[Federal Register Volume 85, Number 92 (Tuesday, May 12, 2020)]
[Notices]
[Pages 28069-28082]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-10040]



[[Page 28069]]

-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-88826; File No. S7-24-89]


Joint Industry Plan; Order Approving the Forty-Seventh Amendment 
to the Joint Self-Regulatory Organization Plan Governing the 
Collection, Consolidation and Dissemination of Quotation and 
Transaction Information for Nasdaq-Listed Securities Traded on 
Exchanges on an Unlisted Trading Privileges, as Modified by the 
Commission, Concerning a Confidentiality Policy

May 6, 2020.

I. Introduction

    On November 25, 2019,\1\ the Joint Self-Regulatory Organization 
Plan Governing the Collection, Consolidation and Dissemination of 
Quotation and Transaction Information for Nasdaq-Listed Securities 
Traded on Exchanges on an Unlisted Trading Privileges Basis (``Nasdaq/
UTP Plan'' or ``Plan'') participants (``Participants'') \2\ filed with 
the Securities and Exchange Commission (``SEC'' or ``Commission'') 
pursuant to Section 11A of the Securities Exchange Act of 1934 
(``Act'') \3\ and Rule 608 of Regulation National Market System 
(``NMS'') thereunder,\4\ a proposal to amend the Nasdaq/UTP Plan.\5\ 
The amendment represents the Forty-Seventh Amendment to the Plan 
(``Amendment''). As described in the Amendment, the Participants 
proposed to adopt a confidentiality policy to provide guidelines for 
the Operating Committee and the Advisory Committee of the Plan, and all 
subcommittees thereof, regarding the confidentiality of any data or 
information generated, accessed, or transmitted to the Operating 
Committee, as well as discussions occurring at a meeting of the 
Operating Committee or any subcommittee. The Amendment was published 
for comment in the Federal Register on January 14, 2020.\6\
---------------------------------------------------------------------------

    \1\ See Letter from Robert Books, Chairman, Operating Committee, 
Nasdaq/UTP Plan, to Vanessa Countryman, Secretary, Commission, dated 
November 19, 2019 (``Transmittal Letter'').
    \2\ The Participants are the national securities association and 
national securities exchanges that submit trades and quotes to the 
Plan and include: Cboe BYX Exchange, Inc., Cboe BZX Exchange, Inc., 
Cboe EDGA Exchange, Inc., Cboe EDGX Exchange, Inc., Cboe Exchange, 
Inc., Financial Industry Regulatory Authority, Inc., The Investors 
Exchange LLC, Long-Term Stock Exchange, Inc., Nasdaq BX, Inc., 
Nasdaq ISE, LLC, Nasdaq PHLX, Inc., The Nasdaq Stock Market LLC, New 
York Stock Exchange LLC, NYSE American LLC, NYSE Arca, Inc., NYSE 
Chicago, Inc., and NYSE National, Inc. (each a ``Participant'' and 
collectively, the ``Participants''). Participants also are members 
of the Plan's Operating Committees. Other parties include the 
``Processor,'' who is charged with collecting, processing and 
preparing for distribution or publication all Plan information. The 
``Administrator'' is charged with administering the Plan to include 
data feed approval, customer communications, contract management, 
and related functions. The ``Advisory Committee members'' are 
individuals who represent particular types of financial services 
firms or actors in the securities market, and who were selected by 
Plan participants to be on the Advisory Committee. A list of the 
Processor, Administrator, and Advisory Committee members is 
available at http://www.utpplan.com/governance.
    \3\ 15 U.S.C. 78k-1(a)(3).
    \4\ 17 CFR 242.608.
    \5\ The Plan governs the collection, processing, and 
dissemination on a consolidated basis of quotation information and 
transaction reports in Eligible Securities for its Participants. 
This consolidated information informs investors of the current 
quotation and recent trade prices of Nasdaq securities. It enables 
investors to ascertain from one data source the current prices in 
all the markets trading Nasdaq securities. The Plan serves as the 
required transaction reporting plan for its Participants, which is a 
prerequisite for their trading Eligible Securities. See Securities 
Exchange Act Release No. 55647 (April 19, 2007), 72 FR 20891 (April 
26, 2007).
    \6\ See Securities Exchange Act Release No. 87910 (January 8, 
2020), 85 FR 2212 (January 14, 2020) (``Notice''). Comments received 
in response to the Notice are available at https://www.sec.gov/comments/s7-24-89/s72489.shtml.
---------------------------------------------------------------------------

    In the Commission's view, the Amendment must balance protection 
against the potential misuse of confidential information with the 
strong interest in public transparency about the operations of the Plan 
in light of the important function the Plan serves in the national 
market system. This order approves the Amendment to the Plan, as 
modified by the Commission, to better strike that balance. A copy of 
the Amendment, as modified by the Commission, is attached as Exhibit A 
hereto. The Commission concludes that the Amendment, as modified, is 
appropriate in the public interest, for the protection of investors and 
the maintenance of fair and orderly markets, to remove impediments to, 
and perfect the mechanism of a national market system, or is otherwise 
in furtherance of the purposes of the Act.\7\
---------------------------------------------------------------------------

    \7\ 17 CFR 242.608(b)(2).
---------------------------------------------------------------------------

II. Description of the Proposal

    According to the Participants, the confidentiality policy is 
designed broadly to (i) protect against any potential misuse of 
confidential information, which includes, but is not limited to, 
protecting confidential information obtained or generated by the 
Administrator and Processor in connection with the operation of the 
securities information processor (``SIP'') operated pursuant to the 
Plan; as well as (ii) to allow the Operating Committee to disclose 
confidential information to the Advisory Committee to obtain its input 
without concern that such confidential information may be shared beyond 
the Advisory Committee.\8\
---------------------------------------------------------------------------

    \8\ See Notice, supra note 6, 85 FR at 2207. The Amendment also 
proposes to define the term ``Public Information'' and require that 
certain information be made publicly available. See Section 2(d) of 
the proposed policy.
---------------------------------------------------------------------------

    Among other things, the Participants believe that the proposed 
Amendment will allow for more sharing of information with the Advisory 
Committee regarding the operation of the Plan and elicit more input by 
the Advisory Committee on Plan matters that might otherwise be deemed 
confidential.\9\ By sharing information that would in the ordinary 
course be considered appropriate for confidential treatment, the 
Participants believe that the Advisory Committee will be able to 
provide more informed advice and recommendations with respect to the 
operation and governance of the Plan.\10\
---------------------------------------------------------------------------

    \9\ See Notice, supra note 6, 85 FR at 2213.
    \10\ See id. at 2214.
---------------------------------------------------------------------------

A. Proposed Confidentiality Policy

    The confidentiality policy proposed by the Participants applies to 
all representatives of the Participants, Pending Participants, the 
Nasdaq/UTP Administrator and Processor, and the Advisory Committee. 
Additionally, it applies to agents of the Operating Committee, 
including, but not limited to, attorneys, advisors, accountants, 
contractors or subcontractors, as well as any third parties invited to 
attend meetings of the Operating Committee or Plan subcommittees. These 
persons are collectively defined in the confidentiality policy as 
``Covered Persons.'' \11\
---------------------------------------------------------------------------

    \11\ As specifically set forth by the Participants under Section 
1(b) of the proposed policy, Covered Persons would not include staff 
of the Commission.
---------------------------------------------------------------------------

    The policy establishes guidelines and procedures for (i) 
identifying and categorizing types of confidential information, (ii) 
providing increasing degrees of protection for more sensitive types of 
confidential information, and (iii) setting forth the circumstances in 
which disclosure of confidential information may be authorized. The 
proposed confidentiality policy creates three categories of 
confidential information: (1) Restricted Information; \12\ (2) Highly 
Confidential Information; \13\ and (3) Confidential

[[Page 28070]]

Information.\14\ The proposed confidentiality policy also defines the 
term ``Public Information.'' \15\ The confidentiality policy outlines 
the procedures with respect to identifying documents as Restricted, 
Highly Confidential, or Confidential as well as the procedures 
regarding how to treat documents and information in each category. The 
confidentiality policy places the obligation on the Administrator and 
the Processor to be the custodians of all documents discussed by the 
Operating Committee and to maintain the classification of such 
documents.\16\
---------------------------------------------------------------------------

    \12\ Restricted Information was defined by the Participants 
under Section 2(a) of the proposed policy as (i) highly sensitive 
customer-specific financial information, (ii) customer-specific 
audit information, (iii) other customer financial information, and 
(iv) ``Personal Identifiable Information.''
    \13\ Highly Confidential Information was defined by the 
Participants under Section 2(b) of the proposed policy as (i) any 
data or information shared in an Executive Session or that would 
otherwise qualify for confidential treatment pursuant to the Plan's 
Executive Session Policy; and (ii) any other highly sensitive 
Participant-specific, customer-specific, individual-specific, or 
otherwise sensitive information relating to the Operating Committee, 
Participants, or customers that is not otherwise Restricted 
Information. Highly Confidential Information includes: A 
Participant's contract negotiations with the Processor or 
Administrator; personnel matters; information concerning the 
intellectual property of Participants or customers; and any document 
subject to the Attorney-Client Privilege or Work Product Doctrine.
    \14\ Confidential Information was defined by the Participants 
under Section 2(c) of the proposed policy as (i) any non-public data 
or information designated as Confidential by a majority vote of the 
Operating Committee; (ii) any document generated by a Participant or 
Advisor and designated by that Participant or Advisor as 
Confidential; (iii) the minutes of the Operating Committee or any 
subcommittee thereof unless approved by the Operating Committee for 
release to the public; and (iv) the individual views and statements 
of Covered Persons and SEC staff disclosed during a meeting of the 
Operating Committee or any subcommittees thereunder.
    \15\ Public Information was defined by the Participants under 
Section 2(d) of the proposed policy as (i) any information that is 
not either Restricted Information or Highly Confidential Information 
or that has not been designated as Confidential Information; (ii) 
any confidential information that has been approved by the Operating 
Committee for release to the public; or (iii) any information that 
is otherwise publicly available. Public Information includes, but is 
not limited to, any topic discussed during a meeting of the 
Operating Committee, an outcome of a topic discussed, or a Final 
Decision of the Operating Committee.
    \16\ The Administrator may, under delegated authority, designate 
documents as Restricted, Highly Confidential, or Confidential, which 
will be determinative unless altered by a majority vote of the 
Operating Committee.
---------------------------------------------------------------------------

B. Procedures Governing Restricted Information

    With respect to Restricted Information, to ensure the protection of 
customer identities and customer-related information, the proposed 
Amendment provides that such information will be disclosed only when 
necessary to conduct Plan-related business.\17\ Specifically, 
Restricted Information will be kept in confidence by the Administrator 
and Processor and will not be disclosed to the Operating Committee or 
any subcommittee thereof, or during Executive Session,\18\ or to the 
Advisory Committee except in limited circumstances.
---------------------------------------------------------------------------

    \17\ See Notice, supra note 6, 85 FR at 2215.
    \18\ See Section IV.E.(d) of the Nasdaq/UTP Plan (providing for 
the use of ``Executive Sessions'' in which the Operating Committee 
meets without members of the Advisory Committee present).
---------------------------------------------------------------------------

C. Procedures Governing Highly Confidential Information

    With respect to Highly Confidential Information, the proposed 
confidentiality policy provides that such information may be disclosed 
only in Executive Session of the Operating Committee or to the Legal 
Subcommittee. Highly Confidential Information also may be disclosed to 
SEC staff, unless it is protected by the Attorney-Client Privilege or 
the Work Product Doctrine.
    In addition, the proposal allows a Covered Person that is a 
representative of a Participant to disclose Highly Confidential 
Information to other employees or agents of the Participant or to the 
Participant's affiliates as needed for such Covered Person to perform 
his or her function on behalf of the Participant, as reasonably 
determined by the Covered Person.\19\
---------------------------------------------------------------------------

    \19\ The proposal requires that the policy be made available to 
the recipient and states that the recipient will be required to 
abide by the confidentiality policy.
---------------------------------------------------------------------------

    Further, because of the heightened concerns regarding the 
disclosure of Highly Confidential Information, in the event a Covered 
Person is determined by a majority vote of the Operating Committee to 
have disclosed Highly Confidential Information, the proposal authorizes 
the Operating Committee to determine the appropriate remedy for the 
breach based on the facts and circumstances of the event.\20\
---------------------------------------------------------------------------

    \20\ For the representatives of a Participant, the proposal 
specifies that appropriate remedies include a letter of complaint 
submitted to the SEC, which may be made public by the Operating 
Committee. For a member of the Advisory Committee, the proposal 
specifies that appropriate remedies include removal of that member 
from the Advisory Committee.
---------------------------------------------------------------------------

D. Procedures Governing Confidential Information

    Under the proposed confidentiality policy, Confidential Information 
may be disclosed to the Operating Committee, any subcommittee thereof, 
and the Advisory Committee. A Covered Person may not disclose 
Confidential Information to any individual that is not either a Covered 
Person or a member of the SEC staff, except with authorization of the 
Operating Committee, or as may be otherwise required by law.\21\
---------------------------------------------------------------------------

    \21\ With respect to Confidential Information that is generated 
by a Participant or member of the Advisory Committee, the Operating 
Committee may authorize its disclosure only with the consent of that 
Participant or Advisory Committee member.
---------------------------------------------------------------------------

    Further, in order to elicit industry feedback, members of the 
Advisory Committee may be authorized by the Operating Committee to 
disclose particular Confidential Information to enable them to consult 
with third-party industry representatives or technical experts subject 
to certain restrictions.
    As it does for Highly Confidential Information, the proposal allows 
a Covered Person that is a representative of a Participant to disclose 
Confidential Information to other employees or agents of the 
Participant or to the Participant's affiliates as needed for such 
Covered Person to perform his or her function on behalf of the 
Participant, as reasonably determined by the Covered Person.\22\
---------------------------------------------------------------------------

    \22\ The proposal requires that the policy be made available to 
the recipient and states that the recipient will be required to 
abide by the confidentiality policy.
---------------------------------------------------------------------------

    Finally, the proposal requires a Covered Person that discloses 
Confidential Information without the authorization of the Operating 
Committee to report such disclosure to the Chair of the Operating 
Committee, which will then be recorded in the minutes of the meeting of 
the Operating Committee.\23\
---------------------------------------------------------------------------

    \23\ The proposal further requires the name(s) of the person(s) 
who disclosed such Confidential Information to be recorded in any 
publicly available summaries of Operating Committee minutes.
---------------------------------------------------------------------------

III. Discussion and Modifications by the Commission

    Pursuant to Rule 608, the Commission shall approve the amendment, 
``with such changes or subject to such conditions as the Commission may 
deem necessary or appropriate,'' if it finds that the amendment is 
``necessary or appropriate in the public interest, for the protection 
of investors and the maintenance of fair and orderly markets, to remove 
impediments to, and perfect the mechanisms of, a national market 
system, or otherwise in furtherance of the purposes of the Act.'' \24\ 
After carefully considering the comments received on the Amendment, the 
Commission is approving the Amendment, as modified by the Commission 
pursuant to Section 11A of the Act \25\ and Rule 608 thereunder. The 
Commission believes the Plan should have a confidentiality policy, but 
believes that the modifications

[[Page 28071]]

discussed in detail below are appropriate.
---------------------------------------------------------------------------

    \24\ 17 CFR 608(b)(2).
    \25\ 15 U.S.C. 78k-1.
---------------------------------------------------------------------------

A. Scope

1. Applicability
    In the Notice, the Commission solicited comments on, among other 
things, whether the proposed guidelines and procedures setting forth 
the circumstances in which disclosure of confidential information may 
be authorized are sufficiently clear and comprehensive.\26\ Among other 
questions, the Commission asked whether commenters believe ``that the 
scope of the proposed Amendment is sufficiently comprehensive to cover 
all parties that might have access to confidential information, or 
should the scope be broadened to apply to additional classes of 
persons.'' For example, the Commission asked whether ``outsourced 
service providers (including, but not limited to, firms and persons 
that provide audit services, accounting services, or legal services to 
the Plan, the Administrator, or the Processor) [should] be subject to 
additional restrictions, particularly if they are directly or 
indirectly affiliated with a Participant, the Administrator, the 
Processor, or any entity that offers separately proprietary data 
products to a substantially similar customer base, i.e., customers or 
potential customers of the SIPs.'' \27\ The Commission further asked 
whether the Plan should ``explicitly preclude itself from engaging with 
an Administrator, Processor, auditor, or any agents or third parties 
thereof, unless the entity establishes, maintains, and enforces 
policies and procedures to safeguard confidential and proprietary 
information and to prevent its direct or indirect misuse'' and, if so, 
whether ``the Operating Committee [should] review those policies and 
procedures and/or should they be made public (i.e., provided on the 
Plan's website).'' \28\
---------------------------------------------------------------------------

    \26\ See Notice, supra note 6, 85 FR at 2217.
    \27\ Id.
    \28\ Id.
---------------------------------------------------------------------------

    In response to the Notice, the Advisory Committee said it believes 
that ``the confidentiality policy should extend to any information 
obtained by outsourced service providers in order to ensure that 
information learned by such service providers is only shared with those 
individuals of the Operating Committee required to receive such 
information and in furtherance of the service provider's agreement with 
the plan.'' \29\ Another commenter similarly stated that ``[o]utsourced 
service providers (including, but not limited to, firms and persons 
that provide audit, accounting, or legal services to the Plan(s), the 
Administrator, or the Processor) should be subject to additional 
restrictions, particularly if they are directly or indirectly 
affiliated with a Participant Administrator, Processor, or any entity 
that offers separately proprietary data products to a substantially 
similar customer base.'' \30\ The commenter further recommended that 
the ``Plan(s) should explicitly preclude themselves from engaging with 
an Administrator Processor, auditor, or any agents or third parties 
thereof, unless the entity attests and adheres to the confidentiality 
policies and procedures established by the Plan . . . and provides 
conflicts of interest disclosures.'' \31\
---------------------------------------------------------------------------

    \29\ Letter from CTA/UTP Advisory Committee to Vanessa 
Countryman, Secretary, Commission, dated January 24, 2020 
(``Advisory Committee Letter'') at 2.
    \30\ Letter from Joseph Kinahan, Managing Director, Client 
Advocacy and Market Structure, TD Ameritrade to Vanessa A. 
Countryman, Secretary, Commission, dated February 4, 2020 (``TD 
Ameritrade Letter'') at 9.
    \31\ Id. Other comments received in response to the Commission's 
separate notice of a proposed order concerning a new NMS plan 
regarding consolidated equity market data (Securities Exchange Act 
Release No. 87906 (January 8, 2020), 85 FR 2164 (January 14, 2020) 
(File No. 4-757) (``Governance Notice'') also supported a robust 
confidentiality policy that would apply to SRO and non-SRO persons. 
See, e.g., Letter from Sherry Madera, Chief Industry Government 
Affairs Officer, Refinitiv, to Vanessa Countryman, Secretary, 
Commission, dated February 27, 2020 at 3; Letter from Lisa Mahon 
Lynch, Associate Director, Global Trading, Wellington Management 
Company LLP, to Vanessa Countryman, Secretary, Commission, dated 
February 28, 2020 at 2; Letter from Anders Franzon, General Counsel, 
Members Exchange LLC, to Vanessa Countryman, Secretary, Commission, 
dated February 28, 2020 at 6; Letter from Jennifer W. Han, Associate 
General Counsel, Managed Funds Association, and Adam Jacobs-Dean, 
Managing Director, Global Head of Markets Regulation, Alternative 
Investment Management Association, to Vanessa Countryman, Secretary, 
Commission, dated February 28, 2020 at 5; Letter from Ellen Greene, 
Managing Director, Equity & Options Market Structure, Securities 
Industry and Financial Markets Association, to Vanessa Countryman, 
Secretary, Commission, dated February 28, 2020 at 6; Letter from 
Rich Steiner, Head of Client Advocacy and Market Innovation, RBC 
Capital Markets, LLC, to Vanessa Countryman, Secretary, Commission, 
dated February 28, 2020 at 4; Letter from Joe Wald, Chief Executive 
Officer, and Ray Ross, Chief Technology Officer; Clearpool Group, to 
Vanessa Countryman, Secretary, Commission, dated February 28, 2020 
at 5; Letter from Daniel Keegan, Head of North America Market 
Securities Services, Co-Head of Global Equities & Securities 
Services, Citigroup Global Markets Inc., to Vanessa Countryman, 
Secretary, Commission, dated March 2, 2020 at 4.
---------------------------------------------------------------------------

    After considering the comments received in response to the 
Amendment, the Commission believes that it is appropriate to modify the 
scope of the Amendment to extend it to affiliates and employees of the 
Operating Committee, a Participant, a Pending Participant, the 
Administrator, and the Processor. The Commission agrees with commenters 
that the scope of the proposed Amendment should be broadened to include 
other parties or persons that might have access to confidential 
information, including but not limited to outsourced service providers, 
such as firms and persons that provide audit services, accounting 
services, or legal services to the Plan, Administrator, or 
Processor.\32\ The Commission believes that all parties that generate, 
receive, or have access to sensitive Plan-related information by virtue 
of their service to the Plan, or their affiliation with a party that 
has such access, should be subject to the same standards to protect the 
confidentiality of that information. Including them within the scope of 
the Amendment will strengthen the confidentiality of information 
protections afforded by the policy.
---------------------------------------------------------------------------

    \32\ Firms and persons that provide audit services, accounting 
services, or legal services, depending on the services that they are 
performing for the Plan, may or may not be licensed and/or 
registered if they are not otherwise required to be so licensed or 
registered under applicable law. For example, a person that works on 
audits of SIP subscribers' data usage and customer classifications 
for compliance with SIP billing requirements might not herself be a 
registered public accountant. Persons that are registered and/or 
licensed may be subject to pre-existing professional standards of 
conduct that separately provide for the protection of confidential 
client information and impose other professional responsibility 
obligations. Whether persons are licensed and/or registered or not, 
the Commission believes that extending the Amendment to cover 
affiliates and employees is appropriate to ensure the protection of 
confidential information in light of the unique conflicts of 
interest inherent in Plan governance and operations. To the extent 
disclosure of confidential information is required by law or 
professional ethics obligations, the proposed Amendment provides for 
that possibility and allows such disclosure.
---------------------------------------------------------------------------

    More specifically, the Commission is concerned about the 
possibility of a Participant exchange obtaining commercially valuable 
data and information through its affiliates and employees that have 
responsibilities to the Plan, and then using that information and/or 
sharing it with employees or affiliates of the Participant exchange to 
benefit the exchange's proprietary data businesses. The conflicts 
resulting from such access could influence decisions as to the Plan's 
operation and thereby impede its ability to achieve the goals of the 
Plan to ensure the ``prompt, accurate, reliable, and fair collection, 
processing, distribution and publication of information with respect to 
quotations for and transactions in such securities and the fairness and 
usefulness of the

[[Page 28072]]

form and content of such information.'' \33\
---------------------------------------------------------------------------

    \33\ 15 U.S.C. 78k-1(c)(1)(B).
---------------------------------------------------------------------------

    Accordingly, the Commission is adding the phrase ``affiliates, 
employees, and'' to Section 1(b) and repeating the phrase ``a 
Participant, a Pending Participant, the Administrator, and the 
Processor,'' to provide that the policy will apply to ``affiliates, 
employees, and agents of the Operating Committee, a Participant, a 
Pending Participant, the Administrator, and the Processor.'' \34\ 
Similarly, the Commission is adding the phrase ``Covered Persons'' to 
the start of Section 1(c) and deleting the words ``The Administrator 
and Processor,'' to track the scope of Section 1(b) and the term 
``Covered Persons'' used therein. The Commission also is moving text, 
beginning with the second sentence of Section 1(c), to create a new 
Section (d) and adding thereto the phrase ``and the control of their 
Agents,'' to specifically require the written confidential information 
policies, which the Administrator and Processor must establish to 
protect information under their control, to also apply to information 
under the control of Agents of the Administrator and Processor. The 
Participants state that these provisions, like all others in the 
proposal, were discussed with, and incorporate input and comments 
received from, members of the Advisory Committee.\35\ Consistent with 
comments received in response to the proposed Amendment from, among 
others, members of the Advisory Committee, however, the Commission 
believes that these changes are appropriate to help ensure that the 
scope of the proposed Amendment is sufficiently broad so as to 
encompass other parties or persons that might have access to 
confidential information.
---------------------------------------------------------------------------

    \34\ In addition, in the non-exhaustive list of Agents contained 
in Section 1(b), the Commission is adding the word ``auditors.'' 
While auditors are already covered as ``contractors or 
subcontractors,'' auditors have access to competitively sensitive 
non-public information. Explicitly listing them avoids any doubt 
that they are covered by the confidentiality policy.
    \35\ See Notice, supra note 6, 85 FR at 2214, 2215.
---------------------------------------------------------------------------

    Further, the Commission believes that it is appropriate to modify 
the reference to ``all members of the Advisory Committee'' in Section 
1(b) to be ``all members of the Advisory Committee and their 
employers'' to require that Advisory Committee members' firms must 
protect the confidentiality of Plan information in the same way, for 
example, that a representative of a Participant's firm is required by 
this modified Amendment to protect the confidentiality of Plan 
information.\36\ In addition, Section 1(b) of the proposed policy 
provides that ``[a]ll Covered Persons must adhere to the principles set 
out in this Policy.'' The Commission believes that it is appropriate to 
modify Section 1(b) to add a provision whereby ``all Covered Persons 
that are natural persons may not receive Plan data and information 
until they affirm in writing that they have read this Policy and 
undertake to abide by its terms.'' The Commission believes that this 
additional provision will strengthen Section 1(b) of the policy by 
prohibiting access to Plan data and information until a Covered Person 
has affirmed in writing that the Covered Person has read the policy and 
undertaken to abide by its terms.
---------------------------------------------------------------------------

    \36\ This change, together with other modifications made by the 
Commission, should enhance the ability of Advisory Committee members 
to seek meaningful input from their respective employers while 
helping to ensure that standards for the sharing of protected 
information apply on equal terms to all Covered Persons. See Section 
3(d)(iii) (allowing the Operating Committee to authorize Advisors to 
disclose particular Confidential Information for consultation 
purposes).
---------------------------------------------------------------------------

2. Classification Based Solely on Content
    With respect to proposed guidelines for the classification of 
information, the Commission solicited comments on whether information 
shared in Executive Sessions should be classified as Highly 
Confidential simply because it had been shared in an Executive Session, 
or whether information should ``be classified based solely on its 
content and competitive sensitivity.'' \37\
---------------------------------------------------------------------------

    \37\ See Notice, supra note 6, 85 FR at 2217.
---------------------------------------------------------------------------

    In response, one commenter stated its belief that ``information 
shared in Executive Session should be classified based solely on its 
content and competitive sensitivity, and not simply due to the fact 
that such information was shared during Executive Session.'' \38\ 
Another commenter stated that ``information shared in Executive Session 
should not, by virtue of that fact alone, be treated as highly 
confidential. Rather, a case-by-case analysis is appropriate to 
determine whether or not information warrants confidential treatment.'' 
\39\
---------------------------------------------------------------------------

    \38\ TD Ameritrade Letter, supra note 30, at 7. According to the 
commenter, ``[a]llowing information to be classified based on its 
content provides for a flexible policy that will mature without the 
need for amendment as markets evolve.'' Id.
    \39\ Letter from Rich Steiner, Head of Client Advocacy and 
Market Information, RBC Capital Markets, to Vanessa Countryman, 
Secretary Commission, dated February 4, 2020 (``RBC Letter'') at 2-
3.
---------------------------------------------------------------------------

    The Commission agrees with commenters that policies and procedures 
for the classification of information should be based on the content 
and sensitivity of the information, rather than on the venue in which 
the information is shared.
    The Commission is therefore adding new Section 1(e) to require that 
``[i]nformation will be classified solely based on its content.'' 
Consistent with that modification, the Commission believes that it is 
appropriate to modify the definition of ``Highly Confidential 
Information'' in Section 2(b) to delete therefrom a clause that would 
have classified information as ``Highly Confidential'' solely because 
it was shared in Executive Session or pursuant to the Executive Session 
policy. Specifically, the Commission is deleting subsection (i) 
containing the words ``(i) any data or information shared in an 
Executive Session or that would otherwise qualify for confidential 
treatment pursuant to the Plan's Executive Session Policy; and (ii)'' 
and making a conforming change to delete the word ``other'' from the 
start of current subsection (ii).\40\ The Participants state that 
Executive Sessions are used sparingly to discuss a limited set of 
topics, as listed in the Plan's Executive Session policy, and that the 
proposed policy seeks to further facilitate the sharing of additional 
confidential information with the Advisory Committee.\41\ The 
Commission recognizes the Operating Committee's efforts to limit the 
use of Executive Sessions. Consistent with comments received, however, 
the Commission believes that methods for classification of information 
should be based on the content and sensitivity of information, rather 
than on the forum in which the information is shared.
---------------------------------------------------------------------------

    \40\ As such, the definition no longer contains two subsections.
    \41\ See Notice, supra note 6, 85 FR at 2213.
---------------------------------------------------------------------------

    Executive Sessions may be appropriate for Participants to discuss 
information that, on its own merits, is Highly Confidential and 
therefore not appropriate for broad dissemination. Executive Sessions 
should not shield from public dissemination information that is not 
sensitive or customer-specific and would not otherwise fall within the 
definitions of Restricted or Highly Confidential. But by classifying 
information based merely upon its being shared in Executive Session, 
the proposed policy may have the effect of shielding information that 
was not otherwise restricted or confidential. The Commission believes 
that a content-based approach to classifying information should help 
balance the need to safeguard sensitive information

[[Page 28073]]

with the important interest of providing greater transparency into the 
governance and operation of the Plan. The Commission does not believe 
that its modifications will inhibit information sharing within the 
Operating Committee. Rather, sensitive information, as well as 
information that is specific to individual persons and entities, that 
is Highly Confidential will continue to be protected, including through 
permissible use of Executive Sessions, while information that does not 
meet that standard can and should be shared with Advisors on the 
Operating Committee and, where appropriate, with the public.
3. Operating Committee Review of Policies
    In the Notice, with respect to proposed policies and procedures for 
the classification of information, the Commission solicited commenters' 
views with respect to whether ``a need may arise for information or 
data that are not initially categorized as confidential to be 
categorized as such at a later point in time'' and, if so, whether the 
Operating Committee should ``be able to classify or de-classify 
material as appropriate based on a majority vote.'' \42\ Similarly, the 
Commission asked whether the Amendment ``should require all 
Participants and other Covered Persons to establish, maintain, and 
enforce policies and procedures to safeguard confidential and 
proprietary information received via their participation in the Plan 
and to prevent its misuse by such Participants or entities controlling, 
controlled by, or under common control with such Participants.'' \43\ 
The Commission further asked whether commenters agree ``that certain 
confidential information may become less sensitive if it is anonymized 
and aggregated'' and even whether ``certain types of restricted or 
highly confidential information could be anonymized and aggregated to 
the point where it could be classified as public.'' \44\ The Commission 
asked about the methodology for anonymizing confidential information 
and whether the methodology should be standardized.\45\ The Commission 
also asked whether these policies should ``be subject to review and 
approval by the Operating Committee, and be posted publicly, to help 
ensure their adequacy and completeness.'' \46\
---------------------------------------------------------------------------

    \42\ Id. at 2217.
    \43\ Id. at 2216-2217.
    \44\ Id. at 2217.
    \45\ Id.
    \46\ Id.
---------------------------------------------------------------------------

    In response, one commenter stated ``the Plan(s) should explicitly 
define the required policies and procedures to safeguard confidential 
and proprietary information'' and designate responsibility for their 
development to one body to ensure a standardized approach.\47\ With 
respect to the classification of data or information, the commenter 
stated that ``a need may arise for information or data that are not 
initially categorized as confidential to be categorized as such at a 
later point in time,'' pointing out that one ``would anticipate the 
Plan Administrator may classify such document as Confidential subject 
to the next meeting of the Operating Committee, where they should be 
granted authority to review and re-classify or de-classify material as 
appropriate based on a majority vote.'' \48\ With respect to methods 
for rendering information less sensitive, the commenter believed that 
``[c]ertain confidential information may become less sensitive if it is 
anonymized and aggregated,'' adding that ``[c]ertain types of 
restricted or highly confidential information could be anonymized and 
aggregated to the point where it could be classified as confidential or 
public.'' \49\ According to the commenter, ``[t]he methodology for 
redacting/aggregating/anonymizing confidential information should be 
standardized such that the Administrator, Processor, auditor, and all 
other relevant parties follow a consistent practice. The methodology 
should include requirements for what information should always be 
redacted/aggregated/anonymized (e.g., customer names, size/demographic 
information that could reasonably be used to determine the name of the 
customer, etc.).'' \50\ The commenter recommended that ``[i]f any 
information that is anonymized, aggregated or redacted could still 
reasonably be used, whether independently or with current information 
available in the industry, to identify less than or equal to two firms/
Participants, then such information may not be re-classified to 
public.'' \51\
---------------------------------------------------------------------------

    \47\ TD Ameritrade Letter, supra note 30, at 4.
    \48\ Id. at 6.
    \49\ Id. at 9.
    \50\ Id.
    \51\ Id.
---------------------------------------------------------------------------

    After considering the comments received in response to the Notice, 
the Commission believes that it is appropriate to modify Section 1(c) 
(now located in Section 1(d)), which requires the Administrator and 
Processor to establish written confidentiality policies, to more 
specifically provide that those documents should include ``policies and 
procedures that provide systemic controls for classifying, 
declassifying, redacting, aggregating, anonymizing, and safeguarding 
information.'' The Commission believes that adding this detail is 
appropriate because it outlines the items that the written 
confidentiality policies must, at a minimum, address in order to 
protect the confidentiality of Plan information.
    In addition, the Commission believes that it is appropriate to 
require the Operating Committee to review and approve the 
confidentiality policies of the Administrator and Processor, upon 
adoption and on a periodic basis every two years thereafter or whenever 
changes are made, after which the policies would be publicly posted. As 
proposed, the policies would have been made available to the Operating 
Committee every two years or when changes are made.
    The Commission believes that requiring the Operating Committee to 
review and approve these important policies in this manner will help 
ensure that they are clear, complete, and comply with the Amendment. 
The Commission believes it is appropriate specifically to require the 
Operating Committee to affirmatively approve (in addition to 
``review'') the policies to ensure that the Operating Committee 
carefully considers and takes action on them. Requiring robust policies 
at the Administrator and Processor level, where some of the most 
sensitive information is generated, classified, and maintained for the 
Plan, is critical to the effectiveness of the Amendment. The Operating 
Committee can play an important role in protecting confidential 
information by carefully reviewing the policies of the Administrator 
and Processor and ensuring that they are consistent with the principles 
and procedures established in this Amendment. Finally, the Commission 
believes that it is appropriate to require the policies and procedures 
to be made publicly available, which will provide important 
transparency to market participants and the public about the steps the 
Processor and Administrator take to protect commercially sensitive 
information collected on behalf of the Plan. Further, the Commission 
believes that transparency via public dissemination should be favored 
to the greatest extent possible, and that when sensitive information 
can be anonymized or aggregated to reduce its sensitivity, such 
information should be anonymized and aggregated in accordance with a 
clear, standardized methodology to be consistently applied by 
Administrator and Processor. Thus, as revised, the Commission believes 
that

[[Page 28074]]

Section 1(d) creates an effective process to develop clear and robust 
confidentiality policies for the Administrator and Processor, and to 
periodically update such policies as technology and markets evolve.

B. Definitions: Public Information

    In the Notice, the Commission solicited comments on, among other 
things, whether certain SIP-related information should be considered 
public and available to be shared outside of the Operating 
Committee.\52\ The Commission further asked whether ``information that 
is not classified at some level of confidentiality should be considered 
public and may be shared freely outside of the Operating Committee.'' 
\53\ The Commission also solicited comment on whether Advisory 
Committee members needed access to sensitive information of substantial 
commercial and competitive value in order to perform their duties, such 
as underlying information relied on by Participants when making 
decisions on funding improvements to the SIP.\54\
---------------------------------------------------------------------------

    \52\ See Notice, supra note 6, 85 FR at 2217.
    \53\ Id.
    \54\ See id. at 2217-2218.
---------------------------------------------------------------------------

    In response, one commenter stated that ``[i]nformation that is not 
classified at some level of confidentiality should be considered public 
and may be shared freely outside of the Operating Committee. Specific 
information that [the commenter] believes should be considered public 
and shared outside of the Operating Committee may include shared Plan 
revenue information, industry subscriber and quote metrics, Processor 
transmission metrics and Operating Committee minutes.'' \55\ According 
to the commenter, ``[t]his information provides transparency into the 
operation of the Plan(s), valuable for making determinations on the 
efficacy of Plan operations.'' \56\ Two commenters supported the 
adoption of specific policies to specify what information should be 
made available outside of Executive Sessions or otherwise.\57\ One 
commenter expressed concern about ``the inclusion of the individual 
views and statements of Covered Persons during a meeting of the 
Operating Committee as Confidential Information'' and suggested that 
``at a minimum, a summary of direction/votes made by Covered Persons 
should be included in Committee Minutes, which would become public 
information.'' \58\ According to the commenter, ``[w]ithout 
transparency into the views attributable to individual Covered Persons 
responsible for directing Plan operations through their role on the 
Operating Committee, members of the public, as consumers of plan data, 
would be unable to determine whether those Covered Persons were acting 
in the best interests of the Plan(s) and were effective in their 
roles.'' \59\ One commenter supported disclosure of audited financial 
information and data and the use of funds by the Plan.\60\ Another 
commenter stated that ``the public deserves to know how much profits 
the exchanges make . . . [and] information that is currently non-public 
about the costs and operations [of the Plan].'' \61\
---------------------------------------------------------------------------

    \55\ TD Ameritrade Letter, supra note 30, at 7.
    \56\ Id.
    \57\ See Letter from Jeff Brown, Senior Vice President--
Legislative and Regulatory Affairs, Charles Schwab, to Vanessa 
Countryman, Secretary, Commission, dated February 4, 2020 (``Charles 
Schwab Letter''), at 3 and RBC Letter, supra note 39, at 3.
    \58\ TD Ameritrade Letter, supra note 30, at 5-6.
    \59\ Id.
    \60\ See Charles Schwab Letter, supra note 57, at 3.
    \61\ Letter from Tyler Gellasch, Executive Director, Healthy 
Markets Association to Vanessa Countryman, Secretary, Commission, 
dated February 20, 2020 (``Healthy Markets Letter''), at 20.
---------------------------------------------------------------------------

    One commenter expressed concern ``regarding the classification of 
all contracts between the Operating Committee and its agents as 
Confidential Information,'' stating that ``anyone with an interest in 
the Plan(s) should have sufficient transparency into the agents 
utilized by the Plan(s) to be able to contextualize and understand 
whether or not a conflict of interest may exist between the Operating 
Committee and contracted agents.'' \62\ According to the commenter, 
this ``may be a situation in which the Plan(s) allow for the 
flexibility to redact sensitive information from certain documents 
(e.g., pricing terms and conditions) and allow the classification of 
such information to remain public.'' \63\
---------------------------------------------------------------------------

    \62\ TD Ameritrade Letter, supra note 30, at 6.
    \63\ Id. The Commission is not modifying the Amendment to 
specifically include this requirement, but the Operating Committee 
could consider this suggestion.
---------------------------------------------------------------------------

    As discussed above regarding the classification of Plan-related 
information based solely on its content, the Commission believes that 
public availability of information should be favored to the greatest 
extent possible while still protecting sensitive information. After 
considering the comments received in response to the Notice, the 
Commission believes that this principle extends to certain information 
discussed by or relied upon by the Participants when making decisions 
on the administration and operation of the SIPs. Making this 
information public, so that members of the Advisory Committee and 
others can review it, will provide Advisors and members of the general 
public with access to previously unavailable information on the 
administration and operation of the SIPs, which serve an important 
public function in the equities market. The SIPs are critical 
regulatory market infrastructure, authorized by Congress and operated 
jointly by self-regulatory organizations as a key part of the 
securities markets, which Congress categorized as ``an important 
national asset.'' \64\ Market participants rely on the SIPs to inform 
their trading and assure their regulatory compliance efforts. Requiring 
greater transparency into the Plan's operations should provide market 
participants and the general public with a more comprehensive 
understanding of Plan operations, which should, in turn, facilitate 
their ability to make informed assessments and actively contribute, 
whether through feedback, input, or otherwise, to the effective 
governance of the Plan. And classifying the information discussed below 
as Public Information will facilitate market participants' and the 
public's ability to track, assess, and contribute to SIP governance and 
operations and therefore is consistent with the public interest, the 
protection of investors, and the maintenance of fair and orderly 
markets.
---------------------------------------------------------------------------

    \64\ 15 U.S.C. 78k-1(a)(1)(A).
---------------------------------------------------------------------------

    While the proposed policy defines the term ``Public Information,'' 
the proposal does not expressly provide that any specific, identifiable 
information or data relating to plan governance, operations, or 
administration is public, other than, as an illustrative example, ``any 
topic discussed during a meeting of the Operating Committee, an outcome 
of a topic discussed, or a Final Decision of the Operating Committee. . 
. .'' \65\ Defining more information on Plan governance, operations, 
and administration as ``Public Information,'' while still protecting 
sensitive information, should strengthen Plan administration and 
governance by promoting transparency, thereby facilitating review and 
feedback from market participants and the public. In addition, the 
Advisory Committee members and other firms and members of the public 
currently are prevented from seeing much of the underlying information 
relied on by the Participants when making decisions on funding of and 
improvements for the SIP. With greater access to information on the 
Plan's governance, operations, and administration, Advisors will be

[[Page 28075]]

better able to perform their responsibilities and will have the benefit 
of feedback from other firms and members of the public to inform their 
decision-making. The Operating Committee will correspondingly benefit 
from a valuable source of better informed input.
---------------------------------------------------------------------------

    \65\ See Section 2(d) of the policy as proposed.
---------------------------------------------------------------------------

    Thus, the Commission believes that it is appropriate to modify the 
definition of ``Public Information'' in Section 2(d) to include the 
following additional items of information: \66\
---------------------------------------------------------------------------

    \66\ Further, the Commission is adding the phrase ``except to 
the extent covered by (a), (b), or (d)'' to the start of Section 
2(c) to reflect that nothing in Section 2(c) can alter what is 
defined as Restricted, Highly Confidential, or Public. For example, 
the Operating Committee, a Participant, or an Advisor could not 
designate as Restricted Information, Highly Confidential 
Information, or Confidential Information something that falls within 
the definition of Public Information. The Commission also is 
modifying the definition of ``Public Information'' under Section 
2(d)(vi) concerning ``any information that is otherwise publicly 
available'' to add the phrase ``except for information made public 
as a result of a violation of this Policy or any applicable law or 
regulation'' to clarify that ``otherwise publicly available'' refers 
to information that is legally and appropriately within the public 
domain.
---------------------------------------------------------------------------

     The duly approved minutes of the Operating Committee and 
any subcommittee thereof with detail sufficient to inform the public on 
matters under discussion and the views expressed thereon (without 
attribution),\67\
---------------------------------------------------------------------------

    \67\ The Commission also is making a conforming change to 
Section 2(c) to reflect this provision by deleting subsection (iii) 
which, as proposed, stated: ``the minutes of the Operating Committee 
or any subcommittee thereof unless approved by the Operating 
Committee for release to the public.''
---------------------------------------------------------------------------

     Plan subscriber and performance metrics, and
     Processor transmission metrics.
    With respect to the public availability of the duly approved 
minutes for each meeting, the Commission is not requiring publicly 
available minutes to include legally privileged, Restricted, or Highly 
Confidential Information. Rather, the duly approved minutes generally 
must reflect, at a minimum, what entity met, the time and date of the 
meeting, the parties present, the topics discussed and views expressed 
thereon (without attribution), and the decisions made and votes 
recorded. Defining this information as ``Public Information'' will 
facilitate broader awareness of the governance of the critical market 
infrastructure for which the Participants are responsible under the 
Plan. In turn, broader awareness of Plan governance can facilitate the 
ability of market participants and the public to comment and provide 
input on important matters being considered by the Participants for the 
SIPs, which ultimately will promote fair and orderly markets and the 
protection of investors in the public interest to extent their input 
helps shape future Plan initiatives and strengthen the SIPs on which 
market participants and the public rely.
    Finally, the Commission believes, as supported by the commenter 
discussed above, that certain core metrics on the Plan's subscribers, 
performance, and data transmission should be public information in 
order to promote transparency of the Plan's operation and oversight. 
The Plan already makes such information publicly available, and 
specifically including it within the definition of Public Information 
recognizes that fact and ensures that such information, as well as 
similar information that may be prepared in the future, can continue to 
be made publicly available.\68\
---------------------------------------------------------------------------

    \68\ See Metrics published by the Plan, available at https://www.utpplan.com/metrics. Current subscriber metrics publicly 
disseminated include quarterly statistics on nonprofessional 
subscribers, professional subscribers, households, quote usage, 
internal vendors, external vendors, and non-display vendors. Current 
key operating metrics publicly disseminated by the Plan include 
statistics on system availability, peak messages (for certain 
defined periods of time), capacity messages (for certain defined 
periods of time), capacity versus peak ratios, peak transactions per 
day, capacity transactions per day, average and median latency, and 
various percentile latencies. As modified, the Amendment provides 
that this category of information will be considered Public 
Information. Accordingly, similar information prepared in the future 
that falls under these categories will be classified as Public 
Information.
---------------------------------------------------------------------------

    Public availability of Plan subscriber and performance metrics and 
Processor transmission metrics affords a limited, basic level of 
transparency of the key metrics associated with Plan operations, such 
as number of subscribers by category, system availability metrics, 
latency, and other information. Public transparency of this 
information, some of which already currently occurs, should provide 
greater transparency into important aspects of the Plan's operation and 
oversight. As noted above, the SIPs are critical regulatory market 
infrastructure, operated jointly by self-regulatory organizations 
providing quote and trade information upon which market participants 
and the public rely and which Congress categorized as ``an important 
national asset.'' \69\ As market participants rely on the SIPs to 
inform their trading and assure their regulatory compliance efforts, 
they have an interest in effective Plan operations and ensuring that 
the SIPs keep pace with evolving technology, markets, and regulatory 
developments. Classifying Plan subscriber and performance metrics and 
Processor transmission metrics as ``Public Information'' will 
facilitate market participants' and the public's ability to monitor, 
assess, and contribute to improving SIP operations and the ability of 
the SIPs to fulfill their purpose as critical market infrastructure as 
the markets evolve, thereby facilitating the maintenance of fair and 
orderly markets in the future.
---------------------------------------------------------------------------

    \69\ 15 U.S.C. 78k-1(a)(1)(A).
---------------------------------------------------------------------------

    For the reasons discussed throughout this order, the Commission 
believes that transparency of key Plan information, including duly 
approved Operating Committee meeting minutes, and performance, 
subscriber, and transmission metrics, is consistent with the public 
interest, the protection of investors, and the maintenance of fair and 
orderly markets.\70\
---------------------------------------------------------------------------

    \70\ The Plan currently publishes information on plan 
operations, including summaries of the General Sessions from the 
Operating Committees' quarterly meetings, plan policies, quarterly 
and monthly performance metrics, pricing schedules, and technical 
specifications. The Plan also makes publicly available certain 
information on SIP-related revenues, including trade and quote 
revenue distributed to Participants, per trade and quote message 
revenue (in aggregate) distributed to Participants, and revenue 
earned by fee type. This revenue data is updated on a quarterly 
basis, with a 60 day lag, and is available on the Plan's website at 
http://www.utpplan.com/metrics.
---------------------------------------------------------------------------

C. Procedures

1. General Procedures
    As discussed above, the Commission believes that it is appropriate 
to modify the Amendment to require the Administrator and Processor to 
establish written confidentiality policies, which, among other things, 
address the safeguarding of confidential information. As a conforming 
change to Section 3(a)(iii), which requires the Administrator to ensure 
that documents are properly labeled, the Commission is modifying that 
provision to include the phrase ``and, if applicable, electronically 
safeguarded.'' \71\ This conforming modification reflects the fact that 
the Administrator would be required to safeguard electronic documents 
within its control and/or possession such as by, for example, 
encrypting them during transmission and/or protecting them with a 
password or other access control.
---------------------------------------------------------------------------

    \71\ The Commission also is modifying Section 3(a)(iii) to add 
the word ``The'' before the word ``Administrator.''
---------------------------------------------------------------------------

2. Procedures for Restricted and Highly Confidential Information
    In the Notice, the Commission solicited comments on, among other 
things, whether commenters believe ``that Participants involved in the 
operation or governance of each Plan have, by consequence of their 
position,

[[Page 28076]]

access to information of substantial commercial and competitive 
value.'' \72\ If so, the Commission asked commenters to consider 
whether ``certain of that information, including customer-specific 
financial information, customer-specific audit information, personally 
identifiable information, and information concerning the intellectual 
property of Participants or customers, is highly sensitive to such a 
degree that its possession and use should be more tightly controlled.'' 
\73\
---------------------------------------------------------------------------

    \72\ Notice, supra note 6, 85 FR at 2216.
    \73\ Id.
---------------------------------------------------------------------------

    The Commission asked whether ``any Participant or Advisory 
Committee member that is directly involved in the management, sale, or 
development of similar proprietary market data products that may be 
sold to customers of the SIPs should have access to any customer 
information from the SIPs'' or whether Operating Committee members, as 
well as the Administrator, Processor, and auditor ``should be 
prohibited, unless otherwise required by law, from sharing confidential 
information with individuals that are not involved with the operation 
of the Plan and individuals employed by or affiliated with the same 
entity if such individuals are involved in the management, sale, or 
development of proprietary data products that are offered separately to 
a substantially similar customer base, i.e., customers or potential 
customer of the SIPs.'' \74\
---------------------------------------------------------------------------

    \74\ Id.
---------------------------------------------------------------------------

    With respect to the Participants' representatives, the Commission 
sought comment on whether ``Participants' representatives should be 
subject to restrictions and/or information barriers as part of the 
confidentiality policy to address their direct or indirect involvement 
in the development or sale of proprietary data products to SIP 
customers.'' \75\ The Commission further asked for comment on whether 
``Participants' access to a list of the Processor's customers as well 
as information on those customers' data usage and fees paid to the Plan 
has competitive implications'' and, if so, whether ``the Plan should 
require recusal in certain circumstances (e.g., during Executive 
Sessions or Operating Committee meetings) because the potential for 
misuse of competitively sensitive confidential information is too 
great.'' \76\
---------------------------------------------------------------------------

    \75\ Id.
    \76\ Id. While the Commission is not modifying this Amendment to 
require recusal, it is, as discussed below, modifying provisions 
concerning the disclosure of Highly Confidential Information and 
Confidential Information to others. In addition, the Commission 
separately is approving modified amendments to address the Plan's 
conflicts of interest policies, which, as approved, do provide for 
recusal in certain circumstances. See Securities Exchange Act 
Release No. 88824 (May 6, 2020).
---------------------------------------------------------------------------

    Further, the Commission solicited comment on whether additional 
protections are needed when ``a Participant is either employed by or 
affiliated with an entity that offers proprietary data products that 
are offered for sale to a substantially similar customer base (i.e., 
customer or potential customers of the SIPs).'' \77\ The Commission 
also requested comment on whether a Participant should be able to share 
information with other employees and agents, asking whether 
``outsourced service providers (including, but not limited to, firms 
and persons that provide audit services, accounting services, or legal 
services to the Plan, the Administrator, or the Processor) [should] be 
subject to additional restrictions, particularly if they are directly 
or indirectly affiliated with a Participant, the Administrator, the 
Processor, or any entity that offers separately proprietary data 
products to a substantially similar customer base, i.e., customers or 
potential customers of the SIPs.'' \78\ In response to the Notice and 
requests for comment as to whether the proposed Amendment should be 
further enhanced, the Commission received comments and input from the 
Advisory Committee to the Plan, as well as from several other 
commenters. The Advisory Committee had concerns with the proposed 
situations in which Highly Confidential and Confidential information 
may be shared by a Participant representative and Advisors. The 
Advisory Committee explained that:
---------------------------------------------------------------------------

    \77\ Notice, supra note 6, 85 FR at 2217.
    \78\ Id.

    Under the proposed policy, Highly Confidential and Confidential 
information may each be shared by a representative of a Participant 
`to other employees or agents of the Participant or its affiliates 
only as needed for such Covered Person to perform his or her 
function on behalf of the Participant, as reasonably determined by 
the Covered Person.' We believe this standard is insufficient. The 
rationale that information may be shared `to perform his or her 
function on behalf of the Participant' assumes that the 
representative's role on the committee is to further the interests 
of the Participant rather than the plan--this strikes at the heart 
of the conflict of interest inherent in the governance of the plan. 
Such information should only be shared to further the interests of 
the plan, and such sharing should at least be disclosed to and 
potentially authorized by the Operating Committee. In situations 
where the Participant representative is subject to a conflict due to 
their own responsibility regarding the sale of proprietary exchange 
data, the policy should limit access to such confidential 
information by the Participant representative.\79\
---------------------------------------------------------------------------

    \79\ Advisory Committee Letter, supra note 29, at 2.

    One commenter stated that the proposed policy should include 
``requirements to prevent the sharing of information with a competitive 
value to those individuals who have direct responsibility for the 
management, sale, or development of proprietary data products offered 
separately.'' \80\ The commenter recommended that control procedures 
for restricted, highly sensitive or confidential information ``should 
be explicitly defined'' and should include ``required logging of the 
sharing of Restricted and Highly Confidential Information,'' the 
``required use of common logical security controls'' such as encryption 
and password protection, and ``standardized procedures for the 
redaction/aggregation/anonymization of information.'' \81\ The 
commenter also stated that with respect to Restricted and Highly 
Confidential Information, the policy should not allow for the automatic 
sharing of information between the Administrator and Processor or the 
Participant and its employees or agents unless required for performance 
of responsibilities as required by the Plan; the commenter cited 
customer audit information as an example.\82\ With respect to sharing 
Restricted Information, the commenter also stated its belief that if 
unredacted information is shared in Executive Session, ``the 
Administrator should also ensure that no parties with a conflict of 
interest are present in such session, or if so, should develop 
procedures to require that individual's recusal to ensure they do not 
receive information or significant competitive value.'' \83\ With 
respect to the classification of information or data generated or 
discussed by the Operating Committee, the commenter stated its belief 
that the proposal should give non-SRO members information available in 
executive session, because ``[n]on-SRO members may provide valuable 
feedback and insight into decisions made with respect to an 
Administrator, Processor, auditor, or third-party service provider.'' 
\84\ An additional commenter stated that ``if the Administrator 
function is staffed by personnel of one of the Participant exchanges, 
there must be a separation of functions'' and those personnel ``should

[[Page 28077]]

not be employed by the Participant's proprietary data business line, 
and they should not share with the Participant's proprietary data 
business line confidential SIP information obtained in their role as 
administrator.'' \85\
---------------------------------------------------------------------------

    \80\ TD Ameritrade Letter, supra note 30, at 3.
    \81\ Id. at 2-3. These detailed suggestions are beyond the scope 
of this Amendment, but the Operating Committee could consider them 
in the appropriate context.
    \82\ TD Ameritrade Letter, supra note 30, at 3.
    \83\ Id.
    \84\ Id. at 6-7.
    \85\ Charles Schwab Letter, supra note 57, at 2-3.
---------------------------------------------------------------------------

    After considering the comments received, the Commission believes 
that it is appropriate to modify the procedures concerning Restricted 
Information and Highly Confidential Information. Given that Restricted 
Information and Highly Confidential Information both contain highly 
sensitive and entity-specific information, the Commission believes that 
Covered Persons in possession of such information should protect that 
information in a substantially similar way by not disclosing it to 
others, including Agents and outside affiliated persons, unless an 
exception exists.\86\
---------------------------------------------------------------------------

    \86\ See Section 2(a) of the Amendment, defining Restricted 
Information (as including ``highly sensitive customer-specific'' 
information as well as ``Personal Identifiable Information'') and 
Highly Confidential Information (as including ``highly sensitive 
Participant-specific, customer-specific, individual-specific, or 
otherwise sensitive information'').
---------------------------------------------------------------------------

    The parties involved in the governance of the Plan and the SIP are 
privy to confidential and proprietary information generated in 
connection with the Plan. The Commission believes it is important to 
protect the confidentiality of certain SIP-related information because 
some Participant exchanges or their affiliates have a dual role as both 
an SRO jointly responsible for the operation of the Plan, on one hand, 
and, on the other hand, as part of a publicly held company that offers 
proprietary data products and connectivity services. As a consequence 
of this dual role, an exchange's representative on the Plan's Operating 
Committee may have conflicting responsibilities both to the exchange's 
proprietary data business as well as to the SIP. These potential 
conflicts of interest are of particular concern because the proprietary 
data products offered by an exchange generate revenue in addition to 
the revenue the exchange receives from the Plan.
    Allowing sensitive Plan-related information to be shared with and 
disclosed to non-Plan personnel of the Participant--particularly those 
responsible for the Participant's own proprietary data business that 
competes with the SIP--could create a potential conflict. The 
Commission is concerned about the potential for such sharing as non-
Plan personnel likely would have no need to know such information as 
they have no responsibilities to the Plan. Further, if Restricted 
Information or Highly Confidential Information is disclosed to those 
persons, such persons could use the competitively valuable non-public 
information for purposes unrelated to, and potentially inconsistent 
with, Plan business. The Commission believes that Restricted 
Information and Highly Confidential Information generated in connection 
with the operation of the Plan and its SIP should be retained in the 
confidences of Plan and SIP personnel not used in ways that could 
potentially harm the interests of the Plan to the extent the 
information is used to further the competitive advantage of a 
Participant.
    Therefore, the Commission is modifying Section 3(b)(i), which says 
that Restricted Information will be kept in confidence by the 
Administrator and Processor, to begin that subsection with the 
following: ``Except as provided below, Covered Persons in possession of 
Restricted Information are prohibited from disclosing it to others, 
including Agents. This prohibition does not apply to disclosures to the 
staff of the SEC or as otherwise required by law or to other Covered 
Persons as expressly provided for by this Policy.'' \87\ The change is 
intended to assure that the Administrator and Processor, who are 
required by the policy to ``[keep] in confidence'' Restricted 
Information, do not disclose that information to outside persons who 
may be directly or indirectly affiliated with them, including 
employees, agents, service providers, and subcontractors. The 
Commission believes it would be inconsistent with the ``[keep] in 
confidence'' standard for the Administrator or Processor to disclose 
Restricted Information to affiliated persons, and is thus modifying the 
Amendment to state so explicitly. The Commission believes that 
Restricted Information, including personally identifiable information, 
customer-specific financial information, and audit information, is 
highly sensitive to such a degree that its possession and use should be 
tightly controlled.
---------------------------------------------------------------------------

    \87\ In addition, the Commission is modifying Section 3(b)(i)(3) 
to add ``staff of the'' in front of ``SEC'' to conform to Section 
3(b)(i)(1).
---------------------------------------------------------------------------

    In addition, the Commission is modifying Section 3(c)(i)(1) to be 
parallel to the Section 3(b)(i)(1) on Restricted Information. As 
modified, Section 3(c)(i)(1) reads: ``Except as provided below, Covered 
Persons in possession of Highly Confidential Information are prohibited 
from disclosing it to others, including Agents. This prohibition does 
not apply to disclosures to the staff of the SEC or as otherwise 
required by law or to other Covered Persons authorized to receive it.'' 
The Commission believes that the proposed Amendment's restrictions on 
the disclosure of Highly Confidential Information to an Executive 
Session of the Operating Committee or to the Legal Subcommittee reflect 
the highly sensitive and commercially valuable nature of that 
information. In light of the value and sensitivity of such information, 
the Commission shares commenters' concerns about circumstances in which 
a Participant's representative, who has access to the information, may 
be involved in the development or sale of proprietary data products to 
a customer base similar to that of SIP customers. Thus, the Commission 
believes that the use and possession of Highly Confidential Information 
should be tightly controlled to prevent a Participant's representative 
from disclosing such information to affiliated persons.
3. Procedures for Confidential Information
    Most of the questions and potential modifications in the Notice 
discussed above for Restricted Information and Highly Confidential 
Information also relate to Confidential Information. In addition, in 
the Notice, the Commission also solicited comments on, among other 
things, whether ``commenters believe that the Plan should require all 
Participants and other Covered Persons to establish, maintain, and 
enforce policies and procedures to safeguard confidential and 
proprietary information received via their participation in the Plan 
and to prevent its misuse by such Participants or entities controlling, 
controlled by, or under common control with such Participants.'' \88\ 
More specifically, the Commission asked whether commenters ``believe 
that the proposed provisions allowing Participants to disclose 
confidential and highly confidential information to other employees or 
agents of the Participant or its affiliates as needed as they 
reasonably determine'' are appropriate.\89\ Among other things, the 
Commission also solicited comments on whether Participants' 
representatives should be subject to restrictions and/or information 
barriers to address their direct or indirect involvement in the 
development or sale of proprietary data products to SIP customers.\90\
---------------------------------------------------------------------------

    \88\ Notice, supra note 6, 85 FR at 2216-2217.
    \89\ Id. at 2217.
    \90\ See id. at 2216.

---------------------------------------------------------------------------

[[Page 28078]]

    In response to the Notice, including the Commission's solicitation 
of comments on these issues and on whether the proposed Amendment 
should be further enhanced, the Advisory Committee stated that 
``Advisors may only share Confidential Information to solicit industry 
feedback and then only if specifically authorized by the Operating 
Committee'' and recommended that there ``is no reason for Participant 
representatives and Advisors to have different standards for sharing 
information--in each case it should only be to further the interests of 
the plan, and the standard for determining that threshold should be 
equivalent.'' \91\ The Advisory Committee further recommended that the 
provisions protecting Confidential Information ``should extend to any 
information obtained by outsourced service providers in order to ensure 
that information learned by such service providers is only shared with 
those individuals of the Operating Committee required to receive such 
information and in furtherance of the service provider's engagement and 
the plan.'' \92\
---------------------------------------------------------------------------

    \91\ Advisory Committee Letter, supra note 29, at 2.
    \92\ Id.
---------------------------------------------------------------------------

    As discussed above in the context of Restricted Information and 
Highly Confidential Information, the Advisory Committee also objected 
to the proposed standard that would allow a Participant's 
representative to share Highly Confidential Information and 
Confidential Information ``to other employees or agents of the 
Participant or its affiliates only as needed for such Covered Person to 
perform his or her function on behalf of the Participant, as reasonably 
determined by the Covered Person.'' \93\ Believing that standard to be 
``insufficient,'' the Advisory Committee criticized that provision as 
assuming ``that the representative's role on the committee is to 
further the interests of the Participant rather than the plan,'' which 
the Advisory Committee said ``strikes at the heart of the conflict of 
interest inherent in the governance of the plan.'' \94\ The Advisory 
Committee recommended that confidential information ``should only be 
shared to further the interests of the plan, and such sharing should at 
least be disclosed to and potentially authorized by the Operating 
Committee'' and where a Participant's representative ``is subject to a 
conflict due to their own responsibility regarding the sale of 
proprietary exchange data, the policy should limit access to such 
confidential information by the Participant representative.'' \95\
---------------------------------------------------------------------------

    \93\ Id.
    \94\ Id.
    \95\ Id.
---------------------------------------------------------------------------

    One commenter agreed that the standard should be the same for all 
Covered Persons, and that any confidential information should be shared 
``as reasonably determined to perform [the Covered Person's] 
function.'' \96\ Another commenter believed that control procedures 
need to be sufficient to prevent disclosure to ``individuals without 
specific reason to receive such information to address their 
responsibilities according to the Plan(s) requirements.'' \97\ That 
commenter recommended that the proposed policy include ``requirements 
to prevent the sharing of information with competitive value to those 
individuals who have direct responsibility for the management, sale, or 
development of proprietary data products offered separately.'' \98\ The 
commenter further recommended that, given the potential conflicts of 
interests involved and the difficulties associated with mitigating such 
conflicts, ``Participants should be explicitly prohibited from 
disclosing restricted, highly confidential and confidential information 
to other employees or agents of the Participant or its affiliates 
unless authorized to do so on a case-by-case basis from the Operating 
Committee, and only if required to do so for such individual to perform 
his or her function on behalf of the Plan, unless such disclosure is 
required by law.'' \99\
---------------------------------------------------------------------------

    \96\ Charles Schwab Letter, supra note 57, at 3. Another comment 
received in response to the Governance Notice recommended that the 
confidentiality policy standards should be the same for both the 
SROs and non-SROs and further suggested that for the non-SRO members 
to be able to effectively engage with the Operating Committee, they 
should be able to exercise reasonable discretion in sharing with 
others within their firm information that may be relevant to policy 
issues and proposals being considered by the SROs. See Letter from 
John Ramsay, Chief Market Policy Officer, Investors Exchange, LLC, 
to Vanessa Countryman, Secretary, Commission, dated March 4, 2020 at 
6. A separate comment received in response to the Governance Notice 
thought that the proposed Amendment would improve the handling of 
confidential information and is designed both to protect 
confidential information from misuse and to facilitate the sharing 
of confidential information with the Advisory Committee. See Letter 
from Patrick Sexton, EVP, General Counsel and Corporate Secretary, 
Cboe Global Markets, Inc., to Vanessa Countryman, Secretary, 
Commission, dated February 28, 2020 at 5.
    \97\ TD Ameritrade Letter, supra note 30, at 2.
    \98\ Id. at 3.
    \99\ The commenter also stated that if disclosure is required by 
law, the Covered Person should be required to first notify the 
Operating Committee so as to provide it with an opportunity to 
redact information or to dispute the requirement to provide it in 
its entirety. See id. at 8. The Commission is not modifying the 
Amendments to specifically include this requirement, but the 
Operating Committee could consider this suggestion.
---------------------------------------------------------------------------

    After considering the comments received, the Commission believes it 
is appropriate to modify the Amendment concerning the procedures for 
protecting Confidential Information. First, the Commission is modifying 
Section 3(d)(i), which currently allows Covered Persons to disclose 
Confidential Information to other Covered Persons. As discussed above, 
the Commission has expanded the definition of Covered Persons to 
include affiliates and employees, to whom disclosing Confidential 
Information might not be appropriate. Accordingly, the Commission is 
modifying Section 3(d)(i) to provide that a Covered Person ``may only 
disclose Confidential Information to other persons who need to receive 
such information to fulfill their responsibilities to the Plan.'' In 
addition, disclosure will continue to be permitted to staff of the SEC, 
as authorized by the Operating Committee, or as otherwise required by 
law.\100\ For the same reasons discussed above with respect to 
Restricted Information and Highly Confidential Information, the 
Commission shares commenters' concerns about circumstances in which a 
Participant's representative may be involved in the development or sale 
of proprietary data products to a customer base similar to that of SIP 
customers. If the Participant's representative straddles both roles 
simultaneously, or provides Confidential Information to other employees 
of the Participant, the Confidential Information can be used to benefit 
the Participant's proprietary data business in a manner contrary to the 
interests of the Plan.
---------------------------------------------------------------------------

    \100\ The Commission is making non-substantive wording changes 
to the last sentence of Section 3(d)(i) to accommodate the revisions 
to the beginning of that sentence. Specifically, it is separating 
out the second part of the sentence into a stand-alone sentence that 
continues to provide that: ``A Covered Person also may disclose 
Confidential Information to the staff of the SEC, as authorized by 
the Operating Committee as described below, or as may be otherwise 
required by law.''
---------------------------------------------------------------------------

    Similarly, the Commission is modifying Section 3(d)(iv), which 
applies to the sharing of information between a Participant's 
representative and other employees or agents of the Participant. As 
proposed, the provision would allow a Participant's representative to 
disclose Confidential Information (and Highly Confidential Information) 
``to other employees or agents of the Participant or its affiliates 
only as needed for such Covered Person to perform his or her function 
on behalf of the Participant, as reasonably determined by the Covered 
Person.''

[[Page 28079]]

The Commission is striking the phrase ``Participant, as reasonably 
determined by the Covered Person'' and the phrase ``and Highly 
Confidential Information'' such that the revised provision will provide 
that ``A Covered Person that is a representative of a Participant may 
be authorized by the Operating Committee to disclose particular 
Confidential Information to other employees or agents of the 
Participant or its affiliates only in furtherance of the interests of 
the Plan as needed for such Covered Person to perform his or her 
function on behalf of the Plan.''
    Without this change, the Commission agrees with commenters that the 
protections in the proposed policy would be insufficient to adequately 
address circumstances in which a Participant's representative may be 
involved in the development or sale of proprietary data products to a 
customer base similar to that of SIP customers. The Commission believes 
that an exchange's commercial interests in its proprietary data 
businesses and its potential access to confidential information 
generated by the Plan and its SIP create potential conflicts of 
interest, which have the potential to inappropriately influence 
decisions as to the Plan's operation and thereby impede the Plan's 
ability to ensure the ``prompt, accurate, reliable, and fair 
collection, processing, distribution and publication of information 
with respect to quotations for and transactions in such securities and 
the fairness and usefulness of the form and content of such 
information.'' \101\ Limiting the disclosure of Confidential 
Information to situations where the disclosure is reasonably necessary 
to further the interests of the Plan in the performance of the person's 
role with the Plan should help mitigate the conflict by protecting 
against misuse of commercially valuable non-public information.
---------------------------------------------------------------------------

    \101\ 15 U.S.C. 78k-1(c)(1)(B).
---------------------------------------------------------------------------

    Further, the Commission is making a change to conform Section 
3(d)(iii) to the modifications it made to Section 3(d)(iv) so that both 
Advisors and Participants' representatives will be subject to the same 
standard with respect to disclosing Plan-related Confidential 
Information. As modified, Advisors may be authorized by the Operating 
Committee to disclose particular Confidential Information ``only in 
furtherance of the interests of the Plan. . . .'' Advisors will still 
be required to take any steps requested by the Operating Committee to 
prevent further dissemination of that Confidential Information. The 
Commission agrees with commenters that the standard for sharing 
Confidential Information should be the same for Covered Persons that 
are representatives of a Participant as well as Advisors, and be 
limited to situations in which the disclosure is made to further the 
interests of the Plan. Regardless of the identity of the person in 
possession of Confidential Information, the Commission believes that 
information that is labeled as Confidential Information should be 
protected to the same extent by all Covered Persons. If such 
information is appropriate to share more broadly, then it should be 
classified as Public Information. The Commission is therefore modifying 
the Amendment so that members of the Advisory Committee are treated 
like Participants' representatives in this regard.
4. Unauthorized Disclosures
    In the Notice, the Commission solicited comment on remedies for 
disclosures inconsistent with the proposed policy. As proposed, the 
policy provides that unauthorized disclosures of Highly Confidential 
Information, as determined by the Operating Committee acting by 
majority vote, will be subject to an ``appropriate remedy'' that could 
include a letter of complaint against a Participant's representative, 
or the removal of an Advisor from the Advisory Committee.\102\ With 
respect to Confidential Information, the policy provides that 
unauthorized disclosure will be self-reported to the Chair of the 
Operating Committee and disclosed in the minutes. The Commission asked, 
among other things, whether these proposed remedies are sufficient to 
deter unauthorized disclosure, or whether any other consequences of 
such disclosure should be provided.\103\ The Commission also asked 
whether commenters believe that ``appropriate remedies for Participants 
and Advisors should differ, or should potential remedies for 
Participants that disclose confidential information also include the 
possibility of removal of that Participant from the Operating 
Committee.'' \104\
---------------------------------------------------------------------------

    \102\ See Section 3(c)(ii).
    \103\ See Notice, supra note 6, 85 FR at 2218.
    \104\ Id.
---------------------------------------------------------------------------

    In response, one commenter stated that ``[r]emedies for 
unauthorized disclosure of any confidential information, regardless of 
classification, should be the same irrespective of the nature of the 
Covered Person'' and that ``breaches by a Covered Person should be 
disclosed to the Operating Committee, recorded, and reviewed by the 
Operating Committee for determination upon majority vote of an 
appropriate remedy, which should include remedies up to and including: 
Required recusal of future discussions of related confidential topics, 
or removal from any role with respect to Plan Activities.'' \105\ 
According to the commenter, ``[a]ny reviews of votes regarding a breach 
should require recusal of such Covered Person who caused the breach.'' 
\106\ Another commenter believes that a Participant representative 
should be removed from the Operating Committee if she is in violation 
of the Confidentiality Policy, just as an Advisory Committee member can 
be removed as described in the Amendment.\107\
---------------------------------------------------------------------------

    \105\ TD Ameritrade Letter, supra note 30, at 10 (internal 
quotation marks omitted).
    \106\ Id.
    \107\ See Charles Schwab Letter, supra note 57, at 3. The 
Commission is not modifying the Amendment to remove a Participant 
from the Operating Committee in the manner suggested by the 
commenter. The Participants, as SROs, have legal obligations and 
responsibilities under the Act, including with regard to operating 
the Plan. See 15 U.S.C. 78k-1(a)(3)(B). Requiring their removal from 
the Operating Committee would impede their ability to fulfil their 
statutory requirements.
---------------------------------------------------------------------------

    After considering the comments received in response to the Notice, 
the Commission believes that it is appropriate to modify Section 
3(d)(vi) to specifically provide a process for a Covered Persons to 
report potential unauthorized disclosures to the Chair of the Operating 
Committee so that the Amendment does not rely solely on self-reporting 
of unauthorized disclosures. Specifically, the Commission is adding the 
following new sentence to the beginning of Section 3(d)(vi): ``A person 
that has reason to believe that Confidential Information has been 
disclosed by another without the authorization of the Operating 
Committee or otherwise in a manner inconsistent with this Policy may 
report such potential unauthorized disclosure to the Chair of the 
Operating Committee.'' \108\ The Participants in their submission state 
that the proposal addresses unauthorized disclosure insofar as a 
Covered Person who discloses Confidential Information without the 
authorization of the Operating Committee would be obligated to self-
report such disclosure to the Chair of the Operating Committee, which 
would then be recorded in the minutes of the Operating Committee.\109\ 
The Commission believes that relying on self-reporting is insufficient. 
Rather,

[[Page 28080]]

the Commission believes that providing a formal mechanism for any 
Covered Person as well as others to report potential unauthorized 
disclosures will assure such individuals that they can bring such 
instances to the attention of the leadership of the Operating 
Committee.\110\ This modification is intended to make clear that 
persons who have reason to believe that Confidential Information has 
been disclosed by another without the authorization of the Operating 
Committee or otherwise in a manner inconsistent with this Policy may 
report such potential unauthorized disclosure to the Chair of the 
Operating Committee. Thus, the Commission believes that this 
modification will promote compliance with persons tasked with 
protecting the confidentiality of Plan-related information and, to the 
extent it results in unauthorized disclosures being found and disclosed 
in the minutes, it will provide transparency into overall compliance 
with the policy.
---------------------------------------------------------------------------

    \108\ In light of the new first sentence, the Commission is 
making a conforming change to the second sentence of Section 
3(d)(vi) to begin with the phrase ``In addition.''
    \109\ See Notice, supra note 6, 85 FR at 2215.
    \110\ This new provision supplements the proposed provisions 
that require self-reporting by a Covered Person in breach of the 
policy and the recording of such breaches in the minutes of the 
Operating Committee, neither of which the Commission is modifying. 
The Commission is modifying Section 3(d)(vi) to add the words 
``self-reported'' to make it clear that the proposed provisions that 
require the name of the self-reporting Participant to be identified 
in the minutes do not apply to the Commission's modification that 
lets any person report such potential unauthorized disclosure to the 
Chair of the Operating Committee. The Operating Committee may, at 
its discretion, choose to put in place an appropriate process to 
review such reports of potential unauthorized disclosures.
---------------------------------------------------------------------------

IV. Commission Findings

    For the reasons discussed throughout, the Commission finds that the 
proposed Amendment to the Plan, as modified by the Commission, is 
consistent with the requirements of the Act and the rules and 
regulations thereunder, and in particular, Section 11A of the Act \111\ 
and Rule 608 \112\ thereunder in that it is necessary or appropriate in 
the public interest, for the protection of investors and the 
maintenance of fair and orderly markets, to remove impediments to, and 
perfect the mechanisms of, a national market system.
---------------------------------------------------------------------------

    \111\ 15 U.S.C. 78k-1.
    \112\ 17 CFR 240.608.
---------------------------------------------------------------------------

    Section 11A of the Act \113\ sets forth Congress' finding that it 
is in the public interest and appropriate for the protection of 
investors and the maintenance of fair and orderly markets to ensure the 
prompt, accurate, reliable and fair collection, processing, 
distribution, and publication of information with respect to quotations 
for and transactions in such securities and the fairness and usefulness 
of the form and content of such information. The Commission believes 
that the confidentiality policy, as modified, furthers these goals set 
forth by Congress.
---------------------------------------------------------------------------

    \113\ 15 U.S.C. 78k-1(c)(1)(B).
---------------------------------------------------------------------------

V. Conclusion

    It is therefore ordered, pursuant to Section 11A of the Act,\114\ 
and the rules thereunder, that the proposed Amendment to the Nasdaq/UTP 
Plan (File No. S7-24-89), as modified by the Commission, is approved.
---------------------------------------------------------------------------

    \114\ 15 U.S.C. 78k-1.

    By the Commission.
J. Matthew DeLesDernier,
Assistant Secretary.
Exhibit A
Marked To Show Changes From the Proposal
    The Commission's additions are italicized; deletions are 
[bracketed].

UTP Confidentiality Policy

1. Purpose and Scope

    a. The purpose of this Confidentiality Policy (the ``Policy'') is 
to provide guidance to the Operating and Advisory Committees of the UTP 
Plan (the ``Plan''), and all Subcommittees thereof, regarding the 
confidentiality of any data or information (in physical or electronic 
form) generated, accessed or transmitted to the Operating Committee, as 
well as discussions occurring at a meeting of the Operating Committee 
or any Subcommittee.
    b. This Policy applies to all representatives of the Participants, 
Pending Participants, and the UTP Administrator and Processor 
(``Administrator and Processor''); affiliates, employees, and agents of 
the Operating Committee, a Participant, a Pending Participant, the 
Administrator, and the Processor, including, but not limited to, 
attorneys, auditors, advisors, accountants, contractors or 
subcontractors (``Agents''); any third parties invited to attend 
meetings of the Operating Committee or Plan subcommittees; and all 
members of the Advisory Committee and their employers (collectively, 
``Covered Persons''). Covered Persons do not include staff of the 
Securities and Exchange Commission (``SEC''). All Covered Persons must 
adhere to the principles set out in this Policy and all Covered Persons 
that are natural persons may not receive Plan data and information 
until they affirm in writing that they have read this Policy and 
undertake to abide by its terms.
    c. Covered Persons [The Administrator and Processor ]may not 
disclose Restricted, Highly Confidential, or Confidential information 
except as consistent with this Policy and directed by the Operating 
Committee.
    d. The Administrator and Processor will establish written 
confidential information policies that provide for the protection of 
information under their control and the control of their Agents, 
including policies and procedures that provide systemic controls for 
classifying, declassifying, redacting, aggregating, anonymizing, and 
safeguarding information, that is in addition to, and not less than, 
the protection afforded herein. Such policies will be reviewed and 
approved by the Operating Committee, publicly posted, and made 
available to the Operating Committee for review and approval every two 
years thereafter or when changes are made, whichever is sooner.
    e. Information will be classified solely based on its content.

2. Definitions

    a. ``Restricted Information'' is highly sensitive customer-specific 
financial information, customer-specific audit information, other 
customer financial information, and Personal Identifiable Information 
(``PII'').
    b. ``Highly Confidential Information'' is[: (i) any data or 
information shared in an Executive Session or that would otherwise 
qualify for confidential treatment pursuant to the Plan's Executive 
Session Policy; and (ii)]any [other ]highly sensitive Participant-
specific, customer-specific, individual-specific, or otherwise 
sensitive information relating to the Operating Committee, 
Participants, or customers that is not otherwise Restricted 
Information. Highly Confidential Information includes: A Participant's 
contract negotiations with the Processor or Administrator; personnel 
matters; information concerning the intellectual property of 
Participants or customers; and any document subject to the Attorney-
Client Privilege or Work Product Doctrine.
    c. ``Confidential Information'' is, except to the extent covered by 
(a), (b), or (d): (i) any non-public data or information designated as 
Confidential by a majority vote of the Operating Committee; (ii) any 
document generated by a Participant or Advisor and designated by that 
Participant or Advisor as Confidential; and (iii) [the minutes of the 
Operating Committee or any subcommittee thereof unless approved by the 
Operating Committee for release to the public; and (iv)]the individual 
views and statements of

[[Page 28081]]

Covered Persons and SEC staff disclosed during a meeting of the 
Operating Committee or any subcommittees thereunder.
    d. ``Public Information'' is: (i) any information that is not 
either Restricted Information or Highly Confidential Information or 
that has not been designated as Confidential Information; (ii) any 
confidential information that has been approved by the Operating 
Committee for release to the public; [or ](iii) the duly approved 
minutes of the Operating Committee and any subcommittee thereof with 
detail sufficient to inform the public on matters under discussion and 
the views expressed thereon (without attribution); (iv) Plan subscriber 
and performance metrics; (v) Processor transmission metrics; and (vi) 
any information that is otherwise publicly available, except for 
information made public as a result of a violation of this Policy or 
any applicable law or regulation. Public Information includes, but is 
not limited to, any topic discussed during a meeting of the Operating 
Committee, an outcome of a topic discussed, or a Final Decision of the 
Operating Committee, as defined below.
    e. A ``Final Decision of the Operating Committee'' is an action or 
inaction of the Operating Committee as a result of the vote of the 
Operating Committee, but will not include the individual votes of a 
Participant.
    f. The ``Operating Committee'' consists of the Participants, 
Pending Participants, Administrator and Processor, and designated 
Agents.
    g. An ``Executive Session'' of the Operating Committee consists of 
the Participants, Administrator and Processor and designated Agents.
    h. The ``Advisory Committee'' consists of any individual selected 
by the Operating Committee or a Plan Participant as an advisor to the 
Operating Committee.
    i. The ``Legal Subcommittee'' of the Operating Committee consists 
of the Participants, Administrator and Processor and Legal Counsel.

3. Procedures

    a. General
    i. The Administrator and Processor will be the custodians of all 
documents discussed by the Operating Committee and will be responsible 
for maintaining the classification of such documents pursuant to this 
Policy.
    ii. The Administrator may, under delegated authority, designate 
documents as Restricted, Highly Confidential, or Confidential, which 
will be determinative unless altered by a majority vote of the 
Operating Committee.
    iii. The Administrator will ensure that all Restricted, Highly 
Confidential, or Confidential documents are properly labeled and, if 
applicable, electronically safeguarded.
    iv. All contracts between the Operating Committee and its Agents 
shall require Operating Committee information to be treated as 
Confidential Information that may not be disclosed to third parties, 
except as necessary to effect the terms of the contract or as required 
by law, and shall incorporate the terms of this Policy, or terms that 
are substantially equivalent or more restrictive, into the contract.
    b. Procedures Concerning Restricted Information
    i. Except as provided below, Covered Persons in possession of 
Restricted Information are prohibited from disclosing it to others, 
including Agents. This prohibition does not apply to disclosures to the 
staff of the SEC or as otherwise required by law, or to other Covered 
Persons as expressly provided for by this Policy. Restricted 
Information will be kept in confidence by the Administrator and 
Processor and will not be disclosed to the Operating Committee or any 
subcommittee thereof, or during Executive Session, or the Advisory 
Committee, except as follows:
    1. If the Administrator determines that it is appropriate to share 
a customer's financial information with the Operating Committee or a 
subcommittee thereof, the Administrator will first anonymize the 
information by redacting the customer's name and any other information 
that may lead to the identification of the customer.
    2. The Administrator may disclose the identity of a customer that 
is the subject of Restricted Information in Executive Session only if 
the Administrator determines in good faith that it is necessary to 
disclose the customer's identity in order to obtain input or feedback 
from the Operating Committee or a subcommittee thereof about a matter 
of importance to the Plan. In such an event, the Administrator will 
change the designation of the information at issue from ``Restricted 
Information'' to ``Highly Confidential Information,'' and its use will 
be governed by the procedures for Highly Confidential Information in 
paragraph (c) below.
    3. The Administrator may share Restricted Information related to 
any willful, reckless or grossly negligent conduct by a customer 
discovered by the Administrator with the UTP Administrator or with the 
staff of the SEC, as appropriate, upon majority vote of the Operating 
Committee in Executive Session, provided that, in any report by the 
Administrator during Executive Session related to such disclosure, the 
Administrator anonymizes the information related to the wrongdoing by 
removing the names of the party or parties involved, as well as any 
other information that may lead to the identification of such party or 
parties.
    c. Procedures Concerning Highly Confidential Information
    i. Disclosure of Highly Confidential Information:
    1. Except as provided below, Covered Persons in possession of 
Highly Confidential Information are prohibited from disclosing it to 
others, including Agents. This prohibition does not apply to 
disclosures to the staff of the SEC or as otherwise required by law, or 
to other Covered Persons authorized to receive it. Highly Confidential 
Information may be disclosed only in Executive Session of the Operating 
Committee or to the Legal Subcommittee.
    2. Highly Confidential Information may be disclosed to the staff of 
the SEC, unless it is protected by the Attorney-Client Privilege or the 
Work Product Doctrine. Any disclosure of Highly Confidential 
Information to the staff of the SEC will be accompanied by a FOIA 
Confidential Treatment request.
    3. Apart from the foregoing, the Operating Committee has no power 
to authorize any other disclosure of Highly Confidential Information.
    ii. In the event that a Covered Person is determined by a majority 
vote of the Operating Committee to have disclosed Highly Confidential 
Information, the Operating Committee will determine the appropriate 
remedy for the breach based on the facts and circumstances of the 
event. For the representatives of a Participant, remedies include a 
letter of complaint submitted to the SEC, which may be made public by 
the Operating Committee. For a member of the Advisory Committee, 
remedies include removal of that member from the Advisory Committee.
    d. Procedures Concerning Confidential Information
    i. Confidential Information may be disclosed to the Operating 
Committee, any subcommittee thereof, and the Advisory Committee. A 
Covered Person may only disclose Confidential Information to other 
persons who need to receive such information to fulfill their 
responsibilities to the Plan. A Covered Person also may disclose 
Confidential Information to [will not disclose Confidential Information 
to any individual that is not either a Covered

[[Page 28082]]

Person or a member of]the staff of the SEC, [except]as authorized by 
[with authorization of]the Operating Committee as described below, or 
as may be otherwise required by law.
    ii. The Operating Committee or a subcommittee thereof may authorize 
the disclosure of Confidential Information by an affirmative vote of 
the number of members that represent a majority of the total number of 
members of the Operating Committee or subcommittee. Notwithstanding the 
foregoing, the Operating Committee will not authorize the disclosure of 
Confidential Information that is generated by a Participant or Advisor 
and designated by that Participant or Advisor as Confidential, unless 
such Participant or Advisor consents to the disclosure.
    iii. Members of the Advisory Committee may be authorized by the 
Operating Committee to disclose particular Confidential Information 
only in furtherance of the interests of the Plan, to enable them to 
consult with industry representatives or technical experts, provided 
that the Member of the Advisory Committee takes any steps requested by 
the Operating Committee to prevent further dissemination of that 
Confidential Information, including providing the individual(s) 
consulted with a copy of this policy and requesting that person to 
maintain the confidentiality of such information in a manner consistent 
with this policy.
    iv. A Covered Person that is a representative of a Participant may 
be authorized by the Operating Committee to disclose particular 
Confidential Information [and Highly Confidential Information]to other 
employees or agents of the Participant or its affiliates only in 
furtherance of the interests of the Plan as needed for such Covered 
Person to perform his or her function on behalf of the 
Plan[Participant, as reasonably determined by the Covered Person]. A 
copy of this policy will be made available to recipients of such 
information who are employees or agents of a Participant or its 
affiliates that are not Covered Persons, who will be required to abide 
by this policy.
    v. A Covered Person may disclose their own individual views and 
statements that may otherwise be considered Confidential Information 
without obtaining authorization of the Operating Committee, provided 
that in so disclosing, the Covered Person is not disclosing the views 
or statements of any other Covered Person or Participant that are 
considered Confidential Information.
    vi. A person that has reason to believe that Confidential 
Information has been disclosed by another without the authorization of 
the Operating Committee or otherwise in a manner inconsistent with this 
Policy may report such potential unauthorized disclosure to the Chair 
of the Operating Committee. In addition, a [A ]Covered Person that 
discloses Confidential Information without the authorization of the 
Operating Committee will report such disclosure to the Chair of the 
Operating Committee. Such self-reported unauthorized disclosure of 
Confidential Information will be recorded in the minutes of the meeting 
of the Operating Committee and will contain: (a) The name(s) of the 
person(s) who disclosed such Confidential Information, and (b) a 
description of the Confidential Information disclosed. The name(s) of 
the person(s) who disclosed such Confidential Information will also be 
recorded in any publicly available summaries of Operating Committee 
minutes.

[FR Doc. 2020-10040 Filed 5-11-20; 8:45 am]
BILLING CODE 8011-01-P


