1.   A CSD shall establish, as part of its governance arrangements, documented policies, procedures and systems that identify, measure, monitor, manage and enable reporting on the risks that the CSD may be exposed to and the risks that the CSD poses to any other entities including its participants and their clients, as well as linked CSDs, CCPs, trading venues, payment systems, settlement banks, liquidity providers and investors.

The CSD shall structure the policies, procedures and systems referred to in the first subparagraph so as to ensure that users and, where relevant, their clients properly manage and address the risks they pose to the CSD.

2.   For the purposes of paragraph 1, the governance arrangements of the CSD shall include the following:

(a)	the composition, role, responsibilities, procedures for appointment, performance assessment and accountability of the management body and of its risk monitoring committees;

(b)	the structure, role, responsibilities, procedures for appointment and performance assessment of the senior management;

(c)	the reporting lines between the senior management and the management body;

The governance arrangements referred to in the first subparagraph shall be clearly specified and well documented.

3.   A CSD shall establish and specify the tasks of the following functions:

(a)	a risk-management function;

(b)	a technology function;

(c)	a compliance and internal control function;

(d)	an internal audit function.

Each function shall have a well-documented description of its tasks, the necessary authority, resources, expertise and access to all relevant information to carry out those tasks.

Each function shall operate independently from the other functions of the CSD.