-
Start Preamble
AGENCY:
Commodity Futures Trading Commission.
ACTION:
Notice of proposed rulemaking.
SUMMARY:
Pursuant to Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank Act”), as amended by the Fixing America's Surface Transportation Act of 2015 (“FAST Act”), the Commodity Futures Trading Commission (“Commission” or “CFTC”) is proposing amendments the Commission's regulations relating to access to swap data held by Swap Data Repositories. The proposed amendments would implement pertinent provisions of the FAST Act and make associated changes to the Commission's regulations governing the grant of access to swap data to certain foreign and domestic authorities by Swap Data Repositories and to certain other regulations unrelated to such access.
DATES:
Comments must be received on or before March 27, 2017.
ADDRESSES:
You may submit comments, identified by RIN 3038-AE44, by any of the following methods:
- CFTC Web site: https://comments.cftc.gov. Follow the instructions for submitting comments through the Comments Online process on the Web site.
- Mail: Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.
- Hand Delivery/Courier: Same as Mail, above.
- Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
Please submit your comments using only one method.
All comments must be submitted in English, or if not, accompanied by an English translation. Comments will be posted as received to www.cftc.gov. You should submit only information that you wish to make available publicly. If you wish the Commission to consider information that you believe is exempt from disclosure under the Freedom of Information Act (“FOIA”), a petition for confidential treatment of the exempt information may be submitted according to the procedures established in § 145.9 of the Commission's regulations.[1]
The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse or remove any or all of your submission from www.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of the rulemaking will be retained in the public comment file and will be considered as required under the Administrative Procedure Act and other applicable laws, and may be accessible under the FOIA.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Daniel Bucsa, Deputy Director, Division of Market Oversight—Data and Reporting Branch, (202) 418-5435, dbucsa@cftc.gov; Jeffrey P. Burns, Assistant General Counsel, Office of the General Counsel, (202) 418-5101, jburns@cftc.gov; David E. Aron, Special Counsel, Division of Market Oversight—Data and Reporting Branch, (202) 418-6621, daron@cftc.gov; or Owen J. Kopon, Special Counsel, Division of Market Oversight—Data and Reporting Branch, (202) 418-5360, okopon@cftc.gov, Commodity Futures Trading Commission, Three Lafayette Centre, 1151 21st Street NW., Washington, DC 20581.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
Table of Contents
I. Background and Introduction
A. Statutory Background: The Dodd-Frank Act
B. Regulatory History: The Part 49 Rules and the Commission's 2012 Interpretative Statement
1. Access to SDR Swap Data
2. The Regulatory Indemnification Requirement
C. FAST Act Amendments to CEA Section 21
D. CEA Section 8 Informs the Confidentiality Provisions of CEA Section 21
E. Summary of Proposed Revisions to Part 49
F. Rescission of 2012 Interpretative Statement
II. Discussion
A. Definitions: Proposed Amendments to § 49.2
B. Domestic and Foreign Regulators With Regulatory Responsibility Over SDRs: Proposed Amendments to § 49.17(d)(2) and (3)
1. The Current Rule
2. Proposed Amendments
3. Request for Comment
C. Appropriateness Determination for Foreign Regulators and Non-Enumerated Domestic Regulators: Proposed § 49.17(h) and Proposed Amendments to § 49.17(b)
1. The Current Rule
2. The Proposed Amendments
3. The Factors Required for a Determination Order
a. Scope of Jurisdiction
b. Robust Confidentiality Safeguards
c. Additional Considerations
d. Other Matters Regarding the Determination Order Process
e. Request for Comment
4. Proposed Amendments to § 49.17(d)(4)—SDR Notice and Verification Obligations
5. Proposed New § 49.17(i)—Delegation of Authority
6. Request for Comment
D. CEA Section 21(d) Confidentiality Agreements: Proposed Amendments to § 49.18
1. Current § 49.18
2. Proposed Amendments to § 49.18(a)—Confidentiality Arrangement Required Prior to Disclosure of Swap Data
3. Proposed Amendments to § 49.18(b)—Required Elements of the Confidentiality Arrangement
4. Removal of § 49.18(c)—ADRs and AFRs With Regulatory Responsibility Over an SDR
5. Failure To Fulfill the Terms of a Confidentiality Arrangement: Proposed § 49.18(c) and (d)
6. Proposed § 49.18(e)—Delegation of Authority
7. Conforming Changes
8. Request for Comment
E. Other Changes
III. Request for Comment
IV. Related Matters
A. Regulatory Flexibility Act
B. Paperwork Reduction Act
1. Summary of the Proposed Requirements
2. Collection of Information
3. Request for Comments on Collection
C. Cost-Benefit Considerations
D. Antitrust Considerations
I. Background and Introduction
A. Statutory Background: The Dodd-Frank Act
Title VII of the Dodd-Frank Act [2] amended the Commodity Exchange Act (“CEA” or the “Act”) [3] to establish a Start Printed Page 8370comprehensive new regulatory framework for swaps including, in new CEA section 21, the registration and regulation of Swap Data Repositories (“SDRs”).[4] CEA section 21 imposes on SDRs, among other duties and responsibilities, the duty to maintain the privacy of all swap transaction information received from a swap dealer, counterparty, or any other registered entity.[5] CEA section 21(c)(7) directs SDRs to make swap data available “on a confidential basis pursuant to section 8 [of the CEA]” [6] to certain enumerated domestic authorities and any other person the Commission determines to be appropriate, which may include certain types of foreign authorities.[7] Entities that are eligible to receive access to swap data from an SDR pursuant to CEA section 21(c)(7) are referred to herein, collectively, as the “21(c)(7) entities”).
As originally enacted, CEA sections 21(d)(1) and (2) of the Act mandated that, prior to receipt of any requested data or information from an SDR, a 21(c)(7) entity agree in writing to abide by the confidentiality requirements described in CEA section 8 and, separately, to indemnify the SDR and the Commission for “any expenses arising from litigation relating to the information provided under section 8.” [8] Congress's repeal of the CEA section 21(d)(2) indemnification requirement in the FAST Act in December 2015 gave rise to the amendments proposed in this release.
B. Regulatory History: The Part 49 Rules and the Commission's 2012 Interpretative Statement
1. Access to SDR Swap Data
In 2011, the Commission adopted rules implementing CEA section 21's requirements for SDRs.[9] The Commission implemented the SDR swap data access provisions of CEA sections 21(c)(7) and (d) by establishing processes by which various categories of entities could gain access to SDR swap data. The domestic entities enumerated in CEA section 21(c)(7)(A)-(D),[10] and certain others deemed by the Commission to be appropriate recipients of such swap data pursuant to CEA section 21(c)(7)(E),[11] were defined in § 49.17(b)(1) of the Commission's regulations as “Appropriate Domestic Regulators” (“ADRs”).[12]
The term “Appropriate Foreign Regulator” (“AFR”) [13] was defined in § 49.17(b)(2) as a “Foreign Regulator” [14] with an existing memorandum of understanding (“MOU”) or similar type of arrangement with the Commission; no AFRs were specifically identified in the rule. The term “Appropriate Foreign Regulator” was also defined to include a Foreign Regulator without an existing MOU with the Commission, as determined by the Commission on a case-by-case basis. Such a Foreign Regulator was required to file with the Commission an application providing sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator employs appropriate confidentiality procedures, and to satisfy the Commission that any SDR data accessed by the Foreign Regulator would be disclosed “only as permitted by [s]ection 8(e)” of the CEA.[15]
An ADR or AFR seeking access to SDR data is required by current § 49.17(d)(1) to file an access request with the SDR certifying that it is acting within the scope of its jurisdiction and is required by current § 49.17(d)(6) to execute a “Confidentiality and Indemnification Agreement” with the SDR.[16]
2. The Regulatory Indemnification Requirement
In the preamble to the SDR Final Rules, the Commission acknowledged commenters' concerns that compliance with the statutory and regulatory indemnification requirements would be difficult for certain domestic and foreign regulators due to various home country laws and other regulations prohibiting such arrangements,[17] and expressed its intent to continue to work to provide regulators sufficient access to SDR data. In this regard, the Commission outlined the circumstances under which it believed the indemnification provision of CEA section 21(d) and § 49.18 would Start Printed Page 8371not apply. The Commission explained that, under the part 49 rules, certain Appropriate Domestic Regulators may in some circumstances obtain access to swap data reported and maintained by SDRs without regard to the notice and indemnification requirements of CEA sections 21(c)(7) and (d).[18] With respect to foreign regulatory authorities, the Commission determined in the SDR Final Rules that swap data reported to and maintained by an SDR may be accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR has supervisory authority over a Commission-registered SDR that is also registered with the AFR pursuant to foreign law and/or regulation.
Concerns about the scope of the indemnification provision persisted, and in October 2012 the Commission issued an Interpretative Statement, which was designed to provide guidance and greater clarity to interested members of the public and foreign regulators with respect to the scope and application of CEA section 21(d) and the part 49 rules.[19] The Interpretative Statement clarified that a foreign regulatory authority's access to swap data held in a CFTC-registered SDR would not be subject to the confidentiality and indemnification provisions of CEA section 21(d) or the part 49 regulations if (i) the registered SDR is also registered in, or recognized or otherwise authorized by, the foreign authority's regulatory regime; and (ii) the data sought to be accessed by the foreign authority has been reported to the registered SDR pursuant to such foreign regulatory regime.[20]
C. FAST Act Amendments to CEA Section 21
Congress responded to the regulators' access concerns by including in the FAST Act a repeal of CEA section 21(d)(2)'s indemnification requirement.[21] The confidentiality requirement in CEA section 21(d)(1) was retained in CEA section 21(d), as amended.[22]
The FAST Act also modified CEA section 21(c)(7)(A) by specifying that “swap” data—as opposed to “all” data—must be provided to 21(c)(7) entities, and added to CEA section 21(c)(7)(E)'s non-exclusive list of persons that the Commission may determine to be appropriate recipients of SDR swap data the new category “other foreign authorities.”
D. CEA Section 8 Informs the Confidentiality Provisions of CEA Section 21
CEA section 8 governs the Commission's treatment of nonpublic information in its possession in a number of circumstances, and its disclosure restrictions and confidentiality standards expressly inform the access provisions of CEA sections 21(c)(7) and 21(d). As relevant here, CEA section 8(e) permits the Commission to furnish to the specified types of domestic or foreign entities—upon their request and acting within the scope of their jurisdiction—any information in its possession obtained in connection with the administration of the Act.[23] CEA section 8(e) specifies, with respect to U.S. entities, that any information furnished thereunder shall not be disclosed except in an action or proceeding under the laws of the United States to which the entity, the Commission or the United States is a party. CEA section 8(e) further specifies, with respect to the specified types of foreign entities, that the Commission shall not furnish information thereunder unless the Commission is satisfied that the information will not be disclosed by the entity except in connection with an adjudicatory action or proceeding to which the entity is a party brought under the laws to which such entity is subject.
The principles underlying CEA section 8(e) are also fundamental to CEA sections 21(c)(7) and (d) and to the access standards and confidentiality provisions proposed in this release. In proposing clearer and more robust access and confidentiality standards in §§ 49.17 and 49.18, the Commission is mindful of these foundational principles: Where information is sought to be accessed, the information must relate to the scope of the requesting entity's jurisdiction or authority; and information provided by the SDR shall not be further disclosed except in limited, defined circumstances.
E. Summary of Proposed Revisions to Part 49
Pursuant to its authority under the Act,[24] the Commission is proposing amendments to §§ 49.2, 49.9, 49.17, 49.18, and 49.22 to (i) implement the statutory changes mandated by the FAST Act Amendments; (ii) make certain conforming and clarifying changes related to such implementation; (iii) revise the process by which appropriateness is determined for purposes of access to SDR swap data and clarify the standards in connection with the Commission's appropriateness determinations; and (iv) establish the form and substance of the written agreement mandated by CEA section 21(d), as amended. In formulating the following proposed amendments, the Commission has endeavored to balance the goal of effective and consistent global regulation of swaps [25] with the mandate of CEA sections 21(c)(7) and (d) that swap data be made available to a limited universe of regulators on a Start Printed Page 8372confidential basis pursuant to CEA section 8. The proposed rules and rule amendments would, if adopted:
- Add “other foreign authorities” to the foreign regulators identified in § 49.2(a)(5), consistent with the FAST Act's amendment to CEA section 21(c)(7)(E) to include this category among the entities that the Commission may deem appropriate to access SDR swap data;
- Amend § 49.9 to make clarifying changes;
- Amend § 49.17 to, among other things: (i) Delete all references to the indemnification requirement and/or indemnification agreement; (ii) establish a process and clarify the standards for determining whether certain entities not enumerated in § 49.17(b)(1)(i)-(vi) are appropriate to directly access swap data from an SDR; (iii) revise the SDR notification requirement so that SDRs notify the Commission only for each initial request for swap data by ADRs and AFRs and any subsequent request at variance with the ADR's or AFR's scope of jurisdiction; (iv) specify that the information available to ADRs and AFRs is “swap data”—as distinguished from “data,” to reflect the corresponding FAST Act amendment to CEA section 21; and (v) add a delegation of authority provision so that Commission staff is able to efficiently administer certain functions related to SDR swap data access;
- Amend § 49.18 to, among other things: (i) Delete all references to the indemnification requirement and/or indemnification agreement; (ii) require that SDRs receive, prior to providing SDR swap data access to an ADR or AFR, a written confidentiality arrangement between the Commission and such ADR or AFR; (iii) specify the required elements of such written confidentiality arrangement; (iv) require SDRs to notify the Commission of any known failures to fulfill the terms of a confidentiality arrangement required by § 49.18(a); (v) inform ADRs, AFRs and SDRs that the Commission may direct an SDR to limit, suspend or revoke an ADR's or AFR's access to swap data held by an SDR if such ADR or AFR has failed to fulfill the terms of a confidentiality arrangement required by § 49.18(a); and (vi) add a delegation of authority provision so that Commission staff is able to efficiently administer certain functions related to SDR swap data access; and
- Amend § 49.22(d)(4) to omit a reference to indemnification in order to conform to the corresponding FAST Act amendment to the CEA.
F. Rescission of 2012 Interpretative Statement
The Commission has determined to rescind its 2012 Interpretative Statement. References to the indemnification requirement in the Interpretative Statement are no longer relevant as the indemnification requirement in CEA section 21(d) has been repealed by the FAST Act. Additionally, the modifications to § 49.17(d)(3) that are proposed here are consistent with the clarifications provided in the Interpretative Statement.
II. Discussion
A. Definitions: Proposed Amendments to § 49.2
As originally adopted, § 49.2(a)(5) defined the term “foreign regulator” to include a foreign futures authority as defined in CEA section 1a(26), foreign financial supervisors, foreign central banks and foreign ministries.[26] The FAST Act amendments to the CEA added to subsection 21(c)(7)(E) a new category of entity—“other foreign authorities”—that the Commission may deem appropriate to obtain access to SDR swap data. The Commission proposes a corresponding amendment to the definition of “foreign regulator” in § 49.2(a)(5) to conform this definition to amended subsection 21(c)(7)(E).
B. Domestic and Foreign Regulators With Regulatory Responsibility ) Over SDRs: Proposed Amendments to § 49.17(d)(2) and (3)
1. The Current Rule
Commission regulation 49.17(d)(2) of the Commission's regulations currently provides that an ADR with regulatory jurisdiction over an SDR registered with it pursuant to a separate statutory authority that is also registered with the Commission is not subject to the requirements of § 49.17(d) (application and notice provisions) and § 49.18(b) (confidentiality and indemnification agreement) as long as the following conditions are met: (i) The ADR executes an MOU or similar information sharing arrangement with the Commission; and (ii) the Commission, consistent with CEA section 21(c)(4)(A), designates the ADR to receive direct electronic access. As described in the SDR Final Rules, the Commission provided that these ADRs may be provided access to the swap data reported and maintained by SDRs without being subject to the notice and indemnification provisions of CEA sections 21(c)(7) and (d).[27]
Commission regulation 49.17(d)(3) of the Commission's regulations currently provides that an AFR with supervisory authority over an SDR registered with it pursuant to foreign law and/or regulation that is also registered with the Commission is not subject to the requirements of § 49.17(d) (application and notice provisions) and § 49.18(b) (confidentiality and indemnification agreement). As described in the SDR Final Rules and Interpretative Statement, the Commission believes that confidential swap data reported to, and maintained, by an SDR may be appropriately accessed by an AFR without the execution of a confidentiality and indemnification agreement when the AFR is acting in a regulatory capacity with respect to an SDR that is also registered with the AFR and with respect to data reported to such SDR pursuant to such AFR's regulatory regime.[28]
2. Proposed Amendments
With respect to domestic regulators with regulatory jurisdiction over an SDR, the Commission proposes to remove: (1) The reference to “Appropriate Domestic Regulator” in § 49.17(d)(2) and replace it with the term “domestic regulator” to clarify that all domestic regulators and not just ADRs would fall under § 49.17(d)(2); (2) subparagraph (i) to § 49.17(d)(2) (the information sharing arrangement condition) and (3) subparagraph (ii) to § 49.17(d)(2) (the direct electronic access condition). Although the Commission in the original part 49 rules adopted the information sharing and direct electronic access conditions so that ADRs would not be subject to the then-existing confidentiality and indemnification requirements, the Commission through experience with SDR swap data access believes an additional refinement of these rules is necessary in order to promote greater efficiency and cooperation among domestic regulators. Accordingly, the Commission submits that a domestic regulator that has regulatory jurisdiction Start Printed Page 8373over an SDR registered with it pursuant to a separate statutory authority should be able to access SDR data reported to such SDR pursuant to such separate statutory authority irrespective of whether such domestic regulator has executed an MOU or similar information sharing arrangement with the Commission or been designated to receive direct electronic access by the Commission.[29]
In connection with foreign regulatory authorities that have supervisory authority over an SDR, the Commission proposes to (i) remove the reference to “Appropriate Foreign Regulator” in § 49.17(d)(3) and replace it with the term “Foreign Regulator” as defined in § 49.2 to clarify that all Foreign Regulators, not only those that have been determined “appropriate” by the Commission would fall under § 49.17(d)(3); and (ii) add qualifying language to § 49.17(d)(3) so that § 49.17(d)(3) applies not only to SDRs that are “registered” with the Foreign Regulator but also to those SDRs that are “registered, recognized, or otherwise authorized” by a foreign jurisdiction's regulatory regime, and where such swap data has been reported to the SDR pursuant to the Foreign Regulator's regulatory regime.[30]
As it was when adopting the SDR Final Rules, the Commission is mindful of the need to protect the confidentiality of swap data when such data is provided to another regulator. Under the proposal, the Commission believes that the proposed changes to § 49.17(d)(3) strike the appropriate balance in providing access to swap data consistent with the confidentiality protections set forth in the CEA.[31]
3. Request for Comment
The Commission requests comment on all aspects of amendments to § 49.17(d)(2) and (3).
C. Appropriateness Determination for Foreign Regulators and Non-enumerated Domestic Regulators: Proposed § 49.17(h) and Proposed Amendments to § 49.17(b)
1. The Current Rule
CEA section 21(c)(7) specifies U.S. entities to which swap data must be released by an SDR, provided certain prerequisites are satisfied. Because Congress has determined that access to SDR swap data by these entities is appropriate when the prerequisites are satisfied, no further access consideration by the Commission is necessary. These U.S. entities, along with others determined to be appropriate by the Commission pursuant to CEA section 21(c)(7)(E), are identified in § 49.17(b)(1) as “Appropriate Domestic Regulators.” The term “Appropriate Domestic Regulator” is also defined to include “any other person the Commission deems appropriate.” The current part 49 rules do not include a process for determining that a U.S. entity not specifically enumerated in § 49.17(b)(1) is an “Appropriate Domestic Regulator.”
Under current § 49.17(b)(2)(i), in order for a Foreign Regulator [32] that does not have a current MOU with the Commission to be determined to be an “Appropriate Foreign Regulator,” [33] it must file with the Commission an application in the form and manner specified by the Commission.[34] The application must provide sufficient facts and procedures to permit the Commission to analyze whether the Foreign Regulator's confidentiality procedures are appropriate and to satisfy the Commission that information provided by an SDR will not be disclosed by the Foreign Regulator except as permitted by CEA section 8(e).
2. The Proposed Amendments
The Commission proposes to eliminate the current filing requirements set forth in current § 49.17(b)(2)(i) and establish new filing requirements in proposed § 49.17(h). The Commission also proposes to include in § 49.17(h), CEA section 8-related confidentiality considerations and the ability for the Commission to revisit or reassess appropriateness determinations. The filing requirements proposed in new § 49.17(h) would apply to all foreign regulators regardless of whether a current MOU or similar arrangement with the Commission exists, and to any domestic regulator that is not an ADR enumerated in § 49.17(b)(1)(i)-(vi) (“Enumerated ADR”). Proposed § 49.17(h)(3) would specify two threshold requirements for a finding of appropriateness: (i) The requesting entity has in place appropriate safeguards to maintain the confidentiality of such swap data; and (ii) such entity is acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. These requirements are necessary but may or may not be sufficient to support an appropriateness determination: The Commission proposes to evaluate each filing on a case-by-case basis with reference to these and other factors that the Commission may find germane to its determination. If the Commission finds on the basis of information submitted that access to SDR swap data is appropriate, the Commission would issue an order confirming the regulator's status as an ADR or AFR and setting forth any conditions or limitations on access consistent with the relevant statutory and regulatory requirements (the proposed “Determination Order”). The Commission is also proposing, through § 49.17(h)(4), to be able to revisit, reassess, limit, suspend or revoke a previously issued Determination Order. The Commission believes it is necessary to be able to revisit an appropriateness determination, and potentially take one of the foregoing remedial actions, in order to be able to address situations that may arise subsequent to the determination, such as where an AFR or ADR violates the term of a Determination Order or fails to properly keep SDR swap data confidential.
3. The Factors Required for a Determination Order
a. Scope of Jurisdiction
CEA section 21(c)(7) directs SDRs to provide swap data to regulators “on a confidential basis pursuant to section 8.” [35] The Commission interprets this provision to require consistency with CEA section 8(e)'s mandate that information may be furnished, on a confidential basis, only to other regulators acting within the scope of their jurisdiction. Accordingly, the Commission believes that an appropriateness determination must be Start Printed Page 8374informed by reference to the regulator's jurisdiction and to the entity's legitimate regulatory or legal interest in the swap data to be sought.
In this regard, the Commission proposes to add to part 49 new § 49.17(h)(2), which would require an applicant seeking a Determination Order to provide the Commission sufficient information to permit the Commission to conclude that the applicant would be acting within the scope of its jurisdiction in seeking access to swap data maintained by an SDR. As part of this information, the Commission expects that an applicant would explain the relationship between its jurisdiction and its request for access to swap data maintained by SDRs, including an explanation of the applicant's need for particular swap data to carry out its regulatory mandate, legal authority or responsibility.
The Commission proposes in new § 49.17(h)(3) to specify that the Commission will not issue a Determination Order unless it is satisfied that the regulator is acting within the scope of its jurisdiction in seeking access to SDR swap data, and that any grant of access will be limited to swap data appropriate to the entity's regulatory mandate or legal authority. Each Determination Order would further require, as a condition of the appropriateness determination set forth therein, that a regulator that has received a Determination Order promptly notify the Commission, and each SDR from which it has received swap data, of any change to its jurisdiction that would relate to the swap data access requested.[36] As described in proposed § 49.17(d)(5), the Commission would be able to direct SDRs to limit, suspend or revoke the scope of an ADR's or AFR's SDR swap data access to reflect the new scope of its jurisdiction.[37] The Commission expects that this proposed limitation on access will reduce the risk of unauthorized or unnecessary disclosures because each appropriate regulator will have access to swap data only to the extent necessary to fulfill its jurisdictional mandate or regulatory responsibility.
b. Robust Confidentiality Safeguards
CEA section 21(c)(7) is explicit in requiring that SDRs make swap data available on a confidential basis pursuant to CEA section 8. Proposed § 49.17(h)(2) accordingly would require that the applicant submit to the Commission information sufficient to permit a determination that the applicant employs adequate confidentiality safeguards to ensure that swap data the applicant receives from an SDR will not be disclosed other than as permitted by the confidentiality arrangement required by § 49.18(a). The Commission anticipates that this would involve the Commission considering whether the applicant's confidentiality protocols, system safeguards and security compliance procedures can be expected to ensure the confidentiality of the swap data, and that the applicant has in place protections sufficient to prevent unauthorized intrusions into the systems that maintain the swap data. In this regard, the Commission would also expect to consider the applicant's processes for limiting internal access to swap data to those persons with a need to know, as well as how the swap data will be stored and whether the swap data will be segregated from other information.
It is the Commission's view that reliance on these factors strikes an appropriate balance between realizing the benefits of data access by regulators [38] and the obligation to protect confidential information in accordance with the dictates of CEA section 8(e), as incorporated by reference in CEA section 21(c)(7) and (d) through those sections' incorporation of CEA section 8. The Commission considers these factors essential to a determination of appropriateness. Other considerations, while not proposed to be codified in these proposed rules, may also contribute to the Commission's appropriateness analysis.
c. Additional Considerations
Although the Commission proposes to eliminate the current regulatory provision conferring AFR status on a foreign regulator with “an existing [MOU] or other similar type of information sharing arrangement executed with the Commission . . ., ” [39] it nonetheless continues to believe that the existence of such an arrangement fosters a cooperative relationship and encourages the development of shared understandings related to regulatory responsibilities. Although not dispositive, indications of a strong cooperative relationship with another authority, as established by the existence of such an arrangement and the Commission's experience working with such authority in finalizing and administering the arrangement, would likely be a factor supporting an appropriateness determination. Also, a failure to cooperate fully or to comply with the terms of an existing or prior arrangement might be expected to weigh against an appropriateness determination.
Similarly, when assessing appropriateness, the Commission expects to consider whether it receives access to swap data maintained by trade repositories in that regulator's jurisdiction. The Commission is mindful of the Dodd-Frank Act's encouragement of coordination and cooperation with foreign regulatory authorities.[40] The Commission believes that increased data access by regulators has the potential to provide the Commission and other authorities with more complete information with which to monitor risk exposures and should be expected to promote global market stability through enhanced regulatory transparency. Accordingly, Commission access to swap data maintained by trade repositories in such other regulator's jurisdiction, an arrangement prospectively to assist the Commission in obtaining data from other jurisdictions, and a history of assistance from a foreign regulator, would be viewed favorably by the Commission in considering appropriateness.
d. Other Matters Regarding the Determination Order Process
The Commission preliminarily believes that the Determination Order process and factors discussed above offer a reasonable approach to providing requesting entities access to SDR swap data based on clearly articulated factors and any additional considerations or circumstances the Commission may deem relevant on a case-by-case basis. Both the required factors and the additional considerations support the mandate of CEA sections 8, 21(c)(7) and 21(d) and are consistent with the express intent of Congress that the Commission coordinate and cooperate with foreign regulatory authorities on matters related to the regulation of swaps. Through the issuance of Determination Orders, the Commission will be able to impose appropriate conditions or restrictions on an entity's access to SDR swap data such that the entity's access is linked to its jurisdictional scope. Pursuant to proposed § 49.17(h)(4), the Commission Start Printed Page 8375may also, in its discretion, issue a Determination Order of limited duration, and may otherwise limit, suspend or revoke such an order if the entity fails to comply with its terms or the terms of the statutory confidentiality arrangements. The Commission would expect SDRs to take into account any conditions or restrictions contained in a Determination Order when providing access to swap data to an ADR or AFR.
The Commission further believes it is appropriate to make the process and factors proposed in § 49.17(h) applicable to any domestic entities that are not enumerated as ADRs in § 49.17(b)(1)(i)-(vi), as scope of jurisdiction and confidentiality considerations are equally applicable to U.S. entities, and has drafted proposed § 49.17(h) accordingly.
e. Request for Comment
The Commission requests comment on all aspects of proposed § 49.17(h), particularly on whether the proposed regulatory and other factors are sufficient to determine whether access to SDR swap data is appropriate.
4. Proposed Amendments to § 49.17(d)(4)—SDR Notice and Verification Obligations
CEA section 21(c)(7) requires each SDR to notify the Commission of a swap data request received from an ADR or AFR.[41] Currently, this statutory requirement is implemented in § 49.17(d)(4)(i), which provides that an SDR must promptly notify the Commission regarding “any” request received by an ADR or AFR to gain access to swap data maintained by the SDR.
To reduce the burden on SDRs and provide greater operational efficiency consistent with the intent of CEA section 21(c)(7), the Commission is proposing to amend the SDR notification requirement in current § 49.17(d)(4)(i) to require an SDR to notify the Commission (i) at the time that it receives the first request for swap data from a particular ADR or AFR and (ii) at any time that a request does not comport with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed § 49.18(a). The proposed amendment would make the notification applicable only to the initial request for swap data and any subsequent request at variance with the ADR's or AFR's scope of jurisdiction: On receiving either such request for data by a particular ADR or AFR, the SDR would be required to provide prompt electronic notification to the Commission of the request, in a format specified by the Secretary of the Commission, pursuant to proposed § 49.17(d)(4)(ii). The SDR would be required to keep such notification and related requests confidential consistent with the requirements of CEA sections 21(c)(6) and (7) and related regulatory requirements set forth in §§ 49.16 and 49.17.
The Commission believes that the proposed approach to SDR notification supports the Commission's need to be aware of who is able to access SDR swap data and what data has been accessed, while eliminating potentially costly, unwieldy and inefficient notice of every swap data request. Under the proposal, the Commission would be notified that a particular ADR or AFR has requested access to SDR swap data and will be able to examine records of the ADR's or AFR's individual swap data requests, and the swap data provided, as it deems necessary.[42]
The Commission also proposes to amend § 49.17(d)(4) by adding new subsection (iii) to require each SDR that receives a request for access to its swap data from an ADR or AFR to verify, prior to providing such access, that the request is consistent with the scope of the ADR's or AFR's jurisdiction, as described in the confidentiality arrangement required by proposed § 49.18(a).[43] This verification would need to incorporate any subsequent changes thereto. The Commission is also proposing to require an ADR or AFR that has executed a confidentiality arrangement with the Commission pursuant to § 49.18(a) and provided such confidentiality arrangement to one or more SDRs to notify the Commission and each such SDR of any change to such ADR's or AFR's scope of jurisdiction as described in such confidentiality arrangement. Additionally, the proposal would enable the Commission to direct a SDR to suspend, limit, or revoke access to swap data maintained by such SDR based on any such change to such ADR's or AFR's scope of jurisdiction, and that, if so directed, such SDR shall so suspend, limit, or revoke such access.
As proposed, § 49.17(d)(4)(iv) would require SDR verification only once with respect to a request for ongoing or recurring access to particular data, provided that there has not been a change in the scope of the regulator's jurisdiction (in which case an SDR would need to verify anew that the swap data requested is within the scope of the requesting ADR's or AFR's jurisdiction). The Commission recognizes that the proposed requirement imposes a burden on SDRs; however, it notes that SDRs are obliged by CEA section 21(c)(7) to provide access “pursuant to section 8” of the CEA, which requires a jurisdictional nexus to the information requested. In these circumstances, the Commission believes SDRs must take a role in ensuring compliance with these statutory restrictions.
5. Proposed New § 49.17(i)—Delegation of Authority
In the interests of expedience and efficiency in determining appropriateness of access by regulators, the Commission proposes to delegate all functions reserved to the Commission in § 49.17 to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time.
6. Request for Comment
The Commission requests comment on all aspects of the proposed amendments to § 49.17, and particularly invites comments on:
1. Whether commenters believe there are more cost-effective methods of notification and recordkeeping that would still provide the Commission with access to the information necessary for it to perform its regulatory functions in a manner consistent with CEA section 21(c)(7); and
2. Whether a phase-in process is necessary to decrease the likelihood that a large number of new demands on SDRs' systems from ADRs and AFRs seeking access to swap data will decrease SDR systems reliability, efficiency or speed.
D. CEA Section 21(d) Confidentiality Agreements: Proposed Amendments to § 49.18
CEA section 21(d), as amended, requires that, prior to providing swap data to a 21(c)(7) entity, an SDR “shall Start Printed Page 8376receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in CEA section 8 relating to the information on swap transactions that is provided.” [44] As originally adopted, the part 49 rules required that such confidentiality agreements be executed between the SDR and the 21(c)(7) entity.[45] The Commission proposes to add a new § 49.18(a) to require that a confidentiality arrangement be executed by and between the ADR or AFR and the Commission.[46] Once the ADR or AFR and the Commission have executed a confidentiality arrangement, the ADR or AFR may present the executed document to any SDR from which it requests access to swap data in satisfaction of CEA section 21(d).
The Commission recognizes that its proposed amendments to § 49.18 represent a change in approach from the part 49 rules as adopted. Based on its experience with SDRs and swap data access since the adoption of part 49 in 2011, and further consideration of the relationship between CEA sections 21 and 8, however, the Commission believes this change is consistent with the statutory framework established by Congress in CEA section 21(d) and 21(c)(7). Moreover, in the Commission's view a confidentiality arrangement between the Commission and the regulator more directly supports the confidentiality mandate of CEA section 8. Finally, the Commission believes that the proposed requirement will promote regulatory efficiency and reduce costs to SDRs, ADRs and AFRs while ensuring the confidentiality of SDR swap data by giving full effect to the strictures of CEA section 8(e).
To further promote regulatory efficiency, the Commission is proposing to provide a form of confidentiality arrangement as Appendix B to Part 49, for use by ADRs and AFRs. The Commission would expect its use by ADRs and AFRs to reduce significantly the need for these entities to negotiate separate confidentiality arrangements with the Commission. This proposed change also would eliminate the costs and potential inefficiencies to SDRs inherent in requiring them to negotiate confidentiality agreements with a potentially large number of ADRs and AFRs. Finally, while its use is not required, the Commission believes that the proposed form of confidentiality arrangement in Appendix B to Part 49 can be expected to conserve its limited staff resources by eliminating in many cases the need for the Commission and its staff to develop individualized confidentiality arrangements with multiple ADRs or AFRs seeking access to SDR swap data.
1. Current § 49.18
The Commission adopted § 49.18 to implement CEA section 21(d)(1) and (2) as originally enacted. Accordingly, the current rule sets forth the obligation for SDRs to execute a “Confidentiality and Indemnification Agreement” before providing SDR swap data to an ADR or AFR. Congress has repealed the indemnification requirement, and the Commission proposes to make conforming amendments to § 49.18 to remove references to indemnification.
Separately, the Commission is proposing revisions to § 49.18 to modify the substantive requirements of the confidentiality arrangement and the parties to the confidentiality arrangement, to establish conditions for restricting or revoking access to SDR swap data, and to clarify the confidentiality obligations of ADRs and AFRs with regulatory responsibility over an SDR.
2. Proposed Amendments to § 49.18(a)—Confidentiality Arrangement Required Prior to Disclosure of Swap Data
The Commission proposes to remove current § 49.18(a) [47] and add a new § 49.18(a) requiring that an SDR receive a confidentiality arrangement, executed by the Commission and the ADR or AFR seeking access to the swap data maintained by the SDR, that, at a minimum, contains all elements described in proposed § 49.18(b).
3. Proposed Amendments to § 49.18(b)—Required Elements of the Confidentiality Arrangement
The Commission proposes to replace the text of current § 49.18(b) [48] with a requirement that the confidentiality arrangement required pursuant to § 49.18(a) shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in proposed Appendix B to part 49. Paragraph 5 of the confidentiality arrangement would require the ADR or AFR to undertake that it will be acting within the scope of its jurisdiction each time it requests swap data from an SDR, and to promptly notify the Commission and each relevant SDR if the scope of the ADR's or AFR's jurisdiction changes. Paragraph 5 of the confidentiality arrangement also would require ADRs and AFRs to employ procedures to maintain the confidentiality of swap data and any information and analyses derived therefrom (the swap data and such information are referred to collectively as the “Confidential Information”).
Paragraph 6 of the confidentiality arrangement would require ADR and AFR signatories to employ the following safeguards to maintain the confidentiality of the Confidential Information:
- To the maximum extent practicable, maintain Confidential Information received from SDRs separately from other data and information; [49]
- Protect such Confidential Information from misappropriation and misuse; [50]
- Ensure that only ADR or AFR personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto and that such access is Start Printed Page 8377permitted only to the minimum extent necessary to perform such job functions; [51]
- Except as provided in paragraph 8 of the confidentiality arrangement, prevent disclosure of Confidential Information unless sufficiently aggregated and anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties; [52]
- Prohibit the use of Confidential Information by ADR or AFR personnel for any improper purpose; and
- Monitor compliance with the confidentiality safeguards and ensure prompt notification of the CFTC and each relevant SDR of any violation of the safeguards or failure to fulfill the terms of the confidentiality arrangement.
Paragraph 7 of the confidentiality arrangement also would preclude, with limited exceptions, ADRs and AFRs from disclosing any Confidential Information, via onward sharing [53] or otherwise. The only permitted disclosures would be (1) in actions, adjudicatory actions or proceedings, as applicable, described in CEA section 8(e), the operative language of which is included in paragraph 8 of the confidentiality arrangement and (2) aggregated SDR swap data that is anonymized to prevent identification (through disaggregation or otherwise) of a market participant's business transactions, trade data, market positions, customers or counterparties.
Paragraph 9 of the confidentiality arrangement contains certain provisions requiring ADRs and AFRs to notify the Commission, and take certain protective actions, prior to disclosing SDR swap data even where an ADR or AFR receives a legally enforceable demand to disclose Confidential Information.
Paragraph 11 of the confidentiality arrangement would require ADRs and AFRs accessing swap data from SDRs to comply with all security-related requirements imposed by SDRs in connection with access to such swap data, as such requirements may be revised from time to time. Because, subject to specified conditions, CEA sections 21(c)(7) and 21(d) require SDRs to provide ADRs and AFRs access to swap data, the Commission expects that SDRs will not impose security-related access requirements beyond those that are necessary to ensure the privacy and confidentiality of SDR swap data. The Commission further expects that SDRs' security-related access requirements for ADRs and AFRs would be akin, if not identical, to the requirements SDRs impose on others (e.g., the Commission, reporting counterparties) to whom SDRs provide swap data access.
To further protect the confidentiality of SDR swap data, paragraph 12 of the confidentiality arrangement would require ADR and AFR signatories to promptly destroy all Confidential Information for which they no longer have a need or which no longer falls within their scope of jurisdiction.[54] While it may be the case that ADRs or AFRs will use some or all Confidential Information in perpetuity, if they no longer have a need for Confidential Information, they should destroy such Confidential Information to prevent its misuse. Similarly, it is possible that an SDR may inadvertently provide swap data outside the scope of an ADR or AFR's jurisdiction. In such circumstances, such swap data also should be destroyed immediately after the ADR or AFR discovers that such swap data is outside the scope of its jurisdiction.
The proposed rule would require that the confidentiality arrangement must include an exhibit (Exhibit A) specifying the scope of jurisdiction of the ADR or AFR signatory. If such signatory is not an Enumerated ADR, the ADR or AFR would attach the Commission Determination Order described in § 49.17(h) as Exhibit A to the confidentiality arrangement. If such signatory is an Enumerated ADR, it would attach, as Exhibit A to the confidentiality arrangement, a detailed description of its scope of jurisdiction as it relates to the swap data maintained by SDRs that the ADR would seek pursuant to the confidentiality arrangement. This requirement is designed to assist SDRs in determining that the scope of each swap data request is within the scope of the requesting entity's jurisdiction.
While the Commission would impose certain obligations on ADRs and AFRs, with respect to swap data received from an SDR, in the proposed confidentiality arrangement, ADRs and AFRs retain the discretion to determine how to comply with those obligations. Additionally, to the extent that neither the proposal nor commenters address a relevant confidentiality issue that arises after an ADR or AFR commences accessing swap data, the Commission expects affected ADRs and AFRs to take appropriate measures to safeguard affected swap data and advise the Commission of such issue promptly so that the Commission may consider appropriate action.
4. Removal of § 49.18(c)—ADRs and AFRs With Regulatory Responsibility Over an SDR
The Commission proposes to remove current § 49.18(c), which provides that the indemnification and confidentiality requirements established in § 49.18(b) do not apply to certain ADRs and AFRs with regulatory jurisdiction or supervisory responsibilities over an SDR, but requires such regulators to comply with CEA section 8 and “any other relevant statutory confidentiality authorities.” As noted above in section II.B. relating to § 49.17(d)(2) and (3), the Commission believes that those domestic and foreign regulators that have regulatory responsibility over an Start Printed Page 8378SDR should be able to access SDR data reported to such SDR pursuant to such other regulator's regulatory regime, without limitation. Therefore, the Commission submits that § 49.18(c) is not appropriate because it requires these domestic and foreign regulators with regulatory responsibility over SDRs to comply with CEA section 8 and any other relevant statutory confidentiality authorities. In addition, § 49.17(d)(2) and (3) already provide that the confidentiality and indemnification requirements of § 49.18(b) do not apply to these domestic and foreign regulators with regulatory responsibility over SDRs. However, insofar as a regulator sought swap data that was not reported to the SDR pursuant to that regulator's regulatory regime, the exclusions set forth within § 49.17(d)(2) and (3) would not apply.
The Commission accordingly submits that current § 49.18(c) is inappropriate and unnecessary, and therefore, should be eliminated.
5. Failure to Fulfill the Terms of a Confidentiality Arrangement: Proposed § 49.18(c) and (d)
The Commission proposes in new § 49.18(c) to require SDRs to promptly report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that they receive pursuant to § 49.18(a). Proposed new § 49.18(d) would authorize the Commission to direct an SDR to limit, suspend or revoke an AFR's or ADR's access to swap data, if the Commission determines that the AFR or ADR has failed to fulfill the terms of its confidentiality arrangement with the Commission.[55]
6. Proposed § 49.18(e)—Delegation of Authority
The Commission is proposing to add § 49.18(e)(1) to delegate to the Director of the Division of Market Oversight, and to such staff acting under his or her direction as he or she may designate from time to time, all functions reserved to the Commission in § 49.18. Proposed § 49.18(e)(2) would reserve to the Director of the Division of Market Oversight the authority to submit to the Commission for its consideration any matter which has been delegated to the Director under proposed § 49.18(e)(1). The Commission proposes in § 49.18(e)(3) to expressly permit the Commission, at its election, to exercise the authority delegated to the Director of the Division of Market Oversight under proposed § 49.18(e)(1).
This delegation is intended to conserve Commission resources and increase the effectiveness and efficiency of the Commission's oversight and supervision of SDR swap data access. The Commission anticipates that the delegation of authority will help facilitate timely access to SDR swap data by ADRs and AFRs consistent with the requirements set forth in part 49 of the Commission's regulations. However, the Division of Market Oversight may submit matters to the Commission for its consideration, as it deems appropriate.
7. Conforming Changes
As a result of the FAST Act Amendments, the Commission proposes conforming changes to § 49.17(d)(6), to delete references to an Indemnification Agreement. As a result of the proposed changes to § 49.18, and in particular, § 49.18(a), the Commission proposes conforming changes to § 49.22(d)(4) relating to chief compliance officer compliance responsibilities and duties so that the appropriate section reflecting the confidentiality arrangement is referenced.
8. Request for Comment
1. The Commission requests comment on all aspects of the proposed amendments to § 49.18. Commenters are particularly invited to address the proposed amendments to § 49.18 relating to the confidentiality provisions of CEA sections 21(c)(7) and 21(d), whether the Commission should prescribe specific processes to govern ADR and AFR requests for swap data access from an SDR; and whether the Commission should prescribe a process to govern an SDR's treatment of requests for swap data access.
2. In addition, commenters are invited to address the proposed rules implementing the notification requirement. In this regard, is there an alternative to requiring SDRs to maintain copies of all data they provide in connection with the data access provisions that would still permit the Commission to assess the SDR's ongoing compliance with those provisions? For example, are alternative approaches available such that the Commission need not require SDRs to maintain actual copies of all information provided pursuant to the data access provisions? Would such an alternative approach reduce the burdens on SDRs while still permitting the Commission to assess ongoing compliance?
E. Other Changes
In addition to those changes discussed throughout this release, the Commission is proposing other changes to part 49, including a number of ministerial changes. The Commission proposes to amend § 49.9(a)(9) to change the reference in § 49.9(a)(9) from “certain appropriate domestic regulators and foreign regulators” to “Appropriate Domestic Regulators and Appropriate Foreign Regulators” to make clear that an SDR is required to provide access to swap data, pursuant to § 49.17, only to ADRs and AFRs. The Commission is proposing to make a number of other changes to part 49 to more consistently refer to the defined term “swap data”. The Commission is proposing to modify the references in existing §§ 49.9(a)(9) and 49.17(b)(2)(i) to “swap data or information”; the reference in existing § 49.17(d)(4)(i) to “swaps transaction data”; and the reference in existing § 49.17(d)(6) to “requested data,” to be references to “swap data” as that term is defined in § 49.2(a)(15). The Commission is proposing these changes to eliminate confusion and to conform part 49 to the FAST Act's amendment of CEA section 21(c)(7) to refer to “swap data.”
The Commission is also proposing to replace the reference in § 49.17(a) to “swaps data” with a reference to “swap data” and to replace the reference in § 49.17(a) to “Regulation” with a reference to “§ 49.17” to match the format of the reference in § 49.17(b). The Commission does not intend to effect any substantive changes with these proposed amendments.
The Commission is proposing to change the references to “swap transaction data” and “swaps transaction data” in § 49.17(c)(2) and 49.17(c)(3) to “swap data” as defined in § 49.2(a)(15). The Commission is also proposing to change the references to “data” in § 49.17(d)(5), (d)(6), (e), and (e)(1) to “swap data” in order to clarify the Commission's intent to refer to “swap data” within the meaning of § 49.2(a)(15). For the same reason, the Commission is also proposing to add “swap data and” before “information” in § 49.17(e)(2) to conform it to § 49.17(e)(1), as proposed to be amended.[56] The Commission also Start Printed Page 8379proposes to add the term “and information” after the term “swap data” in the second sentence of § 49.17(e) so that such sentence is consistent with the first sentence of § 49.17(e), which permits access by third parties to both swap data and information maintained by a registered SDR, subject to certain conditions.
In § 49.17(f)(2), the Commission is proposing to change both references to “[d]ata and information” to “[S]wap data and information” in order to clarify, in each case, that the intended reference is to “swap data” as defined in § 49.2(a)(15).
In addition to those changes related to references to swap data, the Commission is also proposing to amend § 49.17(b)(1)(vii) to change “[a]ny other person the Commission deems appropriate[ ]” to “[a]ny other person the Commission determines to be appropriate pursuant to the process set forth in § 49.17(h)” to match the language in CEA section 21(c)(7).
Commission regulation 49.17(f)(1) currently states, “Access of swap data maintained by the registered swap data repository to market participants is generally prohibited.” The Commission is proposing to amend § 49.17(f)(1) to state, “Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in § 49.17(f)(2)” in order to clarify its meaning. The Commission does not intend this to be a substantive change to § 49.17(f)(1).
Finally, the Commission is proposing several minor clarifying changes to § 49.18(b).[57] These changes include replacing “the swap data” with “swap data”; replacing the “with any Appropriate Domestic Regulator or Appropriate Foreign Regulator” reference with “to any Appropriate Domestic Regulator or Appropriate Foreign Regulator”; and adding “each” before “as defined in § 49.17(b)” to reflect that both “Appropriate Domestic Regulator” and “Appropriate Foreign Regulator” are defined terms in § 49.17(b).
III. Request for Comment
In addition to the specific questions set forth in various sections above, the Commission requests comment on all aspects of the proposal, and particularly invites comment on the questions set forth below.
(1) What, if any, impediments exist to accurately and cost-effectively determining whether swap data access requests are within the scope of an ADR's/AFR's jurisdiction?
(2) Are there any particular elements the Commission has proposed to include in the confidentiality arrangement that are unnecessary? Has the Commission omitted particular element(s) that should be included in a confidentiality arrangement?
(3) Do SDRs maintain swap data in a manner that permits accurate reproduction at a later date of the results of an ADR's/AFR's request for swap data? If so, is it necessary for the Commission to require that SDRs maintain records of the results of such requests, as opposed to merely maintaining the details of the request?
IV. Related Matters
A. Regulatory Flexibility Act
The Regulatory Flexibility Act (“RFA”) requires federal agencies, in promulgating rules, to consider the impact of those rules on small entities.[58] The rules proposed herein will have a direct effect on the operations of SDRs and certain domestic and foreign regulators seeking access to swap data reported to, and maintained, by SDRs.
The Commission has previously established certain definitions of “small entities” to be used by the Commission in evaluating the impact of its rules on small entities in accordance with the RFA.[59] The Commission has previously determined that SDRs are not small entities for purpose of the RFA.[60] For purposes of the Regulatory Flexibility Act, the definition of “small entity” also encompasses “small governmental jurisdictions,” which in relevant part means governments of locales with a population of less than fifty thousand.[61] Although the Commission anticipates that this proposal may be expected to have an economic impact on various governmental entities that access data pursuant to Dodd-Frank's data access provisions, the Commission does not anticipate that any of those governmental entities would be small governmental jurisdictions. Therefore, the Commission does not believe that this proposal will have a significant economic impact on a substantial number of small entities. Therefore, the Chairman, on behalf of the Commission, pursuant to 5 U.S.C. 605(b), hereby certifies that the proposed rules will not have a significant economic impact on a substantial number of small entities.
B. Paperwork Reduction Act
The proposed amendments to part 49 would result in new “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”).[62] An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (“OMB”) control number. The OMB control number for the information collection associated with part 49 swap reporting is 3038-0086.[63] The Commission is seeking to revise Information Collection 3038-0086 because the rule amendments proposed herein will impose information collection requirements that require approval from OMB under the PRA. The Commission is therefore submitting this proposal to OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11.
1. Summary of the Proposed Requirements
The proposed modifications to part 49 would require SDRs to make swap data available to requesting entities if certain conditions are satisfied. These conditions include the requesting entity executing a confidentiality arrangement and, in some cases, receiving a determination order from the Commission that it is an appropriate entity to receive SDR swap data. The proposed modifications would also require SDRs to report failures to fulfill the terms of confidentiality arrangements to the Commission.
2. Collection of Information
Currently, OMB Control Number 3038-0086 sets out burden estimates relating to a broad range of SDR obligations associated with registration requirements, reporting requirements, recordkeeping requirements, and disclosure requirements. Where the information collection associated with those obligations would be modified by this proposed rule, the Commission is proposing to revise Information Start Printed Page 8380Collection 3038-0086 accordingly. To the extent the proposed modifications to part 49 introduce new information collections that were not previously incorporated into Information Collection 3038-0086, the Commission is proposing to revise Information Collection 3038-0086 to account for the new information collections. Finally, many of the information collections discussed in Information Collection 3038-0086 are not implicated or modified by the Commission's proposed revisions to part 49 in this release. The Commission, therefore, is not proposing to revise the estimated burdens associated with such information collections. New or revised information collections contained in these proposed revisions to part 49 will affect SDRs as well as entities that request access to SDR swap data pursuant to these provisions.
As discussed above, the proposed modifications to part 49 set out in this release are intended to provide a process by which other authorities may obtain access to SDR swap data. The information collections associated with this process are intended to ensure that SDR swap data is only accessed by appropriate entities and that the confidentiality of any accessed SDR swap data is adequately protected. The ultimate result of this process is intended to provide other authorities with information to assist with the oversight of the global swaps market and market participants.
ADR/AFRs. As discussed throughout this release, certain conditions must be satisfied before a requesting entity is permitted to access SDR swap data. These conditions may implicate various PRA collections and burdens as discussed below.
Pursuant to § 49.18(a), every requesting entity seeking access to SDR swap data must execute a confidentiality arrangement with the Commission prior to receiving access. This requirement applies to both those entities that are specifically enumerated as appropriate in § 49.17(b)(1) and those entities that require a determination from the Commission that they are appropriate entities to receive access to SDR swap data, regardless of whether the requesting entity is a domestic or foreign entity.
In addition to executing a confidentiality arrangement, requesting entities that are not Enumerated ADRs will be required to seek a Determination Order from the Commission to have access to SDR swap data. Such Determination Orders will describe SDR swap data that is appropriate for the entity to access, based on the requesting entity's scope of jurisdiction. For Enumerated ADRs, the Commission is proposing to require that the confidentiality arrangement describe the requesting entity's scope of jurisdiction. The Commission believes the use of the form of confidentiality arrangement set out in Appendix B to part 49 will provide an efficient means to satisfy the requirements of § 49.18(a).
The Commission, for PRA purposes, believes that it is reasonable to assume that 300 total entities will seek access to SDR swap data. This estimate is based on the Commission's experience in receiving data requests from other regulators and its experience in coordinating and cooperating with other regulators.[64] For PRA purposes, the Commission assumes there are four SDRs, which is the number of SDRs that are provisionally registered with the Commission. As the confidentiality arrangement will be between the ADR or AFR and the Commission and delivered to the SDR, AFRs and ADRs need not execute a separate confidentiality arrangement for each SDR. Accordingly, the Commission estimates, for PRA purposes, that the total number of confidentiality arrangements that will be executed under the proposed rules is 300. Given that the Commission will have published a form of confidentiality arrangement as an appendix to part 49, the Commission estimates that the review and execution of each confidentiality arrangement by an ADR or AFR will take approximately 40 hours, for a total burden of 12,000 hours. The burden estimates associated with entering into such confidentiality arrangements are addressed in the proposed revised OMB Control Number 3038-0086.
An entity that seeks access to SDR swap data must be considered appropriate by the Commission prior to that entity receiving access to SDR swap data. For Enumerated ADRs, there is no burden associated with seeking to be deemed appropriate by the Commission as they are already enumerated as such. Those entities that are not Enumerated ADRs will be required to receive a Determination Order prior to receiving access to SDR swap data. The process for obtaining such a Determination Order is set out in general terms in proposed § 49.17(h) and requires the requesting entity to prepare and submit an application to the Commission. The preparation and submittal of this application constitutes an information collection under the PRA.
As discussed above, the Commission believes that for PRA purposes it is reasonable to assume that 300 domestic and foreign entities will seek access to SDR swap data. Very few of these entities are specifically enumerated in § 49.17(b)(1). The Commission estimates, for PRA purposes, that each such requesting entity would expend 100 hours in connection with filing an application to receive an appropriateness determination, for a total initial burden of no more than 30,000 hours, calculated as the product of 300 domestic and foreign entities seeking access to SDR swap data and 100 hours per application). This estimate considers the relevant information that would be required to be provided in such an application, including information regarding the entity's scope of jurisdiction, mutual assistance provided to the Commission, and the existence of cooperation related to an MOU or similar information sharing arrangement with the Commission, as well as any other information relevant for the Commission's determination. This burden estimate is included in the Commission's proposed revisions to Information Collection 3038-0086.
Swap Data Repositories. As discussed throughout this release, SDRs are required to facilitate access to SDR swap data by requesting entities, provided certain conditions are met. This requirement may implicate PRA collections and burdens, some of which are already addressed in the existing OMB Control Number 3038-0086, and some of which constitute new collections, as discussed below. Currently, the burden on SDRs of making data available to ADRs and AFRs is accounted for in OMB Control Number 3038-0086, as this is an existing obligation under existing § 49.17(d). However, the proposed rules set out in this release clarify and modify the requirements imposed on SDRs in providing access to SDR swap data to ADRs and AFRs. Consequently the Commission is revising Information Collection 3038-0086 to account for these modifications.
The Commission expects to limit a requesting entity's access to SDR swap data based on the entity's scope of jurisdiction. In connection with this Start Printed Page 8381limitation, the Commission expects SDRs to incur burdens and costs associated with setting up access to SDR swap data that is consistent with an ADR or AFR's scope of jurisdiction. The Commission expects that each confidentiality arrangement will identify, either directly or through the attached Determination Order, the scope of access that is appropriate for a given requesting entity. The Commission expects SDRs to use these limitations to program their systems to reflect the scope of the ADR or AFR's access to SDR swap data. These limits set out in the confidentiality arrangement are expected to reduce the burdens on SDRs of assessing whether a request satisfies the relevant conditions, particularly with regard to whether SDR swap data relates to persons or activities within the requesting entity's scope of jurisdiction. The Commission estimates that the burden on an SDR associated with setting up access restrictions to match a requesting entity's scope of jurisdiction will include 20 hours of programmer analyst time, five hours of senior programming time, and one hour of attorney time, for a total of 26 hours. Consequently, for PRA purposes, the Commission estimates that each SDR would incur a total burden of 7,800 hours (i.e., the product of 300 entities and 26 hours of time) associated with setting up access for each ADR or AFR. The burdens associated with these permissioning requirements are addressed in proposed revised OMB Control Number 3038-0086.
SDRs will also be required to provide electronic notice to the Commission of the first request for data from a particular requesting entity and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. In addition to notifying the Commission of the foregoing, the Commission is proposing, in §§ 49.17(d)(4)(i) and (iii), to require SDRs to maintain records of all information related to the initial and all subsequent requests for data from the requesting entity. These records shall include, at a minimum, the identity of the requestor or person accessing the data; the date, time and substance of the request or access; and copies of all data reports or other aggregation of data provided in connection with the request or access. The SDR shall maintain this information for a period of no less than five years after the date of such request and shall provide this information to the Commission upon request.
Currently, OMB Control Number 3038-0086 estimates burdens associated with various registration, reporting, recordkeeping, and disclosure requirements to which SDRs are subject. The proposed recordkeeping requirements relating to requesting entities' data requests constitute an information collection for PRA purposes and require the Commission to revise the recordkeeping burden estimates contained in OMB Control Number 3038-0086. The reporting and recordkeeping requirements proposed in this release may potentially impact each SDR.
SDRs already have the ability to communicate electronically with the Commission and are subject to significant recordkeeping requirements pursuant to § 49.12. Therefore, the proposed requirements should not result in SDRs having to incur initial costs to implement systems to properly notify the Commission when a requesting entity submits a data request for the first time that are in excess of what is already accounted for in OMB Control Number 3038-0086. The Commission estimates that initially each SDR may incur a burden of 360 hours associated with these proposed recordkeeping requirements, for a total of 1,440 hours (i.e., the product of four SDRs and 360 hours). Additionally, the Commission estimates that each SDR would incur an annual burden of 280 hours associated with the recordkeeping requirements, for a total of 1,120 hours annually (i.e., the product of four SDRs and 280 hours). The burdens associated with these notification requirements are addressed in proposed revised Information Collection 3038-0086.
Finally, current Information Collection 3038-0086 accounts for the costs to SDRs of executing a “Confidentiality and Indemnification Agreement” with each requesting ADR and AFR. Under the Commission's proposal, the SDR is no longer required to execute such an agreement with the ADRs or AFRs. The proposed confidentiality arrangement shall be between the requesting ADR or AFR and the Commission. Accordingly, the total burden to SDRs, as currently reflected in Information Collection 3038-0086, is reduced by the cost to execute such agreements. The reduction in burden associated with this change in the confidentiality agreement is addressed in proposed revised Information Collection 3038-0086.
3. Request for Comments on Collection
The Commission invites the public and other Federal agencies to comment on any aspect of the reporting burdens discussed above. Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments in order to: (1) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) evaluate the accuracy of the Commission's estimate of the burden of the proposed collection of information; (3) determine whether there are ways to enhance the quality, utility, and clarity of the information to be collected; and (4) minimize the burden of the collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology.
Comments may be submitted directly to the Office of Information and Regulatory Affairs, by fax at (202) 395-6566 or by email at OIRAsubmissions@omb.eop.gov. Please provide the Commission with a copy of submitted comments so that all comments can be summarized and addressed in the final rule preamble. Refer to the ADDRESSES section of this notice of proposed rulemaking for comment submission instructions to the Commission. A copy of the supporting statements for the collections of information discussed above may be obtained by visiting www.RegInfo.gov. OMB is required to make a decision concerning the collection of information between 30 and 60 days after publication of this document in the Federal Register. Therefore, a comment is best assured of having its full effect if OMB receives it within 30 days of publication.
C. Cost-Benefit Considerations
1. Introduction
As discussed in Section I, entitled “Background and Introduction,” above, Congress passed the FAST Act to facilitate broader access to swap data by the regulatory community. Section 86001(b) of the FAST Act amends CEA section 21 by, among other things, eliminating the requirement that, as a condition of receiving information from SDRs, each ADR or AFR agree to indemnify the SDR and the Commission for any expenses arising from litigation relating to the information provided under CEA Section 8. The Commission is issuing this proposed rulemaking to enable ADRs and AFRs to access swap data, subject to certain safeguards designed to protect swap data from misappropriation or misuse, and to advise the public of the practical implications of the changes to the CEA made by the FAST Act. The Commission preliminarily believes that the proposed safeguards are warranted based on the incorporation by reference Start Printed Page 8382in CEA sections 21(c)(7) and 21(d) of the strong protections of CEA section 8.
CEA section 15(a) requires the Commission to consider the costs and benefits of its actions before promulgating a regulation under the CEA or issuing certain orders. CEA section 15(a) further specifies that the costs and benefits shall be evaluated in light of the following five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness, and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The Commission considers the costs and benefits resulting from its discretionary determinations with respect to the CEA section 15(a) factors.
As an initial matter, the Commission recognizes that there are benefits, discussed more fully below, for domestic and foreign regulators to have access to SDR swap data. Yet, there are inherent compromises between data access and data security. More directly, greater access leads to data being less secure from misappropriation or misuse. The Commission recognizes that there are costs associated with this proposed rulemaking. The Commission, however, lacks the requisite data and information to precisely estimate costs, in part, because the proposed rulemaking grants SDRs, ADRs, and AFRs discretion to implement the proposed regulations through alternative measures. Furthermore, the Commission does not know which approach SDRs, ADRs, and AFRs will take. As a consequence, where it is not feasible to quantify (e.g., because of the lack of accurate data or appropriate metrics), the Commission has considered the costs and benefits of this proposed rulemaking in qualitative terms. The Commission, nevertheless, requests that commenters provide any data or other information that would be useful in the estimation of the quantifiable costs and benefits of this proposed rulemaking.
2. Baseline and Proposed Rule Summary
a. Definition of Foreign Regulator—Proposed Amendment to § 49.2(a)(5)
The status quo baseline definition for the term “foreign regulator” as defined in current § 49.2(a)(5) is a “foreign futures authority as defined in CEA Section 1a(26), foreign financial supervisors, foreign central banks and foreign ministries.” [65] The Commission is proposing to amend the term “foreign regulator” to add entities. Specifically, the Commission is adding the phrase “other foreign authorities” to the definition. This approach is consistent with the FAST Act's amendment to CEA section 21(c)(7)(E).
b. Definition of Appropriate Foreign Regulator—Proposed Amendment to § 49.17(b)(2)
The status quo baseline definition for the term “Appropriate Foreign Regulator” (defined in current § 49.17(b)(2)) is “those Foreign Regulators with an existing memorandum of understanding or other similar type of information sharing arrangement executed with the Commission and/or Foreign Regulators without an MOU as determined on a case-by-case basis by the Commission.” [66]
The Commission is proposing to amend current § 49.17(b)(2) to require all “foreign regulators” to file an application with the Commission to become “Appropriate Foreign Regulators.” The existence of a current MOU or other information sharing arrangement with the Commission will not be dispositive to a determination of appropriateness. The proposed amendment would require the Commission to issue an order finding each foreign regulator “appropriate.” In this manner, the Commission will ensure that each “Appropriate Foreign Regulator” is acting within its scope of jurisdiction as mandated under CEA section 21(c)(7) through incorporation by reference of CEA section 8(e). The Commission believes that this proposal will provide greater control over the process by which foreign regulators obtain access to SDR swap data; specifically, it will help to ensure that only those foreign regulators who have a regulatory interest in SDR swap data can access such swap data. The limitation on swap data access proposed in this recommendation is expected to help reduce the risk of unauthorized disclosure, misappropriation or the misuse of swap data.
c. Duties of Registered SDRs—Proposed Amendments to § 49.9(a)(9)
The Commission has proposed conforming language changes to current § 49.9(a)(9).[67] There are no substantive changes with respect to costs and benefits.
d. Purpose of Access to SDR Data—Proposed Amendment to § 49.17(a)
The Commission has proposed conforming language changes to current § 49.17(a).[68] There are no substantive changes with respect to costs and benefits.
e. Appropriate Domestic Regulator—Proposed Amendment to § 49.17(b)(vii)
The Commission has proposed conforming language changes to current § 49.17(b)(vii) to cross-reference the process under § 49.17(h).[69] There are no substantive changes with respect to costs and benefits in proposed § 49.17(b)(vii). If there are any costs or benefits associated with the changes in § 49.17(b)(vii), they will be discussed in regards to the process defined under proposed § 49.17(h), which is the appropriateness-determination process.
f. Domestic Regulator With Regulatory Responsibility—Proposed Amendment to § 49.17(d)(2)
By way of this proposed rulemaking, the Commission has explained that if a domestic regulator receives swap data pursuant to its regulatory regime, that access is not subject to CEA sections 21(c)(7) or 21(d), or Commission regulations § 49.17(d) or § 49.18.
g. Foreign Regulator With Regulatory Responsibility—Proposed Amendment to § 49.17(d)(3)
Foreign Regulators require data in order to fulfill their regulatory responsibilities. In proposed § 49.17(d)(3) the Commission has explained that, if a foreign regulator receives swap data pursuant to its regulatory regime, that access is not subject to CEA sections 21(c)(7) or 21(d), or §§ 49.17(d) or 49.18.
h. SDR Notification Requirement—Proposed Amendment to § 49.17(d)(4)(i) to (iv)
Current § 49.17(d)(4)(i) requires an SDR to promptly notify the Commission regarding any request for swap data received by Appropriate Domestic or Foreign Regulators.[70] SDRs under this current regulation are required to notify the Commission for each and every request of an Appropriate Domestic or Foreign Regulator (including ongoing swap data requests).
The Commission proposes to amend current § 49.17(d)(4)(i)-(ii) to provide that SDRs notify the Commission at the time that such SDR receives the initial request for swap data from a particular Start Printed Page 8383ADR or AFR and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. Consistent with current recordkeeping requirements set forth in § 49.12, SDRs are required to maintain books and records of all information related to the initial and any subsequent requests for swap data from an Appropriate Domestic or Foreign Regulator. The Commission also proposed electronic notification similar to the current rule requirement. In addition, the Commission placed a few obligations on SDRs under proposed § 49.17(d)(4)(iii) and (iv) regarding data access to ADRs and AFRs, and determining an ADR's or AFR's jurisdiction.
In addition, proposed § 49.17(d)(4)(iii) requires SDRs to limit, suspend, or revoke an ADR's or AFR's swap data access if the ADR's or AFR's scope of jurisdiction changes and the Commission directs the ADR or AFR to limit, suspend, or revoke an ADR's or AFR's swap data access.
i. Timing; Limitation, Suspension or Revocation of Access—Proposed Amendments to § 49.17(d)(5)
The changes to the rule text in current § 49.17(d)(5) make clear that SDRs must notify the Commission of an ADR or AFR access request and the receipt of a confidentiality arrangement, among other things. In addition, proposed § 49.17(d)(5) requires SDRs to limit, suspend, or revoke an ADR's or AFR's swap data access if the Commission limits, suspends or revokes the ADR's or AFR's appropriateness determination or otherwise directs the ADR or AFR to limit, suspend, or revoke an ADR's or AFR's swap data access.
j. Confidentiality Agreement—Proposed Amendments to §§ 49.17(d)(6) and 49.18(a)-(f)
Current §§ 49.17(d)(6) and 49.18, adopted as part of the original part 49 rules, provide that SDRs execute a “Confidentiality and Indemnification Agreement” with a CEA section 21(c)(7) entity, prior to sharing swap transaction data and information.[71] This Agreement is required to state that the other regulator will abide by the confidentiality provisions of CEA section 8 and agree to indemnify both the SDR and the Commission against any litigation expenses relating to information provided under CEA section 8. However, through the passage of the FAST Act, Congress has eliminated the requirement that certain domestic and foreign regulators execute the “Confidentiality and Indemnification Agreement” prior to obtaining SDR swap data. More specifically, Congress amended CEA section 21(d) to require only the execution of a written agreement by domestic and foreign regulators prior to receipt of swap data from SDRs so that these regulators will abide by the confidentiality requirements described in CEA section 8.
The Commission proposes to amend current §§ 49.17(d)(6) and 49.18 to (i) reflect the FAST Act amendments to CEA sections 21(c)(7) and (d), and (ii) require SDRs to receive a confidentiality arrangement from a 21(c)(7) entity, before sharing swap data, to satisfy the requirements of CEA section 21(d). Unlike the current regulations, this confidentiality arrangement will not be executed by the SDR with the 21(c)(7) entity, but instead would be executed by the Commission and the 21(c)(7) entity. The Commission proposes to provide a form of confidentiality arrangement attached as Appendix B to part 49. Use of the form would not be mandatory but would provide an efficient and expeditious means of fulfilling the confidentiality requirement of 21(d) and §§ 49.17(d) and 49.18.
k. Third-Party Service Providers—Proposed Amendments to § 49.17(e)
The Commission modified the text in current § 49.17(e) for clarity. There are no substantive cost or benefit implications.
l. Access by Market Participants Barred—Proposed Amendment to § 49.17(f)
The Commission modified the text in current § 49.17(f) for clarity. There are no substantive cost or benefit implications.
m. Filing Requirements for Applicants To Be Determined Appropriate—Proposed Amendments to § 49.17(h)
In this proposed rulemaking, the Commission has added proposed § 49.17(h) to describe the application process for persons seeking an appropriateness determination. In sub-paragraph (2), the Commission explains that the applicant must provide sufficient detail to explain its jurisdiction and its confidentiality safeguards. Proposed § 49.17(h)(3) also outlines the standards by which the Commission will issue an appropriateness determination. Finally, the Commission explains in proposed § 49.17(h)(4) that it reserves the right to “revisit, reassess, limit, suspend or revoke” an appropriateness determination.
n. Delegation of Authority—Addition of Proposed §§ 49.17(i) and 49.18(e)
Current §§ 49.17 and 49.18 do not have delegation of authority provisions. The Commission proposes to amend §§ 49.17 and 49.18 to add a delegation of authority to the Director of the Division of Market Oversight (“DMO”) and the Director's designee(s) of functions reserved to the Commission in §§ 49.17 and 49.18. The delegation of Commission authority would make the process more effective and efficient.
o. SDR Chief Compliance Officer Duties—Proposed Amendment to § 49.22(d)(4)
The change to current § 49.22(d)(4) is the removal of the word “indemnification” from the rule text. This is a conforming change to make the rule consistent with the FAST Act amendments.
3. Benefits
At a high level regarding benefits, the rulemaking is expected to assist regulators in performing their supervisory and regulatory functions by providing them access to swap data, which would help regulators better understand the risks their regulated entities are assuming and the impact of such risks on the broader markets. These supervisory and regulatory functions may include: Monitoring and mitigation of systemic risk; ensuring financial stability; registration and oversight of financial market infrastructures; registration and oversight of trading venues; registration and oversight of market participants; central bank activities; prudential supervision; restructuring or resolution of infrastructures and firms; and regulation of cash markets, in some of which swap counterparties are active.
A more granular benefit to regulators flows from the Commission's proposal to resolve a conflict or potential conflict between the Commission's Interpretative Statement and current § 49.18(c). In the Interpretative Statement, the Commission took the view that other regulators who access swap data based on their own authority over SDRs are not subject to the swap data access-related provisions of the CEA. On the other hand, current § 49.18(c) provides that such regulators are required to comply with CEA section 8 and any other relevant statutory confidentiality provisions. The Commission proposes to delete the statement in current § 49.18(c) providing that other regulators are required to comply with CEA section 8 and any other relevant statutory Start Printed Page 8384confidentiality provisions even when they access swap data based on their own authority over SDRs.[72] Other regulators will benefit both from the clarity this action provides and by the greater ease of access to swap data within their jurisdiction.
4. Costs
The Commission recognizes that there are different types of costs associated with this proposed rulemaking. One cost is the potential harm to market participants and the public if swap data is misused—for example, inappropriately disclosed by ADRs and AFRs. Or, another harmful scenario might involve misappropriated data where hackers pilfer swap data from ADRs and AFRs to learn the positions of market participants so that the hackers, or other interested parties who may even pay for such information, scam the market. Such bad actors might be able to anticipate such market participants' trades and trade in front of them, raising swap trading costs to market participants, thereby reducing their profits.[73] If the aforementioned scenario occurred frequently enough this might induce swap dealers to widen their spreads, making hedging more expensive. In turn, this might lead to sub-optimal business and investment strategies, as parties would be less willing to participate in swap markets, because it would be more costly. Further, the scenario posed could cause market participants to be concerned that their business strategies might be tipped to their competitors, because with stolen data, somebody might be able to infer their strategies from knowing their swap positions and how these positions change in response to relevant economic events.[74] Such concerns could lead some market participants to withdraw to some extent from swap markets, reducing liquidity and potentially inducing them to use less effective hedging instruments or trading strategies in other markets.
At a high level regarding costs to ADRs and AFRs, the less access to swap data granted to ADRs and AFRs, the less such swap data would help in performing ADRs' and AFRs' supervisory and other regulatory functions. Similarly, the more impediments to swap data access, the longer it would take ADRs and AFRs to use, or the less use ADRs and AFRs could make of, such swap data.
At a more granular level, the Commission is proposing several new obligations applicable to foreign regulators and certain domestic regulators that will trigger costs for such regulators. The obligation for foreign regulators and unenumerated domestic regulators to apply for a Determination Order conferring AFR or ADR status so that such foreign regulators and unenumerated domestic regulators can receive access to SDR swap data will, at a minimum, require such applicants to dedicate personnel to drafting the application. Some applicants for ADR and AFR status may choose to retain outside counsel or another third party to draft the application, thereby incurring related costs. There also may be an additional cost associated with the complexity of the application because applicants for ADR and AFR status will have to explain their jurisdiction and link it to the sought swap data so that the Commission can provide swap data access parameters to SDRs in the Determination Orders.[75] While applicants will need to expend resources developing their “appropriateness” applications, the Commission expects that the requirements and guidance it has provided in the proposed rulemaking should reduce such expenditures to a certain extent. Nonetheless, such expenditures will depend on the particulars of a given applicant. Because the Commission lacks sufficient knowledge of the specific characteristics of the applicants, among other things, the Commission is unable to quantify these expenditures at this time.
The proposed requirement in § 49.18(a) that SDRs receive an executed confidentiality arrangement from an ADR or AFR before the SDR can provide the ADR or AFR swap data is based on a corresponding requirement set forth in CEA section 21(d) and will generate costs to ADRs and AFRs. CEA section 21(d) does not specify any details of the required written agreement other than that it must state that the ADR or AFR shall abide by CEA section 8's confidentiality requirements. The Commission, however, is proposing, in Appendix B to this part 49, to specify required elements as well as a form of confidentiality arrangement providing for ADRs and AFRs to implement a number of safeguards that would impose burdens on ADRs and AFRs. The confidentiality arrangement would include safeguards that:
- To the maximum extent practicable, maintain Confidential Information separately from other data and information;
- Protect Confidential Information from misappropriation and misuse;
- Ensure that only ADR or AFR personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto and that such access is permitted only to the minimum extent necessary to perform such job functions;
- Prevent disclosure of aggregated Confidential Information unless anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties;
- Prohibit the use of Confidential Information by ADR or AFR personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose;
- Monitor compliance with the confidentiality safeguards and ensure prompt notification of the CFTC and each relevant SDR of any violation of the safeguards or failure to fulfill the terms of the confidentiality arrangement;
- Prohibit the onward sharing or disclosing of Confidential Information unless exempted in paragraphs 6(d) or 8 of the confidentiality arrangement;
- Notify the CFTC in writing prior to complying with any legally enforceable demand for Confidential Information and assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information; and
- Promptly destroy all Confidential Information for which an ADR or AFR no longer has a need or for which the information no longer falls within the scope of its jurisdiction, and certify to the CFTC, upon request, that the ADR or AFR has destroyed such Confidential Information.
The Commission preliminarily believes that the monetary costs of these burdens would be minor, and the other costs of complying with these burdens, such as the costs to develop policies, Start Printed Page 8385procedures and safeguards, are within the scope of ADRs' and AFRs' expertise.[76] Given that ADRs and AFRs can elect not to seek access to swap data from SDRs and that ADRs and AFRs who do seek such access have some control over the manner in which they seek to access such swap data, ADRs and AFRs themselves can influence to some degree the costs they impose on themselves by seeking access to swap data from SDRs.
The proposed rulemaking would prohibit ADRs and AFRs from onward sharing Confidential Information with other parties. This could impose some costs in that ADRs and AFRs would not be able to freely share swap data among themselves. This could reduce the utility of the swap data to ADRs and AFRs, possibly reducing the effectiveness thereof. In addition, the fact that the Commission is proposing not to specify a particular means of ADRs and AFRs accessing swap data could result in SDRs providing a means of access other than a means preferred by ADRs and AFRs. This might impose additional costs to ADRs and AFRs relative to the potentially lesser costs of their preferred means of access. Because of these uncertainties, the Commission is unable to quantify these costs but is able to identify such costs generally.
For SDRs, providing swap data access to so many potential ADRs and AFRs may be expensive. For example, SDRs may be forced to purchase new servers, hire new system administrators to oversee the new swap data/system usage and troubleshoot related problems that may arise. New recordkeeping requirements would require more system resources. The proposed requirement to limit the swap data provided to ADRs and AFRs to only swap data that is within the scope of ADRs' and AFRs' jurisdiction may cause SDRs to elect to create new methods for parsing swap data to comply with the proposed requirement to so limit swap data. The proposed reporting obligations also will increase SDRs' costs, although to the extent that such reporting obligations are not triggered, such cost increases would be tempered accordingly. Nevertheless, SDRs presumably would need to incur some costs to develop policies and procedures, and build out systems, to monitor potential events that would trigger the proposed new reporting requirements.
Other SDR costs will include those related to SDRs verifying that each access request by an ADR or AFR is within the scope of the ADR's or AFR's jurisdiction. This will require SDRs to expend resources to ensure that they do not improperly disclose to an ADR or AFR swap data that such ADR or AFR is not entitled to see, in violation of CEA section 21(c)(7)'s requirement that SDRs disclose swap data to ADRs and AFRs “on a confidential basis pursuant to [CEA] section 8 . . . .” [77] By stating that SDRs shall not provide ADRs or AFRs with swap data access unless such swap data is within the scope of a requesting ADR's or AFR's jurisdiction as described and appended to the confidentiality arrangement required by proposed § 49.18(a), proposed § 49.17(d)(4)(iii) would narrow the scope of the sources SDRs must consult to determine the ADR's or AFR's scope of jurisdiction. The Commission anticipates that narrowing the scope of the sources that SDRs must review to determine an ADR's or AFR's scope of jurisdiction would limit the resources SDRs must expend to verify the scope of an ADR's or AFR's jurisdiction. The Commission also anticipates that lists of ADRs' and AFRs' regulated entities' legal entity identifiers (“LEIs”) and uniform product identifiers (“UPIs”) of swaps within the scope of ADRs' and AFRs' jurisdiction would limit the resources SDRs must expend to verify whether swap data access requests are within the scope of an ADR's or AFR's jurisdiction—if ADRs and AFRs choose to develop such lists—which the Commission anticipates they would.
The Commission understands that there are some blank data entries in LEI fields, however, despite the Commission having designated an LEI system in 2012, and masked LEIs in a number of cases to reflect certain other jurisdictions' privacy law limits on disclosure.[78] In addition, UPIs are still evolving for many swap contracts. Specifically, UPIs are in widespread use for standardized swaps but less so for other swaps. In cases where there is no UPI for a class of swaps, § 45.7(c)(2) requires SDRs to create a UPI for such class and requires SDRs, all other registered entities and swap counterparties to use such SDR UPI-equivalent contract identifiers to classify swaps. In such cases, ADRs and AFRs could use SDRs' UPI-equivalents to identify swaps within the scope of ADRs' and AFRs' jurisdiction.
In general, the blank or masked LEI data fields and UPI limits discussed above would raise the costs for SDRs and potentially for ADRs and AFRs. Inadequate data fields and UPIs hinder SDRs' abilities to identify transactions and determine whether such transactions, in particular swap data, are within an ADR's or AFR's jurisdictional scope and interest. Even though the Commission believes these obstacles would increase costs, the Commission also believes that such costs are difficult to quantify at this time. The Commission specifically requests comment on this concern. Commenters are encouraged to quantify such costs, if practical. The Commission understands that lists of LEIs of ADRs' and AFRs' regulated entities and lists of UPIs or UPI-equivalents of swaps within ADRs' and AFRs' jurisdiction may have to be updated from time to time as regulated entities move in and out of ADRs' and AFRs' jurisdiction, ADRs' and AFRs' jurisdiction expands or contracts, swaps evolve, and new swaps are developed. In these cases, for example, an ADR or AFR likely would have to modify periodically the list of LEIs and UPIs it gives to SDRs.
The proposal would further mitigate the costs to SDRs by permitting them to verify the scope of an ADR's or AFR's jurisdiction just once for a recurring request the details of which do not change. SDRs might incur additional costs, however, if the scope of jurisdiction changes for an ADR or AFR. Such additional costs include some fraction of the above costs as well as the cost to notify the Commission of the change in jurisdiction for the ADR or AFR.
The Commission is proposing Appendix B to Part 49 to provide a form of confidentiality arrangement for execution by the Commission and by ADRs and AFRs seeking swap data access maintained by SDRs so that ADRs and AFRs can satisfy the confidentiality agreement requirement set forth in CEA § 21(d). The Commission believes that this form would eliminate SDRs' costs and reduce ADRs' and AFRs' costs to negotiate the terms of such an arrangement relative to an alternative of negotiating and signing confidentiality arrangements with four separate SDRs. Otherwise, confidentiality arrangement costs could be substantial in terms of management Start Printed Page 8386attention and expenditures.[79] The Commission expects that reviewing and signing a confidentiality arrangement would not require substantial expenditures, but request public comments on such costs.[80] Commenters are encouraged to quantify where practical.
The Commission is proposing to permit SDRs to determine the means by which they will provide access to swap data to ADRs and AFRs. The Commission notes that SDRs already provide the Commission and the National Futures Association with data. Providing incremental access to ADRs and AFRs may permit SDRs to take advantage of economies of scale, thus mitigating SDRs' costs. The proposal would also mitigate SDRs' costs by permitting them to choose the means by which they will provide access to swap data to ADRs and AFRs. The Commission expects that SDRs would choose the lowest cost means of access consistent with their statutory obligation to provide ADRs and AFRs access to swap data and other constraints. The Commission cannot forecast what these costs would be at this time, however, because it depends on particulars of each SDR that the Commission does not know. Consequently, the Commission welcomes public comments on this requirement and how SDRs might satisfy this requirement. Commenters are encouraged to quantify where practical.
CEA section 21(c)(7) requires SDRs to notify the Commission of requests for data from a particular ADR or AFR. Proposed § 49.17(d)(4)(i) would reduce that burden by permitting SDRs to notify the Commission only of the first such request by each ADR or AFR and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction. In addition to the foregoing, the Commission is proposing to amend current § 49.17(d)(4)(i) to require SDRs to maintain records of all information related to the initial and all subsequent requests for data from the requesting entity. The SDR would have to maintain this information for the same period required for other SDR records. Although these costs may be relatively small, the Commission anticipates using such data to, for example, monitor ADRs' and AFRs' access requests from time to time to ensure that they remain within the scope of their jurisdiction and, relatedly, to ensure that SDRs have been monitoring this access issue.
As one alternative to proposing comprehensive swap data safeguards, the Commission instead could have chosen to merely delete the indemnification references in its regulations. While that approach could have avoided imposing many of the costs to ADRs, AFRs, and SDRs related to protection of confidentiality discussed herein, it would have dramatically increased the risk of imposing on market participants and the public the costs discussed above in the first paragraph of this section IV.C.4. and below in section IV.C.5.a.-c., which the Commission preliminarily believes is inconsistent with the historical importance Congress and the Commission have placed on protecting information covered by CEA section 8. Consequently, the Commission has determined to take the proposed approach.
5. Consideration of CEA Section 15(a) Factors
a. Protection of Market Participants and the Public
The Commission is proposing a number of safeguards to prevent market participants' swap data maintained at SDRs from being misappropriated or misused, as discussed above. Those proposed safeguards include: Modifying the requirements for being an AFR; requiring both ADRs and AFRs to demonstrate the scope of their swap-data jurisdiction as a limit on the swap data to which an ADR or AFR may have access; having the Commission issue Determination Orders; imposing on ADRs and AFRs seeking access to swap data maintained by SDRs a number of required confidentiality safeguards; barring onward sharing of swap data; certain recordkeeping and reporting requirements; and ensuring the Commission's ability to revoke an ADR's or AFR's swap data access. Some market participants, and the public, could be harmed if market participants' proprietary swap data were misappropriated or misused. As detailed above in the “Cost” discussion, there is the potential harm that misappropriated swap data could be used to front run market participants whose swap data were misappropriated, raising their costs of completing swap transactions. More specifically, spreads could widen, which could deter some market participants from engaging in swap transactions trading and prevent prices from adjusting as quickly. Another possible misuse of market participants' swap data is if those who obtained misappropriated swap data were to reverse engineer the trading strategies of the market participants whose data were misappropriated and use such strategies, potentially undermining their efficacy.
b. Efficiency, Competitiveness, and Financial Integrity of Futures Markets
The Commission believes that there will be little effect on efficiency, competiveness, and financial integrity of futures markets if swap data is properly protected from being misappropriated or misused. If swap data is not properly protected, however, competition might be affected, in that market participants might be less willing to engage in swap transactions if parties are trading in front of them, raising their costs, or misappropriating their trading strategies, lowering such strategies' effectiveness. This could induce some swap dealers to charge higher fees (explicitly or implicitly) for their services and otherwise reduce profits. Such concerns may also encourage market participants to increase their use of futures contracts relative to swaps, because futures position data may be better protected.
c. Price Discovery
The Commission believes that price discovery would not be affected by this proposed rulemaking. There may be some indirect effects on price discovery if the safeguards in this proposed rulemaking prove ineffective, however. Price discovery could be negatively impacted if position data is misappropriated or misused to the disadvantage of some participants. For instance, as previously explained, some market participants might withdraw from swaps markets if they fear that their position data will be misappropriated or misused. This could lead to less frequent trading as well as reduced liquidity in swap markets. Furthermore, spreads could widen due to front-running concerns, which could make prices more volatile and harm price discovery.Start Printed Page 8387
d. Sound Risk Management Practices
This proposed rulemaking will help regulators better understand the risks posed by their regulated entities. Without swaps data, it is impossible to comprehensively supervise entities that engage in swap trading. In this way, the proposed rulemaking helps to mitigate systemic risk. Allowing more ADRs and AFRs to access SDR swap data establishes the potential to improve SDR data by potentially facilitating research and analysis that ultimately leads to better risk management by market participants. This can occur through academic research that influences market participants to improve their risk management based on the research, or by ADRs and AFRs asserting their authority over their regulated entities to compel them to improve their swap data reporting and risk management.
e. Other Public Interest Considerations
The Commission does not believe that there are any other public interest considerations with respect to this proposed rulemaking.
6. Request for Comment
The Commission requests comment on all aspects of its cost and benefit considerations. Commenters are encouraged to quantify their comments, if practical.
D. Antitrust Considerations
CEA section 15(b) requires the Commission to take into consideration the public interest to be protected by the antitrust laws and endeavor to take the least anticompetitive means of achieving the objectives of the CEA, in issuing any order or adopting any Commission rule or regulation.
The Commission does not anticipate that the proposed amendments to part 49 will result in anticompetitive behavior. However, because the proposed amendments affect existing SDR procedures relating to data reporting validation and data accuracy, the Commission encourages comments from the public on any aspect of the proposal that may have the potential to be inconsistent with the antitrust laws or be anticompetitive in nature.
Start List of SubjectsList of Subjects in 17 CFR Part 49
- Access to swap data; Commodity Exchange Act section 8; Confidentiality; Registration and regulatory requirements; Swap data repositories
For the reasons stated in the preamble, the Commodity Futures Trading Commission proposes to amend 17 CFR part 49 as set forth below:
Start PartPART 49—SWAP DATA REPOSITORIES
End Part Start Amendment Part1. The authority citation for part 49 is revised to read as follows:
End Amendment Part Start Amendment Part2. In § 49.2, revise paragraph (a)(5) to read as follows:
End Amendment PartDefinitions.(a) * * *
(5) Foreign Regulator. The term “foreign regulator” means a foreign futures authority as defined in Section 1a(26) of the Act, foreign financial supervisors, foreign central banks, foreign ministries and other foreign authorities.
* * * * *3. In § 49.9, revise paragraph (a)(9) to read as follows:
End Amendment PartDuties of registered swap data repositories.(a) * * *
(9) Upon request of Appropriate Domestic Regulators and Appropriate Foreign Regulators, provide access to swap data held and maintained by the swap data repository, as prescribed in § 49.17;
* * * * *4. Amend § 49.17 as follows:
End Amendment Part Start Amendment Parta. Revise paragraphs (a), (b)(1)(vii), (b)(2), (c)(2) and (c)(3), (d)(2) through (d)(6), and (e) and (f); and
End Amendment Part Start Amendment Partb. Add paragraphs (h) and (i).
End Amendment PartThe revisions and additions to read as follows:
Access to SDR data.(a) Purpose. This section provides a procedure by which the Commission, other domestic regulators and foreign regulators may obtain access to the swap data held and maintained by registered swap data repositories. Except as specifically set forth in this section, the Commission's duties and obligations regarding the confidentiality of business transactions or market positions of any person and trade secrets or names of customers identified in Section 8 of the Act are not affected.
(b) * * *
(1) * * *
(vii) Any other person the Commission determines to be appropriate pursuant to the process set forth in § 49.17(h).
(2) Appropriate Foreign Regulator. The term “Appropriate Foreign Regulator” shall mean those Foreign Regulators the Commission determines to be appropriate pursuant to the process set forth in § 49.17(h).
* * * * *(c) * * *
(2) Monitoring tools. A registered swap data repository is required to provide the Commission with proper tools for the monitoring, screening and analyzing of swap data, including, but not limited to, Web-based services, services that provide automated transfer of data to Commission systems, various software and access to the staff of the swap data repository and/or third-party service providers or agents familiar with the operations of the registered swap data repository, which can provide assistance to the Commission regarding data structure and content. These monitoring tools shall be substantially similar in analytical capability as those provided to the compliance staff and the Chief Compliance Officer of the swap data repository.
(3) Authorized users. The swap data provided to the Commission by a registered swap data repository shall be accessible only by authorized users. The swap data repository shall maintain and provide a list of authorized users in the manner and frequency determined by the Commission.
(d) * * *
(2) Domestic regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with a domestic regulator pursuant to a separate statutory authority, and such domestic regulator seeks access to swap data that has been reported to such swap data repository pursuant to the domestic regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, or of §§ 49.17(d) or 49.18.
(3) Foreign Regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with, or recognized or otherwise authorized by, a Foreign Regulator that has supervisory authority over such swap data repository pursuant to foreign law and/or regulation, and such Foreign Regulator seeks access to swap data that has been reported to such swap data repository pursuant to the Foreign Regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, or of §§ 49.17(d) or 49.18.
(4) Obligations of the registered swap data repository in connection with appropriate domestic regulator or appropriate foreign regulator requests for data access. (i) A registered swap data repository shall notify the Start Printed Page 8388Commission promptly after receiving an initial request from an Appropriate Domestic Regulator or Appropriate Foreign Regulator to gain access to swap data maintained by such swap data repository and promptly after receiving any request that does not comport with the scope of the ADR's or AFR's jurisdiction, as described and appended to the confidentiality arrangement required by § 49.18(a). Each registered swap data repository shall maintain records thereafter, pursuant to § 49.12, of the details of such initial request and of all subsequent requests by such Appropriate Domestic Regulator or Appropriate Foreign Regulator for such access.
(ii) The registered swap data repository shall notify the Commission electronically, in a format specified by the Secretary of the Commission, of the receipt of a request specified in § 49.17(d)(4)(i).
(iii) The registered swap data repository shall not provide an Appropriate Domestic Regulator or Appropriate Foreign Regulator access to swap data maintained by the swap data repository unless the swap data repository has determined that the swap data to which the Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks access is within the then-current scope of such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by § 49.18(a). An Appropriate Domestic Regulator or Appropriate Foreign Regulator that has executed a confidentiality arrangement with the Commission pursuant to § 49.18(a) and provided such confidentiality arrangement to one or more swap data repositories shall notify the Commission and each such swap data repository of any change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction as described in such confidentiality arrangement. The Commission may direct a swap data repository to suspend, limit, or revoke access to swap data maintained by such swap data repository based on any such change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction, and, if so directed, such swap data repository shall so suspend, limit, or revoke such access.
(iv) The registered swap data repository need not make the determination required pursuant to § 49.17(d)(4)(iii) more than once with respect to a recurring swap data request. If such request changes, the swap data repository must make a new determination pursuant to § 49.17(d)(4)(iii).
(5) Timing; limitation, suspension or revocation of swap data access. Once a registered swap data repository has—
(i) Notified the Commission, pursuant to § 49.17(d)(4)(i) and (ii), of an initial request for swap data access by an Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, that was submitted pursuant to § 49.17(d)(1);
(ii) Received from such Appropriate Domestic Regulator or Appropriate Foreign Regulator a confidentiality arrangement executed by the Commission and such Appropriate Domestic Regulator or Appropriate Foreign Regulator as required by § 49.18(a); and
(iii) Satisfied its obligations under § 49.17(d)(4)(iii), such swap data repository shall provide access to the requested swap data; provided, however, that such swap data repository shall, as directed by the Commission, limit, suspend or revoke such access should the Commission limit, suspend or revoke the appropriateness determination for such Appropriate Domestic Regulator or Appropriate Foreign Regulator or otherwise direct the swap data repository to limit, suspend or revoke such access.
(6) Confidentiality arrangement. Consistent with § 49.18(a), the Appropriate Domestic Regulator or Appropriate Foreign Regulator shall, prior to receiving access to any requested swap data, execute a confidentiality arrangement with the Commission consistent with the requirements set forth in § 49.18(b).
(e) Third-party service providers to a registered swap data repository. Access to the swap data and information maintained by a registered swap data repository may be necessary for certain third parties that provide various technology and data-related services to a registered swap data repository. Third-party access to the swap data and information maintained by a swap data repository is permissible subject to the following conditions:
(1) Both the registered swap data repository and the third party service provider shall have strict confidentiality procedures that protect swap data and information from improper disclosure.
(2) Prior to a registered swap data repository granting access to swap data or information to a third-party service provider, the third-party service provider and the registered swap data repository shall execute a confidentiality agreement setting forth minimum confidentiality procedures and permissible uses of the swap data and information maintained by the swap data repository that are equivalent to the privacy procedures for swap data repositories outlined in § 49.16.
(f) Access by market participants—(1) General. Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in § 49.17(f)(2).
(2) Exception. Swap data and information related to a particular swap that is maintained by the registered swap data repository may be accessed by either counterparty to that particular swap. However, the swap data and information maintained by the registered swap data repository that may be accessed by either counterparty to a particular swap shall not include the identity or the legal entity identifier (as such term is used in part 45 of this chapter) of the other counterparty to the swap, or the other counterparty's clearing member for the swap, if the swap is executed anonymously on a swap execution facility or designated contract market, and cleared in accordance with Commission regulations in §§ 1.74, 23.610, and 37.12(b)(7) of this chapter.
* * * * *(h) Appropriateness determination process. (1) Each person seeking an appropriateness determination pursuant to this paragraph shall file an application with the Commission.
(2) Each applicant seeking an appropriateness determination shall provide sufficient detail in its application to permit the Commission to analyze whether the applicant is acting within the scope of its jurisdiction in seeking access to swap data maintained by a registered swap data repository, and whether the applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not, except as allowed for in the form of confidentiality arrangement set forth in Appendix B of this part, be disclosed.
(3) If the Commission determines that an applicant pursuant to this paragraph is, conditionally or unconditionally, appropriate for purposes of CEA section 21(c)(7), the Commission shall issue an order setting forth its appropriateness determination. The Commission shall not determine that an applicant pursuant to this paragraph is appropriate unless the Commission is satisfied that—
(i) The applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository Start Printed Page 8389will not be disclosed, except as allowed for in the form of confidentiality arrangement set forth in Appendix B of this part and
(ii) Such applicant is acting within the scope of its jurisdiction in seeking access to swap data from a registered swap data repository.
(4) The Commission reserves the right, in connection with any appropriateness determination with respect to an Appropriate Domestic Regulator or Appropriate Foreign Regulator, to revisit, reassess, limit, suspend or revoke such determination consistent with the Act.
(i) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section.
(2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (i)(1) of this section to the Commission for its consideration.
(3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (i)(1) of this section.
5. Revise § 49.18 to read as follows:
End Amendment PartConfidentiality arrangement.(a) Confidentiality arrangement required prior to disclosure of swap data by a registered swap data repository to an Appropriate Domestic Regulator or Appropriate Foreign Regulator. Prior to a registered swap data repository providing access to swap data to any Appropriate Domestic Regulator or Appropriate Foreign Regulator, each as defined in § 49.17(b), the swap data repository shall receive, pursuant to Section 21(d) of the Act, an executed confidentiality arrangement between the Commission and the Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, in the form set forth in Appendix B of this part or, at a minimum, containing the elements required in paragraph (b) of this section, from such Appropriate Domestic Regulator or Appropriate Foreign Regulator. Such confidentiality arrangement must include, either as Exhibit A to the form set forth in Appendix B of this part or similarly appended, a description of the Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction. Once a registered swap data repository is notified that a confidentiality arrangement received from an Appropriate Domestic Regulator or Appropriate Foreign Regulator no longer is in effect, the swap data repository shall not provide access to swap data to such Appropriate Domestic Regulator or Appropriate Foreign Regulator.
(b) Elements of confidentiality arrangement. The confidentiality arrangement required pursuant to paragraph (a) of this section shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in Appendix B of this part.
(c) Reporting failures to fulfill the terms of a confidentiality arrangement. A registered swap data repository shall immediately report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that it receives pursuant to paragraph (a) of this section.
(d) Failures to fulfill the terms of the confidentiality arrangement. The Commission may, if an Appropriate Domestic Regulator or Appropriate Foreign Regulator fails to fulfill the terms of a confidentiality arrangement described in paragraph (a) of this section, direct each registered swap data repository to limit, suspend or revoke such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's access to swap data held by such swap data repository.
(e) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section.
(2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (e)(1) of this section to the Commission for its consideration.
(3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (e)(1) of this section.
6. In § 49.22, revise paragraph (d)(4) to read as follows:
End Amendment PartChief compliance officer.* * * * *(d) * * *
(4) Taking reasonable steps to ensure compliance with the Act and Commission regulations in this chapter relating to agreements, contracts, or transactions, and with Commission regulations in this chapter under Section 21 of the Act, including confidentiality arrangements received by the chief compliance officer's registered swap depository pursuant to § 49.18(a);
* * * * *7. Add Appendix B to part 49, to read as follows:
End Amendment PartAppendix B to Part 49—Confidentiality Arrangement for Appropriate Domestic Regulators and Appropriate Foreign Regulators To Obtain Access To Swap Data Maintained by Registered Swap Data Repositories Pursuant to §§ 49.17(d)(6) and 49.18(a)
Start Printed Page 8390The U.S. Commodity Futures Trading Commission (“CFTC”) and the [name of foreign/domestic regulator (“ABC”)] (each an “Authority” and collectively the “Authorities”) have entered into this Confidentiality Arrangement (“Arrangement”) in connection with [whichever is applicable] [CFTC Regulation 49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to [ABC] (“Order”)] and any request for swap data by [ABC] to any swap data repository (“SDR”) registered with the CFTC.
Article One: General Provisions
1. ABC is permitted to request and receive swap data directly from a registered SDR (“Swap Data”) on the terms and subject to the conditions of this Arrangement.
2. This Arrangement is entered into to fulfill the requirements under Section 21(d) of the Commodity Exchange Act (“Act”) and CFTC Regulation 49.18. Upon receipt by a registered SDR, this Arrangement will satisfy the requirement for a written agreement pursuant to Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This Arrangement does not apply to information that is [reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with [ABC] pursuant to separate statutory authority, even if such information also is reported pursuant to the Act and CFTC regulations][reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with, or recognized or otherwise authorized by, [ABC], which has supervisory authority over the repository pursuant to foreign law and/or regulation, even if such information also is reported pursuant to the Act and CFTC regulations.] [1]
3. This Arrangement is not intended to limit or condition the discretion of an Authority in any way in the discharge of its regulatory responsibilities or to prejudice the individual responsibilities or autonomy of any Authority.
4. This Arrangement does not alter the terms and conditions of any existing arrangements.
Article Two: Confidentiality of Swap Data
5. ABC will be acting within the scope of its jurisdiction in requesting Swap Data and employs procedures to maintain the confidentiality of Swap Data and any information and analyses derived therefrom (collectively, the “Confidential Information”). ABC undertakes to notify the CFTC and each relevant SDR promptly of any change to ABC's scope of jurisdiction.
6. ABC undertakes to treat Confidential Information as confidential and will employ safeguards that:
a. To the maximum extent practicable, identify the Confidential Information and maintain it separately from other data and information;
b. Protect the Confidential Information from misappropriation and misuse;
c. Ensure that only authorized ABC personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto, and that such access is permitted only to the extent necessary to perform their job functions related to such particular Confidential Information;
d. Prevent the disclosure of aggregated Confidential Information; provided, however, that ABC is permitted to disclose any sufficiently aggregated Confidential Information that is anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties;
e. Prohibit use of the Confidential Information by ABC personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose; and
f. Include a process for monitoring compliance with the confidentiality safeguards described herein and for promptly notifying the CFTC, and each SDR from which ABC has received Swap Data, of any violation of such safeguards or failure to fulfill the terms of this Arrangement.
7. Except as provided in Paragraphs 6.d. and 8, ABC will not onward share or otherwise disclose any Confidential Information.
8. ABC undertakes that:
a. If a department, central bank, or agency of the Government of the United States, it will not disclose Confidential Information except in an action or proceeding under the laws of the United States to which it, the CFTC, or the United States is a party;
b. If a department or agency of a State or political subdivision thereof, it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the Act or the laws of [name of either the State or the State and political subdivision] to which it is a party; or
c. If a foreign futures authority or a department, central bank, ministry, or agency of a foreign government or subdivision thereof, or any other Foreign Regulator, as defined in Commission Regulation 49.2(a)(5), it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the laws of [name of country, political subdivision, or (if a supranational organization) supranational lawmaking body] to which it is a party.
9. Prior to complying with any legally enforceable demand for Confidential Information, ABC will notify the CFTC of such demand in writing, assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information.
10. ABC acknowledges that, if it does not fulfill the terms of this Arrangement, the CFTC may direct any registered SDR to suspend or revoke ABC's access to Swap Data.
11. ABC will comply with all applicable security-related requirements imposed by an SDR in connection with access to Swap Data maintained by the SDR, as such requirements may be revised from time to time.
12. ABC will promptly destroy all Confidential Information for which it no longer has a need or which no longer falls within the scope of its jurisdiction, and will certify to the CFTC, upon request, that ABC has destroyed such Confidential Information.
Article Three: Administrative Provisions
13. This Arrangement may be amended with the written consent of the Authorities.
14. The text of this Arrangement will be executed in English, and may be made available to the public.
15. On the date this Arrangement is signed by the Authorities, it will become effective and may be provided to any registered SDR that holds and maintains Swap Data that falls within the scope of ABC's jurisdiction.Start Printed Page 8391
16. This Arrangement will expire 30 days after any Authority gives written notice to the other Authority of its intention to terminate the Arrangement. In the event of termination of this Arrangement, Confidential Information will continue to remain confidential and will continue to be covered by this Arrangement.
This Arrangement is executed in duplicate, this ___day of ___.
[name of Chairman]
Chairman
U.S. Commodity Futures Trading Commission
[name of signatory]
[title]
[name of foreign/domestic regulator]
[Exhibit A: Description of Scope of Jurisdiction. If ABC is not enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach the Determination Order received from the Commission pursuant to Commission Regulation 49.17(h). If ABC is enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a sufficiently detailed description of the scope of ABC's jurisdiction as it relates to Swap Data maintained by SDRs.]
Start SignatureIssued in Washington, DC, on January 13, 2017, by the Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
Note:
The following appendices will not appear in the Code of Federal Regulations.
Appendices to Proposed Amendments to the Swap Data Access Provisions of Part 49 and Certain Other Matters—Commission Voting Summary and Chairman's Statement
Appendix 1—Commission Voting Summary
On this matter, Chairman Massad and Commissioners Bowen and Giancarlo voted in the affirmative. No Commissioner voted in the negative.
Appendix 2—Statement of Chairman Timothy G. Massad
The increased reporting of data on swaps transactions is an important reform of the derivatives markets agreed to by the G20 leaders in 2009. Today, thanks to this reporting, regulators across the globe are in a better position to assess exposures and risks related to this market. Because of the global nature of the market, it is critical for regulators to be able to share information, subject to appropriate confidentiality and other protections.
That's why I am pleased we are issuing this proposal, which will make it easier for other regulators, both domestic and foreign, to gain access to swap data repository (SDR) swap data. The proposal would conform our rules to various changes Congress made in the law and provide a process for sharing of information. Among other things, Congress removed a requirement that another regulator must indemnify both the Commission and the swap data repository for expenses related to litigation before data could be shared. To date, no domestic or foreign regulator has provided such an indemnification. Today's proposal removes this requirement in the CFTC's own rules, makes other changes consistent with Congressional action, and creates a process for when and how other regulators gain access to SDR information that will protect confidentiality.
I thank my fellow Commissioners Bowen and Giancarlo for their unanimous support for this proposal. I also thank the hardworking CFTC staff for all their efforts.
End Supplemental InformationFootnotes
1. 17 CFR 145.9. All Commission regulations cited herein are set forth in chapter I of Title 17 of the Code of Federal Regulations.
Back to Citation2. See Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376 (2010), available at http://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of the Dodd-Frank Act, which amended the Commodity Exchange Act (“CEA” or the “Act”), may be cited as the Wall Street Transparency and Accountability Act of 2010.
Back to Citation3. 7 U.S.C. 1 et seq.
Back to Citation4. See Dodd-Frank Act section 728 (adding new CEA section 21, 7 U.S.C. 24(a), to establish a registration requirement and regulatory regime for SDRs).
Back to Citation6. As is discussed more fully below, CEA section 8 describes circumstances under which public disclosure of information in the Commission's possession is permitted and prohibited. As is particularly relevant here, CEA section 8(e) permits the Commission to disclose information in its possession and obtained in connection with the administration of the CEA, upon request, to Federal departments and agencies acting within the scope of their jurisdiction but prohibits such recipients from disclosing such information except in an action or proceeding under the laws of the United States to which the recipient, the Commission or the United States is a party. CEA section 8(e) further permits the Commission to disclose information in its possession obtained in connection with administration of the CEA, upon request, to any foreign futures authority, department, central bank and ministries, or agency of a foreign government or political subdivision thereof, acting within the scope of its jurisdiction, subject to the condition that the Commission is satisfied that the information will not be disclosed by such recipient other than in connection with an adjudicatory action or proceeding to which the foreign futures authority, department, central bank and ministries, or the foreign government or political subdivision or agency thereof is a party, and which is brought under the laws of the foreign government or its political subdivision, See 7 U.S.C. 12(e).
Back to Citation7. See 7 U.S.C. 24a(c)(7). See also Commission, Final Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77 FR 2136, Jan. 13, 2012 (“Data Final Rules”). The Data Final Rules set forth, among others, regulations governing SDR data collection and reporting responsibilities under part 45 of the Commission's regulations.
Back to Citation8. 7 U.S.C. 24a(d). As noted above, the indemnification requirement was stricken from CEA section 21(d) by the FAST Act. See Public Law 114-94, section 86001(b)(2).
Back to Citation9. Swap Data Repositories: Registration Standards, Duties and Core Principles; 76 FR 54538 (Sept. 1, 2011) (“SDR Final Rules”); see also Swap Data Repositories: Registration Standards, Duties and Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final Rules) (“SDR NPRM”).
Back to Citation10. The domestic regulators enumerated in CEA section 21(c)(7)(A)-(D) are: (A) Each appropriate prudential regulator; (B) the Financial Stability Oversight Council (“FSOC”); (C) the Securities and Exchange Commission (“SEC”); and (D) the Department of Justice. The term “prudential regulator” is defined in CEA section 1a(39).
Back to Citation11. In addition to enumerating certain domestic entities to which an SDR must grant swap data access, CEA section 21(c)(7)(E) identifies as an eligible recipient of such access “any other person that the Commission determines to be appropriate, including—foreign financial supervisors (including foreign futures authorities); foreign central banks; foreign ministries; and other foreign authorities[.]” 7 U.S.C. 24a(c)(7)(E). Pursuant to this authority, in rules 49.17(b)(1)(v) and (vi), the Commission identified any Federal Reserve Bank and the Office of Financial Research (“OFR”), respectively, as “Appropriate Domestic Regulators.” The Commission also defined as an “Appropriate Domestic Regulator” each prudential regulator identified in CEA section 1(a)(39), with respect to requests related to any such regulator's statutory authority. See § 49.17(b)(1)(ii). The Commission further reserved the discretion, in § 49.17(b)(1)(vii), to recognize “[a]ny other person the Commission deems appropriate” to be an “Appropriate Domestic Regulator.”
Back to Citation12. Pursuant to § 49.17(d)(2), ADRs with regulatory jurisdiction over an SDR are not required to apply for access to SDR data or to execute a confidentiality and indemnification agreement if the regulator executes an information sharing arrangement with the Commission and the Commission designates the regulator to receive direct electronic access to SDR data pursuant to CEA section 21(c)(4). See also § 49.18(c).
Back to Citation13. The Commission established the category of AFRs pursuant to CEA section 21(c)(7)(E), which, among other things, includes a list of the types of foreign entities that the Commission may determine to be appropriate recipients of such swap data access.
Back to Citation14. The term “Foreign Regulator” is defined in § 49.2(a)(5) to mean a foreign futures authority as defined in CEA section 1(a)(26), foreign financial supervisors, foreign central banks and foreign ministries.
Back to Citation16. Current § 49.18(b) requires an SDR to receive such a Confidentiality and Indemnification Agreement from an ADR or AFR prior to releasing swap data to the ADR or AFR.
Back to Citation17. See SDR Final Rules at 54554. The Commission notes that, prior to passage of the FAST Act on December 4, 2015, no 21(c)(7) entity had entered into a confidentiality or indemnification agreement pursuant to CEA section 21(d) or the part 49 rules.
Back to Citation18. It was, in the Commission's view, appropriate to permit access to the swap data maintained by SDRs to Appropriate Domestic Regulators that have concurrent regulatory jurisdiction over such SDRs, without the application of the notice and indemnification provisions of CEA sections 21(c)(7) and (d). See SDR Final Rules at 54554, n163. Accordingly, pursuant to the Commission's Part 49 rules, these provisions did not apply to an Appropriate Domestic Regulator that has regulatory jurisdiction over an SDR registered with it pursuant to a separate statutory authority that is also registered with the Commission, if the Appropriate Domestic Regulator executes an MOU or similar information sharing arrangement with the Commission and the Commission, consistent with CEA section 21(c)(4)(A), designates the Appropriate Domestic Regulator to receive direct electronic access. See 17 CFR 49.17(d)(2).
Back to Citation19. See Swap Data Repositories: Interpretative Statement Regarding the Confidentiality and Indemnification Provisions of the Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012) (“Interpretative Statement”).
Back to Citation20. Interpretative Statement at 65181.
Back to Citation21. Title LXXXVI (“Repeal of Indemnification Requirements”) of the FAST Act amends the CEA by:
repeal[ing] the indemnification requirements added by the Dodd-Frank Wall Street Reform and Consumer Protection Act for regulatory authorities to obtain access to swap data. Foreign regulators and regulatory entities have indicated concerns regarding the indemnification requirements of Dodd-Frank. The title removes such requirements so data can be shared with foreign authorities. The title would still require the regulatory agencies requesting the information to agree to certain confidentiality requirements prior to receiving the data.
FAST Act: Conference Report to Accompany H.R. 22, Dec. 1, 2015 at 486-87. The repeal applied as well to the analogous provision in the Securities Exchange Act of 1934, 15 U.S.C. 78m(n)(5).
Back to Citation22. The legislation struck subsection (d) of CEA section 21 and inserted in its place a provision entitled, “Confidentiality Agreement,” that states that before a swap data repository may share information with any entity described in subsection (c)(7), the swap data repository shall receive a written agreement from each entity stating that the entity shall abide by the confidentiality requirements described in section 8 of the CEA relating to the information on swap transactions that is provided. See FAST Act, Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015).
Back to Citation24. See, e.g., CEA section 21(f)(4) (Additional duties developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules and regulations as, in the judgment of the Commission, are reasonably necessary to effectuate any of the provisions or to accomplish any of the purposes of the Act.
Back to Citation25. Section 752 of the Dodd-Frank Act directs the CFTC, the SEC and the prudential regulators, as appropriate, to consult and coordinate with foreign regulatory authorities in this regard and provides that these entities may agree to such information-sharing arrangements as may be deemed necessary or appropriate in the public interest or for the protection of investors, swap counterparties, and security-based swap counterparties.
Back to Citation26. 17 CFR 49.2(a)(5). CEA Section 1a(26) defines “foreign futures authority” as any foreign government, or any department, agency, governmental body, or regulatory organization empowered by a foreign government to administer or enforce a law, rule, or regulation as it relates to a futures or options matter, or any department or agency of a political subdivision of a foreign government empowered to administer or enforce a law, rule, or regulation as it relates to a futures or options matter. Section 723(a)(2) of the Dodd-Frank Act added section 2(d) to the CEA to provide that enumerated provisions, including CEA section 1a, apply to swaps.
Back to Citation27. See SDR Final Rules at 54554.
Back to Citation28. Id. See also Interpretative Statement at 65181; section 752 of the Dodd-Frank Act.
Back to Citation29. The Commission's proposal is consistent with the principle previously set forth in its Interpretative Statement relating to the confidentiality and indemnification provisions of the CEA. In particular, the Commission stated “that a foreign regulator's access to data from a registered SDR that is also registered, recognized, or otherwise authorized in a foreign jurisdiction's regulatory regime, where the data to be accessed has been reported pursuant to that [other] regulatory regime, [such access] will be dictated by that jurisdiction's regulatory regime and not by the CEA or Commission regulations.” See Interpretative Statement at 65181.
Back to Citation30. Id.
Back to Citation31. See CEA section 21(c)(7); see also section 752 of the Dodd-Frank Act.
Back to Citation32. The term “Foreign Regulator” is defined in § 49.2(a)(5) to mean a foreign futures authority as defined in CEA section 1(a)(26), foreign financial supervisors, foreign central banks and foreign ministries.
Back to Citation33. No Foreign Regulators are enumerated in CEA section 21(c)(7) or specifically identified as Appropriate Foreign Regulators in § 49.17(b)(2).
Back to Citation34. To date the Commission has not specified a form and manner for the application referenced in current § 49.17(b)(2)(i)(A).
Back to Citation36. The form of confidentiality arrangement set forth in proposed Appendix B to part 49 also would require such notices.
Back to Citation37. As is relevant here, proposed § 49.17(d)(5) would require that each SDR “shall, as directed by the Commission, limit, suspend or revoke . . . such access should the Commission . . . direct the [SDR] to limit, suspend or revoke such access.”
Back to Citation38. See CEA section 21(c)(7); see also Section 752 of the Dodd-Frank Act (recognizing the goal of effective and consistent global regulation of swaps).
Back to Citation40. See Dodd-Frank Act section 752, supra.
Back to Citation41. See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7).
Back to Citation42. Consistent with the current recordkeeping requirements for SDRs in § 45.2(f), SDRs are required to maintain records of all information related to the initial and all subsequent requests for swap data from ADRs/AFRs. Appropriate records would include, at a minimum, the identity of the ADR/AFR accessing the swap data; the date, time and substance of the request for access; confirmation that the request is consistent with the scope of the regulator's jurisdiction; and copies of all swap data provided in connection with the request for access. Pursuant to CEA section 1.31, SDRs are required to maintain such records for a period of no less than five years after the date of such request and must provide this information to the Commission upon request.
Back to Citation43. The scope of jurisdiction would be described in Exhibit A to the form of confidentiality arrangement set forth in proposed Appendix B to part 49.
Back to Citation44. See CEA section 21(d). 7 U.S.C. 24a(d) as amended by the FAST Act.
Back to Citation45. See current § 49.17(d)(6) and 49.18(b).
Back to Citation46. See proposed § 49.18(a) (requiring that an SDR received “an executed confidentiality arrangement between the Commission and the [ADR] or [AFR] . . . .”). The Commission notes that the SEC has implemented a similar approach with respect to the execution of the required agreement. See Access to Data Obtained by Security-Based Swap Data Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2, 2016) (SEC rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and associated preamble text).
Back to Citation47. Current § 49.18(a) describes the purpose of § 49.18.
Back to Citation48. Current § 49.18(b) requires an SDR to receive a confidentiality agreement from a 21(c)(7) entity before granting the 21(c)(7) entity access to swap data maintained by the SDR. As discussed above, the Commission proposes to address in proposed § 49.18(a) the confidentiality arrangement condition to swap data access.
Back to Citation49. ADRs and AFRs seeking useful guidance for Confidential Information segregation can look to the data segregation standards contained in the National Institute of Standards and Technology (“NIST”) Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations (April 2013), available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf or in the Federal Information Security Management Act of 2002, as amended (“FISMA”). 44 U.S.C. 3541. As the Commission has previously noted in a different context, FISMA “is a source of cybersecurity best practices and also establishes legal requirements for federal government agencies . . . .” System Safeguards Testing Requirements, 80 FR 80139, 80142 (Dec. 23, 2015) (“Registered Entity Cyber NPRM”). The Commission recently adopted final rules based on the Registered Entity Cyber NPRM. See System Safeguards Testing Requirements, 81 FR 64271 (Sept. 19, 2016) (“Final Registered Entity Cyber Rules”).
Back to Citation50. This should include cybersecurity measures. As the Commission detailed in a different context in the Final Registered Entity Cyber Rules, “cyber threats to the financial sector continue to expand.” See Final Registered Entity Cyber Rules at 64272. See also System also Safeguards Testing Requirements for Derivatives Clearing Organizations, 80 FR 80113, 80114-80115 (Dec. 23, 2015) (describing escalating and evolving cybersecurity threats); Registered Entity Cyber NPRM at 80140-80141 (Dec. 23, 2015) (describing, inter alia, the current cybersecurity threat environment).
Back to Citation51. One basic principle of data security is that only those with a need to access data to perform their work should be granted access to such data. See, e.g., Framework for Improving Critical Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the “Protect” element of a core cybersecurity framework as one where “[a]ccess to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.”).
Back to Citation52. The Commission understands that ADRs and AFRs may want to use aggregated and anonymized information derived from SDR swap data in analyses that may be made public. Cf. U.S. Gov't Accountability Office, GAO-16-175, Financial Regulation: Complex and Fragmented Structure Could Be Streamlined To Improve Effectiveness 71-75 (2016) (“GAO Report”), available at http://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and related confidentiality issues and protections surrounding sharing aggregated and disaggregated information provided by other agencies). The Commission believes that, when properly aggregated and anonymized, information derived from SDR swap data generally can be disclosed without violating the requirement in CEA section 21(d) that a recipient of swap data agree, with respect to the information on swap transactions that is provided by an SDR, to abide by the confidentiality requirements described in CEA section 8. Cf. § 49.16(c) (stating that “[s]ubject to Section 8 of the Act, [SDRs] may disclose aggregated swap data on a voluntary basis or as requested[ ] in the form and manner[ ] prescribed by the Commission.”); SDR Final Rules at 54551 (stating that “the Commission believes that it is permissible under the Dodd-Frank Act and part 49 of the Commission's regulations for an SDR to disclose, for non-commercial purposes, data on an aggregated basis such that the disclosed data reasonably cannot be attributed to individual transactions or market participants.”). In certain cases, however, even aggregated information may enable a reader to determine a market participant's business transactions, trade secrets (e.g., algorithms) or positions. Thus, the proposed form of confidentiality arrangement requires ADRs and AFRs to implement safeguards designed to appropriately limit the use of information that has been aggregated from SDR swap data and to prevent disaggregation or other derivations of a market participant's business transactions, trade data or market positions. ADRs and AFRs can look to § 43.4(d)(1), (d)(4) and (g) for guidance on anonymization principles.
Back to Citation53. The Commission interprets the restrictions on disclosure contained in CEA section 8 that are incorporated in CEA section 21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing swap data it obtains from an SDR.
Back to Citation54. Paragraph 12 of the confidentiality arrangement would also require ADR and AFR signatories to certify to the CFTC, upon request, that they have destroyed such swap data.
Back to Citation55. Proposed § 49.18(d) provides that, if an ADR or AFR fails to fulfill the terms of a confidentiality arrangement under paragraph (a) of proposed § 49.18, the Commission may direct each registered SDR to limit, suspend or revoke the ADR's or AFR's access to swap data held by the SDR Similarly, proposed § 49.17(d)(5) would require an SDR, as directed by the Commission, to limit, suspend or revoke an ADR's or AFR's swap data access should the Commission revoke the appropriateness determination for such ADR or AFR or otherwise direct the SDR to suspend or revoke such access.
Back to Citation56. Although § 49.17(e) uses the terms “data” and “swap data” interchangeably, the Commission intended those paragraphs to reference the definition of “swap data” and, consequently, believes that these do not represent a change to the Commission's original intent in promulgating § 49.17(e). However, the term “swap data” is narrower than the terms “data” and “information.” Consequently, changing “data” to “swap data” arguably would narrow the scope of the confidentiality procedures and confidentiality arrangement required by § 49.17(e)(1) and (2).
Back to Citation57. These proposed changes appear in proposed § 49.18(a).
Back to Citation58. See 5 U.S.C. 601 et seq.
Back to Citation59. See Policy Statement and Establishment of “Small Entities” for purposes of the Regulatory Flexibility Act, 47 FR 18618 (Apr. 30, 1982) at 18618-21.
Back to Citation60. See Part 49 Adopting Release at 54575 and Notice of Proposed Rulemaking: Swap Data Repositories, 75 FR 80898 (Dec. 23, 2010) at 80926.
Back to Citation61. 5 U.S.C. 601(5), (6).
Back to Citation62. 44 U.S.C. 3501 et seq.
Back to Citation63. See OMB Control Number 3038-0086 (“Information Collection 3038-0086”). The most recent revision to OMB Control Number 3038-0086 was approved November 30, 2015 and is available at: http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086.
Back to Citation64. The Commission estimates that up to approximately 30 authorities in the United States may seek to access swap data from SDRs. In the context of potential AFRs, the Commission believes that most requests will come from authorities in G20 countries, each of which will have no more and likely fewer than 30 authorities that may request swap data from SDRs. In addition, certain authorities from outside the G20 also may request swap data from SDRs. Accounting for all of these entities, the Commission estimates that there likely will be a total of no more than 300 relevant domestic and foreign authorities that may request swap data from SDRs.
Back to Citation71. See 17 CFR 49.17(d)(6) and 49.18.
Back to Citation73. See, e.g. , Registered Entity Cyber proposed rulemaking at 80141 (observing that “there has . . . been a rise in attacks by . . . hacktivists . . . aimed at . . . [, among other things,] theft of data or intellectual property . . . .”); Id. at 80189 (Concurring Statement of Commissioner Bowen) (stating that “our firms are facing an unrelenting onslaught of attacks from hackers with a number of motives ranging from petty fraud to international cyberwarfare.”).
Back to Citation74. While the same risks of misuse and misappropriation exist with respect to swap data maintained at SDRs, SDRs are regulated, and subject to sanctions, by the Commission, whereas ADRs and AFRs are not.
Back to Citation75. Enumerated domestic regulators also will have to demonstrate to the Commission the scope of their jurisdiction so that SDRs will know the contours of the swap data access they can provide to enumerated domestic regulators.
Back to Citation76. The Commission believes that potential ADRs and AFRs would likely have established safeguards to protect sensitive data other than swap data and that such safeguards could be adapted to address the requirements of the proposed form of confidentiality arrangement without great cost.
Back to Citation77. The need for these resource expenditures would flow from proposed § 49.17(d)(4)(iii), which would preclude SDRs from granting ADRs or AFRs access to swap data unless the SDR has determined that such swap data is within the then-current scope of such ADRs' or AFRs' jurisdiction.
Back to Citation78. See, e.g., DMO No-Action Letter 16-03 (Jan. 15, 2016), available at http://www.cftc.gov/idc/groups/public/@lrlettergeneral/documents/letter/16-03.pdf,, for further information regarding such privacy law restrictions.
Back to Citation79. Nevertheless, proposed § 49.18(a) would allow ADRs and AFRs to negotiate an alternative to the proposed form, provided that such alternative contains the elements required in proposed § 49.18(b), which, in turn, requires that such alternative contain all the elements of the proposed form.
Back to Citation80. The Commission has on occasion used the SIFMA Report on Management and Professional Earnings in the Securities Industry to estimate these kinds of costs. For instance, on page 279 of the SIFMA Report for 2013, the mean salary for a compliance attorney is $100,840 with an average bonus of $26,666. This gives $127,506 in average total compensation for a compliance attorney. This number is divided by 1,800 hours and multiplied by 5.35 to account for overhead to get approximately $379 per hour. Next, multiplying by 12,000 burden hours (from the Paperwork Reduction Act section of this release) results in approximately $4,500,000 in estimated costs.
Back to Citation1. The first bracketed paragraph will be used for ADRs; the second will be used for AFRs. The inapplicable paragraph will be deleted.
Back to Citation[FR Doc. 2017-01287 Filed 1-24-17; 8:45 am]
BILLING CODE 6351-01-P
Document Information
- Published:
- 01/25/2017
- Department:
- Commodity Futures Trading Commission
- Entry Type:
- Proposed Rule
- Action:
- Notice of proposed rulemaking.
- Document Number:
- 2017-01287
- Dates:
- Comments must be received on or before March 27, 2017.
- Pages:
- 8369-8391 (23 pages)
- RINs:
- 3038-AE44: Indemnification Rulemaking
- RIN Links:
- https://www.federalregister.gov/regulations/3038-AE44/indemnification-rulemaking
- PDF File:
- 2017-01287.pdf
- CFR: (5)
- 17 CFR 49.2
- 17 CFR 49.9
- 17 CFR 49.17
- 17 CFR 49.18
- 17 CFR 49.22