There are frameworks and structures that exist today—we don't have to make this up—both Canadian and international. In Canada there is, essentially, a similar structure with respect to cybersecurity, in which signals are exchanged between institutions. A similar approach could be taken with fraud data.
Australia is an example. I think the committee heard from a delegate from Australia. That's a market where they've taken this approach. We try to learn from other jurisdictions, from Australia, in particular, the U.K. to a certain extent, and Singapore is another one. There are standards around how you structure that to minimize the invasiveness, from a privacy perspective, to ensure integrity and security, obviously. I would point to those as very real examples that we could adopt without having to build it from the ground up.
If I might just take 15 more seconds to give an example of how a data element would work in that scenario, part of the new capabilities we're deploying on RTR and on e-transfer is something called a risk list, which has certain data elements that have previously been associated with fraud. If we know a telephone number is previously associated with fraud and we can share that back into the system, that's something that a TSP could use to inform trying to filter through these bad actors. I talk always about how they're coming to me, but there are ways in which we could share back as well.