';


Title 17 Part 49

Title 17 → Chapter I → Part 49

Electronic Code of Federal Regulations e-CFR

Title 17 Part 49

e-CFR data is current as of September 12, 2019

Title 17Chapter I → Part 49


Title 17: Commodity and Securities Exchanges


PART 49—SWAP DATA REPOSITORIES


Contents
§49.1   Scope.
§49.2   Definitions.
§49.3   Procedures for registration.
§49.4   Withdrawal from registration.
§49.5   Equity interest transfers.
§49.6   Registration of successor entities.
§49.7   Swap data repositories located in foreign jurisdictions.
§49.8   Procedures for implementing registered swap data repository rules.
§49.9   Duties of registered swap data repositories.
§49.10   Acceptance of data.
§49.11   Confirmation of data accuracy.
§49.12   Swap data repository recordkeeping requirements.
§49.13   Monitoring, screening and analyzing swap data.
§49.14   Monitoring, screening and analyzing end-user clearing exemption claims by individual and affiliated entities.
§49.15   Real-time public reporting of swap data.
§49.16   Privacy and confidentiality requirements of swap data repositories.
§49.17   Access to SDR data.
§49.18   Confidentiality arrangement.
§49.19   Core principles applicable to registered swap data repositories.
§49.20   Governance arrangements (Core Principle 2).
§49.21   Conflicts of interest (Core Principle 3).
§49.22   Chief compliance officer.
§49.23   Emergency authority policies and procedures.
§49.24   System safeguards.
§49.25   Financial resources.
§49.26   Disclosure requirements of swap data repositories.
§49.27   Access and fees.
Appendix A to Part 49—Form SDR
Appendix B to Part 49—Confidentiality Arrangement for Appropriate Domestic Regulators and Appropriate Foreign Regulators to Obtain Access to Swap Data Maintained by Registered Swap Data Respositories Pursuant to §§49.17(d)(6) and 49.18(a)

Authority: 7 U.S.C. 12a, and 24a, unless otherwise noted.

Source: 76 FR 54575, Sept. 1, 2011, unless otherwise noted.

return arrow Back to Top

§49.1   Scope.

The provisions of this part apply to any swap data repository as defined under Section 1a(48) of the Act which is registered or is required to register as such with the Commission pursuant to Section 21(a) of the Act.

return arrow Back to Top

§49.2   Definitions.

(a) As used in this part:

(1) Affiliate. The term “affiliate” means a person that directly, or indirectly, controls, is controlled by, or is under common control with, the swap data repository.

(2) Asset class. The term “asset class” means the particular broad category of goods, services or commodities underlying a swap. The asset classes include credit, equity, interest rates, foreign exchange, other commodities, and such other asset classes as may be determined by the Commission.

(3) Commercial use. The term “commercial use” means the use of swap data held and maintained by a registered swap data repository for a profit or business purposes. The use of swap data for regulatory purposes and/or responsibilities by a registered swap data repository would not be considered a commercial use regardless of whether the registered swap data repository charges a fee for reporting such swap data.

(4) Control. The term “control” (including the terms “controlled by” and “under common control with”) means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, or otherwise.

(5) Foreign Regulator. The term “foreign regulator” means a foreign futures authority as defined in Section 1a(26) of the Act, foreign financial supervisors, foreign central banks, foreign ministries and other foreign authorities.

(6) Independent perspective. The term “independent perspective” means a viewpoint that is impartial regarding competitive, commercial, or industry concerns and contemplates the effect of a decision on all constituencies involved.

(7) Market participant. The term “market participant” means any person participating in the swap market, including, but not limited to, designated contract markets, derivatives clearing organizations, swaps execution facilities, swap dealers, major swap participants, and any other counterparties to a swap transaction.

(8) Non-affiliated third party. The term “non-affiliated third party” means any person except:

(i) The swap data repository;

(ii) The swap data repository's affiliate; or

(iii) A person employed by a swap data repository and any entity that is not the swap data repository's affiliate (and “non-affiliated third party” includes such entity that jointly employs the person).

(9) Person associated with a swap data repository. The term “person associated with a swap data repository” means:

(i) Any partner, officer, or director of such swap data repository (or any person occupying a similar status or performing similar functions);

(ii) Any person directly or indirectly controlling, controlled by, or under common control with such swap data repository; or

(iii) Any person employed by such swap data repository.

(10) Position. The term “position” means the gross and net notional amounts of open swap transactions aggregated by one or more attributes, including, but not limited to, the:

(i) Underlying instrument;

(ii) Index, or reference entity;

(iii) Counterparty;

(iv) Asset class;

(v) Long risk of the underlying instrument, index, or reference entity; and

(vi) Short risk of the underlying instrument, index, or reference entity.

(11) Registered swap data repository. The term “registered swap data repository” means a swap data repository that is registered under Section 21 of the Act.

(12) Reporting entity. The term “reporting entity” means those entities that are required to report swap data to a registered swap data repository. These reporting entities include designated contract markets, swaps execution facilities, derivatives clearing organizations, swap dealers, major swap participants and certain non-swap dealers/non-major swap participant counterparties.

(13) SDR Information. The term “SDR Information” means any information that the swap data repository receives or maintains.

(14) Section 8 Material. The term “Section 8 Material” means the business transactions, trade data, or market positions of any person and trade secrets or names of customers.

(15) Swap data. The term “swap data” means the specific data elements and information set forth in part 45 of this chapter that is required to be reported by a reporting entity to a registered swap data repository.

(b) Defined terms. Capitalized terms not defined in this part shall have the meanings assigned to them in §1.3 of this chapter.

[76 FR 54575, Sept. 1, 2011, as amended at 83 FR 27436, June 12, 2018]

return arrow Back to Top

§49.3   Procedures for registration.

(a) Application procedures. (1) An applicant, person or entity desiring to be registered as a swap data repository shall file electronically an application for registration on Form SDR provided in appendix A to this part, with the Secretary of the Commission at its headquarters in Washington, DC in a format and in the manner specified by the Secretary of the Commission in accordance with the instructions contained therein.

(2) The application shall include information sufficient to demonstrate compliance with core principles specified in Section 21 of the Act and the regulations thereunder. Form SDR consists of instructions, general questions and a list of Exhibits (documents, information and evidence) required by the Commission in order to determine whether an applicant is able to comply with the core principles. An application will not be considered to be materially complete unless the applicant has submitted, at a minimum, the exhibits as required in Form SDR. If the application is not materially complete, the Commission shall notify the applicant that the application will not be deemed to have been submitted for purposes of the 180-day review procedures.

(3) 180-Day review procedures. The Commission will review the application for registration as a swap data repository within 180 days of the date of the filing of such application. In considering an application for registration as a swap data repository, the staff of the Commission shall include in its review, an applicant's past relevant submissions and compliance history. At or prior to the conclusion of the 180-day period, the Commission will either by order grant registration; extend, by order, the 180-day review period for good cause; or deny the application for registration as a swap data repository. The 180-day review period shall commence once a completed submission on Form SDR is submitted to the Commission. The determination of when such submission on Form SDR is complete shall be at the sole discretion of the Commission. If deemed appropriate, the Commission may grant registration as a swap data repository subject to conditions. If the Commission denies an application for registration as a swap data repository, it shall specify the grounds for such denial. In the event of a denial of registration for a swap data repository, any person so denied shall be afforded an opportunity for a hearing before the Commission.

(4) Standard for approval. The Commission shall grant the registration of a swap data repository if the Commission finds that such swap data repository is appropriately organized, and has the capacity: to ensure the prompt, accurate and reliable performance of its functions as a swap data repository; comply with any applicable provisions of the Act and regulations thereunder; carry out its functions in a manner consistent with the purposes of Section 21 of the Act and the regulations thereunder; and operate in a fair, equitable and consistent manner. The Commission shall deny registration of a swap data repository if it appears that the application is materially incomplete; fails in form or substance to meet the requirements of Section 21 of the Act and part 49; or is amended or supplemented in a manner that is inconsistent with this §49.3. The Commission shall notify the applicant seeking registration that the Commission is denying the application setting forth the deficiencies in the application, and/or the manner in which the application fails to meet the requirements of this part.

(5) Amendments and annual filing. If any information reported on Form SDR or in any amendment thereto is or becomes inaccurate for any reason, whether before or after the application for registration has been granted, the swap data repository shall promptly file an amendment on Form SDR updating such information. In addition, the swap data repository shall annually file an amendment on Form SDR within 60 days after the end of each fiscal year.

(6) Service of process. Each swap data repository shall designate and authorize on Form SDR an agent in the United States, other than a Commission official, who shall accept any notice or service of process, pleadings, or other documents in any action or proceedings brought against the swap data repository to enforce the Act and the regulations thereunder.

(b) Provisional registration. The Commission, upon the request of an applicant, may grant provisional registration of a swap data repository if such applicant is in substantial compliance with the standards set forth in paragraph (a)(4) of this section and is able to demonstrate operational capability, real-time processing, multiple redundancy and robust security controls. Such provisional registration of a swap data repository shall expire on the earlier of: the date that the Commission grants or denies registration of the swap data repository; or the date that the Commission rescinds the temporary registration of the swap data repository. This paragraph (b) shall terminate within such time as determined by the Commission. A provisional registration granted by the Commission does not affect the right of the Commission to grant or deny permanent registration as provided under paragraph (a)(3) of this section.

(c) Withdrawal of application for registration. An applicant for registration may withdraw its application submitted pursuant to paragraph (a) of this section by filing with the Commission such a request. Withdrawal of an application for registration shall not affect any action taken or to be taken by the Commission based upon actions, activities, or events occurring during the time that the application for registration was pending with the Commission, and shall not prejudice the filing of a new application by such applicant.

(d) Reinstatement of dormant registration. Before accepting or re-accepting swap transaction data, a dormant registered swap data repository as defined in §40.1(e) of this chapter shall reinstate its registration under the procedures set forth in paragraph (a) of this section; provided, however, that an application for reinstatement may rely upon previously submitted materials that still pertain to, and accurately describe, current conditions.

(e) Delegation of authority. (1) The Commission hereby delegates, until it orders otherwise, to the Director of the Division of Market Oversight or the Director's delegates, with the consultation of the General Counsel or the General Counsel's delegates, the authority to notify an applicant seeking registration as a swap data repository pursuant to Section 21 of the Act that the application is materially incomplete and the 180-day period review period is extended.

(2) The Director of the Division of Market Oversight may submit to the Commission for its consideration any matter which has been delegated in this paragraph.

(3) Nothing in this paragraph prohibits the Commission, at its election, from exercising the authority delegated in paragraph (e)(1) of this section.

(f) Request for confidential treatment. An applicant for registration may request confidential treatment for materials submitted in its application as set forth in §§40.8 and 145.9 of this chapter. The applicant shall identify with particularity information in the application that will be subject to a request for confidential treatment.

return arrow Back to Top

§49.4   Withdrawal from registration.

(a)(1) A registered swap data repository may withdraw its registration by giving notice in writing to the Commission requesting that its registration as a swap data repository be withdrawn, which notice shall be served at least sixty days prior to the date named therein as the date when the withdrawal of registration shall take effect. The request to withdraw shall be made by a person duly authorized by the registrant and shall specify:

(i) The name of the registrant for which withdrawal of registration is being requested;

(ii) The name, address and telephone number of the swap data repository that will have custody of data and records of the registrant;

(iii) The address where such data and records will be located; and

(iv) A statement that the custodial swap data repository is authorized to make such data and records available in accordance with §1.44.

(2) Prior to filing a request to withdraw, a registered swap data repository shall file an amended Form SDR to update any inaccurate information. A withdrawal of registration shall not affect any action taken or to be taken by the Commission based upon actions, activities or events occurring during the time that the facility was designated by the Commission.

(b) A notice of withdrawal from registration filed by a swap data repository shall become effective for all matters (except as provided in this paragraph (b)) on the 60th day after the filing thereof with the Commission, within such longer period of time as to which such swap data repository consents or which the Commission, by order, may determine as necessary or appropriate in the public interest.

(c) Revocation of Registration for False Application. If, after notice and opportunity for hearing, the Commission finds that any registered swap data repository has obtained its registration by making any false or misleading statements with respect to any material fact or has violated or failed to comply with any provision of the Act and regulations thereunder, the Commission, by order, may revoke the registration. Pending final determination whether any registration shall be revoked, the Commission, by order, may suspend such registration, if such suspension appears to the Commission, after notice and opportunity for hearing, to be necessary or appropriate and in the public interest.

return arrow Back to Top

§49.5   Equity interest transfers.

(a) Equity transfer notification. Upon entering into any agreement(s) that could result in an equity interest transfer of ten percent or more in the swap data repository, the swap data repository shall file a notification of the equity interest transfer with the Secretary of the Commission at its headquarters in Washington, DC in a format and in the manner specified by the Secretary of the Commission, no later than the business day, as defined in §40.1 of this chapter, following the date on which the swap data repository enters into a firm obligation to transfer the equity interest. The swap data repository shall also amend any information that is no longer accurate on Form SDR consistent with the procedures set forth in §49.3 of this part.

(b) Required information. The notification must include and be accompanied by: any relevant agreement(s), including any preliminary agreements; any associated changes to relevant corporate documents; a chart outlining any new ownership or corporate or organizational structure; a brief description of the purpose and any impact of the equity interest transfer; and a representation from the swap data repository that it meets all of the requirements of Section 21 of the Act and Commission regulations adopted thereunder. The swap data repository shall keep the Commission apprised of the projected date that the transaction resulting in the equity interest transfer will be consummated, and must provide to the Commission any new agreements or modifications to the original agreement(s) filed pursuant to this section. The swap data repository shall notify the Commission of the consummation of the transaction on the day in which it occurs.

(c) Certification. (1) Upon a transfer of an equity interest of ten percent or more in a registered swap data repository, the registered swap data repository shall file with the Secretary of the Commission at its headquarters in Washington, DC in a format and in the manner specified by the Secretary of the Commission, a certification that the registered swap data repository meets all of the requirements of Section 21 of the Act and Commission regulations adopted thereunder, no later than two business days, as defined in §40.1 of this chapter, following the date on which the equity interest of ten percent or more was acquired. Such certification shall state whether changes to any aspects of the swap data repository's operations were made as a result of such change in ownership, and include a description of any such change(s).

(2) The certification required under this paragraph may rely on and be supported by reference to an application for registration as a swap data repository or prior filings made pursuant to a rule submission requirement, along with any necessary new filings, including new filings that provide any and all material updates of prior submissions.

return arrow Back to Top

§49.6   Registration of successor entities.

(a) In the event of a corporate transaction, such as a re-organization, merger, acquisition, bankruptcy or other similar corporate event, that creates a new entity, in which the swap data repository continues to operate, the swap data repository shall request a transfer of the registration, rules, and other matters, no later than 30 days after the succession. The registration of the predecessor shall be deemed to remain effective as the registration of the successor if the successor, within 30 days after such succession, files an application for registration on Form SDR, and the predecessor files a request for vacation of registration on Form SDR provided, however, that the registration of the predecessor swap data repository shall cease to be effective 90 days after the application for registration on Form SDR is filed by the successor swap data repository.

(b) If the succession is based solely on a change in the predecessor's date or state of incorporation, form of organization, or composition of a partnership, the successor may, within 30 days after the succession, amend the registration of the predecessor swap data repository on Form SDR to reflect these changes. This amendment shall be an application for registration filed by the predecessor and adopted by the successor.

return arrow Back to Top

§49.7   Swap data repositories located in foreign jurisdictions.

Any swap data repository located outside of the United States applying for registration pursuant to §49.3 of this part shall certify on Form SDR and provide an opinion of counsel that the swap data repository, as a matter of law, is able to provide the Commission with prompt access to the books and records of such swap data repository and that the swap data repository can submit to onsite inspection and examination by the Commission.

return arrow Back to Top

§49.8   Procedures for implementing registered swap data repository rules.

(a) Request for Commission approval of rules. An applicant for registration as a swap data repository may request that the Commission approve under Section 5c(c) of the Act, any or all of its rules and subsequent amendments thereto, prior to their implementation or, notwithstanding the provisions of Section 5c(c)(2) of the Act, at anytime thereafter, under the procedures of §40.5 of this chapter.

(b) Notwithstanding the timeline under §40.5(c) of this chapter, the rules of a swap data repository that have been submitted for Commission approval at the same time as an application for registration under §49.3 of this part or to reinstate the registration of a dormant registered swap data repository, as defined in §40.1 of this chapter, will be deemed approved by the Commission no earlier than when the swap data repository is deemed to be registered or reinstated.

(c) Self-certification of rules. Rules of a registered swap data repository not voluntarily submitted for prior Commission approval pursuant to paragraph (a) of this section must be submitted to the Commission with a certification that the rule or rule amendment complies with the Act or rules thereunder pursuant to the procedures of §40.6 of this chapter, as applicable.

return arrow Back to Top

§49.9   Duties of registered swap data repositories.

(a) Duties. To be registered, and maintain registration, as a swap data repository, a registered swap data repository shall:

(1) Accept swap data as prescribed in §49.10 for each swap;

(2) Confirm, as prescribed in §49.11, with both counterparties to the swap the accuracy of the swap data that was submitted;

(3) Maintain, as prescribed in §49.12, the swap data described in part 45 of the Commission's Regulations in such form and manner as provided therein and in the Act and the rules and regulations thereunder;

(4) Provide direct electronic access to the Commission (or any designee of the Commission, including another registered entity) as prescribed in §49.17;

(5) Provide the information set forth in §49.15 to comply with the public reporting requirements set forth in Section 2(a)(13) of the Act;

(6) Establish automated systems for monitoring, screening, and analyzing swap data as prescribed in §49.13;

(7) Establish automated systems for monitoring, screening and analyzing end-user clearing exemption claims as prescribed in §49.14;

(8) Maintain the privacy of any and all swap data and any other related information that the swap data repository receives from a reporting entity as prescribed in §49.16;

(9) Upon request of Appropriate Domestic Regulators and Appropriate Foreign Regulators, provide access to swap data held and maintained by the swap data repository, as prescribed in §49.17;

(10) Adopt and establish appropriate emergency policies and procedures, including business continuity and disaster recovery plans, as prescribed in §§49.23 and 49.24.

(11) Designate an individual to serve as a chief compliance officer who shall comply with §49.22; and

(12) Subject itself to inspection and examination by the Commission.

(b) This Regulation is not intended to limit, or restrict, the applicability of other provisions of the Act, including, but not limited to, Section 2(a)(13) of the Act and rules and regulations promulgated thereunder.

[76 FR 54575, Sept. 1, 2011, as amended at 83 FR 27436, June 12, 2018]

return arrow Back to Top

§49.10   Acceptance of data.

(a) A registered swap data repository shall establish, maintain, and enforce policies and procedures for the reporting of swap data to the registered swap data repository and shall accept and promptly record all swap data in its selected asset class and other regulatory information that is required to be reported pursuant to part 45 and part 43 of this chapter by designated contract markets, derivatives clearing organizations, swap execution facilities, swap dealers, major swap participants and/or non-swap dealer/non-major swap participant counterparties.

(1) Electronic connectivity. For the purpose of accepting all swap data as required by part 45 and part 43, the registered swap data repository shall adopt policies and procedures, including technological protocols, which provide for electronic connectivity between the swap data repository and designated contract markets, derivatives clearing organizations, swaps execution facilities, swap dealers, major swap participants and/or certain other non-swap dealer/non-major swap participant counterparties who report such data. The technological protocols established by a swap data repository shall provide for the receipt of swap creation data, swap continuation data, real-time public reporting data, and all other data and information required to be reported to such swap data repository. The swap data repository shall ensure that its mechanisms for swap data acceptance are reliable and secure.

(b) A registered swap data repository shall set forth in its application for registration as described in §49.3 the specific asset class or classes for which it will accept swaps data. If a swap data repository accepts swap data of a particular asset class, then it shall accept data from all swaps of that asset class, unless otherwise prescribed by the Commission.

(c) A registered swap data repository shall establish policies and procedures reasonably designed to prevent any provision in a valid swap from being invalidated or modified through the confirmation or recording process of the swap data repository. The policies and procedures must ensure that the swap data repository's user agreements are designed to prevent any such invalidation or modification.

(d) A registered swap data repository shall establish procedures and provide facilities for effectively resolving disputes over the accuracy of the swap data and positions that are recorded in the registered swap data repository.

return arrow Back to Top

§49.11   Confirmation of data accuracy.

(a) A registered swap data repository shall establish policies and procedures to ensure the accuracy of swap data and other regulatory information required to be reported by part 45 that it receives from reporting entities or certain third-party service providers acting on their behalf, such as confirmation or matching service providers.

(b) A registered swap data repository shall confirm the accuracy of all swap data that is submitted pursuant to part 45.

(1) Confirmation of data accuracy for swap creation data as defined in part 45. (i) A registered swap data repository has confirmed the accuracy of swap creation data that was submitted directly by a counterparty if the swap data repository has notified both counterparties of the data that was submitted and received from both counterparties acknowledgement of the accuracy of the swap data and corrections for any errors.

(ii) A registered swap data repository has confirmed the accuracy of swap creation data that was submitted by a swap execution facility, designated contract market, derivatives clearing organization, or third-party service provider who is acting on behalf of a counterparty, if the swap data repository has complied with each of the following:

(A) The swap data repository has formed a reasonable belief that the swap data is accurate;

(B) The swap data that was submitted, or any accompanying information, evidences that both counterparties agreed to the data; and

(C) The swap data repository has provided both counterparties with a 48 hour correction period after which a counterparty is assumed to have acknowledged the accuracy of the swap data.

(2) Confirmation of data accuracy for swap continuation data as defined in part 45. (i) A registered swap data repository has confirmed the accuracy of the swap continuation data that was submitted directly by a counterparty if the swap data repository has notified both counterparties of the data that was submitted and provided both counterparties with a 48 hour correction period after which a counterparty is assumed to have acknowledged the accuracy of the data.

(ii) A registered swap data repository has confirmed the accuracy of swap continuation data that was submitted by a swap execution facility, designated contract market, derivatives clearing organization, or third-party service provider who is acting on behalf of a counterparty, if the swap data repository has complied with each of the following:

(A) The swap data repository has formed a reasonable belief that the swap data is accurate; and

(B) The swap data repository has provided both counterparties with a 48 hour correction period after which a counterparty is assumed to have acknowledged the accuracy of the swap data.

(c) A registered swap data repository shall keep a record of corrected errors that is available upon request to the Commission.

return arrow Back to Top

§49.12   Swap data repository recordkeeping requirements.

(a) A registered swap data repository shall maintain its books and records in accordance with the requirements of part 45 of this chapter regarding the swap data required to be reported to the swap data repository.

(b) A registered swap data repository shall maintain swap data (including all historical positions) throughout the existence of the swap and for five years following final termination of the swap, during which time the records must be readily accessible by the swap data repository and available to the Commission via real-time electronic access; and in archival storage for which such swap data is retrievable by the swap data repository within three business days.

(c) All records required to be kept pursuant to this Regulation shall be open to inspection upon request by any representative of the Commission and the United States Department of Justice. Copies of all such records shall be provided, at the expense of the swap data repository or person required to keep the record, to any representative of the Commission upon request, either by electronic means, in hard copy, or both, as requested by the Commission.

(d) A registered swap data repository shall comply with the real time public reporting and recordkeeping requirements prescribed in §49.15 and part 43 of this chapter.

(e) A registered swap data repository shall establish policies and procedures to calculate positions for position limits and any other purpose as required by the Commission, for all persons with swaps that have not expired maintained by the registered swap data repository.

return arrow Back to Top

§49.13   Monitoring, screening and analyzing swap data.

(a) Duty to monitor, screen and analyze data. A registered swap data repository shall monitor, screen, and analyze all swap data in its possession in such a manner as the Commission may require. A swap data repository shall routinely monitor, screen, and analyze swap data for the purpose of any standing swap surveillance objectives which the Commission may establish as well as perform specific monitoring, screening, and analysis tasks based on ad hoc requests by the Commission.

(b) Capacity to monitor, screen and analyze data. A registered swap data repository shall establish and maintain sufficient information technology, staff, and other resources to fulfill the requirements in this §49.13 in a manner prescribed by the Commission. A swap data repository shall monitor the sufficiency of such resources at least annually, and adjust its resources as its responsibilities, or the volume of swap transactions subject to monitoring, screening, and analysis, increase.

return arrow Back to Top

§49.14   Monitoring, screening and analyzing end-user clearing exemption claims by individual and affiliated entities.

A registered swap data repository shall have automated systems capable of identifying, aggregating, sorting, and filtering all swap transactions that are reported to it which are exempt from clearing pursuant to Section 2(h)(7) of the Act. Such capabilities shall be applicable to any information provided to a swap data repository by or on behalf of an end user regarding how such end user meets the requirements of Sections 2(h)(7)(A)(i), 2(h)(7)(A)(ii), and 2(h)(7)(A)(iii) of the Act and any Commission regulations thereunder.

return arrow Back to Top

§49.15   Real-time public reporting of swap data.

(a) Scope. The provisions of this §49.15 apply to real-time public reporting of swap data, as defined in part 43 of this chapter.

(b) Systems to accept and disseminate swap data in connection with real-time public reporting. A registered swap data repository shall establish such electronic systems as are necessary to accept and publicly disseminate real-time swap data submitted to meet the real-time public reporting obligations of part 43 of this chapter. Any electronic systems established for this purpose must be capable of accepting and ensuring the public dissemination of all data fields required by part 43 of this chapter.

(c) Duty to notify the commission of untimely data. A registered swap data repository must notify the Commission of any swap transaction for which the real-time swap data was not received by the swap data repository in accordance with part 43 of this chapter.

return arrow Back to Top

§49.16   Privacy and confidentiality requirements of swap data repositories.

(a) Each swap data repository shall:

(1) Establish, maintain, and enforce written policies and procedures reasonably designed to protect the privacy and confidentiality of any and all SDR Information that is not subject to real-time public reporting set forth in part 43 of this chapter. Such policies and procedures shall include, but are not limited to, policies and procedures to protect the privacy and confidentiality of any and all SDR Information (except for swap data disseminated under part 43) that the swap data repository shares with affiliates and non-affiliated third parties; and

(2) Establish and maintain safeguards, policies, and procedures reasonably designed to prevent the misappropriation or misuse, directly or indirectly, of:

(i) Section 8 Material;

(ii) Other SDR Information; and/or

(iii) Intellectual property, such as trading strategies or portfolio positions, by the swap data repository or any person associated with the swap data repository. Such safeguards, policies, and procedures shall include, but are not limited to,

(A) limiting access to such Section 8 Material, other SDR Information, and intellectual property,

(B) standards controlling persons associated with the swap data repository trading for their personal benefit or the benefit of others, and

(C) adequate oversight to ensure compliance with this subparagraph.

(b) Swap data repositories shall not, as a condition of accepting swap data from reporting entities, require the waiver of any privacy rights by such reporting entities.

(c) Subject to Section 8 of the Act, swap data repositories may disclose aggregated swap data on a voluntary basis or as requested, in the form and manner, prescribed by the Commission.

return arrow Back to Top

§49.17   Access to SDR data.

(a) Purpose. This section provides a procedure by which the Commission, other domestic regulators and foreign regulators may obtain access to the swap data held and maintained by registered swap data repositories. Except as specifically set forth in this section, the Commission's duties and obligations regarding the confidentiality of business transactions or market positions of any person and trade secrets or names of customers identified in Section 8 of the Act are not affected.

(b) Definitions. For purposes of this §49.17, the following terms shall be defined as follows:

(1) Appropriate Domestic Regulator. The term “Appropriate Domestic Regulator” shall mean:

(i) The Securities and Exchange Commission;

(ii) Each prudential regulator identified in Section 1a(39) of the Act with respect to requests related to any of such regulator's statutory authorities, without limitation to the activities listed for each regulator in Section 1a(39);

(iii) The Financial Stability Oversight Council;

(iv) The Department of Justice;

(v) Any Federal Reserve Bank;

(vi) The Office of Financial Research; and

(vii) Any other person the Commission determines to be appropriate pursuant to the process set forth in paragraph (h) of this section.

(2) Appropriate Foreign Regulator. The term “Appropriate Foreign Regulator” shall mean those Foreign Regulators the Commission determines to be appropriate pursuant to the process set forth in paragraph (h) of this section.

(3) Direct electronic access. For the purposes of this regulation, the term “direct electronic access” shall mean an electronic system, platform or framework that provides Internet or Web-based access to real-time swap transaction data and also provides scheduled data transfers to Commission electronic systems.

(c) Commission access—(1) Direct electronic access. A registered swap data repository shall provide direct electronic access to the Commission or the Commission's designee, including another registered entity, in order for the Commission to carry out its legal and statutory responsibilities under the Act and related regulations.

(2) Monitoring tools. A registered swap data repository is required to provide the Commission with proper tools for the monitoring, screening and analyzing of swap data, including, but not limited to, Web-based services, services that provide automated transfer of data to Commission systems, various software and access to the staff of the swap data repository and/or third-party service providers or agents familiar with the operations of the registered swap data repository, which can provide assistance to the Commission regarding data structure and content.

(3) Authorized users. The swap data provided to the Commission by a registered swap data repository shall be accessible only by authorizedusers. The swap data repository shall maintain and provide a list of authorized users in the manner and frequency determined by the Commission.

(d) Other regulators—(1) General Procedure for Gaining Access to Registered Swap Data Repository Data. Except as set forth in paragraph (d)(2) or (3) of this section—

(i) A person who is not an Appropriate Domestic Regulator or an Appropriate Foreign Regulator and who seeks to gain access to the swap data maintained by a swap data repository is required to first become an Appropriate Domestic Regulator or Appropriate Foreign Regulator through the process set forth in paragraph (h) of this section, and

(ii) Appropriate Domestic Regulators and Appropriate Foreign Regulators seeking to gain access to the swap data maintained by a swap data repository are required to apply for access by filing a request for access with the registered swap data repository and certifying that it is acting within the scope of its jurisdiction, comply with paragraph (d)(6) of this section prior to receiving such access and, if applicable after receiving such access, comply with the notification requirement in paragraph (d)(4)(iii) of this section applicable to Appropriate Domestic Regulators and Appropriate Foreign Regulators.

(2) Domestic regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with a domestic regulator pursuant to a separate statutory authority, and such domestic regulator seeks access to swap data that has been reported to such swap data repository pursuant to the domestic regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or §49.18.

(3) Foreign Regulator with regulatory responsibility over a swap data repository. When a swap data repository that is registered with the Commission pursuant to this chapter is also registered with, or recognized or otherwise authorized by, a Foreign Regulator that has supervisory authority over such swap data repository pursuant to foreign law and/or regulation, and such Foreign Regulator seeks access to swap data that has been reported to such swap data repository pursuant to the Foreign Regulator's regulatory regime, such access is not subject to the requirements of sections 21(c)(7) or 21(d) of the Act, this paragraph (d) or §49.18.

(4) Obligations of the registered swap data repository in connection with appropriate domestic regulator or appropriate foreign regulator requests for data access.

(i) A registered swap data repository shall notify the Commission promptly after receiving an initial request from an Appropriate Domestic Regulator or Appropriate Foreign Regulator to gain access to swap data maintained by such swap data repository and promptly after receiving any request that does not comport with the scope of the Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by §49.18(a). Each registered swap data repository shall maintain records thereafter, pursuant to §49.12, of the details of such initial request and of all subsequent requests by such Appropriate Domestic Regulator or Appropriate Foreign Regulator for such access.

(ii) The registered swap data repository shall notify the Commission electronically, in a format specified by the Secretary of the Commission, of the receipt of a request specified in paragraph (d)(4)(i) of this section.

(iii) The registered swap data repository shall not provide an Appropriate Domestic Regulator or Appropriate Foreign Regulator access to swap data maintained by the swap data repository unless the swap data repository has determined that the swap data to which the Appropriate Domestic Regulator or Appropriate Foreign Regulator seeks access is within the then-current scope of such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction, as described and appended to the confidentiality arrangement required by §49.18(a). An Appropriate Domestic Regulator or Appropriate Foreign Regulator that has executed a confidentiality arrangement with the Commission pursuant to §49.18(a) and provided such confidentiality arrangement to one or more swap data repositories shall notify the Commission and each such swap data repository of any change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction as described in such confidentiality arrangement. The Commission may direct a swap data repository to suspend, limit, or revoke access to swap data maintained by such swap data repository based on any such change to such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's scope of jurisdiction, and, if so directed in writing, such swap data repository shall so suspend, limit, or revoke such access.

(iv) The registered swap data repository need not make the determination required pursuant to paragraph (d)(4)(iii) of this section more than once with respect to a recurring swap data request. If such request changes, the swap data repository must make a new determination pursuant to paragraph (d)(4)(iii) of this section.

(5) Timing; Limitation, Suspension or Revocation of Swap Data Access. Once a registered swap data repository has—

(i) Notified the Commission, pursuant to paragraphs (d)(4)(i) and (ii) of this section, of an initial request for swap data access by an Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, that was submitted pursuant to paragraph (d)(1) of this section,

(ii) Received from such Appropriate Domestic Regulator or Appropriate Foreign Regulator a confidentiality arrangement executed by the Commission and such Appropriate Domestic Regulator or Appropriate Foreign Regulator as required by §49.18(a), and

(iii) Satisfied its obligations under paragraph (d)(4)(iii) of this section, such swap data repository shall provide access to the requested swap data; provided, however, that such swap data repository shall, if directed by the Commission in writing, limit, suspend or revoke such access should the Commission limit, suspend or revoke the appropriateness determination for such Appropriate Domestic Regulator or Appropriate Foreign Regulator or otherwise direct the swap data repository, in writing, to limit, suspend or revoke such access.

(6) Confidentiality Arrangement. Consistent with §49.18(a), the Appropriate Domestic Regulator or Appropriate Foreign Regulator shall, prior to receiving access to any requested swap data, execute the form of confidentiality arrangement set out in appendix B of this part with the Commission; provided, however, that the Commission may, in its discretion, agree to execute a confidentiality arrangement with an Appropriate Domestic Regulator or Appropriate Foreign Regulator that is not in the form set forth in appendix B of this part, if the confidentiality arrangement is consistent with the requirements set forth in §49.18(b).

(e) Third-party service providers to a registered swap data repository. Access to the swap data and SDR Information maintained by a registered swap data repository may be necessary for certain third parties that provide various technology and data-related services to a registered swap data repository. Third-party access to the swap data and SDR Information maintained by a swap data repository is permissible subject to the following conditions:

(1) Both the registered swap data repository and the third party service provider shall have strict confidentiality procedures that protect swap data and SDR Information from improper disclosure.

(2) Prior to a registered swap data repository granting access to swap data or SDR Information to a third-party service provider, the third-party service provider and the registered swap data repository shall execute a confidentiality agreement setting forth minimum confidentiality procedures and permissible uses of the swap data and SDR Information maintained by the swap data repository that are equivalent to the privacy procedures for swap data repositories outlined in §49.16.

(f) Access by market participants—(1) General. Access by market participants to swap data maintained by the registered swap data repository is prohibited other than as set forth in paragraph (f)(2) of this section.

(2) Exception. Swap data and information related to a particular swap that is maintained by the registered swap data repository may be accessed by either counterparty to that particular swap. However, the swap data and information maintained by the registered swap data repository that may be accessed by either counterparty to a particular swap shall not include the identity or the legal entity identifier (as such term is used in part 45 of this chapter) of the other counterparty to the swap, or the other counterparty's clearing member for the swap, if the swap is executed anonymously on a swap execution facility or designated contract market, and cleared in accordance with Commission regulations in §§1.74, 23.610, and 37.12(b)(7) of this chapter.

(g) Commercial uses of data accepted and maintained by the registered swap data repository prohibited. Swap data accepted and maintained by the swap data repository generally may not be used for commercial or business purposes by the swap data repository or any of its affiliated entities.

(1) The registered swap data repository is required to adopt and implement adequate “firewalls” or controls to protect the reported swap data required to be maintained under §49.12 of this part and Section 21(b) of the Act from any improper commercial use.

(2) Exception. (A) The swap dealer, counterparty or any other registered entity that submits the swap data maintained by the registered swap data repository may permit the commercial or business use of that data by express written consent.

(B) Swap data repositories shall not as a condition of the reporting of swap transaction data require a reporting party to consent to the use of any reported data for commercial or business purposes.

(3) Swap data repositories responsible for the public dissemination of real-time swap data shall not make commercial use of such data prior to its public dissemination.

(h) Appropriateness determination process. (1) Each person seeking an appropriateness determination pursuant to this paragraph shall file an application with the Commission.

(2) Each applicant seeking an appropriateness determination shall provide sufficient detail in its application to permit the Commission to analyze whether the applicant is acting within the scope of its jurisdiction in seeking access to swap data maintained by a registered swap data repository, and whether the applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not, except as allowed for in the form of confidentiality arrangement set forth in appendix B to this part 49, be disclosed.

(3) If the Commission determines that an applicant pursuant to this paragraph is, conditionally or unconditionally, appropriate for purposes of CEA section 21(c)(7), the Commission shall issue an order setting forth its appropriateness determination. The Commission shall not determine that an applicant pursuant to this paragraph is appropriate unless the Commission is satisfied that—

(i) The applicant employs appropriate confidentiality safeguards to ensure that any swap data such applicant receives from a registered swap data repository will not be disclosed, except as allowed for in the form of confidentiality arrangement set forth in appendix B to this part 49 or, in the Commission's discretion as set forth in paragraph (d)(6) of this section, in a different form, provided that such confidentiality arrangement contains the elements required in §49.18(b), and

(ii) Such applicant is acting within the scope of its jurisdiction in seeking access to swap data from a registered swap data repository.

(4) The Commission reserves the right, in connection with any appropriateness determination with respect to an Appropriate Domestic Regulator or Appropriate Foreign Regulator, to revisit, reassess, limit, suspend or revoke such determination consistent with the Act.

(i) Delegation of Authority Relating to Certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section.

(2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (i)(1) of this section to the Commission for its consideration.

(3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (i)(1) of this section.

[76 FR 54575, Sept. 1, 2011, as amended at 83 FR 27436, June 12, 2018]

return arrow Back to Top

§49.18   Confidentiality arrangement.

(a) Confidentiality arrangement required prior to disclosure of swap data by a registered swap data repository to an Appropriate Domestic Regulator or Appropriate Foreign Regulator. Prior to a registered swap data repository providing access to swap data to any Appropriate Domestic Regulator or Appropriate Foreign Regulator, each as defined in §49.17(b), the swap data repository shall receive from such Appropriate Domestic Regulator or Appropriate Foreign Regulator, pursuant to Section 21(d) of the Act, an executed confidentiality arrangement between the Commission and the Appropriate Domestic Regulator or Appropriate Foreign Regulator, as applicable, in the form set forth in appendix B to this part 49 or, in the Commission's discretion as set forth in §49.17(d)(6), in a different form, provided that such confidentiality arrangement contains the elements required in paragraph (b) of this section. Such confidentiality arrangement must include, either as Exhibit A to the form set forth in appendix B of this part or similarly appended, a description of the Appropriate Domestic Regulator's or Appropriate Foreign Regulator's jurisdiction. Once a registered swap data repository is notified, in writing, that a confidentiality arrangement received from an Appropriate Domestic Regulator or Appropriate Foreign Regulator no longer is in effect, the swap data repository shall not provide access to swap data to such Appropriate Domestic Regulator or Appropriate Foreign Regulator.

(b) Elements of confidentiality arrangement. The confidentiality arrangement required pursuant to paragraph (a) of this section shall, at a minimum, include all elements included in the form of confidentiality arrangement set forth in appendix B of this part.

(c) Reporting failures to fulfill the terms of a confidentiality arrangement. A registered swap data repository shall immediately report to the Commission any known failure to fulfill the terms of a confidentiality arrangement that it receives pursuant to paragraph (a) of this section.

(d) Failures to fulfill the terms of the confidentiality arrangement. The Commission may, if an Appropriate Domestic Regulator or Appropriate Foreign Regulator fails to fulfill the terms of a confidentiality arrangement described in paragraph (a) of this section, direct, in writing, each registered swap data repository to limit, suspend or revoke such Appropriate Domestic Regulator's or Appropriate Foreign Regulator's access to swap data held by such swap data repository.

(e) Delegation of authority relating to certain matters in this section. (1) The Commission hereby delegates, until such time as the Commission orders otherwise, the following functions to the Director of the Division of Market Oversight and to such members of the Commission's staff acting under his or her direction as he or she may designate from time to time: All functions reserved to the Commission in this section.

(2) The Director of the Division of Market Oversight may submit any matter which has been delegated under paragraph (e)(1) of this section to the Commission for its consideration.

(3) Nothing in this section may prohibit the Commission, at its election, from exercising the authority delegated under paragraph (e)(1) of this section.

[83 FR 27438, June 12, 2018]

return arrow Back to Top

§49.19   Core principles applicable to registered swap data repositories.

(a) Compliance with core principles. To be registered, and maintain registration, a swap data repository shall comply with the core principles as described in this paragraph. Unless otherwise determined by the Commission by rule or regulation, a swap data repository shall have reasonable discretion in establishing the manner in which the swap data repository complies with the core principles described in this paragraph.

(b) Antitrust considerations (Core Principle 1). Unless necessary or appropriate to achieve the purposes of the Act, a registered swap data repository shall avoid adopting any rule or taking any action that results in any unreasonable restraint of trade; or imposing any material anticompetitive burden on trading, clearing or reporting swaps.

(c) Governance arrangements (Core Principle 2). Registered swap data repositories shall establish governance arrangements as set forth in §49.20.

(d) Conflicts of interest (Core Principle 3). Registered swap data repositories shall manage and minimize conflicts of interest and establish processes for resolving such conflicts of interest as set forth in §49.21.

(e) Additional duties (Core Principle 4). Registered swap data repositories shall also comply with the following additional duties:

(1) Financial resources. Registered swap data repositories shall maintain sufficient financial resources as set forth in §49.25;

(2) Disclosure requirements of registered swap data repositories. Registered swap data repositories shall furnish an appropriate disclosure document setting forth the risks and costs of swap data repository services as detailed in §49.26; and

(3) Access and Fees. Registered swap data repositories shall adhere to Commission requirements regarding fair and open access and the charging of any fees, dues or other similar type charges as detailed in §49.27.

return arrow Back to Top

§49.20   Governance arrangements (Core Principle 2).

(a) General. (1) Each registered swap data repository shall establish governance arrangements that are transparent to fulfill public interest requirements, and to support the objectives of the Federal Government, owners, and participants.

(2) Each registered swap data repository shall establish governance arrangements that are well-defined and include a clear organizational structure with consistent lines of responsibility and effective internal controls, including with respect to administration, accounting, and the disclosure of confidential information. §49.22 of this part contains rules on internal controls applicable to administration and accounting. §49.16 of this part contains rules on internal controls applicable to the disclosure of confidential information.

(b) Transparency of Governance Arrangements. (1) Each registered swap data repository shall state in its charter documents that its governance arrangements are transparent to support, among other things, the objectives of the Federal Government pursuant to Section 21(f)(2) of the Act.

(2) Each registered swap data repository shall, at a minimum, make the following information available to the public and relevant authorities, including the Commission:

(i) The mission statement of the registered swap data repository;

(ii) The mission statement and/or charter of the board of directors, as well as of each committee of the registered swap data repository that has:

(A) The authority to act on behalf of the board of directors or

(B) The authority to amend or constrain actions of the board of directors;

(iii) The board of directors nomination process for the registered swap data repository, as well as the process for assigning members of the board of directors or other persons to any committee referenced in paragraph (b)(2)(ii) of this section;

(iv) For the board of directors and each committee referenced in paragraph (b)(2)(ii) of this section, the names of all members;

(v) A description of the manner in which the board of directors, as well as any committee referenced in paragraph (b)(2)(ii) of this section, considers an Independent Perspective in its decision-making process, as §49.2(a)(14) of this part defines such term;

(vi) The lines of responsibility and accountability for each operational unit of the registered swap data repository to any committee thereof and/or the board of directors; and

(vii) Summaries of significant decisions implicating the public interest, the rationale for such decisions, and the process for reaching such decisions. Such significant decisions shall include decisions relating to pricing of repository services, offering of ancillary services, access to swap data, and use of Section 8 Material, other SDR Information, and intellectual property (as referenced in §49.16 of this part). Such summaries of significant decisions shall not require the registered swap data repository to disclose Section 8 Material or, where appropriate, information that the swap data repository received on a confidential basis from a reporting entity.

(3) The registered swap data repository shall ensure that the information specified in paragraph (b)(2)(i) to (vii) of this section is current, accurate, clear, and readily accessible, for example, on its Web site. The swap data repository shall set forth such information in a language commonly used in the commodity futures and swap markets and at least one of the domestic language(s) of the jurisdiction in which the swap data repository is located.

(4) Furthermore, the registered swap data repository shall disclose the information specified in paragraph (b)(2)(vii) of this section in a sufficiently comprehensive and detailed fashion so as to permit the public and relevant authorities, including the Commission, to understand the policies or procedures of the swap data repository implicated and the manner in which the decision implements or amends such policies or procedures. A swap data repository shall not disclose minutes from meetings of its board of directors or committees to the public, although it shall disclose such minutes to the Commission upon request.

(c) The board of directors—(1) General. (i) Each registered swap data repository shall establish, maintain, and enforce (including, without limitation, pursuant to paragraph (c)(4) of this Regulation) written policies or procedures:

(A) To ensure that its board of directors, as well as any committee that has:

(1) Authority to act on behalf of its board of directors or

(2) Authority to amend or constrain actions of its board of directors, adequately considers an Independent Perspective in its decision-making process;

(B) To ensure that the nominations process for such board of directors, as well as the process for assigning members of the board of directors or other persons to such committees, adequately incorporates an Independent Perspective; and

(C) To clearly articulate the roles and responsibilities of such board of directors, as well as such committees, especially with respect to the manner in which they ensure that a registered swap data repository complies with all statutory and regulatory responsibilities under the Act and the regulations promulgated thereunder.

(ii) Each registered swap data repository shall submit to the Commission, within thirty days after each election of its board of directors:

(A) For the board of directors, as well as each committee referenced in paragraph (c)(1)(i)(A) of this section, a list of all members;

(B) A description of the relationship, if any, between such members and the registered swap data repository or any reporting entity thereof (or, in each case, affiliates thereof, as §49.2(a)(1) of this part defines such term); and

(C) Any amendments to the written policies and procedures referenced in paragraph (c)(1)(i) of this section.

(2) Compensation. The compensation of non-executive members of the board of directors of a registered swap data repository shall not be linked to the business performance of such swap data repository.

(3) Annual self-review. The board of directors of a registered swap data repository shall review its performance and that of its individual members annually. It should consider periodically using external facilitators for such reviews.

(4) Board member removal. A registered swap data repository shall have procedures to remove a member from the board of directors, where the conduct of such member is likely to be prejudicial to the sound and prudent management of the swap data repository.

(5) Expertise. Each registered swap data repository shall ensure that members of its board of directors, members of any committee referenced in paragraph (c)(1)(i)(A) of this Regulation, and its senior management, in each case, are of sufficiently good repute and possess the requisite skills and expertise to fulfill their responsibilities in the management and governance of the swap data repository, to have a clear understanding of such responsibilities, and to exercise sound judgment about the affairs of the swap data repository.

(d) Compliance with core principle. The chief compliance officer of the registered swap data repository shall review the compliance of the swap data repository with this core principle.

return arrow Back to Top

§49.21   Conflicts of interest (Core Principle 3).

(a) General. (1) Each registered swap data repository shall establish and enforce rules to minimize conflicts of interest in the decision-making process of the swap data repository, and establish a process for resolving such conflicts of interest.

(2) Nothing in this section shall supersede any requirement applicable to the swap data repository pursuant to §49.20 of this part.

(b) Policies and procedures. (1) Each registered swap data repository shall establish, maintain, and enforce written procedures to:

(i) Identify, on an ongoing basis, existing and potential conflicts of interest; and

(ii) Make decisions in the event of a conflict of interest. Such procedures shall include rules regarding the recusal, in applicable circumstances, of parties involved in the making of decisions.

(2) As further described in §49.20 of this part, the chief compliance officer of the registered swap data repository shall, in consultation with the board of directors or a senior officer of the swap data repository, as applicable, resolve any such conflicts of interest.

(c) Compliance with core principle. The chief compliance officer of the registered swap data repository shall review the compliance of the swap data repository with this core principle.

return arrow Back to Top

§49.22   Chief compliance officer.

(a) Definition of Board of Directors. For purposes of this part 49, the term “board of directors” means the board of directors of a registered swap data repository, or for those swap data repositories whose organizational structure does not include a board of directors, a body performing a function similar to that of a board of directors.

(b) Designation and qualifications of chief compliance officer—(1) Chief Compliance Officer required. Each registered swap data repository shall establish the position of chief compliance officer, and designate an individual to serve in that capacity.

(i) The position of chief compliance officer shall carry with it the authority and resources to develop and enforce policies and procedures necessary to fulfill the duties set forth for chief compliance officers in the Act and Commission regulations.

(ii) The chief compliance officer shall have supervisory authority over all staff acting at the direction of the chief compliance officer.

(2) Qualifications of Chief Compliance Officer. The individual designated to serve as chief compliance officer shall have the background and skills appropriate for fulfilling the responsibilities of the position and shall be subject to the following requirements:

(i) No individual disqualified from registration pursuant to Sections 8a(2) or 8a(3) of the Act may serve as a chief compliance officer.

(ii) The chief compliance officer may not be a member of the swap data repository's legal department or serve as its general counsel.

(c) Appointment, supervision, and removal of chief compliance officer—(1) Appointment and Compensation of Chief Compliance Officer Determined by Board of Directors. A registered swap data repository's chief compliance officer shall be appointed by its board of directors. The board of directors shall also approve the compensation of the chief compliance officer and shall meet with the chief compliance officer at least annually. The appointment of the chief compliance officer and approval of the chief compliance officer's compensation shall require the approval of the board of directors. The senior officer of the swap data repository may fulfill these responsibilities. A swap data repository shall notify the Commission of the appointment of a new chief compliance officer within two business days of such appointment.

(2) Supervision of chief compliance officer. A registered swap data repository's chief compliance officer shall report directly to the board of directors or to the senior officer of the swap data repository, at the swap data repository's discretion.

(3) Removal of chief compliance officer by board of directors. (i) Removal of a registered swap data repository's chief compliance officer shall require the approval of the swap data repository's board of directors. If the swap data repository does not have a board of directors, then the chief compliance officer may be removed by the senior officer of the swap data repository;

(ii) The swap data repository shall notify the Commission of such removal within two business days; and

(iii) The swap data repository shall notify the Commission within two business days of appointing any new chief compliance officer, whether interim or permanent.

(d) Duties of chief compliance officer. The chief compliance officer's duties shall include, but are not limited to, the following:

(1) Overseeing and reviewing the swap data repository's compliance with Section 21 of the Act and any related rules adopted by the Commission;

(2) In consultation with the board of directors, a body performing a function similar to the board, or the senior officer of the swap data repository, resolving any conflicts of interest that may arise including:

(i) Conflicts between business considerations and compliance requirements;

(ii) Conflicts between business considerations and the requirement that the registered swap data repository provide fair and open access as set forth in §49.27 of this part; and

(iii) Conflicts between a registered swap data repository's management and members of the board of directors;

(3) Establishing and administering written policies and procedures reasonably designed to prevent violation of the Act and any rules adopted by the Commission;

(4) Taking reasonable steps to ensure compliance with the Act and Commission regulations relating to agreements, contracts, or transactions, and with Commission regulations under Section 21 of the Act, including confidentiality arrangements received by the chief compliance officer's registered swap depository pursuant to §49.18(a);

(5) Establishing procedures for the remediation of noncompliance issues identified by the chief compliance officer through a compliance office review, look-back, internal or external audit finding, self-reported error, or validated complaint;

(6) Establishing and following appropriate procedures for the handling, management response, remediation, retesting, and closing of noncompliance issues; and

(7) Establishing and administering a written code of ethics designed to prevent ethical violations and to promote honesty and ethical conduct.

(e) Annual compliance report prepared by chief compliance officer. The chief compliance officer shall, not less than annually, prepare and sign an annual compliance report, that at a minimum, contains the following information covering the time period since the date on which the swap data repository became registered with the Commission or since the end of the period covered by a previously filed annual compliance report, as applicable:

(1) A description of the registered swap data repository's written policies and procedures, including the code of ethics and conflict of interest policies;

(2) A review of applicable Commission regulations and each subsection and core principle of Section 21 of the Act, that, with respect to each:

(i) Identifies the policies and procedures that are designed to ensure compliance with each subsection and core principle, including each duty specified in Section 21(c);

(ii) Provides a self-assessment as to the effectiveness of these policies and procedures; and

(iii) Discusses areas for improvement, and recommends potential or prospective changes or improvements to its compliance program and resources;

(3) A list of any material changes to compliance policies and procedures since the last annual compliance report;

(4) A description of the financial, managerial, and operational resources set aside for compliance with respect to the Act and Commission regulations;

(5) A description of any material compliance matters, including noncompliance issues identified through a compliance office review, look-back, internal or external audit finding, self-reported error, or validated complaint, and explains how they were resolved; and

(6) A certification by the chief compliance officer that, to the best of his or her knowledge and reasonable belief, and under penalty of law, the annual compliance report is accurate and complete.

(f) Submission of annual compliance report by chief compliance officer to the commission. (1) Prior to submission of the annual compliance report to the Commission, the chief compliance officer shall provide the annual compliance report to the board of the registered swap data repository for its review. If the swap data repository does not have a board, then the annual compliance report shall be provided to the senior officer for their review. Members of the board and the senior officer may not require the chief compliance officer to make any changes to the report. Submission of the report to the board or senior officer, and any subsequent discussion of the report, shall be recorded in board minutes or similar written record, as evidence of compliance with this requirement.

(2) The annual compliance report shall be provided electronically to the Commission not more than 60 days after the end of the registered swap data repository's fiscal year, concurrently with the filing of the annual amendment to Form SDR that must be submitted to the Commission pursuant to §49.3(a)(5) of this part.

(3) Promptly upon discovery of any material error or omission made in a previously filed compliance report, the chief compliance officer shall file an amendment with the Commission to correct any material error or omission. An amendment shall contain the oath or certification required under paragraph (e)(67) of this section.

(4) A registered swap data repository may request the Commission for an extension of time to file its compliance report based on substantial, undue hardship. Extensions for the filing deadline may be granted at the discretion of the Commission.

(g) Recordkeeping. (1) The registered swap data repository shall maintain:

(i) A copy of the written policies and procedures, including the code of ethics and conflicts of interest policies adopted in furtherance of compliance with the Act and Commission regulations;

(ii) Copies of all materials, including written reports provided to the board of directors or senior officer in connection with the review of the annual compliance report under paragraph (f)(1) of this section and the board minutes or similar written record of such review, that record the submission of the annual compliance report to the board of directors or senior officer; and

(iii) Any records relevant to the registered swap data repository's annual compliance report, including, but not limited to, work papers and other documents that form the basis of the report, and memoranda, correspondence, other documents, and records that are:

(A) Created, sent or received in connection with the annual compliance report and

(B) Contain conclusions, opinions, analyses, or financial data related to the annual compliance report.

(2) The registered swap data repository shall maintain records in accordance with §1.31 of this chapter.

[76 FR 54575, Sept. 1, 2011, as amended at 83 FR 27439, June 12, 2018]

return arrow Back to Top

§49.23   Emergency authority policies and procedures.

(a) Emergency policies and procedures required. A registered swap data repository shall establish policies and procedures for the exercise of emergency authority in the event of any emergency, including but not limited to natural, man-made, and information technology emergencies. Such policies and procedures shall also require a swap data repository to exercise its emergency authority upon request by the Commission. A swap data repository's policies and procedures for the exercise of emergency authority shall be transparent to the Commission and to market participants whose swap transaction data resides at the swap data repository.

(b) Invocation of emergency authority. A registered swap data repository's policies and procedures for the exercise of emergency authority shall enumerate the circumstances under which the swap data repository is authorized to invoke its emergency authority and the procedures that it shall follow to declare an emergency. Such policies and procedures shall also address the range of measures that it is authorized to take when exercising such emergency authority.

(c) Designation of persons authorized to act in an emergency. A registered swap data repository shall designate one or more officials of the swap data repository as persons authorized to exercise emergency authority on its behalf. A swap data repository shall also establish a chain of command to be used in the event that the designated person(s) is unavailable. A swap data repository shall notify the Commission of the person(s) designated to exercise emergency authority.

(d) Conflicts of interest. A registered swap data repository's policies and procedures for the exercise of emergency authority shall include provisions to avoid conflicts of interest in any decisions made pursuant to emergency authority. Such policies and procedures shall also include provisions to consult the swap data repository's chief compliance officer in any emergency decision that may raise potential conflicts of interest.

(e) Notification to the commission. A registered swap data repository's policies and procedures for the exercise of emergency authority shall include provisions to notify the Commission as soon as reasonably practicable regarding any invocation of emergency authority. When notifying the Commission of any exercise of emergency authority, a swap data repository shall explain the reasons for taking such emergency action, explain how conflicts of interest were minimized, and document the decision-making process. Underlying documentation shall be made available to the Commission upon request.

return arrow Back to Top

§49.24   System safeguards.

(a) Each registered swap data repository shall, with respect to all swap data in its custody:

(1) Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk through the development of appropriate controls and procedures and the development of automated systems that are reliable, secure, and have adequate scalable capacity;

(2) Establish and maintain emergency procedures, backup facilities, and a business continuity-disaster recovery plan that allow for the timely recovery and resumption of operations and the fulfillment of the duties and obligations of the swap data repository; and

(3) Periodically conduct tests to verify that backup resources are sufficient to ensure continued fulfillment of all duties of the swap data repository established by the Act or the Commission's regulations.

(b) A swap data repository's program of risk analysis and oversight with respect to its operations and automated systems shall address each of the following categories of risk analysis and oversight:

(1) Enterprise risk management and governance. This category includes, but is not limited to: Assessment, mitigation, and monitoring of security and technology risk; security and technology capital planning and investment; board of directors and management oversight of technology and security; information technology audit and controls assessments; remediation of deficiencies; and any other elements of enterprise risk management and governance included in generally accepted best practices.

(2) Information security. This category includes, but is not limited to, controls relating to: Access to systems and data (including least privilege, separation of duties, account monitoring and control); user and device identification and authentication; security awareness training; audit log maintenance, monitoring, and analysis; media protection; personnel security and screening; automated system and communications protection (including network port control, boundary defenses, encryption); system and information integrity (including malware defenses, software integrity monitoring); vulnerability management; penetration testing; security incident response and management; and any other elements of information security included in generally accepted best practices.

(3) Business continuity-disaster recovery planning and resources. This category includes, but is not limited to: Regular, periodic testing and review of business continuity-disaster recovery capabilities, the controls and capabilities described in paragraph (a), (d), (e), (f), and (k) of this section; and any other elements of business continuity-disaster recovery planning and resources included in generally accepted best practices.

(4) Capacity and performance planning. This category includes, but is not limited to: Controls for monitoring the swap data repository's systems to ensure adequate scalable capacity (including testing, monitoring, and analysis of current and projected future capacity and performance, and of possible capacity degradation due to planned automated system changes); and any other elements of capacity and performance planning included in generally accepted best practices.

(5) Systems operations. This category includes, but is not limited to: System maintenance; configuration management (including baseline configuration, configuration change and patch management, least functionality, inventory of authorized and unauthorized devices and software); event and problem response and management; and any other elements of system operations included in generally accepted best practices.

(6) Systems development and quality assurance. This category includes, but is not limited to: Requirements development; pre-production and regression testing; change management procedures and approvals; outsourcing and vendor management; training in secure coding practices; and any other elements of systems development and quality assurance included in generally accepted best practices.

(7) Physical security and environmental controls. This category includes, but is not limited to: Physical access and monitoring; power, telecommunication, and environmental controls; fire protection; and any other elements of physical security and environmental controls included in generally accepted best practices.

(c) In addressing the categories of risk analysis and oversight required under paragraph (b) of this section, a swap data repository shall follow generally accepted standards and best practices with respect to the development, operation, reliability, security, and capacity of automated systems.

(d) A swap data repository shall maintain a business continuity-disaster recovery plan and business continuity-disaster recovery resources, emergency procedures, and backup facilities sufficient to enable timely recovery and resumption of its operations and resumption of its ongoing fulfillment of its duties and obligations as a swap data repository following any disruption of its operations. Such duties and obligations include, without limitation: The duties set forth in §49.19, and maintenance of a comprehensive audit trail. The swap data repository's business continuity-disaster recovery plan and resources generally should enable resumption of the swap data repository's operations and resumption of ongoing fulfillment of the swap data repository's duties and obligations during the next business day following the disruption. A swap data repository shall update its business continuity-disaster recovery plan and emergency procedures at a frequency determined by an appropriate risk analysis, but at a minimum no less frequently than annually.

(e) Registered swap data repositories determined by the Commission to be critical swap data repositories are subject to more stringent requirements as set forth below.

(1) Each swap data repository that the Commission determines is critical must maintain a disaster recovery plan and business continuity and disaster recovery resources, including infrastructure and personnel, sufficient to enable it to achieve a same-day recovery time objective in the event that its normal capabilities become temporarily inoperable for any reason up to and including a wide-scale disruption.

(2) A same-day recovery time objective is a recovery time objective within the same business day on which normal capabilities become temporarily inoperable for any reason up to and including a wide-scale disruption.

(3) To ensure its ability to achieve a same-day recovery time objective in the event of a wide-scale disruption, each swap data repository that the Commission determines is critical must maintain a degree of geographic dispersal of both infrastructure and personnel such that:

(i) Infrastructure sufficient to enable the swap data repository to meet a same-day recovery time objective after interruption is located outside the relevant area of the infrastructure the entity normally relies upon to conduct activities necessary to the reporting, recordkeeping and/or dissemination of swap data, and does not rely on the same critical transportation, telecommunications, power, water, or other critical infrastructure components the entity normally relies upon for such activities; and

(ii) Personnel sufficient to enable the swap data repository to meet a same-day recovery time objective, after interruption of normal swap data reporting, recordkeeping and/or dissemination by a wide-scale disruption affecting the relevant area in which the personnel the entity normally relies upon to engage in such activities are located, live and work outside that relevant area.

(4) Each swap data repository that the Commission determines is critical must conduct regular, periodic tests of its business continuity and disaster recovery plans and resources and its capacity to achieve a same-day recovery time objective in the event of a wide-scale disruption. The swap data repository shall keep records of the results of such tests, and make the results available to the Commission upon request.

(f) A registered swap data repository that is not determined by the Commission to be a critical swap data repository satisfies the requirement to be able to resume operations and resume ongoing fulfillment of the swap data repository's duties and obligations during the next business day following a disruption by maintaining either:

(1) Infrastructure and personnel resources of its own that are sufficient to ensure timely recovery and resumption of its operations, duties and obligations as a registered swap data repository following any disruption of its operations; or

(2) Contractual arrangements with other registered swap data repositories or disaster recovery service providers, as appropriate, that are sufficient to ensure continued fulfillment of all of the swap data repository's duties and obligations following any disruption of its operations, both with respect to all swaps reported to the swap data repository and with respect to all swap data contained in the swap data repository.

(g) A registered swap data repository shall notify Commission staff promptly of all:

(1) Systems malfunctions;

(2) Cyber security incidents or targeted threats that actually or potentially jeopardize automated system operation, reliability, security, or capacity; and

(3) Any activation of the swap data repository's business continuity-disaster recovery plan.

(h) A registered swap data repository shall give Commission staff timely advance notice of all:

(1) Planned changes to automated systems that may impact the reliability, security, or adequate scalable capacity of such systems; and

(2) Planned changes to the swap data repository's program of risk analysis and oversight.

(i) As part of a swap data repository's obligation to produce books and records in accordance with §§1.31 and 45.2 of this chapter, and §49.12, a swap data repository shall provide to the Commission the following system safeguards-related books and records, promptly upon the request of any Commission representative:

(1) Current copies of its business continuity-disaster recovery plans and other emergency procedures;

(2) All assessments of its operational risks or system safeguards-related controls;

(3) All reports concerning system safeguards testing and assessment required by this chapter, whether performed by independent contractors or by employees of the swap data repository; and

(4) All other books and records requested by Commission staff in connection with Commission oversight of system safeguards pursuant to the Act or Commission regulations, or in connection with Commission maintenance of a current profile of the swap data repository's automated systems.

(5) Nothing in paragraph (i) of this section shall be interpreted as reducing or limiting in any way a swap data repository's obligation to comply with §§1.31 and 45.2 of this chapter, or with §49.12.

(j) A swap data repository shall conduct regular, periodic, objective testing and review of its automated systems to ensure that they are reliable, secure, and have adequate scalable capacity. It shall also conduct regular, periodic testing and review of its business continuity-disaster recovery capabilities. Such testing and review shall include, without limitation, all of the types of testing set forth in this paragraph.

(1) Definitions. As used in this paragraph (j):

Controls means the safeguards or countermeasures employed by the swap data repository in order to protect the reliability, security, or capacity of its automated systems or the confidentiality, integrity, and availability of its data and information, and in order to enable the swap data repository to fulfill its statutory and regulatory duties and responsibilities.

Controls testing means assessment of the swap data repository's controls to determine whether such controls are implemented correctly, are operating as intended, and are enabling the swap data repository to meet the requirements established by this section.

Enterprise technology risk assessment means a written assessment that includes, but is not limited to, an analysis of threats and vulnerabilities in the context of mitigating controls. An enterprise technology risk assessment identifies, estimates, and prioritizes risks to swap data repository operations or assets, or to market participants, individuals, or other entities, resulting from impairment of the confidentiality, integrity, and availability of data and information or the reliability, security, or capacity of automated systems.

External penetration testing means attempts to penetrate the swap data repository's automated systems from outside the systems' boundaries to identify and exploit vulnerabilities. Methods of conducting external penetration testing include, but are not limited to, methods for circumventing the security features of an automated system.

Internal penetration testing means attempts to penetrate the swap data repository's automated systems from inside the systems' boundaries, to identify and exploit vulnerabilities. Methods of conducting internal penetration testing include, but are not limited to, methods for circumventing the security features of an automated system.

Key controls means those controls that an appropriate risk analysis determines are either critically important for effective system safeguards or intended to address risks that evolve or change more frequently and therefore require more frequent review to ensure their continuing effectiveness in addressing such risks.

Security incident means a cyber security or physical security event that actually jeopardizes or has a significant likelihood of jeopardizing automated system operation, reliability, security, or capacity, or the availability, confidentiality or integrity of data.

Security incident response plan means a written plan documenting the swap data repository's policies, controls, procedures, and resources for identifying, responding to, mitigating, and recovering from security incidents, and the roles and responsibilities of its management, staff and independent contractors in responding to security incidents. A security incident response plan may be a separate document or a business continuity-disaster recovery plan section or appendix dedicated to security incident response.

Security incident response plan testing means testing of a swap data repository's security incident response plan to determine the plan's effectiveness, identify its potential weaknesses or deficiencies, enable regular plan updating and improvement, and maintain organizational preparedness and resiliency with respect to security incidents. Methods of conducting security incident response plan testing may include, but are not limited to, checklist completion, walk-through or table-top exercises, simulations, and comprehensive exercises.

Vulnerability testing means testing of a swap data repository's automated systems to determine what information may be discoverable through a reconnaissance analysis of those systems and what vulnerabilities may be present on those systems.

(2) Vulnerability testing. A swap data repository shall conduct vulnerability testing of a scope sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct such vulnerability testing at a frequency determined by an appropriate risk analysis, but no less frequently than quarterly.

(ii) Such vulnerability testing shall include automated vulnerability scanning, which shall follow generally accepted best practices.

(iii) A swap data repository shall conduct vulnerability testing by engaging independent contractors or by using employees of the swap data repository who are not responsible for development or operation of the systems or capabilities being tested.

(3) External penetration testing. A swap data repository shall conduct external penetration testing of a scope sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct such external penetration testing at a frequency determined by an appropriate risk analysis, but no less frequently than annually.

(ii) A swap data repository shall engage independent contractors to conduct the required annual external penetration test. The swap data repository may conduct other external penetration testing by using employees of the swap data repository who are not responsible for development or operation of the systems or capabilities being tested.

(4) Internal penetration testing. A swap data repository shall conduct internal penetration testing of a scope sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct such internal penetration testing at a frequency determined by an appropriate risk analysis, but no less frequently than annually.

(ii) A swap data repository shall conduct internal penetration testing by engaging independent contractors, or by using employees of the swap data repository who are not responsible for development or operation of the systems or capabilities being tested.

(5) Controls testing. A swap data repository shall conduct controls testing of a scope sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct controls testing, which includes testing of each control included in its program of risk analysis and oversight, at a frequency determined by an appropriate risk analysis. Such testing may be conducted on a rolling basis. A swap data repository shall conduct testing of its key controls no less frequently than every three years. The swap data repository may conduct testing of its key controls on a rolling basis over the course of three years or the period determined by such risk analysis, whichever is shorter.

(ii) A swap data repository shall engage independent contractors to test and assess the key controls included in its program of risk analysis and oversight no less frequently than every three years. The swap data repository may conduct any other controls testing required by this section by using independent contractors or employees of the swap data repository who are not responsible for development or operation of the systems or capabilities being tested.

(6) Security incident response plan testing. A swap data repository shall conduct security incident response plan testing sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct such security incident response plan testing at a frequency determined by an appropriate risk analysis, but no less frequently than annually.

(ii) A swap data repository's security incident response plan shall include, without limitation, the swap data repository's definition and classification of security incidents, its policies and procedures for reporting security incidents and for internal and external communication and information sharing regarding security incidents, and the hand-off and escalation points in its security incident response process.

(iii) A swap data repository may coordinate its security incident response plan testing with other testing required by this section or with testing of its other business continuity-disaster recovery and crisis management plans.

(iv) A swap data repository may conduct security incident response plan testing by engaging independent contractors or by using employees of the swap data repository.

(7) Enterprise technology risk assessment. A swap data repository shall conduct enterprise technology risk assessment of a scope sufficient to satisfy the requirements set forth in paragraph (l) of this section.

(i) A swap data repository shall conduct an enterprise technology risk assessment at a frequency determined by an appropriate risk analysis, but no less frequently than annually. A swap data repository that has conducted an enterprise technology risk assessment that complies with this section may conduct subsequent assessments by updating the previous assessment.

(ii) A swap data repository may conduct enterprise technology risk assessments by using independent contractors or employees of the swap data repository who are not responsible for development or operation of the systems or capabilities being assessed.

(k) To the extent practicable, a swap data repository shall:

(1) Coordinate its business continuity-disaster recovery plan with those of swap execution facilities, designated contract markets, derivatives clearing organizations, swap dealers, and major swap participants who report swap data to the swap data repository, and with those regulators identified in Section 21(c)(7) of the Act, in a manner adequate to enable effective resumption of the registered swap data repository's fulfillment of its duties and obligations following a disruption causing activation of the swap data repository's business continuity and disaster recovery plan;

(2) Participate in periodic, synchronized testing of its business continuity—disaster recovery plan and the business continuity—disaster recovery plans of swap execution facilities, designated contract markets, derivatives clearing organizations, swap dealers, and major swap participants who report swap data to the registered swap data repository, and the business continuity—disaster recovery plans required by the regulators identified in Section 21(c)(7) of the Act; and

(3) Ensure that its business continuity—disaster recovery plan takes into account the business continuity—disaster recovery plans of its telecommunications, power, water, and other essential service providers.

(l) Scope of testing and assessment. The scope for all system safeguards testing and assessment required by this part shall be broad enough to include the testing of automated systems and controls that the swap data repository's required program of risk analysis and oversight and its current cybersecurity threat analysis indicate is necessary to identify risks and vulnerabilities that could enable an intruder or unauthorized user or insider to:

(1) Interfere with the swap data repository's operations or with fulfillment of its statutory and regulatory responsibilities;

(2) Impair or degrade the reliability, security, or adequate scalable capacity of the swap data repository's automated systems;

(3) Add to, delete, modify, exfiltrate, or compromise the integrity of any data related to the swap data repository's regulated activities; or

(4) Undertake any other unauthorized action affecting the swap data repository's regulated activities or the hardware or software used in connection with those activities.

(m) Internal reporting and review. Both the senior management and the Board of Directors of a swap data repository shall receive and review reports setting forth the results of the testing and assessment required by this section. A swap data repository shall establish and follow appropriate procedures for the remediation of issues identified through such review, as provided in paragraph (n) of this section, and for evaluation of the effectiveness of testing and assessment protocols.

(n) Remediation. A swap data repository shall identify and document the vulnerabilities and deficiencies in its systems revealed by the testing and assessment required by this section. The swap data repository shall conduct and document an appropriate analysis of the risks presented by such vulnerabilities and deficiencies, to determine and document whether to remediate or accept the associated risk. When the swap data repository determines to remediate a vulnerability or deficiency, it must remediate in a timely manner given the nature and magnitude of the associated risk.

[76 FR 54575, Sept. 1, 2011, as amended at 81 FR 64315, Sept. 19, 2016]

return arrow Back to Top

§49.25   Financial resources.

(a) General rule. (1) A registered swap data repository shall maintain sufficient financial resources to perform its statutory duties set forth in §49.9 and the core principles set forth in §49.19.

(2) An entity that operates as both a swap data repository and a derivatives clearing organization shall also comply with the financial resource requirements applicable to derivatives clearing organizations under §39.11 of this chapter.

(3) Financial resources shall be considered sufficient if their value is at least equal to a total amount that would enable the swap data repository, or applicant for registration, to cover its operating costs for a period of at least one year, calculated on a rolling basis.

(4) The financial resources described in this paragraph (a) must be independent and separately dedicated to ensure that assets and capital are not used for multiple purposes.

(b) Types of financial resources. Financial resources available to satisfy the requirements of paragraph (a) of this section may include:

(1) The swap data repository's own capital; and

(2) Any other financial resource deemed acceptable by the Commission.

(c) Computation of financial resource requirement. A registered swap data repository shall, on a quarterly basis, based upon its fiscal year, make a reasonable calculation of its projected operating costs over a 12-month period in order to determine the amount needed to meet the requirements of paragraph (a) of this section. The swap data repository shall have reasonable discretion in determining the methodology used to compute such projected operating costs. The Commission may review the methodology and require changes as appropriate.

(d) Valuation of financial resources. At appropriate intervals, but not less than quarterly, a registered swap data repository shall compute the current market value of each financial resource used to meet its obligations under paragraph (a) of this section. Reductions in value to reflect market and credit risk (haircuts) shall be applied as appropriate.

(e) Liquidity of financial resources. The financial resources allocated by the registered swap data repository to meet the requirements of paragraph (a) shall include unencumbered, liquid financial assets (i.e., cash and/or highly liquid securities) equal to at least six months' operating costs. If any portion of such financial resources is not sufficiently liquid, the swap data repository may take into account a committed line of credit or similar facility for the purpose of meeting this requirement.

(f) Reporting requirements. (1) Each fiscal quarter, or at any time upon Commission request, a registered swap data repository shall report to the Commission the amount of financial resources necessary to meet the requirements of paragraph (a), the value of each financial resource available, computed in accordance with the requirements of paragraph (d); and provide the Commission with a financial statement, including the balance sheet, income statement, and statement of cash flows of the swap data repository or of its parent company. Financial statements shall be prepared in conformity with generally accepted accounting principles (GAAP) applied on a basis consistent with that of the preceding financial statement.

(2) The calculations required by this paragraph shall be made as of the last business day of the swap data repository's fiscal quarter.

(3) The report shall be filed not later than 17 business days after the end of the swap data repository's fiscal quarter, or at such later time as the Commission may permit, in its discretion, upon request by the swap data repository.

return arrow Back to Top

§49.26   Disclosure requirements of swap data repositories.

Before accepting any swap data from a reporting entity or upon a reporting entity's request, a registered swap data repository shall furnish to the reporting entity a disclosure document that contains the following written information, which shall reasonably enable the reporting entity to identify and evaluate accurately the risks and costs associated with using the services of the swap data repository:

(a) The registered swap data repository's criteria for providing others with access to services offered and swap data maintained by the swap data repository;

(b) The registered swap data repository's criteria for those seeking to connect to or link with the swap data repository;

(c) A description of the registered swap data repository's policies and procedures regarding its safeguarding of swap data and operational reliability to protect the confidentiality and security of such data, as described in §49.24;

(d) The registered swap data repository's policies and procedures reasonably designed to protect the privacy of any and all swap data that the swap data repository receives from a reporting entity, as described in §49.16;

(e) The registered swap data repository's policies and procedures regarding its non-commercial and/or commercial use of the swap data that it receives from a market participant, any registered entity, or any other person;

(f) The registered swap data repository's dispute resolution procedures;

(g) A description of all the registered swap data repository's services, including any ancillary services;

(h) The registered swap data repository's updated schedule of any fees, rates, dues, unbundled prices, or other charges for all of its services, including any ancillary services; any discounts or rebates offered; and the criteria to benefit from such discounts or rebates; and

(i) A description of the registered swap data repository's governance arrangements.

return arrow Back to Top

§49.27   Access and fees.

(a) Fair, open and equal access. (1) A registered swap data repository, consistent with Section 21 of the Act, shall provide its services to market participants, including but not limited to designated contract markets, swap execution facilities, derivatives clearing organizations, swap dealers, major swap participants and any other counterparties, on a fair, open and equal basis. For this purpose, a swap data repository shall not provide access to its services on a discriminatory basis but is required to provide its services to all market participants for swaps it accepts in an asset class.

(2) Consistent with the principles of open access set forth in paragraph (a)(1) of this Regulation, a registered swap data repository shall not tie or bundle the offering of mandated regulatory services with other ancillary services that a swap data repository may provide to market participants.

(b) Fees. (1) Any fees or charges imposed by a registered swap data repository in connection with the reporting of swap data and any other supplemental or ancillary services provided by such swap data repository shall be equitable and established in a uniform and non-discriminatory manner. Fees or charges shall not be used as an artificial barrier to access to the swap data repository. Swap data repositories shall not offer preferential pricing arrangements to any market participant on any basis, including volume discounts or reductions unless such discounts or reductions apply to all market participants uniformly and are not otherwise established in a manner that would effectively limit the application of such discount or reduction to a select number of market participants.

(2) All fees or charges are to be fully disclosed and transparent to market participants. At a minimum, the registered swap data repository shall provide a schedule of fees and charges that is accessible by all market participants on its Web site.

(3) The Commission notes that it will not specifically approve the fees charged by registered swap data repositories. However, any and all fees charged by swap data repositories must be consistent with the principles set forth in paragraph (b)(1) of this section.

return arrow Back to Top

Appendix A to Part 49—Form SDR

COMMODITY FUTURES TRADING COMMISSION

FORM SDR

SWAP DATA REPOSITORY APPLICATION OR AMENDMENT TO APPLICATION FOR

REGISTRATION REGISTRATION INSTRUCTIONS

Intentional misstatements or omissions of material fact may constitute federal criminal violations (7 U.S.C. §13 and 18 U.S.C. §1001) or grounds for disqualification from registration.

DEFINITIONS

Unless the context requires otherwise, all terms used in this Form SDR have the same meaning as in the Commodity Exchange Act, as amended, and in the Regulations of the Commission thereunder.

For the purposes of this Form SDR, the term “Applicant” shall include any applicant for registration as a swap data repository or any registered swap data repository that is amending Form SDR.

GENERAL INSTRUCTIONS

1. Form SDR and Exhibits thereto are to be filed with the Commodity Futures Trading Commission by Applicants for registration as a swap data repository, or by a registered swap data repository amending such registration, pursuant to Section 21 of the Commodity Exchange Act and the regulations thereunder. Upon the filing of an application for registration, the Commission will publish notice of the filing and afford interested persons an opportunity to submit written data, views and arguments concerning such application. No application for registration shall be effective unless the Commission, by order, grants such registration.

2. Individuals' names shall be given in full (Last Name, First Name, Middle Name).

3. Signatures must accompany each copy of the Form SDR filed with the Commission. If this Form SDR is filed by a corporation, it must be signed in the name of the corporation by a principal officer duly authorized; if filed by a limited liability company, this Form SDR must be signed in the name of the limited liability company by a member duly authorized to sign on the limited liability company's behalf; if filed by a partnership, this Form SDR must be signed in the name of the partnership by a general partner authorized; if filed by an unincorporated organization or association which is not a partnership, it must be signed in the name of the organization or association by the managing agent, i.e., a duly authorized person who directs, manages or who participates in the directing or managing of its affairs.

4. If Form SDR is being filed as an initial application for registration, all applicable items must be answered in full. If any item is not applicable, indicate by “none,” “not applicable,” or “N/A” as appropriate.

5. Under Section 21 of the Commodity Exchange Act and the regulations thereunder, the Commission is authorized to solicit the information required to be supplied by this form from Applicants for registration as a swap data repository and from registered swap data repositories amending their registration. Disclosure of the information specified on this form is mandatory prior to processing of an application for registration as a swap data repository. The information will be used for the principal purpose of determining whether the Commission should grant or deny registration to an Applicant. The Commission may determine that additional information is required from the Applicant in order to process its application. An Applicant is therefore encouraged to supplement this Form SDR with any additional information that may be significant to its operation as a swap data repository and to the Commission's review of its application. A Form SDR which is not prepared and executed in compliance with applicable requirements and instructions may be returned as not acceptable for filing. Acceptance of this Form SDR, however, shall not constitute any finding that the Form SDR has been filed as required or that the information submitted is true, current or complete.

6. Except in cases where confidential treatment is requested by the Applicant and granted by the Commission pursuant to the Freedom of Information Act and Commission Regulation §145.9, information supplied on this form will be included routinely in the public files of the Commission and will be available for inspection by any interested person. The Applicant must identify with particularity the information in these exhibits that will be subject to a request for confidential treatment and supporting documentation for such request pursuant to Commission Regulations §40.8, and §145.9.

UPDATING INFORMATION ON THE FORM SDR

1. Section 21 requires that if any information contained in Items 1 through 17, 23, 29, and Item 53 of this application, or any supplement or amendment thereto, is or becomes inaccurate for any reason, an amendment must be filed promptly, unless otherwise specified, on Form SDR correcting such information.

2. Registrants filing Form SDR as an amendment (other than an annual amendment) need file only the first page of Form SDR, the signature page (Item 13), and any pages on which an answer is being amended, together with such exhibits as are being amended. The submission of an amendment represents that all unamended items and exhibits remain true, current and complete as previously filed.

ANNUAL AMENDMENT ON THE FORM SDR

Annual amendments on the Form SDR shall be submitted within 60 days of the end of the Applicant's fiscal year. Applicants must complete the first page and provide updated information or exhibits.

An Applicant may request an extension of time for submitting the annual amendment with the Secretary of the Commission based on substantial, undue hardship. Extensions for filing annual amendments may be granted at the discretion of the Commission.

WHERE TO FILE

File registration application and appropriate exhibits electronically with the Commission at the Washington, D.C. headquarters in a format and in the manner specified by the Secretary of the Commission.

eCFR graphic er01se11.000.gif

View or download PDF

eCFR graphic er01se11.001.gif

View or download PDF

eCFR graphic er01se11.002.gif

View or download PDF

eCFR graphic er01se11.003.gif

View or download PDF

eCFR graphic er01se11.004.gif

View or download PDF

eCFR graphic er01se11.005.gif

View or download PDF

eCFR graphic er01se11.006.gif

View or download PDF

eCFR graphic er01se11.007.gif

View or download PDF

eCFR graphic er01se11.008.gif

View or download PDF

return arrow Back to Top

Appendix B to Part 49—Confidentiality Arrangement for Appropriate Domestic Regulators and Appropriate Foreign Regulators to Obtain Access to Swap Data Maintained by Registered Swap Data Respositories Pursuant to §§49.17(d)(6) and 49.18(a)

eCFR graphic er12jn18.000.gif

View or download PDF

The U.S. Commodity Futures Trading Commission (“CFTC”) and the [name of foreign/domestic regulator (“ABC”)] (each an “Authority” and collectively the “Authorities”) have entered into this Confidentiality Arrangement (“Arrangement”) in connection with [whichever is applicable] [CFTC Regulation 49.17(b)(1)[(i)-(vi)]/the determination order issued by the CFTC to [ABC] (“Order”)] and any request for swap data by [ABC] to any swap data repository (“SDR”) registered with the CFTC.

Article One: General Provisions

1. ABC is permitted to request and receive swap data directly from a registered SDR (“Swap Data”) on the terms and subject to the conditions of this Arrangement.

2. This Arrangement is entered into to fulfill the requirements under Section 21(d) of the Commodity Exchange Act (“Act”) and CFTC Regulation 49.18. Upon receipt by a registered SDR, this Arrangement will satisfy the requirement for a written agreement pursuant to Section 21(d) of the Act and CFTC Regulation 49.17(d)(6). This Arrangement does not apply to information that is [reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with [ABC] pursuant to separate statutory authority, even if such information also is reported pursuant to the Act and CFTC regulations][reported to a registered SDR pursuant to [ABC]'s regulatory regime where the SDR also is registered with, or recognized or otherwise authorized by, [ABC], which has supervisory authority over the repository pursuant to foreign law and/or regulation, even if such information also is reported pursuant to the Act and CFTC regulations.]1

1The first bracketed phrase will be used for ADRs; the second will be used for AFRs. The inapplicable phrase will be deleted.

3. This Arrangement is not intended to limit or condition the discretion of an Authority in any way in the discharge of its regulatory responsibilities or to prejudice the individual responsibilities or autonomy of any Authority.

4. This Arrangement does not alter the terms and conditions of any existing arrangements.

Article Two: Confidentiality of Swap Data

5. ABC will be acting within the scope of its jurisdiction in requesting Swap Data and employs procedures to maintain the confidentiality of Swap Data and any information and analyses derived therefrom (collectively, the “Confidential Information”). ABC undertakes to notify the CFTC and each relevant SDR promptly of any change to ABC's scope of jurisdiction.

6. ABC undertakes to treat Confidential Information as confidential and will employ safeguards that:

a. To the maximum extent practicable, identify the Confidential Information and maintain it separately from other data and information;

b. Protect the Confidential Information from misappropriation and misuse;

c. Ensure that only authorized ABC personnel with a need to access particular Confidential Information to perform their job functions related to such Confidential Information have access thereto, and that such access is permitted only to the extent necessary to perform their job functions related to such particular Confidential Information;

d. Prevent the disclosure of aggregated Confidential Information; provided, however, that ABC is permitted to disclose any sufficiently aggregated Confidential Information that is anonymized to prevent identification, through disaggregation or otherwise, of a market participant's business transactions, trade data, market positions, customers or counterparties;

e. Prohibit use of the Confidential Information by ABC personnel for any improper purpose, including in connection with trading for their personal benefit or for the benefit of others or with respect to any commercial or business purpose; and

f. Include a process for monitoring compliance with the confidentiality safeguards described herein and for promptly notifying the CFTC, and each SDR from which ABC has received Swap Data, of any violation of such safeguards or failure to fulfill the terms of this Arrangement.

7. Except as provided in Paragraphs 6.d. and 8, ABC will not onward share or otherwise disclose any Confidential Information.

8. ABC undertakes that:

a. If a department, central bank, or agency of the Government of the United States, it will not disclose Confidential Information except in an action or proceeding under the laws of the United States to which it, the CFTC, or the United States is a party;

b. If a department or agency of a State or political subdivision thereof, it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the Act or the laws of [name of either the State or the State and political subdivision] to which it is a party; or

c. If a foreign futures authority or a department, central bank, ministry, or agency of a foreign government or subdivision thereof, or any other Foreign Regulator, as defined in Commission Regulation 49.2(a)(5), it will not disclose Confidential Information except in connection with an adjudicatory action or proceeding brought under the laws of [name of country, political subdivision, or (if a supranational organization) supranational lawmaking body] to which it is a party.

9. Prior to complying with any legally enforceable demand for Confidential Information, ABC will notify the CFTC of such demand in writing, assert all available appropriate legal exemptions or privileges with respect to such Confidential Information, and use its best efforts to protect the confidentiality of the Confidential Information.

10. ABC acknowledges that, if it does not fulfill the terms of this Arrangement, the CFTC may direct any registered SDR to suspend or revoke ABC's access to Swap Data.

11. ABC will comply with all applicable security-related requirements imposed by an SDR in connection with access to Swap Data maintained by the SDR, as such requirements may be revised from time to time.

12. ABC will promptly destroy all Confidential Information for which it no longer has a need or which no longer falls within the scope of its jurisdiction, and will certify to the CFTC, upon request, that ABC has destroyed such Confidential Information.

Article Three: Administrative Provisions

13. This Arrangement may be amended with the written consent of the Authorities.

14. The text of this Arrangement will be executed in English, and may be made available to the public.

15. On the date this Arrangement is signed by the Authorities, it will become effective and may be provided to any registered SDR that holds and maintains Swap Data that falls within the scope of ABC's jurisdiction.

16. This Arrangement will expire 30 days after any Authority gives written notice to the other Authority of its intention to terminate the Arrangement. In the event of termination of this Arrangement, Confidential Information will continue to remain confidential and will continue to be covered by this Arrangement.

This Arrangement is executed in duplicate, this ______ day of ______.

 

[name of Chairman]

Chairman

U.S. Commodity Futures Trading Commission

 

[name of signatory]

[title]

[name of foreign/domestic regulator]

[Exhibit A: Description of Scope of Jurisdiction. If ABC is not enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach the Determination Order received from the Commission pursuant to Commission Regulation 49.17(h). If ABC is enumerated in Commission Regulations 49.17(b)(1)(i)-(vi), it must attach a sufficiently detailed description of the scope of ABC's jurisdiction as it relates to Swap Data maintained by SDRs. In both cases, the description of the scope of jurisdiction must include elements allowing SDRs to establish, without undue obstacles, objective parameters for determining whether a particular Swap Data request falls within such scope of jurisdiction. Such elements could include LEIs of all jurisdictional entities and could also include UPIs of all jurisdictional products or, if no CFTC-approved UPI and product classification system is yet available, the internal product identifier or product description used by an SDR from which Swap Data is to be sought.]

[83 FR 27439, June 12, 2018]

return arrow Back to Top