(fra kommisjonsforordningen)

(1) To ensure the appropriateness, adequacy and effectiveness of their systems, resources and procedures, external reviewers should comprehensively consider their internal arrangements, from the robustness of information systems to the sufficiency of human, technical and material resources. External reviewers should develop a robust assessment framework as part of their procedures, which should encompass the minimum criteria to be applied for assessing the quality of information and the reliability of sources used in assessment activities. 

(2) For the same reason, any deficiencies of systems, resources and procedures identified when monitoring and evaluating their adequacy and effectiveness should be adequately recorded, remediated and reported, and members of the management body of the external reviewer should oversee corrective actions. 

(3) To enable the compliance function to have the authority to discharge its responsibilities properly and independently, external reviewers should have a boardapproved compliance function policy or policies and the presence of the compliance function in relevant organisational structures of the external reviewer, including committees. 

(4) To guarantee the necessary resources of the compliance function and to enable the compliance function to effectively perform its monitoring tasks, external reviewers should dedicate sufficient technical and human resources to this function. 

(5) To establish the necessary expertise of the compliance function, external reviewers should ensure the collective and up-to-date skill and experience of persons carrying out the compliance function, including through verifying whether those persons have the requisite employment history and professional qualifications, and by providing sufficient high levels of in-house training. 

(6) To enable the compliance function to have access to all relevant information, external reviewers should ensure that the compliance function can obtain information from all sources it needs to adequately perform its tasks, including corporate and control function records, audit reports, whistleblowing reports and customer complaints. Given the need to ensure that third-party service providers and other business units adhere to the same standards as the external reviewer itself, the compliance function should also have access to information on any outsourced functions or other business lines of the external reviewer. 

(7) To ensure the soundness of their administrative and accounting procedures, external reviewers should maintain adequate records of relevant accounting events and comply with applicable accounting standards and rules. 

(8) To maintain sound internal control mechanisms, external reviewers should implement a comprehensive system of internal control focused on creating a strong and proportionate control environment, effectively managing risks, implementing necessary control activities, ensuring clear information flows and communication and continuously monitoring activities. 

(9) To guarantee the effectiveness of the control and safeguard arrangements for information processing systems, external reviewers should implement a control framework for ICT risk management that includes IT and information security assessments and the testing of backup ICT systems to ensure business continuity. 

(10) To ensure that their opinion is based on a thorough analysis of information that is of sufficient quality and from reliable sources, external reviewers should apply in their assessment methodologies specific criteria for assessing such information. 

(11) To evaluate the quality of the information used, external reviewers should ensure that such information is complete, relevant, timely and based on reasonable assumptions, including by ensuring that such information provides a comprehensive representation of the bond-funded project considering the type and sector of economic activities. For this reason, the information should have a direct connection with the bond’s characteristics, offer an accurate reflection of the funded project, be up-to-date and consider forecasting limitations and inherent uncertainties. 

(12) To evaluate the reliability of sources, external reviewers should ensure that those sources provide objective and substantiated information. Sources should be credible and accompanied by documentation outlining the steps for information collection and processing, the approach regarding the revision of historical data where applicable, and any limitations affecting the source. External reviewers should give due prominence to information stemming from regulatory requirements or to information subject to independent assurance or certification, and to relevant internationally recognised standards, where available.

(13) - (23) utelatt.