5.8.1. Operational risk

An Authorised Person must establish a robust operational risk management framework with appropriate systems and controls to identify, monitor and manage operational risks that key participants, other Authorised Persons, service providers (including outsources) and utility providers might pose to itself.

5.8.2. Legal risk

An Authorised Person must have a well‐founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions.

5.8.3. Fraud risk

An Authorised Person must establish and maintain effective systems and controls to:

• (a) deter and prevent suspected fraud against the Authorised Person; and
• (b) report suspected fraud and other financial crimes to the AFSA and other relevant authorities.

5.8.4. Business continuity plan

An Authorised Person must have a business continuity plan, which is subjected to periodic review and scenario testing, that addresses events posing a significant risk of disrupting operations, including events that could cause a widespread or major disruption.