1. The Member States shall require regulated entities to have, in place at the level of the financial conglomerate, adequate risk management processes and internal control mechanisms, including sound administrative and accounting procedures.
2. The risk management processes shall include:
(a) sound governance and management with the approval and periodical review of the strategies and policies by the appropriate governing bodies at the level of the financial conglomerate with respect to all the risks they assume;
(b) adequate capital adequacy policies in order to anticipate the impact of their business strategy on risk profile and capital requirements as determined in accordance with Article 6 and Annex I;
(c) adequate procedures to ensure that their risk monitoring systems are well integrated into their organisation and that all measures are taken to ensure that the systems implemented in all the undertakings included in the scope of supplementary supervision are consistent so that th
…