I. Introduction

On May 1, 2019, ICE Clear Europe Limited (“ICE Clear Europe”) filed with the Securities and Exchange Commission (“Commission”), pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (“Act”),^[1] and Rule 19b-4 thereunder,^[2] a proposed rule change (SR-ICEEU-2019-009) to formalize its Operational Risk Management Policy (“ORMP” or “Policy”), which consolidates, clarifies, and codifies ICE Clear Europe's current policies and practices with respect to management of operational risk. The proposed rule change was published for comment in the Federal Register on May 10th, 2019.^[3] The Commission did not receive comments on the proposed rule change. For the reasons discussed below, the Commission is approving the proposed rule change.

II. Description of the Proposed Rule Change

ICE Clear Europe is proposing to formalize its ORMP by consolidating its practices and procedures with respect to management of operational risk. The ORMP defines operational risk as the risk of an event occurring which negatively impacts the achievement of business objectives resulting from inadequate or failed internal operational controls, people, systems or external events.^[4] The Policy notes several non-exhaustive examples of operational risk such as those from internal and external fraud, employment practices and workplace safety, clients, products and business practices, damage to physical assets and business disruption and system failures.^[5]

The proposed ORMP would formalize ICE Clear Europe's existing process for managing operational risks by clarifying and codifying a policy governing the overall process for managing operational risks, the stakeholders responsible for executing those processes, the frequency of review of the Policy, and the governance and reporting lines for the Policy.^[6] As clarified in the ORMP, risk identification and assessment is performed by the business areas exposed to the risk (referred to as “risk owners”) at least once each year and is overseen by the Risk Oversight Department.^[7] More frequent ad hoc assessments may be necessary if risks emerge or disappear between annual reviews.^[8] Risk owners are also responsible for proposing and implementing remedial actions, which are approved by the ICE Clear Europe Executive Risk Committee.^[9]

Under the ORMP, risk owners monitor the identified operational risk daily through the use of key performance and risk indicators.^[10] The Risk Oversight Department itself monitors risks daily through risk appetite metrics and management thresholds as well as operational incidents raised by the risk owners.^[11]

As formalized in the ORMP, overall oversight of the Policy rests with the Audit Committee and Risk Oversight Department.^[12] Control assessments and operational incidents must also be regularly reported to senior management, the Audit Committee, the Board Risk Committee, and the Board.^[13] The ORMP itself is subject to review on a biennial basis or in the event of a material change.^[14]

III. Discussion and Commission Findings

Section 19(b)(2)(C) of the Act directs the Commission to approve a proposed rule change of a self-regulatory organization if it finds that such proposed rule change is consistent with the requirements of the Act and the rules and regulations thereunder applicable to such organization.^[15] For the reasons given below, the Commission finds that the proposed rule change is consistent with Section 17A(b)(3)(F) of the Act,^[16] and Rule 17Ad-22(e)(17)(i) thereunder.^[17]

A. Consistency With Section 17A(b)(3)(F)

Section 17A(b)(3)(F) of the Act requires, among other things, that the rules of a registered clearing agency be designed to promote the prompt and accurate clearance and settlement of securities transactions and, to the extent applicable, derivative agreements, contracts, and transactions, and to assure the safeguarding of securities and funds which are in the custody or control of the clearing agency or for which it is responsible.^[18]

As discussed above, the proposed rule change would formalize ICE Clear Europe's existing policies and process for managing operational risks by clarifying, consolidating, and codifying a policy governing the overall process for managing operational risks, consolidating the existing procedures for operational risk management into a single Policy, and describing the overall process for identifying, monitoring, assessing, responding to, and reporting operational risk through the management chain. By formalizing, consolidating, and clarifying ICE Clear Europe's existing operational risk management procedures in this way, the Commission believes that ICE Clear Europe will help enhance and more clearly define the specific risk management duties, assessment metrics, and governance oversight that support ICE Clear Europe's ability to identify and respond to operational risks presented by its clearing activities. This in turn, will enhance ICE Clear Europe's ability to avoid disruption to clearing operations and address operational risks in a timely fashion, thereby promoting sound operations that facilitate prompt and accurate clearance and settlement as well as the safeguarding of securities and funds which are in the custody or control of ICE Clear Europe or for which it is responsible. Therefore, the Commission finds that the proposed rule change is consistent with the Start Printed Page 31133requirements of Section 17A(b)(3)(F) of the Act.^[19]

B. Consistency With Rule 17Ad-22(e)(17)(i)

Rule 17Ad-22(e)(17)(i) requires, in relevant part, that ICE Clear Europe establish, implement, maintain and enforce written policies and procedures reasonably designed to, as applicable, manage ICE Clear Europe's operational risks by identifying the plausible sources of operational risk, both internal and external, and mitigating their impact through the use of appropriate systems, policies, procedures, and controls.^[20]

As described above, by formalizing, consolidating, and clarifying ICE Clear Europe's existing policies and process for managing operational risks, the ORMP is designed to enhance ICE Clear Europe's ability to identify relevant sources of operational risk, monitor them on an ongoing basis, and take appropriate and timely action to respond to such risks. Specifically, as described above, the proposed Policy provides that the business areas and functions within ICE Clear Europe that are exposed to particular operational risks will be the “risk owners” responsible for identifying, monitoring, assessing, and proposing approaches to the remediation of those risks. Further, as described above, these risk owners will be required as part of ongoing reporting as well as routine periodic reporting to inform multiple levels of management, up to and including the Board, of incidents, risk assessments, and plans to remediate operational risks. The Commission believes that these procedures will help ensure that the risk owners who are immediately impacted and who have the requisite expertise will regularly monitor, identify, and assess risks while also keeping ICEEU's management informed of such risks and incidents. As a result, the Commission believes that this is consistent with the obligation under Rule 17Ad-22(e)(17)(i) to identify the plausible sources of operational risk, both internal and external, and to mitigate their impact through the use of appropriate systems, policies, procedures, and controls.^[21]

IV. Conclusion

On the basis of the foregoing, the Commission finds that the proposed rule change is consistent with the requirements of Section 17A of the Act,^[22] and Rule 17Ad-(e)(17)(i) ^[23] thereunder.

It is therefore ordered pursuant to Section 19(b)(2) of the Act ^[24] that the proposed rule (SR-ICEEU-2019-009) change be, and hereby is, approved.^[25]

Footnotes