The ultimate responsibility for risk oversight lies with the Board of Directors. Senior management

and the board have the fiduciary and governance duty to ensure that an effective risk management

framework, including AML/CFT controls and cryptoasset-specific risks, is in place and functioning

properly.

The DFSA GEN Module and AML Module explicitly allocate the highest accountability for compliance

and risk oversight to the Board of Directors, while first and second lines support implementation and

oversight respectively. The Chief Risk Officer (CRO) supports risk management but the board

maintains ultimate accountability.

Key extracts:

GEN Module, Chapter 5: “Responsibility for compliance lies with every member of senior

management, with ultimate oversight by the Board.”

AML Module Section 1.2 & 4.1: “Senior management and Board must ensure appropriate systems

and controls for AML/CFT risk management.”

FATF Recommendation 2 underscores that senior management and boards are accountable for

effective AML governance【GEN/VER64/05-24: Chapter 5; AML/VER25/05-24: Sections 1.2, 4.1】.

Thus, D is the correct answer.