mr. clancy. there are multiple aspects and one is the transmission of the data and secondly once the data give to o f are how would be protected and the third piece of it, market participants brought up, who will have access to that data moving forward and how they will be able to use that data and the access they are bringing. those are areas that you have concern about. >> access to the data itself is one of the key questions both in terms of the appropriateness of what is done with the data and how it was exported as well as how you defend against it being misused. what we mentioned earlier in the panel is the celts were taken over. this happened to institutions and inside. access credentials were used illegal somebody else could potentially exploit the data that exists in those repositories. to that end expects high level of resilience to those attacks to be built into the design system, operation of the platforms used by ofr. >> we talked about financial services and small businesses and ind

mr. clancy, and others may want to come in on this. there's talk of the sharing of information between the institutions and the government as well, right? and in order to do so, have to have a high level of trust there and usually in life you want to earn trust before you execute on it. do you want to just briefly talk about ways to do that, to evidence the trust and to enhance ways to share that information between the levels? >> well, thank you, mr. garrett. >> and check your mic again. >> thank you, mr. garrett. >> thanks. >> so trust as you mention is slow to build and fast to be lost. the way we look at it is we started with anonymous reporting where you can remove the details of who was impacted but give the facts so that others can take action based on the facts. with the community, there are limitations and what we have seen as we did it is we started to get a small volume of activity but when a core small group of us got together who knew each other proncfessionall and socially, we said this is what really happened with that r

mr. clancy. there's multiple aspects. one is the transmission of the data and second, once the data gets to the ofr, you know, how will that be protected? and i guess the third piece of it and something the market participants have brought up is who will then have access to that the the moving forward in how they would be able to use it and access? those are areas that you have concern? >> i think access to the deed itself is one of the key questions both in terms of the appropriateness of what is done with that the study and how it is used and exported as well as how you defend against it being misused. what we mentioned earlier is the council are being taken over. this happens to the institutions and so if the accounts were taken, the access was used someone else could potentially exploit the data that existed in those repositories. to that end, we would expect a high level of resilience to those types of attacks to be built into the design systems operation of the platforms used for the data analysis mining. .. robust

mr. clancy. you are recognized for 5 minutes, and you are welcome. you want to pull them closer to you. yeah, they do not pick up that well. >> my name is mark clancy. i'm the corporate information security officer. dttc is a participant owned and government own ed cooperative. our operations and processes are to ensure the safe operation of the financial system. cyber crime is a significant threat to markets globally. a study showed that cyber crime accounts for more revenue than drug cartel income running into the hundreds of billions of dollars annually. the first attack is theft of confidential data, cyber criminals take over the accounts of a victim and directly steal the fund sas or use pump and du scams. they move the market and bid against themselves and anyone else they can lure into the scam. in recent years, they have witnessed data theft in the industry. attempt to give foreign entities an advantage in -- the second type of attack involves compromising the integrity of the financial system. the goal of the cyber crimes is to grind the financial system to a halt and disrupt n

mr. clancy, you might want to chime in on this. in order to do so, you have to have a high level of trust, and usually you want to earn trust before you execute on its. talk about ways to do that, to evidence the trust and enhance ways to share that information between levels? >> thank you, mr. garrett. trust is slow to build and fast to be lost a great the way be looked at it, we started with anonymous reporting. we have removed details of who was impacted, but get the facts so others can take action. there are some limitations in what we have seen. we started to get a small volume of activity, but when they small group of us got together who knew each other socially, professionally, and we said this is what is happening with that report, the greater context came out, and we built a model where we have people in the center who started out with relationships, and we extended that network. that committee chairs. -- shares. we have built additional rinks. we have started in 2011 and inner circle called an exchange for which is a grou

mr. clancy, you said something about enforcement. maybe this is beyond the scope, but how many of these people get caught? or do they? what happens? what is the penalty, and what happens? >> i do not have a specific answer on how many people were caught. the attacks happen in a time scale of minutes and hours. the law enforcement activity happens over months and years. the challenge is the difference between those two points and we respond to them. on the minutes, seconds, and hours from, you have to focus on mitigation. that is why we focus so much on information sharing. >> would anybody else like to -- ok. i yield back. >> thank you, mr. chairman. my question is for mr. weiss. consumers get a third party liability protection. they cannot lose more than $50 of electronic transfers. some level of talked about expanding that to business customers to help protect them from these account takeovers. that would shift the liability from financial institutions and potentially, i suppose, make the small businesses less interested in some of