FantasticSearch

1. Except where a risk assessment carried out in accordance with Article 10 reveals that there is no or only a negligible risk that the relevant products are non-compliant, the operator shall, prior to placing the relevant products on the market or exporting them, adopt risk mitigation procedures and measures that are adequate to achieve no or only a negligible risk. Such procedures and measures may include any of the following:

(a) requiring additional information, data or documents;

(b) carrying out independent surveys or audits;

(c) taking other measures pertaining to information requirements set out in Article 9. Such procedures and measures may also include supporting compliance with this Regulation by that operator’s suppliers, in particular smallholders, through capacity building and investments.

2. Operators shall have in place adequate and proportionate policies, controls and procedures to mitigate and manage effectively the risks of non-compliance of relevant products identified. Those policies, controls and procedures shall include:

(a) model risk management practices, reporting, record-keeping, internal control and compliance management, including the appointment of a compliance officer at management level for non-SME operators;

(b) an independent audit function to check the internal policies, controls and procedures referred to in point (a) for all non-SME operators.

3. The decisions on risk mitigation procedures and measures shall be documented, reviewed at least on an annual basis and made available by the operators to the competent authorities upon request. Operators shall be able to demonstrate how decisions on risk mitigation procedures and measures were taken.