AU-4.7.3
The applicant must provide a description of the governance arrangement and the internal control mechanisms consisting of:
(a) a mapping of the risks identified by the applicant, including the type of risks and the procedures the applicant will put in place to assess and prevent such risks;
(b) the different procedures to carry out periodical and permanent controls including the frequency and the human resources allocated;
(c) the identity of the person(s) responsible for the internal control functions, including for periodic, permanent and compliance control, as well as an up-to-date curriculum vitae;
(d) the composition of the management body and, if applicable, of any other oversight body or committee;
(e) a description of the way outsourced functions are monitored and controlled so as to avoid an impairment in the quality of the applicant's internal controls;
(f) a description of the way any agents and branches are monitored and controlled within the framework of the applicant's internal controls;
(g) where the applicant is the subsidiary of a regulated entity in another country, a description of the group governance.
Added: December 2018