• Koy now / amended controls have boon identified and clearly described (including what the control activity is, why it takes place at the right time, adequate frequency, what its typo is (manual vs automated, detective vs preventive), how it is evidenced). These controls are operational and have an owner identified who is suitable (adequate seniority, skies as well as adequate segregation of duties). Where relevant, cover arrangement is in place to enable sustained operation in the absence of the control owner • These key controls together with additional romodiation activity of legacy conorns whore applicable fully mitigate the finding risk and address as root cause. • Where the finding owner has indicated new contra play a role in Fraud I Misconduct identification / remediation, ther effectiveness in that capacity is justified. • The new process, control or methodology have appropriately been documented to g KOP. desktop procedure or methodology document). including roles and responsibilities • Relevant policies / procedures have been approved, and the approval evidence was provided. It includes details of who (role or forum) approved the documents I new process and this seems appropriate. It has been mentioned in the template if no formal approval is required. • Amended policies / procedures where applicable have been published on the Policy Portal. The latest version has been provided. • Where finding remodation includes a model change, evidence was provided that relevant model change governance has been followed (validation approval as per the Model Risk PolloY). • Reath/ton appears to be sustainable based on the finding owner documentation. For F3- F4 findings and obligations. this is evidenced by submission of the adequate number of sample/evidence of the operation of the control as per appendix 2 for each new/materially amended key control. • Where relevant, the necessary communication / training has been given on any revised proce