When a cyber-event is occurring, do we want our people working on paperwork for regulators or do we want them, at that moment, working on securing the systems? First and foremost, we want to have people working on securing the systems, and then looking at the reporting requirements.
It's a question of easing the reporting and regulatory burden, number one. Number two, my concern is about duplication here. We already have reporting requirements. We're talking about now creating a second reporting regime as well.