An Authorised Person must establish and maintain risk management systems and controls to enable it to identify, assess, mitigate, control and monitor its risks.