Federal Register, Volume 82 Issue 15 (Wednesday, January 25, 2017)
[Federal Register Volume 82, Number 15 (Wednesday, January 25, 2017)]
[Proposed Rules]
[Pages 8369-8391]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-01287]
=======================================================================
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
17 CFR Part 49
RIN 3038-AE44
Proposed Amendments To Swap Data Access Provisions and Certain
Other Matters
AGENCY: Commodity Futures Trading Commission.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: Pursuant to Title VII of the Dodd-Frank Wall Street Reform and
Consumer Protection Act of 2010 (``Dodd-Frank Act''), as amended by the
Fixing America's Surface Transportation Act of 2015 (``FAST Act''), the
Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is
proposing amendments the Commission's regulations relating to access to
swap data held by Swap Data Repositories. The proposed amendments would
implement pertinent provisions of the FAST Act and make associated
changes to the Commission's regulations governing the grant of access
to swap data to certain foreign and domestic authorities by Swap Data
Repositories and to certain other regulations unrelated to such access.
DATES: Comments must be received on or before March 27, 2017.
ADDRESSES: You may submit comments, identified by RIN 3038-AE44, by any
of the following methods:
CFTC Web site: https://comments.cftc.gov. Follow the
instructions for submitting comments through the Comments Online
process on the Web site.
Mail: Christopher Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581.
Hand Delivery/Courier: Same as Mail, above.
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Please submit your comments using only one method.
All comments must be submitted in English, or if not, accompanied
by an English translation. Comments will be posted as received to
www.cftc.gov. You should submit only information that you wish to make
available publicly. If you wish the Commission to consider information
that you believe is exempt from disclosure under the Freedom of
Information Act (``FOIA''), a petition for confidential treatment of
the exempt information may be submitted according to the procedures
established in Sec. 145.9 of the Commission's regulations.\1\
---------------------------------------------------------------------------
\1\ 17 CFR 145.9. All Commission regulations cited herein are
set forth in chapter I of Title 17 of the Code of Federal
Regulations.
---------------------------------------------------------------------------
The Commission reserves the right, but shall have no obligation, to
review, pre-screen, filter, redact, refuse or remove any or all of your
submission from www.cftc.gov that it may deem to be inappropriate for
publication, such as obscene language. All submissions that have been
redacted or removed that contain comments on the merits of the
rulemaking will be retained in the public comment file and will be
considered as required under the Administrative Procedure Act and other
applicable laws, and may be accessible under the FOIA.
FOR FURTHER INFORMATION CONTACT: Daniel Bucsa, Deputy Director,
Division of Market Oversight--Data and Reporting Branch, (202) 418-
5435, [email protected]; Jeffrey P. Burns, Assistant General Counsel,
Office of the General Counsel, (202) 418-5101, [email protected]; David
E. Aron, Special Counsel, Division of Market Oversight--Data and
Reporting Branch, (202) 418-6621, [email protected]; or Owen J. Kopon,
Special Counsel, Division of Market Oversight--Data and Reporting
Branch, (202) 418-5360, [email protected], Commodity Futures Trading
Commission, Three Lafayette Centre, 1151 21st Street NW., Washington,
DC 20581.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background and Introduction
A. Statutory Background: The Dodd-Frank Act
B. Regulatory History: The Part 49 Rules and the Commission's
2012 Interpretative Statement
1. Access to SDR Swap Data
2. The Regulatory Indemnification Requirement
C. FAST Act Amendments to CEA Section 21
D. CEA Section 8 Informs the Confidentiality Provisions of CEA
Section 21
E. Summary of Proposed Revisions to Part 49
F. Rescission of 2012 Interpretative Statement
II. Discussion
A. Definitions: Proposed Amendments to Sec. 49.2
B. Domestic and Foreign Regulators With Regulatory
Responsibility Over SDRs: Proposed Amendments to Sec. 49.17(d)(2)
and (3)
1. The Current Rule
2. Proposed Amendments
3. Request for Comment
C. Appropriateness Determination for Foreign Regulators and Non-
Enumerated Domestic Regulators: Proposed Sec. 49.17(h) and Proposed
Amendments to Sec. 49.17(b)
1. The Current Rule
2. The Proposed Amendments
3. The Factors Required for a Determination Order
a. Scope of Jurisdiction
b. Robust Confidentiality Safeguards
c. Additional Considerations
d. Other Matters Regarding the Determination Order Process
e. Request for Comment
4. Proposed Amendments to Sec. 49.17(d)(4)--SDR Notice and
Verification Obligations
5. Proposed New Sec. 49.17(i)--Delegation of Authority
6. Request for Comment
D. CEA Section 21(d) Confidentiality Agreements: Proposed
Amendments to Sec. 49.18
1. Current Sec. 49.18
2. Proposed Amendments to Sec. 49.18(a)--Confidentiality
Arrangement Required Prior to Disclosure of Swap Data
3. Proposed Amendments to Sec. 49.18(b)--Required Elements of
the Confidentiality Arrangement
4. Removal of Sec. 49.18(c)--ADRs and AFRs With Regulatory
Responsibility Over an SDR
5. Failure To Fulfill the Terms of a Confidentiality
Arrangement: Proposed Sec. 49.18(c) and (d)
6. Proposed Sec. 49.18(e)--Delegation of Authority
7. Conforming Changes
8. Request for Comment
E. Other Changes
III. Request for Comment
IV. Related Matters
A. Regulatory Flexibility Act
B. Paperwork Reduction Act
1. Summary of the Proposed Requirements
2. Collection of Information
3. Request for Comments on Collection
C. Cost-Benefit Considerations
D. Antitrust Considerations
I. Background and Introduction
A. Statutory Background: The Dodd-Frank Act
Title VII of the Dodd-Frank Act \2\ amended the Commodity Exchange
Act (``CEA'' or the ``Act'') \3\ to establish a
[[Page 8370]]
comprehensive new regulatory framework for swaps including, in new CEA
section 21, the registration and regulation of Swap Data Repositories
(``SDRs'').\4\ CEA section 21 imposes on SDRs, among other duties and
responsibilities, the duty to maintain the privacy of all swap
transaction information received from a swap dealer, counterparty, or
any other registered entity.\5\ CEA section 21(c)(7) directs SDRs to
make swap data available ``on a confidential basis pursuant to section
8 [of the CEA]'' \6\ to certain enumerated domestic authorities and any
other person the Commission determines to be appropriate, which may
include certain types of foreign authorities.\7\ Entities that are
eligible to receive access to swap data from an SDR pursuant to CEA
section 21(c)(7) are referred to herein, collectively, as the
``21(c)(7) entities'').
---------------------------------------------------------------------------
\2\ See Dodd-Frank Wall Street Reform and Consumer Protection
Act, Public Law 111-203, 124 Stat. 1376 (2010), available at http://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of
the Dodd-Frank Act, which amended the Commodity Exchange Act
(``CEA'' or the ``Act''), may be cited as the Wall Street
Transparency and Accountability Act of 2010.
\3\ 7 U.S.C. 1 et seq.
\4\ See Dodd-Frank Act section 728 (adding new CEA section 21, 7
U.S.C. 24(a), to establish a registration requirement and regulatory
regime for SDRs).
\5\ 7 U.S.C. 24a(c)(6).
\6\ As is discussed more fully below, CEA section 8 describes
circumstances under which public disclosure of information in the
Commission's possession is permitted and prohibited. As is
particularly relevant here, CEA section 8(e) permits the Commission
to disclose information in its possession and obtained in connection
with the administration of the CEA, upon request, to Federal
departments and agencies acting within the scope of their
jurisdiction but prohibits such recipients from disclosing such
information except in an action or proceeding under the laws of the
United States to which the recipient, the Commission or the United
States is a party. CEA section 8(e) further permits the Commission
to disclose information in its possession obtained in connection
with administration of the CEA, upon request, to any foreign futures
authority, department, central bank and ministries, or agency of a
foreign government or political subdivision thereof, acting within
the scope of its jurisdiction, subject to the condition that the
Commission is satisfied that the information will not be disclosed
by such recipient other than in connection with an adjudicatory
action or proceeding to which the foreign futures authority,
department, central bank and ministries, or the foreign government
or political subdivision or agency thereof is a party, and which is
brought under the laws of the foreign government or its political
subdivision, See 7 U.S.C. 12(e).
\7\ See 7 U.S.C. 24a(c)(7). See also Commission, Final
Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77
FR 2136, Jan. 13, 2012 (``Data Final Rules''). The Data Final Rules
set forth, among others, regulations governing SDR data collection
and reporting responsibilities under part 45 of the Commission's
regulations.
---------------------------------------------------------------------------
As originally enacted, CEA sections 21(d)(1) and (2) of the Act
mandated that, prior to receipt of any requested data or information
from an SDR, a 21(c)(7) entity agree in writing to abide by the
confidentiality requirements described in CEA section 8 and,
separately, to indemnify the SDR and the Commission for ``any expenses
arising from litigation relating to the information provided under
section 8.'' \8\ Congress's repeal of the CEA section 21(d)(2)
indemnification requirement in the FAST Act in December 2015 gave rise
to the amendments proposed in this release.
---------------------------------------------------------------------------
\8\ 7 U.S.C. 24a(d). As noted above, the indemnification
requirement was stricken from CEA section 21(d) by the FAST Act. See
Public Law 114-94, section 86001(b)(2).
---------------------------------------------------------------------------
B. Regulatory History: The Part 49 Rules and the Commission's 2012
Interpretative Statement
1. Access to SDR Swap Data
In 2011, the Commission adopted rules implementing CEA section 21's
requirements for SDRs.\9\ The Commission implemented the SDR swap data
access provisions of CEA sections 21(c)(7) and (d) by establishing
processes by which various categories of entities could gain access to
SDR swap data. The domestic entities enumerated in CEA section
21(c)(7)(A)-(D),\10\ and certain others deemed by the Commission to be
appropriate recipients of such swap data pursuant to CEA section
21(c)(7)(E),\11\ were defined in Sec. 49.17(b)(1) of the Commission's
regulations as ``Appropriate Domestic Regulators'' (``ADRs'').\12\
---------------------------------------------------------------------------
\9\ Swap Data Repositories: Registration Standards, Duties and
Core Principles; 76 FR 54538 (Sept. 1, 2011) (``SDR Final Rules'');
see also Swap Data Repositories: Registration Standards, Duties and
Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final
Rules) (``SDR NPRM'').
\10\ The domestic regulators enumerated in CEA section
21(c)(7)(A)-(D) are: (A) Each appropriate prudential regulator; (B)
the Financial Stability Oversight Council (``FSOC''); (C) the
Securities and Exchange Commission (``SEC''); and (D) the Department
of Justice. The term ``prudential regulator'' is defined in CEA
section 1a(39).
\11\ In addition to enumerating certain domestic entities to
which an SDR must grant swap data access, CEA section 21(c)(7)(E)
identifies as an eligible recipient of such access ``any other
person that the Commission determines to be appropriate, including--
foreign financial supervisors (including foreign futures
authorities); foreign central banks; foreign ministries; and other
foreign authorities[.]'' 7 U.S.C. 24a(c)(7)(E). Pursuant to this
authority, in rules 49.17(b)(1)(v) and (vi), the Commission
identified any Federal Reserve Bank and the Office of Financial
Research (``OFR''), respectively, as ``Appropriate Domestic
Regulators.'' The Commission also defined as an ``Appropriate
Domestic Regulator'' each prudential regulator identified in CEA
section 1(a)(39), with respect to requests related to any such
regulator's statutory authority. See Sec. 49.17(b)(1)(ii). The
Commission further reserved the discretion, in Sec.
49.17(b)(1)(vii), to recognize ``[a]ny other person the Commission
deems appropriate'' to be an ``Appropriate Domestic Regulator.''
\12\ Pursuant to Sec. 49.17(d)(2), ADRs with regulatory
jurisdiction over an SDR are not required to apply for access to SDR
data or to execute a confidentiality and indemnification agreement
if the regulator executes an information sharing arrangement with
the Commission and the Commission designates the regulator to
receive direct electronic access to SDR data pursuant to CEA section
21(c)(4). See also Sec. 49.18(c).
---------------------------------------------------------------------------
The term ``Appropriate Foreign Regulator'' (``AFR'') \13\ was
defined in Sec. 49.17(b)(2) as a ``Foreign Regulator'' \14\ with an
existing memorandum of understanding (``MOU'') or similar type of
arrangement with the Commission; no AFRs were specifically identified
in the rule. The term ``Appropriate Foreign Regulator'' was also
defined to include a Foreign Regulator without an existing MOU with the
Commission, as determined by the Commission on a case-by-case basis.
Such a Foreign Regulator was required to file with the Commission an
application providing sufficient facts and procedures to permit the
Commission to analyze whether the Foreign Regulator employs appropriate
confidentiality procedures, and to satisfy the Commission that any SDR
data accessed by the Foreign Regulator would be disclosed ``only as
permitted by [s]ection 8(e)'' of the CEA.\15\
---------------------------------------------------------------------------
\13\ The Commission established the category of AFRs pursuant to
CEA section 21(c)(7)(E), which, among other things, includes a list
of the types of foreign entities that the Commission may determine
to be appropriate recipients of such swap data access.
\14\ The term ``Foreign Regulator'' is defined in Sec.
49.2(a)(5) to mean a foreign futures authority as defined in CEA
section 1(a)(26), foreign financial supervisors, foreign central
banks and foreign ministries.
\15\ 17 CFR 49.17(b)(2)(i)(B).
---------------------------------------------------------------------------
An ADR or AFR seeking access to SDR data is required by current
Sec. 49.17(d)(1) to file an access request with the SDR certifying
that it is acting within the scope of its jurisdiction and is required
by current Sec. 49.17(d)(6) to execute a ``Confidentiality and
Indemnification Agreement'' with the SDR.\16\
---------------------------------------------------------------------------
\16\ Current Sec. 49.18(b) requires an SDR to receive such a
Confidentiality and Indemnification Agreement from an ADR or AFR
prior to releasing swap data to the ADR or AFR.
---------------------------------------------------------------------------
2. The Regulatory Indemnification Requirement
In the preamble to the SDR Final Rules, the Commission acknowledged
commenters' concerns that compliance with the statutory and regulatory
indemnification requirements would be difficult for certain domestic
and foreign regulators due to various home country laws and other
regulations prohibiting such arrangements,\17\ and expressed its intent
to continue to work to provide regulators sufficient access to SDR
data. In this regard, the Commission outlined the circumstances under
which it believed the indemnification provision of CEA section 21(d)
and Sec. 49.18 would
[[Page 8371]]
not apply. The Commission explained that, under the part 49 rules,
certain Appropriate Domestic Regulators may in some circumstances
obtain access to swap data reported and maintained by SDRs without
regard to the notice and indemnification requirements of CEA sections
21(c)(7) and (d).\18\ With respect to foreign regulatory authorities,
the Commission determined in the SDR Final Rules that swap data
reported to and maintained by an SDR may be accessed by an AFR without
the execution of a confidentiality and indemnification agreement when
the AFR has supervisory authority over a Commission-registered SDR that
is also registered with the AFR pursuant to foreign law and/or
regulation.
---------------------------------------------------------------------------
\17\ See SDR Final Rules at 54554. The Commission notes that,
prior to passage of the FAST Act on December 4, 2015, no 21(c)(7)
entity had entered into a confidentiality or indemnification
agreement pursuant to CEA section 21(d) or the part 49 rules.
\18\ It was, in the Commission's view, appropriate to permit
access to the swap data maintained by SDRs to Appropriate Domestic
Regulators that have concurrent regulatory jurisdiction over such
SDRs, without the application of the notice and indemnification
provisions of CEA sections 21(c)(7) and (d). See SDR Final Rules at
54554, n163. Accordingly, pursuant to the Commission's Part 49
rules, these provisions did not apply to an Appropriate Domestic
Regulator that has regulatory jurisdiction over an SDR registered
with it pursuant to a separate statutory authority that is also
registered with the Commission, if the Appropriate Domestic
Regulator executes an MOU or similar information sharing arrangement
with the Commission and the Commission, consistent with CEA section
21(c)(4)(A), designates the Appropriate Domestic Regulator to
receive direct electronic access. See 17 CFR 49.17(d)(2).
---------------------------------------------------------------------------
Concerns about the scope of the indemnification provision
persisted, and in October 2012 the Commission issued an Interpretative
Statement, which was designed to provide guidance and greater clarity
to interested members of the public and foreign regulators with respect
to the scope and application of CEA section 21(d) and the part 49
rules.\19\ The Interpretative Statement clarified that a foreign
regulatory authority's access to swap data held in a CFTC-registered
SDR would not be subject to the confidentiality and indemnification
provisions of CEA section 21(d) or the part 49 regulations if (i) the
registered SDR is also registered in, or recognized or otherwise
authorized by, the foreign authority's regulatory regime; and (ii) the
data sought to be accessed by the foreign authority has been reported
to the registered SDR pursuant to such foreign regulatory regime.\20\
---------------------------------------------------------------------------
\19\ See Swap Data Repositories: Interpretative Statement
Regarding the Confidentiality and Indemnification Provisions of the
Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012)
(``Interpretative Statement'').
\20\ Interpretative Statement at 65181.
---------------------------------------------------------------------------
C. FAST Act Amendments to CEA Section 21
Congress responded to the regulators' access concerns by including
in the FAST Act a repeal of CEA section 21(d)(2)'s indemnification
requirement.\21\ The confidentiality requirement in CEA section
21(d)(1) was retained in CEA section 21(d), as amended.\22\
---------------------------------------------------------------------------
\21\ Title LXXXVI (``Repeal of Indemnification Requirements'')
of the FAST Act amends the CEA by:
repeal[ing] the indemnification requirements added by the Dodd-
Frank Wall Street Reform and Consumer Protection Act for regulatory
authorities to obtain access to swap data. Foreign regulators and
regulatory entities have indicated concerns regarding the
indemnification requirements of Dodd-Frank. The title removes such
requirements so data can be shared with foreign authorities. The
title would still require the regulatory agencies requesting the
information to agree to certain confidentiality requirements prior
to receiving the data.
FAST Act: Conference Report to Accompany H.R. 22, Dec. 1, 2015
at 486-87. The repeal applied as well to the analogous provision in
the Securities Exchange Act of 1934, 15 U.S.C. 78m(n)(5).
\22\ The legislation struck subsection (d) of CEA section 21 and
inserted in its place a provision entitled, ``Confidentiality
Agreement,'' that states that before a swap data repository may
share information with any entity described in subsection (c)(7),
the swap data repository shall receive a written agreement from each
entity stating that the entity shall abide by the confidentiality
requirements described in section 8 of the CEA relating to the
information on swap transactions that is provided. See FAST Act,
Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015).
---------------------------------------------------------------------------
The FAST Act also modified CEA section 21(c)(7)(A) by specifying
that ``swap'' data--as opposed to ``all'' data--must be provided to
21(c)(7) entities, and added to CEA section 21(c)(7)(E)'s non-exclusive
list of persons that the Commission may determine to be appropriate
recipients of SDR swap data the new category ``other foreign
authorities.''
D. CEA Section 8 Informs the Confidentiality Provisions of CEA Section
21
CEA section 8 governs the Commission's treatment of nonpublic
information in its possession in a number of circumstances, and its
disclosure restrictions and confidentiality standards expressly inform
the access provisions of CEA sections 21(c)(7) and 21(d). As relevant
here, CEA section 8(e) permits the Commission to furnish to the
specified types of domestic or foreign entities--upon their request and
acting within the scope of their jurisdiction--any information in its
possession obtained in connection with the administration of the
Act.\23\ CEA section 8(e) specifies, with respect to U.S. entities,
that any information furnished thereunder shall not be disclosed except
in an action or proceeding under the laws of the United States to which
the entity, the Commission or the United States is a party. CEA section
8(e) further specifies, with respect to the specified types of foreign
entities, that the Commission shall not furnish information thereunder
unless the Commission is satisfied that the information will not be
disclosed by the entity except in connection with an adjudicatory
action or proceeding to which the entity is a party brought under the
laws to which such entity is subject.
---------------------------------------------------------------------------
\23\ 7 U.S.C. 12(e).
---------------------------------------------------------------------------
The principles underlying CEA section 8(e) are also fundamental to
CEA sections 21(c)(7) and (d) and to the access standards and
confidentiality provisions proposed in this release. In proposing
clearer and more robust access and confidentiality standards in
Sec. Sec. 49.17 and 49.18, the Commission is mindful of these
foundational principles: Where information is sought to be accessed,
the information must relate to the scope of the requesting entity's
jurisdiction or authority; and information provided by the SDR shall
not be further disclosed except in limited, defined circumstances.
E. Summary of Proposed Revisions to Part 49
Pursuant to its authority under the Act,\24\ the Commission is
proposing amendments to Sec. Sec. 49.2, 49.9, 49.17, 49.18, and 49.22
to (i) implement the statutory changes mandated by the FAST Act
Amendments; (ii) make certain conforming and clarifying changes related
to such implementation; (iii) revise the process by which
appropriateness is determined for purposes of access to SDR swap data
and clarify the standards in connection with the Commission's
appropriateness determinations; and (iv) establish the form and
substance of the written agreement mandated by CEA section 21(d), as
amended. In formulating the following proposed amendments, the
Commission has endeavored to balance the goal of effective and
consistent global regulation of swaps \25\ with the mandate of CEA
sections 21(c)(7) and (d) that swap data be made available to a limited
universe of regulators on a
[[Page 8372]]
confidential basis pursuant to CEA section 8. The proposed rules and
rule amendments would, if adopted:
---------------------------------------------------------------------------
\24\ See, e.g., CEA section 21(f)(4) (Additional duties
developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also
authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules
and regulations as, in the judgment of the Commission, are
reasonably necessary to effectuate any of the provisions or to
accomplish any of the purposes of the Act.
\25\ Section 752 of the Dodd-Frank Act directs the CFTC, the SEC
and the prudential regulators, as appropriate, to consult and
coordinate with foreign regulatory authorities in this regard and
provides that these entities may agree to such information-sharing
arrangements as may be deemed necessary or appropriate in the public
interest or for the protection of investors, swap counterparties,
and security-based swap counterparties.
---------------------------------------------------------------------------
Add ``other foreign authorities'' to the foreign
regulators identified in Sec. 49.2(a)(5), consistent with the FAST
Act's amendment to CEA section 21(c)(7)(E) to include this category
among the entities that the Commission may deem appropriate to access
SDR swap data;
Amend Sec. 49.9 to make clarifying changes;
Amend Sec. 49.17 to, among other things: (i) Delete all
references to the indemnification requirement and/or indemnification
agreement; (ii) establish a process and clarify the standards for
determining whether certain entities not enumerated in Sec.
49.17(b)(1)(i)-(vi) are appropriate to directly access swap data from
an SDR; (iii) revise the SDR notification requirement so that SDRs
notify the Commission only for each initial request for swap data by
ADRs and AFRs and any subsequent request at variance with the ADR's or
AFR's scope of jurisdiction; (iv) specify that the information
available to ADRs and AFRs is ``swap data''--as distinguished from
``data,'' to reflect the corresponding FAST Act amendment to CEA
section 21; and (v) add a delegation of authority provision so that
Commission staff is able to efficiently administer certain functions
related to SDR swap data access;
Amend Sec. 49.18 to, among other things: (i) Delete all
references to the indemnification requirement and/or indemnification
agreement; (ii) require that SDRs receive, prior to providing SDR swap
data access to an ADR or AFR, a written confidentiality arrangement
between the Commission and such ADR or AFR; (iii) specify the required
elements of such written confidentiality arrangement; (iv) require SDRs
to notify the Commission of any known failures to fulfill the terms of
a confidentiality arrangement required by Sec. 49.18(a); (v) inform
ADRs, AFRs and SDRs that the Commission may direct an SDR to limit,
suspend or revoke an ADR's or AFR's access to swap data held by an SDR
if such ADR or AFR has failed to fulfill the terms of a confidentiality
arrangement required by Sec. 49.18(a); and (vi) add a delegation of
authority provision so that Commission staff is able to efficiently
administer certain functions related to SDR swap data access; and
Amend Sec. 49.22(d)(4) to omit a reference to
indemnification in order to conform to the corresponding FAST Act
amendment to the CEA.
F. Rescission of 2012 Interpretative Statement
The Commission has determined to rescind its 2012 Interpretative
Statement. References to the indemnification requirement in the
Interpretative Statement are no longer relevant as the indemnification
requirement in CEA section 21(d) has been repealed by the FAST Act.
Additionally, the modifications to Sec. 49.17(d)(3) that are proposed
here are consistent with the clarifications provided in the
Interpretative Statement.
II. Discussion
A. Definitions: Proposed Amendments to Sec. 49.2
As originally adopted, Sec. 49.2(a)(5) defined the term ``foreign
regulator'' to include a foreign futures authority as defined in CEA
section 1a(26), foreign financial supervisors, foreign central banks
and foreign ministries.\26\ The FAST Act amendments to the CEA added to
subsection 21(c)(7)(E) a new category of entity--``other foreign
authorities''--that the Commission may deem appropriate to obtain
access to SDR swap data. The Commission proposes a corresponding
amendment to the definition of ``foreign regulator'' in Sec.
49.2(a)(5) to conform this definition to amended subsection
21(c)(7)(E).
---------------------------------------------------------------------------
\26\ 17 CFR 49.2(a)(5). CEA Section 1a(26) defines ``foreign
futures authority'' as any foreign government, or any department,
agency, governmental body, or regulatory organization empowered by a
foreign government to administer or enforce a law, rule, or
regulation as it relates to a futures or options matter, or any
department or agency of a political subdivision of a foreign
government empowered to administer or enforce a law, rule, or
regulation as it relates to a futures or options matter. Section
723(a)(2) of the Dodd-Frank Act added section 2(d) to the CEA to
provide that enumerated provisions, including CEA section 1a, apply
to swaps.
---------------------------------------------------------------------------
B. Domestic and Foreign Regulators With Regulatory Responsibility )
Over SDRs: Proposed Amendments to Sec. 49.17(d)(2) and (3)
1. The Current Rule
Commission regulation 49.17(d)(2) of the Commission's regulations
currently provides that an ADR with regulatory jurisdiction over an SDR
registered with it pursuant to a separate statutory authority that is
also registered with the Commission is not subject to the requirements
of Sec. 49.17(d) (application and notice provisions) and Sec.
49.18(b) (confidentiality and indemnification agreement) as long as the
following conditions are met: (i) The ADR executes an MOU or similar
information sharing arrangement with the Commission; and (ii) the
Commission, consistent with CEA section 21(c)(4)(A), designates the ADR
to receive direct electronic access. As described in the SDR Final
Rules, the Commission provided that these ADRs may be provided access
to the swap data reported and maintained by SDRs without being subject
to the notice and indemnification provisions of CEA sections 21(c)(7)
and (d).\27\
---------------------------------------------------------------------------
\27\ See SDR Final Rules at 54554.
---------------------------------------------------------------------------
Commission regulation 49.17(d)(3) of the Commission's regulations
currently provides that an AFR with supervisory authority over an SDR
registered with it pursuant to foreign law and/or regulation that is
also registered with the Commission is not subject to the requirements
of Sec. 49.17(d) (application and notice provisions) and Sec.
49.18(b) (confidentiality and indemnification agreement). As described
in the SDR Final Rules and Interpretative Statement, the Commission
believes that confidential swap data reported to, and maintained, by an
SDR may be appropriately accessed by an AFR without the execution of a
confidentiality and indemnification agreement when the AFR is acting in
a regulatory capacity with respect to an SDR that is also registered
with the AFR and with respect to data reported to such SDR pursuant to
such AFR's regulatory regime.\28\
---------------------------------------------------------------------------
\28\ Id. See also Interpretative Statement at 65181; section 752
of the Dodd-Frank Act.
---------------------------------------------------------------------------
2. Proposed Amendments
With respect to domestic regulators with regulatory jurisdiction
over an SDR, the Commission proposes to remove: (1) The reference to
``Appropriate Domestic Regulator'' in Sec. 49.17(d)(2) and replace it
with the term ``domestic regulator'' to clarify that all domestic
regulators and not just ADRs would fall under Sec. 49.17(d)(2); (2)
subparagraph (i) to Sec. 49.17(d)(2) (the information sharing
arrangement condition) and (3) subparagraph (ii) to Sec. 49.17(d)(2)
(the direct electronic access condition). Although the Commission in
the original part 49 rules adopted the information sharing and direct
electronic access conditions so that ADRs would not be subject to the
then-existing confidentiality and indemnification requirements, the
Commission through experience with SDR swap data access believes an
additional refinement of these rules is necessary in order to promote
greater efficiency and cooperation among domestic regulators.
Accordingly, the Commission submits that a domestic regulator that has
regulatory jurisdiction
[[Page 8373]]
over an SDR registered with it pursuant to a separate statutory
authority should be able to access SDR data reported to such SDR
pursuant to such separate statutory authority irrespective of whether
such domestic regulator has executed an MOU or similar information
sharing arrangement with the Commission or been designated to receive
direct electronic access by the Commission.\29\
---------------------------------------------------------------------------
\29\ The Commission's proposal is consistent with the principle
previously set forth in its Interpretative Statement relating to the
confidentiality and indemnification provisions of the CEA. In
particular, the Commission stated ``that a foreign regulator's
access to data from a registered SDR that is also registered,
recognized, or otherwise authorized in a foreign jurisdiction's
regulatory regime, where the data to be accessed has been reported
pursuant to that [other] regulatory regime, [such access] will be
dictated by that jurisdiction's regulatory regime and not by the CEA
or Commission regulations.'' See Interpretative Statement at 65181.
---------------------------------------------------------------------------
In connection with foreign regulatory authorities that have
supervisory authority over an SDR, the Commission proposes to (i)
remove the reference to ``Appropriate Foreign Regulator'' in Sec.
49.17(d)(3) and replace it with the term ``Foreign Regulator'' as
defined in Sec. 49.2 to clarify that all Foreign Regulators, not only
those that have been determined ``appropriate'' by the Commission would
fall under Sec. 49.17(d)(3); and (ii) add qualifying language to Sec.
49.17(d)(3) so that Sec. 49.17(d)(3) applies not only to SDRs that are
``registered'' with the Foreign Regulator but also to those SDRs that
are ``registered, recognized, or otherwise authorized'' by a foreign
jurisdiction's regulatory regime, and where such swap data has been
reported to the SDR pursuant to the Foreign Regulator's regulatory
regime.\30\
---------------------------------------------------------------------------
\30\ Id.
---------------------------------------------------------------------------
As it was when adopting the SDR Final Rules, the Commission is
mindful of the need to protect the confidentiality of swap data when
such data is provided to another regulator. Under the proposal, the
Commission believes that the proposed changes to Sec. 49.17(d)(3)
strike the appropriate balance in providing access to swap data
consistent with the confidentiality protections set forth in the
CEA.\31\
---------------------------------------------------------------------------
\31\ See CEA section 21(c)(7); see also section 752 of the Dodd-
Frank Act.
---------------------------------------------------------------------------
3. Request for Comment
The Commission requests comment on all aspects of amendments to
Sec. 49.17(d)(2) and (3).
C. Appropriateness Determination for Foreign Regulators and Non-
enumerated Domestic Regulators: Proposed Sec. 49.17(h) and Proposed
Amendments to Sec. 49.17(b)
1. The Current Rule
CEA section 21(c)(7) specifies U.S. entities to which swap data
must be released by an SDR, provided certain prerequisites are
satisfied. Because Congress has determined that access to SDR swap data
by these entities is appropriate when the prerequisites are satisfied,
no further access consideration by the Commission is necessary. These
U.S. entities, along with others determined to be appropriate by the
Commission pursuant to CEA section 21(c)(7)(E), are identified in Sec.
49.17(b)(1) as ``Appropriate Domestic Regulators.'' The term
``Appropriate Domestic Regulator'' is also defined to include ``any
other person the Commission deems appropriate.'' The current part 49
rules do not include a process for determining that a U.S. entity not
specifically enumerated in Sec. 49.17(b)(1) is an ``Appropriate
Domestic Regulator.''
Under current Sec. 49.17(b)(2)(i), in order for a Foreign
Regulator \32\ that does not have a current MOU with the Commission to
be determined to be an ``Appropriate Foreign Regulator,'' \33\ it must
file with the Commission an application in the form and manner
specified by the Commission.\34\ The application must provide
sufficient facts and procedures to permit the Commission to analyze
whether the Foreign Regulator's confidentiality procedures are
appropriate and to satisfy the Commission that information provided by
an SDR will not be disclosed by the Foreign Regulator except as
permitted by CEA section 8(e).
---------------------------------------------------------------------------
\32\ The term ``Foreign Regulator'' is defined in Sec.
49.2(a)(5) to mean a foreign futures authority as defined in CEA
section 1(a)(26), foreign financial supervisors, foreign central
banks and foreign ministries.
\33\ No Foreign Regulators are enumerated in CEA section
21(c)(7) or specifically identified as Appropriate Foreign
Regulators in Sec. 49.17(b)(2).
\34\ To date the Commission has not specified a form and manner
for the application referenced in current Sec. 49.17(b)(2)(i)(A).
---------------------------------------------------------------------------
2. The Proposed Amendments
The Commission proposes to eliminate the current filing
requirements set forth in current Sec. 49.17(b)(2)(i) and establish
new filing requirements in proposed Sec. 49.17(h). The Commission also
proposes to include in Sec. 49.17(h), CEA section 8-related
confidentiality considerations and the ability for the Commission to
revisit or reassess appropriateness determinations. The filing
requirements proposed in new Sec. 49.17(h) would apply to all foreign
regulators regardless of whether a current MOU or similar arrangement
with the Commission exists, and to any domestic regulator that is not
an ADR enumerated in Sec. 49.17(b)(1)(i)-(vi) (``Enumerated ADR'').
Proposed Sec. 49.17(h)(3) would specify two threshold requirements for
a finding of appropriateness: (i) The requesting entity has in place
appropriate safeguards to maintain the confidentiality of such swap
data; and (ii) such entity is acting within the scope of its
jurisdiction in seeking access to swap data maintained by an SDR. These
requirements are necessary but may or may not be sufficient to support
an appropriateness determination: The Commission proposes to evaluate
each filing on a case-by-case basis with reference to these and other
factors that the Commission may find germane to its determination. If
the Commission finds on the basis of information submitted that access
to SDR swap data is appropriate, the Commission would issue an order
confirming the regulator's status as an ADR or AFR and setting forth
any conditions or limitations on access consistent with the relevant
statutory and regulatory requirements (the proposed ``Determination
Order''). The Commission is also proposing, through Sec. 49.17(h)(4),
to be able to revisit, reassess, limit, suspend or revoke a previously
issued Determination Order. The Commission believes it is necessary to
be able to revisit an appropriateness determination, and potentially
take one of the foregoing remedial actions, in order to be able to
address situations that may arise subsequent to the determination, such
as where an AFR or ADR violates the term of a Determination Order or
fails to properly keep SDR swap data confidential.
3. The Factors Required for a Determination Order
a. Scope of Jurisdiction
CEA section 21(c)(7) directs SDRs to provide swap data to
regulators ``on a confidential basis pursuant to section 8.'' \35\ The
Commission interprets this provision to require consistency with CEA
section 8(e)'s mandate that information may be furnished, on a
confidential basis, only to other regulators acting within the scope of
their jurisdiction. Accordingly, the Commission believes that an
appropriateness determination must be
[[Page 8374]]
informed by reference to the regulator's jurisdiction and to the
entity's legitimate regulatory or legal interest in the swap data to be
sought.
---------------------------------------------------------------------------
\35\ 7 U.S.C. 24(c)(7).
---------------------------------------------------------------------------
In this regard, the Commission proposes to add to part 49 new Sec.
49.17(h)(2), which would require an applicant seeking a Determination
Order to provide the Commission sufficient information to permit the
Commission to conclude that the applicant would be acting within the
scope of its jurisdiction in seeking access to swap data maintained by
an SDR. As part of this information, the Commission expects that an
applicant would explain the relationship between its jurisdiction and
its request for access to swap data maintained by SDRs, including an
explanation of the applicant's need for particular swap data to carry
out its regulatory mandate, legal authority or responsibility.
The Commission proposes in new Sec. 49.17(h)(3) to specify that
the Commission will not issue a Determination Order unless it is
satisfied that the regulator is acting within the scope of its
jurisdiction in seeking access to SDR swap data, and that any grant of
access will be limited to swap data appropriate to the entity's
regulatory mandate or legal authority. Each Determination Order would
further require, as a condition of the appropriateness determination
set forth therein, that a regulator that has received a Determination
Order promptly notify the Commission, and each SDR from which it has
received swap data, of any change to its jurisdiction that would relate
to the swap data access requested.\36\ As described in proposed Sec.
49.17(d)(5), the Commission would be able to direct SDRs to limit,
suspend or revoke the scope of an ADR's or AFR's SDR swap data access
to reflect the new scope of its jurisdiction.\37\ The Commission
expects that this proposed limitation on access will reduce the risk of
unauthorized or unnecessary disclosures because each appropriate
regulator will have access to swap data only to the extent necessary to
fulfill its jurisdictional mandate or regulatory responsibility.
---------------------------------------------------------------------------
\36\ The form of confidentiality arrangement set forth in
proposed Appendix B to part 49 also would require such notices.
\37\ As is relevant here, proposed Sec. 49.17(d)(5) would
require that each SDR ``shall, as directed by the Commission, limit,
suspend or revoke . . . such access should the Commission . . .
direct the [SDR] to limit, suspend or revoke such access.''
---------------------------------------------------------------------------
b. Robust Confidentiality Safeguards
CEA section 21(c)(7) is explicit in requiring that SDRs make swap
data available on a confidential basis pursuant to CEA section 8.
Proposed Sec. 49.17(h)(2) accordingly would require that the applicant
submit to the Commission information sufficient to permit a
determination that the applicant employs adequate confidentiality
safeguards to ensure that swap data the applicant receives from an SDR
will not be disclosed other than as permitted by the confidentiality
arrangement required by Sec. 49.18(a). The Commission anticipates that
this would involve the Commission considering whether the applicant's
confidentiality protocols, system safeguards and security compliance
procedures can be expected to ensure the confidentiality of the swap
data, and that the applicant has in place protections sufficient to
prevent unauthorized intrusions into the systems that maintain the swap
data. In this regard, the Commission would also expect to consider the
applicant's processes for limiting internal access to swap data to
those persons with a need to know, as well as how the swap data will be
stored and whether the swap data will be segregated from other
information.
It is the Commission's view that reliance on these factors strikes
an appropriate balance between realizing the benefits of data access by
regulators \38\ and the obligation to protect confidential information
in accordance with the dictates of CEA section 8(e), as incorporated by
reference in CEA section 21(c)(7) and (d) through those sections'
incorporation of CEA section 8. The Commission considers these factors
essential to a determination of appropriateness. Other considerations,
while not proposed to be codified in these proposed rules, may also
contribute to the Commission's appropriateness analysis.
---------------------------------------------------------------------------
\38\ See CEA section 21(c)(7); see also Section 752 of the Dodd-
Frank Act (recognizing the goal of effective and consistent global
regulation of swaps).
---------------------------------------------------------------------------
c. Additional Considerations
Although the Commission proposes to eliminate the current
regulatory provision conferring AFR status on a foreign regulator with
``an existing [MOU] or other similar type of information sharing
arrangement executed with the Commission . . ., '' \39\ it nonetheless
continues to believe that the existence of such an arrangement fosters
a cooperative relationship and encourages the development of shared
understandings related to regulatory responsibilities. Although not
dispositive, indications of a strong cooperative relationship with
another authority, as established by the existence of such an
arrangement and the Commission's experience working with such authority
in finalizing and administering the arrangement, would likely be a
factor supporting an appropriateness determination. Also, a failure to
cooperate fully or to comply with the terms of an existing or prior
arrangement might be expected to weigh against an appropriateness
determination.
---------------------------------------------------------------------------
\39\ 17 CFR 49.17(b)(2).
---------------------------------------------------------------------------
Similarly, when assessing appropriateness, the Commission expects
to consider whether it receives access to swap data maintained by trade
repositories in that regulator's jurisdiction. The Commission is
mindful of the Dodd-Frank Act's encouragement of coordination and
cooperation with foreign regulatory authorities.\40\ The Commission
believes that increased data access by regulators has the potential to
provide the Commission and other authorities with more complete
information with which to monitor risk exposures and should be expected
to promote global market stability through enhanced regulatory
transparency. Accordingly, Commission access to swap data maintained by
trade repositories in such other regulator's jurisdiction, an
arrangement prospectively to assist the Commission in obtaining data
from other jurisdictions, and a history of assistance from a foreign
regulator, would be viewed favorably by the Commission in considering
appropriateness.
---------------------------------------------------------------------------
\40\ See Dodd-Frank Act section 752, supra.
---------------------------------------------------------------------------
d. Other Matters Regarding the Determination Order Process
The Commission preliminarily believes that the Determination Order
process and factors discussed above offer a reasonable approach to
providing requesting entities access to SDR swap data based on clearly
articulated factors and any additional considerations or circumstances
the Commission may deem relevant on a case-by-case basis. Both the
required factors and the additional considerations support the mandate
of CEA sections 8, 21(c)(7) and 21(d) and are consistent with the
express intent of Congress that the Commission coordinate and cooperate
with foreign regulatory authorities on matters related to the
regulation of swaps. Through the issuance of Determination Orders, the
Commission will be able to impose appropriate conditions or
restrictions on an entity's access to SDR swap data such that the
entity's access is linked to its jurisdictional scope. Pursuant to
proposed Sec. 49.17(h)(4), the Commission
[[Page 8375]]
may also, in its discretion, issue a Determination Order of limited
duration, and may otherwise limit, suspend or revoke such an order if
the entity fails to comply with its terms or the terms of the statutory
confidentiality arrangements. The Commission would expect SDRs to take
into account any conditions or restrictions contained in a
Determination Order when providing access to swap data to an ADR or
AFR.
The Commission further believes it is appropriate to make the
process and factors proposed in Sec. 49.17(h) applicable to any
domestic entities that are not enumerated as ADRs in Sec.
49.17(b)(1)(i)-(vi), as scope of jurisdiction and confidentiality
considerations are equally applicable to U.S. entities, and has drafted
proposed Sec. 49.17(h) accordingly.
e. Request for Comment
The Commission requests comment on all aspects of proposed Sec.
49.17(h), particularly on whether the proposed regulatory and other
factors are sufficient to determine whether access to SDR swap data is
appropriate.
4. Proposed Amendments to Sec. 49.17(d)(4)--SDR Notice and
Verification Obligations
CEA section 21(c)(7) requires each SDR to notify the Commission of
a swap data request received from an ADR or AFR.\41\ Currently, this
statutory requirement is implemented in Sec. 49.17(d)(4)(i), which
provides that an SDR must promptly notify the Commission regarding
``any'' request received by an ADR or AFR to gain access to swap data
maintained by the SDR.
---------------------------------------------------------------------------
\41\ See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7).
---------------------------------------------------------------------------
To reduce the burden on SDRs and provide greater operational
efficiency consistent with the intent of CEA section 21(c)(7), the
Commission is proposing to amend the SDR notification requirement in
current Sec. 49.17(d)(4)(i) to require an SDR to notify the Commission
(i) at the time that it receives the first request for swap data from a
particular ADR or AFR and (ii) at any time that a request does not
comport with the scope of the ADR's or AFR's jurisdiction, as described
in the confidentiality arrangement required by proposed Sec. 49.18(a).
The proposed amendment would make the notification applicable only to
the initial request for swap data and any subsequent request at
variance with the ADR's or AFR's scope of jurisdiction: On receiving
either such request for data by a particular ADR or AFR, the SDR would
be required to provide prompt electronic notification to the Commission
of the request, in a format specified by the Secretary of the
Commission, pursuant to proposed Sec. 49.17(d)(4)(ii). The SDR would
be required to keep such notification and related requests confidential
consistent with the requirements of CEA sections 21(c)(6) and (7) and
related regulatory requirements set forth in Sec. Sec. 49.16 and
49.17.
The Commission believes that the proposed approach to SDR
notification supports the Commission's need to be aware of who is able
to access SDR swap data and what data has been accessed, while
eliminating potentially costly, unwieldy and inefficient notice of
every swap data request. Under the proposal, the Commission would be
notified that a particular ADR or AFR has requested access to SDR swap
data and will be able to examine records of the ADR's or AFR's
individual swap data requests, and the swap data provided, as it deems
necessary.\42\
---------------------------------------------------------------------------
\42\ Consistent with the current recordkeeping requirements for
SDRs in Sec. 45.2(f), SDRs are required to maintain records of all
information related to the initial and all subsequent requests for
swap data from ADRs/AFRs. Appropriate records would include, at a
minimum, the identity of the ADR/AFR accessing the swap data; the
date, time and substance of the request for access; confirmation
that the request is consistent with the scope of the regulator's
jurisdiction; and copies of all swap data provided in connection
with the request for access. Pursuant to CEA section 1.31, SDRs are
required to maintain such records for a period of no less than five
years after the date of such request and must provide this
information to the Commission upon request.
---------------------------------------------------------------------------
The Commission also proposes to amend Sec. 49.17(d)(4) by adding
new subsection (iii) to require each SDR that receives a request for
access to its swap data from an ADR or AFR to verify, prior to
providing such access, that the request is consistent with the scope of
the ADR's or AFR's jurisdiction, as described in the confidentiality
arrangement required by proposed Sec. 49.18(a).\43\ This verification
would need to incorporate any subsequent changes thereto. The
Commission is also proposing to require an ADR or AFR that has executed
a confidentiality arrangement with the Commission pursuant to Sec.
49.18(a) and provided such confidentiality arrangement to one or more
SDRs to notify the Commission and each such SDR of any change to such
ADR's or AFR's scope of jurisdiction as described in such
confidentiality arrangement. Additionally, the proposal would enable
the Commission to direct a SDR to suspend, limit, or revoke access to
swap data maintained by such SDR based on any such change to such ADR's
or AFR's scope of jurisdiction, and that, if so directed, such SDR
shall so suspend, limit, or revoke such access.
---------------------------------------------------------------------------
\43\ The scope of jurisdiction would be described in Exhibit A
to the form of confidentiality arrangement set forth in proposed
Appendix B to part 49.
---------------------------------------------------------------------------
As proposed, Sec. 49.17(d)(4)(iv) would require SDR verification
only once with respect to a request for ongoing or recurring access to
particular data, provided that there has not been a change in the scope
of the regulator's jurisdiction (in which case an SDR would need to
verify anew that the swap data requested is within the scope of the
requesting ADR's or AFR's jurisdiction). The Commission recognizes that
the proposed requirement imposes a burden on SDRs; however, it notes
that SDRs are obliged by CEA section 21(c)(7) to provide access
``pursuant to section 8'' of the CEA, which requires a jurisdictional
nexus to the information requested. In these circumstances, the
Commission believes SDRs must take a role in ensuring compliance with
these statutory restrictions.
5. Proposed New Sec. 49.17(i)--Delegation of Authority
In the interests of expedience and efficiency in determining
appropriateness of access by regulators, the Commission proposes to
delegate all functions reserved to the Commission in Sec. 49.17 to the
Director of the Division of Market Oversight and to such members of the
Commission's staff acting under his or her direction as he or she may
designate from time to time.
6. Request for Comment
The Commission requests comment on all aspects of the proposed
amendments to Sec. 49.17, and particularly invites comments on:
1. Whether commenters believe there are more cost-effective methods
of notification and recordkeeping that would still provide the
Commission with access to the information necessary for it to perform
its regulatory functions in a manner consistent with CEA section
21(c)(7); and
2. Whether a phase-in process is necessary to decrease the
likelihood that a large number of new demands on SDRs' systems from
ADRs and AFRs seeking access to swap data will decrease SDR systems
reliability, efficiency or speed.
D. CEA Section 21(d) Confidentiality Agreements: Proposed Amendments to
Sec. 49.18
CEA section 21(d), as amended, requires that, prior to providing
swap data to a 21(c)(7) entity, an SDR ``shall
[[Page 8376]]
receive a written agreement from each entity stating that the entity
shall abide by the confidentiality requirements described in CEA
section 8 relating to the information on swap transactions that is
provided.'' \44\ As originally adopted, the part 49 rules required that
such confidentiality agreements be executed between the SDR and the
21(c)(7) entity.\45\ The Commission proposes to add a new Sec.
49.18(a) to require that a confidentiality arrangement be executed by
and between the ADR or AFR and the Commission.\46\ Once the ADR or AFR
and the Commission have executed a confidentiality arrangement, the ADR
or AFR may present the executed document to any SDR from which it
requests access to swap data in satisfaction of CEA section 21(d).
---------------------------------------------------------------------------
\44\ See CEA section 21(d). 7 U.S.C. 24a(d) as amended by the
FAST Act.
\45\ See current Sec. 49.17(d)(6) and 49.18(b).
\46\ See proposed Sec. 49.18(a) (requiring that an SDR received
``an executed confidentiality arrangement between the Commission and
the [ADR] or [AFR] . . . .''). The Commission notes that the SEC has
implemented a similar approach with respect to the execution of the
required agreement. See Access to Data Obtained by Security-Based
Swap Data Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2,
2016) (SEC rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and
associated preamble text).
---------------------------------------------------------------------------
The Commission recognizes that its proposed amendments to Sec.
49.18 represent a change in approach from the part 49 rules as adopted.
Based on its experience with SDRs and swap data access since the
adoption of part 49 in 2011, and further consideration of the
relationship between CEA sections 21 and 8, however, the Commission
believes this change is consistent with the statutory framework
established by Congress in CEA section 21(d) and 21(c)(7). Moreover, in
the Commission's view a confidentiality arrangement between the
Commission and the regulator more directly supports the confidentiality
mandate of CEA section 8. Finally, the Commission believes that the
proposed requirement will promote regulatory efficiency and reduce
costs to SDRs, ADRs and AFRs while ensuring the confidentiality of SDR
swap data by giving full effect to the strictures of CEA section 8(e).
To further promote regulatory efficiency, the Commission is
proposing to provide a form of confidentiality arrangement as Appendix
B to Part 49, for use by ADRs and AFRs. The Commission would expect its
use by ADRs and AFRs to reduce significantly the need for these
entities to negotiate separate confidentiality arrangements with the
Commission. This proposed change also would eliminate the costs and
potential inefficiencies to SDRs inherent in requiring them to
negotiate confidentiality agreements with a potentially large number of
ADRs and AFRs. Finally, while its use is not required, the Commission
believes that the proposed form of confidentiality arrangement in
Appendix B to Part 49 can be expected to conserve its limited staff
resources by eliminating in many cases the need for the Commission and
its staff to develop individualized confidentiality arrangements with
multiple ADRs or AFRs seeking access to SDR swap data.
1. Current Sec. 49.18
The Commission adopted Sec. 49.18 to implement CEA section
21(d)(1) and (2) as originally enacted. Accordingly, the current rule
sets forth the obligation for SDRs to execute a ``Confidentiality and
Indemnification Agreement'' before providing SDR swap data to an ADR or
AFR. Congress has repealed the indemnification requirement, and the
Commission proposes to make conforming amendments to Sec. 49.18 to
remove references to indemnification.
Separately, the Commission is proposing revisions to Sec. 49.18 to
modify the substantive requirements of the confidentiality arrangement
and the parties to the confidentiality arrangement, to establish
conditions for restricting or revoking access to SDR swap data, and to
clarify the confidentiality obligations of ADRs and AFRs with
regulatory responsibility over an SDR.
2. Proposed Amendments to Sec. 49.18(a)--Confidentiality Arrangement
Required Prior to Disclosure of Swap Data
The Commission proposes to remove current Sec. 49.18(a) \47\ and
add a new Sec. 49.18(a) requiring that an SDR receive a
confidentiality arrangement, executed by the Commission and the ADR or
AFR seeking access to the swap data maintained by the SDR, that, at a
minimum, contains all elements described in proposed Sec. 49.18(b).
---------------------------------------------------------------------------
\47\ Current Sec. 49.18(a) describes the purpose of Sec.
49.18.
---------------------------------------------------------------------------
3. Proposed Amendments to Sec. 49.18(b)--Required Elements of the
Confidentiality Arrangement
The Commission proposes to replace the text of current Sec.
49.18(b) \48\ with a requirement that the confidentiality arrangement
required pursuant to Sec. 49.18(a) shall, at a minimum, include all
elements included in the form of confidentiality arrangement set forth
in proposed Appendix B to part 49. Paragraph 5 of the confidentiality
arrangement would require the ADR or AFR to undertake that it will be
acting within the scope of its jurisdiction each time it requests swap
data from an SDR, and to promptly notify the Commission and each
relevant SDR if the scope of the ADR's or AFR's jurisdiction changes.
Paragraph 5 of the confidentiality arrangement also would require ADRs
and AFRs to employ procedures to maintain the confidentiality of swap
data and any information and analyses derived therefrom (the swap data
and such information are referred to collectively as the ``Confidential
Information'').
---------------------------------------------------------------------------
\48\ Current Sec. 49.18(b) requires an SDR to receive a
confidentiality agreement from a 21(c)(7) entity before granting the
21(c)(7) entity access to swap data maintained by the SDR. As
discussed above, the Commission proposes to address in proposed
Sec. 49.18(a) the confidentiality arrangement condition to swap
data access.
---------------------------------------------------------------------------
Paragraph 6 of the confidentiality arrangement would require ADR
and AFR signatories to employ the following safeguards to maintain the
confidentiality of the Confidential Information:
To the maximum extent practicable, maintain Confidential
Information received from SDRs separately from other data and
information; \49\
---------------------------------------------------------------------------
\49\ ADRs and AFRs seeking useful guidance for Confidential
Information segregation can look to the data segregation standards
contained in the National Institute of Standards and Technology
(``NIST'') Special Publication 800-53, Revision 4, Security and
Privacy Controls for Federal Information Systems and Organizations
(April 2013), available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf or in the Federal
Information Security Management Act of 2002, as amended (``FISMA'').
44 U.S.C. 3541. As the Commission has previously noted in a
different context, FISMA ``is a source of cybersecurity best
practices and also establishes legal requirements for federal
government agencies . . . .'' System Safeguards Testing
Requirements, 80 FR 80139, 80142 (Dec. 23, 2015) (``Registered
Entity Cyber NPRM''). The Commission recently adopted final rules
based on the Registered Entity Cyber NPRM. See System Safeguards
Testing Requirements, 81 FR 64271 (Sept. 19, 2016) (``Final
Registered Entity Cyber Rules'').
---------------------------------------------------------------------------
Protect such Confidential Information from
misappropriation and misuse; \50\
---------------------------------------------------------------------------
\50\ This should include cybersecurity measures. As the
Commission detailed in a different context in the Final Registered
Entity Cyber Rules, ``cyber threats to the financial sector continue
to expand.'' See Final Registered Entity Cyber Rules at 64272. See
also System also Safeguards Testing Requirements for Derivatives
Clearing Organizations, 80 FR 80113, 80114-80115 (Dec. 23, 2015)
(describing escalating and evolving cybersecurity threats);
Registered Entity Cyber NPRM at 80140-80141 (Dec. 23, 2015)
(describing, inter alia, the current cybersecurity threat
environment).
---------------------------------------------------------------------------
Ensure that only ADR or AFR personnel with a need to
access particular Confidential Information to perform their job
functions related to such Confidential Information have access thereto
and that such access is
[[Page 8377]]
permitted only to the minimum extent necessary to perform such job
functions; \51\
---------------------------------------------------------------------------
\51\ One basic principle of data security is that only those
with a need to access data to perform their work should be granted
access to such data. See, e.g., Framework for Improving Critical
Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the ``Protect'' element of a core
cybersecurity framework as one where ``[a]ccess to assets and
associated facilities is limited to authorized users, processes, or
devices, and to authorized activities and transactions.'').
---------------------------------------------------------------------------
Except as provided in paragraph 8 of the confidentiality
arrangement, prevent disclosure of Confidential Information unless
sufficiently aggregated and anonymized to prevent identification,
through disaggregation or otherwise, of a market participant's business
transactions, trade data, market positions, customers or
counterparties; \52\
---------------------------------------------------------------------------
\52\ The Commission understands that ADRs and AFRs may want to
use aggregated and anonymized information derived from SDR swap data
in analyses that may be made public. Cf. U.S. Gov't Accountability
Office, GAO-16-175, Financial Regulation: Complex and Fragmented
Structure Could Be Streamlined To Improve Effectiveness 71-75 (2016)
(``GAO Report''), available at http://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and
related confidentiality issues and protections surrounding sharing
aggregated and disaggregated information provided by other
agencies). The Commission believes that, when properly aggregated
and anonymized, information derived from SDR swap data generally can
be disclosed without violating the requirement in CEA section 21(d)
that a recipient of swap data agree, with respect to the information
on swap transactions that is provided by an SDR, to abide by the
confidentiality requirements described in CEA section 8. Cf. Sec.
49.16(c) (stating that ``[s]ubject to Section 8 of the Act, [SDRs]
may disclose aggregated swap data on a voluntary basis or as
requested[ ] in the form and manner[ ] prescribed by the
Commission.''); SDR Final Rules at 54551 (stating that ``the
Commission believes that it is permissible under the Dodd-Frank Act
and part 49 of the Commission's regulations for an SDR to disclose,
for non-commercial purposes, data on an aggregated basis such that
the disclosed data reasonably cannot be attributed to individual
transactions or market participants.''). In certain cases, however,
even aggregated information may enable a reader to determine a
market participant's business transactions, trade secrets (e.g.,
algorithms) or positions. Thus, the proposed form of confidentiality
arrangement requires ADRs and AFRs to implement safeguards designed
to appropriately limit the use of information that has been
aggregated from SDR swap data and to prevent disaggregation or other
derivations of a market participant's business transactions, trade
data or market positions. ADRs and AFRs can look to Sec.
43.4(d)(1), (d)(4) and (g) for guidance on anonymization principles.
---------------------------------------------------------------------------
Prohibit the use of Confidential Information by ADR or AFR
personnel for any improper purpose; and
Monitor compliance with the confidentiality safeguards and
ensure prompt notification of the CFTC and each relevant SDR of any
violation of the safeguards or failure to fulfill the terms of the
confidentiality arrangement.
Paragraph 7 of the confidentiality arrangement also would preclude,
with limited exceptions, ADRs and AFRs from disclosing any Confidential
Information, via onward sharing \53\ or otherwise. The only permitted
disclosures would be (1) in actions, adjudicatory actions or
proceedings, as applicable, described in CEA section 8(e), the
operative language of which is included in paragraph 8 of the
confidentiality arrangement and (2) aggregated SDR swap data that is
anonymized to prevent identification (through disaggregation or
otherwise) of a market participant's business transactions, trade data,
market positions, customers or counterparties.
---------------------------------------------------------------------------
\53\ The Commission interprets the restrictions on disclosure
contained in CEA section 8 that are incorporated in CEA section
21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing
swap data it obtains from an SDR.
---------------------------------------------------------------------------
Paragraph 9 of the confidentiality arrangement contains certain
provisions requiring ADRs and AFRs to notify the Commission, and take
certain protective actions, prior to disclosing SDR swap data even
where an ADR or AFR receives a legally enforceable demand to disclose
Confidential Information.
Paragraph 11 of the confidentiality arrangement would require ADRs
and AFRs accessing swap data from SDRs to comply with all security-
related requirements imposed by SDRs in connection with access to such
swap data, as such requirements may be revised from time to time.
Because, subject to specified conditions, CEA sections 21(c)(7) and
21(d) require SDRs to provide ADRs and AFRs access to swap data, the
Commission expects that SDRs will not impose security-related access
requirements beyond those that are necessary to ensure the privacy and
confidentiality of SDR swap data. The Commission further expects that
SDRs' security-related access requirements for ADRs and AFRs would be
akin, if not identical, to the requirements SDRs impose on others
(e.g., the Commission, reporting counterparties) to whom SDRs provide
swap data access.
To further protect the confidentiality of SDR swap data, paragraph
12 of the confidentiality arrangement would require ADR and AFR
signatories to promptly destroy all Confidential Information for which
they no longer have a need or which no longer falls within their scope
of jurisdiction.\54\ While it may be the case that ADRs or AFRs will
use some or all Confidential Information in perpetuity, if they no
longer have a need for Confidential Information, they should destroy
such Confidential Information to prevent its misuse. Similarly, it is
possible that an SDR may inadvertently provide swap data outside the
scope of an ADR or AFR's jurisdiction. In such circumstances, such swap
data also should be destroyed immediately after the ADR or AFR
discovers that such swap data is outside the scope of its jurisdiction.
---------------------------------------------------------------------------
\54\ Paragraph 12 of the confidentiality arrangement would also
require ADR and AFR signatories to certify to the CFTC, upon
request, that they have destroyed such swap data.
---------------------------------------------------------------------------
The proposed rule would require that the confidentiality
arrangement must include an exhibit (Exhibit A) specifying the scope of
jurisdiction of the ADR or AFR signatory. If such signatory is not an
Enumerated ADR, the ADR or AFR would attach the Commission
Determination Order described in Sec. 49.17(h) as Exhibit A to the
confidentiality arrangement. If such signatory is an Enumerated ADR, it
would attach, as Exhibit A to the confidentiality arrangement, a
detailed description of its scope of jurisdiction as it relates to the
swap data maintained by SDRs that the ADR would seek pursuant to the
confidentiality arrangement. This requirement is designed to assist
SDRs in determining that the scope of each swap data request is within
the scope of the requesting entity's jurisdiction.
While the Commission would impose certain obligations on ADRs and
AFRs, with respect to swap data received from an SDR, in the proposed
confidentiality arrangement, ADRs and AFRs retain the discretion to
determine how to comply with those obligations. Additionally, to the
extent that neither the proposal nor commenters address a relevant
confidentiality issue that arises after an ADR or AFR commences
accessing swap data, the Commission expects affected ADRs and AFRs to
take appropriate measures to safeguard affected swap data and advise
the Commission of such issue promptly so that the Commission may
consider appropriate action.
4. Removal of Sec. 49.18(c)--ADRs and AFRs With Regulatory
Responsibility Over an SDR
The Commission proposes to remove current Sec. 49.18(c), which
provides that the indemnification and confidentiality requirements
established in Sec. 49.18(b) do not apply to certain ADRs and AFRs
with regulatory jurisdiction or supervisory responsibilities over an
SDR, but requires such regulators to comply with CEA section 8 and
``any other relevant statutory confidentiality authorities.'' As noted
above in section II.B. relating to Sec. 49.17(d)(2) and (3), the
Commission believes that those domestic and foreign regulators that
have regulatory responsibility over an
[[Page 8378]]
SDR should be able to access SDR data reported to such SDR pursuant to
such other regulator's regulatory regime, without limitation.
Therefore, the Commission submits that Sec. 49.18(c) is not
appropriate because it requires these domestic and foreign regulators
with regulatory responsibility over SDRs to comply with CEA section 8
and any other relevant statutory confidentiality authorities. In
addition, Sec. 49.17(d)(2) and (3) already provide that the
confidentiality and indemnification requirements of Sec. 49.18(b) do
not apply to these domestic and foreign regulators with regulatory
responsibility over SDRs. However, insofar as a regulator sought swap
data that was not reported to the SDR pursuant to that regulator's
regulatory regime, the exclusions set forth within Sec. 49.17(d)(2)
and (3) would not apply.
The Commission accordingly submits that current Sec. 49.18(c) is
inappropriate and unnecessary, and therefore, should be eliminated.
5. Failure to Fulfill the Terms of a Confidentiality Arrangement:
Proposed Sec. 49.18(c) and (d)
The Commission proposes in new Sec. 49.18(c) to require SDRs to
promptly report to the Commission any known failure to fulfill the
terms of a confidentiality arrangement that they receive pursuant to
Sec. 49.18(a). Proposed new Sec. 49.18(d) would authorize the
Commission to direct an SDR to limit, suspend or revoke an AFR's or
ADR's access to swap data, if the Commission determines that the AFR or
ADR has failed to fulfill the terms of its confidentiality arrangement
with the Commission.\55\
---------------------------------------------------------------------------
\55\ Proposed Sec. 49.18(d) provides that, if an ADR or AFR
fails to fulfill the terms of a confidentiality arrangement under
paragraph (a) of proposed Sec. 49.18, the Commission may direct
each registered SDR to limit, suspend or revoke the ADR's or AFR's
access to swap data held by the SDR Similarly, proposed Sec.
49.17(d)(5) would require an SDR, as directed by the Commission, to
limit, suspend or revoke an ADR's or AFR's swap data access should
the Commission revoke the appropriateness determination for such ADR
or AFR or otherwise direct the SDR to suspend or revoke such access.
---------------------------------------------------------------------------
6. Proposed Sec. 49.18(e)--Delegation of Authority
The Commission is proposing to add Sec. 49.18(e)(1) to delegate to
the Director of the Division of Market Oversight, and to such staff
acting under his or her direction as he or she may designate from time
to time, all functions reserved to the Commission in Sec. 49.18.
Proposed Sec. 49.18(e)(2) would reserve to the Director of the
Division of Market Oversight the authority to submit to the Commission
for its consideration any matter which has been delegated to the
Director under proposed Sec. 49.18(e)(1). The Commission proposes in
Sec. 49.18(e)(3) to expressly permit the Commission, at its election,
to exercise the authority delegated to the Director of the Division of
Market Oversight under proposed Sec. 49.18(e)(1).
This delegation is intended to conserve Commission resources and
increase the effectiveness and efficiency of the Commission's oversight
and supervision of SDR swap data access. The Commission anticipates
that the delegation of authority will help facilitate timely access to
SDR swap data by ADRs and AFRs consistent with the requirements set
forth in part 49 of the Commission's regulations. However, the Division
of Market Oversight may submit matters to the Commission for its
consideration, as it deems appropriate.
7. Conforming Changes
As a result of the FAST Act Amendments, the Commission proposes
conforming changes to Sec. 49.17(d)(6), to delete references to an
Indemnification Agreement. As a result of the proposed changes to Sec.
49.18, and in particular, Sec. 49.18(a), the Commission proposes
conforming changes to Sec. 49.22(d)(4) relating to chief compliance
officer compliance responsibilities and duties so that the appropriate
section reflecting the confidentiality arrangement is referenced.
8. Request for Comment
1. The Commission requests comment on all aspects of the proposed
amendments to Sec. 49.18. Commenters are particularly invited to
address the proposed amendments to Sec. 49.18 relating to the
confidentiality provisions of CEA sections 21(c)(7) and 21(d), whether
the Commission should prescribe specific processes to govern ADR and
AFR requests for swap data access from an SDR; and whether the
Commission should prescribe a process to govern an SDR's treatment of
requests for swap data access.
2. In addition, commenters are invited to address the proposed
rules implementing the notification requirement. In this regard, is
there an alternative to requiring SDRs to maintain copies of all data
they provide in connection with the data access provisions that would
still permit the Commission to assess the SDR's ongoing compliance with
those provisions? For example, are alternative approaches available
such that the Commission need not require SDRs to maintain actual
copies of all information provided pursuant to the data access
provisions? Would such an alternative approach reduce the burdens on
SDRs while still permitting the Commission to assess ongoing
compliance?
E. Other Changes
In addition to those changes discussed throughout this release, the
Commission is proposing other changes to part 49, including a number of
ministerial changes. The Commission proposes to amend Sec. 49.9(a)(9)
to change the reference in Sec. 49.9(a)(9) from ``certain appropriate
domestic regulators and foreign regulators'' to ``Appropriate Domestic
Regulators and Appropriate Foreign Regulators'' to make clear that an
SDR is required to provide access to swap data, pursuant to Sec.
49.17, only to ADRs and AFRs. The Commission is proposing to make a
number of other changes to part 49 to more consistently refer to the
defined term ``swap data''. The Commission is proposing to modify the
references in existing Sec. Sec. 49.9(a)(9) and 49.17(b)(2)(i) to
``swap data or information''; the reference in existing Sec.
49.17(d)(4)(i) to ``swaps transaction data''; and the reference in
existing Sec. 49.17(d)(6) to ``requested data,'' to be references to
``swap data'' as that term is defined in Sec. 49.2(a)(15). The
Commission is proposing these changes to eliminate confusion and to
conform part 49 to the FAST Act's amendment of CEA section 21(c)(7) to
refer to ``swap data.''
The Commission is also proposing to replace the reference in Sec.
49.17(a) to ``swaps data'' with a reference to ``swap data'' and to
replace the reference in Sec. 49.17(a) to ``Regulation'' with a
reference to ``Sec. 49.17'' to match the format of the reference in
Sec. 49.17(b). The Commission does not intend to effect any
substantive changes with these proposed amendments.
The Commission is proposing to change the references to ``swap
transaction data'' and ``swaps transaction data'' in Sec. 49.17(c)(2)
and 49.17(c)(3) to ``swap data'' as defined in Sec. 49.2(a)(15). The
Commission is also proposing to change the references to ``data'' in
Sec. 49.17(d)(5), (d)(6), (e), and (e)(1) to ``swap data'' in order to
clarify the Commission's intent to refer to ``swap data'' within the
meaning of Sec. 49.2(a)(15). For the same reason, the Commission is
also proposing to add ``swap data and'' before ``information'' in Sec.
49.17(e)(2) to conform it to Sec. 49.17(e)(1), as proposed to be
amended.\56\ The Commission also
[[Page 8379]]
proposes to add the term ``and information'' after the term ``swap
data'' in the second sentence of Sec. 49.17(e) so that such sentence
is consistent with the first sentence of Sec. 49.17(e), which permits
access by third parties to both swap data and information maintained by
a registered SDR, subject to certain conditions.
---------------------------------------------------------------------------
\56\ Although Sec. 49.17(e) uses the terms ``data'' and ``swap
data'' interchangeably, the Commission intended those paragraphs to
reference the definition of ``swap data'' and, consequently,
believes that these do not represent a change to the Commission's
original intent in promulgating Sec. 49.17(e). However, the term
``swap data'' is narrower than the terms ``data'' and
``information.'' Consequently, changing ``data'' to ``swap data''
arguably would narrow the scope of the confidentiality procedures
and confidentiality arrangement required by Sec. 49.17(e)(1) and
(2).
---------------------------------------------------------------------------
In Sec. 49.17(f)(2), the Commission is proposing to change both
references to ``[d]ata and information'' to ``[S]wap data and
information'' in order to clarify, in each case, that the intended
reference is to ``swap data'' as defined in Sec. 49.2(a)(15).
In addition to those changes related to references to swap data,
the Commission is also proposing to amend Sec. 49.17(b)(1)(vii) to
change ``[a]ny other person the Commission deems appropriate[ ]'' to
``[a]ny other person the Commission determines to be appropriate
pursuant to the process set forth in Sec. 49.17(h)'' to match the
language in CEA section 21(c)(7).
Commission regulation 49.17(f)(1) currently states, ``Access of
swap data maintained by the registered swap data repository to market
participants is generally prohibited.'' The Commission is proposing to
amend Sec. 49.17(f)(1) to state, ``Access by market participants to
swap data maintained by the registered swap data repository is
prohibited other than as set forth in Sec. 49.17(f)(2)'' in order to
clarify its meaning. The Commission does not intend this to be a
substantive change to Sec. 49.17(f)(1).
Finally, the Commission is proposing several minor clarifying
changes to Sec. 49.18(b).\57\ These changes include replacing ``the
swap data'' with ``swap data''; replacing the ``with any Appropriate
Domestic Regulator or Appropriate Foreign Regulator'' reference with
``to any Appropriate Domestic Regulator or Appropriate Foreign
Regulator''; and adding ``each'' before ``as defined in Sec.
49.17(b)'' to reflect that both ``Appropriate Domestic Regulator'' and
``Appropriate Foreign Regulator'' are defined terms in Sec. 49.17(b).
---------------------------------------------------------------------------
\57\ These proposed changes appear in proposed Sec. 49.18(a).
---------------------------------------------------------------------------
III. Request for Comment
In addition to the specific questions set forth in various sections
above, the Commission requests comment on all aspects of the proposal,
and particularly invites comment on the questions set forth below.
(1) What, if any, impediments exist to accurately and cost-
effectively determining whether swap data access requests are within
the scope of an ADR's/AFR's jurisdiction?
(2) Are there any particular elements the Commission has proposed
to include in the confidentiality arrangement that are unnecessary? Has
the Commission omitted particular element(s) that should be included in
a confidentiality arrangement?
(3) Do SDRs maintain swap data in a manner that permits accurate
reproduction at a later date of the results of an ADR's/AFR's request
for swap data? If so, is it necessary for the Commission to require
that SDRs maintain records of the results of such requests, as opposed
to merely maintaining the details of the request?
IV. Related Matters
A. Regulatory Flexibility Act
The Regulatory Flexibility Act (``RFA'') requires federal agencies,
in promulgating rules, to consider the impact of those rules on small
entities.\58\ The rules proposed herein will have a direct effect on
the operations of SDRs and certain domestic and foreign regulators
seeking access to swap data reported to, and maintained, by SDRs.
---------------------------------------------------------------------------
\58\ See 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------
The Commission has previously established certain definitions of
``small entities'' to be used by the Commission in evaluating the
impact of its rules on small entities in accordance with the RFA.\59\
The Commission has previously determined that SDRs are not small
entities for purpose of the RFA.\60\ For purposes of the Regulatory
Flexibility Act, the definition of ``small entity'' also encompasses
``small governmental jurisdictions,'' which in relevant part means
governments of locales with a population of less than fifty
thousand.\61\ Although the Commission anticipates that this proposal
may be expected to have an economic impact on various governmental
entities that access data pursuant to Dodd-Frank's data access
provisions, the Commission does not anticipate that any of those
governmental entities would be small governmental jurisdictions.
Therefore, the Commission does not believe that this proposal will have
a significant economic impact on a substantial number of small
entities. Therefore, the Chairman, on behalf of the Commission,
pursuant to 5 U.S.C. 605(b), hereby certifies that the proposed rules
will not have a significant economic impact on a substantial number of
small entities.
---------------------------------------------------------------------------
\59\ See Policy Statement and Establishment of ``Small
Entities'' for purposes of the Regulatory Flexibility Act, 47 FR
18618 (Apr. 30, 1982) at 18618-21.
\60\ See Part 49 Adopting Release at 54575 and Notice of
Proposed Rulemaking: Swap Data Repositories, 75 FR 80898 (Dec. 23,
2010) at 80926.
\61\ 5 U.S.C. 601(5), (6).
---------------------------------------------------------------------------
B. Paperwork Reduction Act
The proposed amendments to part 49 would result in new ``collection
of information'' requirements within the meaning of the Paperwork
Reduction Act of 1995 (``PRA'').\62\ An agency may not conduct or
sponsor, and a person is not required to respond to, a collection of
information unless it displays a currently valid Office of Management
and Budget (``OMB'') control number. The OMB control number for the
information collection associated with part 49 swap reporting is 3038-
0086.\63\ The Commission is seeking to revise Information Collection
3038-0086 because the rule amendments proposed herein will impose
information collection requirements that require approval from OMB
under the PRA. The Commission is therefore submitting this proposal to
OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11.
---------------------------------------------------------------------------
\62\ 44 U.S.C. 3501 et seq.
\63\ See OMB Control Number 3038-0086 (``Information Collection
3038-0086''). The most recent revision to OMB Control Number 3038-
0086 was approved November 30, 2015 and is available at: http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086.
---------------------------------------------------------------------------
1. Summary of the Proposed Requirements
The proposed modifications to part 49 would require SDRs to make
swap data available to requesting entities if certain conditions are
satisfied. These conditions include the requesting entity executing a
confidentiality arrangement and, in some cases, receiving a
determination order from the Commission that it is an appropriate
entity to receive SDR swap data. The proposed modifications would also
require SDRs to report failures to fulfill the terms of confidentiality
arrangements to the Commission.
2. Collection of Information
Currently, OMB Control Number 3038-0086 sets out burden estimates
relating to a broad range of SDR obligations associated with
registration requirements, reporting requirements, recordkeeping
requirements, and disclosure requirements. Where the information
collection associated with those obligations would be modified by this
proposed rule, the Commission is proposing to revise Information
[[Page 8380]]
Collection 3038-0086 accordingly. To the extent the proposed
modifications to part 49 introduce new information collections that
were not previously incorporated into Information Collection 3038-0086,
the Commission is proposing to revise Information Collection 3038-0086
to account for the new information collections. Finally, many of the
information collections discussed in Information Collection 3038-0086
are not implicated or modified by the Commission's proposed revisions
to part 49 in this release. The Commission, therefore, is not proposing
to revise the estimated burdens associated with such information
collections. New or revised information collections contained in these
proposed revisions to part 49 will affect SDRs as well as entities that
request access to SDR swap data pursuant to these provisions.
As discussed above, the proposed modifications to part 49 set out
in this release are intended to provide a process by which other
authorities may obtain access to SDR swap data. The information
collections associated with this process are intended to ensure that
SDR swap data is only accessed by appropriate entities and that the
confidentiality of any accessed SDR swap data is adequately protected.
The ultimate result of this process is intended to provide other
authorities with information to assist with the oversight of the global
swaps market and market participants.
ADR/AFRs. As discussed throughout this release, certain conditions
must be satisfied before a requesting entity is permitted to access SDR
swap data. These conditions may implicate various PRA collections and
burdens as discussed below.
Pursuant to Sec. 49.18(a), every requesting entity seeking access
to SDR swap data must execute a confidentiality arrangement with the
Commission prior to receiving access. This requirement applies to both
those entities that are specifically enumerated as appropriate in Sec.
49.17(b)(1) and those entities that require a determination from the
Commission that they are appropriate entities to receive access to SDR
swap data, regardless of whether the requesting entity is a domestic or
foreign entity.
In addition to executing a confidentiality arrangement, requesting
entities that are not Enumerated ADRs will be required to seek a
Determination Order from the Commission to have access to SDR swap
data. Such Determination Orders will describe SDR swap data that is
appropriate for the entity to access, based on the requesting entity's
scope of jurisdiction. For Enumerated ADRs, the Commission is proposing
to require that the confidentiality arrangement describe the requesting
entity's scope of jurisdiction. The Commission believes the use of the
form of confidentiality arrangement set out in Appendix B to part 49
will provide an efficient means to satisfy the requirements of Sec.
49.18(a).
The Commission, for PRA purposes, believes that it is reasonable to
assume that 300 total entities will seek access to SDR swap data. This
estimate is based on the Commission's experience in receiving data
requests from other regulators and its experience in coordinating and
cooperating with other regulators.\64\ For PRA purposes, the Commission
assumes there are four SDRs, which is the number of SDRs that are
provisionally registered with the Commission. As the confidentiality
arrangement will be between the ADR or AFR and the Commission and
delivered to the SDR, AFRs and ADRs need not execute a separate
confidentiality arrangement for each SDR. Accordingly, the Commission
estimates, for PRA purposes, that the total number of confidentiality
arrangements that will be executed under the proposed rules is 300.
Given that the Commission will have published a form of confidentiality
arrangement as an appendix to part 49, the Commission estimates that
the review and execution of each confidentiality arrangement by an ADR
or AFR will take approximately 40 hours, for a total burden of 12,000
hours. The burden estimates associated with entering into such
confidentiality arrangements are addressed in the proposed revised OMB
Control Number 3038-0086.
---------------------------------------------------------------------------
\64\ The Commission estimates that up to approximately 30
authorities in the United States may seek to access swap data from
SDRs. In the context of potential AFRs, the Commission believes that
most requests will come from authorities in G20 countries, each of
which will have no more and likely fewer than 30 authorities that
may request swap data from SDRs. In addition, certain authorities
from outside the G20 also may request swap data from SDRs.
Accounting for all of these entities, the Commission estimates that
there likely will be a total of no more than 300 relevant domestic
and foreign authorities that may request swap data from SDRs.
---------------------------------------------------------------------------
An entity that seeks access to SDR swap data must be considered
appropriate by the Commission prior to that entity receiving access to
SDR swap data. For Enumerated ADRs, there is no burden associated with
seeking to be deemed appropriate by the Commission as they are already
enumerated as such. Those entities that are not Enumerated ADRs will be
required to receive a Determination Order prior to receiving access to
SDR swap data. The process for obtaining such a Determination Order is
set out in general terms in proposed Sec. 49.17(h) and requires the
requesting entity to prepare and submit an application to the
Commission. The preparation and submittal of this application
constitutes an information collection under the PRA.
As discussed above, the Commission believes that for PRA purposes
it is reasonable to assume that 300 domestic and foreign entities will
seek access to SDR swap data. Very few of these entities are
specifically enumerated in Sec. 49.17(b)(1). The Commission estimates,
for PRA purposes, that each such requesting entity would expend 100
hours in connection with filing an application to receive an
appropriateness determination, for a total initial burden of no more
than 30,000 hours, calculated as the product of 300 domestic and
foreign entities seeking access to SDR swap data and 100 hours per
application). This estimate considers the relevant information that
would be required to be provided in such an application, including
information regarding the entity's scope of jurisdiction, mutual
assistance provided to the Commission, and the existence of cooperation
related to an MOU or similar information sharing arrangement with the
Commission, as well as any other information relevant for the
Commission's determination. This burden estimate is included in the
Commission's proposed revisions to Information Collection 3038-0086.
Swap Data Repositories. As discussed throughout this release, SDRs
are required to facilitate access to SDR swap data by requesting
entities, provided certain conditions are met. This requirement may
implicate PRA collections and burdens, some of which are already
addressed in the existing OMB Control Number 3038-0086, and some of
which constitute new collections, as discussed below. Currently, the
burden on SDRs of making data available to ADRs and AFRs is accounted
for in OMB Control Number 3038-0086, as this is an existing obligation
under existing Sec. 49.17(d). However, the proposed rules set out in
this release clarify and modify the requirements imposed on SDRs in
providing access to SDR swap data to ADRs and AFRs. Consequently the
Commission is revising Information Collection 3038-0086 to account for
these modifications.
The Commission expects to limit a requesting entity's access to SDR
swap data based on the entity's scope of jurisdiction. In connection
with this
[[Page 8381]]
limitation, the Commission expects SDRs to incur burdens and costs
associated with setting up access to SDR swap data that is consistent
with an ADR or AFR's scope of jurisdiction. The Commission expects that
each confidentiality arrangement will identify, either directly or
through the attached Determination Order, the scope of access that is
appropriate for a given requesting entity. The Commission expects SDRs
to use these limitations to program their systems to reflect the scope
of the ADR or AFR's access to SDR swap data. These limits set out in
the confidentiality arrangement are expected to reduce the burdens on
SDRs of assessing whether a request satisfies the relevant conditions,
particularly with regard to whether SDR swap data relates to persons or
activities within the requesting entity's scope of jurisdiction. The
Commission estimates that the burden on an SDR associated with setting
up access restrictions to match a requesting entity's scope of
jurisdiction will include 20 hours of programmer analyst time, five
hours of senior programming time, and one hour of attorney time, for a
total of 26 hours. Consequently, for PRA purposes, the Commission
estimates that each SDR would incur a total burden of 7,800 hours
(i.e., the product of 300 entities and 26 hours of time) associated
with setting up access for each ADR or AFR. The burdens associated with
these permissioning requirements are addressed in proposed revised OMB
Control Number 3038-0086.
SDRs will also be required to provide electronic notice to the
Commission of the first request for data from a particular requesting
entity and promptly after receiving any request that does not comport
with the scope of the ADR's or AFR's jurisdiction. In addition to
notifying the Commission of the foregoing, the Commission is proposing,
in Sec. Sec. 49.17(d)(4)(i) and (iii), to require SDRs to maintain
records of all information related to the initial and all subsequent
requests for data from the requesting entity. These records shall
include, at a minimum, the identity of the requestor or person
accessing the data; the date, time and substance of the request or
access; and copies of all data reports or other aggregation of data
provided in connection with the request or access. The SDR shall
maintain this information for a period of no less than five years after
the date of such request and shall provide this information to the
Commission upon request.
Currently, OMB Control Number 3038-0086 estimates burdens
associated with various registration, reporting, recordkeeping, and
disclosure requirements to which SDRs are subject. The proposed
recordkeeping requirements relating to requesting entities' data
requests constitute an information collection for PRA purposes and
require the Commission to revise the recordkeeping burden estimates
contained in OMB Control Number 3038-0086. The reporting and
recordkeeping requirements proposed in this release may potentially
impact each SDR.
SDRs already have the ability to communicate electronically with
the Commission and are subject to significant recordkeeping
requirements pursuant to Sec. 49.12. Therefore, the proposed
requirements should not result in SDRs having to incur initial costs to
implement systems to properly notify the Commission when a requesting
entity submits a data request for the first time that are in excess of
what is already accounted for in OMB Control Number 3038-0086. The
Commission estimates that initially each SDR may incur a burden of 360
hours associated with these proposed recordkeeping requirements, for a
total of 1,440 hours (i.e., the product of four SDRs and 360 hours).
Additionally, the Commission estimates that each SDR would incur an
annual burden of 280 hours associated with the recordkeeping
requirements, for a total of 1,120 hours annually (i.e., the product of
four SDRs and 280 hours). The burdens associated with these
notification requirements are addressed in proposed revised Information
Collection 3038-0086.
Finally, current Information Collection 3038-0086 accounts for the
costs to SDRs of executing a ``Confidentiality and Indemnification
Agreement'' with each requesting ADR and AFR. Under the Commission's
proposal, the SDR is no longer required to execute such an agreement
with the ADRs or AFRs. The proposed confidentiality arrangement shall
be between the requesting ADR or AFR and the Commission. Accordingly,
the total burden to SDRs, as currently reflected in Information
Collection 3038-0086, is reduced by the cost to execute such
agreements. The reduction in burden associated with this change in the
confidentiality agreement is addressed in proposed revised Information
Collection 3038-0086.
3. Request for Comments on Collection
The Commission invites the public and other Federal agencies to
comment on any aspect of the reporting burdens discussed above.
Pursuant to 44 U.S.C. 3506(c)(2)(B), the Commission solicits comments
in order to: (1) Evaluate whether the proposed collection of
information is necessary for the proper performance of the functions of
the Commission, including whether the information will have practical
utility; (2) evaluate the accuracy of the Commission's estimate of the
burden of the proposed collection of information; (3) determine whether
there are ways to enhance the quality, utility, and clarity of the
information to be collected; and (4) minimize the burden of the
collection of information on those who are to respond, including
through the use of automated collection techniques or other forms of
information technology.
Comments may be submitted directly to the Office of Information and
Regulatory Affairs, by fax at (202) 395-6566 or by email at
[email protected]. Please provide the Commission with a copy
of submitted comments so that all comments can be summarized and
addressed in the final rule preamble. Refer to the ADDRESSES section of
this notice of proposed rulemaking for comment submission instructions
to the Commission. A copy of the supporting statements for the
collections of information discussed above may be obtained by visiting
www.RegInfo.gov. OMB is required to make a decision concerning the
collection of information between 30 and 60 days after publication of
this document in the Federal Register. Therefore, a comment is best
assured of having its full effect if OMB receives it within 30 days of
publication.
C. Cost-Benefit Considerations
1. Introduction
As discussed in Section I, entitled ``Background and
Introduction,'' above, Congress passed the FAST Act to facilitate
broader access to swap data by the regulatory community. Section
86001(b) of the FAST Act amends CEA section 21 by, among other things,
eliminating the requirement that, as a condition of receiving
information from SDRs, each ADR or AFR agree to indemnify the SDR and
the Commission for any expenses arising from litigation relating to the
information provided under CEA Section 8. The Commission is issuing
this proposed rulemaking to enable ADRs and AFRs to access swap data,
subject to certain safeguards designed to protect swap data from
misappropriation or misuse, and to advise the public of the practical
implications of the changes to the CEA made by the FAST Act. The
Commission preliminarily believes that the proposed safeguards are
warranted based on the incorporation by reference
[[Page 8382]]
in CEA sections 21(c)(7) and 21(d) of the strong protections of CEA
section 8.
CEA section 15(a) requires the Commission to consider the costs and
benefits of its actions before promulgating a regulation under the CEA
or issuing certain orders. CEA section 15(a) further specifies that the
costs and benefits shall be evaluated in light of the following five
broad areas of market and public concern: (1) Protection of market
participants and the public; (2) efficiency, competitiveness, and
financial integrity of futures markets; (3) price discovery; (4) sound
risk management practices; and (5) other public interest
considerations. The Commission considers the costs and benefits
resulting from its discretionary determinations with respect to the CEA
section 15(a) factors.
As an initial matter, the Commission recognizes that there are
benefits, discussed more fully below, for domestic and foreign
regulators to have access to SDR swap data. Yet, there are inherent
compromises between data access and data security. More directly,
greater access leads to data being less secure from misappropriation or
misuse. The Commission recognizes that there are costs associated with
this proposed rulemaking. The Commission, however, lacks the requisite
data and information to precisely estimate costs, in part, because the
proposed rulemaking grants SDRs, ADRs, and AFRs discretion to implement
the proposed regulations through alternative measures. Furthermore, the
Commission does not know which approach SDRs, ADRs, and AFRs will take.
As a consequence, where it is not feasible to quantify (e.g., because
of the lack of accurate data or appropriate metrics), the Commission
has considered the costs and benefits of this proposed rulemaking in
qualitative terms. The Commission, nevertheless, requests that
commenters provide any data or other information that would be useful
in the estimation of the quantifiable costs and benefits of this
proposed rulemaking.
2. Baseline and Proposed Rule Summary
a. Definition of Foreign Regulator--Proposed Amendment to Sec.
49.2(a)(5)
The status quo baseline definition for the term ``foreign
regulator'' as defined in current Sec. 49.2(a)(5) is a ``foreign
futures authority as defined in CEA Section 1a(26), foreign financial
supervisors, foreign central banks and foreign ministries.'' \65\ The
Commission is proposing to amend the term ``foreign regulator'' to add
entities. Specifically, the Commission is adding the phrase ``other
foreign authorities'' to the definition. This approach is consistent
with the FAST Act's amendment to CEA section 21(c)(7)(E).
---------------------------------------------------------------------------
\65\ 17 CFR 49.2(a)(5).
---------------------------------------------------------------------------
b. Definition of Appropriate Foreign Regulator--Proposed Amendment to
Sec. 49.17(b)(2)
The status quo baseline definition for the term ``Appropriate
Foreign Regulator'' (defined in current Sec. 49.17(b)(2)) is ``those
Foreign Regulators with an existing memorandum of understanding or
other similar type of information sharing arrangement executed with the
Commission and/or Foreign Regulators without an MOU as determined on a
case-by-case basis by the Commission.'' \66\
---------------------------------------------------------------------------
\66\ 17 CFR 49.17(b)(2).
---------------------------------------------------------------------------
The Commission is proposing to amend current Sec. 49.17(b)(2) to
require all ``foreign regulators'' to file an application with the
Commission to become ``Appropriate Foreign Regulators.'' The existence
of a current MOU or other information sharing arrangement with the
Commission will not be dispositive to a determination of
appropriateness. The proposed amendment would require the Commission to
issue an order finding each foreign regulator ``appropriate.'' In this
manner, the Commission will ensure that each ``Appropriate Foreign
Regulator'' is acting within its scope of jurisdiction as mandated
under CEA section 21(c)(7) through incorporation by reference of CEA
section 8(e). The Commission believes that this proposal will provide
greater control over the process by which foreign regulators obtain
access to SDR swap data; specifically, it will help to ensure that only
those foreign regulators who have a regulatory interest in SDR swap
data can access such swap data. The limitation on swap data access
proposed in this recommendation is expected to help reduce the risk of
unauthorized disclosure, misappropriation or the misuse of swap data.
c. Duties of Registered SDRs--Proposed Amendments to Sec. 49.9(a)(9)
The Commission has proposed conforming language changes to current
Sec. 49.9(a)(9).\67\ There are no substantive changes with respect to
costs and benefits.
---------------------------------------------------------------------------
\67\ 17 CFR 49.9(a)(9).
---------------------------------------------------------------------------
d. Purpose of Access to SDR Data--Proposed Amendment to Sec. 49.17(a)
The Commission has proposed conforming language changes to current
Sec. 49.17(a).\68\ There are no substantive changes with respect to
costs and benefits.
---------------------------------------------------------------------------
\68\ 17 CFR 49.17(a).
---------------------------------------------------------------------------
e. Appropriate Domestic Regulator--Proposed Amendment to Sec.
49.17(b)(vii)
The Commission has proposed conforming language changes to current
Sec. 49.17(b)(vii) to cross-reference the process under Sec.
49.17(h).\69\ There are no substantive changes with respect to costs
and benefits in proposed Sec. 49.17(b)(vii). If there are any costs or
benefits associated with the changes in Sec. 49.17(b)(vii), they will
be discussed in regards to the process defined under proposed Sec.
49.17(h), which is the appropriateness-determination process.
---------------------------------------------------------------------------
\69\ 17 CFR 49.17(b)(vii).
---------------------------------------------------------------------------
f. Domestic Regulator With Regulatory Responsibility--Proposed
Amendment to Sec. 49.17(d)(2)
By way of this proposed rulemaking, the Commission has explained
that if a domestic regulator receives swap data pursuant to its
regulatory regime, that access is not subject to CEA sections 21(c)(7)
or 21(d), or Commission regulations Sec. 49.17(d) or Sec. 49.18.
g. Foreign Regulator With Regulatory Responsibility--Proposed Amendment
to Sec. 49.17(d)(3)
Foreign Regulators require data in order to fulfill their
regulatory responsibilities. In proposed Sec. 49.17(d)(3) the
Commission has explained that, if a foreign regulator receives swap
data pursuant to its regulatory regime, that access is not subject to
CEA sections 21(c)(7) or 21(d), or Sec. Sec. 49.17(d) or 49.18.
h. SDR Notification Requirement--Proposed Amendment to Sec.
49.17(d)(4)(i) to (iv)
Current Sec. 49.17(d)(4)(i) requires an SDR to promptly notify the
Commission regarding any request for swap data received by Appropriate
Domestic or Foreign Regulators.\70\ SDRs under this current regulation
are required to notify the Commission for each and every request of an
Appropriate Domestic or Foreign Regulator (including ongoing swap data
requests).
---------------------------------------------------------------------------
\70\ 17 CFR 49.17(d)(4)(i).
---------------------------------------------------------------------------
The Commission proposes to amend current Sec. 49.17(d)(4)(i)-(ii)
to provide that SDRs notify the Commission at the time that such SDR
receives the initial request for swap data from a particular
[[Page 8383]]
ADR or AFR and promptly after receiving any request that does not
comport with the scope of the ADR's or AFR's jurisdiction. Consistent
with current recordkeeping requirements set forth in Sec. 49.12, SDRs
are required to maintain books and records of all information related
to the initial and any subsequent requests for swap data from an
Appropriate Domestic or Foreign Regulator. The Commission also proposed
electronic notification similar to the current rule requirement. In
addition, the Commission placed a few obligations on SDRs under
proposed Sec. 49.17(d)(4)(iii) and (iv) regarding data access to ADRs
and AFRs, and determining an ADR's or AFR's jurisdiction.
In addition, proposed Sec. 49.17(d)(4)(iii) requires SDRs to
limit, suspend, or revoke an ADR's or AFR's swap data access if the
ADR's or AFR's scope of jurisdiction changes and the Commission directs
the ADR or AFR to limit, suspend, or revoke an ADR's or AFR's swap data
access.
i. Timing; Limitation, Suspension or Revocation of Access--Proposed
Amendments to Sec. 49.17(d)(5)
The changes to the rule text in current Sec. 49.17(d)(5) make
clear that SDRs must notify the Commission of an ADR or AFR access
request and the receipt of a confidentiality arrangement, among other
things. In addition, proposed Sec. 49.17(d)(5) requires SDRs to limit,
suspend, or revoke an ADR's or AFR's swap data access if the Commission
limits, suspends or revokes the ADR's or AFR's appropriateness
determination or otherwise directs the ADR or AFR to limit, suspend, or
revoke an ADR's or AFR's swap data access.
j. Confidentiality Agreement--Proposed Amendments to Sec. Sec.
49.17(d)(6) and 49.18(a)-(f)
Current Sec. Sec. 49.17(d)(6) and 49.18, adopted as part of the
original part 49 rules, provide that SDRs execute a ``Confidentiality
and Indemnification Agreement'' with a CEA section 21(c)(7) entity,
prior to sharing swap transaction data and information.\71\ This
Agreement is required to state that the other regulator will abide by
the confidentiality provisions of CEA section 8 and agree to indemnify
both the SDR and the Commission against any litigation expenses
relating to information provided under CEA section 8. However, through
the passage of the FAST Act, Congress has eliminated the requirement
that certain domestic and foreign regulators execute the
``Confidentiality and Indemnification Agreement'' prior to obtaining
SDR swap data. More specifically, Congress amended CEA section 21(d) to
require only the execution of a written agreement by domestic and
foreign regulators prior to receipt of swap data from SDRs so that
these regulators will abide by the confidentiality requirements
described in CEA section 8.
---------------------------------------------------------------------------
\71\ See 17 CFR 49.17(d)(6) and 49.18.
---------------------------------------------------------------------------
The Commission proposes to amend current Sec. Sec. 49.17(d)(6) and
49.18 to (i) reflect the FAST Act amendments to CEA sections 21(c)(7)
and (d), and (ii) require SDRs to receive a confidentiality arrangement
from a 21(c)(7) entity, before sharing swap data, to satisfy the
requirements of CEA section 21(d). Unlike the current regulations, this
confidentiality arrangement will not be executed by the SDR with the
21(c)(7) entity, but instead would be executed by the Commission and
the 21(c)(7) entity. The Commission proposes to provide a form of
confidentiality arrangement attached as Appendix B to part 49. Use of
the form would not be mandatory but would provide an efficient and
expeditious means of fulfilling the confidentiality requirement of
21(d) and Sec. Sec. 49.17(d) and 49.18.
k. Third-Party Service Providers--Proposed Amendments to Sec. 49.17(e)
The Commission modified the text in current Sec. 49.17(e) for
clarity. There are no substantive cost or benefit implications.
l. Access by Market Participants Barred--Proposed Amendment to Sec.
49.17(f)
The Commission modified the text in current Sec. 49.17(f) for
clarity. There are no substantive cost or benefit implications.
m. Filing Requirements for Applicants To Be Determined Appropriate--
Proposed Amendments to Sec. 49.17(h)
In this proposed rulemaking, the Commission has added proposed
Sec. 49.17(h) to describe the application process for persons seeking
an appropriateness determination. In sub-paragraph (2), the Commission
explains that the applicant must provide sufficient detail to explain
its jurisdiction and its confidentiality safeguards. Proposed Sec.
49.17(h)(3) also outlines the standards by which the Commission will
issue an appropriateness determination. Finally, the Commission
explains in proposed Sec. 49.17(h)(4) that it reserves the right to
``revisit, reassess, limit, suspend or revoke'' an appropriateness
determination.
n. Delegation of Authority--Addition of Proposed Sec. Sec. 49.17(i)
and 49.18(e)
Current Sec. Sec. 49.17 and 49.18 do not have delegation of
authority provisions. The Commission proposes to amend Sec. Sec. 49.17
and 49.18 to add a delegation of authority to the Director of the
Division of Market Oversight (``DMO'') and the Director's designee(s)
of functions reserved to the Commission in Sec. Sec. 49.17 and 49.18.
The delegation of Commission authority would make the process more
effective and efficient.
o. SDR Chief Compliance Officer Duties--Proposed Amendment to Sec.
49.22(d)(4)
The change to current Sec. 49.22(d)(4) is the removal of the word
``indemnification'' from the rule text. This is a conforming change to
make the rule consistent with the FAST Act amendments.
3. Benefits
At a high level regarding benefits, the rulemaking is expected to
assist regulators in performing their supervisory and regulatory
functions by providing them access to swap data, which would help
regulators better understand the risks their regulated entities are
assuming and the impact of such risks on the broader markets. These
supervisory and regulatory functions may include: Monitoring and
mitigation of systemic risk; ensuring financial stability; registration
and oversight of financial market infrastructures; registration and
oversight of trading venues; registration and oversight of market
participants; central bank activities; prudential supervision;
restructuring or resolution of infrastructures and firms; and
regulation of cash markets, in some of which swap counterparties are
active.
A more granular benefit to regulators flows from the Commission's
proposal to resolve a conflict or potential conflict between the
Commission's Interpretative Statement and current Sec. 49.18(c). In
the Interpretative Statement, the Commission took the view that other
regulators who access swap data based on their own authority over SDRs
are not subject to the swap data access-related provisions of the CEA.
On the other hand, current Sec. 49.18(c) provides that such regulators
are required to comply with CEA section 8 and any other relevant
statutory confidentiality provisions. The Commission proposes to delete
the statement in current Sec. 49.18(c) providing that other regulators
are required to comply with CEA section 8 and any other relevant
statutory
[[Page 8384]]
confidentiality provisions even when they access swap data based on
their own authority over SDRs.\72\ Other regulators will benefit both
from the clarity this action provides and by the greater ease of access
to swap data within their jurisdiction.
---------------------------------------------------------------------------
\72\ 17 CFR 49.18(c).
---------------------------------------------------------------------------
4. Costs
The Commission recognizes that there are different types of costs
associated with this proposed rulemaking. One cost is the potential
harm to market participants and the public if swap data is misused--for
example, inappropriately disclosed by ADRs and AFRs. Or, another
harmful scenario might involve misappropriated data where hackers
pilfer swap data from ADRs and AFRs to learn the positions of market
participants so that the hackers, or other interested parties who may
even pay for such information, scam the market. Such bad actors might
be able to anticipate such market participants' trades and trade in
front of them, raising swap trading costs to market participants,
thereby reducing their profits.\73\ If the aforementioned scenario
occurred frequently enough this might induce swap dealers to widen
their spreads, making hedging more expensive. In turn, this might lead
to sub-optimal business and investment strategies, as parties would be
less willing to participate in swap markets, because it would be more
costly. Further, the scenario posed could cause market participants to
be concerned that their business strategies might be tipped to their
competitors, because with stolen data, somebody might be able to infer
their strategies from knowing their swap positions and how these
positions change in response to relevant economic events.\74\ Such
concerns could lead some market participants to withdraw to some extent
from swap markets, reducing liquidity and potentially inducing them to
use less effective hedging instruments or trading strategies in other
markets.
---------------------------------------------------------------------------
\73\ See, e.g., Registered Entity Cyber proposed rulemaking at
80141 (observing that ``there has . . . been a rise in attacks by .
. . hacktivists . . . aimed at . . . [, among other things,] theft
of data or intellectual property . . . .''); Id. at 80189
(Concurring Statement of Commissioner Bowen) (stating that ``our
firms are facing an unrelenting onslaught of attacks from hackers
with a number of motives ranging from petty fraud to international
cyberwarfare.'').
\74\ While the same risks of misuse and misappropriation exist
with respect to swap data maintained at SDRs, SDRs are regulated,
and subject to sanctions, by the Commission, whereas ADRs and AFRs
are not.
---------------------------------------------------------------------------
At a high level regarding costs to ADRs and AFRs, the less access
to swap data granted to ADRs and AFRs, the less such swap data would
help in performing ADRs' and AFRs' supervisory and other regulatory
functions. Similarly, the more impediments to swap data access, the
longer it would take ADRs and AFRs to use, or the less use ADRs and
AFRs could make of, such swap data.
At a more granular level, the Commission is proposing several new
obligations applicable to foreign regulators and certain domestic
regulators that will trigger costs for such regulators. The obligation
for foreign regulators and unenumerated domestic regulators to apply
for a Determination Order conferring AFR or ADR status so that such
foreign regulators and unenumerated domestic regulators can receive
access to SDR swap data will, at a minimum, require such applicants to
dedicate personnel to drafting the application. Some applicants for ADR
and AFR status may choose to retain outside counsel or another third
party to draft the application, thereby incurring related costs. There
also may be an additional cost associated with the complexity of the
application because applicants for ADR and AFR status will have to
explain their jurisdiction and link it to the sought swap data so that
the Commission can provide swap data access parameters to SDRs in the
Determination Orders.\75\ While applicants will need to expend
resources developing their ``appropriateness'' applications, the
Commission expects that the requirements and guidance it has provided
in the proposed rulemaking should reduce such expenditures to a certain
extent. Nonetheless, such expenditures will depend on the particulars
of a given applicant. Because the Commission lacks sufficient knowledge
of the specific characteristics of the applicants, among other things,
the Commission is unable to quantify these expenditures at this time.
---------------------------------------------------------------------------
\75\ Enumerated domestic regulators also will have to
demonstrate to the Commission the scope of their jurisdiction so
that SDRs will know the contours of the swap data access they can
provide to enumerated domestic regulators.
---------------------------------------------------------------------------
The proposed requirement in Sec. 49.18(a) that SDRs receive an
executed confidentiality arrangement from an ADR or AFR before the SDR
can provide the ADR or AFR swap data is based on a corresponding
requirement set forth in CEA section 21(d) and will generate costs to
ADRs and AFRs. CEA section 21(d) does not specify any details of the
required written agreement other than that it must state that the ADR
or AFR shall abide by CEA section 8's confidentiality requirements. The
Commission, however, is proposing, in Appendix B to this part 49, to
specify required elements as well as a form of confidentiality
arrangement providing for ADRs and AFRs to implement a number of
safeguards that would impose burdens on ADRs and AFRs. The
confidentiality arrangement would include safeguards that:
To the maximum extent practicable, maintain Confidential
Information separately from other data and information;
Protect Confidential Information from misappropriation and
misuse;
Ensure that only ADR or AFR personnel with a need to
access particular Confidential Information to perform their job
functions related to such Confidential Information have access thereto
and that such access is permitted only to the minimum extent necessary
to perform such job functions;
Prevent disclosure of aggregated Confidential Information
unless anonymized to prevent identification, through disaggregation or
otherwise, of a market participant's business transactions, trade data,
market positions, customers or counterparties;
Prohibit the use of Confidential Information by ADR or AFR
personnel for any improper purpose, including in connection with
trading for their personal benefit or for the benefit of others or with
respect to any commercial or business purpose;
Monitor compliance with the confidentiality safeguards and
ensure prompt notification of the CFTC and each relevant SDR of any
violation of the safeguards or failure to fulfill the terms of the
confidentiality arrangement;
Prohibit the onward sharing or disclosing of Confidential
Information unless exempted in paragraphs 6(d) or 8 of the
confidentiality arrangement;
Notify the CFTC in writing prior to complying with any
legally enforceable demand for Confidential Information and assert all
available appropriate legal exemptions or privileges with respect to
such Confidential Information, and use its best efforts to protect the
confidentiality of the Confidential Information; and
Promptly destroy all Confidential Information for which an
ADR or AFR no longer has a need or for which the information no longer
falls within the scope of its jurisdiction, and certify to the CFTC,
upon request, that the ADR or AFR has destroyed such Confidential
Information.
The Commission preliminarily believes that the monetary costs of
these burdens would be minor, and the other costs of complying with
these burdens, such as the costs to develop policies,
[[Page 8385]]
procedures and safeguards, are within the scope of ADRs' and AFRs'
expertise.\76\ Given that ADRs and AFRs can elect not to seek access to
swap data from SDRs and that ADRs and AFRs who do seek such access have
some control over the manner in which they seek to access such swap
data, ADRs and AFRs themselves can influence to some degree the costs
they impose on themselves by seeking access to swap data from SDRs.
---------------------------------------------------------------------------
\76\ The Commission believes that potential ADRs and AFRs would
likely have established safeguards to protect sensitive data other
than swap data and that such safeguards could be adapted to address
the requirements of the proposed form of confidentiality arrangement
without great cost.
---------------------------------------------------------------------------
The proposed rulemaking would prohibit ADRs and AFRs from onward
sharing Confidential Information with other parties. This could impose
some costs in that ADRs and AFRs would not be able to freely share swap
data among themselves. This could reduce the utility of the swap data
to ADRs and AFRs, possibly reducing the effectiveness thereof. In
addition, the fact that the Commission is proposing not to specify a
particular means of ADRs and AFRs accessing swap data could result in
SDRs providing a means of access other than a means preferred by ADRs
and AFRs. This might impose additional costs to ADRs and AFRs relative
to the potentially lesser costs of their preferred means of access.
Because of these uncertainties, the Commission is unable to quantify
these costs but is able to identify such costs generally.
For SDRs, providing swap data access to so many potential ADRs and
AFRs may be expensive. For example, SDRs may be forced to purchase new
servers, hire new system administrators to oversee the new swap data/
system usage and troubleshoot related problems that may arise. New
recordkeeping requirements would require more system resources. The
proposed requirement to limit the swap data provided to ADRs and AFRs
to only swap data that is within the scope of ADRs' and AFRs'
jurisdiction may cause SDRs to elect to create new methods for parsing
swap data to comply with the proposed requirement to so limit swap
data. The proposed reporting obligations also will increase SDRs'
costs, although to the extent that such reporting obligations are not
triggered, such cost increases would be tempered accordingly.
Nevertheless, SDRs presumably would need to incur some costs to develop
policies and procedures, and build out systems, to monitor potential
events that would trigger the proposed new reporting requirements.
Other SDR costs will include those related to SDRs verifying that
each access request by an ADR or AFR is within the scope of the ADR's
or AFR's jurisdiction. This will require SDRs to expend resources to
ensure that they do not improperly disclose to an ADR or AFR swap data
that such ADR or AFR is not entitled to see, in violation of CEA
section 21(c)(7)'s requirement that SDRs disclose swap data to ADRs and
AFRs ``on a confidential basis pursuant to [CEA] section 8 . . . .''
\77\ By stating that SDRs shall not provide ADRs or AFRs with swap data
access unless such swap data is within the scope of a requesting ADR's
or AFR's jurisdiction as described and appended to the confidentiality
arrangement required by proposed Sec. 49.18(a), proposed Sec.
49.17(d)(4)(iii) would narrow the scope of the sources SDRs must
consult to determine the ADR's or AFR's scope of jurisdiction. The
Commission anticipates that narrowing the scope of the sources that
SDRs must review to determine an ADR's or AFR's scope of jurisdiction
would limit the resources SDRs must expend to verify the scope of an
ADR's or AFR's jurisdiction. The Commission also anticipates that lists
of ADRs' and AFRs' regulated entities' legal entity identifiers
(``LEIs'') and uniform product identifiers (``UPIs'') of swaps within
the scope of ADRs' and AFRs' jurisdiction would limit the resources
SDRs must expend to verify whether swap data access requests are within
the scope of an ADR's or AFR's jurisdiction--if ADRs and AFRs choose to
develop such lists--which the Commission anticipates they would.
---------------------------------------------------------------------------
\77\ The need for these resource expenditures would flow from
proposed Sec. 49.17(d)(4)(iii), which would preclude SDRs from
granting ADRs or AFRs access to swap data unless the SDR has
determined that such swap data is within the then-current scope of
such ADRs' or AFRs' jurisdiction.
---------------------------------------------------------------------------
The Commission understands that there are some blank data entries
in LEI fields, however, despite the Commission having designated an LEI
system in 2012, and masked LEIs in a number of cases to reflect certain
other jurisdictions' privacy law limits on disclosure.\78\ In addition,
UPIs are still evolving for many swap contracts. Specifically, UPIs are
in widespread use for standardized swaps but less so for other swaps.
In cases where there is no UPI for a class of swaps, Sec. 45.7(c)(2)
requires SDRs to create a UPI for such class and requires SDRs, all
other registered entities and swap counterparties to use such SDR UPI-
equivalent contract identifiers to classify swaps. In such cases, ADRs
and AFRs could use SDRs' UPI-equivalents to identify swaps within the
scope of ADRs' and AFRs' jurisdiction.
---------------------------------------------------------------------------
\78\ See, e.g., DMO No-Action Letter 16-03 (Jan. 15, 2016),
available at http://www.cftc.gov/idc/groups/public/@lrlettergeneral/documents/letter/16-03.pdf, for further information regarding such
privacy law restrictions.
---------------------------------------------------------------------------
In general, the blank or masked LEI data fields and UPI limits
discussed above would raise the costs for SDRs and potentially for ADRs
and AFRs. Inadequate data fields and UPIs hinder SDRs' abilities to
identify transactions and determine whether such transactions, in
particular swap data, are within an ADR's or AFR's jurisdictional scope
and interest. Even though the Commission believes these obstacles would
increase costs, the Commission also believes that such costs are
difficult to quantify at this time. The Commission specifically
requests comment on this concern. Commenters are encouraged to quantify
such costs, if practical. The Commission understands that lists of LEIs
of ADRs' and AFRs' regulated entities and lists of UPIs or UPI-
equivalents of swaps within ADRs' and AFRs' jurisdiction may have to be
updated from time to time as regulated entities move in and out of
ADRs' and AFRs' jurisdiction, ADRs' and AFRs' jurisdiction expands or
contracts, swaps evolve, and new swaps are developed. In these cases,
for example, an ADR or AFR likely would have to modify periodically the
list of LEIs and UPIs it gives to SDRs.
The proposal would further mitigate the costs to SDRs by permitting
them to verify the scope of an ADR's or AFR's jurisdiction just once
for a recurring request the details of which do not change. SDRs might
incur additional costs, however, if the scope of jurisdiction changes
for an ADR or AFR. Such additional costs include some fraction of the
above costs as well as the cost to notify the Commission of the change
in jurisdiction for the ADR or AFR.
The Commission is proposing Appendix B to Part 49 to provide a form
of confidentiality arrangement for execution by the Commission and by
ADRs and AFRs seeking swap data access maintained by SDRs so that ADRs
and AFRs can satisfy the confidentiality agreement requirement set
forth in CEA Sec. 21(d). The Commission believes that this form would
eliminate SDRs' costs and reduce ADRs' and AFRs' costs to negotiate the
terms of such an arrangement relative to an alternative of negotiating
and signing confidentiality arrangements with four separate SDRs.
Otherwise, confidentiality arrangement costs could be substantial in
terms of management
[[Page 8386]]
attention and expenditures.\79\ The Commission expects that reviewing
and signing a confidentiality arrangement would not require substantial
expenditures, but request public comments on such costs.\80\ Commenters
are encouraged to quantify where practical.
---------------------------------------------------------------------------
\79\ Nevertheless, proposed Sec. 49.18(a) would allow ADRs and
AFRs to negotiate an alternative to the proposed form, provided that
such alternative contains the elements required in proposed Sec.
49.18(b), which, in turn, requires that such alternative contain all
the elements of the proposed form.
\80\ The Commission has on occasion used the SIFMA Report on
Management and Professional Earnings in the Securities Industry to
estimate these kinds of costs. For instance, on page 279 of the
SIFMA Report for 2013, the mean salary for a compliance attorney is
$100,840 with an average bonus of $26,666. This gives $127,506 in
average total compensation for a compliance attorney. This number is
divided by 1,800 hours and multiplied by 5.35 to account for
overhead to get approximately $379 per hour. Next, multiplying by
12,000 burden hours (from the Paperwork Reduction Act section of
this release) results in approximately $4,500,000 in estimated
costs.
---------------------------------------------------------------------------
The Commission is proposing to permit SDRs to determine the means
by which they will provide access to swap data to ADRs and AFRs. The
Commission notes that SDRs already provide the Commission and the
National Futures Association with data. Providing incremental access to
ADRs and AFRs may permit SDRs to take advantage of economies of scale,
thus mitigating SDRs' costs. The proposal would also mitigate SDRs'
costs by permitting them to choose the means by which they will provide
access to swap data to ADRs and AFRs. The Commission expects that SDRs
would choose the lowest cost means of access consistent with their
statutory obligation to provide ADRs and AFRs access to swap data and
other constraints. The Commission cannot forecast what these costs
would be at this time, however, because it depends on particulars of
each SDR that the Commission does not know. Consequently, the
Commission welcomes public comments on this requirement and how SDRs
might satisfy this requirement. Commenters are encouraged to quantify
where practical.
CEA section 21(c)(7) requires SDRs to notify the Commission of
requests for data from a particular ADR or AFR. Proposed Sec.
49.17(d)(4)(i) would reduce that burden by permitting SDRs to notify
the Commission only of the first such request by each ADR or AFR and
promptly after receiving any request that does not comport with the
scope of the ADR's or AFR's jurisdiction. In addition to the foregoing,
the Commission is proposing to amend current Sec. 49.17(d)(4)(i) to
require SDRs to maintain records of all information related to the
initial and all subsequent requests for data from the requesting
entity. The SDR would have to maintain this information for the same
period required for other SDR records. Although these costs may be
relatively small, the Commission anticipates using such data to, for
example, monitor ADRs' and AFRs' access requests from time to time to
ensure that they remain within the scope of their jurisdiction and,
relatedly, to ensure that SDRs have been monitoring this access issue.
As one alternative to proposing comprehensive swap data safeguards,
the Commission instead could have chosen to merely delete the
indemnification references in its regulations. While that approach
could have avoided imposing many of the costs to ADRs, AFRs, and SDRs
related to protection of confidentiality discussed herein, it would
have dramatically increased the risk of imposing on market participants
and the public the costs discussed above in the first paragraph of this
section IV.C.4. and below in section IV.C.5.a.-c., which the Commission
preliminarily believes is inconsistent with the historical importance
Congress and the Commission have placed on protecting information
covered by CEA section 8. Consequently, the Commission has determined
to take the proposed approach.
5. Consideration of CEA Section 15(a) Factors
a. Protection of Market Participants and the Public
The Commission is proposing a number of safeguards to prevent
market participants' swap data maintained at SDRs from being
misappropriated or misused, as discussed above. Those proposed
safeguards include: Modifying the requirements for being an AFR;
requiring both ADRs and AFRs to demonstrate the scope of their swap-
data jurisdiction as a limit on the swap data to which an ADR or AFR
may have access; having the Commission issue Determination Orders;
imposing on ADRs and AFRs seeking access to swap data maintained by
SDRs a number of required confidentiality safeguards; barring onward
sharing of swap data; certain recordkeeping and reporting requirements;
and ensuring the Commission's ability to revoke an ADR's or AFR's swap
data access. Some market participants, and the public, could be harmed
if market participants' proprietary swap data were misappropriated or
misused. As detailed above in the ``Cost'' discussion, there is the
potential harm that misappropriated swap data could be used to front
run market participants whose swap data were misappropriated, raising
their costs of completing swap transactions. More specifically, spreads
could widen, which could deter some market participants from engaging
in swap transactions trading and prevent prices from adjusting as
quickly. Another possible misuse of market participants' swap data is
if those who obtained misappropriated swap data were to reverse
engineer the trading strategies of the market participants whose data
were misappropriated and use such strategies, potentially undermining
their efficacy.
b. Efficiency, Competitiveness, and Financial Integrity of Futures
Markets
The Commission believes that there will be little effect on
efficiency, competiveness, and financial integrity of futures markets
if swap data is properly protected from being misappropriated or
misused. If swap data is not properly protected, however, competition
might be affected, in that market participants might be less willing to
engage in swap transactions if parties are trading in front of them,
raising their costs, or misappropriating their trading strategies,
lowering such strategies' effectiveness. This could induce some swap
dealers to charge higher fees (explicitly or implicitly) for their
services and otherwise reduce profits. Such concerns may also encourage
market participants to increase their use of futures contracts relative
to swaps, because futures position data may be better protected.
c. Price Discovery
The Commission believes that price discovery would not be affected
by this proposed rulemaking. There may be some indirect effects on
price discovery if the safeguards in this proposed rulemaking prove
ineffective, however. Price discovery could be negatively impacted if
position data is misappropriated or misused to the disadvantage of some
participants. For instance, as previously explained, some market
participants might withdraw from swaps markets if they fear that their
position data will be misappropriated or misused. This could lead to
less frequent trading as well as reduced liquidity in swap markets.
Furthermore, spreads could widen due to front-running concerns, which
could make prices more volatile and harm price discovery.
[[Page 8387]]
d. Sound Risk Management Practices
This proposed rulemaking will help regulators better understand the
risks posed by their regulated entities. Without swaps data, it is
impossible to comprehensively supervise entities that engage in swap
trading. In this way, the proposed rulemaking helps to mitigate
systemic risk. Allowing more ADRs and AFRs to access SDR swap data
establishes the potential to improve SDR data by potentially
facilitating research and analysis that ultimately leads to better risk
management by market participants. This can occur through academic
research that influences market participants to improve their risk
management based on the research, or by ADRs and AFRs asserting their
authority over their regulated entities to compel them to improve their
swap data reporting and risk management.
e. Other Public Interest Considerations
The Commission does not believe that there are any other public
interest considerations with respect to this proposed rulemaking.
6. Request for Comment
The Commission requests comment on all aspects of its cost and
benefit considerations. Commenters are encouraged to quantify their
comments, if practical.
D. Antitrust Considerations
CEA section 15(b) requires the Commission to take into
consideration the public interest to be protected by the antitrust laws
and endeavor to take the least anticompetitive means of achieving the
objectives of the CEA, in issuing any order or adopting any Commission
rule or regulation.
The Commission does not anticipate that the proposed amendments to
part 49 will result in anticompetitive behavior. However, because the
proposed amendments affect existing SDR procedures relating to data
reporting validation and data accuracy, the Commission encourages
comments from the public on any aspect of the proposal that may have
the potential to be inconsistent with the antitrust laws or be
anticompetitive in nature.
List of Subjects in 17 CFR Part 49
Access to swap data; Commodity Exchange Act section 8;
Confidentiality; Registration and regulatory requirements; Swap data
repositories.
For the reasons stated in the preamble, the Commodity Futures
Trading Commission proposes to amend 17 CFR part 49 as set forth below:
PART 49--SWAP DATA REPOSITORIES
0
1. The authority citation for part 49 is revised to read as follows:
Authority: 7 U.S.C. 12a and 24a, unless otherwise noted.
0
2. In Sec. 49.2, revise paragraph (a)(5) to read as follows:
Sec. 49.2 Definitions.
(a) * * *
(5) Foreign Regulator. The term ``foreign regulator'' means a
foreign futures authority as defined in Section 1a(26) of the Act,
foreign financial supervisors, foreign central banks, foreign
ministries and other foreign authorities.
* * * * *
0
3. In Sec. 49.9, revise paragraph (a)(9) to read as follows:
Sec. 49.9 Duties of registered swap data repositories.
(a) * * *
(9) Upon request of Appropriate Domestic Regulators and Appropriate
Foreign Regulators, provide access to swap data held and maintained by
the swap data repository, as prescribed in Sec. 49.17;
* * * * *
0
4. Amend Sec. 49.17 as follows:
0
a. Revise paragraphs (a), (b)(1)(vii), (b)(2), (c)(2) and (c)(3),
(d)(2) through (d)(6), and (e) and (f); and
0
b. Add paragraphs (h) and (i).
The revisions and additions to read as follows:
Sec. 49.17 Access to SDR data.
(a) Purpose. This section provides a procedure by which the
Commission, other domestic regulators and foreign regulators may obtain
access to the swap data held and maintained by registered swap data
repositories. Except as specifically set forth in this section, the
Commission's duties and obligations regarding the confidentiality of
business transactions or market positions of any person and trade
secrets or names of customers identified in Section 8 of the Act are
not affected.
(b) * * *
(1) * * *
(vii) Any other person the Commission determines to be appropriate
pursuant to the process set forth in Sec. 49.17(h).
(2) Appropriate Foreign Regulator. The term ``Appropriate Foreign
Regulator'' shall mean those Foreign Regulators the Commission
determines to be appropriate pursuant to the process set forth in Sec.
49.17(h).
* * * * *
(c) * * *
(2) Monitoring tools. A registered swap data repository is required
to provide the Commission with proper tools for the monitoring,
screening and analyzing of swap data, including, but not limited to,
Web-based services, services that provide automated transfer of data to
Commission systems, various software and access to the staff of the
swap data repository and/or third-party service providers or agents
familiar with the operations of the registered swap data repository,
which can provide assistance to the Commission regarding data structure
and content. These monitoring tools shall be substantially similar in
analytical capability as those provided to the compliance staff and the
Chief Compliance Officer of the swap data repository.
(3) Authorized users. The swap data provided to the Commission by a
registered swap data repository shall be accessible only by authorized
users. The swap data repository shall maintain and provide a list of
authorized users in the manner and frequency determined by the
Commission.
(d) * * *
(2) Domestic regulator with regulatory responsibility over a swap
data repository. When a swap data repository that is registered with
the Commission pursuant to this chapter is also registered with a
domestic regulator pursuant to a separate statutory authority, and such
domestic regulator seeks access to swap data that has been reported to
such swap data repository pursuant to the domestic regulator's
regulatory regime, such access is not subject to the requirements of
sections 21(c)(7) or 21(d) of the Act, or of Sec. Sec. 49.17(d) or
49.18.
(3) Foreign Regulator with regulatory responsibility over a swap
data repository. When a swap data repository that is registered with
the Commission pursuant to this chapter is also registered with, or
recognized or otherwise authorized by, a Foreign Regulator that has
supervisory authority over such swap data repository pursuant to
foreign law and/or regulation, and such Foreign Regulator seeks access
to swap data that has been reported to such swap data repository
pursuant to the Foreign Regulator's regulatory regime, such access is
not subject to the requirements of sections 21(c)(7) or 21(d) of the
Act, or of Sec. Sec. 49.17(d) or 49.18.
(4) Obligations of the registered swap data repository in
connection with appropriate domestic regulator or appropriate foreign
regulator requests for data access. (i) A registered swap data
repository shall notify the
[[Page 8388]]
Commission promptly after receiving an initial request from an
Appropriate Domestic Regulator or Appropriate Foreign Regulator to gain
access to swap data maintained by such swap data repository and
promptly after receiving any request that does not comport with the
scope of the ADR's or AFR's jurisdiction, as described and appended to
the confidentiality arrangement required by Sec. 49.18(a). Each
registered swap data repository shall maintain records thereafter,
pursuant to Sec. 49.12, of the details of such initial request and of
all subsequent requests by such Appropriate Domestic Regulator or
Appropriate Foreign Regulator for such access.
(ii) The registered swap data repository shall notify the
Commission electronically, in a format specified by the Secretary of
the Commission, of the receipt of a request specified in Sec.
49.17(d)(4)(i).
(iii) The registered swap data repository shall not provide an
Appropriate Domestic Regulator or Appropriate Foreign Regulator access
to swap data maintained by the swap data repository unless the swap
data repository has determined that the swap data to which the
Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks
access is within the then-current scope of such Appropriate Domestic
Regulator's or Appropriate Foreign Regulator's jurisdiction, as
described and appended to the confidentiality arrangement required by
Sec. 49.18(a). An Appropriate Domestic Regulator or Appropriate
Foreign Regulator that has executed a confidentiality arrangement with
the Commission pursuant to Sec. 49.18(a) and provided such
confidentiality arrangement to one or more swap data repositories shall
notify the Commission and each such swap data repository of any change
to such Appropriate Domestic Regulator's or Appropriate Foreign
Regulator's scope of jurisdiction as described in such confidentiality
arrangement. The Commission may direct a swap data repository to
suspend, limit, or revoke access to swap data maintained by such swap
data repository based on any such change to such Appropriate Domestic
Regulator's or Appropriate Foreign Regulator's scope of jurisdiction,
and, if so directed, such swap data repository shall so suspend, limit,
or revoke such access.
(iv) The registered swap data repository need not make the
determination required pursuant to Sec. 49.17(d)(4)(iii) more than
once with respect to a recurring swap data request. If such request
changes, the swap data repository must make a new determination
pursuant to Sec. 49.17(d)(4)(iii).
(5) Timing; limitation, suspension or revocation of swap data
access. Once a registered swap data repository has--
(i) Notified the Commission, pursuant to Sec. 49.17(d)(4)(i) and
(ii), of an initial request for swap data access by an Appropriate
Domestic Regulator or Appropriate Foreign Regulator, as applicable,
that was submitted pursuant to Sec. 49.17(d)(1);
(ii) Received from such Appropriate Domestic Regulator or
Appropriate Foreign Regulator a confidentiality arrangement executed by
the Commission and such Appropriate Domestic Regulator or Appropriate
Foreign Regulator as required by Sec. 49.18(a); and
(iii) Satisfied its obligations under Sec. 49.17(d)(4)(iii), such
swap data repository shall provide access to the requested swap data;
provided, however, that such swap data repository shall, as directed by
the Commission, limit, suspend or revoke such access should the
Commission limit, suspend or revoke the appropriateness determination
for such Appropriate Domestic Regulator or Appropriate Foreign
Regulator or otherwise direct the swap data repository to limit,
suspend or revoke such access.
(6) Confidentiality arrangement. Consistent with Sec. 49.18(a),
the Appropriate Domestic Regulator or Appropriate Foreign Regulator
shall, prior to receiving access to any requested swap data, execute a
confidentiality arrangement with the Commission consistent with the
requirements set forth in Sec. 49.18(b).
(e) Third-party service providers to a registered swap data
repository. Access to the swap data and information maintained by a
registered swap data repository may be necessary for certain third
parties that provide various technology and data-related services to a
registered swap data repository. Third-party access to the swap data
and information maintained by a swap data repository is permissible
subject to the following conditions:
(1) Both the registered swap data repository and the third party
service provider shall have strict confidentiality procedures that
protect swap data and information from improper disclosure.
(2) Prior to a registered swap data repository granting access to
swap data or information to a third-party service provider, the third-
party service provider and the registered swap data repository shall
execute a confidentiality agreement setting forth minimum
confidentiality procedures and permissible uses of the swap data and
information maintained by the swap data repository that are equivalent
to the privacy procedures for swap data repositories outlined in Sec.
49.16.
(f) Access by market participants--(1) General. Access by market
participants to swap data maintained by the registered swap data
repository is prohibited other than as set forth in Sec. 49.17(f)(2).
(2) Exception. Swap data and information related to a particular
swap that is maintained by the registered swap data repository may be
accessed by either counterparty to that particular swap. However, the
swap data and information maintained by the registered swap data
repository that may be accessed by either counterparty to a particular
swap shall not include the identity or the legal entity identifier (as
such term is used in part 45 of this chapter) of the other counterparty
to the swap, or the other counterparty's clearing member for the swap,
if the swap is executed anonymously on a swap execution facility or
designated contract market, and cleared in accordance with Commission
regulations in Sec. Sec. 1.74, 23.610, and 37.12(b)(7) of this
chapter.
* * * * *
(h) Appropriateness determination process. (1) Each person seeking
an appropriateness determination pursuant to this paragraph shall file
an application with the Commission.
(2) Each applicant seeking an appropriateness determination shall
provide sufficient detail in its application to permit the Commission
to analyze whether the applicant is acting within the scope of its
jurisdiction in seeking access to swap data maintained by a registered
swap data repository, and whether the applicant employs appropriate
confidentiality safeguards to ensure that any swap data such applicant
receives from a registered swap data repository will not, except as
allowed for in the form of confidentiality arrangement set forth in
Appendix B of this part, be disclosed.
(3) If the Commission determines that an applicant pursuant to this
paragraph is, conditionally or unconditionally, appropriate for
purposes of CEA section 21(c)(7), the Commission shall issue an order
setting forth its appropriateness determination. The Commission shall
not determine that an applicant pursuant to this paragraph is
appropriate unless the Commission is satisfied that--
(i) The applicant employs appropriate confidentiality safeguards to
ensure that any swap data such applicant receives from a registered
swap data repository
[[Page 8389]]
will not be disclosed, except as allowed for in the form of
confidentiality arrangement set forth in Appendix B of this part and
(ii) Such applicant is acting within the scope of its jurisdiction
in seeking access to swap data from a registered swap data repository.
(4) The Commission reserves the right, in connection with any
appropriateness determination with respect to an Appropriate Domestic
Regulator or Appropriate Foreign Regulator, to revisit, reassess,
limit, suspend or revoke such determination consistent with the Act.
(i) Delegation of authority relating to certain matters in this
section. (1) The Commission hereby delegates, until such time as the
Commission orders otherwise, the following functions to the Director of
the Division of Market Oversight and to such members of the
Commission's staff acting under his or her direction as he or she may
designate from time to time: All functions reserved to the Commission
in this section.
(2) The Director of the Division of Market Oversight may submit any
matter which has been delegated under paragraph (i)(1) of this section
to the Commission for its consideration.
(3) Nothing in this section may prohibit the Commission, at its
election, from exercising the authority delegated under paragraph
(i)(1) of this section.
0
5. Revise Sec. 49.18 to read as follows:
Sec. 49.18 Confidentiality arrangement.
(a) Confidentiality arrangement required prior to disclosure of
swap data by a registered swap data repository to an Appropriate
Domestic Regulator or Appropriate Foreign Regulator. Prior to a
registered swap data repository providing access to swap data to any
Appropriate Domestic Regulator or Appropriate Foreign Regulator, each
as defined in Sec. 49.17(b), the swap data repository shall receive,
pursuant to Section 21(d) of the Act, an executed confidentiality
arrangement between the Commission and the Appropriate Domestic
Regulator or Appropriate Foreign Regulator, as applicable, in the form
set forth in Appendix B of this part or, at a minimum, containing the
elements required in paragraph (b) of this section, from such
Appropriate Domestic Regulator or Appropriate Foreign Regulator. Such
confidentiality arrangement must include, either as Exhibit A to the
form set forth in Appendix B of this part or similarly appended, a
description of the Appropriate Domestic Regulator's or Appropriate
Foreign Regulator's jurisdiction. Once a registered swap data
repository is notified that a confidentiality arrangement received from
an Appropriate Domestic Regulator or Appropriate Foreign Regulator no
longer is in effect, the swap data repository shall not provide access
to swap data to such Appropriate Domestic Regulator or Appropriate
Foreign Regulator.
(b) Elements of confidentiality arrangement. The confidentiality
arrangement required pursuant to paragraph (a) of this section shall,
at a minimum, include all elements included in the form of
confidentiality arrangement set forth in Appendix B of this part.
(c) Reporting failures to fulfill the terms of a confidentiality
arrangement. A registered swap data repository shall immediately report
to the Commission any known failure to fulfill the terms of a
confidentiality arrangement that it receives pursuant to paragraph (a)
of this section.
(d) Failures to fulfill the terms of the confidentiality
arrangement. The Commission may, if an Appropriate Domestic Regulator
or Appropriate Foreign Regulator fails to fulfill the terms of a
confidentiality arrangement described in paragraph (a) of this section,
direct each registered swap data repository to limit, suspend or revoke
such Appropriate Domestic Regulator's or Appropriate Foreign
Regulator's access to swap data held by such swap data repository.
(e) Delegation of authority relating to certain matters in this
section. (1) The Commission hereby delegates, until such time as the
Commission orders otherwise, the following functions to the Director of
the Division of Market Oversight and to such members of the
Commission's staff acting under his or her direction as he or she may
designate from time to time: All functions reserved to the Commission
in this section.
(2) The Director of the Division of Market Oversight may submit any
matter which has been delegated under paragraph (e)(1) of this section
to the Commission for its consideration.
(3) Nothing in this section may prohibit the Commission, at its
election, from exercising the authority delegated under paragraph
(e)(1) of this section.
0
6. In Sec. 49.22, revise paragraph (d)(4) to read as follows:
Sec. 49.22 Chief compliance officer.
* * * * *
(d) * * *
(4) Taking reasonable steps to ensure compliance with the Act and
Commission regulations in this chapter relating to agreements,
contracts, or transactions, and with Commission regulations in this
chapter under Section 21 of the Act, including confidentiality
arrangements received by the chief compliance officer's registered swap
depository pursuant to Sec. 49.18(a);
* * * * *
0
7. Add Appendix B to part 49, to read as follows:
Appendix B to Part 49--Confidentiality Arrangement for Appropriate
Domestic Regulators and Appropriate Foreign Regulators To Obtain Access
To Swap Data Maintained by Registered Swap Data Repositories Pursuant
to Sec. Sec. 49.17(d)(6) and 49.18(a)
[[Page 8390]]
[GRAPHIC] [TIFF OMITTED] TP25JA17.088
The U.S. Commodity Futures Trading Commission (``CFTC'') and the
[name of foreign/domestic regulator (``ABC'')] (each an
``Authority'' and collectively the ``Authorities'') have entered
into this Confidentiality Arrangement (``Arrangement'') in
connection with [whichever is applicable] [CFTC Regulation
49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to
[ABC] (``Order'')] and any request for swap data by [ABC] to any
swap data repository (``SDR'') registered with the CFTC.
Article One: General Provisions
1. ABC is permitted to request and receive swap data directly
from a registered SDR (``Swap Data'') on the terms and subject to
the conditions of this Arrangement.
2. This Arrangement is entered into to fulfill the requirements
under Section 21(d) of the Commodity Exchange Act (``Act'') and CFTC
Regulation 49.18. Upon receipt by a registered SDR, this Arrangement
will satisfy the requirement for a written agreement pursuant to
Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This
Arrangement does not apply to information that is [reported to a
registered SDR pursuant to [ABC]'s regulatory regime where the SDR
also is registered with [ABC] pursuant to separate statutory
authority, even if such information also is reported pursuant to the
Act and CFTC regulations][reported to a registered SDR pursuant to
[ABC]'s regulatory regime where the SDR also is registered with, or
recognized or otherwise authorized by, [ABC], which has supervisory
authority over the repository pursuant to foreign law and/or
regulation, even if such information also is reported pursuant to
the Act and CFTC regulations.] \1\
---------------------------------------------------------------------------
\1\ The first bracketed paragraph will be used for ADRs; the
second will be used for AFRs. The inapplicable paragraph will be
deleted.
---------------------------------------------------------------------------
3. This Arrangement is not intended to limit or condition the
discretion of an Authority in any way in the discharge of its
regulatory responsibilities or to prejudice the individual
responsibilities or autonomy of any Authority.
4. This Arrangement does not alter the terms and conditions of
any existing arrangements.
Article Two: Confidentiality of Swap Data
5. ABC will be acting within the scope of its jurisdiction in
requesting Swap Data and employs procedures to maintain the
confidentiality of Swap Data and any information and analyses
derived therefrom (collectively, the ``Confidential Information'').
ABC undertakes to notify the CFTC and each relevant SDR promptly of
any change to ABC's scope of jurisdiction.
6. ABC undertakes to treat Confidential Information as
confidential and will employ safeguards that:
a. To the maximum extent practicable, identify the Confidential
Information and maintain it separately from other data and
information;
b. Protect the Confidential Information from misappropriation
and misuse;
c. Ensure that only authorized ABC personnel with a need to
access particular Confidential Information to perform their job
functions related to such Confidential Information have access
thereto, and that such access is permitted only to the extent
necessary to perform their job functions related to such particular
Confidential Information;
d. Prevent the disclosure of aggregated Confidential
Information; provided, however, that ABC is permitted to disclose
any sufficiently aggregated Confidential Information that is
anonymized to prevent identification, through disaggregation or
otherwise, of a market participant's business transactions, trade
data, market positions, customers or counterparties;
e. Prohibit use of the Confidential Information by ABC personnel
for any improper purpose, including in connection with trading for
their personal benefit or for the benefit of others or with respect
to any commercial or business purpose; and
f. Include a process for monitoring compliance with the
confidentiality safeguards described herein and for promptly
notifying the CFTC, and each SDR from which ABC has received Swap
Data, of any violation of such safeguards or failure to fulfill the
terms of this Arrangement.
7. Except as provided in Paragraphs 6.d. and 8, ABC will not
onward share or otherwise disclose any Confidential Information.
8. ABC undertakes that:
a. If a department, central bank, or agency of the Government of
the United States, it will not disclose Confidential Information
except in an action or proceeding under the laws of the United
States to which it, the CFTC, or the United States is a party;
b. If a department or agency of a State or political subdivision
thereof, it will not disclose Confidential Information except in
connection with an adjudicatory action or proceeding brought under
the Act or the laws of [name of either the State or the State and
political subdivision] to which it is a party; or
c. If a foreign futures authority or a department, central bank,
ministry, or agency of a foreign government or subdivision thereof,
or any other Foreign Regulator, as defined in Commission Regulation
49.2(a)(5), it will not disclose Confidential Information except in
connection with an adjudicatory action or proceeding brought under
the laws of [name of country, political subdivision, or (if a
supranational organization) supranational lawmaking body] to which
it is a party.
9. Prior to complying with any legally enforceable demand for
Confidential Information, ABC will notify the CFTC of such demand in
writing, assert all available appropriate legal exemptions or
privileges with respect to such Confidential Information, and use
its best efforts to protect the confidentiality of the Confidential
Information.
10. ABC acknowledges that, if it does not fulfill the terms of
this Arrangement, the CFTC may direct any registered SDR to suspend
or revoke ABC's access to Swap Data.
11. ABC will comply with all applicable security-related
requirements imposed by an SDR in connection with access to Swap
Data maintained by the SDR, as such requirements may be revised from
time to time.
12. ABC will promptly destroy all Confidential Information for
which it no longer has a need or which no longer falls within the
scope of its jurisdiction, and will certify to the CFTC, upon
request, that ABC has destroyed such Confidential Information.
Article Three: Administrative Provisions
13. This Arrangement may be amended with the written consent of
the Authorities.
14. The text of this Arrangement will be executed in English,
and may be made available to the public.
15. On the date this Arrangement is signed by the Authorities,
it will become effective and may be provided to any registered SDR
that holds and maintains Swap Data that falls within the scope of
ABC's jurisdiction.
[[Page 8391]]
16. This Arrangement will expire 30 days after any Authority
gives written notice to the other Authority of its intention to
terminate the Arrangement. In the event of termination of this
Arrangement, Confidential Information will continue to remain
confidential and will continue to be covered by this Arrangement.
This Arrangement is executed in duplicate, this ___day of ___.
-----------------------------------------------------------------------
[name of Chairman]
Chairman
U.S. Commodity Futures Trading Commission
-----------------------------------------------------------------------
[name of signatory]
[title]
[name of foreign/domestic regulator]
[Exhibit A: Description of Scope of Jurisdiction. If ABC is not
enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must
attach the Determination Order received from the Commission pursuant
to Commission Regulation 49.17(h). If ABC is enumerated in
Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a
sufficiently detailed description of the scope of ABC's jurisdiction
as it relates to Swap Data maintained by SDRs.]
Issued in Washington, DC, on January 13, 2017, by the
Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
Note: The following appendices will not appear in the Code of
Federal Regulations.
Appendices to Proposed Amendments to the Swap Data Access Provisions of
Part 49 and Certain Other Matters--Commission Voting Summary and
Chairman's Statement
Appendix 1--Commission Voting Summary
On this matter, Chairman Massad and Commissioners Bowen and
Giancarlo voted in the affirmative. No Commissioner voted in the
negative.
Appendix 2--Statement of Chairman Timothy G. Massad
The increased reporting of data on swaps transactions is an
important reform of the derivatives markets agreed to by the G20
leaders in 2009. Today, thanks to this reporting, regulators across the
globe are in a better position to assess exposures and risks related to
this market. Because of the global nature of the market, it is critical
for regulators to be able to share information, subject to appropriate
confidentiality and other protections.
That's why I am pleased we are issuing this proposal, which will
make it easier for other regulators, both domestic and foreign, to gain
access to swap data repository (SDR) swap data. The proposal would
conform our rules to various changes Congress made in the law and
provide a process for sharing of information. Among other things,
Congress removed a requirement that another regulator must indemnify
both the Commission and the swap data repository for expenses related
to litigation before data could be shared. To date, no domestic or
foreign regulator has provided such an indemnification. Today's
proposal removes this requirement in the CFTC's own rules, makes other
changes consistent with Congressional action, and creates a process for
when and how other regulators gain access to SDR information that will
protect confidentiality.
I thank my fellow Commissioners Bowen and Giancarlo for their
unanimous support for this proposal. I also thank the hardworking CFTC
staff for all their efforts.
[FR Doc. 2017-01287 Filed 1-24-17; 8:45 am]
BILLING CODE 6351-01-P
Last Updated: January 25, 2017