and apply any deterrent financial penalties that DDR may deem necessary.^[60] The DDR Rulebook provides that DDR is required to provide prompt notice to the designated regulators of any such action,^[61] as well as furnish the user with a concise written statement describing the Subject Event applicable to the user.^[62]

In addition, the DDR Rulebook provides that DTCC has established a Technology Risk Management Team, whose role is to manage information security risk and ensure the availability, integrity, and confidentiality of the organization's information assets.^[63] DDR will be responsible for monitoring the performance of DTCC regarding implementation and maintenance of information security within its infrastructure.^[64] The DDR Rulebook specifies that various policies have been developed to provide the framework for both physical security and information security are routinely refreshed.^[65] According to DDR, the Technology Risk Management Team carries out a series of processes to endeavor to ensure DDR is protected in a cost-effective and comprehensive manner, while still meeting the requirements of applicable regulations.^[66] This includes preventive controls such as firewalls, appropriate encryption technology, and authentication methods.^[67] Vulnerability scanning is used to identify high risks to be mitigated and managed and to measure conformance against the policies and standards.^[68]

The DDR system is supported by DTCC and relies on the disaster recovery program maintained by DTCC.^[69] To enable DDR to provide timely resumption of critical services should there be any disruption to its business, DDR follows these key principles for business continuity and disaster recovery: (i) Achieve recovery of critical services within a four-hour window with faster recovery time in less extreme situations; (ii) disperse staff across geographically diverse operating facilities; (iii) operate multiple back-up data centers linked by a highly resilient network technology; (iv) maintain emergency command and out-of-region operating control; (v) utilize new technology which provides high-volume, high-speed, asynchronous data transfer over distances of 1,000 miles or more; (vi) maintain processes that mitigate marketplace, operational and cyber-attack risks; (vii) test continuity plan readiness and connectivity on a regular basis ensuring that users and third-party vendors/service providers can connect to DDR's primary and back-up sites; (viii) communicate on an emergency basis with the market, users and government agency decision-makers; and (ix) evaluate, test, and utilize best business continuity and resiliency practices.^[70]

C. Acceptance and Use of SBS Data

The application provides that DDR will provide Market Participants with the ability to submit data for over-the-counter (“OTC”) derivatives for credits, equities, rates, foreign exchange (“FX”) and other commodity asset classes.^[71] DDR may reject a transaction record submitted due the submission failing to meet DDR validations, including but not limited to the submission failing to be Start Printed Page 8981in a format that can be ingested by DDR, failing to meet jurisdictional requirements or failing to provide required data elements.^[72] A rejected submission is deemed not to have been submitted at all with respect to reporting to the jurisdiction for which it was rejected (it is possible that one transaction record is submitted to comply with reporting in more than one jurisdiction and may be acceptable for one jurisdiction, but rejected for the other).^[73] Upon submission, the DDR System will perform validation checks to ensure that each submitted record is complete and accurate, in accordance DDR's message ingestion requirements.^[74] This process is completed through validation and consistency checks.^[75] If the record fails these validation or consistency checks, the record will be rejected, and such rejection status will be communicated to the user(s) to correct and re-submit.^[76] According to DDR, the SDR process is an end-to-end straight through process; from the receipt of data, processing and maintenance of data, and dissemination of data, processes are automated and do not require manual intervention; this straight through processing model is a key mitigant to modification or invalidation of any data.^[77]

DDR's Operating Procedures provides that DDR and each user agrees that each will treat as confidential (both during and after the termination of a user's access to DDR's system) all confidential information (defined as: (i) With respect to DDR, transaction data specified in records received by DDR and any data, reports, summaries or payment amounts which may be produced as a result of processing such transaction data, and (ii) with respect to any user, the technical specifications of DDR's system (to the extent not publicly disclosed by DDR; but confidential information does not include data distributed to the public in accordance will applicable law).^[78]

D. Fees

The application includes DDR's fee schedules.^[79] There are two types of fees, Position Maintenance Fees and Account Management Fees.^[80] DDR charges a monthly “Position Maintenance Fee,” based on the number of positions open at any time during the applicable month and which decreases as the number of open positions increases on a tiered basis.^[81] Position count includes positions even if terminated or exited prior to the month end.^[82] Platforms, as that term is defined by Commission rules,^[83] are not charged position maintenance fees.^[84] For a position where a clearing agency (“Clearer”) is a counterparty, the Clearer shall be responsible for the Position Maintenance Fee, less a 75% reduction.^[85] For all other positions, the Reporting Side, as that term is defined by Commission rules,^[86] will be responsible for Position Maintenance Fees.^[87] For entities grouped as a single account with subaccounts (“Grouped Accounts”), positions will be aggregated for purposes of determining position count threshold and to determine the applicable tiered Position Maintenance Fees.^[88]

In addition to the Position Maintenance Fee, the application indicates that DDR will charge an annual “Account Management Fee,” currently set at $1,200.00, that will apply to all accounts and will be prorated in the year the account is opened.^[89] Accounts may be set up on an individual entity basis or, in certain instances, as Grouped Accounts, such as a corporate family ^[90] that chooses to structure its account as a single account with subaccounts for affiliates or an asset manager that chooses to structure its account as a single account with subaccounts for its managed funds. Grouped Accounts will be charged one Account Management Fee.^[91]

DDR's fee policy further provides that users will have the option to elect to enter into a long-term commitment for a period ending December 31, 2024 (“Long Term Commitment”), which would reduce the applicable Position Maintenance Fee and Account Management Fee by ten percent, exclusive of tax, for the duration of the Long-Term Commitment.^[92] If the Long Term Commitment is terminated prior to the end of the applicable Long Term Commitment period, DDR explains that the non-Clearer User will be subject to an early termination fee equal to: (a) The difference between the total amount of fees due after application of the Long Term Commitment incentive and the total amount of fees that would have been due during the applicable portion of the Long Term Commitment period had no incentive been provided (“Total Incentive Provided”); plus (b) the greater of five percent of the Total Incentive Provided or $500.00.^[93]

E. Recordkeeping

The DDR Rulebook provides that DDR will maintain all information as required by applicable law as well as maintain swap and security-based swap data throughout the existence of the swap and security-based swap and for 15 years following termination of the swap or security-based swap or as otherwise required by applicable regulations.^[94] The records will be readily accessible throughout the life of a swap or security-based swap and for 5 years following its termination and shall be in an electronic format that is non-rewriteable and non-erasable.^[95] For the remainder of the retention period, the swap or security-based swap record will be retrievable within 3 business days.^[96] In the event DDR ceases doing business or ceases to be a registered or designated trade repository it shall continue, for a period of not less than five (5) years or upon transfer to the Designated Regulator or its designee or another registered or designated trade repository for that jurisdiction, to preserve, maintain, and make accessible to each Designated Regulator or its designee, the records and data required by Applicable Regulation in accordance with DDR's Wind-Down Policies and Procedures document.^[97]

F. Disclosure

DDR publishes a disclosure document to provide a summary of information regarding its service offerings and the SBS data it maintains.^[98] Specifically, the disclosure document sets forth a description of the following: (i) A description of access to services offered and swap data maintained; (ii) criteria for those seeking to connect to or link with its SDR; (iii) criteria for those seeking to connect to or link with DDR systems; (iv) policies and procedures with respect to DDR systems safeguards; (v) policies and procedures related to privacy and confidentiality; (vi) policies and procedures regarding its non-commercial and commercial use of transaction data; ^[99] (vii) procedures for dispute resolution; (viii) fees, rates, dues and other charges; and (ix) governance arrangements.^[100]

G. Regulatory Reporting and Public Dissemination

As a registered SDR, DDR would carry out an important role in the regulatory reporting and public dissemination of SBS transactions. As noted above, DDR has stated that it intends to rely on the no-action statement included in the ANE Adopting Release for the period set forth in the ANE Adopting Release with respect to any SBS asset class or classes for which it intends to accept transaction reports.^[101] Therefore, DDR does not need to include materials in its application explaining how it would comply with the provisions of the SBS Reporting Rules noted in the no-action statement.^[102] Instead, DDR may rely on its discussion about how it complies with comparable CFTC requirements pertaining to regulatory reporting and public dissemination of swap transactions.

IV. Solicitation of Comments

Interested persons are invited to submit written data, views, and arguments concerning DDR's Form SDR, including whether DDR has satisfied the requirements for registration as an SDR and as a SIP. Commenters are requested, to the extent possible, to provide empirical data and other factual support for their views. Comments may be submitted by any of the following methods:

Electronic Comments

• Use the Commission's internet comment form (http://www.sec.gov/​rules/​proposed.shtml); or
• Send an email to rule-comments@sec.gov. Please include File Number SBSDR-2020-01 on the subject line.

Paper Comments

• Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090. All submissions should refer to File Number SBSDR-2020-01.

To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all comments on the Commission's internet website (http://www.sec.gov/​rules/​other.shtml).

Copies of the Form SDR, all subsequent amendments, all written statements with respect to the Form SDR that are filed with the Commission, and all written communications relating to the Form SDR between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission's Public Reference Section, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m.

All comments received will be posted without change. Persons submitting comments are cautioned that we do not redact or edit personal identifying information from comment submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SBSDR-2020-01 and should be submitted on or before March 3, 2021.

Footnotes