An institution shall regularly conduct an independent review of its CCR management system through its internal auditing process. That review shall include both the activities of the control and collateral management units required by Article 287 and shall specifically address, as a minimum:

1. (a)

   the adequacy of the documentation of the CCR management system and process required by Article 286;

2. (b)

   the organisation of the CCR control unit required by Article 287(1)(a);

3. (c)

   the organisation of the collateral management unit required by Article 287(1)(b);

4. (d)

   the integration of CCR measures into daily risk management;

5. (e)

   the approval process for risk pricing models and valuation systems used by front and back-office personnel;

6. (f)

   the validation of any significant change in the CCR measurement process;

7. (g)

   the scope of CCR captured by the risk measurement model;

8. (h)

   the integrity of the management information system;

9. (i)

   the accuracy and completeness of CCR data;

10. (j)

    the accurate reflection of legal terms in collateral and netting agreements into exposure value measurements;

11. (k)

    the verification of the consistency, timeliness and reliability of data sources used to run models, including the independence of such data sources;

12. (l)

    the accuracy and appropriateness of volatility and correlation assumptions;

13. (m)

    the accuracy of valuation and risk transformation calculations;

14. (n)

    the verification of the model's accuracy through frequent back-testing as set out in points (b) to (e) of Article 293(1);

15. (o)

    the compliance of the CCR control unit and collateral management unit with the relevant regulatory requirements.