2018-12377

Federal Register, Volume 83 Issue 113 (Tuesday, June 12, 2018) 
[Federal Register Volume 83, Number 113 (Tuesday, June 12, 2018)]
[Rules and Regulations]
[Pages 27410-27441]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-12377]

 

[[Page 27409]]

Vol. 83

Tuesday,

No. 113

June 12, 2018

Part III

 

 

Commodity Futures Trading Commission

 

 

-----------------------------------------------------------------------

 

 

17 CFR Part 49

 

 

Amendments to the Swap Data Access Provisions of Part 49 and Certain
Other Matters; Final Rule

Federal Register / Vol. 83 , No. 113 / Tuesday, June 12, 2018 / Rules
and Regulations

[[Page 27410]]


-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION

17 CFR Part 49

RIN Number 3038-AE44


Amendments to the Swap Data Access Provisions of Part 49 and
Certain Other Matters

AGENCY: Commodity Futures Trading Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: Pursuant to Title VII of the Dodd-Frank Wall Street Reform and
Consumer Protection Act of 2010 (``Dodd-Frank Act''), as amended by the
Fixing America's Surface Transportation Act of 2015 (``FAST Act''), the
Commodity Futures Trading Commission (``Commission'' or ``CFTC'') is
amending the Commission's regulations relating to access to swap data
held by swap data repositories (``SDRs''). The amendments implement
pertinent provisions of the FAST Act and make associated changes to the
Commission's regulations governing the grant of access to swap data to
certain foreign and domestic authorities by SDRs, as well as changes to
certain other regulations unrelated to such access.

DATES: The effective date for this final rule is August 13, 2018. For
compliance dates, see SUPPLEMENTARY INFORMATION.

FOR FURTHER INFORMATION CONTACT: Daniel Bucsa, Deputy Director,
Division of Market Oversight--Data and Reporting Branch (``DMO-DAR''),
(202) 418-5435, [email protected]; David E. Aron, Special Counsel, DMO-
DAR, (202) 418-6621, [email protected]; Owen J. Kopon, Special Counsel,
DMO-DAR, (202) 418-5360, [email protected]; or Stephen Kane, Research
Economist, Office of the Chief Economist, (202) 418-5911,
[email protected], Commodity Futures Trading Commission, Three Lafayette
Centre, 1151 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION: The compliance date for an SDR to comply
with its obligation under Sec.  49.17(d)(5)(iii) of the Commission's
regulations \1\ to provide access to swap data requested by an
Appropriate Domestic Regulator (as defined in Sec.  49.17(b)(1))
(``ADR'') or Appropriate Foreign Regulator (as defined in Sec. 
49.17(b)(2)) (``AFR'') is, as discussed further below, the earlier of
(1) the earliest date, after such SDR receives from such ADR or AFR the
confidentiality arrangement required by Sec.  49.18(a), that such SDR,
exercising commercially reasonable efforts in light of its obligations
under the Act \2\ and the Commission's regulations, is able to provide
such access to the ADR or AFR and (2) 180 days after the SDR receives
from such ADR or AFR the confidentiality arrangement required by Sec. 
49.18(a). The compliance date for all other regulations amended, added
or revised by this final rule is August 13, 2018.
---------------------------------------------------------------------------

    \1\ 17 CFR 49.17(d)(5)(iii). All Commission regulations cited
herein are set forth in Title 17 of the Code of Federal Regulations.
    \2\ 7 U.S.C. 1 et seq.
---------------------------------------------------------------------------

Table of Contents

I. Background and Introduction
    A. Statutory Background: The Dodd-Frank Act
    B. Regulatory History: The Part 49 Rules and the Commission's
Interpretative Statement
    1. Access to SDR Swap Data
    2. Indemnification Requirement
    C. FAST Act Amendments to CEA Section 21
    D. CEA Section 8 and the Confidentiality Provisions of CEA
Section 21
    E. High-Level Summary of Revisions to Part 49
    F. Rescission of Interpretative Statement
II. Discussion
    A. Definitions: Amendments to Sec.  49.2
    B. Domestic and Foreign Regulators With Regulatory
Responsibility Over SDRs: Amendments to Sec.  49.17(d)(2) and (3)
    1. Current Rules
    2. Proposed Amendments
    3. Comments Received
    4. Final Rules
    C. Appropriateness Determination for Foreign Regulators and Non-
Enumerated Domestic Regulators: Amendments to Sec.  49.17(b) and New
Sec.  49.17(h)
    1. Current Rule
    2. Proposed Amendments: Determination Order Process
    3. Proposed Amendments: Factors Considered in Issuing a
Determination Order
    a. Scope of Jurisdiction
    b. Robust Confidentiality Safeguards
    c. Swap Data Sharing Considerations
    4. Proposed Amendments: Other Matters Regarding the
Determination Order Process
    5. Final Rules
    D. Amendments to Sec.  49.17(d)(4): SDR Notice and Verification
Obligations
    1. Proposed Amendments
    2. Final Rules
    a. Sec.  49.17(d)(4)(i)
    i. Notices of Initial Access Requests and Requests Outside the
Scope of Jurisdiction
    ii. Recordkeeping
    iii. Aggregated Data
    b. Sec.  49.17(d)(4)(ii)
    c. Sec.  49.17(d)(4)(iii)
    i. Scope of an ADR's or AFR's Jurisdiction
    ii. Changes to an ADR's or AFR's Scope of Jurisdiction
    iii. Written Notices
    d. Sec.  49.17(d)(4)(iv)
    E. New Sec.  49.17(i): Delegation of Authority
    F. CEA Section 21(d) Confidentiality Agreements: Amendments to
Sec.  49.18
    1. Current Rule
    2. Proposed Amendments to Sec.  49.18(a): Confidentiality
Arrangement Required Prior to Disclosure of Swap Data
    3. Proposed Amendments to Sec.  49.18(b): Required Elements of
the Confidentiality Arrangement
    4. Proposed Removal of Sec.  49.18(c): ADRs and AFRs With
Regulatory Responsibility Over an SDR
    5. Proposed New Sec.  49.18(c) and (d): Failure To Fulfill the
Terms of a Confidentiality Arrangement
    6. Proposed New Sec.  49.18(e): Delegation of Authority
    7. Conforming Changes
    8. Comments Received
    9. Final Rule
    G. Other Changes
    1. Proposed Rule Changes
    2. Final Rule Changes
III. Request for Comment
IV. Compliance Date
V. Related Matters
    A. Regulatory Flexibility Act
    B. Paperwork Reduction Act
    1. Summary of the Requirements
    2. Collection of Information
    C. Cost-Benefit Considerations
    1. Introduction
    2. Benefits
    a. Background
    b. High-Level Benefits
    c. More Specific Benefits
    i. MOUs
    ii. Duty for SDRs To Notify the Commission of Swap Data Requests
From ADRs and AFRs
    iii. Form of Electronic Notification by SDRs to the Commission
    iv. Clarification of SDR Recordkeeping Obligations
    v. Limitation, Suspension or Revocation of an ADR's or AFR's
Swap Data Access
    vi. Confidentiality Arrangements
    vii. Means of Access
    3. Costs
    a. Background
    b. High-Level Costs
    c. ADRs' and AFRs' Costs
    i. Determination Order Applications
    ii. Confidentiality Arrangements
    iii. Data Security
    iv. Onward Sharing
    v. Means of Access
    d. SDRs' Costs
    i. Providing New Access Generally
    ii. Providing Notice to the Commission
    iii. Verifying That a Swap Data Request is Within an ADR's/AFR's
Scope of Jurisdiction
    iv. Means of Access
    v. Recordkeeping
    4. Response to Comments
    5. Alternatives Considered
    6. Consideration of CEA Section 15(a) Factors
    a. Protection of Market Participants and the Public
    b. Efficiency, Competitiveness, and Financial Integrity of
Futures Markets
    c. Price Discovery
    d. Sound Risk Management Practices
    e. Other Public Interest Considerations

[[Page 27411]]

    D. Antitrust Considerations

I. Background and Introduction

A. Statutory Background: The Dodd-Frank Act

    Title VII of the Dodd-Frank Act \3\ amended the Commodity Exchange
Act (``CEA'') to establish a comprehensive new regulatory framework for
swaps including, in new CEA section 21, requirements addressing the
registration and regulation of SDRs.\4\ CEA section 21 imposes on SDRs,
among other duties and responsibilities, the duty to maintain the
privacy of all swap transaction information received from a swap
dealer, counterparty, or any other registered entity.\5\ CEA section
21(c)(7) directs SDRs to make swap data available on a confidential
basis pursuant to section 8 of the CEA, upon request, and after
notifying the Commission of the request,\6\ to certain enumerated
domestic authorities and any other person (which may include certain
types of foreign authorities) that the Commission determines to be
appropriate (each such enumerated and Commission-determined entity, a
``21(c)(7) entity'').\7\
---------------------------------------------------------------------------

    \3\ See Dodd-Frank Wall Street Reform and Consumer Protection
Act, Public Law 111-203, 124 Stat. 1376 (2010), available at http://www.cftc.gov/LawRegulation/OTCDERIVATIVES/index.htm. Title VII of
the Dodd-Frank Act may be cited as the Wall Street Transparency and
Accountability Act of 2010.
    \4\ See Dodd-Frank Act section 728 (adding new CEA section 21, 7
U.S.C. 24(a), to establish a registration requirement and regulatory
regime for SDRs).
    \5\ 7 U.S.C. 24a(c)(6).
    \6\ CEA section 8, 7 U.S.C. 12, describes circumstances under
which public disclosure of information in the Commission's
possession is permitted and prohibited. As discussed more fully
below, the principles underlying CEA section 8(e), in particular,
are fundamental to CEA sections 21(c)(7) and (d) and to the access
standards and confidentiality provisions adopted in this release.
    \7\ See 7 U.S.C. 24a(c)(7). See also Commission, Final
Rulemaking: Swap Data Recordkeeping and Reporting Requirements, 77
FR 2136, Jan. 13, 2012 (``Data Final Rules''). The Data Final Rules
set forth, among others, regulations governing SDR data collection
and swap data reporting responsibilities under part 45 of the
Commission's regulations.
---------------------------------------------------------------------------

    As originally enacted, CEA sections 21(d)(1) and (2), respectively,
mandated that, prior to receipt of any requested data or information
from an SDR, a 21(c)(7) entity agree in writing to abide by the
confidentiality requirements described in CEA section 8 and,
separately, to indemnify the SDR and the Commission for any expenses
arising from litigation relating to the information provided under
section 8.\8\ Congress's repeal of the CEA section 21(d)(2)
indemnification requirement in the FAST Act \9\ in December 2015
prompted this rulemaking.\10\
---------------------------------------------------------------------------

    \8\ 7 U.S.C. 24a(d). As noted above, the indemnification
requirement was stricken from CEA section 21(d) by the FAST Act. See
Public Law 114-94, section 86001(b)(2).
    \9\ FAST Act, Public Law 114-94, 129 Stat. 1312 (Dec. 4, 2015).
    \10\ FAST Act section 86002(b)(2) struck subsection (d) of CEA
section 21 and inserted a new provision in in its place that stated
that before the swap data repository may share information with any
entity listed in section (c)(7), the swap data repository shall
receive a written agreement from each entity stating that the entity
shall abide by the confidentiality requirements described in section
8 of the CEA relating to the information on swap transactions that
is provided.
---------------------------------------------------------------------------

B. Regulatory History: The Part 49 Rules and the Commission's
Interpretative Statement

1. Access to SDR Swap Data
    In 2011, the Commission adopted rules implementing the requirements
for SDRs in CEA section 21.\11\ The Commission implemented the SDR swap
data access provisions of CEA sections 21(c)(7) and (d) by establishing
processes to allow two categories of entities to gain access to SDR
swap data. The Commission defined one category, ADRs, in Sec. 
49.17(b)(1) of the Commission's regulations as domestic authorities
enumerated in CEA section 21(c)(7)(A)-(D) \12\ and certain other
persons determined by the Commission to be appropriate recipients of
such swap data pursuant to CEA section 21(c)(7)(E).\13\
---------------------------------------------------------------------------

    \11\ Swap Data Repositories: Registration Standards, Duties and
Core Principles; 76 FR 54538 (Sept. 1, 2011) (``SDR Final Rules'');
see also Swap Data Repositories: Registration Standards, Duties and
Core Principles, 75 FR 80898 (Dec. 23, 2010) (the proposed SDR Final
Rules) (``SDR NPRM'').
    \12\ The domestic authorities enumerated in CEA section 21(c)(7)
are: (A) Each appropriate prudential regulator; (B) the Financial
Stability Oversight Council (``FSOC''); (C) the Securities and
Exchange Commission (``SEC''); and (D) the Department of Justice.
The term ``prudential regulator'' is defined in CEA section 1a(39)
(7 U.S.C. 1a(39)).
    \13\ In addition to CEA section 21(c)(7) enumerating certain
domestic authorities to which an SDR must grant swap data access,
CEA section 21(c)(7)(E), as amended by the FAST Act, identifies as
an eligible recipient of such access as any other person that the
Commission determines to be appropriate, including foreign financial
supervisors (including foreign futures authorities); foreign central
banks; foreign ministries; and other foreign authorities. 7 U.S.C.
24a(c)(7)(E). Pursuant to this authority, in Sec. Sec. 
49.17(b)(1)(v) and (vi), the Commission identified any Federal
Reserve Bank and the Office of Financial Research (``OFR''),
respectively, as ADRs. The Commission also defined as an
``Appropriate Domestic Regulator'' each prudential regulator
identified in CEA section 1(a)(39), with respect to requests related
to any such regulator's statutory authority, without limitation to
the activities listed for each regulator in CEA section 1(a)(39).
See Sec.  49.17(b)(1)(ii). The Commission further reserved the
discretion, in Sec.  49.17(b)(1)(vii), to recognize any other person
the Commission deems appropriate to be an ADR.
---------------------------------------------------------------------------

    The Commission defined the other category, AFRs,\14\ in Sec. 
49.17(b)(2) as ``Foreign Regulators'' \15\ with existing memoranda of
understanding (``MOUs'') or similar types of information sharing
arrangements with the Commission, but did not identify any specific
persons as AFRs in the SDR Final Rules. The SDR Final Rules also
defined the term AFR to include a Foreign Regulator without an existing
MOU with the Commission, as determined by the Commission on a case-by-
case basis. Such a Foreign Regulator was required to file with the
Commission an application providing sufficient facts and procedures to
permit the Commission to analyze whether the Foreign Regulator employed
appropriate confidentiality procedures, and to satisfy the Commission
that any SDR swap data or information accessed by the Foreign Regulator
would be disclosed only as permitted by section 8(e) of the CEA.\16\
---------------------------------------------------------------------------

    \14\ The Commission established the category of AFRs pursuant to
CEA section 21(c)(7)(E), which, among other things, includes a list
of the types of foreign entities that the Commission may determine
to be appropriate recipients of swap data obtained by an SDR.
    \15\ The term ``Foreign Regulator'' is defined in current Sec. 
49.2(a)(5) to mean a foreign futures authority as defined in CEA
section 1(a)(26), foreign financial supervisors, foreign central
banks and foreign ministries.
    \16\ 17 CFR 49.17(b)(2)(i)(B).
---------------------------------------------------------------------------

    An ADR or AFR seeking access to SDR swap data is required by
current Sec.  49.17(d)(1) to file an access request with the SDR
certifying that it is acting within the scope of its jurisdiction and
is required by current Sec.  49.17(d)(6) to execute a ``Confidentiality
and Indemnification Agreement'' with the SDR.\17\
---------------------------------------------------------------------------

    \17\ Current Sec.  49.18(b) requires an SDR to receive such a
Confidentiality and Indemnification Agreement from an ADR or AFR
prior to releasing swap data to the ADR or AFR.
---------------------------------------------------------------------------

2. Indemnification Requirement
    In the preamble to the SDR Final Rules, the Commission acknowledged
commenters' concerns that compliance with the statutory and regulatory
requirements to indemnify the Commission, and the SDR providing access
to swap data, for any expenses arising from litigation relating to the
information provided under section 8 of the CEA, would be difficult for
certain domestic and foreign regulators, due to various home country
laws and other regulations prohibiting such arrangements.\18\ The
Commission expressed its intent to continue to work to provide
regulators sufficient access to SDR data. In this regard, the
Commission outlined the circumstances under which it believed the
indemnification provisions of CEA

[[Page 27412]]

section 21(d) and Sec.  49.18 would not apply. The Commission explained
that, under the part 49 rules, ADRs with concurrent regulatory
jurisdiction over SDRs may in some circumstances obtain access to swap
data reported to and maintained by those SDRs without regard to the
notice and indemnification requirements of CEA sections 21(c)(7) and
(d).\19\ With respect to foreign regulatory authorities, the Commission
determined in the SDR Final Rules that swap data reported to and
maintained by an SDR may be accessed by an AFR without the execution of
a confidentiality and indemnification agreement when the AFR has
supervisory authority over a Commission-registered SDR that is also
registered with the AFR pursuant to foreign law and/or regulation.
---------------------------------------------------------------------------

    \18\ See SDR Final Rules at 54554. The Commission notes that, to
date, no 21(c)(7) entity has entered into a confidentiality or
indemnification agreement pursuant to CEA section 21(d) or the part
49 rules.
    \19\ See SDR Final Rules at 54554, n163. Accordingly, pursuant
to the Commission's Part 49 rules, these provisions did not apply to
an ADR that has regulatory jurisdiction over an SDR registered with
the ADR pursuant to a separate statutory authority and also
registered with the Commission, if the ADR executes an MOU or
similar information sharing arrangement with the Commission and the
Commission, consistent with CEA section 21(c)(4)(A), designates the
ADR to receive direct electronic access. See 17 CFR 49.17(d)(2).
---------------------------------------------------------------------------

    Since concerns about the scope of the indemnification requirement
persisted, the Commission issued an interpretative statement designed
to provide guidance and greater clarity to interested members of the
public and foreign regulators with respect to the scope and application
of CEA section 21(d) and the part 49 rules.\20\ The Interpretative
Statement clarified that a foreign regulatory authority's access to
swap data held in a CFTC-registered SDR would not be subject to the
confidentiality and indemnification provisions of CEA section 21(d) or
the part 49 regulations if (i) the registered SDR is also registered
in, or recognized or otherwise authorized by, the foreign authority's
regulatory regime and (ii) the data sought to be accessed by the
foreign authority has been reported to the registered SDR pursuant to
such foreign regulatory regime.\21\
---------------------------------------------------------------------------

    \20\ See Swap Data Repositories: Interpretative Statement
Regarding the Confidentiality and Indemnification Provisions of the
Commodity Exchange Act, 77 FR 65177 (Oct. 25, 2012)
(``Interpretative Statement'').
    \21\ Interpretative Statement at 65181.
---------------------------------------------------------------------------

C. FAST Act Amendments to CEA Section 21

    Congress responded to regulators' access concerns by including in
the FAST Act a repeal of the indemnification requirement in CEA section
21(d)(2).\22\ The confidentiality requirement in CEA section 21(d)(1)
was retained in amended CEA section 21(d).\23\
---------------------------------------------------------------------------

    \22\ Title LXXXVI (``Repeal of Indemnification Requirements'')
of the FAST Act amends the CEA by repealing the indemnification
requirements added by the Dodd-Frank Act for regulatory authorities
to obtain access to swap data because foreign regulators and
regulatory entities have indicated concerns regarding the
indemnification requirements of the Dodd-Frank Act. The title
removes such requirements so data can be shared with foreign
authorities. The title would still require the regulatory agencies
requesting the information to agree to certain confidentiality
requirements prior to receiving the data. FAST Act: Conference
Report to Accompany H.R. 22, Dec. 1, 2015 at 486-87. The repeal
applied as well to the analogous provision in the Securities
Exchange Act of 1934, 15 U.S.C. 78m(n)(5).
    \23\ As noted above, FAST Act section 86002(b)(2) struck
subsection (d) of CEA section 21 and inserted a new provision in its
place that stated that before the swap data repository may share
information with any entity listed in section (c)(7), the swap data
repository shall receive a written agreement from each entity
stating that the entity shall abide by the confidentiality
requirements described in section 8 of the CEA relating to the
information on swap transactions that is provided.
---------------------------------------------------------------------------

    The FAST Act also modified CEA section 21(c)(7)(A) by clarifying
that SDRs must make available the ``swap'' data they obtain to 21(c)(7)
entities, and added to CEA section 21(c)(7)(E)'s non-exclusive list of
persons that the Commission may determine to be appropriate recipients
of SDR swap data the new category ``other foreign authorities.'' \24\
---------------------------------------------------------------------------

    \24\ See FAST Act section 86001(b)(1).
---------------------------------------------------------------------------

D. CEA Section 8 and the Confidentiality Provisions of CEA Section 21

    CEA section 8 governs the Commission's treatment of nonpublic
information in its possession in a number of circumstances. CEA section
8(e) permits the Commission to furnish to the specified types of
domestic or foreign entities--upon their request and acting within the
scope of their jurisdiction--any information in its possession obtained
in connection with the administration of the Act.\25\ CEA section 8(e)
specifies, with respect to federal U.S. entities, that any information
furnished thereunder shall not be disclosed by the entity except in an
action or proceeding under the laws of the United States to which the
entity, the Commission or the United States is a party. CEA section
8(e) further specifies, with respect to the specified types of foreign
entities, that the Commission shall not furnish information thereunder
unless the Commission is satisfied that the information will not be
disclosed by the entity except in connection with an adjudicatory
action or proceeding to which the entity is a party brought under the
laws to which such entity is subject.
---------------------------------------------------------------------------

    \25\ 7 U.S.C. 12(e).
---------------------------------------------------------------------------

    CEA sections 21(c)(7) and 21(d) incorporate CEA section 8 in
establishing the disclosure restrictions and confidentiality standards
that apply to SDRs when providing swap data to regulators. The
Commission interprets these provisions as requiring consistency with
the principles underlying CEA section 8(e) and therefore being
fundamental to the access standards and confidentiality provisions
adopted in this release. In adopting revised Sec. Sec.  49.17 and
49.18, the Commission is mindful of these foundational principles:
Where information is sought to be accessed, the information must relate
to the scope of the requesting entity's jurisdiction; and information
provided by the SDR shall not be further disclosed except in limited,
defined circumstances.

E. High-Level Summary of Revisions to Part 49

    Pursuant to its authority under the Act,\26\ the Commission
proposed amendments in January 2017 to Sec. Sec.  49.2, 49.9, 49.17,
49.18, and 49.22 to (i) implement the statutory changes mandated by the
FAST Act amendments; (ii) make certain conforming and clarifying
changes related to such implementation; (iii) revise the process by
which appropriateness is determined for purposes of access to SDR swap
data; (iv) clarify the standards in connection with the Commission's
appropriateness determinations; and (v) establish the form and
substance of the written agreement mandated by CEA section 21(d), as
amended.\27\ In formulating the proposed amendments, the Commission
endeavored to achieve the goals of effective and consistent global
regulation of swaps \28\ while adhering to the mandate of CEA sections
21(c)(7) and (d) that swap data be made available to a limited universe
of

[[Page 27413]]

regulators on a confidential basis pursuant to CEA section 8. As
explained in Section II below, the Commission is generally adopting,
with certain modifications, the rules and rule amendments as proposed.
---------------------------------------------------------------------------

    \26\ See, e.g., CEA section 21(f)(4) (Additional duties
developed by Commission), 7 U.S.C. 24a(f)(4). The Commission is also
authorized by CEA section 8a(5), 7 U.S.C. 12a(5), to make such rules
and regulations as, in the judgment of the Commission, are
reasonably necessary to effectuate any of the provisions or to
accomplish any of the purposes of the CEA.
    \27\ See Proposed Amendments To Swap Data Access Provisions and
Certain Other Matters, 82 FR 8369 (Jan. 25, 2017) (``NPRM'').
    \28\ Section 752(a) of the Dodd-Frank Act directs the CFTC, the
SEC and the prudential regulators, as appropriate, to consult and
coordinate with foreign regulatory authorities in this regard and
provides that these entities may agree to such information-sharing
arrangements as may be deemed necessary or appropriate in the public
interest or for the protection of investors, swap counterparties,
and security-based swap counterparties.
---------------------------------------------------------------------------

F. Rescission of Interpretative Statement

    The Commission has determined to rescind the Interpretative
Statement. References to the indemnification requirement in the
Interpretative Statement are no longer necessary, as the FAST Act
repealed the indemnification requirement in CEA section 21(d).
Additionally, the modifications to Sec.  49.17(d)(3) that are adopted
by the Commission in this release are not inconsistent with the
clarifications provided in the Interpretative Statement.

II. Discussion

A. Definitions: Amendments to Sec.  49.2

    As originally adopted, Sec.  49.2(a)(5) defined the term ``Foreign
Regulator'' to include a foreign futures authority as defined in CEA
section 1a(26), foreign financial supervisors, foreign central banks
and foreign ministries.\29\ The FAST Act amendments to the CEA added to
section 21(c)(7)(E) a new category of entity--``other foreign
authorities''--that the Commission may deem appropriate to obtain
access to SDR swap data. The Commission proposed in the NPRM a
corresponding amendment to the definition of ``Foreign Regulator'' in
Sec.  49.2(a)(5) to conform this definition to amended CEA section
21(c)(7)(E). The Commission received no comments on that proposed
amendment. Thus, for the foregoing reasons, the Commission is adopting
the amendment as proposed.
---------------------------------------------------------------------------

    \29\ 17 CFR 49.2(a)(5). CEA Section 1a(26) defines a ``foreign
futures authority'' as any foreign government, or any department,
agency, governmental body, or regulatory organization empowered by a
foreign government to administer or enforce a law, rule, or
regulation as it relates to a futures or options matter, or any
department or agency of a political subdivision of a foreign
government empowered to administer or enforce a law, rule, or
regulation as it relates to a futures or options matter.
---------------------------------------------------------------------------

B. Domestic and Foreign Regulators With Regulatory Responsibility Over
SDRs: Amendments to Sec.  49.17(d)(2) and (3)

1. Current Rules
    Commission regulation 49.17(d)(2) currently provides that an ADR
with regulatory jurisdiction over an SDR that is registered with the
ADR pursuant to a separate statutory authority and that is also
registered with the Commission does not need to apply to the SDR for
access to swap data and execute a confidentiality and indemnification
agreement, as required by Sec. Sec.  49.17(d) and 49.18(b), as long as
the following conditions are met: (i) The ADR executes an MOU or
similar information sharing arrangement with the Commission; and (ii)
the Commission, consistent with CEA section 21(c)(4)(A), designates the
ADR to receive direct electronic access. The Commission provided in the
SDR Final Rules that these ADRs may be provided access to the swap data
reported and maintained by SDRs without being subject to the notice and
indemnification provisions of CEA sections 21(c)(7) and (d).\30\
---------------------------------------------------------------------------

    \30\ See SDR Final Rules at 54554.
---------------------------------------------------------------------------

    Commission regulation 49.17(d)(3) currently provides that an AFR
with supervisory authority over an SDR registered with it pursuant to
foreign law and/or regulation that is also registered with the
Commission is not subject to the requirements of Sec.  49.17(d) and
Sec.  49.18(b). As described in the SDR Final Rules and the
Interpretative Statement, the Commission believes that swap data
reported to, and maintained, by an SDR may be appropriately accessed by
an AFR without the execution of a confidentiality and indemnification
agreement when the AFR is acting in a regulatory capacity with respect
to an SDR that is also registered with the AFR, and the swap data was
reported to such SDR pursuant to such AFR's regulatory regime.
2. Proposed Amendments
    With respect to domestic regulators with regulatory jurisdiction
over an SDR, the Commission proposed in the NPRM to remove: (1) The
reference to ``Appropriate Domestic Regulator'' in Sec.  49.17(d)(2)
and replace it with the term ``domestic regulator'' to clarify that all
domestic regulators, and not just ADRs, would fall under Sec. 
49.17(d)(2); (2) Sec.  49.17(d)(2)(i) (information sharing arrangement
condition); and (3) Sec.  49.17(d)(2)(ii) (direct electronic access
condition). Based on its experience with SDR swap data access, the
Commission believed an additional refinement of these rules was
necessary in order to promote greater efficiency and cooperation among
domestic regulators. Accordingly, the Commission proposed that a
domestic regulator that has regulatory responsibility over an SDR
registered with it pursuant to a separate statutory authority should be
able to access SDR data reported to such SDR pursuant to such separate
statutory authority irrespective of whether such domestic regulator has
executed an MOU or similar information sharing arrangement with the
Commission or been designated to receive direct electronic access by
the Commission.\31\
---------------------------------------------------------------------------

    \31\ The Commission's proposal for domestic regulators was
consistent with the principle previously set forth in the
Interpretative Statement with respect to the application of the
confidentiality and indemnification provisions of the CEA to foreign
regulators. In particular, the Commission stated that a foreign
regulator's access to data from a registered SDR that is also
registered, recognized, or otherwise authorized in a foreign
jurisdiction's regulatory regime, where the data to be accessed has
been reported pursuant to that other regulatory regime, will be
dictated by that jurisdiction's regulatory regime and not by the CEA
or Commission regulations. See Interpretative Statement at 65181.
---------------------------------------------------------------------------

    In connection with foreign regulatory authorities that have
supervisory authority over an SDR, the Commission proposed in the NPRM
to (i) replace the reference to ``Appropriate Foreign Regulator'' in
Sec.  49.17(d)(3) with the term ``Foreign Regulator,'' as defined in
Sec.  49.2, to clarify that all Foreign Regulators, not only those that
have been determined ``appropriate'' by the Commission, would fall
under Sec.  49.17(d)(3); and (ii) add qualifying language to Sec. 
49.17(d)(3) so that Sec.  49.17(d)(3) applies not only to SDRs that are
``registered'' with the Foreign Regulator but also to those SDRs that
are ``recognized or otherwise authorized'' by the Foreign Regulator,
where the swap data being accessed has been reported to the SDR
pursuant to the Foreign Regulator's regulatory regime.\32\
---------------------------------------------------------------------------

    \32\ Id.
---------------------------------------------------------------------------

3. Comments Received
    The Commission received one comment, from Chicago Mercantile
Exchange Inc. (``CME''), DTCC Data Repository (U.S.) LLC (``DDR''), and
ICE Trade Vault, LLC (``ICETV'' and, collectively with CME and DDR, the
``SDR Commenters''), on its proposed modifications to Sec.  49.17(d)(2)
and (3).\33\ The SDR Commenters supported the Commission's proposed
modifications to Sec.  49.17(d)(2) and (3) stating that recognizing the
separate jurisdictional authority of another domestic regulator or
foreign regulator would further appropriate information sharing
necessary for regulatory oversight and global systemic risk mitigation
purposes.\34\
---------------------------------------------------------------------------

    \33\ Joint Comment Letter submitted by CME, DDR, and ICETV at 2
(March 27, 2017) (``SDR Letter'').
    \34\ Id.
---------------------------------------------------------------------------

4. Final Rules
    After considering the comments it received with respect to its
proposed amendments to Sec.  49.17(d)(2) and (3), and for the reason
stated above in section II.B.2., the Commission continues to believe
that swap data

[[Page 27414]]

reported to, and maintained by, an SDR may be appropriately accessed by
a domestic regulator or Foreign Regulator without the execution of a
confidentiality and indemnification agreement (1) when the regulator is
acting in a regulatory or supervisory capacity with respect to an SDR
that is also registered with, or recognized or otherwise authorized by,
the regulator and (2) with respect to swap data reported to such SDR
pursuant to such regulator's regulatory regime. The Commission,
accordingly, is adopting the amendments to Sec.  49.17(d)(2) and (3) as
proposed.

C. Appropriateness Determination for Foreign Regulators and Non-
Enumerated Domestic Regulators: Amendments to Sec.  49.17(b) and New
Sec.  49.17(h)

1. Current Rule
    CEA section 21(c)(7) specifies U.S. entities to which swap data
must be released by an SDR, provided certain prerequisites are
satisfied. Because Congress has determined that access to SDR swap data
by these entities is appropriate when the prerequisites are satisfied,
no appropriateness determination by the Commission is necessary. These
U.S. entities, along with any others the Commission determines to be
appropriate pursuant to CEA section 21(c)(7)(E), are identified in
Sec.  49.17(b)(1) as ADRs. The current part 49 rules do not include a
process for how the Commission would determine a domestic regulator to
be ``appropriate'' within the meaning of CEA section 21(c)(7)(E).
    Under current Sec.  49.17(b)(2)(i), in order for a Foreign
Regulator that does not have a current MOU with the Commission to be
determined to be an AFR,\35\ it must file with the Commission an
application in the form and manner specified by the Commission.\36\
Current Sec.  49.17(b)(2)(i)(B) requires that the application provide
sufficient facts and procedures to permit the Commission to analyze
whether the Foreign Regulator's confidentiality procedures are
appropriate and to satisfy the Commission that information provided by
an SDR will be disclosed by the Foreign Regulator only as permitted by
CEA section 8(e).
---------------------------------------------------------------------------

    \35\ No specific Foreign Regulators are enumerated in CEA
section 21(c)(7) or specifically identified as AFRs in Sec. 
49.17(b)(2).
    \36\ To date, the Commission has not specified a form and manner
for the application referenced in current Sec.  49.17(b)(2)(i)(A).
---------------------------------------------------------------------------

2. Proposed Amendments: Determination Order Process
    The Commission proposed to eliminate the current filing
requirements set forth in current Sec.  49.17(b)(2)(i) and establish
new filing requirements in proposed new Sec.  49.17(h) that would apply
to both Foreign Regulators and domestic regulators. The Commission also
proposed to include, in Sec.  49.17(h), CEA-section-8-related
confidentiality considerations and the ability for the Commission to
revisit or reassess appropriateness determinations. As proposed, new
Sec.  49.17(h) would apply to each Foreign Regulator regardless of
whether there was a current MOU or similar information sharing
arrangement in place between such Foreign Regulator and the Commission,
and to any domestic regulator other than an ADR enumerated in Sec. 
49.17(b)(1)(i) through (vi) (``Enumerated ADR'').
    Proposed Sec.  49.17(h)(3) specified two threshold requirements for
a finding of appropriateness: (i) The requesting entity has in place
appropriate safeguards to maintain the confidentiality of swap data
received from an SDR; and (ii) such entity is acting within the scope
of its jurisdiction in seeking access to swap data maintained by an
SDR. Because the Commission stated that these requirements are
necessary, but may or may not be sufficient to support an
appropriateness determination, the Commission proposed to evaluate each
filing on a case-by-case basis with reference to these and other
factors that the Commission may find germane to its determination. The
Commission proposed that, were it to find, based on information
submitted to it, that an entity's access to SDR swap data was
appropriate, the Commission would issue an order confirming the
entity's status as an ADR or AFR and setting forth any conditions or
limitations on access consistent with the relevant statutory and
regulatory requirements (a ``Determination Order'').
    The Commission also proposed in Sec.  49.17(h)(4) to be able to
revisit, reassess, limit, suspend or revoke a previously issued
Determination Order. That proposal was based on the Commission's belief
that it is necessary to reserve the authority to revisit an
appropriateness determination, and potentially take one of the
foregoing remedial actions, in order to be able to address situations
that may arise subsequent to the determination, such as where an AFR or
ADR violates the terms of a Determination Order or fails to keep SDR
swap data confidential.
3. Proposed Amendments: Factors Considered in Issuing a Determination
Order
a. Scope of Jurisdiction
    CEA section 21(c)(7) directs SDRs to provide swap data to
regulators on a confidential basis pursuant to section 8.\37\ The
Commission interprets this provision to require consistency with the
CEA section 8(e) mandate that information be furnished, on a
confidential basis, only to other regulators acting within the scope of
their jurisdiction. Accordingly, the Commission believes that an
appropriateness determination must be informed by reference to a
regulator's jurisdiction.
---------------------------------------------------------------------------

    \37\ 7 U.S.C. 24(c)(7).
---------------------------------------------------------------------------

    In this regard, the Commission proposed to add new Sec. 
49.17(h)(2), which would require an applicant seeking a Determination
Order to provide the Commission sufficient information to permit the
Commission to analyze whether the applicant is acting within the scope
of its jurisdiction in seeking access to swap data maintained by an
SDR. As part of this information, the Commission stated that it
expected that an applicant would explain the relationship between its
jurisdiction and its request for access to swap data maintained by
SDRs, including an explanation of the applicant's need for swap data to
carry out its regulatory mandate, legal authority or
responsibility.\38\
---------------------------------------------------------------------------

    \38\ The Commission expects that the applicant would provide a
description of its scope of jurisdiction as part of these
explanations.
---------------------------------------------------------------------------

    The Commission proposed in new Sec.  49.17(h)(3) that the
Commission would not issue a Determination Order unless it were
satisfied that an applicant was acting within the scope of its
jurisdiction in seeking access to SDR swap data. The Commission also
stated in the NPRM that it expected that each Determination Order would
further require, as a condition of the appropriateness determination
set forth therein, that a regulator that received a Determination Order
promptly notify the Commission, and each SDR from which it received
swap data, of any change to its jurisdiction that would relate to the
swap data access requested.\39\ Proposed Sec.  49.17(d)(4)(iii) enabled
the Commission to direct SDRs to limit, suspend or revoke an ADR's or
AFR's SDR swap data access to reflect the new scope of its
jurisdiction, and required the SDRs to so limit, suspend

[[Page 27415]]

or revoke such access in response to such Commission direction. The
Commission expected that limiting access in this manner would reduce
the risk of unauthorized or unnecessary disclosures because each
appropriate regulator would have access to swap data only to the extent
necessary to fulfill its amended jurisdictional mandate or regulatory
responsibility.
---------------------------------------------------------------------------

    \39\ The form of confidentiality arrangement set forth in
proposed Appendix B to part 49 (``Confidentiality Arrangement
Form'') also would have required such notices.
---------------------------------------------------------------------------

b. Robust Confidentiality Safeguards
    CEA section 21(c)(7) requires that SDRs make swap data available on
a confidential basis pursuant to CEA section 8. Proposed Sec. 
49.17(h)(2) accordingly would require that an applicant for a
Determination Order submit to the Commission information sufficient to
permit the Commission to analyze whether the applicant employs
appropriate confidentiality safeguards to ensure that swap data the
applicant receives from an SDR would not be disclosed other than as
permitted by the confidentiality arrangement required by proposed Sec. 
49.18(a). The Commission anticipated that this analysis would involve
the Commission considering whether the applicant's confidentiality
protocols, system safeguards and security compliance procedures could
be expected to ensure the confidentiality of the swap data, and whether
the applicant had in place protections sufficient to prevent
unauthorized intrusions into the systems that maintain the swap data.
In this regard, the Commission stated in the NPRM that it would also
expect to consider the applicant's processes for limiting internal
access to swap data to those persons with a need to know, as well as
how the swap data would be stored and whether the swap data would be
segregated from other information.
    The Commission stated in the NPRM its view that the confidentiality
protections set forth in proposed Sec.  49.17(h)(2) strike an
appropriate tradeoff between realizing the benefits of data access by
regulators,\40\ and protecting confidential information in accordance
with the dictates of CEA section 8(e), which, as described above, is
incorporated into the access provisions of CEA sections 21(c)(7) and
(d). In the NPRM, the Commission stated that it would consider these
factors essential to a determination of appropriateness.
---------------------------------------------------------------------------

    \40\ See CEA section 21(c)(7); see also Section 752(a) of the
Dodd-Frank Act (recognizing the goal of effective and consistent
global regulation of swaps).
---------------------------------------------------------------------------

c. Swap Data Sharing Considerations
    The Commission stated in the NPRM that other considerations not
proposed to be codified may also contribute to the Commission's
appropriateness analysis. Although the Commission proposed to eliminate
the current regulatory provision conferring AFR status on a Foreign
Regulator with an existing MOU or other similar type of information
sharing arrangement executed with the Commission,\41\ it nonetheless
stated in the NPRM its continued belief that the existence of such an
arrangement fosters a cooperative relationship and encourages the
development of shared understandings related to regulatory
responsibilities. The Commission added in the NPRM that, although not
dispositive, indications of a strong cooperative relationship with
another authority, as established by the existence of such an
arrangement and the Commission's experience working with such authority
in finalizing and administering the arrangement, would likely be a
factor supporting an appropriateness determination. The Commission also
stated in the NPRM that a failure to cooperate fully or to comply with
the terms of an existing or prior arrangement might be expected to
weigh against an appropriateness determination.
---------------------------------------------------------------------------

    \41\ 17 CFR 49.17(b)(2).
---------------------------------------------------------------------------

    Similarly, when assessing appropriateness, the Commission expected
to consider whether it receives access to swap data maintained by trade
repositories subject to the applicant's jurisdiction. The Commission
stated in the NPRM that it is mindful of the Dodd-Frank Act's
encouragement of coordination and cooperation with foreign regulatory
authorities.\42\ The Commission also stated in the NPRM its belief that
increased data access by regulators has the potential to provide the
Commission and other authorities with more complete information with
which to monitor risk exposures and should be expected to promote
global market stability through enhanced regulatory transparency.
Accordingly, the Commission stated in the NPRM, it would view the
following favorably in considering appropriateness: (i) Commission
access to swap data maintained by trade repositories in a foreign
regulator's jurisdiction; (ii) an arrangement to assist the Commission
in obtaining data from other jurisdictions; and (iii) a history of
assistance from a foreign regulator.
---------------------------------------------------------------------------

    \42\ See also Dodd-Frank Act section 752 (recognizing the goal
of effective and consistent global regulation of swaps).
---------------------------------------------------------------------------

4. Proposed Amendments: Other Matters Regarding the Determination Order
Process
    The Commission stated in the NPRM its preliminary belief that the
Determination Order process and factors discussed above offer a
reasonable approach to providing requesting entities access to SDR swap
data based on clearly articulated factors and any additional
considerations or circumstances the Commission may deem relevant on a
case-by-case basis. The Commission added that both the required factors
and the additional considerations support the mandates of CEA sections
8, 21(c)(7) and 21(d) and are consistent with the express intent of
Congress that the Commission coordinate and cooperate with foreign
regulatory authorities on matters related to the regulation of swaps.
Through the issuance of Determination Orders, the Commission expected
to be able to impose appropriate conditions or restrictions on an
entity's access to SDR swap data such that the entity's access would be
linked to its jurisdictional scope. Pursuant to proposed Sec. 
49.17(h)(3), the Commission could, in its discretion, issue a
Determination Order of limited duration. The Commission stated in the
NPRM that it would expect SDRs to take into account any conditions or
restrictions contained in a Determination Order when providing access
to swap data to an ADR or AFR.
    The Commission further believed it appropriate to make the process
and factors proposed in Sec.  49.17(h) applicable to any domestic
entities that are not enumerated as ADRs in Sec.  49.17(b)(1)(i)
through (vi), as scope of jurisdiction and confidentiality
considerations are equally applicable to U.S. entities, and drafted
proposed Sec.  49.17(h) accordingly.
5. Final Rules
    After considering the comments received in the SDR Letter, and for
the reasons stated in the NPRM, stated above in sections II.C.2.-4. and
stated in this section, the Commission is adopting amendments to Sec. 
49.17(b) and new Sec.  49.17(h) as proposed.
    The Commission requested comment on all aspects of proposed Sec. 
49.17(h), particularly on whether the proposed regulatory and other
factors are sufficient to determine whether access to SDR swap data is
appropriate. The Commission received one comment in response, from the
SDR Commenters. The SDR Commenters expressed support for the Sec. 
49.17(h) appropriateness determination process proposed in the NPRM
with respect to

[[Page 27416]]

Foreign Regulators and non-enumerated domestic regulators, including
the requirement that such regulators file an application with the
Commission to be determined to be appropriate recipients of SDR swap
data. The SDR Commenters added that they ``believe that a[n] MOU or
other information sharing arrangement alone, by [its] nature, ha[s] the
potential for imprecise language and bespoke arrangements that would
not provide sufficient indication of a regulator's `appropriateness.'
'' \43\
---------------------------------------------------------------------------

    \43\ SDR Letter at 3.
---------------------------------------------------------------------------

    The SDR Commenters also suggested that the Commission revise
proposed Sec.  49.17(h)(4), which provides that the Commission reserves
the right to revisit, reassess, limit, suspend or revoke any
appropriateness determination with respect to an ADR or AFR, consistent
with the CEA, to require the Commission to provide a written notice to
SDRs of such action to ensure that all SDRs are aware of any changes in
status with respect to an appropriateness determination.\44\ The
Commission agrees with the substance of the ``written notice'' comment
but believes that this suggestion should be incorporated elsewhere in
the Commission's regulations. Specifically, because proposed Sec. 
49.17(h)(4) merely addresses the Commission's right to revisit,
reassess, limit, suspend or revoke any appropriateness determination,
whereas proposed Sec.  49.17(d)(5) required an SDR to take such action
as directed by the Commission,\45\ the Commission believes that
proposed Sec.  49.17(d)(5), rather than proposed Sec.  49.17(h)(4),
should be amended in response to the ``written notice'' comment.\46\
Accordingly, the Commission is adopting Sec.  49.17(d)(5) as proposed
but with a modification to require that any Commission direction to an
SDR specified therein be in writing.
---------------------------------------------------------------------------

    \44\ SDR Letter at 7.
    \45\ As proposed, Sec.  49.17(d)(5) did not require that the
Commission direct the SDR in writing to take any of such actions.
    \46\ Proposed Sec.  49.17(h)(4) stated that the Commission
reserves the right, in connection with any appropriateness
determination with respect to an Appropriate Domestic Regulator or
Appropriate Foreign Regulator, to revisit, reassess, limit, suspend
or revoke such determination consistent with the Act. Proposed Sec. 
49.17(d)(5) stated that an SDR shall, as directed by the Commission,
limit, suspend or revoke such access should the Commission limit,
suspend or revoke the appropriateness determination for such ADR or
AFR or otherwise direct the SDR to limit, suspend or revoke such
access.
---------------------------------------------------------------------------

    Accordingly, for the reasons stated in the NPRM, stated above in
sections II.C.2.-4. and stated in this section, the Commission is
adopting amendments to Sec.  49.17(b) and new Sec.  49.17(h) as
proposed.

D. Amendments to Sec.  49.17(d)(4): SDR Notice and Verification
Obligations

1. Proposed Amendments
    CEA section 21(c)(7) requires each SDR to notify the Commission of
a swap data request received from an ADR or AFR.\47\ Currently, this
statutory requirement is implemented in Sec.  49.17(d)(4)(i), which
provides that an SDR must promptly notify the Commission regarding
``any'' request received by an ADR or AFR to gain access to swap data
maintained by the SDR.
---------------------------------------------------------------------------

    \47\ See CEA section 21(c)(7), 7 U.S.C. 24a(c)(7).
---------------------------------------------------------------------------

    To reduce the burden on SDRs and provide greater operational
efficiency consistent with the intent of CEA section 21(c)(7), the
Commission proposed to amend the SDR notification requirement in
current Sec.  49.17(d)(4)(i) to require an SDR to notify the Commission
(i) at the time that it receives the first request for access to swap
data from a particular ADR or AFR and (ii) at any time that a swap data
request from an ADR or AFR does not comport with the scope of the ADR's
or AFR's jurisdiction, as described in the confidentiality arrangement
required by proposed Sec.  49.18(a). As proposed, the amendment
provided that, upon receiving either such request for data by a
particular ADR or AFR, the SDR would be required to provide prompt
electronic notification to the Commission of the request, in a format
specified by the Secretary of the Commission, pursuant to proposed
Sec.  49.17(d)(4)(ii). The SDR would be required to keep such
notification and related requests confidential consistent with the
requirements of CEA sections 21(c)(6) and (7) and related regulatory
requirements set forth in Sec. Sec.  49.16 and 49.17.
    The Commission stated in the NPRM its belief that the proposed
approach to SDR notification supports the Commission's need to be aware
of who is able to access SDR swap data and what data has been accessed,
while eliminating potentially costly, unwieldy and inefficient notice
of every swap data request. Under the proposal, the Commission would be
notified that a particular ADR or AFR has requested access to SDR swap
data and would be able to examine SDR records of the ADR's or AFR's
individual swap data requests, and the swap data provided, as the
Commission deemed necessary.\48\
---------------------------------------------------------------------------

    \48\ The Commission stated in the NPRM that, consistent with the
current recordkeeping requirements for SDRs in Sec.  45.2(f), SDRs
are required to maintain records of all information related to the
initial and all subsequent requests for swap data from ADRs and
AFRs. The Commission stated that appropriate records would include,
at a minimum, the identity of the ADR or AFR accessing the swap
data, the date, time and substance of the request for access,
confirmation that the request is consistent with the scope of the
regulator's jurisdiction, and copies of all swap data provided by
the SDR in connection with the request for access. The Commission
added that, pursuant to Sec.  1.31, SDRs are required to maintain
such records for a period of no less than five years after the date
of such request and must provide this information to the Commission
upon request.
---------------------------------------------------------------------------

    The Commission also proposed to amend Sec.  49.17(d)(4) by adding
new paragraph (iii) to require each SDR that receives a request for
access to its swap data from an ADR or AFR to determine, prior to
providing such access, that the request is consistent with the scope of
the ADR's or AFR's jurisdiction, as described in the confidentiality
arrangement required by proposed Sec.  49.18(a).\49\ This verification
would need to incorporate any subsequent changes to such scope of
jurisdiction.
---------------------------------------------------------------------------

    \49\ The scope of jurisdiction would have been described in
Exhibit A to the form of confidentiality arrangement set forth in
proposed Appendix B to part 49.
---------------------------------------------------------------------------

    The Commission also proposed to require an ADR or AFR that has
executed a confidentiality arrangement with the Commission pursuant to
Sec.  49.18(a) and provided such confidentiality arrangement to one or
more SDRs to notify the Commission and each such SDR of any change to
such ADR's or AFR's scope of jurisdiction as described in such
confidentiality arrangement. Additionally, the proposal enabled the
Commission to direct an SDR to suspend, limit, or revoke access to swap
data maintained by such SDR based on any such change to an ADR's or
AFR's scope of jurisdiction, and required that, if so directed, such
SDR must suspend, limit, or revoke such access.
    Proposed Sec.  49.17(d)(4)(iv) required SDR verification only once
with respect to a request for ongoing or recurring access to particular
data. Additionally, if there was a change in the request, the ADR or
AFR would be obligated to make a new determination pursuant to proposed
Sec.  49.17(d)(4)(iii). The Commission recognized that the proposed
requirement would impose a burden on SDRs but noted that SDRs are
obliged by CEA section 21(c)(7) to provide access ``pursuant to section
8'' of the CEA, which, as discussed above, the Commission interprets as
requiring a jurisdictional nexus to the information requested,
consistent with CEA section 8(e). The Commission stated that it
believed that, in such circumstances, SDRs must take a role in ensuring

[[Page 27417]]

compliance with those statutory restrictions of CEA section 21(c)(7).
2. Final Rules
    The Commission received several comments from the SDR Commenters on
the proposed amendments to Sec.  49.17(d)(4). For the reasons stated
above in section II.D.1. and stated in this section II.D.2., the
Commission is adopting Sec.  49.17(d)(4)(i) through (iv) as proposed,
with one exception. Specifically, the Commission is adopting Sec. 
49.17(d)(4)(iii) with one modification suggested by the SDR Commenters,
as discussed below in section II.D.2.c.iii. In response to the SDR
Commenters' comments, the Commission is also clarifying the guidance
provided in the NPRM on Federal Register page 8,381, as discussed below
in section II.D.2.a.ii.
a. Sec.  49.17(d)(4)(i)
i. Notices of Initial Access Requests and Requests Outside the Scope of
Jurisdiction
    The SDR Commenters supported the proposed amendment to the
notification provisions in current Sec.  49.17(d)(4)(i) to require SDRs
to notify the Commission only of an initial ADR or AFR request for
access to swap data (rather than every request for swap data), stating
that this would reduce reporting burdens and increase operational
efficiencies. However, the SDR Commenters stated that ``subsection
Sec.  49.17(d)(4)(i) and (iii) should be modified to remove the
requirement that an SDR determine whether swap data to which the ADR or
AFR seeks access is within the then-current scope of such ADR's or
AFR's jurisdiction.'' \50\ The SDR Commenters claimed that they ``are
not the appropriate entities to determine the scope of a regulator's
jurisdiction'' because ``[t]hey do not possess the means to do so
correctly with current data fields'' \51\ and that the scope of
jurisdiction determination ``must rest solely with the Commission.''
\52\ Accordingly, the SDR Commenters insisted that their
responsibilities ``must be limited to providing access to the ADRs and
AFRs in accordance with the specific, appended jurisdictional
information clearly set forth in the documents describing the
confidentiality arrangements negotiated by the Commission pursuant to
Sec.  49.18.(a).'' \53\
---------------------------------------------------------------------------

    \50\ SDR Letter at 4. Proposed Sec.  49.17(d)(4)(i) states that
a registered SDR shall notify the Commission promptly after
receiving any request that does not comport with the scope of the
ADR's or AFR's jurisdiction, as described and appended to the
confidentiality arrangement required by proposed Sec.  49.18(a).
    \51\ SDR Letter at 3.
    \52\ SDR Letter at 2.
    \53\ SDR Letter at 4.
---------------------------------------------------------------------------

    The Commission declines to modify Sec.  49.17(d)(4)(i) to provide
that an SDR does not need to determine whether swap data to which an
ADR or AFR seeks access is within the then-current scope of such ADR's
or AFR's jurisdiction. As noted above, SDRs are obliged by CEA section
21(c)(7) to provide access ``pursuant to section 8'' of the CEA, which
the Commission interprets as requiring a jurisdictional nexus to the
information requested, consistent with CEA section 8(e). However, for
the reasons discussed below in response to the SDR Commenters' comments
on proposed Sec.  49.17(d)(4)(iii) in relation to determining whether
an ADR's or AFR's request for swap data is within the scope of its
jurisdiction, the Commission expects SDRs' role in applying Sec. 
49.17(d)(4)(i) to be straightforward. As discussed below, the
Commission will ensure that each ADR and AFR seeking swap data access
provides each SDR from which it seeks such access a description,
appended to the confidentiality arrangement required by proposed Sec. 
49.18(a), of the ADR's or AFR's scope of jurisdiction in a form that
will lend itself to SDRs being readily able to determine whether a
particular data request falls within the described scope of
jurisdiction. As the Commission will have previously reviewed the
described scope of jurisdiction before it is provided to an SDR as part
of the confidentiality arrangement required by proposed Sec.  49.18(a),
the SDR's role in ensuring that ADRs' and AFRs' swap data access is
limited to swap data within the then-current scope of such ADR's or
AFR's jurisdiction would be limited to appropriately circumscribing the
scope of the swap data to which an ADR or AFR obtains access to match
the ADR's or AFR's scope of jurisdiction, as described in the appendix
to the confidentiality arrangement required by Sec.  49.18(a), and
notifying the Commission if the SDR determines that a particular data
request does not comport with the described scope of jurisdiction.
    Finally, Sec.  49.17(d)(4)(i) requires an SDR to notify the
Commission of initial requests for data by an ADR or AFR and of
requests for data that do not comport with the scope of jurisdiction of
an ADR or AFR. These notifications are required to be provided,
pursuant to Sec.  49.17(d)(4)(ii), in the format specified by the
Secretary of the Commission. In response to a request from the SDR
Commenters to specify that format, the Secretary of the Commission is
now specifying that these notices should be provided to Commission
staff at the email address [email protected].
ii. Recordkeeping
    Proposed Sec.  49.17(d)(4)(i) required each SDR to maintain
records, pursuant to Sec.  49.12,\54\ of the details of an ADR's or
AFR's initial request for SDR swap data access and of all subsequent
requests by such ADR or AFR for such access. In the NPRM, the
Commission explained that an SDR's obligation to maintain records of
all information related to the initial and all subsequent requests by
an ADR or AFR for swap data access, pursuant to proposed Sec. 
49.17(d)(4)(i) and existing Sec.  45.2(f), would require the retention
of records that included, at a minimum, the identity of the ADR or AFR
accessing the swap data, the date, time and substance of the request
for access, confirmation that the request is consistent with the scope
of the regulator's jurisdiction, and copies of all data reports and
other aggregation of data provided in connection with the request for
access.\55\
---------------------------------------------------------------------------

    \54\ Commission Regulation 49.12(a) requires SDRs to maintain
their records in accordance with the requirements of part 45 of the
Commission's regulations regarding the swap data required to be
reported to SDRs. Commission Regulation 45.2(f) requires each SDR to
keep complete records of all SDR-related business activities.
    \55\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork
Reduction Act discussion of recordkeeping burdens).
---------------------------------------------------------------------------

    The SDR Commenters stated that ``the proposed requirement for SDRs
to maintain copies of data reports and other aggregation of data
provided in connection with the request [f]or access should be amended
to avoid imposing unnecessary costs.'' \56\ The SDR Commenters also
requested that ``additional detail as to what constitutes the `details
of such initial request and of all subsequent requests' be included in
the rule itself rather than merely mentioned in the preamble.'' \57\
The SDR Commenters characterized the recordkeeping requirements of
proposed Sec.  49.17(d)(4)(i) as requiring that SDRs maintain data
reports as financially burdensome, challenging to implement, and
potentially decreasing information security, because the requirements
could require an SDR ``to propagate a given data set more than once.''
\58\
---------------------------------------------------------------------------

    \56\ SDR Letter at 6.
    \57\ SDR Letter at 5-6.
    \58\ SDR Letter at 6.
---------------------------------------------------------------------------

    As an alternative to maintaining such reports, the SDR Commenters
suggested that they create pre-formatted data

[[Page 27418]]

reports and make them available for download by ADRs and AFRs ``so that
the record of access to such reports [would] be easily identifiable, in
lieu of maintaining logs of queries and query conditions . . . .'' \59\
The SDR Commenters added that, if the Commission adopted their
alternative, ``the parameters of the reports and the logic which is
used to populate the reports is all that should have to be
maintained.'' \60\ The SDR Commenters contended that the Commission
should require only ``the saving of metadata around reports rather than
the actual reports[.]'' \61\
---------------------------------------------------------------------------

    \59\ Id.
    \60\ Id.
    \61\ Id.
---------------------------------------------------------------------------

    After the NPRM was published in the Federal Register, Commission
staff discussed the SDR Commenters' recordkeeping concerns, as set out
in the SDR Letter, with the SDRs.\62\ Based on those discussions, the
Commission understands that the SDR Commenters plan to provide swap
data access to ADRs and AFRs in one of two ways: (1) Via pre-formatted
reports that the SDR Commenters would make available for download by
ADRs and AFRs or send to ADRs and AFRs, in each case on a regular
basis; or (2) via a Web-based portal through which ADRs and AFRs could
conduct customized searches of swap data.\63\ In those discussions, the
SDR Commenters explained that they would not consider it unduly
burdensome to maintain records of the pre-formatted reports (if they
provide ADRs and AFRs access to swap data via pre-formatted reports) or
records of both the parameters of the permitted access and the queries
(if they provide such access via Web portal).
---------------------------------------------------------------------------

    \62\ Brief summaries of those ex parte communications are
available on the Commission's website at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777.
    \63\ The swap data provided in the pre-formatted reports or
through the Web-based portals would be limited to swap data within
the particular ADR's or AFR's scope of jurisdiction, as described in
the confidentiality arrangement required by Sec.  49.18(a).
---------------------------------------------------------------------------

    In response to the SDR Letter, and for the reasons explained by the
SDR Commenters and described in this section, the Commission confirms
that, as represented by the SDRs and consistent with the reasoning
discussed in the NPRM,\64\ either of these means of providing swap data
access to ADRs and AFRs would be acceptable. The Commission also
confirms that SDRs may satisfy their recordkeeping duties under Sec. 
49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre-
formatted swap data reports; or (2)(a) the parameters of Web portal
swap data access and (b) queries run by ADRs and AFRs using such
access.
---------------------------------------------------------------------------

    \64\ See, e.g., NPRM at 8385 (stating that the Commission is
proposing not to specify a particular means of ADRs and AFRs
accessing swap data) and 8386 (stating that the Commission expects
that SDRs would choose the lowest cost means of access consistent
with their statutory obligation to provide ADRs and AFRs access to
swap data and other constraints).
---------------------------------------------------------------------------

iii. Aggregated Data
    The SDR Commenters also expressed concerns that the Commission's
statement that proposed Sec.  49.17(d)(4)(i) and existing Sec.  42.5
would require retention of copies of all other aggregation of data
provided in connection with the request for access was intended to
impose a requirement to provide aggregated data to ADRs or AFRs. To
address that concern, the SDR Commenters asked the Commission to
specify that SDRs would not be required to provide ADRs or AFRs with
aggregated data and that SDRs are required to provide only raw swap
transaction data, in the form of, for example, pre-formatted reports or
via Web-based portal access.\65\
---------------------------------------------------------------------------

    \65\ See SDR Letter at 6.
---------------------------------------------------------------------------

    In response to the foregoing comment, and for the reasons explained
by the SDR Commenters and described in this section, the Commission
clarifies that SDRs are required to provide ADRs and AFRs only raw swap
transaction data in the form in which SDRs maintain such data. The
Commission further clarifies that SDRs are not required to aggregate or
manipulate raw swap transaction data to provide it to ADRs or AFRs in
customized formats or reports requested thereby. Through its
consultations with certain ADRs as required by section 712(a)(1) of the
Dodd-Frank Act,\66\ the Commission understands that those ADRs
enumerated in Sec.  49.17(b)(1)(i) through (vi) that are interested in
accessing SDR swap data are capable of receiving such data and
manipulating and analyzing such data using their own systems.
---------------------------------------------------------------------------

    \66\ Section 712(a)(1) of the Dodd-Frank Act provides that
before commencing any rulemaking or issuing an order regarding swap
data repositories, the Commission shall consult and coordinate to
the extent possible with the Securities and Exchange Commission and
the prudential regulators for the purposes of assuring regulatory
consistency and comparability.
---------------------------------------------------------------------------

    After considering the comments on proposed Sec.  49.17(d)(4)(i),
for the reasons described above, the Commission is adopting the
amendments to Sec.  49.17(d)(4)(i) as proposed.
b. Sec.  49.17(d)(4)(ii)
    The Commission proposed only minor, clarifying changes to Sec. 
49.17(d)(4)(ii) and did not receive any comments thereon. The
Commission is adopting the amendments to Sec.  49.17(d)(4)(ii) as
proposed.
c. Sec.  49.17(d)(4)(iii)
i. Scope of an ADR's or AFR's Jurisdiction
    The SDR Commenters commented that ``the determination as to scope
of jurisdiction must rest solely with the Commission'' \67\ because
``[t]he SDRs do not have, and are not required to have[,] information
sufficient to determine whether requested swap data is within the
ADR['s] or AFR[']s scope of jurisdiction.'' \68\ The SDR Commenters
contended that, if the Commission wants the SDRs to play a role in
determining whether swap data is subject to the jurisdiction of any
particular ADR or AFR, the Commission would need to ``amend the current
Part 43 and Part 45 fields to provide the SDRs with the basis to make
these determinations.'' \69\ The SDR Commenters added that they
``should not be expected to make interpretations about jurisdictional
questions from ambiguous data points.'' \70\
---------------------------------------------------------------------------

    \67\ SDR Letter at 2.
    \68\ Id. at 3.
    \69\ Id. at 4.
    \70\ Id.
---------------------------------------------------------------------------

    On this point, the SDR Commenters explained that ``[t]he current
Part 43 and Part 45 data fields do not yield information that would
allow an SDR to identify trades that fall within an ADR['s] or AFR's
jurisdiction definitively.'' \71\ They recommended that ADRs and AFRs
``should be required to provide a[ ] . . . list of Part[ ] 43 and 45
data fields (e.g., legal entity identifiers (``LEIs'') of the reporting
counterparty and non-reporting party[and] the unique product identifier
(``UPI'')) and parameters for such data fields'' \72\ that would
clearly indicate to the SDRs which swaps fall within an ADR's or AFR's
jurisdiction. The SDR Commenters contended that such a list of Part 43
and 45 data fields is necessary because ``no Part 43 or 45 data fields
. . . by themselves identify swaps that fall within an ADR['s] or AFR's
jurisdiction.'' \73\
---------------------------------------------------------------------------

    \71\ Id.
    \72\ Id.
    \73\ Id.
---------------------------------------------------------------------------

    The SDR Commenters contended that the benefits of their proposed
approach would include ensuring that SDRs grant access in a consistent
manner and that the security controls established by an SDR according
to Part 43 or 45 parameters would prevent access to swap data outside
the scope of an ADR's or AFR's jurisdiction. The SDR

[[Page 27419]]

Commenters recommended the following changes to the proposed
regulations to effectuate their proposed approach:
     Removing proposed Sec.  49.17(d)(4)(iv) completely;
     removing the requirement in proposed Sec.  49.17(d)(4)(i)
and (iii) that an SDR determine whether swap data to which an ADR or
AFR seeks access is within the then-current scope of such ADR's or
AFR's jurisdiction;
     replacing the ``negative requirement'' not to provide
access unless such a determination has been made with a ``positive
requirement'' to provide access that comports with the jurisdictional
determination made by the Commission, which determination is clearly
spelled out in the confidentiality arrangement;
     modifying paragraph Sec.  49.17(d)(4)(iii) to state that
any requested change in an ADR's or AFR's scope of jurisdiction, as
described in the confidentiality arrangement required by proposed Sec. 
49.18(a), should be agreed to between the Commission and the ADR or AFR
and the information appended to the confidentiality arrangement should
be amended accordingly and provided to the SDRs for implementation; and
     revising the description of Exhibit A in the
confidentiality arrangement to state that the ``description of scope of
jurisdiction'' must include a list of part 43 and part 45 fields and
specific parameters.\74\
---------------------------------------------------------------------------

    \74\ Id. at 4 and 5.
---------------------------------------------------------------------------

    After considering the SDR Commenters' comments and consulting with
certain ADRs as required by section 712(a)(1) of the Dodd-Frank Act,
the Commission agrees with the SDR Commenters that SDRs should not be
responsible for determining the scope of an ADR's or AFR's
jurisdiction, for the reasons explained by the SDR Commenters and
described in this section. The Commission believes, however, that SDRs
should be responsible for limiting ADRs' and AFRs' access to swap data
to those swap data within ADRs' and AFRs' then-current scopes of
jurisdiction, as described in the appendix to the confidentiality
arrangement required by Sec.  49.18(a). As noted above, SDRs are
obligated by CEA section 21(c)(7) to provide access ``pursuant to
section 8'' of the CEA, which the Commission interprets as requiring a
jurisdictional nexus to the information requested, consistent with CEA
section 8(e).
    For the swap data sharing goal of CEA section 21(c)(7) to be
achieved, an ADR's or AFR's description of its scope of jurisdiction
must allow the SDRs to establish objective parameters for determining
whether a particular data request falls within such scope of
jurisdiction, without undue obstacles. The Commission believes that a
system requiring legal analysis by the SDRs (a possible result,
depending on how ADRs and AFRs describe their scopes of jurisdiction)
for each ADR/AFR swap data request is impractical at best and could
lead to very slow data access and disparate results across SDRs.
Consequently, the Commission supports the spirit of the SDR Commenters'
proposal that relevant Part 43/45 data fields could be used to assist
in clarifying an ADR's or AFR's scope of jurisdiction, for purposes of
SDR swap data access.\75\
---------------------------------------------------------------------------

    \75\ The SDR Commenters' approach, by permitting automation,
could expedite swap data access. The SDR Commenters' approach could
also eliminate the potential for inconsistent determinations by
different SDRs.
---------------------------------------------------------------------------

    The Commission intends to review each ADR's and AFR's description
of its scope of jurisdiction and ensure that such descriptions are
presented in the confidentiality arrangement in a form SDRs can readily
adapt to SDR-developed swap data reports and/or search parameters. The
Commission also interprets CEA section 21(c)(7) as imposing on SDRs the
duty to limit ADRs' and AFRs' access to swap data to those swap data
within ADRs' and AFRs' scope of jurisdiction. The description of an
ADR's or AFR's scope of jurisdiction will be appended to the
confidentiality arrangement that is executed between the ADR or AFR and
the Commission and provided to SDRs. An SDR's duty with respect to this
description of the ADR's or AFR's scope of jurisdiction is to ensure
that the swap data provided to the ADR or AFR is limited to those
records that fall within the description appended to the
confidentiality arrangement. For example, if the description is based
on a list of LEIs representing entities that a particular ADR
regulates, then the SDR's duty would be to provide all swap data
associated with the fields in which those LEIs appear (e.g., the fields
associated with counterparty identifiers), as those fields are set
forth in the description provided by the ADR. As the SDR Commenters
acknowledged in discussions with Commission staff, this would make
fulfilling their obligations under CEA section 21(c)(7) and Sec. 
49.17(d)(4), as proposed, straightforward to apply.
    The Commission anticipates that, as a practical matter, ADRs and
AFRs generally will describe their then-current scopes of jurisdiction,
as appended to the confidentiality arrangement required by Sec. 
49.18(a), in terms of LEIs and possibly also UPIs or other product
identifiers. Although there may be some limitations of using LEIs and
product identifiers (e.g., in limited instances where blank or
incorrect data entries remain in LEI fields, LEIs are masked in a
number of cases to reflect certain other jurisdictions' privacy law
limits on disclosure, and the Commission has yet to designate a UPI and
product classification system), the Commission believes these data
elements represent the most useful method of describing ADRs' and AFRs'
scopes of jurisdiction.\76\
---------------------------------------------------------------------------

    \76\ In addition, if the scope of an ADR's or AFR's jurisdiction
supports receiving all swap data with respect to entities over which
an ADR or AFR exercises oversight, the ADR or AFR may not need to
use product identifiers at all--it may be able to use LEIs alone to
describe the scope of its jurisdiction.
---------------------------------------------------------------------------

    It also is possible that an ADR or AFR will be able to convey its
scope of jurisdiction without using part 43 or part 45 data fields in a
way that SDRs will be able to easily apply. The SDR Letter itself
acknowledged the possibility that other part 43 or part 45 data fields
may be relevant in describing ADRs' and AFRs' scopes of
jurisdiction.\77\ For example, it is conceivable that an ADR's scope of
jurisdiction may include all swap data maintained at SDRs (though the
Commission does not anticipate that this will be the case with respect
to most ADRs). In such case, it would not be necessary to use part 43,
part 45 or any other swap data fields to delineate the scope of an
ADR's or AFR's jurisdiction. For the foregoing reasons, the Commission
declines to specifically require the use of part 43 or part 45 data
fields to describe an ADR's or AFR's scope of jurisdiction.
---------------------------------------------------------------------------

    \77\ For example, the SDR Letter noted that ``an indication of
whether a swap is a mixed swap'' could constitute a part 43 or 45
data field that ``determine[s] . . . which swaps fall within an ADR
or AFR's jurisdiction.'' SDR Letter at 4. Also, in ex parte
communications following the publication of the NPRM, the SDR
Commenters acknowledged that other fields could potentially be
relevant as well.
---------------------------------------------------------------------------

    The Commission also declines to act on the SDR Commenters' request
to delete proposed Sec.  49.17(d)(4)(iv), which provides that SDRs need
only make a jurisdictional determination with respect to an ADR's or
AFR's swap data access request once for a recurring request and once
each time the parameters of the access requests change. The SDR
Commenters expressed support in the SDR Letter for that single
determination concept and appear to have requested the deletion of

[[Page 27420]]

proposed Sec.  49.17(d)(4)(iv) because it would impose a jurisdictional
determination requirement on SDRs. As explained above, however, the
requirement for an SDR to ensure that a data access request is within
the then-current scope of an ADR's or AFR's jurisdiction, as described
in an appendix to the confidentiality arrangement required by Sec. 
49.18(a), is required by statute and should impose a minimal burden on
SDRs.
    For the reasons described below in section II.D.2.c.ii., the
Commission declines to modify proposed Sec.  49.17(d)(4)(iii) to state
that any change in an ADR's or AFR's swap data access based on a change
in its scope of jurisdiction should be agreed to between the Commission
and the ADR or AFR, and the jurisdictional description appended to the
confidentiality arrangement should be amended accordingly and provided
to the SDRs for implementation.
ii. Changes to an ADR's or AFR's Scope of Jurisdiction
    The SDR Commenters stated that the Commission should amend Sec. 
49.17(d)(4)(iii) to require that the Commission and an ADR or AFR agree
to any change to the SDR swap data that an ADR or AFR may access based
on a change in the ADR's or AFR's scope of jurisdiction, which should
then be reflected in an updated confidentiality arrangement provided to
the SDRs.\78\
---------------------------------------------------------------------------

    \78\ See SDR Letter at 4.
---------------------------------------------------------------------------

    The Commission believes Sec.  49.17(d)(4)(iii), as proposed,
addresses the SDR Commenters' comment. The first sentence states that
an SDR shall not grant an ADR or AFR access to swap data maintained by
the SDR unless the SDR has determined that the swap data to which the
ADR or AFR seeks access is within the then-current scope of such ADR's
or AFR's jurisdiction, as described and appended to the confidentiality
arrangement required by Sec.  49.18(a). Accordingly, once an SDR
receives that jurisdictional description, it can rely on that
description until it either receives a new jurisdictional description
or is directed by the Commission to suspend, limit, or revoke an ADR's
or AFR's swap data access.
    The second sentence of Sec.  49.17(d)(4)(iii), as proposed,
requires that each ADR or AFR that has executed a confidentiality
arrangement with the Commission pursuant to Sec.  49.18(a) and provided
it to one or more SDRs shall notify the Commission and each such SDR of
any change to such ADR's or AFR's scope of jurisdiction, as described
in such confidentiality arrangement. This puts the burden on each ADR
and AFR to inform the Commission, and each SDR from which an ADR and
AFR receives swap data, of changes to such ADR's or AFR's
jurisdiction.\79\ The Commission would review any such changes, which
the Commission expects will be in the form of an updated jurisdictional
description and, unless the Commission found an error or other issue in
the updated jurisdictional description, expects to advise the relevant
ADR or AFR that it could provide the relevant SDRs the updated scope of
jurisdiction description.
---------------------------------------------------------------------------

    \79\ The Commission expects each ADR and AFR to also notify (in
writing) the Commission and each SDR from which the ADR or AFR
receives swap data of proposed changes to the ADR's or AFR's
jurisdiction. With such advance notice, the Commission would seek to
consider the implications, if any, of such changes, if finalized as
proposed, for the scope of SDR swap data to which the ADR or AFR
could have access. With suitable advance notice from the ADR or AFR,
the SDRs could implement such changes contemporaneously with the
time an ADR's or AFR's scope of jurisdiction changes.
---------------------------------------------------------------------------

    If the ADR's or AFR's scope of jurisdiction were to become more
narrow, the Commission could use its authority pursuant to the third
sentence of proposed Sec.  49.17(d)(4)(iii) to direct the relevant SDRs
to suspend, limit, or revoke access to swap data maintained by such SDR
based on any such change to such ADR's or AFR's scope of jurisdiction,
in which case such SDR shall so suspend, limit, or revoke such access.
If the ADR's or AFR's scope of jurisdiction were to expand, as a
practical matter, the ADR or AFR could not obtain swap data relevant to
such expanded jurisdiction until the SDRs could update the parameters
of their means of providing access accordingly, which the Commission
would expect them to do no later than the earlier of (1) the earliest
date such SDR, exercising commercially reasonable efforts in light of
its obligations under the CEA and the Commission's regulations, is able
to update the parameters of swap data access to match the ADR's or
AFR's new scope of jurisdiction and (2) 180 days after the SDR receives
those new parameters.
iii. Written Notices
    The SDR Commenters contended that ``[p]roposed Sec. 
49.17(d)(4)(iii) should specify that any request by the Commission to
the SDR to suspend, limit, or revoke access to swap data should be
provided in writing.'' \80\ The Commission agrees that such an
important action should be provided in writing to avoid
misunderstandings and to provide a record on which SDRs can rely.
Accordingly, Sec.  49.17(d)(4)(iii), as adopted, provides that an SDR
is required to suspend, limit, or revoke an ADR's or AFR's access to
the swap data maintained by such SDR only if the Commission
communicates such instruction to the SDR in writing.
---------------------------------------------------------------------------

    \80\ SDR Letter at 7.
---------------------------------------------------------------------------

d. Sec.  49.17(d)(4)(iv)
    The Commission proposed in Sec.  49.17(d)(4)(iv) that an SDR need
not make the scope of jurisdiction determination required pursuant to
proposed Sec.  49.17(d)(4)(iii) more than once with respect to a
recurring swap data request but that, if such request changed, the SDR
would have to make a new determination pursuant to Sec. 
49.17(d)(4)(iii). The SDR Commenters requested that the Commission
remove proposed Sec.  49.17(d)(4)(iv), but the Commission understands
this request to have been rooted in the SDR Commenters' concern that
SDRs are not well suited to make a jurisdictional determination with
respect to an ADR's or AFR's request for swap data, as discussed above
in section II.D.4.c.i. For the reasons discussed therein, the
Commission considers those concerns otherwise addressed and is adopting
Sec.  49.17(d)(4)(iv) as proposed.\81\
---------------------------------------------------------------------------

    \81\ As discussed above, the Commission is not mandating that
SDRs perform an analysis of an ADR's or AFR's scope of jurisdiction.
Instead, the Commission is obligating SDRs to apply the scope of
jurisdiction as defined in the confidentiality arrangement required
by Sec.  49.18(a).
---------------------------------------------------------------------------

E. New Sec.  49.17(i): Delegation of Authority

    In the interest of expedience and efficiency in determining
appropriateness of access by ADRs and AFRs, the Commission proposed (1)
to delegate all functions reserved to the Commission in Sec.  49.17 to
the Director of the Division of Market Oversight (``DMO'') and to such
members of the Commission's staff acting under his or her direction as
he or she may designate from time to time and (2) that the DMO Director
could submit any such delegated matter to the Commission for its
consideration and that nothing prevents the Commission from exercising
the delegated authority. The Commission received no comments in
response to proposed Sec.  49.17(i) and is adopting it as proposed.

F. CEA Section 21(d) Confidentiality Agreements: Amendments to Sec. 
49.18

    CEA section 21(d), as amended by the FAST Act, requires that, prior
to providing swap data to a 21(c)(7) entity, an SDR shall receive a
written agreement from each entity stating that the entity shall abide
by the

[[Page 27421]]

confidentiality requirements described in CEA section 8 relating to the
information on swap transactions that is provided.\82\ As originally
adopted, the part 49 rules required that such confidentiality
agreements be executed between the SDR and the 21(c)(7) entity.\83\ The
Commission proposed in the NPRM to modify its part 49 rules to add a
new Sec.  49.18(a) requiring that a confidentiality arrangement be
executed by and between the ADR or AFR and the Commission.\84\ Once the
ADR or AFR and the Commission have executed a confidentiality
arrangement, the ADR or AFR may present the executed document to any
SDR from which it requests access to swap data in satisfaction of CEA
section 21(d).
---------------------------------------------------------------------------

    \82\ See CEA section 21(d). 7 U.S.C. 24a(d), as amended by the
FAST Act.
    \83\ See Sec. Sec.  49.17(d)(6) and 49.18(b), as in effect prior
to this adopting release.
    \84\ The Commission notes that the SEC has implemented a similar
approach with respect to the execution of the required agreement.
See Access to Data Obtained by Security-Based Swap Data
Repositories, 81 FR 60585 at 60591 and 60608 (Sept. 2, 2016) (SEC
rule 13n-4(b)(10), 17 CFR 240.13n-4(b)(10), and associated preamble
text) (``SEC Indemnification Rule'').
---------------------------------------------------------------------------

    Based on its experience with SDRs and swap data access since the
adoption of part 49 in 2011, and on further consideration of the
relationship between CEA sections 21 and 8, the Commission believed
this change was consistent with the statutory framework established by
Congress in CEA sections 21(d) and 21(c)(7) and more directly conforms
to the confidentiality mandate of CEA section 8. The Commission stated
its belief that this change would promote regulatory efficiency and
reduce costs to SDRs, ADRs and AFRs while ensuring the confidentiality
of SDR swap data.
    To further promote regulatory efficiency, the Commission proposed a
Confidentiality Arrangement Form for use by ADRs and AFRs. The
Commission expects its use by ADRs and AFRs to significantly reduce the
need for these entities to negotiate separate, SDR-specific
confidentiality arrangements with the Commission. The Confidentiality
Arrangement Form also will benefit the Commission by allowing it to use
a single form of confidentiality arrangement rather than a different
version for each ADR and AFR. This Confidentiality Arrangement Form
also will eliminate the costs and potential inefficiencies for the SDRs
that are inherent in requiring each SDR to negotiate confidentiality
arrangements with a potentially large number of ADRs and AFRs.
Similarly, the Confidentiality Arrangement Form will also eliminate
costs and inefficiencies for ADRs and AFRs that would be incurred if
each ADR and AFR has to negotiate and execute a unique confidentiality
arrangement with each SDR. Finally, the Commission believes that
widespread use of the Confidentiality Arrangement Form will facilitate
timely access to SDR swap data by ADRs and AFRs by reducing or
eliminating instances in which the Commission and its staff need to
devote time and resources to developing and reviewing individualized
confidentiality arrangements.
1. Current Rule
    The Commission adopted Sec.  49.18 to implement CEA sections
21(d)(1) and (2) as originally enacted. Accordingly, the current rule
obligates SDRs to execute a ``Confidentiality and Indemnification
Agreement'' before providing SDR swap data to an ADR or AFR. In the
FAST Act, Congress repealed the indemnification requirement in CEA
section 21(d)(2), and the Commission proposed in the NPRM certain
conforming amendments to Sec.  49.18 to remove references to
indemnification.
    Separately, the Commission proposed in the NPRM to amend Sec. 
49.18 to modify the substantive requirements of the confidentiality
arrangement and the parties to the confidentiality arrangement, to
establish conditions for restricting or revoking access to SDR swap
data, and to clarify the confidentiality obligations of ADRs and AFRs
with regulatory responsibility over an SDR.
2. Proposed Amendments to Sec.  49.18(a): Confidentiality Arrangement
Required Prior to Disclosure of Swap Data
    The Commission proposed to remove existing Sec.  49.18(a) \85\ and
add a new Sec.  49.18(a) requiring that an SDR, before providing access
to swap data maintained by the SDR to an ADR or AFR, receive a
confidentiality arrangement executed by the Commission and the ADR or
AFR that, at a minimum, contains all elements described in Sec. 
49.18(b), as amended.
---------------------------------------------------------------------------

    \85\ Existing Sec.  49.18(a) describes the purpose of Sec. 
49.18.
---------------------------------------------------------------------------

3. Proposed Amendments to Sec.  49.18(b): Required Elements of the
Confidentiality Arrangement
    The Commission proposed to amend Sec.  49.18(b) \86\ to include a
requirement that the confidentiality arrangement required pursuant to
Sec.  49.18(a) shall, at a minimum, include all elements included in
the Confidentiality Arrangement Form. As proposed, paragraph 5 of the
Confidentiality Arrangement Form required an ADR or AFR to undertake
that it will be acting within the scope of its jurisdiction each time
it requests swap data from an SDR, and to promptly notify the
Commission and each relevant SDR if the scope of the ADR's or AFR's
jurisdiction changes. As proposed, paragraph 5 of the Confidentiality
Arrangement Form also required ADRs and AFRs to employ procedures to
maintain the confidentiality of swap data received from an SDR and any
information and analyses derived therefrom (the swap data and such
information are referred to collectively in the Confidentiality
Arrangement Form as the ``Confidential Information'').
---------------------------------------------------------------------------

    \86\ Existing Sec.  49.18(b) requires an SDR to receive a
confidentiality agreement from a 21(c)(7) entity before granting the
21(c)(7) entity access to swap data maintained by the SDR. As
discussed above, the Commission proposes to address in Sec. 
49.18(a), as adopted herein, the confidentiality agreement condition
to swap data access.
---------------------------------------------------------------------------

    As proposed, paragraph 6 of the Confidentiality Arrangement Form
required ADR and AFR signatories to employ the following safeguards to
maintain the confidentiality of the Confidential Information:
     To the maximum extent practicable, maintain Confidential
Information received from SDRs separately from other data and
information; \87\
---------------------------------------------------------------------------

    \87\ Without limitation, ADRs and AFRs seeking useful guidance
for Confidential Information segregation can look to the data
segregation standards contained in the National Institute of
Standards and Technology (``NIST'') Special Publication 800-53,
Revision 4, Security and Privacy Controls for Federal Information
Systems and Organizations (April 2013) (``NIST Document''),
available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. The NIST Document also references
international security standards in Appendix H (International
Information Security Standards). See also the Federal Information
Security Management Act of 2002, as amended (``FISMA''), 44 U.S.C.
3541. As the Commission has previously noted in a different context,
FISMA ``is a source of cybersecurity best practices and also
establishes legal requirements for federal government agencies . . .
.'' System Safeguards Testing Requirements, 80 FR 80139, 80142 Dec.
23, 2015) (``Registered Entity Cyber NPRM''). The Commission adopted
final rules based on the Registered Entity Cyber NPRM. See System
Safeguards Testing Requirements, 81 FR 64271 (Sept. 19, 2016)
(``Final Registered Entity Cyber Rules'').
---------------------------------------------------------------------------

     protect such Confidential Information from
misappropriation and misuse; \88\
---------------------------------------------------------------------------

    \88\ This should include cybersecurity measures. As the
Commission detailed in a different context in the Final Registered
Entity Cyber Rules, ``cyber threats to the financial sector continue
to expand.'' See id. at 64272. See also System Safeguards Testing
Requirements for Derivatives Clearing Organizations, 80 FR 80113,
80114-80115 (Dec. 23, 2015) (describing escalating and evolving
cybersecurity threats); Registered Entity Cyber NPRM at 80140-80141
(describing, inter alia, the then-current cybersecurity threat
environment).

---------------------------------------------------------------------------

[[Page 27422]]

     ensure that only ADR or AFR personnel with a need to
access particular Confidential Information to perform their job
functions related to such Confidential Information have access thereto
and that such access is permitted only to the extent necessary to
perform such job functions; \89\
---------------------------------------------------------------------------

    \89\ One basic principle of data security is that only those
with a need to access data to perform their work should be granted
access to such data. See, e.g., Framework for Improving Critical
Infrastructure Cybersecurity at 23 (Feb. 12, 2014), available at
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf (characterizing the ``Protect'' element of a core
cybersecurity framework as one where ``[a]ccess to assets and
associated facilities is limited to authorized users, processes, or
devices, and to authorized activities and transactions.'').
---------------------------------------------------------------------------

     prevent the disclosure of aggregated Confidential
Information, unless sufficiently aggregated and anonymized to prevent
identification, through disaggregation or otherwise, of a market
participant's business transactions, trade data, market positions,
customers or counterparties; \90\
---------------------------------------------------------------------------

    \90\ The Commission understands that ADRs and AFRs may want to
use aggregated and anonymized information derived from SDR swap data
in analyses that may be made public. Cf. U.S. GOV'T ACCOUNTABILITY
OFFICE, GAO-16-175, FINANCIAL REGULATION: COMPLEX AND FRAGMENTED
STRUCTURE COULD BE STREAMLINED TO IMPROVE EFFECTIVENESS 71-75 (2016)
(``GAO Report''), available at http://www.gao.gov/assets/680/675400.pdf (discussing the OFR's Financial Stability Monitor and
related confidentiality issues and protections surrounding sharing
aggregated and disaggregated information provided by other
agencies). The Commission believes that, when properly aggregated
and anonymized, information derived from SDR swap data generally can
be disclosed without violating the requirement in CEA section 21(d)
that a recipient of swap data agree, with respect to the information
on swap transactions that is provided by an SDR, to abide by the
confidentiality requirements described in CEA section 8. Cf. Sec. 
49.16(c) (providing that subject to Section 8 of the Act, SDRs may
disclose aggregated swap data on a voluntary basis or as requested
in the form and manner prescribed by the Commission); SDR Final
Rules at 54551 (providing that the Commission believes that it is
permissible under the Dodd-Frank Act and part 49 of the Commission's
regulations for an SDR to disclose, for non-commercial purposes,
data on an aggregated basis such that the disclosed data reasonably
cannot be attributed to individual transactions or market
participants.). In certain cases, however, even aggregated
information may enable a reader to determine a market participant's
business transactions, trade secrets (e.g., algorithms) or
positions. Thus, the Confidentiality Arrangement Form requires ADRs
and AFRs to implement safeguards designed to appropriately limit the
use of information that has been aggregated from SDR swap data and
to disclose aggregated information only if it is sufficiently
anonymized to prevent the identification, through disaggregation or
otherwise, of a market participant's business transactions, trade
data, market positions, customers or counterparties. ADRs and AFRs
can look to Sec.  43.4(d)(1) and (4) and (g) for guidance on
anonymization principles.
---------------------------------------------------------------------------

     prohibit the use of Confidential Information by ADR or AFR
personnel for any improper purpose; and
     include a process for monitoring compliance with the
confidentiality safeguards described in the Confidentiality Arrangement
Form and for promptly notifying the CFTC and each relevant SDR of any
violation of the safeguards or failure to fulfill the terms of the
confidentiality arrangement.
    As proposed, paragraph 7 of the Confidentiality Arrangement Form
also precluded, with limited exceptions, ADRs and AFRs from disclosing
any Confidential Information, via onward sharing \91\ or otherwise. One
exception was for aggregated Confidential Information that is
anonymized to prevent identification (through disaggregation or
otherwise) of a market participant's business transactions, trade data,
market positions, customers or counterparties. The other exception was
described in proposed paragraphs 8.a through 8.c., as described below.
---------------------------------------------------------------------------

    \91\ The Commission interprets the restrictions on disclosure
contained in CEA section 8 that are incorporated in CEA sections
21(c)(7) and 21(d) as prohibiting an ADR or AFR from onward sharing
swap data it obtains from an SDR.
---------------------------------------------------------------------------

    As proposed, paragraphs 8.a through 8.c. of the Confidentiality
Arrangement Form required specified federal, state or local U.S. ADRs
and specified foreign AFRs to undertake that they will not disclose
Confidential Information except in specified actions, adjudicatory
actions or proceedings under relevant law.
    As proposed, paragraph 9 of the Confidentiality Arrangement Form
contained certain provisions requiring ADRs and AFRs to notify the
Commission, and take certain protective actions, prior to disclosing
Confidential Information in circumstances where an ADR or AFR receives
a legally enforceable demand to disclose Confidential Information.
    As proposed, paragraph 11 of the Confidentiality Arrangement Form
required ADRs and AFRs accessing swap data from SDRs to comply with all
applicable security-related requirements imposed by an SDR in
connection with access to such swap data, as such requirements may be
revised from time to time. Because, subject to specified conditions,
CEA sections 21(c)(7) and 21(d) require SDRs to provide ADRs and AFRs
access to swap data, the Commission expects that SDRs will not impose
security-related access requirements beyond those that are necessary to
ensure the privacy and confidentiality of SDR swap data. The Commission
further expects that SDRs' security-related access requirements for
ADRs and AFRs would be akin, if not identical, to the requirements SDRs
impose on others (e.g., the Commission, reporting counterparties) to
whom SDRs provide swap data access.
    To further protect the confidentiality of SDR swap data, paragraph
12 of the Confidentiality Arrangement Form, as proposed, required ADR
and AFR signatories to promptly destroy all Confidential Information
for which they no longer have a need or which no longer falls within
their scope of jurisdiction.\92\ The Commission stated in the proposal
that, although it may be the case that ADRs or AFRs will use some or
all Confidential Information in perpetuity, if they no longer have a
need for Confidential Information, they should destroy such
Confidential Information to prevent its misuse. Similarly, the
Commission stated in the proposal that if an SDR inadvertently provides
to an ADR or AFR swap data outside the scope of the ADR's or AFR's
jurisdiction, such swap data also should be destroyed immediately after
the ADR or AFR discovers that such swap data is outside the scope of
its jurisdiction. The Commission clarifies here that, although it is
adopting paragraph 12 of the Confidentiality Arrangement Form as
proposed, if a recordkeeping obligation that is legally binding on an
ADR or AFR would prohibit destroying swap data, the ADR or AFR would
not need to destroy swap data in contravention of such prohibition.
---------------------------------------------------------------------------

    \92\ Paragraph 12 of the Confidentiality Arrangement Form, as
proposed, also required ADR and AFR signatories to certify to the
CFTC, upon request, that they have destroyed such swap data.
---------------------------------------------------------------------------

    The proposed rule required that a confidentiality arrangement
include an exhibit (Exhibit A) describing the scope of jurisdiction of
the ADR or AFR signatory. If such signatory is not an Enumerated ADR,
the ADR or AFR would attach the Commission Determination Order
described in Sec.  49.17(h) as Exhibit A to the confidentiality
arrangement.\93\ If such signatory is an Enumerated ADR, it would
attach, as Exhibit A to the confidentiality arrangement, a detailed
description of its scope of jurisdiction as it relates to the swap data
maintained by SDRs that the Enumerated ADR would seek to access. The
description appended as Exhibit A to the confidentiality arrangement
would be used by SDRs to verify that each particular swap data request
is within the scope of the requesting entity's jurisdiction.
---------------------------------------------------------------------------

    \93\ As noted above, the Commission expects that the applicant
would provide a description of its scope of jurisdiction as part of
the Determination Order process.
---------------------------------------------------------------------------

    While the Confidentiality Arrangement Form, as proposed, would

[[Page 27423]]

require ADRs and AFRs to make certain undertakings before being granted
access to SDR swap data, it afforded ADRs and AFRs the discretion to
determine how to comply with those obligations with respect to swap
data received from an SDR. Additionally, the Commission stated that to
the extent the proposed rule did not address a relevant confidentiality
issue that arose after an ADR or AFR commenced accessing swap data, the
Commission expected affected ADRs and AFRs to take appropriate measures
to safeguard affected swap data and advise the Commission of such issue
promptly so that the Commission may consider appropriate action.
4. Proposed Removal of Sec.  49.18(c): ADRs and AFRs With Regulatory
Responsibility Over an SDR
    The Commission proposed removing current Sec.  49.18(c), which
provides that the indemnification and confidentiality requirements
established in Sec.  49.18(b) do not apply to certain ADRs and AFRs
with regulatory responsibility over an SDR, but requires such
regulators to comply with CEA section 8 and any other relevant
statutory confidentiality authorities. As noted above in section II.B.
relating to Sec.  49.17(d)(2) and (3), the Commission believed that
those domestic regulators and Foreign Regulators that have regulatory
responsibility over an SDR should be able to access swap data reported
to such SDR pursuant to such other regulator's regulatory regime,
without the limitations set out in current Sec.  49.18(c). Therefore,
the Commission submitted in the NPRM that Sec.  49.18(c) is not
appropriate. In addition, the Commission noted that Sec.  49.17(d)(2)
and (3) already provided that the confidentiality and indemnification
requirements of Sec.  49.18(b) do not apply to these domestic
regulators and Foreign Regulators with regulatory responsibility over
SDRs. However, the Commission stated that insofar as such a regulator
sought swap data that was not reported to the SDR pursuant to that
regulator's regulatory regime, the exclusions set forth within
Sec. Sec.  49.17(d)(2) and (3) would not apply. The Commission
accordingly proposed to eliminate Sec.  49.18(c).
5. Proposed New Sec.  49.18(c) and (d): Failure to Fulfill the Terms of
a Confidentiality Arrangement
    The Commission proposed new Sec.  49.18(c) to require SDRs to
immediately report to the Commission any known failure to fulfill the
terms of a confidentiality arrangement that they receive pursuant to
Sec.  49.18(a). The Commission also proposed new Sec.  49.18(d), which
authorizes the Commission to direct an SDR to limit, suspend or revoke
an ADR's or AFR's access to swap data, if the Commission determines
that the ADR or AFR has failed to fulfill the terms of its
confidentiality arrangement with the Commission.\94\
---------------------------------------------------------------------------

    \94\ Proposed Sec.  49.18(d) provided that the Commission may,
if an ADR or AFR fails to fulfill the terms of a confidentiality
arrangement described in Sec.  49.18(a), direct each registered SDR
to limit, suspend or revoke such ADR's or AFR's access to swap data
held by such SDR. Similarly, proposed Sec.  49.17(d)(5) required an
SDR, as directed by the Commission, to limit, suspend or revoke an
ADR's or AFR's swap data access should the Commission limit, suspend
or revoke the appropriateness determination for such ADR or AFR or
otherwise direct the SDR to limit, suspend or revoke such access.
---------------------------------------------------------------------------

6. Proposed New Sec.  49.18(e): Delegation of Authority
    The Commission proposed to add new Sec.  49.18(e)(1) to delegate to
the DMO Director, and to such Commission staff acting under his or her
direction as he or she may designate from time to time, all functions
reserved to the Commission in Sec.  49.18. Proposed 49.18(e)(2)
reserved to the DMO Director the authority to submit to the Commission
for its consideration any matter that has been delegated under Sec. 
49.18(e)(1). Proposed Sec.  49.18(e)(3) expressly permitted the
Commission, at its election, to exercise the authority delegated under
Sec.  49.18(e)(1).
    This delegation is intended to conserve Commission resources and
increase the effectiveness and efficiency of the Commission's oversight
and supervision of SDR swap data access. The Commission anticipates
that the delegation of authority will help facilitate timely access to
SDR swap data by ADRs and AFRs consistent with the requirements set
forth in part 49 of the Commission's regulations. However, the DMO
Director may submit matters to the Commission for its consideration, as
he or she deems appropriate.
7. Conforming Changes
    As a result of the FAST Act Amendments, the Commission proposed
conforming changes to Sec.  49.17(d)(6) to delete references to an
Indemnification Agreement. As a result of the amendments to Sec. 
49.18, and in particular, Sec.  49.18(a), the Commission proposed
conforming changes to Sec.  49.22(d)(4) relating to chief compliance
officer compliance responsibilities and duties so that the appropriate
rule provision reflecting the confidentiality arrangement is
referenced.
8. Comments Received
    The Commission received comments related to proposed Sec.  49.18
from the SDR Commenters. The SDR Commenters supported the Commission's
proposed transfer of responsibility for the execution of the
confidentiality arrangement with the ADRs and AFRs from the SDRs to the
Commission. The SDR Commenters advised that such transfer will
significantly reduce regulatory costs and inefficiencies for the
SDRs.\95\ The SDR Commenters also supported the use of a
confidentiality arrangement form. The SDR Commenters stated that use of
such a form would promote consistency and further reduce regulatory
burdens.\96\
---------------------------------------------------------------------------

    \95\ See SDR Letter at 3.
    \96\ See id.
---------------------------------------------------------------------------

    In response to the Commission's proposal to remove previously
adopted Sec.  49.18(c), which, in part, applied the conditions of CEA
section 8 to those ADRs and AFRs with regulatory responsibility over an
SDR, the SDR Commenters agreed with the Commission that it is not
appropriate to require a domestic regulator or Foreign Regulator to
comply with CEA section 8 where such domestic regulator or Foreign
Regulator has regulatory responsibility over an SDR and seeks access to
SDR data that was reported pursuant to the regulator's supervisory
authority.\97\ Accordingly, the SDR Commenters supported the
Commission's proposal to remove Sec.  49.18(c) as previously adopted.
---------------------------------------------------------------------------

    \97\ See SDR Letter at 2-3.
---------------------------------------------------------------------------

    Proposed Sec.  49.18(a) and (d) both contemplated notifications
being sent to the SDRs. Proposed Sec.  49.18(a) required an SDR that
received a notice that an ADR's or AFR's confidentiality arrangement
was no longer in effect to no longer provide swap data access to such
ADR or AFR. Proposed Sec.  49.18(d) stated that the Commission may, if
an ADR or AFR fails to fulfill the terms of a confidentiality
arrangement described in Sec.  49.18(a), direct each registered SDR to
limit, suspend or revoke such ADR's or AFR's access to swap data held
by such SDR. The SDR Commenters recommended that the Commission modify
proposed Sec.  49.18(a) and (d) to specify that the notifications
contemplated in these provisions be in writing.
9. Final Rule
    After consideration of the comments that it received, and for the
reasons set forth in sections II.F.1. through II.F.8. above and in this
section the Commission is adopting Sec.  49.18 with modifications.
First, as discussed above,

[[Page 27424]]

the Commission is accepting the SDR Commenters' comments that the
notifications contemplated in proposed Sec.  49.18(a) and (d) should be
provided in writing and is adopting revised Sec.  49.18(a) and (d) to
reflect that change.
    The Commission is also modifying proposed Sec.  49.18(a) to promote
the use of the Confidentiality Arrangement Form set forth in Appendix
B. Specifically, as adopted, Sec.  49.18(a) provides that, prior to
providing an ADR or AFR access to any requested swap data, an SDR shall
receive therefrom an executed confidentiality arrangement, between the
Commission and the ADR or AFR, in the form set out in Appendix B to
this part 49. The Commission may, in its discretion, however, agree to
execute an alternate confidentiality arrangement with an ADR or AFR if
the confidentiality arrangement is consistent with the requirements set
forth in Sec.  49.18(a).\98\ The Commission believes that widespread
use of the Confidentiality Arrangement Form will facilitate timely
access to SDR swap data by ADRs and AFRs by reducing or eliminating
instances in which the Commission and its staff need to devote time and
resources to developing and reviewing individualized confidentiality
arrangements. The Commission therefore believes that this modification
will increase the potential benefits and cost savings associated with
use of the Confidentiality Arrangement Form while still providing ADRs
and AFRs the flexibility to use an alternate arrangement if necessary,
in consultation with the Commission.
---------------------------------------------------------------------------

    \98\ The Commission is also making similar clarifying
modifications to proposed Sec. Sec.  49.17(d)(6) and 49.17(h)(3).
---------------------------------------------------------------------------

    The Commission is adopting all other modifications to Sec.  49.18
as proposed in the NPRM.

G. Other Changes

1. Proposed Rule Changes
    In addition to those changes discussed throughout this release, the
Commission proposed other changes to part 49, including a number of
ministerial changes. The Commission proposed to amend Sec.  49.9(a)(9)
to change the reference therein from ``certain appropriate domestic
regulators and foreign regulators'' to ``Appropriate Domestic
Regulators and Appropriate Foreign Regulators'' to make clear that an
SDR is required to provide access to swap data, pursuant to Sec. 
49.17, only to ADRs and AFRs. The Commission proposed to make a number
of other changes to part 49 to more consistently refer to the defined
term ``swap data.'' The Commission proposed to modify: The references
in existing Sec. Sec.  49.9(a)(9) and 49.17(b)(2)(i) to ``swap data or
information''; the reference in existing Sec.  49.17(d)(4)(i) to
``swaps transaction data''; and the reference in existing Sec. 
49.17(d)(6) to ``requested data,'' to be, in each case, references to
``swap data,'' as that term is defined in Sec.  49.2(a)(15). The
Commission proposed these changes to eliminate confusion and to conform
part 49 to the FAST Act's amendment of CEA section 21(c)(7) to refer to
``swap data.''
    The Commission also proposed to replace the reference in Sec. 
49.17(a) to ``swaps data'' with a reference to ``swap data'' and to
replace the reference in Sec.  49.17(a) to ``Regulation'' with a
reference to ``Sec.  49.17'' to match the format of the reference in
Sec.  49.17(b). The Commission did not intend to effect any substantive
changes with these proposed amendments.
    The Commission proposed to change the references to ``swap
transaction data'' in Sec. Sec.  49.17(c)(2) and 49.17(c)(3) to ``swap
data'' as defined in Sec.  49.2(a)(15). The Commission also proposed to
change the references to ``data'' in Sec.  49.17(d)(5) and (6), (e)
introductory text, and (e)(1) to ``swap data'' in order to clarify the
Commission's intent to refer to ``swap data'' within the meaning of
Sec.  49.2(a)(15). For the same reason, the Commission also proposed to
add ``swap data and'' before ``information'' in Sec.  49.17(e)(2) to
conform it to Sec.  49.17(e)(1), as proposed to be amended.\99\ The
Commission also proposed to add the term ``and information'' after the
term ``swap data'' in the second sentence of Sec.  49.17(e) so that
such sentence is consistent with the first sentence of Sec.  49.17(e),
which permits access by third party service providers to both swap data
and information maintained by a registered SDR, subject to certain
conditions.
---------------------------------------------------------------------------

    \99\ Although Sec.  49.17(e) uses the terms ``data'' and ``swap
data'' interchangeably, the Commission intended those paragraphs to
reference the definition of ``swap data'' and, consequently,
believes that these amendments do not represent a change to the
Commission's original intent in promulgating Sec.  49.17(e).
However, the term ``swap data'' is narrower than the term ``data''.
Consequently, changing ``data'' to ``swap data'' arguably would
narrow the scope of the confidentiality procedures and
``Confidentiality Agreement'' required, respectively, by Sec. 
49.17(e)(1) and (2).
---------------------------------------------------------------------------

    In Sec.  49.17(f)(2), the Commission proposed to change both
references to ``data and information'' to ``swap data and information''
in order to clarify, in each case, that the intended reference is to
``swap data'' as defined in Sec.  49.2(a)(15).
    In addition to those changes related to references to ``swap
data,'' the Commission also proposed to amend Sec.  49.17(b)(1)(vii) to
change the references to any other person the Commission deems
appropriate to any other person the Commission determines to be
appropriate pursuant to the process set forth in Sec.  49.17(h) to
match the language in CEA section 21(c)(7).
    Commission regulation 49.17(f)(1) currently states that access of
swap data maintained by the registered swap data repository to market
participants is generally prohibited. The Commission proposed to amend
Sec.  49.17(f)(1) to state that access by market participants to swap
data maintained by the registered swap data repository is prohibited
other than as set forth in Sec.  49.17(f)(2) in order to clarify its
meaning. The Commission did not intend this to be a substantive change
to Sec.  49.17(f)(1).
    Finally, the Commission proposed several minor clarifying changes
to Sec.  49.18(b).\100\ These changes include: Replacing ``the swap
data'' with ``swap data''; replacing the ``with any Appropriate
Domestic Regulator or Appropriate Foreign Regulator'' reference with
``to any Appropriate Domestic Regulator or Appropriate Foreign
Regulator''; and adding ``each'' before ``as defined in Sec. 
49.17(b)'' to reflect that both ``Appropriate Domestic Regulator'' and
``Appropriate Foreign Regulator'' are defined terms in Sec.  49.17(b).
---------------------------------------------------------------------------

    \100\ These proposed changes appear in proposed Sec.  49.18(b).
---------------------------------------------------------------------------

2. Final Rule Changes
    The Commission received comment on only two of the proposed changes
described in this section II.G. For the reasons set forth above in
section II.G.1. and in this section, with one exception (i.e., Sec. 
49.17(e)), the Commission is adopting the changes described in this
section II.G. as proposed. The comments and the Commission's responses
are described below.
    The SDR Commenters generally supported the proposed changes to part
49 to more consistently refer to the defined term ``swap data,''
stating their belief that the consistency ``will promote clarity as to
the data to which ADRs and AFRs may be granted access[.]'' \101\
However, the SDR Commenters also noted that the term ``swap data'' is
defined under Sec.  49.2(a)(15) as ``specific data elements and
information set forth in part 45 of this chapter that is required to be
reported by a reporting entity to a registered swap data repository.''
\102\ The

[[Page 27425]]

SDR Commenters asked the Commission to confirm that SDRs may provide
ADRs and AFRs with Part 43 data in addition to Part 45 data and
characterized this clarification as important because ``the SDRs use a
combined message for Parts 43 and 45 reporting, making separation of
Part 43 data from Part 45 data exceedingly difficult.'' \103\
---------------------------------------------------------------------------

    \101\ SDR Letter at 8.
    \102\ Id.
    \103\ Id.
---------------------------------------------------------------------------

    In response to this comment, the Commission confirms that SDRs may
provide ADRs and AFRs with Part 43 data in addition to Part 45 data.
The Commission observes that most data reported pursuant to Part 43 is
publicly disseminated and that, to the extent certain data is not
publicly disseminated, such data is reported in equal or greater detail
pursuant to part 45.
    The SDR Commenters also noted that, ``[u]nder Sec.  49.17(e), the
Commission proposes to amend `data and information' to `swap data and
information[ ]'' and commented that, in their view, the more
appropriate term ``to ensure a third-party Service Provider may have
access to all necessary data and information'' is ``swap data and SDR
Information'' (as SDR Information is defined in Sec.  49.2).\104\ In
response to this comment, the Commission is adopting Sec.  49.17(e) as
the SDR Commenters recommended amending it, in part because this change
does not change the intent or scope of what is required or what was
proposed in the NPRM.
---------------------------------------------------------------------------

    \104\ Id.
---------------------------------------------------------------------------

    In addition to these final rule changes, the Commission is adopting
three ministerial changes to the proposed rule text, each for greater
clarity, and one ministerial change to the existing rule text, also for
greater clarity. First, the Commission is changing the phrase ``as
directed by the Commission'' in proposed Sec.  49.17(d)(5) to ``if
directed by the Commission''. Second, the Commission is changing the
phrase ``as described and appended to the confidentiality arrangement
required by Sec.  49.18(a)'' to ``as described in the appendix to the
confidentiality arrangement required by Sec.  49.18(a)'' in both
proposed Sec.  49.17(d)(4)(i) and (iii).\105\
---------------------------------------------------------------------------

    \105\ These changes are to clarify that the scope of an ADR's or
AFR's jurisdiction, which is the subject of the quoted text, is to
be described in the appendix to the confidentiality arrangement
required by Sec.  49.18(a) rather than in the confidentiality
arrangement itself. The language as proposed was somewhat unclear in
that regard.
---------------------------------------------------------------------------

    Third, the Commission is adding bracketed text at the end of
Appendix B to part 49 (describing Exhibit A to the Confidentiality
Arrangement Form) in response to the SDR Commenters comment discussed
in section II.D.2.c.i. This additional bracketed text provides that in
both cases, the description of the scope of jurisdiction must include
elements allowing SDRs to establish, without undue obstacles, objective
parameters for determining whether a particular Swap Data request falls
within such scope of jurisdiction. Such elements could include LEIs of
all jurisdictional entities and could also include UPIs of all
jurisdictional products or, if no CFTC-approved UPI and product
classification system is yet available, the internal product identifier
or product description used by an SDR from which Swap Data is to be
sought.
    Fourth, the Commission is amending existing Sec.  49.17(d)(1),
which the Commission had not proposed to amend to provide a brief
overview in one paragraph to those persons seeking to obtain swap data
access from SDRs, both ADRs and AFRs and those seeking to become ADRs
or AFRs, of the requirements to obtain such access and to alert such
persons to exceptions to the otherwise applicable requirements. The
Commission is also adopting these changes to Sec.  49.17(d)(1) to
provide the aforementioned persons citations to the regulations
relevant to obtaining SDR swap data access and to relevant exceptions
to those regulations. These changes provide that except as set forth in
Sec.  49.17(d)(2) or (3), a person who is not an Appropriate Domestic
Regulator or an Appropriate Foreign Regulator and who seeks to gain
access to the swap data maintained by a swap data repository is
required to first become an Appropriate Domestic Regulator or
Appropriate Foreign Regulator through the process set forth in Sec. 
49.17. Additionally, these changes provide that Appropriate Domestic
Regulators and Appropriate Foreign Regulators seeking to gain access to
the swap data maintained by a swap data repository are required to
comply with Sec.  49.17(d)(6) prior to receiving such access and, if
applicable after receiving such access, comply with the notification
requirement in Sec.  49.17(d)(4)(iii) applicable to Appropriate
Domestic Regulators and Appropriate Foreign Regulators.

III. Request for Comment

    In addition to the specific questions set forth throughout the
NPRM, the Commission requested comment on all aspects of the proposal
and on several specific questions set forth in section III of the NPRM.
The Commission received some responsive comments, which it has
summarized and responded to in the relevant sections of this adopting
release, and two comments that were not responsive.\106\
---------------------------------------------------------------------------

    \106\ In addition, the SDR Commenters commented on several
issues relating to current Sec.  49.17(f)(2) that were unrelated to
the non-substantive change that the Commission proposed to make to
Sec.  49.17(f)(2). Because the SDR Commenters' comments on Sec. 
49.17(f)(2) were unrelated to the proposed changes to Sec. 
49.17(f)(2), they are beyond the scope of the NPRM and not a logical
outgrowth of this rulemaking, as a result of which the Commission
declines to address them here, in accordance with the Administrative
Procedure Act. All comments received in response to the Commission's
request for comment are available at https://comments.cftc.gov/PublicComments/CommentList.aspx?id=1777.
---------------------------------------------------------------------------

IV. Compliance Date

    The Commission received one comment related to the compliance date
of the final rules. The SDR Commenters suggested that the Commission
work with the SDRs to set an appropriately mutually agreeable timeframe
for the compliance date.\107\ Commission staff subsequently engaged in
multiple discussions with the SDR Commenters regarding the compliance
date. The Commission, as set out below, is adopting a two part
compliance date for the final rules adopted herein. The compliance date
for the final rules will be 60 days after publication in the Federal
Register, except for the compliance date for an SDR to comply with its
obligation under Sec.  49.17(d)(5)(iii) of the Commission's regulations
to provide access to swap data requested by an ADR or AFR. The
compliance date for an SDR to comply with its obligation under Sec. 
49.17(d)(5)(iii) of the Commission's regulations is the earlier of (1)
the earliest date, after such SDR receives from such ADR or AFR the
confidentiality arrangement required by Sec.  49.18(a), that such SDR,
exercising commercially reasonable efforts in light of its obligations
under the CEA and the Commission's regulations, is able to provide such
access to the ADR or AFR and (2) 180 days after the SDR receives from
such ADR or AFR the confidentiality arrangement required by Sec. 
49.18(a).
---------------------------------------------------------------------------

    \107\ See SDR Letter at 9.
---------------------------------------------------------------------------

V. Related Matters

A. Regulatory Flexibility Act

    The Regulatory Flexibility Act (``RFA'') requires federal agencies,
in promulgating rules, to consider the impact of those rules on small
entities.\108\ The rules adopted herein will have a direct effect on
the operations of SDRs and certain domestic regulators and foreign
regulators seeking

[[Page 27426]]

access to swap data reported to, and maintained by, SDRs.
---------------------------------------------------------------------------

    \108\ See 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    The Commission has previously established certain definitions of
``small entities'' to be used by the Commission in evaluating the
impact of its rules on small entities in accordance with the RFA.\109\
The Commission has previously determined that SDRs are not small
entities for purposes of the RFA.\110\
---------------------------------------------------------------------------

    \109\ See Policy Statement and Establishment of ``Small
Entities'' for purposes of the Regulatory Flexibility Act, 47 FR
18618, 18618-21 (Apr. 30, 1982).
    \110\ See Part 49 Adopting Release at 54575 and Notice of
Proposed Rulemaking: Swap Data Repositories, 75 FR 80898, 80926
(Dec. 23, 2010).
---------------------------------------------------------------------------

    For purposes of the RFA, the definition of ``small entity''
encompasses ``small governmental jurisdictions,'' which in relevant
part means governments of locales with a population of less than fifty
thousand.\111\ Although the Commission anticipates that the final rules
adopted herein may be expected to have an economic impact on various
governmental entities that access data pursuant to the Dodd-Frank Act's
data access provisions (i.e., ADRs and AFRs), the Commission does not
anticipate that any of those governmental entities would be small
governmental jurisdictions: The Commission believes that the universe
of ADRs and AFRs will likely be limited to U.S. federal regulators and
equivalent national, or state or provincial, foreign authorities, given
that swap regulation does not occur at a local level globally, in the
Commission's experience. As a result, the Commission does not believe
that the final rules will have a significant economic impact on a
substantial number of small entities. Therefore, the Chairman, on
behalf of the Commission, pursuant to 5 U.S.C. 605(b), hereby certifies
that the final rules will not have a significant economic impact on a
substantial number of small entities.
---------------------------------------------------------------------------

    \111\ 5 U.S.C. 601(5), (6).
---------------------------------------------------------------------------

B. Paperwork Reduction Act

    The amendments to part 49 result in new ``collection of
information'' requirements within the meaning of the Paperwork
Reduction Act of 1995 (``PRA'').\112\ An agency may not conduct or
sponsor, and a person is not required to respond to, a collection of
information unless it displays a currently valid Office of Management
and Budget (``OMB'') control number. The OMB control number for the
information collection associated with part 49 is 3038-0086 (the
``Information Collection'').\113\ The Commission is revising the
Information Collection because the rule amendments herein will impose
information collection requirements that require approval from OMB
under the PRA. The Commission is therefore submitting this final rule
to OMB for review in accordance with 44 U.S.C. 3507(d) and 5 CFR
1320.11.
---------------------------------------------------------------------------

    \112\ 44 U.S.C. 3501 et seq.
    \113\ The most recent revision to OMB Control Number 3038-0086
was approved November 30, 2015 and is available at http://www.reginfo.gov/public/do/PRAOMBHistory?ombControlNumber=3038-0086.
---------------------------------------------------------------------------

1. Summary of the Requirements
    The modifications to part 49 require SDRs to make swap data
available to requesting entities (i.e., ADRs and AFRs) if certain
conditions are satisfied. These conditions include the requesting
entity executing a confidentiality arrangement with the Commission and
providing it to each SDR from which it seeks swap data and, in some
cases, receiving an order from the Commission (which requesting
entities must apply for, including certain specified types of
information in support) determining that it is an appropriate entity to
receive SDR swap data. The modifications further require each ADR and
AFR to notify the Commission, and each SDR from which an ADR or AFR has
received swap data, of any change to the scope of such ADR's or AFR's
jurisdiction, as described in the confidentiality arrangement.
    The modifications also require SDRs to report to the Commission:
(1) Each initial request from an ADR or AFR for access to swap data;
(2) all ADR or AFR requests for swap data that do not comport with the
described scope of the ADR's or AFR's jurisdiction that is appended to
the confidentiality arrangement; and (3) failures to fulfill the terms
of confidentiality arrangements. The modifications additionally require
each SDR to maintain records of each initial, and all subsequent,
requests from an ADR or AFR for access to swap data.
2. Collection of Information
    Currently, the Information Collection sets out burden estimates
relating to a broad range of SDR obligations associated with
registration requirements, reporting requirements, recordkeeping
requirements, and disclosure requirements. Where the information
collection associated with those obligations is modified by this rule,
the Commission is revising the Information Collection accordingly. To
the extent this rule introduces new information collections that were
not previously incorporated into the Information Collection, the
Commission is revising the Information Collection to account for the
new information collections. Finally, many of the information
collections discussed in the Information Collection are not implicated
or modified by the Commission's revisions to part 49 in this release.
The Commission, therefore, is not revising the estimated burdens
associated with such information collections. New or revised
information collections contained in these revisions to part 49 will
affect SDRs as well as entities that request access to SDR swap data
pursuant to part 49, as revised.
    As discussed above, the modifications to part 49 set out in this
release are intended to provide a process by which other regulatory
authorities may obtain access to SDR swap data. The information
collections associated with this process are intended to ensure that
SDR swap data is accessed only by appropriate entities and that the
confidentiality of any accessed SDR swap data is adequately protected.
The ultimate result of this process is intended to provide other
regulatory authorities with information to assist with the oversight of
the global swaps market and market participants.
    ADR/AFRs. As discussed throughout this release, certain conditions
must be satisfied before a requesting entity is permitted to access SDR
swap data. These conditions may implicate various PRA collections and
burdens as discussed below.
    Pursuant to Sec.  49.18(a), every requesting entity seeking access
to SDR swap data must execute a confidentiality arrangement with the
Commission prior to receiving access. This requirement applies to both
those entities that are Enumerated ADRs, and those entities, whether
foreign or domestic, that require a determination from the Commission
that they are appropriate entities to receive access to SDR swap data.
The Commission believes the use of the Confidentiality Arrangement
Form, or a similar form, if permitted by the Commission, will provide
an efficient means to satisfy the requirements of Sec.  49.18(a).
    In addition to executing a confidentiality arrangement, requesting
entities that are not Enumerated ADRs will be required to seek a
Determination Order from the Commission to obtain access to SDR swap
data. The Commission is requiring that an Enumerated ADR attach to the
confidentiality arrangement a detailed description of its scope of
jurisdiction, as it relates to the swap data maintained by SDRs that
the Enumerated ADR seeks to access.
    The Commission, for PRA purposes, continues to believe that it is
reasonable

[[Page 27427]]

to assume that 300 total entities will seek access to SDR swap data.
This estimate is based on the Commission's experience in receiving data
requests from other regulators and its experience in coordinating and
cooperating with other regulators.\114\ For PRA purposes, the
Commission assumes there are four SDRs, which is the number of SDRs
that are currently provisionally registered with the Commission. As the
confidentiality arrangement required by Sec.  49.18(a) will be between
the ADR or AFR and the Commission, and will address swap data access
from all SDRs, an ADR or AFR will need to execute only a single
confidentiality arrangement for all SDRs from which it seeks swap data,
rather than a separate confidentiality arrangement for each SDR.
Accordingly, the Commission estimates, for PRA purposes, that the total
number of confidentiality arrangements that will be executed under the
amended part 49 rules is 300.
---------------------------------------------------------------------------

    \114\ The Commission continues to estimate that up to
approximately 30 authorities in the United States may seek to access
swap data from SDRs. In the context of potential AFRs, the
Commission believes that most requests will come from authorities in
G20 countries, each of which will have no more, and likely fewer,
than 30 authorities that may request swap data from SDRs. In
addition, certain authorities from outside the G20 also may request
swap data from SDRs. Accounting for all of these entities, the
Commission estimates that there likely will be a total of no more
than 300 relevant domestic and foreign authorities that may request
swap data from SDRs.
---------------------------------------------------------------------------

    Although the Commission may, in its discretion, execute a
confidentiality arrangement with one or more ADRs/AFRs that is not in
the form of the Confidentiality Arrangement Form, Sec.  49.18(b)
requires that such alternative confidentiality arrangement include all
elements of in the Confidentiality Arrangement Form. Consequently, the
Commission is estimating the burden on ADRs and AFRs of negotiating the
confidentiality arrangement required by Sec.  49.18(a) based on its
estimate of the burden involved for an ADR or AFR to put in place the
Confidentiality Arrangement Form. The Commission estimates that the
review and execution of each confidentiality arrangement by an ADR or
AFR will take approximately 40 hours, for a total burden of 12,000
hours. The burden estimates associated with entering into the
confidentiality arrangement required by Sec.  49.18(a) are addressed in
the revised Information Collection.
    Any requesting entity, other than an Enumerated ADR, that seeks
access to SDR swap data must be determined by the Commission to be an
appropriate recipient of such access. For Enumerated ADRs, there is no
burden associated with seeking to be determined appropriate by the
Commission because Enumerated ADRs have already been determined by
Congress in CEA section 21(c)(7), or by the Commission through its
adoption of Sec.  49.17(b)(1), to be appropriate recipients of SDR swap
data access. Those entities that are not Enumerated ADRs and that seek
SDR swap data access will be required to receive a Determination Order
prior to receiving access to SDR swap data. The process for obtaining
such a Determination Order is set out in general terms in Sec. 
49.17(h) and requires the requesting entity to prepare and submit an
application to the Commission. The preparation and submission of this
application constitutes an information collection under the PRA.
    As discussed above, the Commission believes that for PRA purposes
it is reasonable to assume that 300 domestic and foreign entities will
seek access to SDR swap data. Very few of these entities have already
been specifically identified by Congress in CEA section 21(c)(7), or by
the Commission through its adoption of Sec.  49.17(b)(1), as
appropriate recipients of SDR swap data access. The Commission
estimates, for PRA purposes, that each entity seeking a Determination
Order would expend 100 hours in connection with filing the necessary
application with the Commission, for a total initial burden of no more
than 30,000 hours (calculated as the product of 300 domestic and
foreign entities seeking access to SDR swap data and 100 hours per
application). This estimate considers the relevant information that
would be required to be provided in such an application, including
information regarding the entity's scope of jurisdiction,
confidentiality safeguards, as well as any other information the
Commission deems relevant to its determination. This burden estimate is
included in the Commission's revisions to the Information Collection.
    Swap Data Repositories. As discussed throughout this release, SDRs
are required to provide access to SDR swap data to ADRs and AFRs,
provided certain conditions are met. This requirement may implicate PRA
collections and burdens, some of which are already addressed in the
existing Information Collection, and some of which constitute new
collections, as discussed below. Currently, the burden on SDRs of
making data available to ADRs and AFRs is accounted for in the
Information Collection, as this is an existing obligation under
existing Sec.  49.17(d). However, the rules set out in this release
clarify and modify the requirements imposed on SDRs in providing access
to SDR swap data to ADRs and AFRs. Consequently, the Commission is
revising the Information Collection to account for these clarifications
and modifications.
    The Commission expects SDRs to incur burdens and costs associated
with setting up access to SDR swap data that is consistent with an
ADR's or AFR's scope of jurisdiction, as described in the appendix to
the confidentiality arrangement required by Sec.  49.18(a). The
Commission expects that each confidentiality arrangement will identify,
either directly or through an attached Determination Order, the scope
of access that is appropriate for a given requesting entity. The
Commission expects SDRs to use these limitations to program their
systems to reflect the scope of the ADR's or AFR's access to SDR swap
data. These limits set out in the confidentiality arrangement are
expected to reduce the burdens on SDRs of assessing whether a
particular SDR swap data request falls within the scope of an ADR's or
AFR's jurisdiction.
    The Commission received one comment estimating the burden on SDRs
associated with setting up access restrictions to match an ADR's or
AFR's scope of jurisdiction.\115\ CME estimated that its initial set up
costs would be between 400 and 950 hours for all ADRs and AFRs in the
aggregate.\116\ The Commission believes it is reasonable to accept
CME's estimate of 950 hours, as CME is an SDR and, as such, is familiar
with the costs required for setting up such access restrictions.\117\
Consequently, for PRA purposes, the Commission estimates that all SDRs
in the aggregate would incur a total burden of 3,800 hours (i.e., the
product of 4 SDRs and 950 hours of time) associated with setting up
access for all ADRs and AFRs. The burdens associated with these
permissioning requirements are

[[Page 27428]]

addressed in the revised Information Collection.
---------------------------------------------------------------------------

    \115\ See SDR Letter at 5, n.10.
    \116\ The SDR Letter stated that ``CME believes the initial set
up cost will be between of 400 and 950 hours.'' Id. In subsequent
communications, CME clarified that this estimate is for all ADRs and
AFRs in the aggregate. The other SDRs did not opine on the
Commission's estimate of 26 hours.
    \117\ The Commission, in its proposal, estimated that the burden
on an SDR associated with setting up access restrictions to match a
requesting entity's scope of jurisdiction will include 20 hours of
programmer analyst time, five hours of senior programming time, and
one hour of attorney time, for a total of 26 hours. The Commission
notes that the SEC also estimated a set up time of 26 hours in its
similar rulemaking. See Access to Data Obtained by Security-Based
Swap Data Repositories, 81 FR 60585 at 60594 (Sept. 2, 2016) (SEC
rule 13n-4(b)(9) and (10), 17 CFR 240.13n-4(b)(9) and (10).
---------------------------------------------------------------------------

    SDRs will also be required to provide electronic notice to the
Commission of the first request for access to swap data from a
particular ADR or AFR, and promptly after receiving any request that
does not comport with the scope of the ADR's or AFR's jurisdiction, as
described in the appendix to the confidentiality arrangement required
by Sec.  49.18(a). In addition to notifying the Commission of the
foregoing, the Commission is requiring, in Sec.  49.17(d)(4)(i), SDRs
to maintain records of the details of the initial and all subsequent
requests for swap data from an ADR or AFR. The SDR shall maintain this
information for a period of no less than five years after the date of
such request and shall provide this information to the Commission upon
request, pursuant to Sec.  1.31.
    Currently, the Information Collection estimates burdens associated
with the various registration, reporting, recordkeeping, and disclosure
requirements to which SDRs are subject. The reporting and recordkeeping
requirements relating to ADR and AFR data requests constitute an
information collection for PRA purposes and require the Commission to
revise the reporting and recordkeeping burden estimates contained in
the Information Collection. The reporting and recordkeeping
requirements in this release may potentially impact each SDR.
    SDRs already have the ability to communicate electronically with
the Commission and are subject to significant recordkeeping
requirements pursuant to Sec. Sec.  45.2(f) and 49.12. Therefore, the
requirements adopted herein should not result in SDRs having to incur
initial costs to implement systems to notify the Commission when an ADR
or AFR submits a data request for the first time that are in excess of
what is already accounted for in the Information Collection.
    The Commission estimates that each SDR would incur an annual burden
of 480 hours associated with the requirement to maintain records of the
details of the initial and all subsequent requests for data from an ADR
or AFR, for a total of 1,920 hours annually (i.e., the product of four
SDRs and 480 hours). Although the Commission provided an estimate of
280 hours in the NPRM, CME commented that 480 hours was more likely.
    The Commission received one comment related to setup costs
associated with its proposed recordkeeping requirements.\118\ The SDR
Letter provided estimates for recordkeeping set up costs. CME
subsequently provided updated estimates of these setup costs, which CME
now estimates would be approximately 1,100-1,440 hours. The Commission
believes it is reasonable to accept CME's estimate of 1,440 hours, as
CME is an SDR and, as such, is familiar with the setup costs associated
with SDR recordkeeping requirements. Therefore, the Commission
estimates that initially each SDR may incur a burden of 1,440 hours
associated with these recordkeeping requirements, for a total of 5,760
hours (i.e., the product of four SDRs and 1,440 hours). However, as
discussed in this release, the recordkeeping requirements adopted
herein may result in lower costs to the SDRs than estimated here, as
the Commission is not requiring SDRs to keep records of all copies of
swap data provided in response to data requests, as it had proposed in
the NPRM.\119\ The burdens associated with the notification
requirements adopted herein are addressed in the revised Information
Collection.
---------------------------------------------------------------------------

    \118\ See SDR Letter at 7, n.15.
    \119\ Moreover, SDRs are already subject to extensive
recordkeeping obligations under existing Commission rules, so SDRs
may be able to reduce their costs by making use of existing
recordkeeping resources to some extent.
---------------------------------------------------------------------------

    Finally, the current Information Collection accounts for the costs
to SDRs of executing a ``Confidentiality and Indemnification
Agreement'' with each requesting ADR and AFR. Under the Commission's
final rule adopted herein, the SDR is no longer required to execute
such an agreement with ADRs or AFRs. The confidentiality arrangements
will be between each requesting ADR or AFR and the Commission.
Accordingly, the total burden to SDRs, as currently reflected in the
Information Collection, is reduced by the cost to execute such
agreements. The reduction in burden associated with this change in the
confidentiality arrangement requirement is addressed in the revised
Information Collection.

C. Cost-Benefit Considerations

1. Introduction
    As discussed in Section I above (``Background and Introduction''),
the Commission is amending Part 49 to (i) implement the statutory
changes mandated by the FAST Act amendments; (ii) make certain
conforming and clarifying changes related to such implementation; (iii)
revise the process by which a regulator is determined appropriate to
receive access to SDR swap data; (iv) clarify the standards in
connection with the Commission's appropriateness determinations; and
(v) establish the form and substance of the written agreement mandated
by CEA section 21(d), as amended.
    In the sections that follow, the Commission discusses the costs and
benefits associated with the final rule and reasonable alternatives
considered. Comments from commenters addressing the associated costs
and benefits of the rule are addressed in the appropriate sections.
Wherever possible, the Commission has considered the costs and benefits
of the final rule in quantitative terms. Given, however, that SDRs do
not yet have a history of providing swap data to other regulators, and
the final rule does not dictate the means by which SDRs may provide
such swap data access in the future, the availability to the Commission
of relevant or useful quantitative terms to assess the potential costs
and benefits of the final rule is limited. Accordingly, where a
quantitative discussion is not feasible, the Commission has considered
the costs and benefits of this rulemaking in qualitative terms.
    The baseline against which the costs and benefits of this final
rule are being compared is the existing status quo for SDR swap data
access under CEA section 21, as amended by the FAST Act, taken together
with the swap data access requirements in the current Part 49 rules. As
a general matter, the Commission recognizes that there are inherent
costs and benefits to domestic and foreign regulators having access to
SDR swap data. As discussed above, the Commission expects that access
to SDR data by ADRs and AFRs will not only assist those regulators in
fulfilling their own supervisory and regulatory functions but
facilitate greater cooperation and collaboration among regulators
across jurisdictions, promoting effective and consistent oversight of
the global swaps market. At the same time, however, opening access to
SDR data to other regulators may increase opportunities for
unauthorized or unnecessary data disclosures, which could negatively
impact swap market participants. Congress took into account these costs
and benefits associated with broader SDR data access in adopting and
amending CEA section 21, which supports access to swap data by
appropriate regulators provided that, consistent with CEA section 8,
the data accessed falls within their scope of jurisdiction and the data
is provided on a confidential basis. In formulating the amendments to
Part 49 that make up this final rule, the Commission has been mindful
of the tradeoff between these dual objectives embodied in the

[[Page 27429]]

mandate of CEA sections 21(c)(7) and (d), endeavoring to reduce the
costs to regulators of obtaining, and to SDRs of providing, access to
swap data, while also establishing sufficient processes and conditions
to ensure that data access is appropriately scoped and confidentiality
is maintained.\120\
---------------------------------------------------------------------------

    \120\ In support of its goal to reduce costs, the final rule is
harmonized in many respects with the corollary SEC Indemnification
Rule implementing changes to its security-based swap data access
rules following adoption of the FAST Act. This rulemaking also is in
accord with two recent recommendations issued by the U.S. Department
of the Treasury (``Treasury'') in a recent report in which Treasury
recommended greater harmonization between the CFTC and the SEC and
stated that greater coordination is required among the CFTC, SEC and
prudential regulators. See A Financial System That Creates Economic
Opportunities[:] Capital Markets (Oct. 6, 2017) (``Report'') at 9,
available at https://www.treasury.gov/press-center/press-releases/Documents/A-Financial-System-Capital-Markets-FINAL-FINAL.pdf.
---------------------------------------------------------------------------

2. Benefits
a. Background
    In the fall of 2008, a series of large financial institution
failures triggered a financial and economic crisis that threatened
global financial markets. As a result of these failures, the government
intervened to ensure the stability of the U.S. financial system. These
failures revealed the vulnerability of the U.S. financial system and
economy to widespread systemic risk resulting from, among other things,
poor risk management practices of financial firms and the lack of
supervisory oversight--specifically data concerning over-the-counter
(``OTC'') derivatives activity--for a financial institution as a whole.
    The financial crisis also illustrated the significant risks that an
uncleared, OTC derivatives market can pose to the financial system.
Swap markets were opaque, and financial institutions were significantly
interconnected through counterparty credit risk. This exposed the
financial system to contagion through spreading defaults and losses.
For example, concerned with the size of AIG's credit default swap
exposure, the Federal government infused $180 billion of taxpayer money
into AIG in order to prevent AIG's failure, which the Federal
government was concerned may have led to cascading defaults by AIG
creditors and counterparties and other creditors and counterparties
indirectly exposed to AIG through credit and swap transactions. The
legislative response to the Great Recession, the Dodd-Frank Act,
stipulated that data representing OTC derivatives, in general, be
reported to SDRs in order to cultivate robust oversight of financial
entities and identify risks to the liquidity, stability, and
functioning of the financial system.\121\ The Commission anticipates
that access by ADRs and AFRs to swap data reported to SDRs, in
combination with future sharing with the Commission of swap data
reported to trade repositories in other jurisdictions, in part as a
result of this rulemaking, will facilitate greater inter-agency
cooperation, collaboration on matters concerning systemic risk, and
identification and mitigation of future financial crises.
---------------------------------------------------------------------------

    \121\ See section 4r of the CEA, 7 U.S.C. 6r, added to the CEA
by section 729 of the Dodd-Frank Act.
---------------------------------------------------------------------------

b. High-Level Benefits
    At a high level, this rulemaking is expected to assist other
regulators in performing their supervisory and regulatory functions by
providing them, for the first time, access to SDR swap data, which
would help regulators better understand the risks their regulated
entities are assuming and the impact of such risks on the broader
markets. These supervisory and regulatory functions may include:
Monitoring and mitigating systemic risk; ensuring financial stability;
registration and oversight of financial market infrastructures, trading
venues and/or market participants; central bank activities; prudential
supervision; restructuring or resolution of infrastructures and firms;
and regulation of cash markets, in some of which swap counterparties
are active.\122\ Regulators may also be able to increase the benefits
of receiving SDR swap data by discussing the results of their analyses,
subject to the conditions and limitations of the confidentiality
arrangement required by Sec.  49.18(a), including restrictions on
onward sharing. The Commission believes regulatory coordination is
beneficial.
---------------------------------------------------------------------------

    \122\ See generally Data Final Rules at 2136-2137 (observing
that Dodd-Frank was enacted to reduce systemic risk, increase
transparency, and promote market integrity within the financial
system by, among other things creating rigorous recordkeeping and
data reporting regimes with respect to swaps); Margin Requirements
for Uncleared Swaps for Swap Dealers and Major Swap Participants--
Cross-Border Application of the Margin Requirements 81 FR 34817,
34819 (May 31, 2016) (observing that as the 2008 financial crisis
illustrated, complex financial and operational relationships
demonstrated how the transfer of risk associated with swaps is not
always transparent and can be difficult to fully assess.).
---------------------------------------------------------------------------

    Access to SDR swap data may also facilitate collaboration among the
Commission, ADRs and AFRs in comparing the results of their respective
SDR swap data analyses. Providing regulators access to SDR swap data
should also facilitate cooperation among market and prudential
regulators, which sometimes view data in isolation, given their
different responsibilities, regulated entities, missions, and--as it
relates to this rule making--data sets. In particular, such access may
improve early warning systems that might ultimately reduce the
probability or severity of a crisis, or both. The benefits of
regulatory collaboration and broader access to swap data are likely to
persist, if not expand, over time as regulators gain experience working
together, while the burden required for establishing access to swap
data includes an upfront commitment of time and money that is likely to
diminish over time (although some increased operating costs resulting
from this rulemaking will remain).
    The Commission believes that the implementation of this rulemaking
represents a critical element of effective financial market oversight
by providing access to SDR data to ADRs and AFRs. The Commission
acknowledges that performing systemic risk analysis is very difficult
as a result of the fragmented regulatory structure that exists both
domestically and internationally. The financial markets are global in
nature and contain correlated instruments dispersed across different
regulatory authorities and jurisdictions. Regulating such markets
utilizing only the data and information available through one
particular regulator's regime is suboptimal. For instance, when
conducting oversight of treasury futures and interest rate swap
markets, it is not sufficient to only assess the available futures and
swaps data at the Commission's disposal. Oversight of activity in those
markets and associated risk also requires trading activity and position
information regarding treasury bonds, repurchase agreements and reverse
repurchase agreements. Similarly, regulating the credit and equity
asset classes would benefit from information concerning related cash
market activity in equity securities, corporate bonds, derivatives (on
broad and narrow CDS and equity indexes, single-name CDS and equities,
and bespoke transactions), securitizations, repurchase agreements and
securities lending. The same applies to conducting comprehensive risk
analysis and oversight of other asset classes. Similarly, in regulating
swap dealers, the Commission would benefit from obtaining visibility
into their positions in other jurisdictions to form a complete picture
of their risk profiles.
    The Commission may face challenges in analyzing overall market,
counterparty, or systemic risk accurately with only the data at its
disposal via recordkeeping and reporting pursuant to the CEA and the
Commission's regulations promulgated thereunder.

[[Page 27430]]

Prudential, bank, and market regulators likely face similar challenges
in assessing the overall market, understanding patterns and flows, and
identifying concerning trends based solely on data available pursuant
to their own individual regulatory regimes. These limitations
presumably impact similarly situated regulators across the global
financial system.
    In light of the issues flowing from incomplete data, the Commission
expects this rule to generate substantial benefits by fostering a
regulatory environment that supports broader data access across the
regulatory community and expands the accessibility of SDR swap data to
other regulators, thereby supporting holistic oversight and data driven
policy making at the regulatory level. The probability of successfully
overseeing the prevailing market structure of the financial system and
preventing another crisis increases as more ADRs and AFRs access SDR
swap data and incorporate it into their existing analysis and
workflows. Although this rule only provides other regulators access to
swap data maintained at SDRs regulated by the Commission, the
Commission expects the rulemaking to encourage similar access by the
Commission to swap data maintained at trade repositories regulated by
other authorities, which would increase the benefits of the rule
discussed above accordingly.
c. More Specific Benefits
i. MOUs
    Under current Sec.  49.17(b)(2), the existence of a current MOU or
similar type of information sharing arrangement with the Commission
automatically qualifies a Foreign Regulator as an AFR. The Commission
is amending Sec.  49.17(b)(2) to require all ``Foreign Regulators'' who
wish to receive swap data from SDRs to file an application with the
Commission to be Commission-determined ``Appropriate Foreign
Regulators'' and requires the Commission to issue an order finding each
Foreign Regulator to be an ``appropriate'' recipient of SDR swap data.
The Commission believes that this modification will ensure that Foreign
Regulators are acting within the scope of their jurisdiction,
consistent with CEA sections 21(c)(7) and 8(e) and should reduce the
risk of unauthorized disclosure, misappropriation or misuse of swap
data. The SDR Commenters also commented that an MOU or other
information sharing agreement alone potentially could have imprecise
language and bespoke arrangements that would not provide sufficient
indication of a regulator's appropriateness.\123\ By requiring use of
the Confidentiality Arrangement Form or permitting an alternative
arrangement with the same elements, the Commission is establishing
confidentiality safeguards that are tailored to the provision of swap
data by an SDR to an ADR or an AFR. In addition, as the Commission
stated in the NPRM and in the preamble above in sections II.B.4. and
5., it can take into account additional considerations or circumstances
it may deem relevant on a case-by-case basis in making an
appropriateness determination. This can benefit the appropriateness
determination process by permitting the Commission to consider factors
such as those identified by the SDR Commenters.
---------------------------------------------------------------------------

    \123\ SDR Letter at 3.
---------------------------------------------------------------------------

ii. Duty for SDRs To Notify the Commission of Swap Data Requests From
ADRs and AFRs
    Current Sec.  49.17(d)(4)(i) requires an SDR to promptly notify the
Commission regarding any request from an ADR or AFR for access to swap
data. The Commission is amending current Sec.  49.17(d)(4)(i) to
require such notices only promptly after the SDR receives an initial
request for access to swap data from a particular ADR or AFR and
promptly after receiving a request from an ADR or AFR that does not
comport with the scope of the ADR's or AFR's jurisdiction, as described
in the appendix to the confidentiality arrangement required by Sec. 
49.18(a). The Commission expects this to benefit SDRs by significantly
reducing the number of notices and the associated costs. The change
might also benefit ADRs and AFRs by expediting the time it takes for
them to get access to SDR swap data.
iii. Form of Electronic Notification by SDRs to the Commission
    Current Sec.  49.17(d)(4)(ii) requires an SDR to notify the
Commission, electronically in a format specified by the Secretary of
the Commission, of any request from an ADR or AFR for access to swap
data. The Commission is specifying the format in the adopting release.
This will benefit SDRs by providing clarity and specificity as to the
particular means of notice required such that they can develop such
means of notice expeditiously so that SDRs can provide such notices
soon after they receive requests for SDR swap data from ADRs and AFRs.
This, in turn, might benefit ADRs and AFRs by expediting their access
to such swap data.
iv. Clarification of SDR Recordkeeping Obligations
    In the NPRM, the Commission explained that an SDR's obligation to
maintain records of all information related to the initial and all
subsequent requests by an ADR or AFR for swap data access would require
retaining records including, among other things, copies of all data
reports and other aggregation of data provided in connection with the
request for access.\124\ The SDR Commenters stated that that proposed
requirement ``should be amended to avoid imposing unnecessary costs.''
\125\ The SDR Commenters characterized that proposed recordkeeping
requirement as burdensome, challenging to implement, and potentially
decreasing information security, because the requirements could require
an SDR ``to propagate a given data set more than once.'' \126\
---------------------------------------------------------------------------

    \124\ NPRM at 8375, n.42; see also, NPRM at 8381 (Paperwork
Reduction Act discussion of recordkeeping burdens).
    \125\ SDR Letter at 6.
    \126\ See id.
---------------------------------------------------------------------------

    As an alternative to maintaining such reports, the SDR Commenters
offered to create pre-formatted data reports, which they would make
available for download by ADRs and AFRs ``so that the record of access
to such reports [would] be easily identifiable, in lieu of maintaining
logs of queries and query conditions . . . .''\127\ The SDR Commenters
added that, if the Commission adopted their alternative, ``the
parameters of the reports and the logic which is used to populate the
reports is all that should have to be maintained.'' \128\ The SDR
Commenters contended that the Commission should require only ``the
saving of metadata around reports rather than the actual reports[.]''
\129\
---------------------------------------------------------------------------

    \127\ Id.
    \128\ Id.
    \129\ Id.
---------------------------------------------------------------------------

    As discussed above in section II.D.2.ii., the SDR Commenters
explained in discussions with staff that they plan to provide swap data
access to ADRs and AFRs in one of two ways: (1) Via pre-formatted
reports that the SDR Commenters would make available for download by
ADRs and AFRs or send to ADRs and AFRs, in each case on a regular
basis; or (2) via a Web-based portal through which ADRs and AFRs could
conduct customized searches of swap data.\130\ In those discussions,
the

[[Page 27431]]

SDR Commenters explained that they would not consider it unduly
burdensome to maintain records in those formats.
---------------------------------------------------------------------------

    \130\ The swap data provided in the pre-formatted reports or
through the Web-based portals would be limited to swap data within
the particular ADR's or AFR's scope of jurisdiction, as described in
the appendix to the confidentiality arrangement required by Sec. 
49.18(a).
---------------------------------------------------------------------------

    As discussed above in section II.D.2.ii., the Commission is
confirming that SDRs may satisfy their recordkeeping duties under Sec. 
49.17(d)(4)(i) by maintaining records of, as applicable: (1) Their pre-
formatted swap data reports; or (2)(a) the parameters of Web portal
swap data access and (b) queries run by ADRs and AFRs using such
access. This confirmation should lower costs to the SDRs by decreasing
financial costs thereto, making recordkeeping simpler and decreasing
cybersecurity risks, as the SDR Commenters noted.
v. Limitation, Suspension or Revocation of an ADR's or AFR's Swap Data
Access
    The Commission is requiring, in Sec.  49.17(d)(4)(iii), an SDR to
limit, suspend, or revoke an ADR's or AFR's swap data access if the
ADR's or AFR's scope of jurisdiction changes and the Commission directs
the SDR to limit, suspend, or revoke the ADR's or AFR's swap data
access.\131\ Similarly, Sec.  49.17(d)(5) requires an SDR to limit,
suspend, or revoke an ADR's or AFR's swap data access if the Commission
limits, suspends or revokes the ADR's or AFR's appropriateness
determination or otherwise directs the SDR, in writing, to limit,
suspend, or revoke the ADR's or AFR's swap data access. Although these
sections will impose costs on both SDRs (which will be required to
build into their systems a means of limiting, suspending, or revoking
an ADR's or AFR's swap data access; this could be as simple as, for
example, requiring a user name and password to obtain swap data access
and deactivating such login credentials) and ADRs and AFRs (which may
temporarily or permanently lose access to some or all SDR swap data),
the Commission believes this is an unavoidable and appropriate
corollary of the requirement in CEA section 21(c)(7) that ADRs' and
AFRs' SDR swap data access be on a confidential basis pursuant to CEA
section 8,'' which, as discussed throughout this release, requires,
among other things, that the swap data provided be within the scope of
an ADR's or AFR's jurisdiction. Although CEA section 21(c)(7) also
directs SDRs to provide ADRs and AFRs SDR swap data access, such access
is subject to the foregoing conditions, among others. Therefore, Sec. 
49.17(d)(4)(iii) and (d)(5) will benefit market participants by keeping
their swap data confidential, as intended by Congress, if an ADR's or
AFR's jurisdiction changes such that it is no longer entitled to such
swap data or if other factors lead the Commission to limit, suspend, or
revoke an ADR's or AFR's swap data access to ensure that
confidentiality is maintained. The ``in writing'' requirement of Sec. 
49.17(d)(5) will benefit SDRs by ensuring that all SDRs are aware of
any changes in status with respect to an appropriateness determination,
as the SDR Commenters requested.\132\
---------------------------------------------------------------------------

    \131\ The Commission also is reserving the right, in new Sec. 
49.17(h)(4), to revisit, reassess, limit, suspend or revoke a
Determination Order. The costs and benefits to ADRs, AFRs and SDRs
are similar to the costs and benefits thereto discussed in this
section with respect to Sec.  49.17(d)(4)(iii) and (d)(5).
    \132\ See discussion at section II.C.5., supra.
---------------------------------------------------------------------------

vi. Confidentiality Arrangements
    Current Sec. Sec.  49.17(d)(6) and 49.18(b) require the
confidentiality agreement required by CEA section 21(d) to be entered
into between an ADR or AFR seeking SDR swap data access and each SDR
from which the ADR or AFR seeks such access. The Commission is amending
those rules to require that such confidentiality arrangements be
entered into between an ADR or AFR, as one party, and the Commission,
rather than an SDR, as the other party. This will benefit SDRs by
shifting from SDRs to the Commission the costs of negotiating
confidentiality arrangements with an estimated 300 \133\ ADRs and AFRs.
This will also benefit ADRs and AFRs by enabling them to negotiate a
single confidentiality arrangement with the CFTC to access swap data
from each SDR rather than a separate agreement with each of the SDRs
from which they would seek swap data.
---------------------------------------------------------------------------

    \133\ See, among other sections, section V.B.2.
---------------------------------------------------------------------------

    The Commission also is requiring the use of the Confidentiality
Arrangement Form, unless the Commission waives this requirement. The
Commission expects this to benefit ADRs and AFRs by allowing them to
avoid expending resources coming up with their own confidentiality
arrangement forms and avoid the uncertainty of not knowing what
provisions the Commission would accept, reject or negotiate. The
Commission expects this to benefit SDRs as well in that most, if not
all, confidentiality arrangements will be the same, making them easier
to incorporate into their policies and procedures and build swap data
access around. Overall, the Commission believes that this rule will
increase the potential benefits and cost savings associated with use of
the Confidentiality Arrangement Form while still providing ADRs and
AFRs the flexibility to use an alternate arrangement if necessary, in
consultation with the Commission.
vii. Means of Access
    The Commission is not requiring SDRs to provide access to swap data
to ADRs and AFRs through a specific technological means. Each SDR
operates with different legacy systems and infrastructure, preferred
data formats and delivery methods, and unique change management
processes. The Commission prescribing a specific means of access for
the swap data could subject different SDRs to greater/lesser costs,
thereby disadvantaging one/some over other(s). Presumably, SDRs will
choose the least costly means of access, all else being equal, as a
result of the flexibility provided by the Commission. Thus, the
flexibility afforded SDRs to choose the means of access through which
they provide swap data access to ADRs and AFRs will benefit SDRs.
    More ADRs and AFRs accessing SDR swap data (as a result of the
removal of the statutory and regulatory indemnification requirements
that ADRs and AFRs refused to submit to) also has the potential to
improve the quality of swap data. For instance, ADRs and AFRs might
assert their authority over the entities that they regulate to require
or encourage them to submit better and/or more data. If swap data
quality improves, ADRs and AFRs can make better-informed supervisory
decisions to reduce risks. Although the Commission is not mandating the
use of LEIs to delineate an ADR's or AFR's scope of jurisdiction for
purposes of SDR swap data access, the Commission anticipates the use of
LEIs to that end. If ADRs and AFRs do use LEIs for that purpose, the
Commission believes that it will be relatively straightforward for SDRs
to provide ADRs and AFRs access to appropriate swap data, relative to
alternatives such as ADRs and AFRs providing legal memoranda describing
the scope of their jurisdictions, which SDRs would then need to parse
and translate into field descriptions, which is how SDR swap data are
organized. Similarly, although the Commission is not mandating the use
of UPIs (or if no CFTC-approved UPI and product classification system
is yet available, the internal product identifier or product
description used by the SDR) to delineate an ADR's or AFR's scope of
jurisdiction, the Commission anticipates the potential use of UPIs to
that end. If ADRs and AFRs do use UPIs for that purpose, the Commission
believes that it will be relatively easier for SDRs to provide ADRs and
AFRs access to appropriate swap data, relative to the

[[Page 27432]]

alternative of not using a UPI to describe the scope of their
jurisdictions.
3. Costs
a. Background
    The Commission recognizes that there are different types of costs
associated with this rulemaking. In the NPRM, the Commission stated
that:

    [o]ne cost is the potential harm to market participants and the
public if swap data is misused--for example, inappropriately
disclosed by ADRs and AFRs. Or, another harmful scenario might
involve misappropriated data where hackers pilfer swap data from
ADRs and AFRs to learn the positions of market participants so that
the hackers, or other interested parties who may even pay for such
information, scam the market. Such bad actors might be able to
anticipate such market participants' trades and trade in front of
them, raising swap trading costs to market participants, thereby
reducing their profits.\134\ If the aforementioned scenario occurred
frequently enough this might induce swap dealers to widen their
spreads, making hedging more expensive. In turn, this might lead to
sub-optimal business and investment strategies, as parties would be
less willing to participate in swap markets, because it would be
more costly. Further, the scenario posed could cause market
participants to be concerned that their business strategies might be
tipped to their competitors, because with stolen data, somebody
might be able to infer their strategies from knowing their swap
positions and how these positions change in response to relevant
economic events.\135\ Such concerns could lead some market
participants to withdraw to some extent from swap markets, reducing
liquidity and potentially inducing them to use less effective
hedging instruments or trading strategies in other markets.\136\
---------------------------------------------------------------------------

    \134\ See, e.g., Registered Entity Cyber proposed rulemaking at
80141 (observing that ``there has . . . been a rise in attacks by .
. . hacktivists . . . aimed at . . . [, among other things,] theft
of data or intellectual property. . . . ''); id. at 80189
(Concurring Statement of then-Commissioner Bowen) (stating that
``our firms are facing an unrelenting onslaught of attacks from
hackers with a number of motives ranging from petty fraud to
international cyberwarfare.'').
    \135\ While the same risks of misuse and misappropriation exist
with respect to swap data maintained at SDRs, SDRs are regulated,
and subject to sanctions, by the Commission, whereas ADRs and AFRs
are not.
    \136\ NPRM at 82 FR 8384.

    It is difficult to discern the likelihood of this misuse occurring,
rendering it difficult to quantify related costs, for at least four
reasons. First, data breaches can have different causes, from not
upgrading to the most current software, to software glitches, to
successful cyber attacks and improper procedures and protocols. Thus,
it is difficult to develop a homogenous sample to use to analyze data
breaches and what might reasonably be done to mitigate them (i.e.,
reduce the probability of their occurrence as well as their severity
when they do occur). Furthermore, the Commission does not have access
to such data even if they do exist. Second, data storage and
dissemination technology is constantly changing. This may result in the
manner in which data breaches occur changing over time in ways that are
difficult to anticipate, as various parties adapt to new technology.
Third, it is problematic to assess in advance the severity of a data
breach because the severity is dependent on the particulars of a given
breach that cannot be easily anticipated. Fourth, it would be
difficult, ex ante, to link data misuse to related profits and harms
from specific transactions.
b. High-Level Costs
    At a high level regarding costs to ADRs and AFRs, the less access
to SDR swap data granted to ADRs and AFRs, the less such swap data
would help in performing ADRs' and AFRs' supervisory and other
regulatory functions. Similarly, the more impediments to swap data
access, the longer it would take ADRs and AFRs to use, or the less use
ADRs and AFRs could make of, such swap data. It is not mandatory for
ADRs and AFRs to ask for access to SDR swap data, however. Thus, ADRs
and AFRs can reduce their costs by not asking for swap data or by
limiting the swap data they seek and/or the frequency with which they
seek it.\137\ The Commission expects ADRs and AFRs will seek access to
SDR swap data when they believe that the benefits associated with the
access are worth incurring the costs associated with obtaining such
access.
---------------------------------------------------------------------------

    \137\ The Commission acknowledges, however, that it is in the
best interest of ADRs and AFRs, as Congress recognized in passing
the FAST Act, for the process and parameters established by this
rulemaking to be utilized and swap data to be made accessible to
ADRs and AFRs.
---------------------------------------------------------------------------

c. ADRs' and AFRs' Costs
    The Commission is imposing several new obligations on Foreign
Regulators and certain domestic regulators that will trigger costs for
such regulators.
i. Determination Order Applications
    Currently, Sec.  49.17(b)(2) defines Foreign Regulators with either
an MOU or a similar information sharing agreement in place with the
Commission as ``Appropriate Foreign Regulators.'' As amended, however,
Sec.  49.17(b)(2) replaces such automatic AFR status with a requirement
that Foreign Regulators be determined by the Commission to be AFRs
before such Foreign Regulators can obtain swap data from SDRs. This
change will impose costs on each Foreign Regulator with an MOU, or
similar information sharing agreement, seeking AFR status. The
obligation for Foreign Regulators, and domestic regulators that are not
enumerated in Sec.  49.17(b)(1)(i) through (vi), to apply for a
Determination Order conferring AFR or ADR status in order for such
Foreign Regulators and unenumerated domestic regulators to be eligible
to receive access to SDR swap data will, at a minimum, require such
applicants to draft an application. Some applicants for ADR and AFR
status may choose to retain outside counsel or another third party to
draft the application, thereby incurring related costs; others might
use their own staff. There also may be additional costs associated with
the complexity of the application, because applicants for ADR and AFR
status will have to explain their jurisdiction and link it to their
requests for access to SDR swap data.\138\ While applicants will need
to expend resources developing their ``appropriateness'' applications,
the Commission expects that the requirements and guidance it has
provided in this release should reduce such expenditures to a certain
extent. Nonetheless, the level of such expenditures will depend on the
particulars of a given applicant.
---------------------------------------------------------------------------

    \138\ Pursuant to Sec.  49.17(h), applicants will have to
describe to the Commission the scope of their jurisdiction so that
that description can be provided to SDRs so that SDRs will know the
contours of the swap data access they can provide to applicants.
---------------------------------------------------------------------------

    The Commission estimates that each requesting entity would on
average expend 100 hours in connection with filing an application to
receive a Determination Order. This estimate considers the relevant
information that would be required to be provided in such an
application, including information regarding the entity's scope of
jurisdiction, confidentiality safeguards, as well as any other
information relevant for the Commission's determination. The Commission
monetizes the 30,000 burden hours by multiplying by a wage rate of $85
\139\ or approximately $2.56 million.
---------------------------------------------------------------------------

    \139\ The wage rate used here is a composite (blended) wage rate
by averaging the mean annual salaries of an Assistant/Associate
General Counsel, an Assistant Compliance Director, and a Programmer
(Senior) as published in the 2013 SIFMA Report and dividing that
figure by 1,800 annual working hours and multiplying by 1.3 to
account for the overhead for a government employee to arrive at the
hourly rate of approximately $85.
---------------------------------------------------------------------------

ii. Confidentiality Arrangements
    The requirement in Sec.  49.18(a) that SDRs receive an executed

[[Page 27433]]

confidentiality arrangement from an ADR or AFR before the SDR can
provide the ADR or AFR swap data is based on a corresponding
requirement set forth in CEA section 21(d) and will impose costs on
ADRs and AFRs. CEA section 21(d) does not specify any details of the
required written agreement other than that it must state that the ADR
or AFR shall abide by CEA section 8's confidentiality requirements. The
Commission, however, is adopting, in Appendix B to part 49, a
Confidentiality Arrangement Form providing for ADRs and AFRs to
implement a number of safeguards to effectuate the confidentiality
protections mandated by CEA section 21(c)(7). The Confidentiality
Arrangement Form can be expected to limit ADRs' and AFRs' flexibility
to use confidentiality arrangements more tailored to their specific
needs, but this is offset to some extent by corresponding benefits
discussed above in section V.C.3.vi. and by the fact that the
Commission retained the discretion to negotiate changes to the
Confidentiality Arrangement Form.
iii. Data Security
    Section 6 of the Confidentiality Arrangement Form contains a number
of undertakings designed to prevent unauthorized disclosure of swap
data. Given that ADRs and AFRs already likely have existing data
security policies, procedures and safeguards, the Commission continues
to believe that the costs of developing safeguards in response to such
undertakings would likely be only a incremental addition to their
existing data security costs, and the other costs of complying with
these burdens, such as the costs to develop policies, procedures and
safeguards, are within the scope of ADRs' and AFRs' expertise (and thus
would likely not require ADRs or AFRs to retain outside experts to
develop).\140\ Given that ADRs and AFRs can elect not to seek access to
swap data from SDRs and that ADRs and AFRs who do seek such access have
some control over the scope and frequency of the swap data they seek
and the manner in which they seek to analyze such swap data, ADRs and
AFRs themselves can influence to some degree the costs they impose on
themselves by seeking access to swap data from SDRs.
---------------------------------------------------------------------------

    \140\ The Commission continues to believe that ADRs and AFRs
would likely have established safeguards to protect sensitive data
other than swap data and that such safeguards could be adapted to
address the requirements of the confidentiality arrangement.
---------------------------------------------------------------------------

iv. Onward Sharing
    Section 7 of the Confidentiality Arrangement Form would prohibit
ADRs and AFRs from onward sharing Confidential Information with other
parties, with limited exceptions. This could impose some costs in that
ADRs and AFRs would not be able to freely share swap data among
themselves, which could reduce the utility of the swap data to ADRs and
AFRs, possibly reducing the effectiveness thereof. However, because CEA
section 21(c)(7) requires that SDRs share swap data with ADRs and AFRs
on a confidential basis pursuant to CEA section 8,'' and CEA section
8(e) also prohibits onward sharing, the onward sharing prohibition in
section 7 of the Confidentiality Arrangement Form is required by the
CEA.
v. Means of Access
    In addition, the fact that the Commission is electing not to
specify a particular means of ADRs and AFRs accessing swap data could
result in SDRs providing a means of access other than a means preferred
by ADRs and AFRs. This might impose additional costs on ADRs and AFRs
relative to the potentially lesser costs of their preferred means of
access.
    The Commission prescribing a particular means of access could
result in costs to either ADRs/AFRs or SDRs. Specifically, costs borne
by ADRs/AFRs might be shifted to SDRs or vice versa as a particular
means of access changes. The Commission chooses to not force all SDRs
to use a single means of providing access, thus requiring some or all
SDRs to alter their systems, since it is not possible to distinguish a
single means of access that would be preferable to all ADRs, AFRs and
SDRs. Because of these uncertainties, the Commission is unable to
quantify these costs but is able to identify such costs qualitatively.
The Commission recognizes that allowing SDRs to choose the means by
which they provide swap data access may impose costs of adapting to a
particular means of access on ADRs and AFRs. However, given the large
number of ADRs and AFRs who may seek SDR swap data access and the large
potential variation in their preferred means of access, and given the
limited number of SDRs and potential means of access, the Commission
believes that ADRs and AFRs, in general, can more easily bear the
burden of adapting to SDRs' choices of means of access than vice versa.
d. SDRs' Costs
i. Providing New Access Generally
    For SDRs, providing swap data access to so many potential ADRs and
AFRs may be expensive. For example, SDRs may be forced to purchase new
servers, hire new system administrators to oversee the new swap data/
system usage and troubleshoot related problems that may arise.
Maintaining new records pursuant to new recordkeeping requirements also
could require more resources. The requirement for an SDR not to provide
swap data to an ADR or AFR unless the SDR has determined that the swap
data is within the then-current scope of the ADR's or AFR's
jurisdiction, as described in the appendix to the confidentiality
arrangement required by Sec.  49.18(a), may cause SDRs to elect to
create new methods for parsing swap data to comply with the requirement
to so limit swap data access. Further, if the SDRs send data to ADRs
and AFRs, then they will incur costs to transmit the data. These costs
include the cost of expanding their capacity to disseminate data as
well as the cost to parse existing data to verify that it is within the
then-current scope of the ADR's or AFR's jurisdiction, as described in
the appendix to the confidentiality arrangement required by Sec. 
49.18(a).
ii. Providing Notice to the Commission
    Current Sec.  49.17(d)(4)(i) requires SDRs to notify the Commission
of any request for access to swap data from a particular ADR or AFR.
The Commission's amendments would reduce that burden by permitting SDRs
to notify the Commission only of the first such request by each ADR or
AFR and of any request that does not comport with the scope of the
ADR's or AFR's jurisdiction, as described in the appendix to the
confidentiality arrangement required by Sec.  49.18(a). The obligation
to notify the Commission of various other actions also will increase
SDRs' costs, although to the extent that such notice obligations are
not triggered, such cost increases would be tempered accordingly.
Nevertheless, SDRs presumably would need to incur some costs to develop
policies and procedures, and build out systems, to monitor potential
events that would trigger the new notice requirements.
iii. Verifying That a Swap Data Request Is Within an ADR's/AFR's Scope
of Jurisdiction
    Other SDR costs will include those related to SDRs determining that
each access request by an ADR or AFR is within the scope of the ADR's
or AFR's

[[Page 27434]]

jurisdiction, as required by Sec.  49.17(d)(4)(iii). This will require
SDRs to expend resources to ensure that they do not improperly disclose
swap data to an ADR or AFR. However, the Commission believes these
costs will be mitigated substantially in at least two ways. First,
Sec.  49.17(d)(4)(iv) provides that an SDR must make the scope of
jurisdiction determination only once with respect to a recurring swap
data request, thus ensuring no duplication of effort.\141\ Second,
Sec.  49.17(d)(4)(iii) provides that the only source an SDR must
consult in determining an ADR's or AFR's scope of jurisdiction is the
appendix to the confidentiality arrangement required by Sec.  49.18(a).
To the extent ADRs and AFRs provide lists of LEIs, and possibly also
UPIs of swaps, within the scope of ADRs' and AFRs' jurisdiction, which
the Commission continues to expect that they will, this would limit the
resources SDRs must expend to verify whether swap data access requests
are within the scope of an ADR's or AFR's jurisdiction.\142\ No legal
analysis would be required on an SDR's part, greatly reducing potential
costs. SDRs' costs would come from ensuring that the access they
provide ADRs and AFRs to swap data via SDRs' systems is no greater than
or less than the swap data to which ADRs and AFRs are entitled based on
the scope of the ADRs' or AFRs' jurisdiction, as described in the
appendix to the confidentiality agreement required by Sec.  49.18(a).
---------------------------------------------------------------------------

    \141\ However, if the request changes, each affected SDR must
make a new determination. The Commission believes this is
unavoidable due to requirement in CEA section 21(c)(7) that swap
data be provided by SDRs to ADRs and AFRs on a confidential basis
pursuant to section 8, and that any related costs flow from this
statutory requirement.
    \142\ This assumes that ADRs and AFRs choose to develop such
lists, which the Commission continues to anticipate that they would.
---------------------------------------------------------------------------

    The Commission believes that the use of LEIs, and potentially UPIs,
to effectively determine which SDR swap data should be provided to
ADRs/AFRs is a reasonable option, although it has some relatively minor
drawbacks unrelated to the amendments in this final rule (e.g., some
blank or incorrect data entries remain in LEI fields, LEIs are masked
in a number of cases to reflect certain other jurisdictions' privacy
law limits on disclosure, and the Commission has yet to designate a UPI
and product classification system, and SDRs each have developed their
own separate pre-UPI product identifiers in the interim). Despite those
drawbacks, the Commission believes LEIs and pre-UPI product identifiers
may be useful in describing ADRs' and AFRs' scopes of
jurisdiction.\143\
---------------------------------------------------------------------------

    \143\ In addition, if the scope of an ADR's or AFR's
jurisdiction supports receiving all swap data with respect to
entities over which an ADR or AFR exercises oversight, the ADR or
AFR may not need to use product identifiers at all--it may be able
to use LEIs alone to describe the scope of its jurisdiction.
---------------------------------------------------------------------------

    The Commission acknowledges that lists of LEIs of ADRs' and AFRs'
regulated entities and lists of UPIs or other product identifiers of
swaps within ADRs' and AFRs' jurisdiction may have to be updated from
time to time as regulated entities move in and out of ADRs' and AFRs'
jurisdiction, ADRs' and AFRs' jurisdiction expands or contracts, swaps
evolve, and new types of swaps are introduced. In these cases, for
example, an ADR or AFR likely would have to modify periodically the
list of LEIs and UPIs or product identifiers it gives to SDRs, imposing
some costs on SDRs as they incorporate such changes (and imposing some
costs on ADRs and AFRs to monitor their LEI and UPI or product
identifier lists and update SDRs and the Commission periodically
regarding any changes).
    The Commission continues to believe that the rule would further
mitigate the costs to SDRs by permitting them to verify that a data
access request falls within the scope of an ADR's or AFR's jurisdiction
just once for a recurring request the details of which do not change.
SDRs might incur additional costs, however, if the scope of an ADR's or
AFR's jurisdiction, or other factors discussed in the prior paragraph,
change. Such additional costs include some fraction of the costs,
discussed above, of verifying that an ADR's or AFR's swap data access
request falls within the scope of the ADR's or AFR's jurisdiction.
Additionally, ADRs and AFRs would incur some costs to notify the
Commission of changes in jurisdiction.
iv. Means of Access
    The Commission is not requiring SDRs to use a particular means of
providing access to swap data to ADRs and AFRs. The Commission is not
specifying a means of access because the Commission has allowed SDRs to
build their systems as they saw fit and does not want to impose undue
costs by requiring SDRs to all grant access via a specific means, which
could impose greater costs on certain SDRs based on how they chose to
build their systems.
    The Commission notes that SDRs already provide the Commission and
the National Futures Association (``NFA'') with swap data access. Given
that SDRs have already incurred many fixed costs in granting access to
the Commission and NFA, in providing ADRs and AFRs access, the SDRs may
benefit from economies of scale, reducing SDRs' costs. The rule would
also mitigate SDRs' costs by permitting them to choose the means by
which they will provide access to swap data to ADRs and AFRs. The
Commission expects that SDRs would choose the lowest cost means of
access consistent with their statutory obligation to provide ADRs and
AFRs access to swap data and other constraints. The Commission
continues to believe that it cannot forecast what these costs are
because they depend on particulars of each SDR that the Commission
still does not know. Further, the Commission anticipates that many of
these particulars will change over time as various parties adapt to
technological changes. However, the Commission has estimated costs
where it can, based in part on comments it received in the SDR Letter,
as discussed below.
v. Recordkeeping
    The Commission is amending current Sec.  49.17(d)(4)(i) to require
SDRs to maintain records of the details of the initial, and all
subsequent, requests for access to swap data from an ADR or AFR. Each
SDR would have to maintain this information for the same period
required for other SDR records. The Commission anticipates that such
costs will be relatively small and anticipates using such data to, for
example, monitor ADRs' and AFRs' access requests from time to time to
ensure that they remain within the scope of their jurisdiction and,
relatedly, to ensure that SDRs have been monitoring this access issue.
4. Response to Comments
    The Commission requested comments on all aspects of the NPRM and
further requested that commenters provide any data or other information
that would be useful in the estimation of the quantifiable costs and
benefits of this rulemaking. The Commission received substantive
comments from the SDR Commenters on the Commission's PRA burden hour
estimates provided in the NPRM. Those comments are incorporated in the
Commission's cost estimates for the burdens on SDRs, ADRs, and AFRs.
    The Commission is requiring, in Sec.  49.17(d)(4)(iii), that an SDR
not provide an ADR or AFR access to swap data, unless the SDR has
determined that the swap data is within the then-current scope of the
ADR's or AFR's jurisdiction, as described in the appendix to the
confidentiality

[[Page 27435]]

arrangement required by Sec.  49.18(a). The Commission received one
comment estimating the burden on SDRs associated with setting up access
restrictions to match an ADR's or AFR's described scope of
jurisdiction.\144\ In the SDR Letter, CME estimated the initial setup
cost to be between 400 and 950 hours for all ADRs and AFRs in the
aggregate. The Commission believes it is reasonable to accept CME's
estimate of 950 hours, as CME is an SDR and, as such, is familiar with
the costs required for setting up such access restrictions.
Consequently, for PRA and CBC purposes, the Commission estimates that
SDRs would incur a total burden of 3,800 hours (i.e., the product of
950 hours of time and four SDRs) associated with setting up SDR swap
data access for all ADRs and AFRs. The Commission monetizes these
burden hours at an hourly wage rate of $329 \145\ yielding a cost of
approximately $1,250,200.
---------------------------------------------------------------------------

    \144\ See SDR Letter at 5, n.10.
    \145\ The hourly wage rate used to estimate the costs associated
with these requirements is $329, which is a weighted average of
salaries and bonuses across different professions from the SIFMA
Report on Management & Professional Earnings in the Securities
Industry 2013, modified to account for an 1800-hour work-year and
multiplied by 5.35 to account for overhead and other benefits. The
Commission-estimated appropriate wage rate is a weighted national
average of salary and bonuses for professionals with the following
titles (and their relative weight): ``programmer (senior)'' (10%
weight); ``programmer'' (30%); ``compliance advisor (intermediate)''
(20%); ``compliance attorney'' (30%), and ``assistant/associate
general counsel'' (10%).
---------------------------------------------------------------------------

    As noted in the PRA discussion above, the Commission estimates that
each SDR would incur an annual burden of 480 hours associated with the
requirement to maintain records of the details of the initial and all
subsequent requests for data from an ADR or AFR, for a total of 1,920
hours annually (i.e., the product of four SDRs and 480 hours). The
Commission received one comment related to setup costs associated with
its proposed recordkeeping requirements.\146\ The SDR Letter provided
estimates for recordkeeping setup costs. CME subsequently provided
updated estimates of the setup costs, which CME now estimates would be
approximately 1,100-1,440 hours. The Commission believes it is
reasonable to accept CME's estimate of 1,440 hours, as CME is an SDR
and, as such, is familiar with the setup costs associated with SDR
recordkeeping requirements. Therefore, the Commission estimates that
initially each SDR may incur a burden of 1,440 hours associated with
these recordkeeping requirements, for a total of 5,760 hours (i.e., the
product of four SDRs and 1,440 hours). The Commission monetizes these
burden hours by using a wage rate of $329 yielding a cost of
$1,895,040. However, as discussed in this release, the recordkeeping
requirements adopted herein may result in lower costs to the SDRs than
estimated here, as the Commission is not requiring SDRs to keep records
of all data reports provided in response to data requests, as it had
proposed in the NPRM.
---------------------------------------------------------------------------

    \146\ See SDR Letter at 7, n.15.
---------------------------------------------------------------------------

5. Alternatives Considered
    As one alternative to comprehensive swap data safeguards, the
Commission instead could have chosen to merely delete the
indemnification references in its regulations. While that approach
could have avoided imposing on ADRs, AFRs, and SDRs many of the costs
related to protection of confidentiality discussed herein, it would
have dramatically increased the risk of imposing on market participants
and the public the costs discussed above in the first paragraph of
section IV.C.4. and below in section IV.C.7.a.-c., which the Commission
continues to believe is inconsistent with the historical importance
Congress and the Commission have placed on protecting information
covered by CEA section 8. Consequently, the Commission has determined
to take the selected approach.
    The Commission also considered and rejected the idea of specifying
a means of ADRs and AFRs accessing swap data. The Commission rejected
this as being too prescriptive, given that the Commission previously
permitted SDRs the discretion to build their systems as they saw fit
and for the other reasons discussed above in the means of access
discussion.
    The Commission also considered prohibiting SDRs from continuing to
provide ADRs and AFRs swap data access during the period commencing
with a contraction in an ADR's or AFR's scope of jurisdiction and
considered reducing the time SDRs are permitted to update their systems
to reflect the new jurisdiction. While the Commission retains the
authority to do so, as stated above, it expects ADRs and AFRs will
notify the Commission upon learning of a potential jurisdictional
restriction. The Commission expects that, with such advance notice,
SDRs can be more prepared to adjust their systems accordingly shortly
after an ADR's or AFR's jurisdiction is limited. The Commission prefers
to retain the discretion to address these situations, which it expects
to be rare, case-by-case.
6. Consideration of CEA Section 15(a) Factors
    CEA section 15(a) requires the Commission to consider the costs and
benefits of its actions before promulgating a regulation under the CEA
or issuing certain orders. CEA section 15(a) further specifies that the
costs and benefits shall be evaluated in light of the following five
broad areas of market and public concern: (1) Protection of market
participants and the public; (2) efficiency, competitiveness, and
financial integrity of futures markets; (3) price discovery; (4) sound
risk management practices; and (5) other public interest
considerations. The Commission considers the costs and benefits
resulting from its discretionary determinations with respect to the CEA
section 15(a) factors.
a. Protection of Market Participants and the Public
    The Commission believes that the final rules will equip ADRs and
AFRs to better understand the risks that are undertaken by their
regulated entities, and thus be better positioned to take appropriate
action as needed, because they will be able to better understand their
regulatees' swap transactions by virtue of having access to SDR swap
data.
    The Commission is adopting a number of safeguards to prevent market
participants' swap data maintained at SDRs from being misappropriated
or misused as a result of ADR and AFR access to such swap data. The
safeguards include: Modifying the requirements for being an AFR; a
requirement that the Commission issue a Determination Order for
unenumerated authorities to obtain SDR swap data access; requiring
authorities applying for a Determination Order to demonstrate that they
are acting within the scope of their jurisdiction in seeking access to
SDR swap data; imposing on ADRs and AFRs seeking access to swap data
maintained by SDRs a number of required confidentiality safeguards;
barring onward sharing of swap data; imposing on SDRs certain
recordkeeping and reporting requirements; and ensuring the Commission's
ability to revoke an ADR's or AFR's swap data access.
b. Efficiency, Competitiveness, and Financial Integrity of Futures
Markets
    The Commission continues to believe that there will be little
effect on efficiency, competiveness, and financial integrity of futures
markets if swap data is properly protected from being

[[Page 27436]]

misappropriated or misused. While the Commission believes that the
final rules adopted herein will properly protect swap data from being
misappropriated or misused, the possibility of such misconduct cannot
be eliminated entirely. If such misappropriation or misuse occurs, the
efficiency and competitiveness of markets might be affected.
c. Price Discovery
    The Commission continues to believe that price discovery would not
be affected by this rulemaking, provided that swap data is properly
protected. However, the Commission notes that there might be some
indirect effects on price discovery if the swap data protection
safeguards in this rulemaking are ineffective. If such protections
prove ineffective, market participants may be less willing to execute
swaps, as their identities, strategies, and/or positions may be
revealed. Ineffective data safeguards might harm price discovery if
bid/ask spread widens as a result. If so, observed prices might become
more volatile because they would oscillate between a wider bid/ask
spread.
d. Sound Risk Management Practices
    Access to SDR swap data will help ADRs and AFRs to better
understand the risks posed by their regulated entities. With access to
such swap data, ADRs and AFRs can more comprehensively supervise
entities that engage in swap trading and better understand their
exposure to losses. Allowing more ADRs and AFRs to access SDR swap data
may improve SDR data, too. This improvement might occur by facilitating
research and analysis that ultimately leads to better risk management
by market participants. This can occur through ADR/AFR research
directed at improving the risk management techniques through, for
instance, better metrics, instruments, and hedging techniques. Further,
swaps data reporting may also be improved by ADRs and AFRs asserting
their authority over their regulated entities to encourage or compel
them to improve their swap data reporting and risk management.
e. Other Public Interest Considerations
    The Commission finds that the ministerial changes to Sec. 
49.17(d)(1) discussed above in section II.G.2. may benefit ADRs, AFRs
and those persons seeking to become ADRs and AFRs by providing, in one
place, a brief overview of all of the requirements applicable to such
persons obtaining access to SDR swap data and the circumstances in
which such requirements are not applicable.
    The Commission also finds that the ministerial changes that it is
adopting to the bracketed text at the end of Appendix B to part 49
(describing Exhibit A to the Confidentiality Arrangement Form), drawn
from section II.D.2.c.i. of the preamble, may benefit ADRs and AFRs by
also including in part 49 of the Commission regulations the
instructions and guidance provided in the preamble as to how to
describe their scopes of jurisdiction in practical terms SDRs can
implement. As with the Commission's ministerial changes to Sec. 
49.17(d)(1), such simplification should make obtaining SDR swap data
modestly less burdensome and costly for ADRs and AFRs by reducing their
staff time needed to go through the process.
    The Commission is also making changes to Sec. Sec.  49.17(d)(6) and
49.18(a) to promote the use of the Confidentiality Arrangement Form set
forth in Appendix B, providing that the ability of an ADR or AFR to
execute a confidentiality arrangement that is not in the form set forth
in Appendix B to this part 49 is at the discretion of the Commission.
To the extent that this clarification results in more ADRs and AFRs
executing the Confidentiality Arrangement Form, the Commission expects
that this could result in modest savings for ADRs and AFRs. The
Commission also expects that using the Confidentiality Arrangement Form
will save staff time in the negotiation and execution of alternative
arrangements.
    Other than the foregoing, the Commission has not found any other
public interest considerations to be implicated by this rulemaking.

D. Antitrust Considerations

    CEA section 15(b) requires the Commission to take into
consideration the public interest to be protected by the antitrust laws
and endeavor to take the least anticompetitive means of achieving the
objectives of the CEA, in issuing any order or adopting any Commission
rule or regulation.
    The Commission does not anticipate that the amendments to part 49
that it is adopting today will result in anticompetitive behavior
because, among other things, the Commission is allowing SDRs to
determine which means of access they will use to provide ADRs and AFRs
swap data access (thus, allowing SDRs to ``compete'' on that basis).
However, in the NPRM the Commission encouraged comments from the public
on any aspect of the proposal that may have had the potential to be
inconsistent with the antitrust laws or be anticompetitive in nature.
    The Commission received no antitrust-related comments.
Consequently, the Commission continues to not anticipate that the
amendments to part 49 that it is adopting today will result in
anticompetitive behavior.

List of Subjects in 17 CFR Part 49

    Swap data repositories; Registration and regulatory requirements;
Access to swap data; Confidentiality; Commodity Exchange Act section 8.

    For the reasons stated in the preamble, the Commodity Futures
Trading Commission amends 17 CFR part 49 as set forth below:

PART 49--SWAP DATA REPOSITORIES

0
1. The authority citation for part 49 is revised to read as follows:

    Authority:  7 U.S.C. 12a, and 24a, unless otherwise noted.

0
2. In Sec.  49.2, revise paragraph (a)(5) to read as follows:


Sec.  49.2   Definitions.

    (a) * * *
    (5) Foreign Regulator. The term ``foreign regulator'' means a
foreign futures authority as defined in Section 1a(26) of the Act,
foreign financial supervisors, foreign central banks, foreign
ministries and other foreign authorities.
* * * * *

0
3. In Sec.  49.9, revise paragraph (a)(9) to read as follows:


Sec.  49.9   Duties of registered swap data repositories.

    (a) * * *
    (9) Upon request of Appropriate Domestic Regulators and Appropriate
Foreign Regulators, provide access to swap data held and maintained by
the swap data repository, as prescribed in Sec.  49.17;
* * * * *

0
4. In Sec.  49.17:
0
a. Revise paragraphs (a), (b)(1)(vii), (b)(2), and (c)(2);
0
b. Revise the first sentence of paragraph (c)(2) and the first sentence
of paragraph (c)(3);
0
c. Revise paragraphs (d)(1) through (3), (d)(4)(i) through (iv), and
(d)(5) and (6), (e) and (f); and
0
d. Add paragraphs (h) and (i).
    The revisions and addtions read as follows:


Sec.  49.17   Access to SDR data.

    (a) Purpose. This section provides a procedure by which the
Commission,

[[Page 27437]]

other domestic regulators and foreign regulators may obtain access to
the swap data held and maintained by registered swap data repositories.
Except as specifically set forth in this section, the Commission's
duties and obligations regarding the confidentiality of business
transactions or market positions of any person and trade secrets or
names of customers identified in Section 8 of the Act are not affected.
    (b) * * *
    (1) * * *
    (vii) Any other person the Commission determines to be appropriate
pursuant to the process set forth in paragraph (h) of this section.
    (2) Appropriate Foreign Regulator. The term ``Appropriate Foreign
Regulator'' shall mean those Foreign Regulators the Commission
determines to be appropriate pursuant to the process set forth in
paragraph (h) of this section.
* * * * *
    (c) * * *
    (2) Monitoring tools. A registered swap data repository is required
to provide the Commission with proper tools for the monitoring,
screening and analyzing of swap data, including, but not limited to,
Web-based services, services that provide automated transfer of data to
Commission systems, various software and access to the staff of the
swap data repository and/or third-party service providers or agents
familiar with the operations of the registered swap data repository,
which can provide assistance to the Commission regarding data structure
and content. * * *
    (3) Authorized users. The swap data provided to the Commission by a
registered swap data repository shall be accessible only by authorized
users. * * *
    (d) Other Regulators--(1) General Procedure for Gaining Access to
Registered Swap Data Repository Data. Except as set forth in paragraph
(d)(2) or (3) of this section--
    (i) A person who is not an Appropriate Domestic Regulator or an
Appropriate Foreign Regulator and who seeks to gain access to the swap
data maintained by a swap data repository is required to first become
an Appropriate Domestic Regulator or Appropriate Foreign Regulator
through the process set forth in paragraph (h) of this section, and
    (ii) Appropriate Domestic Regulators and Appropriate Foreign
Regulators seeking to gain access to the swap data maintained by a swap
data repository are required to apply for access by filing a request
for access with the registered swap data repository and certifying that
it is acting within the scope of its jurisdiction, comply with
paragraph (d)(6) of this section prior to receiving such access and, if
applicable after receiving such access, comply with the notification
requirement in paragraph (d)(4)(iii) of this section applicable to
Appropriate Domestic Regulators and Appropriate Foreign Regulators.
    (2) Domestic regulator with regulatory responsibility over a swap
data repository. When a swap data repository that is registered with
the Commission pursuant to this chapter is also registered with a
domestic regulator pursuant to a separate statutory authority, and such
domestic regulator seeks access to swap data that has been reported to
such swap data repository pursuant to the domestic regulator's
regulatory regime, such access is not subject to the requirements of
sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or Sec. 
49.18.
    (3) Foreign Regulator with regulatory responsibility over a swap
data repository. When a swap data repository that is registered with
the Commission pursuant to this chapter is also registered with, or
recognized or otherwise authorized by, a Foreign Regulator that has
supervisory authority over such swap data repository pursuant to
foreign law and/or regulation, and such Foreign Regulator seeks access
to swap data that has been reported to such swap data repository
pursuant to the Foreign Regulator's regulatory regime, such access is
not subject to the requirements of sections 21(c)(7) or 21(d) of the
Act, this paragraph (d) or Sec.  49.18.
    (4) * * *
    (i) A registered swap data repository shall notify the Commission
promptly after receiving an initial request from an Appropriate
Domestic Regulator or Appropriate Foreign Regulator to gain access to
swap data maintained by such swap data repository and promptly after
receiving any request that does not comport with the scope of the
Appropriate Domestic Regulator's or Appropriate Foreign Regulator's
jurisdiction, as described and appended to the confidentiality
arrangement required by Sec.  49.18(a). Each registered swap data
repository shall maintain records thereafter, pursuant to Sec.  49.12,
of the details of such initial request and of all subsequent requests
by such Appropriate Domestic Regulator or Appropriate Foreign Regulator
for such access.
    (ii) The registered swap data repository shall notify the
Commission electronically, in a format specified by the Secretary of
the Commission, of the receipt of a request specified in paragraph
(d)(4)(i) of this section.
    (iii) The registered swap data repository shall not provide an
Appropriate Domestic Regulator or Appropriate Foreign Regulator access
to swap data maintained by the swap data repository unless the swap
data repository has determined that the swap data to which the
Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks
access is within the then-current scope of such Appropriate Domestic
Regulator's or Appropriate Foreign Regulator's jurisdiction, as
described and appended to the confidentiality arrangement required by
Sec.  49.18(a). An Appropriate Domestic Regulator or Appropriate
Foreign Regulator that has executed a confidentiality arrangement with
the Commission pursuant to Sec.  49.18(a) and provided such
confidentiality arrangement to one or more swap data repositories shall
notify the Commission and each such swap data repository of any change
to such Appropriate Domestic Regulator's or Appropriate Foreign
Regulator's scope of jurisdiction as described in such confidentiality
arrangement. The Commission may direct a swap data repository to
suspend, limit, or revoke access to swap data maintained by such swap
data repository based on any such change to such Appropriate Domestic
Regulator's or Appropriate Foreign Regulator's scope of jurisdiction,
and, if so directed in writing, such swap data repository shall so
suspend, limit, or revoke such access.
    (iv) The registered swap data repository need not make the
determination required pursuant to paragraph (d)(4)(iii) of this
section more than once with respect to a recurring swap data request.
If such request changes, the swap data repository must make a new
determination pursuant to paragraph (d)(4)(iii) of this section.
    (5) Timing; Limitation, Suspension or Revocation of Swap Data
Access. Once a registered swap data repository has--
    (i) Notified the Commission, pursuant to paragraphs (d)(4)(i) and
(ii) of this section, of an initial request for swap data access by an
Appropriate Domestic Regulator or Appropriate Foreign Regulator, as
applicable, that was submitted pursuant to paragraph (d)(1) of this
section,
    (ii) Received from such Appropriate Domestic Regulator or
Appropriate Foreign Regulator a confidentiality arrangement executed by
the Commission and such Appropriate Domestic Regulator or Appropriate
Foreign Regulator as required by Sec.  49.18(a), and

[[Page 27438]]

    (iii) Satisfied its obligations under paragraph (d)(4)(iii) of this
section, such swap data repository shall provide access to the
requested swap data; provided, however, that such swap data repository
shall, if directed by the Commission in writing, limit, suspend or
revoke such access should the Commission limit, suspend or revoke the
appropriateness determination for such Appropriate Domestic Regulator
or Appropriate Foreign Regulator or otherwise direct the swap data
repository, in writing, to limit, suspend or revoke such access.
    (6) Confidentiality Arrangement. Consistent with Sec.  49.18(a),
the Appropriate Domestic Regulator or Appropriate Foreign Regulator
shall, prior to receiving access to any requested swap data, execute
the form of confidentiality arrangement set out in Appendix B of this
part with the Commission; provided, however, that the Commission may,
in its discretion, agree to execute a confidentiality arrangement with
an Appropriate Domestic Regulator or Appropriate Foreign Regulator that
is not in the form set forth in Appendix B of this part, if the
confidentiality arrangement is consistent with the requirements set
forth in Sec.  49.18(b).
    (e) Third-party service providers to a registered swap data
repository. Access to the swap data and SDR Information maintained by a
registered swap data repository may be necessary for certain third
parties that provide various technology and data-related services to a
registered swap data repository. Third-party access to the swap data
and SDR Information maintained by a swap data repository is permissible
subject to the following conditions:

    (1) Both the registered swap data repository and the third party
service provider shall have strict confidentiality procedures that
protect swap data and SDR Information from improper disclosure.
    (2) Prior to a registered swap data repository granting access to
swap data or SDR Information to a third-party service provider, the
third-party service provider and the registered swap data repository
shall execute a confidentiality agreement setting forth minimum
confidentiality procedures and permissible uses of the swap data and
SDR Information maintained by the swap data repository that are
equivalent to the privacy procedures for swap data repositories
outlined in Sec.  49.16.
    (f) Access by market participants--(1) General. Access by market
participants to swap data maintained by the registered swap data
repository is prohibited other than as set forth in paragraph (f)(2) of
this section.
    (2) Exception. Swap data and information related to a particular
swap that is maintained by the registered swap data repository may be
accessed by either counterparty to that particular swap. However, the
swap data and information maintained by the registered swap data
repository that may be accessed by either counterparty to a particular
swap shall not include the identity or the legal entity identifier (as
such term is used in part 45 of this chapter) of the other counterparty
to the swap, or the other counterparty's clearing member for the swap,
if the swap is executed anonymously on a swap execution facility or
designated contract market, and cleared in accordance with Commission
regulations in Sec. Sec.  1.74, 23.610, and 37.12(b)(7) of this
chapter.
* * * * *
    (h) Appropriateness determination process. (1) Each person seeking
an appropriateness determination pursuant to this paragraph shall file
an application with the Commission.
    (2) Each applicant seeking an appropriateness determination shall
provide sufficient detail in its application to permit the Commission
to analyze whether the applicant is acting within the scope of its
jurisdiction in seeking access to swap data maintained by a registered
swap data repository, and whether the applicant employs appropriate
confidentiality safeguards to ensure that any swap data such applicant
receives from a registered swap data repository will not, except as
allowed for in the form of confidentiality arrangement set forth in
Appendix B to this part 49, be disclosed.
    (3) If the Commission determines that an applicant pursuant to this
paragraph is, conditionally or unconditionally, appropriate for
purposes of CEA section 21(c)(7), the Commission shall issue an order
setting forth its appropriateness determination. The Commission shall
not determine that an applicant pursuant to this paragraph is
appropriate unless the Commission is satisfied that--
    (i) The applicant employs appropriate confidentiality safeguards to
ensure that any swap data such applicant receives from a registered
swap data repository will not be disclosed, except as allowed for in
the form of confidentiality arrangement set forth in Appendix B to this
part 49 or, in the Commission's discretion as set forth in paragraph
(d)(6) of this section, in a different form, provided that such
confidentiality arrangement contains the elements required in Sec. 
49.18(b), and
    (ii) Such applicant is acting within the scope of its jurisdiction
in seeking access to swap data from a registered swap data repository.
    (4) The Commission reserves the right, in connection with any
appropriateness determination with respect to an Appropriate Domestic
Regulator or Appropriate Foreign Regulator, to revisit, reassess,
limit, suspend or revoke such determination consistent with the Act.
    (i) Delegation of Authority Relating to Certain matters in this
section. (1) The Commission hereby delegates, until such time as the
Commission orders otherwise, the following functions to the Director of
the Division of Market Oversight and to such members of the
Commission's staff acting under his or her direction as he or she may
designate from time to time: All functions reserved to the Commission
in this section.
    (2) The Director of the Division of Market Oversight may submit any
matter which has been delegated under paragraph (i)(1) of this section
to the Commission for its consideration.
    (3) Nothing in this section may prohibit the Commission, at its
election, from exercising the authority delegated under paragraph
(i)(1) of this section.


0
5. Revise Sec.  49.18 to read as follows:


Sec.  49.18   Confidentiality arrangement.

    (a) Confidentiality arrangement required prior to disclosure of
swap data by a registered swap data repository to an Appropriate
Domestic Regulator or Appropriate Foreign Regulator. Prior to a
registered swap data repository providing access to swap data to any
Appropriate Domestic Regulator or Appropriate Foreign Regulator, each
as defined in Sec.  49.17(b), the swap data repository shall receive
from such Appropriate Domestic Regulator or Appropriate Foreign
Regulator, pursuant to Section 21(d) of the Act, an executed
confidentiality arrangement between the Commission and the Appropriate
Domestic Regulator or Appropriate Foreign Regulator, as applicable, in
the form set forth in Appendix B to this part 49 or, in the
Commission's discretion as set forth in Sec.  49.17(d)(6), in a
different form, provided that such confidentiality arrangement contains
the elements required in paragraph (b) of this section. Such
confidentiality arrangement must include, either as Exhibit A to the
form set forth in Appendix B of this part or similarly appended, a
description of the Appropriate Domestic Regulator's or

[[Page 27439]]

Appropriate Foreign Regulator's jurisdiction. Once a registered swap
data repository is notified, in writing, that a confidentiality
arrangement received from an Appropriate Domestic Regulator or
Appropriate Foreign Regulator no longer is in effect, the swap data
repository shall not provide access to swap data to such Appropriate
Domestic Regulator or Appropriate Foreign Regulator.
    (b) Elements of confidentiality arrangement. The confidentiality
arrangement required pursuant to paragraph (a) of this section shall,
at a minimum, include all elements included in the form of
confidentiality arrangement set forth in appendix B of this part.
    (c) Reporting failures to fulfill the terms of a confidentiality
arrangement. A registered swap data repository shall immediately report
to the Commission any known failure to fulfill the terms of a
confidentiality arrangement that it receives pursuant to paragraph (a)
of this section.
    (d) Failures to fulfill the terms of the confidentiality
arrangement. The Commission may, if an Appropriate Domestic Regulator
or Appropriate Foreign Regulator fails to fulfill the terms of a
confidentiality arrangement described in paragraph (a) of this section,
direct, in writing, each registered swap data repository to limit,
suspend or revoke such Appropriate Domestic Regulator's or Appropriate
Foreign Regulator's access to swap data held by such swap data
repository.
    (e) Delegation of authority relating to certain matters in this
section. (1) The Commission hereby delegates, until such time as the
Commission orders otherwise, the following functions to the Director of
the Division of Market Oversight and to such members of the
Commission's staff acting under his or her direction as he or she may
designate from time to time: All functions reserved to the Commission
in this section.
    (2) The Director of the Division of Market Oversight may submit any
matter which has been delegated under paragraph (e)(1) of this section
to the Commission for its consideration.
    (3) Nothing in this section may prohibit the Commission, at its
election, from exercising the authority delegated under paragraph
(e)(1) of this section.


0
6. In Sec.  49.22, revise paragraph (d)(4) to read as follows:


Sec.  49.22   Chief compliance officer.

* * * * *
    (d) * * *
    (4) Taking reasonable steps to ensure compliance with the Act and
Commission regulations relating to agreements, contracts, or
transactions, and with Commission regulations under Section 21 of the
Act, including confidentiality arrangements received by the chief
compliance officer's registered swap depository pursuant to Sec. 
49.18(a);
* * * * *


0
7. Add appendix B to part 49 to read as follows:

Appendix B to Part 49--Confidentiality Arrangement for Appropriate
Domestic Regulators and Appropriate Foreign Regulators To Obtain Access
To Swap Data Maintained by Registered Swap Data Respositories Pursuant
to Sec. Sec.  49.17(d)(6) and 49.18(a)
[GRAPHIC] [TIFF OMITTED] TR12JN18.000

    The U.S. Commodity Futures Trading Commission (``CFTC'') and the
[name of foreign/domestic regulator (``ABC'')] (each an
``Authority'' and collectively the ``Authorities'') have entered
into this Confidentiality Arrangement (``Arrangement'') in
connection with [whichever is applicable] [CFTC Regulation
49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to
[ABC] (``Order'')] and any request for swap data by [ABC] to any
swap data repository (``SDR'') registered with the CFTC.

Article One: General Provisions

    1. ABC is permitted to request and receive swap data directly
from a registered SDR (``Swap Data'') on the terms and subject to
the conditions of this Arrangement.
    2. This Arrangement is entered into to fulfill the requirements
under Section 21(d) of the Commodity Exchange Act (``Act'') and CFTC
Regulation 49.18. Upon receipt by a registered SDR, this Arrangement
will satisfy the requirement for a written agreement pursuant to
Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This
Arrangement does not apply to information that is [reported to a
registered SDR pursuant to [ABC]'s regulatory regime where the SDR
also is registered with [ABC] pursuant to separate statutory
authority, even if such information also is reported pursuant to the
Act and CFTC regulations][reported to a registered SDR pursuant to
[ABC]'s regulatory regime where the SDR also is registered with, or
recognized or otherwise authorized by, [ABC], which has supervisory
authority over the repository pursuant to foreign law and/or
regulation, even if such information also is reported pursuant to
the Act and CFTC regulations.] \1\
---------------------------------------------------------------------------

    \1\ The first bracketed phrase will be used for ADRs; the second
will be used for AFRs. The inapplicable phrase will be deleted.
---------------------------------------------------------------------------

    3. This Arrangement is not intended to limit or condition the
discretion of an Authority in any way in the discharge of its
regulatory responsibilities or to prejudice the individual
responsibilities or autonomy of any Authority.
    4. This Arrangement does not alter the terms and conditions of
any existing arrangements.

Article Two: Confidentiality of Swap Data

    5. ABC will be acting within the scope of its jurisdiction in
requesting Swap Data and employs procedures to maintain the
confidentiality of Swap Data and any information and analyses
derived therefrom (collectively, the ``Confidential Information'').
ABC undertakes to notify the CFTC and each relevant SDR promptly of
any change to ABC's scope of jurisdiction.
    6. ABC undertakes to treat Confidential Information as
confidential and will employ safeguards that:
    a. To the maximum extent practicable, identify the Confidential
Information and maintain it separately from other data and
information;
    b. Protect the Confidential Information from misappropriation
and misuse;
    c. Ensure that only authorized ABC personnel with a need to
access particular Confidential Information to perform their job

[[Page 27440]]

functions related to such Confidential Information have access
thereto, and that such access is permitted only to the extent
necessary to perform their job functions related to such particular
Confidential Information;
    d. Prevent the disclosure of aggregated Confidential
Information; provided, however, that ABC is permitted to disclose
any sufficiently aggregated Confidential Information that is
anonymized to prevent identification, through disaggregation or
otherwise, of a market participant's business transactions, trade
data, market positions, customers or counterparties;
    e. Prohibit use of the Confidential Information by ABC personnel
for any improper purpose, including in connection with trading for
their personal benefit or for the benefit of others or with respect
to any commercial or business purpose; and
    f. Include a process for monitoring compliance with the
confidentiality safeguards described herein and for promptly
notifying the CFTC, and each SDR from which ABC has received Swap
Data, of any violation of such safeguards or failure to fulfill the
terms of this Arrangement.
    7. Except as provided in Paragraphs 6.d. and 8, ABC will not
onward share or otherwise disclose any Confidential Information.
    8. ABC undertakes that:
    a. If a department, central bank, or agency of the Government of
the United States, it will not disclose Confidential Information
except in an action or proceeding under the laws of the United
States to which it, the CFTC, or the United States is a party;
    b. If a department or agency of a State or political subdivision
thereof, it will not disclose Confidential Information except in
connection with an adjudicatory action or proceeding brought under
the Act or the laws of [name of either the State or the State and
political subdivision] to which it is a party; or
    c. If a foreign futures authority or a department, central bank,
ministry, or agency of a foreign government or subdivision thereof,
or any other Foreign Regulator, as defined in Commission Regulation
49.2(a)(5), it will not disclose Confidential Information except in
connection with an adjudicatory action or proceeding brought under
the laws of [name of country, political subdivision, or (if a
supranational organization) supranational lawmaking body] to which
it is a party.
    9. Prior to complying with any legally enforceable demand for
Confidential Information, ABC will notify the CFTC of such demand in
writing, assert all available appropriate legal exemptions or
privileges with respect to such Confidential Information, and use
its best efforts to protect the confidentiality of the Confidential
Information.
    10. ABC acknowledges that, if it does not fulfill the terms of
this Arrangement, the CFTC may direct any registered SDR to suspend
or revoke ABC's access to Swap Data.
    11. ABC will comply with all applicable security-related
requirements imposed by an SDR in connection with access to Swap
Data maintained by the SDR, as such requirements may be revised from
time to time.
    12. ABC will promptly destroy all Confidential Information for
which it no longer has a need or which no longer falls within the
scope of its jurisdiction, and will certify to the CFTC, upon
request, that ABC has destroyed such Confidential Information.

Article Three: Administrative Provisions

    13. This Arrangement may be amended with the written consent of
the Authorities.
    14. The text of this Arrangement will be executed in English,
and may be made available to the public.
    15. On the date this Arrangement is signed by the Authorities,
it will become effective and may be provided to any registered SDR
that holds and maintains Swap Data that falls within the scope of
ABC's jurisdiction.
    16. This Arrangement will expire 30 days after any Authority
gives written notice to the other Authority of its intention to
terminate the Arrangement. In the event of termination of this
Arrangement, Confidential Information will continue to remain
confidential and will continue to be covered by this Arrangement.
    This Arrangement is executed in duplicate, this ___ day of ___.

-----------------------------------------------------------------------
[name of Chairman]

Chairman
U.S. Commodity Futures Trading Commission

-----------------------------------------------------------------------
[name of signatory]

[title]
[name of foreign/domestic regulator]

    [Exhibit A: Description of Scope of Jurisdiction. If ABC is not
enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must
attach the Determination Order received from the Commission pursuant
to Commission Regulation 49.17(h). If ABC is enumerated in
Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a
sufficiently detailed description of the scope of ABC's jurisdiction
as it relates to Swap Data maintained by SDRs. In both cases, the
description of the scope of jurisdiction must include elements
allowing SDRs to establish, without undue obstacles, objective
parameters for determining whether a particular Swap Data request
falls within such scope of jurisdiction. Such elements could include
LEIs of all jurisdictional entities and could also include UPIs of
all jurisdictional products or, if no CFTC-approved UPI and product
classification system is yet available, the internal product
identifier or product description used by an SDR from which Swap
Data is to be sought.]

    Issued in Washington, DC, on June 5, 2018, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.


    Note:  The following appendicies will not appear in the Code of
Federal Regulations.

Appendicies to Amendments to the Swap Data Access Provisions of Part 49
and Certain Other Matters--Commission Voting Summary, Chairman's
Statement, and Commissioner's Statement

Appendix 1--Commission Voting Summary

    On this matter, Chairman Giancarlo and Commissioners Quintenz
and Behnam voted in the affirmative. No Commissioner voted in the
negative.

Appendix 2--Statement of Chairman J. Christopher Giancarlo

    Eight years ago, Congress included in the Dodd-Frank Act a
requirement that foreign and domestic regulators indemnify SDRs and
the Commission for any expenses arising from litigation relating to
the information provided by SDRs. Foreign and domestic regulators
were unable or unwilling to provide this indemnification hindering
the ability to share swaps data. The indemnification requirement
also hindered the ability of foreign and domestic regulators to
access SDR data to assess risks their regulated entities are
assuming, and the impact of such risks on the broader markets.
    I am pleased that Congress has since amended the Dodd-Frank Act
to take out the indemnification requirement. We therefore can change
our regulations accordingly, which we propose to do today.
    In addition to the removal of the indemnification requirement,
the final rule adds a category of ``other regulators'' that the
Commission may deem to be appropriate to receive access to SDR swap
data.
    The final rule sets out the process by which appropriateness is
determined for those entities that are not already specifically
enumerated. This process is a change to current Commission
regulations, as it would apply to any such entity, including
domestic regulators not enumerated in Commission regulations and
foreign regulators.
    The statute also now requires a SDR to receive a written
agreement from each requesting entity stating that the entity shall
abide by the confidentiality requirements described in the CEA prior
to sharing information with the requesting entity. Commission
regulations currently require the SDR and the requesting regulator
to execute a confidentiality agreement, but do not provide a form or
details of such an agreement.
    The final rule modifies the current Commission regulations by
providing a form of confidentiality arrangement, as Appendix B to
part 49, and by requiring the confidentiality arrangement to be
between the requesting regulator and the Commission. The Commission
expects that this will benefit SDRs in that most, if not all,
confidentiality arrangements will be exactly the same, and the
Commission will be in the place of entering into the confidentiality
agreements with regulators.
    We received comments from the affected CFTC-registered SDRs on
the proposed rule that I believe that we have sufficiently
addressed. The final regulations provide

[[Page 27441]]

long-awaited clarity to the official sector regarding the CFTC's
requirements to determine access to, and safeguard the
confidentiality of, transactional information reported to SDRs.
    In my experience as a Commissioner and Chairman of the CFTC, I
have found, as have other foreign and domestic regulators, that
conducting oversight of global derivatives markets can be difficult
as a result of the current fragmented financial regulatory
structure. In this regard, I expect that the final rule will enable
authorities to enhance their oversight of derivatives markets across
product and asset classes by marrying up the trading and position
data they receive from regulated entities with the data sets
obtained directly from SDRs. In so doing, I believe we have made
significant progress towards cross-border data sharing and enhancing
transparency in the global swaps market.
    Because today's swaps markets are global in scope, utilizing the
data and information available in only one jurisdiction does not
provide a complete picture of cross border trading activity and
systemic risk. To that end, I expect that CFTC staff will seek to
facilitate access to SDR data for authorities with which we have a
history of regulatory assistance and that similarly seek to
facilitate CFTC access to data maintained by trade repositories in
their jurisdiction. Such data sharing represents an opportunity for
greater cooperation among market and prudential regulators, as well
as among foreign and domestic regulators, providing more effective
financial market oversight, expanding data driven policymaking, and
improving early warning systems to reduce the probability or
severity of a financial crisis.
    These regulations will have a direct positive impact on the
operational readiness of the official sector, providing authorities
with critical information to make sound near-term and long-term
policy and oversight decisions.
    I am particularly pleased that this rule represents a final step
in eliminating a major legal impediment to sharing swaps market data
with overseas regulators. The Dodd-Frank Act's original insistence
on an indemnification requirement may have been well-intentioned to
protect the safety of data held in SDRs, but Congress wisely
determined that any such benefit is outweighed by the greater public
interest of allowing international regulators to share and access
information to carry out the regulatory and supervisory functions
necessary to protect the global financial markets.
    It is essential that policymakers in other jurisdictions make
determinations similar to these before us today concerning current
legal barriers to information sharing. Even a law, like the new EU
General Data Protection Regulation (GDPR), which has laudable
objectives, must not be applied in ways that hinder the sharing and
access of information between European and U.S. regulators for
regulatory and supervisory purposes. Such a result could have
dangerous implications for our global markets. I hope today's action
by the CFTC will encourage international regulators and policymakers
to take affirmative steps to address other existing legal barriers
to information sharing and access.

Appendix 3--Supporting Statement of Commissioner Brian D. Quintenz

    I support today's final rule addressing indemnification and
amendments to the swap data access provisions of Part 49. I would
like to thank the staff in our Division of Market Oversight for
their work to amend Part 49 of the Commission's Regulations to
implement provisions of the Fixing America's Surface Transportation
Act of 2015 (Fast Act) \1\.
---------------------------------------------------------------------------

    \1\ Public Law 114-94, 129 Stat 1312 (Dec. 4, 2015).
---------------------------------------------------------------------------

    The Fast Act amended provisions of Title VII of the Dodd-Frank
Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank
Act) \2\ that proved unworkable. Most significantly, the Fast Act
repealed the Dodd-Frank Act's requirement that to obtain data from
swap data repositories (SDR) registered with the CFTC, domestic and
foreign authorities must indemnify the CFTC and SDRs from any claims
arising from a SDR's production of information to those authorities.
Foreign regulators unfamiliar with the U.S. tort law concept of
``indemnification'' that is inconsistent with their traditions and
legal structures, have opted against requesting any information from
SDRs. Domestic regulators have also opted against requesting
information from SDRs because of the indemnification requirement.
Removing the indemnification requirement will facilitate the sharing
of SDR information with domestic and foreign authorities and better
enable regulators in the United States and abroad to monitor risk
across the global financial system.
---------------------------------------------------------------------------

    \2\ Public Law 111-203, 124 Stat 1376 (July 21, 2010).

[FR Doc. 2018-12377 Filed 6-11-18; 8:45 am]
 BILLING CODE 6351-01-P