I'll add that the insider threat is the number one concern of most chief risk officers, because of the magnitude of the event when it occurs. You know, the Edward Snowden discussion comes up often in terms of national security. The idea that an insider has access to privileged information is always a concern.
There is a discussion around enhanced monitoring under what we call powerful users, people who have—to Mr. Green's point—powerful privileges inside the organization, and making sure to mitigate the risks.
So one account is frauded, that's a mitigated risk, and there's a certain risk tolerance you have to have internally. You can't guarantee that nobody will do a bad thing, but you can minimize the impact and do some basic training and awareness.
When I was a member at Scotiabank the code of ethics, business conduct, know your customer, and anti-money and laundering training were mandatory. It is important to have that be a mandatory component and to at least give everybody the sense that you're here to do the right thing.