(1) Within 16 weeks from the ending of the active red team testing phase, the financial entity shall provide the remediation plans referred to in Article 26(6) of Regulation (EU) 2022/2554 to the TLPT authority and, where different, to the financial entity's competent authority.
(2) The remediation plan referred in paragraph 1 shall include, for each finding occurred in the framework of the TLPT:
a. a description of the identified shortcomings;
b. a description of the proposed remediation measures and of their prioritisation and expected completion, including where relevant measure to improve the identification, protection, detection and response capabilities;
c. a root cause analysis;
d. the financial entity's staff or functions responsible for the implementation of the proposed remediation measures or improvements;
e. the risks associated to not implementing the measures referred to in point (b) and, where relevant, risks associated to the implementation of such measures.
(3) In case
…