Confirm
344
edits
Changes
→Whether the Applicant has a Good Compliance Management Program: Numbering
# How robust is the applicant’s compliance and risk management program?
# What evidence can the applicant provide to demonstrate that it has a good compliance program in place? How long has such program been operational? On what compliance framework is it based?
# How familiar is the applicant with the annual risk assessment required by section 5 of the Baseline Requirements? (Note that it requires 1. the identification of foreseeable internal and external threats; 2. an assessment of the likelihood and potential damage of these threats; and 3. an assessment of the sufficiency of the policies, procedures, information systems, technology, and other arrangements that the CA has in place to counter such threats.)
# How does the applicant exercise care when deciding to take on risks? What are applicant’s processes for mitigating or accepting risks?
