Licensees must maintain systems and controls that are adequate for the scale and complexity of their activities. These systems and controls, at a minimum, must meet the requirements contained in Chapter CRA-5 (Technology Governance and Cyber Security), Chapter CRA-6 (Risk Management) and the requirements of Module HC (High-level Controls) of the CBB Rulebook Volume 6.