Notice2025-11878
Self-Regulatory Organizations; National Securities Clearing Corporation; Notice of Filing of Amendment No. 1, and Order Instituting Proceedings To Determine Whether To Approve or Disapprove a Proposed Rule Change, as Modified by Amendment No. 1, Regarding Proposed Rule Change Relating to a Participant System Disruption
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
June 27, 2025
Issuing agencies
Securities and Exchange Commission
Full Text
<html>
<head>
<title>Federal Register, Volume 90 Issue 122 (Friday, June 27, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 122 (Friday, June 27, 2025)]
[Notices]
[Pages 27717-27722]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-11878]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-103309; File No. SR-NSCC-2025-003]
Self-Regulatory Organizations; National Securities Clearing
Corporation; Notice of Filing of Amendment No. 1, and Order Instituting
Proceedings To Determine Whether To Approve or Disapprove a Proposed
Rule Change, as Modified by Amendment No. 1, Regarding Proposed Rule
Change Relating to a Participant System Disruption
June 24, 2025.
On March 14, 2025, National Securities Clearing Corporation
(``NSCC'') filed with the Securities and Exchange Commission
(``Commission'') the proposed rule change SR-NSCC-2025-003 pursuant to
Section 19(b) of the Securities Exchange Act of 1934 (``Exchange Act''
or ``the Act'') \1\ and Rule 19b-4 \2\ thereunder to modify its
Disruption Rules.\3\ The proposed rule change was published for public
comment in the Federal Register on March 27, 2025.\4\ The Commission
has received comments regarding the substance of the changes proposed
in the proposed rule change.\5\
---------------------------------------------------------------------------
\1\ 15 U.S.C. 78s(b)(1).
\2\ 17 CFR 240.19b-4.
\3\ Specifically, NSCC is seeking to modify Rule 60A of the NSCC
Rules & Procedures (the ``Disruption Rules''). The Disruption Rules
are publicly available at <a href="https://www.dtcc.com/legal/rules-and-procedures">https://www.dtcc.com/legal/rules-and-procedures</a>.
\4\ Securities Exchange Act Release No. 102711 (Mar. 21, 2025),
90 FR 13926 (Mar. 27, 2025) (File No. SR-NSCC-2025-003).
\5\ Comments on the proposed rule change are available at
<a href="https://www.sec.gov/comments/sr-dtc-2025-003/srdtc2025003.htm">https://www.sec.gov/comments/sr-dtc-2025-003/srdtc2025003.htm</a>.
---------------------------------------------------------------------------
On May 2, 2025, pursuant to Section 19(b)(2) of the Exchange
Act,\6\ the Commission designated a longer period within which to
approve, disapprove, or institute proceedings to determine whether to
approve or disapprove the proposed rule change.\7\ On June 20, 2025,
NSCC filed Amendment No. 1 to the proposed rule change, as described in
Items I and II below, which Items have been prepared by NSCC.\8\
Amendment No. 1 superseded the original proposed rule change in its
entirety.
---------------------------------------------------------------------------
\6\ 15 U.S.C. 78s(b)(2).
\7\ Securities Exchange Act Release No. 102981 (May 5, 2025), 90
FR 19590 (May 8, 2025) (File Nos. SR-DTC-2025-003; SR-FICC-2025-006;
SR-NSCC-2025-003).
\8\ Amendment No. 1 is available at <a href="https://www.dtcc.com/-/media/Files/Downloads/legal/rule-filings/2025/NSCC/SR-NSCC-2025-003-Amendment-1.pdf">https://www.dtcc.com/-/media/Files/Downloads/legal/rule-filings/2025/NSCC/SR-NSCC-2025-003-Amendment-1.pdf</a>.
---------------------------------------------------------------------------
The Commission is publishing this notice to solicit comments on the
proposed rule change, as modified by Amendment No. 1, and is
instituting proceedings pursuant to Section 19(b)(2)(B) of the Exchange
Act \9\ to determine whether to approve or disapprove the proposed rule
change, as modified by Amendment No. 1.
---------------------------------------------------------------------------
\9\ 15 U.S.C. 78s(b)(2)(B).
---------------------------------------------------------------------------
I. Clearing Agency's Statement of the Terms of Substance of the
Proposed Rule Change, as Modified by Amendment No. 1
NSCC, along with its two affiliate clearing agencies, Fixed Income
Clearing Corporation (``FICC'') and The Depository Trust Company
(``DTC,'' and together with NSCC and FICC, the ``Clearing Agencies,''
or ``Clearing Agency'' when referring to one of any of the three
Clearing Agencies) \10\ each filed with the Commission substantively
similar proposals (``Original Proposal'') \11\ to amend their
respective rules currently titled Systems Disconnect: Threat of
Significant Impact to the Corporation's Systems.\12\ Each respective
filing was written from the perspective of the Clearing Agencies,
collectively, instead of DTC, FICC, and NSCC individually, but
application of
[[Page 27718]]
the proposed rule changes would only apply to the DTCC Systems
Participant (as defined below) of the corresponding Clearing Agency or
Clearing Agencies.\13\
---------------------------------------------------------------------------
\10\ The Clearing Agencies are each a subsidiary of The
Depository Trust & Clearing Corporation (``DTCC''). DTCC operates on
a shared service model with respect to the Clearing Agencies. Most
corporate functions are established and managed on an enterprise-
wide basis pursuant to intercompany agreements under which it is
generally DTCC that provides relevant services to the Clearing
Agencies.
\11\ Securities Exchange Act Release Nos. 102711 (Mar. 21,
2025), 90 FR 13926 (Mar. 27, 2025) (SR-NSCC-2025-003); 102713 (Mar.
21, 2025), 90 FR 13942 (Mar. 27, 2025) (SR-FICC-2025-006); and
102712 (Mar. 21, 2025), 90 FR 13919 (Mar. 27, 2025) (SR-DTC-2025-
003) (collectively, ``Original Filings'').
\12\ Rule 60A of the NSCC Rules & Procedures (``NSCC Rules''),
Rule 50A of the FICC Government Securities Division (``FICC-GSD'')
Rulebook (``FICC-GSD Rules''), Rule 40A of the FICC Mortgage-Backed
Securities Division (``FICC-MBSD'') Clearing Rules (``FICC-MBSD
Rules''), and Rule 38(A) of the Rules, By-Laws and Organization
Certificate of DTC (``DTC Rules'') (collectively, the ``Disruption
Rules''), available at <a href="https://www.dtcc.com/legal/rules-and-procedures">https://www.dtcc.com/legal/rules-and-procedures</a>.
\13\ Capitalized terms not otherwise defined herein have the
meaning as set forth in the respective rules of the Clearing
Agencies, available at <a href="https://www.dtcc.com/legal/rules-and-procedures">https://www.dtcc.com/legal/rules-and-procedures</a>, or in the Original Filings, supra note 11.
---------------------------------------------------------------------------
On April 17, 2025, the Securities Industry and Financial Markets
Association (``SIFMA'') submitted a comment letter to the Original
Proposal (``SIFMA Letter'').\14\ Based on comments made in the SIFMA
Letter and further review of the Original Proposal, the Clearing
Agencies are now filing this Amendment No. 1.
---------------------------------------------------------------------------
\14\ Letter from Stephen Byron, Managing Director, Head of
Operations, Technology, Cyber & BCP, SIFMA (Apr. 17, 2025). SIFMA
also submitted an earlier, two-page letter, on April 16, 2025,
requesting additional time to submit a comment letter to the
Original Proposal and highlighting some potential concerns that were
then covered in the follow-up SIFMA Letter. Letter from Stephen
Byron, Managing Director, Head of Operations, Technology, Cyber &
BCP, SIFMA (Apr. 16, 2025).
---------------------------------------------------------------------------
This Amendment No. 1 would modify the Original Proposal by (i)
amending the proposed definitions for DTCC Systems Participant,
Participant System Disruption, and Third-Party Cybersecurity Firm, and
proposing to add Third-Party Provider as a new defined term; (ii)
simplifying the notification requirements and requested details of a
Participant System Disruption; (iii) allowing for the submission of a
summary of the Third-Party Cybersecurity Firm report, in lieu of the
report itself; and (iv) making technical, ministerial, and other
conforming and clarifying changes.
II. Clearing Agency's Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Change, as Modified by Amendment No. 1
In its filing with the Commission, the clearing agency included
statements concerning the purpose of and basis for the proposed rule
change and discussed any comments it received on the proposed rule
change. The text of these statements may be examined at the places
specified in Item IV below. The clearing agency has prepared summaries,
set forth in sections A, B, and C below, of the most significant
aspects of such statements.
(A) Clearing Agency's Statement of the Purpose of, and Statutory Basis
for, the Proposed Rule Change
1. Purpose
On March 14, 2025, the Clearing Agencies each filed the Original
Proposal \15\ to amend their respective rules currently titled Systems
Disconnect: Threat of Significant Impact to the Corporation's Systems.
Each respective filing was written from the perspective of the Clearing
Agencies, collectively, instead of DTC, FICC, and NSCC individually,
but application of the proposed rule changes would only apply to the
DTCC Systems Participant of the corresponding Clearing Agency or
Clearing Agencies.
---------------------------------------------------------------------------
\15\ Original Filings, supra note 11.
---------------------------------------------------------------------------
On April 17, 2025, SIFMA submitted the SIFMA Letter.\16\ Based on
comments made in the SIFMA Letter and further review of the Original
Proposal, the Clearing Agencies are now filing this Amendment No. 1.
---------------------------------------------------------------------------
\16\ SIFMA Letter, supra note 14.
---------------------------------------------------------------------------
This Amendment No. 1 would modify the Original Proposal by (i)
amending the proposed definitions for DTCC Systems Participant,
Participant System Disruption, and Third-Party Cybersecurity Firm, and
proposing to add Third-Party Provider as a new defined term; (ii)
simplifying the notification requirements and requested details of a
Participant System Disruption; (iii) allowing for the submission of a
summary of the Third-Party Cybersecurity Firm report, in lieu of the
report itself; and (iv) making technical, ministerial, and other
conforming and clarifying changes, as discussed below.
Current Disruption Rules & Original Proposal
The Clearing Agencies' current Disruption Rules contain provisions
identifying the events or circumstances that would be considered a
Major Event.\17\ During the pendency of a Major Event, the Disruption
Rules authorize the Clearing Agencies to take certain actions, within a
prescribed governance framework, to mitigate the effect of the Major
Event on the Clearing Agencies, their respective members or
participants as defined in the respective rules of the applicable
Clearing Agency (hereinafter, ``Respective Participants''),\18\ their
Affiliates, and the industry more broadly.\19\
---------------------------------------------------------------------------
\17\ ``Major Event'' is currently defined in the Disruption
Rules as, ``the happening of one or more System Disruption(s) that
is reasonably likely to have a significant impact on the
Corporation's operations, including the DTCC Systems, that affect
the business, operations, safeguarding of securities or funds, or
physical functions of the Corporation, [Respective Participants]
and/or other market participants.'' Disruption Rules, supra note 12,
Section 1.
\18\ Under the current Disruption Rules, Respective Participants
for NSCC are Members and Limited Members; for DTC, Participants; for
FICC-GSD and FICC-MBSD, Members. Disruption Rules, supra note 12,
Section 1. Under the Original Proposal, Respective Participants for
NSCC will be Members, Limited Members, and Sponsored Members; for
DTC, Participants, Limited Participants, and Pledgees; for FICC-GSD,
Netting Members, CCIT Members, Comparison Only Members, and Funds-
Only Settling Bank Members; and for FICC-MBSD, Members, Clearing
Members, and Cash Settling Bank Members. Original Filings, supra
note 11.
\19\ See Disruption Rules, supra note 12, Section 1.
---------------------------------------------------------------------------
The Original Proposal proposed to and would continue to (i) update
and add definitions used throughout the Disruption Rules; (ii) update
the provisions and governance for declaring a Major Event (which would
be redefined as a Major System Event \20\); (iii) clarify and enhance
the requirements of the DTCC Systems Participant, as amended below, to
notify the Clearing Agencies of a Systems Disruption (which would be
redefined as a Participant System Disruption, as amended below); (iv)
add provisions incorporating the reporting, testing, and approval
requirements, process, legal obligations, and governance necessary for
``reconnection'' (as defined by the Original Proposal) \21\ of a DTCC
Systems Participant that was ``disconnected'' from DTCC Systems \22\
pursuant to a Disruption Rule; and (v) make technical, ministerial, and
other conforming and clarifying changes, including updating the name of
the Disruption Rules.\23\ Other than the below described
[[Page 27719]]
amendments proposed in this Amendment No. 1, the proposed changes of
the Original Proposal remain.
---------------------------------------------------------------------------
\20\ Pursuant to this proposed rule change, Major Event would be
deleted and replaced with ``Major System Event,'' to be defined as,
``a Participant System Disruption that has or is reasonably
anticipated to, for example, disrupt, degrade, cause a delay in,
interrupt or otherwise alter the normal operation of DTCC Systems;
result in unauthorized access to DTCC Systems; result in the loss of
control of, disclosure of, or loss of DTCC Confidential Information;
or cause a strain on, loss of, or overall threat to the
Corporation's resources, functions, security or operations.''
\21\ Pursuant to the Original Proposal, ``Reconnection'' would
be defined as the reestablishment of connectivity between DTCC
Systems and the DTCC Systems Participant that was the subject of
action taken pursuant to a Disruption Rule. Original Filings, supra
note 11.
\22\ ``DTCC Systems'' is currently defined in the Disruption
Rules as, ``the systems, equipment and technology networks of DTCC,
the Corporation and/or their Affiliates, whether owned, leased, or
licensed, software, devices, IP addresses, or other addresses or
accounts used in connection with providing the services set forth in
the Rules, or used to transact business or to manage the connection
with the Corporation.'' Disruption Rules, supra note 12, Section 1.
Pursuant to the Original Proposal, the definition would be updated
to mean ``the systems, equipment and technology networks of DTCC,
the Corporation and/or any Affiliates of DTCC or the Corporation,
whether owned, leased, or licensed, and including software,
hardware, applications, devices, IP addresses, or other addresses or
accounts used in connection with such systems, equipment and
technology networks, to provide the services set forth in these
[Rules & Procedures/Rules and the Procedures/Rules], or otherwise
used to transact business or connect with DTCC, the Corporation, or
any Affiliates of DTCC or the Corporation.'' Original Filings, supra
note 11.
\23\ Original Filings, supra note 11 (providing specifics of
each proposed change of the Original Proposal).
---------------------------------------------------------------------------
Proposed Amendments
As noted above, based on comments raised in the SIFMA Letter and
further review of the Original Proposal, the Clearing Agencies are
filing this Amendment No. 1 to (i) amend the proposed definitions for
DTCC Systems Participant, Participant System Disruption, and Third-
Party Cybersecurity Firm, and to add Third-Party Provider as a new
defined term; (ii) simplify the notification requirements and reporting
details of a Participant System Disruption; (iii) allow for the
submission of a summary of the Third-Party Cybersecurity Firm report,
in lieu of the report itself; and (iv) make technical, ministerial, and
other conforming and clarifying amendments, as described below.
1. Definitional Amendments
DTCC Systems Participant--``DTCC Systems Participant'' is currently
defined in Section 1 of the Disruption Rules as, ``a [Respective
Participant], or third party service provider, or service bureau that
is connecting with the DTCC Systems.'' \24\ Pursuant to the Original
Proposal, DTCC Systems Participant would have been redefined in the
Disruption Rules as, ``(A) any [Respective Participant], or an
Affiliate of any [Respective Participant], that directly or indirectly
connects with DTCC Systems; or (B) any third-party service provider,
service bureau, or other similar entity that directly or indirectly
connects with DTCC Systems on behalf of or for the benefit of any
[Respective Participant], or an Affiliate of any [Respective
Participant].'' \25\
---------------------------------------------------------------------------
\24\ Disruption Rules, supra note 12, Section 1.
\25\ Original Filings, supra note 11.
---------------------------------------------------------------------------
In consideration of the comments raised by SIFMA, generally,\26\
and after further review of the proposed definition, the Clearing
Agencies believe that the proposed definition of DTCC Systems
Participant could be drafted differently to better reflect the entities
that the definition is intended to cover (i.e., Respective Participants
connected to DTCC Systems directly and third-party service providers
connected to DTCC Systems on behalf of or for the benefit of Respective
Participants). Therefore, the Clearing Agencies propose to amend the
proposed definition to simply state that a DTCC Systems Participant is
``any [Respective Participant] that connects with DTCC Systems either
directly or indirectly via a Third-Party Provider.''
---------------------------------------------------------------------------
\26\ SIFMA Letter, supra note 14.
---------------------------------------------------------------------------
Systems Disruption/Participant System Disruption--``Systems
Disruption'' is currently defined in Section 1 of the Disruption Rules
as, ``the unavailability, failure, malfunction, overload, or
restriction (whether partial or total) of a DTCC Systems Participant's
systems that disrupts or degrades the normal operation of such DTCC
Systems Participant's systems; or anything that impacts or alters the
normal communication, or the files that are received, or information
transmitted, to or from the DTCC Systems.'' \27\ Pursuant to the
Original Proposal, Systems Disruption would be deleted and replaced
with ``Participant System Disruption,'' which would have been defined
as, ``the actual or reasonably anticipated unauthorized access to, or
unavailability, failure, malfunction, overload, corruption, or
restriction (whether partial or total) of one or more systems of a DTCC
Systems Participant.'' \28\
---------------------------------------------------------------------------
\27\ Disruption Rules, supra note 12, Section 1.
\28\ Original Filings, supra note 11.
---------------------------------------------------------------------------
In consideration of the comments raised by SIFMA,\29\ and after
further review of the proposed definition, the Clearing Agencies
believe that the proposed definition of Participant System Disruption
could be interpreted too broadly. The proposed definition is intended
to capture only disruptions to systems connected to DTCC Systems,
whether via a direct connection from the Respective Participant or
through the Respective Participant's third-party service provider. It
is not intended to capture every disruption to every system of the
Respective Participant or its provider. Therefore, the Clearing
Agencies propose to amend the proposed definition to a narrower list of
``incidents'' and explicitly state that the systems in scope are only
those ``connected to DTCC Systems.'' Specifically, the amended
definition of Participant System Disruption would read, ``an incident
resulting from the unintended or unauthorized access to, or the
malfunction or corruption (whether partial or total) of one or more
systems, of a DTCC Systems Participant or its Third-Party Provider,
connected to DTCC Systems.''
---------------------------------------------------------------------------
\29\ SIFMA Letter, supra note 14, at 2-4.
---------------------------------------------------------------------------
Third-Party Cybersecurity Firm--The Original Proposal proposed to
add the definition ``Third-Party Cybersecurity Firm'' to the Disruption
Rules to mean, ``a firm that, in [the Clearing Agencies'] reasonable
judgement, (A) (i) is well-known and reputable; (ii) is not affiliated
with DTCC, [the Clearing Agencies], an Affiliate of DTCC or [the
Clearing Agencies], a DTCC Systems Participant, or an Affiliate of a
DTCC Systems Participant; (iii) specializes in financial-sector
cybersecurity; and (iv) employs Best Practices; or (B) is otherwise
determined to be a Third-Party Cybersecurity Firm by [the Clearing
Agencies].'' \30\
---------------------------------------------------------------------------
\30\ Original Filings, supra note 11.
---------------------------------------------------------------------------
In consideration of the comments raised by SIFMA,\31\ and after
further review of the proposed definition, the Clearing Agencies
believe that the ``not affiliated with'' language and the
``specializes'' term in the definition could be clearer and simpler.
Accordingly, the Clearing Agencies propose to amend the definition of
Third-Party Cybersecurity Firm to (i) remove the proposed ``not
affiliated with'' language and, instead, simply state that the Third-
Party Cybersecurity Firm cannot be the subject DTCC Systems
Participant, an Affiliate thereof, or a Third-Party Provider thereof;
and (ii) replace ``specialized'' with ``experienced,'' a more objective
standard.
---------------------------------------------------------------------------
\31\ SIFMA Letter, supra note 14, at 4-5.
---------------------------------------------------------------------------
Third-Party Provider--The Original Proposal did not include a
separate defined term to cover Affiliates of Respective Participants,
third-party service providers, service bureaus, or other similar
entities that connect to DTCC Systems on behalf of or for the benefit
of the Respective Participant. Rather, the Original Proposal attempted
to capture such entities and such connectivity via the proposed DTCC
Systems Participant definition.\32\
---------------------------------------------------------------------------
\32\ Original Filings, supra note 11.
---------------------------------------------------------------------------
In consideration of the comments raised by SIFMA, generally,\33\
and after further review of how the DTCC Systems Participant definition
worked throughout the Disruption Rules, the Clearing Agencies believe a
new, separate defined term would be clearer, simpler, and better
capture the intended purpose (i.e., to cover a DTCC Systems
Participant's third-party connections). Therefore, the Clearing
Agencies propose to add the definition ``Third-Party Provider,'' which
would mean, ``an Affiliate of any [Respective Participant], or a third-
party service provider, service bureau or other similar entity, that
connects to DTCC Systems on behalf of or for the benefit of a DTCC
Systems Participant.''
---------------------------------------------------------------------------
\33\ SIFMA Letter, supra note 14.
---------------------------------------------------------------------------
This proposed amendment also would work to accommodate the proposed
amendments to the definitions of DTCC Systems Participant, Participant
System Disruption, and Third-Party
[[Page 27720]]
Cybersecurity Firm, described above. Additionally, with this amendment
and the proposed amendment to the definition of DTCC System
Participant, the Respective Participants would be the sole the
responsible parties under the Disruption Rules, whether they connect
directly or indirectly to DTCC Systems. As such, the Clearing Agencies
propose to amend Section 7(e) of the Disruption Rules in the Original
Proposal to remove language that was originally proposed to cover
entities that may not be Respective Participants.\34\
---------------------------------------------------------------------------
\34\ Original Filings, supra note 11.
---------------------------------------------------------------------------
2. Notice and Reporting Amendments
Section 2(a) of the Disruption Rules in the Original Proposal
required, in part, a DTCC Systems Participant experiencing a
Participant System Disruption to notify the applicable Clearing Agency
of the disruption ``on behalf of itself and any Affiliate of the DTCC
Systems Participant. . . .'' \35\ It also required in Section 2(b) that
a DTCC Systems Participant that had ``actual knowledge that an
unaffiliated DTCC Systems Participant [was] experiencing a Participant
System Disruption'' to notify the applicable Clearing Agency, if
legally permitted to do so.\36\
---------------------------------------------------------------------------
\35\ Id.
\36\ Id.
---------------------------------------------------------------------------
In consideration of the comments raised by SIFMA,\37\ and after
further review of those proposed requirements, the Clearing Agencies no
longer believe that the proposed ``and any Affiliate'' language in
Section 2(a) and the entire language in Section 2(b) are needed.
Rather, the Clearing Agencies believe that the intended purpose of
those requirements (i.e., to cover a DTCC Systems Participant's third-
party connections) is now better addressed with the proposed
definitional amendments described above. Therefore, the Clearing
Agencies propose to amend Section 2(a) by removing the ``and any
Affiliate'' language, and Section 2(b) by removing it completely. As
such, proposed Section 2(c) would now become proposed Section 2(b) and
certain reference language would be updated accordingly.
---------------------------------------------------------------------------
\37\ SIFMA Letter, supra note 14, at 6.
---------------------------------------------------------------------------
Section 2(c) of the Disruption Rules in the Original Proposal,
which would now be amended Section 2(b), as noted immediately above,
proposes a list of information to be reported to the applicable
Clearing Agency, by the DTCC Systems Participant, regarding the
Participant System Disruption.\38\ With this Amendment No. 1, the
Clearing Agencies propose some technical changes to simplify the
originally proposed language and clarify the information requested in
the proposed Contact Information and Scope subsections. Additionally,
in consideration of the comments raised by SIFMA,\39\ and after further
review of the proposed requirements, the Clearing Agencies propose to
amend the Notice subsection to only request notices and other
information regarding the Participant System Disruption that has been
made ``public.'' Although the originally proposed language did limit
the request to only notices and information that could be provided
legally, the scope of the language was arguably too broad, which the
proposed amendment now addresses.
---------------------------------------------------------------------------
\38\ Original Filings, supra note 11.
\39\ SIFMA Letter, supra note 14, at 7.
---------------------------------------------------------------------------
3. Third-Party Cybersecurity Firm Report Amendment
Section 5 of the Disruption Rules in the Original Proposal
required, in part, that prior to reestablishing connectivity to DTCC
Systems pursuant to the Disruption Rules, the subject DTCC Systems
Participant must provide the applicable Clearing Agency with a
detailed, comprehensive, and auditable report from a Third-Party
Cybersecurity Firm.\40\ In consideration of the comments raised by
SIFMA,\41\ and after further review of the proposed requirements, the
Clearing Agencies propose to amend that requirement to also allow a
``summary'' of such report, in lieu of providing the report itself, in
order to alleviate concerns about potentially providing the Clearing
Agencies with material, non-public information, notwithstanding the
fact that the Clearing Agencies would need to maintain any confidential
information accordingly pursuant to their existing rules.\42\
---------------------------------------------------------------------------
\40\ Original Filings, supra note 11.
\41\ SIFMA Letter, supra note 14, at 8-9.
\42\ DTC Rule 2, Section 1; NSCC Rule 2A, Sec. 1.C; FICC-GSD
Rule 2A, Section 5; FICC-MBSD Rule 2A, Section 6, available at
<a href="https://www.dtcc.com/legal/rules-and-procedures">https://www.dtcc.com/legal/rules-and-procedures</a>.
---------------------------------------------------------------------------
4. Technical, Ministerial, and Other Conforming and Clarifying
Amendments
Based on the proposed amendments described above, and after further
review of the overall language of the Original Proposal, the Clearing
Agencies propose to make a handful of technical, ministerial, and other
conforming and clarifying amendments, such as removing unneeded terms,
updating terms, modifying language, and reorganizing sentence
structure.
2. Statutory Basis
The Clearing Agencies believe that the proposed amendments in this
Amendment No. 1 are consistent with the requirements of the Act and the
rules and regulations thereunder applicable to each of the Clearing
Agencies. In particular, the Clearing Agencies believe that the
proposed amendments are consistent with Section 17A(b)(3)(F) of the Act
\43\ and Rule 17ad-22(e)(17)(i) promulgated under the Act,\44\ as
described below.
---------------------------------------------------------------------------
\43\ 15 U.S.C. 78q-1(b)(3)(F).
\44\ 17 CFR 240.17ad-22(e)(17)(i).
---------------------------------------------------------------------------
Consistency With Section 17A(b)(3)(F)
Section 17A(b)(3)(F) of the Act \45\ requires, in part, that the
rules of the Clearing Agencies be designed to promote the prompt and
accurate clearance and settlement of securities transactions, and to
assure the safeguarding of securities and funds which are in the
custody or control of the Clearing Agencies or for which they are
responsible.
---------------------------------------------------------------------------
\45\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
As described above, the Clearing Agencies are filing this Amendment
No. 1 to (i) amend the definitions for DTCC Systems Participant,
Participant System Disruption, and Third-Party Cybersecurity Firm, and
to add Third-Party Provider as a new defined term; (ii) simplify the
notification requirements and reporting details of a Participant System
Disruption; (iii) allow for the submission of a summary of the Third-
Party Cybersecurity Firm report, in lieu of the report itself; and (iv)
make technical, ministerial, and other conforming and clarifying
amendments.
The Clearing Agencies believe that these proposed amendments would
improve Respective Participants' ability to understand and comply with
the overall proposed changes to the Disruption Rules because the
amendments simplify and clarify the Original Proposal and are primarily
in response to Respective Participants' concerns outlined in the SIFMA
Letter. By improving compliance with the Disruption Rules, the Clearing
Agencies would be better positioned to identify a Participant System
Disruption and then take action because of such disruption, as needed.
In other words, the proposed amendments help mitigate risk and better
protect the Clearing Agencies, their Respective Participants, and the
industry more broadly from a Major System Event. By helping to mitigate
risk and better protect those parties, the Clearing Agencies would be
better situated to promote the prompt and
[[Page 27721]]
accurate clearance and settlement of securities transactions and better
safeguard securities and funds that are in their custody or control,
consistent with Section 17A(b)(3)(F) of the Act.\46\
---------------------------------------------------------------------------
\46\ Id.
---------------------------------------------------------------------------
Consistency With Rule 17ad-22(e)(17)(i)
Rule 17ad-22(e)(17)(i) promulgated under the Act \47\ requires that
the Clearing Agencies establish, implement, maintain, and enforce
written policies and procedures reasonably designed to manage
operational risks by identifying plausible sources of operational risk,
both internal and external, and mitigating their impact through the use
of appropriate systems, policies, procedures, and controls.
---------------------------------------------------------------------------
\47\ 17 CFR 240.17ad-22(e)(17)(i).
---------------------------------------------------------------------------
The Clearing Agencies are filing this Amendment No. 1 to (i) amend
the definitions for DTCC Systems Participant, Participant System
Disruption, and Third-Party Cybersecurity Firm, and to add Third-Party
Provider as a new defined term; (ii) simplify the notification
requirements and reporting details of a Participant System Disruption;
(iii) allow for the submission of a summary of the Third-Party
Cybersecurity Firm report, in lieu of the report itself; and (iv) make
technical, ministerial, and other conforming and clarifying amendments,
each of which were described above.
By providing greater clarity and simplicity in the definitions of
the parties that are the subject of the Disruption Rules, and also
clarifying and simplifying what information needs to be reported to the
Clearing Agencies in the event of a Participant System Disruption or a
DTCC Systems Participant looking to reconnect to DTCC Systems, this
Amendment No. 1 would improve the Clearing Agencies' ability to
identify and collect information about applicable disruptions
experienced by the entities connected to DTCC Systems, whether the
Respective Participant is connected directly or indirectly via a Third-
Party Provider. With better information, the Clearing Agencies could
react more quickly and effectively to the disruption, in protection of
their systems, as well as the systems of other entities connected to
the Clearing Agencies. Therefore, these amendments better position the
Clearing Agencies to identify and address operational risk presented by
a Participant System Disruption, consistent with the requirements of
Rule 17ad-22(e)(17)(i) promulgated under the Act.\48\
---------------------------------------------------------------------------
\48\ Id.
---------------------------------------------------------------------------
(B) Clearing Agency's Statement on Burden on Competition
The Clearing Agencies do not believe the proposed amendments in
this Amendment No. 1 would have any impact on competition because they
are only simplifying, clarifying, and improving definitions; limiting
notice and reporting requirements; allowing for the submission of a
summary report; and making a handful of technical, ministerial, and
other conforming and clarifying amendments overall, which the Clearing
Agencies do not believe would have any effect on a Respective
Participant's competitive position.
(C) Clearing Agency's Statement on Comments on the Proposed Rule Change
Received From Members, Participants, or Others
The Clearing Agencies have not received or solicited any written
comments relating to this Amendment No. 1. If any written comments are
received, the Clearing Agencies will amend their respective filings to
publicly file such comments as an Exhibit 2 to this filing, as required
by Form 19b-4 and the General Instructions thereto.
Persons submitting written comments are cautioned that, according
to Section IV (Solicitation of Comments) of the Exhibit 1A in the
General Instructions to Form 19b-4, the Commission does not edit
personal identifying information from comment submissions. Commenters
should submit only information that they wish to make available
publicly, including their name, email address, and any other
identifying information.
All prospective commenters should follow the Commission's
instructions on How to Submit Comments, available at <a href="https://www.sec.gov/regulatory-actions/how-to-submit-comments">https://www.sec.gov/regulatory-actions/how-to-submit-comments</a>. General
questions regarding the rule filing process or logistical questions
regarding this filing should be directed to the Main Office of the
Commission's Division of Trading and Markets at
<a href="/cdn-cgi/l/email-protection#44303625202d2a23252a202925362f213037043721276a232b32"><span class="__cf_email__" data-cfemail="83f7f1e2e7eaede4e2ede7eee2f1e8e6f7f0c3f0e6e0ade4ecf5">[email protected]</span></a> or 202-551-5777.
The Clearing Agencies reserve the right to not respond to any
comments received.
III. Proceedings To Determine Whether To Approve or Disapprove SR-NSCC-
2025-003, as Modified by Amendment No. 1, and Grounds for Disapproval
Under Consideration
The Commission is instituting proceedings pursuant to Section
19(b)(2)(B) of the Exchange Act \49\ to determine whether the proposed
rule change, as modified by Amendment No. 1, should be approved or
disapproved. Institution of such proceedings is appropriate at this
time in view of the legal and policy issues raised by the proposed rule
change. Institution of proceedings does not indicate that the
Commission has reached any conclusions with respect to any of the
issues involved. Rather, as described below, the Commission seeks and
encourages interested persons to provide comments on the proposed rule
change.
---------------------------------------------------------------------------
\49\ 15 U.S.C. 78s(b)(2)(B).
---------------------------------------------------------------------------
Pursuant to Section 19(b)(2)(B) of the Exchange Act,\50\ the
Commission is providing notice of the grounds for disapproval under
consideration. The Commission is instituting proceedings to allow for
additional analysis of, and input from commenters with respect to, the
proposed rule change's consistency with Section 17A of the Exchange Act
\51\ and the rules thereunder, including the following provisions:
---------------------------------------------------------------------------
\50\ Id.
\51\ 15 U.S.C. 78q-1.
---------------------------------------------------------------------------
<bullet> Section 17A(b)(3)(F) of the Exchange Act,\52\ which
requires, among other things, that the rules of a clearing agency are
designed to promote the prompt and accurate clearance and settlement of
securities transactions; to assure the safeguarding of securities and
funds which are in the custody or control of the clearing agency or for
which it is responsible; to foster cooperation and coordination with
persons engaged in the clearance and settlement of securities
transactions; and, in general, to protect investors and the public
interest;
---------------------------------------------------------------------------
\52\ 15 U.S.C. 78q-1(b)(3)(F).
---------------------------------------------------------------------------
<bullet> Section 17A(b)(3)(I) of the Exchange Act,\53\ which
requires that the rules of a clearing agency do not impose any burden
on competition not necessary or appropriate in furtherance of the
purposes of the Exchange Act;
---------------------------------------------------------------------------
\53\ 15 U.S.C. 78q-1(b)(3)(I).
---------------------------------------------------------------------------
<bullet> Rule 17ad-22(e)(2)(i) and (v) under the Exchange Act,\54\
which requires that a covered clearing agency establish, implement,
maintain and enforce written policies and procedures reasonably
designed to provide for governance arrangements that are clear and
transparent and specify clear and direct lines of responsibility; and
---------------------------------------------------------------------------
\54\ 17 CFR 240.17ad-22(e)(2)(i) and (v).
---------------------------------------------------------------------------
<bullet> Rule 17ad-22(e)(17)(i) under the Exchange Act,\55\ which
requires that a covered clearing agency establish, implement, maintain,
and enforce written policies and procedures reasonably designed to
manage
[[Page 27722]]
operational risks by identifying plausible sources of operational risk,
both internal and external, and mitigating their impact through the use
of appropriate systems, policies, procedures, and controls.
---------------------------------------------------------------------------
\55\ 17 CFR 240.17ad-22(e)(17)(i).
---------------------------------------------------------------------------
IV. Procedure: Request for Written Comments
The Commission requests that interested persons provide written
submissions of their views, data, and arguments with respect to the
issues identified above, as well as any other concerns they may have
with the proposal, as modified by Amendment No. 1. In particular, the
Commission invites the written views of interested persons concerning
whether the proposal is consistent with Sections 17A(b)(3)(F) and
(b)(3)(I) \56\ of the Exchange Act and Rules 17ad-22(e)(2)(i),
(e)(2)(v), and (e)(17)(i) \57\ under the Exchange Act, or any other
provision of the Exchange Act, and the rules and regulations
thereunder. Although there do not appear to be any issues relevant to
approval or disapproval that would be facilitated by an oral
presentation of views, data, and arguments, the Commission will
consider, pursuant to Rule 19b-4, any request for an opportunity to
make an oral presentation.\58\
---------------------------------------------------------------------------
\56\ 15 U.S.C. 78q-1(b)(3)(F) and (b)(3)(I).
\57\ 17 CFR 240.17ad-22(e)(2)(i), (e)(2)(v), and (e)(17)(i).
\58\ Section 19(b)(2) of the Exchange Act, as amended by the
Securities Acts Amendments of 1975, Public Law 94-29 (June 4, 1975),
grants the Commission flexibility to determine what type of
proceeding--either oral or notice and opportunity for written
comments--is appropriate for consideration of a particular proposal
by a self-regulatory organization. See Securities Acts Amendments of
1975, Senate Comm. on Banking, Housing & Urban Affairs, S. Rep. No.
75, 94th Cong., 1st Sess. 30 (1975).
---------------------------------------------------------------------------
Interested persons are invited to submit written data, views, and
arguments regarding whether the proposed rule change should be approved
or disapproved by July 18, 2025. Any person who wishes to file a
rebuttal to any other person's submission must file that rebuttal by
August 1, 2025.
Comments may be submitted by any of the following methods:
Electronic Comments
<bullet> Use the Commission's internet comment form (<a href="https://www.sec.gov/rules/sro.shtml">https://www.sec.gov/rules/sro.shtml</a>); or
<bullet> Send an email to <a href="/cdn-cgi/l/email-protection#5d2f283138703e3230303833292e1d2e383e733a322b"><span class="__cf_email__" data-cfemail="c2b0b7aea7efa1adafafa7acb6b182b1a7a1eca5adb4">[email protected]</span></a>. Please include
file number SR-NSCC-2025-003 on the subject line.
Paper Comments
<bullet> Send paper comments in triplicate to Secretary, Securities
and Exchange Commission, 100 F Street NE, Washington, DC 20549.
All submissions should refer to file number SR-NSCC-2025-003. This file
number should be included on the subject line if email is used. To help
the Commission process and review your comments more efficiently,
please use only one method. The Commission will post all comments on
the Commission's internet website (<a href="https://www.sec.gov/rules/sro.shtml">https://www.sec.gov/rules/sro.shtml</a>). Copies of the submission, all subsequent amendments, all
written statements with respect to the proposed rule change that are
filed with the Commission, and all written communications relating to
the proposed rule change between the Commission and any person, other
than those that may be withheld from the public in accordance with the
provisions of 5 U.S.C. 552, will be available for website viewing and
printing in the Commission's Public Reference Room, 100 F Street NE,
Washington, DC 20549 on official business days between the hours of 10
a.m. and 3 p.m. Copies of the filing also will be available for
inspection and copying at the principal office of NSCC and on DTCC's
website (<a href="https://dtcc.com/legal/sec-rule-filings.aspx">https://dtcc.com/legal/sec-rule-filings.aspx</a>).
Do not include personal identifiable information in submissions;
you should submit only information that you wish to make available
publicly. We may redact in part or withhold entirely from publication
submitted material that is obscene or subject to copyright protection.
All submissions should refer to file number SR-NSCC-2025-003 and should
be submitted on or before July 18, 2025.
For the Commission, by the Division of Trading and Markets,
pursuant to delegated authority.\59\
---------------------------------------------------------------------------
\59\ 17 CFR 200.30-3(a)(12) and (a)(57).
---------------------------------------------------------------------------
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2025-11878 Filed 6-26-25; 8:45 am]
BILLING CODE 8011-01-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on June 27, 2025.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.