. . . "These risk assessments should be completed for all business lines and staff functions such as human resources, information systems, or other areas responsible for ensuring compliance with applicable laws and regulations, as appropriate." . .