Security-Based Swap Data Repositories; KOR Reporting, Inc.; Order Approving Application for Registration as a Security-Based Swap Data Repository

November 4, 2024.

I. Introduction

On January 26, 2023, KOR Reporting, Inc. (“KOR”) filed with the Securities and Exchange Commission (“Commission”) an application (the “KOR Application”) on Form SDR to register as a security-based swap data repository (“SDR”) pursuant to section 13(n)(1) of the Securities Exchange Act of 1934 (“Exchange Act”) and 17 CFR 240.13n-1 (“Rule 13n-1”) thereunder, and as a securities information processor (“SIP”) under section 11A(b) of the Exchange Act. KOR intends to operate as a registered SDR for security-based swap (“SBS”) transactions in the equity, credit, and interest rate derivatives asset classes. KOR subsequently filed amendments to its application on the following dates: August 11, 2023, and February 23, 2024.

Notice of the KOR Application was published in the Federal Register for public comment on August 7, 2024, and the Commission received no comment letters in response. As discussed in Parts III and IV below, the Commission has carefully reviewed the KOR Application. This order grants KOR's application to register as an SDR in the asset classes noted above and as a SIP.

II. Background

A. SDR Registration, Duties, and Core Principles

Section 13(n) of the Exchange Act makes it unlawful for any person, unless registered with the Commission, directly or indirectly, to make use of the mails or any means or instrumentality of interstate commerce to perform the functions of an SDR. To be registered and maintain registration, an SDR must comply with certain requirements and core principles described in section 13(n), as well as any requirements that the Commission may impose by rule or regulation. In 2015, the Commission adopted 17 CFR 240.13n-1 to 13n-12 under the Exchange Act to establish Form SDR, the procedures for registration as an SDR, and the duties and core principles applicable to an SDR (“SDR Rules”). The Commission provided a temporary exemption from compliance with the SDR Rules and also extended exemptions from the provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) set forth in a Commission order providing temporary exemptions and other temporary relief from compliance with certain provisions of the Exchange Act concerning security-based swaps, and these temporary exemptions expired in 2017.

The Commission also has adopted 17 CFR 242.900 to 909 under the Exchange Act (collectively, “Regulation SBSR”), which governs regulatory reporting and public dissemination of security-based swap transactions. Among other things, Regulation SBSR requires each registered SDR to register with the Commission as a SIP, and the Form SDR constitutes an application for registration as a SIP, as well as an SDR.

In 2019, the Commission stated that implementation of the SBS Reporting Rules can and should be done in a manner that carries out the fundamental policy goals of the SBS Reporting Rules while minimizing burdens as much as practicable. Noting ongoing concerns among market participants about incurring unnecessary burdens and the Commission's efforts to promote harmonization between the SBS Reporting Rules and swap reporting rules, the Commission took the position that, for four years following Regulation SBSR's Compliance Date 1 in each asset class, certain actions with respect to the SBS Reporting Rules would not provide a basis for a Commission enforcement action. The no-action statement's relevance to KOR's application for registration as an SDR and SIP is discussed further below.

B. Standard for Registration

As stated above, to be registered with the Commission as an SDR and maintain such registration, an SDR is required to comply with the requirements and core principles described in section 13(n) of the Exchange Act, as well as with any requirement that the Commission may impose by rule or regulation. In addition, Rule 13n-1(c)(3) under the Exchange Act provides that the Commission shall grant the registration of an SDR if it finds that the SDR is so organized, and has the capacity, to be able to: (i) assure the prompt, accurate, and reliable performance of its functions as an SDR; (ii) comply with any applicable provisions of the securities laws and the rules and regulations thereunder; and (iii) carry out its functions in a manner consistent with the purposes of section 13(n) of the Exchange Act and the rules and regulations thereunder. The Commission shall deny the registration of an SDR if it does not make any such finding. Similarly, to be registered with the Commission as a SIP, the Commission must find that such applicant is so organized, and has the capacity, to be able to assure the prompt, accurate, and reliable performance of its functions as a SIP, comply with the provisions of the Exchange Act and the rules and regulations thereunder, carry out its functions in a manner consistent with the purposes of the Exchange Act, and, insofar as it is acting as an exclusive processor, operate fairly and efficiently.

In determining whether an applicant meets the criteria set forth in Rule 13n-1(c), the Commission will consider the information reflected by the applicant on its Form SDR, as well as any additional information obtained from the applicant. For example, Form SDR requires an applicant to provide a list of the asset classes for which the applicant is collecting and maintaining data or for which it proposes to collect and maintain data, a description of the functions that it performs or proposes to perform, general information regarding its business organization, and contact information. Obtaining this information and other information reflected on Form SDR and the exhibits thereto—including the applicant's overall business structure, financial condition, track record in providing access to its services and data, technological reliability, and policies and procedures to comply with its statutory and regulatory obligations—will enable the Commission to determine whether to grant or deny an application for registration. Furthermore, the information requested in Form SDR will enable the Commission to assess whether the applicant is so organized and has the capacity to comply and carry out its functions in a manner consistent with the Federal securities laws and the rules and regulations thereunder, including the SBS Reporting Rules.

Consistent with the Commission's no-action statement in the ANE Adopting Release, an entity wishing to register with the Commission as an SDR must still submit an application on Form SDR but can address the rule provisions included in the no-action statement by discussing how the SDR complies with comparable Commodity Futures Trading Commission (“CFTC”) requirements. Accordingly, in such instances the Commission will not assess an SDR application for consistency or compliance with the rule provisions included in the Commission's no-action statement. Specifically, the Commission identified the following provisions as not providing a basis for an enforcement action against a registered SDR for the duration of the relief provided in the Commission statement: under Regulation SBSR, aspects of 17 CFR 242.901(a), 901(c)(2) through (7), 901(d), 901(e), 902, 903(b), 906(a) and (b), and 907(a)(1), (a)(3), and (a)(4) through (6); under the SDR Rules, aspects of section 13(n)(5)(B) of the Exchange Act and 17 CFR 240.13n-4(b)(3) thereunder, and aspects of 17 CFR 240.13n-5(b)(1)(iii); and under section 11A(b) of the Exchange Act, any provision pertaining to SIPs. Thus, an SDR applicant will not need to include materials in its application explaining how it would comply with the provisions stated above, and could instead rely on its discussion about how it complies with comparable CFTC requirements. The applicant may instead represent in its application that it: (i) is registered with the CFTC as a swap data repository; (ii) is in compliance with applicable requirements under the swap reporting rules; (iii) satisfies the standard for Commission registration of an SDR under Rule 13n-1(c); and (iv) intends to rely on the no-action statement included in the ANE Adopting Release for the period set forth in the ANE Adopting Release with respect to any SBS asset class or classes for which it intends to accept transaction reports.

III. Review of the KOR Application Under SBS Reporting Rules

As stated above, KOR intends to operate as a registered SDR for the equity, credit, and interest rate derivatives asset classes. In its application, KOR represents that it is provisionally registered with the CFTC as a swap data repository, is in compliance with applicable requirements under the CFTC reporting rules applicable to a registered swap data repository, and intends to rely on the Commission's position outlined in the ANE Adopting Release for applicable reporting rules and SDR duties for the period set forth therein. Below is a review of the representations made in the application materials for the KOR security-based swap data repository (“KOR SBSDR”) under the SBS Reporting Rules, taking into account KOR's reliance on the Commission's position outlined in the ANE Adopting Release.

A. Organization and Governance

1. Summary of KOR's Application

KOR is a Delaware corporation and along with its affiliate, KOR Financial Inc. (“KOR Financial”), is a wholly owned subsidiary of KOR US Holdings, Inc. (“KOR Holdings”). KOR is governed by a board of directors (“KOR Board”). The KOR Board is composed of at least three Directors with a majority being independent Directors and at least one director being a “Public Director” as defined in applicable CFTC regulations. According to the KOR Rulebook, KOR Board members should have the characteristics essential for effectiveness as a member of the Board, including but not limited to: (a) integrity, objectivity, sound judgment and leadership; (b) the relevant expertise and experience required to offer advice and guidance to the Chief Executive Officer and other members of senior management; (c) the ability to make independent analytical inquiries; (d) the ability to collaborate effectively and contribute productively to the Board's discussions and deliberations; (e) an understanding of the company's business, strategy and challenges; (f) the willingness and ability to devote adequate time and effort to Board responsibilities and to serve on Committees at the request of the Board; and (g) not being a disqualified person. The KOR Board is composed of individuals selected from the following groups: employees of KOR, clients with derivatives industry experience, independents, and members of senior management. According to the KOR Application, representatives of market participants, including end-users, are provided the opportunity to participate in the process for nominating directors with the right to petition for alternative candidates. The KOR Board will review annually the relationships that each Director has with KOR (either directly or as a partner, equity holder or officer of an organization that has a relationship with KOR). According to KOR, following such annual review, only those Directors who the KOR Board affirmatively determines have no material relationship with KOR (either directly or as a partner, equity holder or officer of an organization that has a relationship with KOR) will be considered Independent Directors, subject to additional qualifications prescribed by applicable law.

According to KOR, the KOR Board's principal oversight functions are to: (a) review, approve, and monitor KOR's major strategic financial business activities and opportunities, including declarations of dividends and major transactions; (b) review, approve and monitor the KOR's annual budget; (c) review, monitor and take reasonable actions with respect to KOR's financial performance; (d) review, assess, and provide oversight of KOR's risk management practices, the integrity and adequacy of its enterprise risk management program, which is designed to identify, manage, and plan for the KOR SBSDR, compliance, financial, operational, reputational, and strategic and commercial risks; (e) select, evaluate and compensate the Chief Compliance Officer and, if necessary, appoint a replacement; and (f) review and monitor plans for the succession of the Chief Executive Officer (“CEO”) and other members of senior management.

In addition, the application provides that the KOR Board is responsible for the appointment and removal of the Chief Compliance Officer (“CCO”) and approval of CCO compensation, which is at the discretion of the Board and effected by a majority vote. The CCO is responsible for overseeing the KOR SBSDR Compliance Department and ensuring compliance with the applicable rules. The CCO consults with the CEO on the adequacy of resources and makes recommendations where needed. The CCO has supervisory authority to inspect books and records and interview KOR SBSDR employees. Upon identification of a potential violation of any regulatory requirement or internal policy or procedure, the CCO is responsible for taking steps to investigate and remediate any such matter.

According to KOR, the KOR Board has adopted a Conflict of Interest Policy that incorporates various provisions of applicable corporate law and other standards adopted by KOR to ensure that KOR Board and committee decisions are not impacted by conflicts of interests. With regard to director conflicts of interest, the application provides that a director conflict is present whenever the interests of KOR compete with the interests of a director or any party associated with a director and interfere with the director's ability to impartially vote on the matter pending before the KOR Board. A director's interest may be direct or indirect through business investment or on “immediate family member” (defined as a person's spouse, domestic partner, parents, stepparents, children, stepchildren, siblings, mothers and fathers-in-law, sons and daughters-in-law and brothers and sisters-in-law and anyone residing in such person's home (other than a tenant or employee)). The application also provides that any director who believes he or she may have a conflict of interest relating to a matter pending before the KOR Board or any committee must provide written notification to the CCO, General Counsel, the Board Chairman, and the CEO prior to consideration of the matter by the KOR Board or committee. The notice should include all relevant material facts to enable the KOR Board or Board committee, in consultation with the CCO, General Counsel and outside legal counsel, if necessary, to determine whether a conflict of interest exists.

The application further provides that in the event the KOR Board or committee determines the director has a conflict of interest or the appearance of a conflict of interest, the KOR Board or committee, after consultation with the General Counsel and outside legal counsel, if necessary, shall determine the appropriate action to be taken. As a general matter, KOR believes it is appropriate for a director to abstain from voting on a matter in which he or she has an actual conflict of interest or the appearance of a conflict of interest. The recusal from voting shall be mandatory when it is deemed appropriate. In the event a director abstains because of a conflict of interest, the abstention shall be noted in the minutes of the meeting. In addition to this policy, directors who serve on any committee established under KOR's rules must also follow the procedure set forth in the applicable Rulebook.

2. Discussion

Section 13(n)(7)(B) of the Exchange Act and Rule 13n-4(c)(2) thereunder require an SDR to establish governance arrangements that are transparent to fulfill public interest requirements and to support the objectives of the Federal Government, owners, and participants. In addition, Rule 13n-4(c)(2) requires an SDR to (i) establish well-defined governance arrangements that include a clear organizational structure with effective internal controls; (ii) establish governance arrangements that provide for fair representation of market participants; (iii) provide representatives of market participants, including end-users, with the opportunity to participate in the process for nominating directors and with the right to petition for alternative candidates; and (iv) establish, maintain, and enforce written policies and procedures reasonably designed to ensure that senior management and each member of the board or committee that has authority to act on behalf of the board possess requisite skills and expertise to fulfill their responsibilities in the management and governance of the SDR, have a clear understanding of their responsibilities, and exercise sound judgment about the SDR's affairs.

Furthermore, Rule 13n-4(b)(11) requires an SDR to designate an individual to serve as CCO, and Rule 13n-11(a) requires the SDR to identify on Form SDR the person so designated. Rule 13n-11(a) also requires that the compensation, appointment, and removal of the CCO shall require approval of a majority of the SDR's board of directors. Rule 13n-11(c) requires the CCO to: (i) report directly to the board of directors or to the senior officer; (ii) review compliance with section 13(n) of the Exchange Act and the rules thereunder; (iii) in consultation with the board or the senior officer, take reasonable steps to resolve any material conflicts of interest; (iv) be responsible for administering the policies and procedures required by section 13(n) of the Exchange Act and the rules thereunder; (v) take reasonable steps to ensure compliance with the Exchange Act and the SDR Rules thereunder; (vi) establish procedures for the remediation of noncompliance; and (vii) establish and follow appropriate procedures for the handling, management response, remediation, retesting, and closing of noncompliance issues.

Additionally, section 13(n)(7)(C) of the Exchange Act requires an SDR to establish and enforce rules to minimize conflicts of interest in the decision-making process of the SDR and establish a process for resolving any such conflicts of interest. Rule 13n-4(c)(3) under the Exchange Act provides that an SDR must: (i) establish, maintain, and enforce written policies and procedures reasonably designed to identify and mitigate potential and existing conflicts of interest in the SDR's decision-making process on an ongoing basis; (ii) with respect to the decision-making process for resolving any conflicts of interest, require the recusal of any person involved in such conflict from such decision-making; and (iii) establish, maintain, and enforce written policies and procedures regarding the SDR's non-commercial and/or commercial use of the SBS transaction information that it receives.

The Commission received no comments on the KOR Notice. As described above, the KOR Application includes provisions for the representation of market participants in the governance arrangements, as well as procedures providing an opportunity to participate in the process for nominating directors and the right to petition for alternative candidates. In addition, the KOR Application includes policies and procedures that set standards for the skills and expertise possessed by the KOR Board.

More generally, the KOR Application sets forth an organizational structure that is clear and includes provisions for internal controls. The KOR Application includes provisions for a CCO that has been designated by the KOR Board and whose compensation, appointment, and removal is set by the KOR Board. In addition, the KOR Application includes policies and procedures that require the CCO to report to the senior officer and be responsible for maintaining compliance with applicable Commission rules, investigating any suspected violations thereof, and overseeing any necessary remediation. The KOR Application includes policies and procedures that identify and mitigate conflicts of interest, require the recusal from decision-making of members of the KOR Board when involved in a conflict, and delineate the commercial and non-commercial use of SBS transaction information received.

B. Access and Information Security

1. Summary of KOR's Application

According to KOR, access to and usage of its SDR service will be available to all market participants on a fair, open, and equal basis. The application provides that KOR does not and will not bundle or tie the offering of mandated regulatory services with ancillary services offered by KOR or a KOR affiliate. Further, KOR imposes the following qualification on clients of its services: (i) a valid Legal Entity Identifier (“LEI”), (ii) execution of membership documents, such as the KOR Universal Services Agreement (“KOR SA”) and applicable Addendums, (iii) compliance with the KOR SBSDR Rulebook and KOR Technical Specifications as published by KOR, and (iv) successful passing of KOR Know Your Customer (KYC) procedures, which include compliance with Applicable Law, specifically those related to sanctions administered and enforced by the Office of Foreign Assets Control of the U.S. Department of the Treasury (“OFAC”).

To be granted access to the KOR system, receive trade information, confirm or verify transactions, submit messages, or receive reports, a market participant must be an onboarded user. Users are required to maintain at least two Administrative Users on the KOR System; Administrative Users are responsible for creating, managing, and removing access to their company's users and to other clients who are eligible to access the KOR System on behalf of the client including firms that have Third-Party Client access.

To participate in the SDR services offered by KOR, each client will be required to enter into a KOR SA; by entering into the KOR SA each client agrees to be bound by the terms of the KOR SA, the KOR Rulebook, and any published policies and guides. In addition, the KOR Rulebook provides that where a client has authorized (i) a Delegated Reporter (a Third-Party Reporter or Related Entity Client under the same Parent) to submit on its behalf and access its data or (ii) a Third-Party Client to access its data, but not submit on its behalf, KOR will provide access to the Delegated Reporter or Third-Party Client so long as it has executed the appropriate KOR SA and applicable addendums and the client has granted permission through the Client Portal. Any market participant that has executed a Client Agreement may access SBSDR Data to which they are a party or for which they have been granted access on behalf of a client. Access to the KOR System is strictly limited to active users with valid permissions created by their client's Administrative User. Once set up, users will be provided logins and the ability to access data in the KOR System. Access is driven off the client's LEIs for which the user has been associated. Users may be granted access to multiple LEIs under the same Parent as related entities. A client's designated Administrative Users are expected to maintain correct user access at all times. In addition, following the end of each calendar quarter, all clients will have access to a report on current user access levels and a list of all clients to which they have granted access to their data. At least one of the designated Administrative Users assigned to each client must review the listing of users and other party access and confirm whether access should be maintained, removed or changed and make the appropriate updates. The KOR Rulebook also states that records of all user access are maintained and available for review by the client and KOR Compliance at all time.

With respect to prohibiting or limiting a person's access to SDR services, the KOR Rulebook outlines the process required for KOR to decline, revoke, or suspend a user of SDR services. For example, KOR's CCO may deny a client's access to the KOR system if required pursuant to applicable law ( e.g., related to sanctions administered and enforced by OFAC or the direction of an applicable regulator), violation of KOR SBSDR Rules, or improper use of the system. The KOR Rulebook provides that KOR will notify the applicable regulator of such action. In addition, any such clients would receive written notice containing the grounds for determination and an opportunity to appeal the decision to the CCO and KOR Board by written request. KOR may restore access to a client following approval from the CCO and/or KOR Board. The CCO will consider the applicable law, regulatory requirements, and the Market Participant's response to the cause of denial, revocation, or suspension. In addition, all decisions will be documented when determining whether to restore client's access.

The KOR Rulebook provides that KOR SBSDR will conduct regular, periodic, objective testing and review of its automated systems to ensure that they are reliable, secure, and have adequate scalable capacity. It also provides that KOR will conduct regular, periodic testing and review of its business continuity-disaster recovery capabilities. It also provides that KOR will, to the extent practicable: (a) coordinate with clients and service providers to participate in synchronized testing in a manner adequate to enable effective resumption of KOR SBSDR's fulfillment of its duties and obligations following a disruption causing activation of KOR SBSDR's Business Continuity and Disaster Recovery (BCDR) plan; (b) participate in periodic, synchronized testing of its BCDR Plan and the BCDR plans of its clients, and the BCDR plans required, as applicable, by each appropriate prudential regulator, the Financial Stability Oversight Council, the SEC, the Department of Justice or any other person deemed appropriate by the SEC; and (c) ensure that its BCDR plan take into account the BCDR plans of its telecommunications, power, water, and other essential service providers.

2. Discussion

Rule 13n-4(c)(1)(ii) under the Exchange Act requires an SDR to permit market participants to access specific services offered by the SDR separately. Rule 13n-4(c)(1)(iii) requires an SDR to establish, monitor on an ongoing basis, and enforce clearly stated objective criteria that would permit fair, open, and not unreasonably discriminatory access to services offered and data maintained by the SDR. Rule 13n-4(c)(1)(iv) requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed to review any prohibition or limitation of any person with respect to access to services offered, directly or indirectly, or data maintained by the SDR and to grant such person access to such services or data if such person has been discriminated against unfairly. In addition, Rule 13n-6 requires an SDR, with respect to those systems that support or are integrally related to the performance of its activities, to establish, maintain, and enforce written policies and procedures reasonably designed to ensure that its systems provide adequate levels of capacity, integrity, resiliency, availability, and security.

The Commission received no comments on the KOR Notice. As described above, the KOR Application includes procedures for onboarding and maintaining ongoing access to users that are fair, open, reasonable and not unreasonably discriminatory. These procedures include user agreements that reflect clear and specific minimum standards for users to follow in seeking to access SBS data held at the SDR. The KOR Application also includes reasonable provisions for limiting, denying, and revoking access to SDR systems that include procedures for review and reconsideration of any determination related to limiting, denying, or revoking a user's access. The procedures described above further help ensure that the access requirements are fair, open, and not unreasonably discriminatory. In addition, the KOR Application includes policies and procedures designed to ensure that the SDR's automated systems maintain adequate levels of capacity, integrity, resiliency, availability, and security that protect against loss of data, employ geographic diversity in their site selection, and account for service disruptions.

C. Acceptance and Use of SBS Data

1. Summary of KOR's Application

According to KOR, data accepted and maintained by the SBSDR may not be used for commercial or business purposes by the SBSDR or any of its affiliated entities absent express written consent by the client providing that data. KOR SBSDR has implemented adequate “firewalls” or controls to protect the reported SBSDR data required to be maintained under SEC regulations from any improper commercial use. The application provides that a client that submits SBSDR data maintained by the SBSDR may permit the commercial use by providing express written consent not required to be reported to the SBSDR. If such client consent is given, KOR may not make such consented data available for commercial use prior to its public dissemination. KOR states that, in accordance with Exchange Act Rule 13n-5(b)(5), it has established systems and user access restrictions reasonably designed to prevent any provision in a valid swap from being invalidated or modified through its verification or recording process.

KOR SBSDR uses the LEI and the Unique Trade Identifier (“UTI”). Pursuant to KOR's rulebook, individuals not eligible for an LEI should be reported using a Natural Person Identifier. KOR states that if a security-based swap counterparty is not eligible to receive an LEI as determined by the Global Legal Entity Identifier System, such counterparty will be identified in all recordkeeping and all Security-Based Swap Data reporting with a Natural Person Identifier. KOR further provides that it is the duty of the Reporting Side to always submit a unique and consistent Natural Person Identifier. Pursuant to KOR's rulebook, to ensure that the Reporting Side consistently submits a unique value for the identifier, the Reporting Side must combine the LEI of the Reporting Side with the natural person's email address associated with the National Person Identifier. Each client must maintain and renew its LEI in accordance with the standards set by the Global Legal Entity Identifier System.

The application provides that each swap will be identified in all recordkeeping and all Security-Based Swap Data reporting by the use of a UTI, which will be created, transmitted, and used for each swap. Each registered entity and swap counterparty will include the UTI for a swap in all of its records and all of its Security-Based Swap Data reporting concerning that swap, from the time it creates or receives the UTI throughout the existence of the security-based swap and for as long as any records are required by applicable law or regulation. Every submission to KOR SBSDR must contain the appropriate UTI, otherwise the submission will be rejected. KOR SBSDR will validate the format and uniqueness of every UTI. If a party submits the incorrect UTI, pursuant to KOR's rulebook, they must “error” that UTI and resubmit the swap as a new message with the correct UTI. When the correct UTI is submitted it will be considered a new trade and, if it is submitted after the required reporting timelines, it will be classified as a late report.

The application provides that KOR has established procedures and provides facilities for effectively resolving disputes over the accuracy of the SBSDR Transaction Data and positions that are recorded in the KOR SBSDR. When the Reporting Side does not agree with the accuracy of the reporting of a swap in KOR Trade Repository, but is prevented from amending the swap to what they believe to accurate, the client must (a) enter a ticket with KOR SBSDR support with the details of the issue and (b) submit an allowed value per the KOR Technical Specifications for the KOR SBSDR field that reflects the dispute.

2. Discussion

Rule 13n-5(b)(1)(i) under the Exchange Act requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed for the reporting of complete and accurate transaction data to the SDR and to accept all transaction data that is reported in accordance with such policies and procedures. Additionally, Rule 13n-5(b)(1)(ii) requires that if an SDR accepts any SBS transaction in a particular asset class, the SDR must accept all SBS transactions in that asset class that are reported to it in accordance with its policies and procedures. In addition, Rule 13n-5(b)(3) requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed to ensure that the transaction data and positions that it maintains are complete and accurate. Rule 13n-5(b)(5) requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed to prevent any provision in a valid SBS transaction from being invalidated or modified through the procedures or operations of the SDR. Rule 13n-5(b)(6) requires an SDR to establish procedures and provide facilities reasonably designed to effectively resolve disputes over the accuracy of the transaction data and positions that are recorded in the SDR.

Furthermore, section 13(n)(5)(F) of the Exchange Act and Rule 13n-4(b)(8) thereunder each require an SDR to maintain the privacy of any and all SBS transaction information that the SDR receives. In addition, Rule 13n-9(b)(1) requires an SDR to establish, maintain, and enforce written policies and procedures reasonably designed to protect the privacy of any and all SBS transaction information that the SDR receives and that include policies and procedures to protect the privacy of any and all SBS transaction information that the SDR shares with affiliates and non-affiliated third parties. Rule 13n-9(b)(2) also requires an SDR to establish, and maintain safeguards, policies, and procedures reasonably designed to prevent the misappropriation or misuse, directly or indirectly, of any confidential information received by the SDR, material non-public information, or intellectual property, such as trading strategies or portfolio positions, by: (i) limiting access to such information and intellectual property; (ii) having standards for trading by persons associated with the SDR for their personal benefit or the benefit of others; and (iii) having adequate oversight to ensure compliance with these safeguards, policies, and procedures.

The Commission received no comments on the KOR Notice. As described above, the KOR Application includes policies and procedures designed to protect transaction data and its systems by restricting access to users, who are obligated to comport with KOR's rules in a manner that facilitates KOR's compliance with its obligations under Commission rules. The Commission views this approach as reasonable. Access to KOR's systems to view trade data or verify information is conditioned such that KOR retains the ability to protect the data, its systems, and its users. KOR retains the responsibility, among other things, to ensure that its policies and procedures are reasonably designed to: (i) ensure trade data reported to it is complete and accurate, as required under Rule 13n-5(b)(1); (ii) ensure that its systems provide adequate levels of capacity, integrity, resiliency, availability and security, as required under Rule 13n-6; and (iii) ensure that it protects the privacy and confidentiality of transaction information, as required under Rule 13n-9(b). Additionally, the KOR Application includes procedures designed to ensure that any valid provisions of trade information are not modified or invalidated, and these procedures include controls that are regularly audited and processing systems designed to prevent unauthorized changes to SBS information. Additionally, KOR provides procedures and facilities reasonably designed to effectively resolve disputes over the accuracy of the transaction data and positions that are recorded in the SDR.

Furthermore, the KOR Application contains policies and procedures regarding both data security and the privacy of SBS data. This includes procedures limiting access to SBS data to employees with either direct or support responsibilities related to systems that maintain the data and procedures that limit the use of such data in all cases to the performance of job responsibilities. Such policies and procedures also establish a standard for the trading practices of personnel that prevents the use of the data for personal benefit or the benefit of others. In addition, KOR has policies and procedures that, when taken together with policies and procedures regarding the duties of the CCO, are reasonably designed to protect the privacy of SBS transaction information, including information shared with affiliates and third parties, through adequate oversight to ensure compliance with the policies and procedures described above.

D. Fees

1. Summary of KOR's Application

The application includes KOR's fee schedules. According to KOR, fees are assessed in a consistent, non-preferential manner and are not permitted to be used as a barrier to entry. KOR offers a subscription model fee schedule which treats all submissions equally regardless of reporting counterparty, asset class, clearing status or execution. The application provides that KOR will not offer preferential pricing arrangements to any client on any basis, including volume discounts or reductions, unless such discounts or reductions apply to all clients uniformly and are not otherwise established in a manner that would effectively limit the application of such discount or reduction to a select number of clients. In addition, KOR represents in its rulebook that it ensures any dues, fees, or other charges imposed by, and any discounts or rebates offered by, its SBSDR are fair and reasonable and not unreasonably discriminatory. KOR states that such dues, fees, other charges, discounts, or rebates will be applied consistently across all similarly-situated users of such SBSDR services, including, but not limited to, market participants, market infrastructures (including central counterparties), venues from which data can be submitted to the SBSDR (including exchanges, security-based swap execution facilities, electronic trading venues, and matching and confirmation platforms), and third party service providers. All fees are fully disclosed and available on the KOR SBSDR website. The fee schedule applies until such time as the KOR Board determines otherwise and provides clients at least one (1) month's notice for significant changes to existing pricing or policy.

In the application, KOR states that, as a real-time messaging-based service, KOR assesses fees on a per message basis to align SBSDR services and the expense to offer such services. All Reporting Clients are assessed the same fee structure regardless of their pathway to KOR SBSDR to ensure a competitive and level playing field. A “Reporting Client” means the reporting counterparty that has in place a fully executed agreement and is liable for the fees incurred for the use of KOR Services. The Reporting Client may delegate billing and payments to another client by authorizing either a Related Entity or their Third-Party Reporter. The “Related Entity” refers to other clients of KOR ( i.e., KOR Counterparty Clients) within the same corporate structure as the Reporting Client, creating a Client Group. KOR will aggregate the fee liable activity for Related Entities under a Client Group and provide a single invoice. A “Third-Party Reporter” refers to an entity that has a fully executed agreement with KOR and is facilitating reporting for a KOR Counterparty Client. A Third-Party Reporter is not charged fees for the activity of their customers, who are also KOR Counterparty Clients, but may be assigned billing (receipt of invoices and payment responsibilities) by KOR Counterparty Clients. When a Counterparty Client makes a billing assignment to a Third-Party Reporter it is for all billable activity related to use of KOR Services of that Counterparty Client (including activity beyond what is associated to the Third-Party Reporter), and Counterparty Clients may only assign billing to a single Third-Party Reporter. The application provides that reporting by Platforms which are Security-Based Swap Execution Facilities or National Securities Exchanges are treated as messages under a Third-Party Reporter whereby the Reporting Counterparty is assessed KOR reporting fees and the Platform, by default, is not. A Platform may elect to assume direct billing responsibility for any Reporting Counterparty that is a KOR Counterparty Client. If the Reporting Counterparty on a Platform reported transaction is not a KOR Counterparty Client, the Platform reporter will be billed for the message activity which will be aggregated with all other Platform billable message activity.

KOR SBSDR offers simplified subscription plans where each tier plan limits the maximum number of messages a Reporting Client may report per month. To calculate the calendar monthly fee, KOR totals all eligible messages submitted in the prior month for each Counterparty Client or Client Group. KOR provides a 10% monthly overage allowance across all tiers for any given month per Counterparty Client or Client Group. KOR's subscription plan is organized into ten (10) tiers. Tier 1 allows for 100 monthly messages produced with a monthly fee of $100; Tier 2 allows for 1,000 monthly messages produced with a monthly fee of $500; Tier 3 allows for 10,000 monthly messages produced with a monthly fee of $2,000; Tier 4 allows for 100,000 monthly messages produced with a monthly fee of $6,000; Tier 5 allows for 1,000,000 monthly messages produced with a monthly fee of $15,000; Tier 6 allows for 4,000,000 monthly messages produced with a monthly fee of $36,000; Tier 7 allows for 9,000,000 monthly messages produced with a monthly fee of $60,000; Tier 8 allows for 14,000,000 monthly messages produced with a monthly fee of $95,000; Tier 9 allows for 19,000,000 monthly messages produced with a monthly fee of $150,000; and Tier 10 allows for 24,000,000 monthly messages produced with a monthly fee of $220,000.

KOR SBSDR is a 100% cloud service leveraging the performance and scale available through the cloud infrastructure. KOR incurs costs through the accessing of its clients' data hosted and used to generate trade reports requested by clients. The application states that the KOR SBSDR Fee Schedule is designed for simplicity and flexibility, modeling an expected mix of scheduled access to standard reports in addition to reasonable use of ad-hoc reporting. KOR will monitor the generation of reports across each client and KOR will provide advice when it observes use that exceeds standard fair allowances. KOR states that should a client need continued reports at a sustained activity level higher than expected, a move to a higher fee tier may be deemed appropriate. KOR will generate invoices by the fifth (5th) day of every calendar month for the prior month's activity. The billing currency is USD ($) and invoices must be paid in USD. Invoices are payable within 45 days upon receipt. Accounts not paid within terms are subject to a 1.5% monthly finance charge. KOR SBSDR will accept and process billing adjustments up to 45 days after the invoice date. Adjustment requests received after the 45-day period will not be accepted by KOR SBSDR. Approved adjustments will be applied as credits and appear on the next billing cycle as a separate line item.

2. Discussion

Section 13(n)(7)(A) of the Exchange Act prohibits an SDR (unless necessary or appropriate to achieve the purposes of the Exchange Act) from: (i) adopting any rule or taking any action that results in any unreasonable restraint of trade; or (ii) imposing any material anti-competitive burden on the trading, clearing, or reporting of transactions. Rule 13n-4(c)(1)(i) under the Exchange Act also requires an SDR to ensure that any dues, fees, or other charges that it imposes, and any discounts or rebates that it offers, are fair and reasonable and not unreasonably discriminatory. It also requires that such dues, fees, other charges, discounts, or rebates be applied consistently across all similarly situated users of the SDR's services. In discussing the fee provisions of the SDR Rules, the Commission stated that it would take a flexible approach in evaluating the fairness and reasonableness of an SDR's fees and charges on a case-by-case basis, recognizing that there may be instances in which an SDR could charge different users different prices for the same or similar services.

The Commission received no comments on the KOR Notice. As described above, the KOR Application describes fees offered on a subscription model fee schedule treating all submissions equally with no preferential pricing arrangements to any client on any basis for usage of SDR services. The subscription component of KOR's fees is assessed on a per message basis to align SBSDR services and the expense to offer such services. The fee structure is consistent with the requirement of an SDR to ensure that any dues, fees, or other charges imposed are fair and reasonable and not unreasonably discriminatory.

E. Recordkeeping

1. Summary of KOR's Application

The KOR Rulebook provides that KOR will maintain transaction data and related identifying information for not less than five years after the applicable SBS expires and historical positions for not less than five years: (a) in a place and format that is readily accessible and usable to the Commission and other persons with authority to access or view such information, and (b) in an electronic format that is non-rewriteable and non-erasable.

2. Discussion

Rule 13n-5(b)(4) of the Exchange Act requires an SDR to maintain transaction data and related identifying information for not less than five years after the SBS expires and historical positions for not less than five years in a place and format that is readily accessible and usable to the Commission and other persons with authority to access or view such information and in an electronic format that is non-rewriteable and non-erasable. Rule 13n-7 requires an SDR to make and keep current books and records relating to its business for at least five years, and for the first two years, keep such records in a place that is immediately available to representatives of the Commission for inspection and examination. In addition, Rule 13n-5(b)(8) requires an SDR to make and keep current a plan to ensure that the transaction data and positions that are recorded in the SDR continue to be maintained in accordance with Rule 13n-5(b)(7), including procedures for transferring the transaction data and positions to the Commission or its designee.

The Commission received no comments on the KOR Notice. As described above, the KOR Application provides for the recordkeeping of SBS transaction data for not less than five years following the termination of the transaction, and will be readily accessible throughout the life of a security-based swap in an electronic format that is non-rewriteable and non-erasable. In addition, KOR provides for the transferring of transaction data and positions to the Commission via reports designed to provide visibility into positions and the status of submitted trades and also provides for direct electronic access to data reported to KOR in satisfaction of the Commission's regulatory requirements both for the Commission and, where such access is permitted by applicable law and any relevant Memorandum of Understanding or other arrangement, the Commission's designee.

F. Disclosure

1. Summary of KOR's Application

KOR publishes a disclosure document (“KOR Disclosure Document”) to provide a summary of information regarding its service offerings and the SBS data it maintains. Specifically, the disclosure document sets forth a description of the following: (i) criteria for providing access to KOR SBSDR; (ii) criteria for market participants seeking to connect to the SBSDR; (iii) policies and procedures regarding the SBSDR's safeguarding of SBSDR data and operational reliability to protect the confidentiality and security of SBSDR data; (iv) policies and procedures to protect the privacy of SBSDR data; (v) policies and procedures regarding the SBSDR's non-commercial and/or commercial use of SBSDR data; (vi) dispute resolution procedures; (vii) description of SBSDR services; (viii) the SBSDR fee schedule; and (ix) the SBSDR's governance arrangements.

2. Discussion

Rule 13n-10 under the Exchange Act requires that, before accepting any SBS data from a market participant or upon a market participant's request, an SDR shall furnish to the market participant a disclosure document that contains certain written information, which must reasonably enable the market participant to identify and evaluate accurately the risks and costs associated with using the SDR's services. This written information must contain the following: (i) the SDR's criteria for providing others with access to the services offered and data it maintains; (ii) its criteria for those seeking to connect to or link with the SDR; (iii) a description of its policies and procedures regarding its safeguarding of data and operational reliability, as described in Rule 13n-6; (iv) a description of its policies and procedures reasonably designed to protect the privacy of SBS transaction information that it receives, as described in Rule 13n-9(b)(1); (v) a description of its policies and procedures regarding its noncommercial and commercial use of SBS transaction information that it receives, as described in Rule 13n-5(b)(6); (vi) a description of its dispute resolution procedures, as described in Rule 13n-5(b)(6); (vii) a description of all the SDR's services, including any ancillary services; and (viii) the SDR's updated schedule of any dues; unbundled prices, rates or other fees for all of its services, including ancillary services; any discounts or rebates offered; and the criteria to benefit from such discounts or rebates; and (ix) a description of its governance arrangements.

The Commission received no comments on the KOR Notice. As described throughout this order, the KOR Application includes extensive discussion of KOR's policies and procedures with respect to access, the use of SBS transaction information, service offerings, including ancillary services, and governance arrangements. The KOR Disclosure Document presents a reasonably comprehensive view of the applicant's overall service offering, from which a potential user could identify and evaluate accurately the risks and costs associated with using the SDR's services. In addition, regarding the requirement to furnish the document to market participants, the Commission understands that KOR publishes similar disclosure documents on its website, and anticipates the same for the KOR Disclosure Document relevant to this application.

G. Regulatory Reporting and Public Dissemination

As a registered SDR, KOR would carry out an important role in the regulatory reporting and public dissemination of SBS transactions. As stated above, KOR has stated that it intends to rely on the no-action statement included in the ANE Adopting Release for the period set forth in the ANE Adopting Release with respect to any SBS asset class or classes for which it intends to accept transaction reports. Therefore, KOR does not need to include materials in its application explaining how it would comply with the provisions of the SBS Reporting Rules described in the no-action statement. Instead, KOR may rely on its discussion about how it complies with comparable CFTC requirements pertaining to regulatory reporting and public dissemination of swap transactions.

In the no-action statement in the ANE Adopting Release, the Commission stated that an applicant “will not need to include materials in its application explaining how it would comply with the provisions [specifically noted as not providing a basis for a Commission enforcement action during the pendency of the statement].” The applicant “could instead rely on its discussion about how it complies with comparable CFTC requirements.” In its application, KOR provided exhibits that adapted its policies and procedures for regulatory reporting and public dissemination of swaps for use in the SBS market. With respect to its role in the regulatory reporting and public dissemination of SBS transactions, KOR has satisfied the approach described by the Commission in the no-action statement regarding the information and representations sufficient to support its approval for registration as an SDR and SIP, and that registering KOR as an SDR may improve the quality of SBS data that is publicly disseminated by promoting competition among SDRs as to the collection and public dissemination of SBS data.

IV. Evaluation of KOR's Application and Commission Findings

Consistent with the standard for registration previously described in Part II.B, the Commission has considered whether KOR is so organized, and has the capacity, to be able to assure the prompt, accurate, and reliable performance of its functions as an SDR, comply with any applicable provisions of the securities laws and the rules and regulations thereunder, and carry out its functions in a manner consistent with the purposes of section 13(n) of the Exchange Act and the rules and regulations thereunder. The Commission finds that KOR meets these criteria for registration as an SDR for the reasons described throughout this order.

To evaluate KOR's application to register as a SIP, and consistent with the standard for registration previously described in Part II.B, the Commission has considered whether KOR is so organized, and has the capacity, to be able to assure the prompt, accurate, and reliable performance of its functions as a SIP, comply with the provisions of the Exchange Act and the rules and regulations thereunder, carry out its functions in a manner consistent with the purposes of the Exchange Act, and, insofar as it is acting as an exclusive processor, operate fairly and efficiently. The Commission finds that KOR meets these criteria for registration as a SIP for the reasons described throughout this order.

V. Conclusion

For the reasons discussed above, the Commission finds that KOR meets the applicable requirements for registration as an SDR, including those standards set forth in section 13(n) of the Exchange Act and Commission rules and regulations thereunder, and the applicable requirements for registration as a SIP under section 11A(b) of the Exchange Act.

It is hereby ordered that the application for registration as a security-based swap data repository and a securities information processor filed by KOR Reporting, Inc. (File No. SBSDR-2023-01) pursuant to sections 13(n) and 11A(b) of the Exchange Act be, and hereby is, approved.

[FR Doc. 2024-25961 Filed 11-7-24; 8:45 am]

BILLING CODE 8011-01-P