The internal audit function must follow a risk-based approach, independently review and provide objective assurance of the compliance of all activities undertaken by the stablecoin issuer, including the use of third-party entities, with the licensee’s policies and procedures and with the regulatory requirements.