The risk assessment must be properly documented, regularly updated and communicated to the capital market licensees senior management. Licensees must have in place policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate the risks that have been identified. In conducting its risk assessments, the capital market licensees must consider quantitative and qualitative information obtained from the relevant internal and external sources to identify, manage and mitigate these risks. This may include consideration of the risk and threat assessments using, national risk assessments, sectorial risk assessments, crime statistics, typologies, risk indicators, red flags, guidance and advisories issued by inter-governmental organisations, national competent authorities and the FATF, and AML/CFT/CPF mutual evaluation and follow-up reports by the FATF or associated assessment bodies.