Article 2
Control framework
The control framework that a supervised contributor is required to have in place pursuant to Article 16(1) of Regulation (EU) 2016/1011 shall include the establishment and maintenance of at least the following controls:
|
(a) |
an effective oversight mechanism for overseeing the process for contributing input data that includes a risk management system, the identification of senior personnel who are responsible for the data contribution process and the involvement of any compliance and internal audit functions within the contributor's organisation; |
|
(b) |
a policy on whistle-blowing, including appropriate safeguards for whistle-blowers; |
|
(c) |
a procedure for detecting and managing breaches of Regulation (EU) 2016/1011 and breaches of the applicable code of conduct developed under Article 15 of that Regulation, including a procedure for investigating any detected breach and recording the actions taken as a consequence; |
|
(d) |
periodic reviews of the process for contributing data, to be conducted at least annually and whenever there is a change in the applicable code of conduct. |