Article 2Control framework

The control framework that a supervised contributor is required to have in place pursuant to Article 16(1) of Regulation (EU) 2016/1011 shall include the establishment and maintenance of at least the following controls:

  1. (a)

    an effective oversight mechanism for overseeing the process for contributing input data that includes a risk management system, the identification of senior personnel who are responsible for the data contribution process and the involvement of any compliance and internal audit functions within the contributor's organisation;

  2. (b)

    a policy on whistle-blowing, including appropriate safeguards for whistle-blowers;

  3. (c)

    a procedure for detecting and managing breaches of Regulation (EU) 2016/1011 and breaches of the applicable code of conduct developed under Article 15 of that Regulation, including a procedure for investigating any detected breach and recording the actions taken as a consequence;

  4. (d)

    periodic reviews of the process for contributing data, to be conducted at least annually and whenever there is a change in the applicable code of conduct.