I think, Chairman, I would go back to one of the points I made earlier. I think Parliament legislatively has to impose obligations on financial institutions, in much the same way it has done with money laundering. It has to require them to do a variety of things. Right now, most of the things are done in the self-interest of the financial institutions. They tend to be pretty good, but we should up, significantly, our reporting of breaches and attempted breaches. There's a regulation, if I remember correctly, that requires that now. It's not as fulsome as it might be.
The Americans and the Brits, in particular, have severe penalties for institutions not reporting breaches. I don't know how we can expect to deal effectively with breaches if we don't know when they're occurring. I think it's better than it has been, but still.... So I would say imposing clear obligations on the institutions and reporting of breaches. Again, some of my former colleagues are going to kick me under the table, but I don't think we share enough classified information with the private sector. I think we do far better than we did 15 or 20 years ago, but if you take the most senior technological official in the Royal Bank—which happens to be where I bank, but I'm not trying to promote it—and you ask them to collaborate on cyber issues, and the Canadian official isn't authorized to share any classified information, I don't see how you can have a real dialogue. The States and the U.K. clear, from a classified information perspective, people in the private sector. I don't mean to suggest that we don't do any of this, because we do. I'm just arguing that we don't do enough of it. I would say those three things.