Self-Regulatory Organizations; The Depository Trust Company; National Securities Clearing Corporation; Fixed Income Clearing Corporation; Order Approving Proposed Rule Changes To Adopt the Clearing Agency Risk Management Framework

I. Introduction

On July 14, 2017, The Depository Trust Company (“DTC”), National Securities Clearing Corporation (“NSCC”), and Fixed Income Clearing Corporation (“FICC,” each a “Clearing Agency,” and collectively the “Clearing Agencies”), filed with the Securities and Exchange Commission (“Commission”) proposed rule changes SR-DTC-2017-013, SR-NSCC-2017-012, and SR-FICC-2017-016, respectively, pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (“Act”) and Rule 19b-4 thereunder. The proposed rule changes were published for comment in the Federal Register on August 2, 2017. The Commission did not receive any comment letters on the proposed rule changes. For the reasons discussed below, the Commission approves the proposed rule changes.

II. Description of the Proposed Rule Changes

The proposed rule changes are proposals by the Clearing Agencies to adopt the Clearing Agency Risk Management Framework (“Framework”) of the Clearing Agencies, as described below.

A. Overview of the Framework

The Framework would describe how each Clearing Agency (i) comprehensively manages legal, credit, liquidity, operational, general business, investment, custody, and other risks that arise in or are borne by it (“Key Clearing Agency Risks”); (ii) manages risks posed by its participants; (iii) manages risks related to material interdependencies and external links; and (iv) provides services responsive to market needs. The Framework would be maintained by the General Counsel's Office (“GCO”) of DTCC. The Framework would provide that GCO reviews the Framework at least annually, in coordination with all departments responsible for the processes described in the Framework.

B. Comprehensive Management of Key Clearing Agency Risks

The Framework would state that the Boards of Directors of the Clearing Agencies (each a “Board” and together, the “Boards”) have delegated to DTCC management, on behalf of the Clearing Agencies, the responsibility for identifying, assessing, measuring, monitoring, mitigating, and reporting Key Clearing Agency Risks through a process of developing individual risk tolerance statements for identified risks. The Framework would state that these risk tolerance statements describe the applicable risk controls and other measures used to manage risks. If needed, residual risks may be identified for either further management or acceptance, which then follows a defined escalation and approval process. The Framework would also state that DTCC management, on behalf of the Clearing Agencies, is responsible for the day-to-day management of those residual risks. Finally, the Framework would describe the governance around updating risk tolerance statements, which are reviewed and approved by a management committee, the Risk Committee of the Boards, and the Boards at least annually. The Framework would provide that the Clearing Agencies manage Key Clearing Agency Risks through (i) a “Three Lines of Defense” approach, as described below, and (ii) the maintenance of risk management policies, procedures, Clearing Agencies' Rules, and frameworks, as described below.

1. Three Lines of Defense

The Framework would provide that the Clearing Agencies employ a “Three Lines of Defense” approach for comprehensively managing Key Clearing Agency Risks. The Framework would describe the roles of personnel and business units in this risk management approach, which includes (i) a first line of defense comprised of the various business lines and functional units that support the products and services offered by the Clearing Agencies (collectively, “Clearing Agency Business/Support Areas”); (ii) a second line of defense comprised of control functions that support the Clearing Agencies, including the organization's legal, privacy and compliance areas, as well as the DTCC Risk Department, which is specifically dedicated to risk management concerns (collectively, “Clearing Agency Control Functions”); and (iii) a third line of defense, which is performed by DTCC Internal Audit.

For the first line of defense, the Framework would state that each Clearing Agency Business/Support Area would, for example, identify Key Clearing Agency Risks applicable to its function, determine the best way to mitigate such risks, self-test internal controls, and create and implement actions plans for risk mitigation. For the second line of defense, the Framework would state that each Clearing Agency's Control Functions would, for example, work with the Clearing Agency Business/Support Areas on efforts to mitigate Key Clearing Agency Risks, and provide tools to those groups to enable them to analyze, monitor and proactively manage those risks. Finally, for the third line of defense, the Framework would identify the role of DTCC Internal Audit as including, for example, directing its own resources to review and test key controls that help mitigate significant Key Clearing Agency Risks, then reporting on the results of that testing.

In connection with a description of the second and the third lines of defense, the Framework would state that personnel within the DTCC Risk Department and the DTCC Internal Audit are provided with sufficient authority, resources, independence from management, and access to the Boards. The Framework would provide that the DTCC Risk Department and the DTCC Internal Audit are functionally independent from all other Clearing Agency Business/Support Areas. The Framework would also explain that the personnel within the DTCC Risk Department and the DTCC Internal Audit have a direct reporting line to, and oversight by, the Risk Committee of the Boards and the Audit Committee of the Boards, respectively, which is supported by the charters of these committees. The Framework would state that a set of senior management committees provide oversight of the Three Lines of Defense approach to manage Key Clearing Agency Risks as well as other aspects of the Clearing Agencies' risk management.

2. Policies, Procedures, Clearing Agencies' Rules, and Risk Management Frameworks

The Framework would provide that the Clearing Agencies maintain a policy to govern the requirements for establishing, managing, and assessing the performance of internal committees and councils. The Framework would also describe the process by which the Clearing Agencies maintain risk management policies, procedures, Clearing Agencies' Rules, frameworks, and other documents designed to identify, measure, monitor, and manage Key Clearing Agency Risks.

The Framework would describe policies maintained by the Clearing Agencies that (i) govern the steps taken to meet their regulatory requirements related to proposed rule change and advance notice filings pursuant to Section 19(b)(1) of the Act, and Section 806(e)(1) of Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act, entitled the Payment, Clearing, and Settlement Supervision Act of 2010, and the rules thereunder (collectively, “Filing Requirements”); and (ii) establish standards and a holistic approach for creating and managing risk management policies, procedures, Clearing Agencies' Rules, frameworks, and other documents, including periodic reviews and governance approval of such documents (“Document Standards”). The Framework would provide that, with respect to those documents that address Key Clearing Agency Risks, the Document Standards require annual approval by the Boards.

The Framework would describe how the Clearing Agencies maintain the Clearing Agencies' Rules, which support the Clearing Agencies' ability to provide for a well-founded, clear, transparent and enforceable legal basis for each aspect of their activities in all relevant jurisdictions. Maintenance of the Clearing Agencies' Rules is supported by the policy governing the Filing Requirements and the Document Standards, described above. The Framework would state that the Clearing Agencies' Rules establish the membership onboarding process of the Clearing Agencies. The Framework would also state that the Clearing Agencies may adopt and maintain other risk management frameworks, separate from the Framework, that address, in whole or in part, the management of other Key Clearing Agency Risks such as the management of operational, liquidity, and market risks.

C. Information and Incentives for Management of Risks by Participants

The Framework would describe how the Clearing Agencies provide their respective participants with information and incentives to enable them to monitor, manage, and contain the risks they pose (including the risks by their customers) to the respective Clearing Agencies. The Framework would identify some of the sources of the information that are made available to the Clearing Agencies' participants, including, for example, (i) materials on the DTCC Web site, such as the Clearing Agencies' Rules, user guides, and training courses, and regularly updated disclosures made pursuant to the guidelines published by the Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commissions; and (ii) reports regarding the Clearing Agencies' margin and liquidity requirements and their transaction volumes and values, as applicable.

The Framework would also describe some of the incentives used by the Clearing Agencies to enable their participants to monitor, manage, and contain risks they pose to the Clearing Agencies, including, for example, (i) daily margin requirements, pursuant to the Clearing Agencies' Rules, which are calculated in close correlation to the risk each participant poses to the relevant Clearing Agency; and (ii) other tools within the Clearing Agencies' Rules that enable the Clearing Agencies to enforce their respective Rules against their participants.

D. Management of Risks Related to Material Interdependencies and External Links

The Framework would describe how the Clearing Agencies regularly review the material risks they bear from and pose to other entities as a result of material interdependencies and external links. The Framework would identify some of the Clearing Agencies' material interdependencies between the Clearing Agencies and other entities which may include, for example, Clearing Agencies' participants, settling banks, investment counterparties, liquidity providers, vendors, and service providers. With respect to the links between the Clearing Agencies and material external interdependent entities, the Framework would describe how the Clearing Agencies review and monitor any resulting risks that are driven by the nature of the relationship. For example, risks related to the Clearing Agencies' link to their respective participants and settling banks are addressed through tools found within the Clearing Agencies' Rules, as these entities are bound by the Rules. The Framework would also describe the Clearing Agencies' management and monitoring of risks that have the potential of creating systemic risks. In addition, the Framework would provide how the Clearing Agencies utilize a series of comprehensive reviews that include input from a cross-functional group to identify, monitor, and manage risks related to all external links of the Clearing Agencies.

The Framework would provide that risks arising from links to vendors are identified, assessed, controlled, and monitored through a comprehensive review and vetting process. The Framework would describe how a risk-based approach is employed to assess the need and level of due diligence activities associated with the evaluation of potential vendors and with the re-evaluation of existing vendors. The Framework would state that this process involves the review of certain information related to a proposed vendor relationship, which should focus on confidentiality, integrity, availability, and recoverability related to that relationship. The Framework would also describe how risk related to existing vendor relationships is reviewed periodically, throughout the lifecycle of the relationship.

E. Scope of Services Responsive to Market Needs

The Framework would describe how the Clearing Agencies meet the requirements of their participants and the markets they serve. The Framework would describe the Clearing Agencies' structured approach for the implementation of new initiatives, which includes conducting a comprehensive risk assessment of new initiatives. These reviews address, among other matters, compliance with applicable laws, regulations, and standards.

The Framework would also describe the Clearing Agencies' role in industry-wide strategic initiatives through participation on industry working groups and the development and publication of concept papers. The Framework would describe how the Clearing Agencies use periodic surveys and employ product-aligned customer service representatives to ensure clients receive the support they need. The Framework would describe the Clearing Agencies' process for escalating and responding to certain customer complaints. The Framework would also describe the Clearing Agencies' “Core Balanced Business Scorecard,” which is used by the Clearing Agencies to review and track the effectiveness of their operations, information technology service levels, financial performance, human capital, as well as their participants' experiences.

F. Recovery and Orderly Wind-Down

The Framework would provide that the Clearing Agencies may maintain policies and procedures to govern the development of plans for recovery and orderly wind-down. Such documents would define the roles and responsibilities of relevant business units in the development and documentation of the plans and would outline the general content of the plans.

III. Discussion and Commission Findings

Section 19(b)(2)(C) of the Act directs the Commission to approve a proposed rule change of a self-regulatory organization if it finds that such proposed rule change is consistent with the requirements of the Act and rules and regulations thereunder applicable to such organization. After carefully considering the proposed rule changes, the Commission finds that the proposed rule changes are consistent with the requirements of the Act and the rules and regulations thereunder applicable to the Clearing Agencies. Specifically, the Commission finds that the proposed rule changes are consistent with Section 17A(b)(3)(F) of the Act and Rules 17Ad-22(e)(1), (e)(3)(i), (e)(3)(iii), (e)(3)(iv), (e)(20), and (e)(21) under the Act.

A. Consistency With Section 17A(b)(3)(F) of the Act

Section 17A(b)(3)(F) of the Act requires, in part, that the rules of a registered clearing agency be designed to assure the safeguarding of securities and funds which are in the custody or control of the Clearing Agencies or for which they are responsible.

As described above, the Framework would provide some of the ways the Clearing Agencies comprehensively manage Key Clearing Agency Risks, which include legal, credit, liquidity, operational, general business, investment, custody, and other risks that arise in or are borne by the Clearing Agencies. For example, the Framework would describe how the Clearing Agencies use the “Three Lines of Defense” approach to assessing, measuring, monitoring, mitigating, and reporting those risks, and would identify the roles and responsibilities of each line of defense within that approach. The Framework would also provide other risk management activities, including the establishment and maintenance of certain management committees that would perform oversight of the Clearing Agencies' businesses and related risk management. Furthermore, the Framework would describe information and incentives offered by the Clearing Agencies to their participants to manage and contain the risks. The Framework would also describe some of the ways to manage risks posed by material interdependency relationships and external links, and address the market needs efficiently and effectively.

By providing transparency to their risk management practices, the Framework is designed to help the Clearing Agencies be in a better position to prevent and manage the risks that arise in or are borne by the Clearing Agencies. By better managing the risks that arise in or are borne by the Clearing Agencies, the Framework is designed to help reduce the possibility that a Clearing Agency fails. By better positioning the Clearing Agencies to continue their critical operations and services, and mitigating the risk of financial loss contagion caused by a Clearing Agency failure, the Framework is designed to help assure the safeguarding of securities and funds which are in the custody or control of the Clearing Agencies, or for which they are responsible. Accordingly, the Commission believes that the proposed rule changes are consistent with Section 17A(b)(3)(F) of the Act.

B. Consistency With Rule 17Ad-22(e)(1)

Rule 17Ad-22(e)(1) under the Act requires that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to, provide for a well-founded, clear, transparent and enforceable legal basis for each aspect of its activities in all relevant jurisdictions.

As described above, the Framework would describe the policies maintained by the Clearing Agencies that govern the Filing Requirements and the Document Standards. In addition, the Framework would describe how the Clearing Agencies maintain the Clearing Agencies' Rules. The Clearing Agencies' Rules are the key legal basis for each of the Clearing Agencies' respective activities described in the Clearing Agencies' Rules. For example, as part of the membership onboarding process, all participants must execute membership agreements, which binds them to the relevant Clearing Agency's Rules and subjects them to an enforceable contract governing the rights and obligations of the Clearing Agencies and those participants. The Framework would also describe how the Clearing Agencies' Rules are published on the DTCC Web site, and how the Clearing Agencies adhere to the Filing Requirements. The Framework would also describe how the Clearing Agencies review and assess risk related to their contractual arrangements with vendors, service providers, and other external parties with which the Clearing Agencies may establish links. The Framework would also describe the process by which the Clearing Agencies review new initiatives prior to implementation, which include a review of the legal risks that may be posed by those initiatives.

By organizing and describing in a central location the policies and procedures that the Clearing Agencies use to manage Key Clearing Agency Risks, as well as the Clearing Agencies' policies, procedures, Rules, frameworks, and other documents, the Framework is designed to help the Clearing Agencies manage, in a more clear and transparent way, the policies and procedures that define the rights and obligations of the Clearing Agencies, their participants, and other external parties. In doing so, the Framework also helps provide for a well-founded and enforceable legal basis for the activities of the Clearing Agencies. Therefore, the Commission believes that the Framework is consistent with the requirements of Rule 17Ad-22(e)(1).

C. Consistency With Rule 17Ad-22(e)(3)(i), (e)(3)(iii), and (e)(3)(iv)

Rule 17Ad-22(e)(3)(i) under the Act requires, in part, that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to maintain a sound risk management framework for comprehensively managing legal, credit, liquidity, operational, general business, investment, custody and other risks that arise in or are borne by the covered clearing agency, which includes risk management policies, procedures and systems designed to identify, measure, monitor and manage the range of risks that arise in or are borne by the covered clearing agency, that are subject to review on a specified periodic basis and approved by the board of directors annually.

As described above, the Framework would describe how the Clearing Agencies maintain comprehensive policies, procedures, and other documents, including the Framework and certain other risk management frameworks, which are designed to help identify, measure, monitor, and manage Key Clearing Agency Risks. The Framework would state that the documents that address Key Clearing Agency Risks are subject to annual approval by each of the Boards pursuant to the Document Standards. Furthermore, the Framework would describe how the Clearing Agencies identify, assess, measure, monitor, mitigate, and report risks through individual risk tolerance statements for identified risks, which are reviewed and approved by the Boards at least annually. Accordingly, the Commission believes that the Framework is consistent with Rule 17Ad-22(e)(3)(i).

Rule 17Ad-22(e)(3)(iii) under the Act requires, in part, that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to maintain a sound risk management framework for comprehensively managing legal, credit, liquidity, operational, general business, investment, custody and other risks that arise in or are borne by the covered clearing agency, which provides risk management and internal audit personnel with sufficient authority, resources, independence from management, and access to the board of directors.

As described above, in connection with a description of the second and the third lines of defense, the Framework would state that personnel within the DTCC Risk Department and the DTCC Internal Audit are provided with sufficient authority, resources, independence from management, and access to the Boards. In particular, the Framework would describe how both the DTCC Risk Department and the DTCC Internal Audit are functionally independent from all other Clearing Agency Business/Support Areas. The Framework would also indicate how the senior management within both of those groups report directly to appropriate committees of the Boards. Accordingly, the Commission believes that the Framework is consistent with Rule 17Ad-22(e)(3)(iii).

Rule 17Ad-22(e)(3)(iv) under the Act requires, in part, that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to maintain a sound risk management framework for comprehensively managing legal, credit, liquidity, operational, general business, investment, custody and other risks that arise in or are borne by the covered clearing agency, which provides risk management and internal audit personnel with a direct reporting line to, and oversight by, a risk management committee and an independent audit committee of the board of directors, respectively.

As described above, the Framework would describe, as the third line of defense, how senior management within the DTCC Risk Department and the DTCC Internal Audit have a direct reporting line to, and oversight by, the Risk Committee of the Boards and the Audit Committee of the Boards, respectively, which is supported by the charters of these committees. Accordingly, the Commission believes that the Framework is consistent with Rule 17Ad-22(e)(3)(iv).

D. Consistency With Rule 17Ad-22(e)(20)

Rule 17Ad-22(e)(20) under the Act requires that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to identify, monitor and manage risks related to any link the covered clearing agency establishes with one or more other clearing agencies, financial market utilities, or trading markets.

As described above, the Framework would describe how the Clearing Agencies review both proposed and existing links with other entities, including those links that may result in material interdependencies. For example, the Framework would describe some of the ways the Clearing Agencies manage risks related to their links with, as applicable, participants, settling banks, investment counterparties, liquidity providers, vendors, and service providers, and would also describe how the Clearing Agencies identify and address risks that have the potential of creating systemic impact. With respect to links with vendors, the Framework would describe how the Clearing Agencies apply a comprehensive vendor review and vetting process.

By providing written policies and procedures to identify, monitor, and manage risks related to links that the Clearing Agencies' establish, the Commission believes that the Framework is consistent with Rule 17Ad-22(e)(20).

E. Consistency With Rule 17Ad-22(e)(21)

Rule 17Ad-22(e)(21) under the Act requires that each covered clearing agency establish, implement, maintain and enforce written policies and procedures reasonably designed to be efficient and effective in meeting the requirements of its participants and the markets it serves, and have the covered clearing agency's management regularly review the efficiency and effectiveness of its (i) clearing and settlement arrangements; (ii) operating structure, including risk management policies, procedures, and systems; (iii) scope of products cleared or settled; and (iv) use of technology and communication procedures.

As described above, the Framework would describe some of the ways in which the Clearing Agencies review the efficiency and effectiveness of their businesses and operations. For example, the Framework would describe how the Clearing Agencies employ a structured approach to the pre-implementation reviews of new initiatives (including initiatives related to their clearing and settlement arrangements, scope of products cleared or settled, and use of technology and communication procedures). The Framework would also describe the Clearing Agencies' Core Balanced Business Scorecard, which is used to review the effectiveness of the Clearing Agencies' operations, information technology services levels, financial performance, and other aspects of their business, including their respective participants' experiences. The Framework would also describe some of the steps the Clearing Agencies take in order to be efficient and effective in reviewing and meeting the requirements of their participants and the markets they serve, including the maintenance of a policy to address escalation, tracking, and resolution of certain customer complaints.

By establishing a framework that would (i) help support bring initiatives to market in a more timely and efficient manner through the pre-implementation reviews; (ii) help provide the Clearing Agencies insight into the efficiency and effectiveness of their businesses and operations through the Core Balanced Business Scorecard; and (iii) help manage the Clearing Agencies' participants' complaints through a specific policy, the Commission believes that the Framework is consistent with Rule 17Ad-22(e)(21).

IV. Conclusion

On the basis of the foregoing, the Commission finds that the proposed rule changes are consistent with the requirements of the Act and in particular with the requirements of Section 17A of the Act and the rules and regulations thereunder.

It is therefore ordered, pursuant to Section 19(b)(2) of the Act, that proposed rule changes SR-DTC-2017-013, SR-NSCC-2017-012, and SR-FICC-2017-016 be, and hereby are, approved.