Article 7
Internal control
1.
An application for registration as a trade repository shall contain detailed information relating to the internal control system of the applicant, including information regarding its compliance function, risk assessment, internal control mechanisms and arrangements of its internal audit function.
2.
The detailed information referred to in paragraph 1 shall contain:
(a)
the applicant's internal control policies and respective procedures related to their consistent and effective implementation;
(b)
any policies, procedures and manuals regarding the monitoring and evaluation of the adequacy and effectiveness of the applicant's systems;
(c)
any policies, procedures and manuals regarding the control and safeguard for the applicant's information processing systems;
(d)
the identity of the internal bodies in charge of the evaluation of the relevant internal control findings.
3.
An application for registration as a trade repository shall contain the following information with respect to the applicant's internal audit activities:
(a)
the composition of any Internal Audit Committee, its competences and responsibilities;
(b)
its internal audit function charter, methodologies, standards and procedures;
(c)
an explanation how its internal audit charter, methodology and procedures are developed and applied taking into account the nature and extent of the applicant's activities, complexities and risks;
(d)
a work plan for three years following the date of application addressing the nature and extent of the applicant's activities, complexities and risks.