28. A recognized regulated entity must implement appropriate risk management procedures for the transactions carried out via its facilities or systems by the entity, by its members or by market participants, so as to ensure the security, performance and continuous accessibility of those facilities or systems.