This legislation would be a bit different from what we currently have in place for reporting. Under our reporting protocol, banks report to us. If something happens, we have a mechanism for them to indicate to us within 24 hours that an incident has occurred.
Here, with this legislation, the reporting would be to a cybersecurity centre, so there would basically be dual reporting. We'd have to figure out, for example, how we effectively and efficiently facilitate that, because we have a form for reporting and there would undoubtedly be one under this particular regime as well. However, that's something we would be able to tackle with banks to make sure that the reporting expectations were clear to both coordinate parts of government.