Thank you, Mr. Chair.
At FINTRAC, when we do our compliance assessments and when we go out and do exams of our entities, those findings themselves, in terms of what we find within any entity, are not made public. We don't publicly release the findings of our entities. Our law does not allow that.
In terms of the discussions we've had here, we have indicated that there's always room to improve in any compliance assessment that we do on any entity. When we look at the reference of significant versus limited versus very significant, you're right that there were significant findings and deficiencies found in many of the exams we do.
It was initially set up as more of an audit approach, so we were counting deficiencies. If you missed an item on a report, it would be a deficiency. When you count up a number of minor deficiencies, you fall into what would be considered a significant area for attention, and we work with the entities to address those areas of attention.
The significant or very significant difficulties in the banks that we've examined, and in areas where historically there were significant difficulties or very significant deficiencies found, we've addressed through a number of different applications we use and a number of different enforcement actions we can take. We've worked directly. We've done outreach. We have action plans. We have follow-up examinations. We have AMPs. We also have NCDs, non-compliance disclosures, that we provide to the police if there are issues.
The reporting historically was an audit approach. We've now moved—and we have been moving over the last couple of years—to look at an assessment approach. While there may be deficiencies—