Authorised Personmust establish and maintain risk management systems and controls to enable it to identify, assess, mitigate, control and monitor its risks.
Authorised Personmust develop, implement and maintain policies and procedures to manage the risks to which the Authorised Personand where applicable, its customers or users, are exposed.
GEN 5.3.6(1) An
Authorised Personmust appoint an individual to advise its Governing Bodyand senior management of such risks.(2) An Authorised Personwhich is part of a Groupshould be aware of the implications of any Groupwide risk policy and systems and controls regime.