1. Obliged entities shall have in place internal policies, procedures and controls in order to ensure compliance with this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any supervisor and in particular to:
(a) mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the obliged entity;
(b) in addition to the obligation to apply targeted financial sanctions, mitigate and manage the risks of non-implementation and evasion of targeted financial sanctions.
The policies, procedures and controls referred to in the first subparagraph shall be proportionate to the nature of the business, including its risks and complexity, and the size of the obliged entity and shall cover all the activities of the obliged entity that fall under the scope of this Regulation.
2. The policies, procedures and controls referred to in paragraph 1 shall include:
(a) internal policies and procedures, i
…