>> we have helped contribute to the developing of the naic and we certainly believe in the effectivenessthe ideas there. they're a great foundation, a necessary but not sufficient conditions. i think that an important element that we have implemented for ourselves is the appointment of a chief technology risk officer reporting to the enterprise chief risk officer as opposed to beg part of the technology organization. i think signature within technology you can't help being co-opted by you own proceed sure. this arriveds objectivity that looks across the organization at the weakest link in the chain weapon also incorporate the naist framework in the underwriting questions way pose to our potential insureds. we hope through that that's goal to really create some standardization, benchmarking. >> do you think we need framework 2.0? >> absolutely. >> and 3 and 4 and 5. it's going to have to be iterative. >> evolving all the time. you have a risk road map and you have created -- for everybody to talk the same language in cyber security they were not all talking similar language. it's a really

. >> real quickly, the anti-havings naics community out there, they have an important voice in all of a lot of times they get judged, don't get invited to the table but they're an important part of this. as a doctor, when someone walks into your office, i'm afraid to take a vaccine or i don't believe it in, what do you say? >> i spend a lot of time counseling patients about vaccination because i'm an obstetrician. vaccine science is something i talk about right off the bat. that is black and white. what about autism? i have a child with autism, 17 years old. don't you think i have done every possible research out there regarding to autism with every scientist. i will tell you there is no link between autism and my son, with, with the vaccinations. so take that off the table. now, legitimate questions are vaccines good forever? no, they're not good forever. you need boosters. can you get a side-effect? yes you can get fever or a rash. is it 100% effective preventing disease? no. sometimes it fails. vaccine catches on with maybe 70 to 80% coverage of the those are all legitimate questio

>> well, we've helped contribute to the developing of the naic, and so we certainly believe that in the effectiveness of the ideas there. they're a great foundation, a necessary but not sufficient condition. i think that an important element that we have implemented for ourselves is the appointment of a chief technology risk officer reporting to the enterprise chief risk officer as opposed to being part of a technology organization. because i do think that sitting within technology, you can't help being co-opted by your own procedures. so this provides some objectivity that looks across the organization at the weakest link in the chain. and we also incorporate the nist framework in the underwriting questions that we pose to our potential insured. so we hope through that that's going to really create some standardization, some benchmarking, as ajay said. >> ajay and peter do you think we need framework 2.0? >> absolutely and three, and four and five. it's going to have to be iterative. >> evolving all the time. you have a risk road map and you have created what i would call a storm for e

we consult closely with the naic and with state insurance regulators and the federal insurance office. we are gaining experience because we're in our fourth annual supervision cycle of savings and loan holding companies, many of which are -- some of which have significant insurance activities and, of course, we're several insurance companies have been designated and we're supervising those as well. we are taking the time and doing the work that's necessary to understand their unique characteristics and fully plan to tailor our supervision and capital and liquidity requirements for those insurance companies to make our supervisory regime appropriate. they're very important differences between the risks faced by insurance companies and banking organizations. we have undertaken a quantitative impact study and are actively engaged in working with the firms we'll be supervising to understand the unique characteristics of their operations before promulgating supervision regime. >> thank you. you've answered my third question as well. so i'll just go to the second question at this point then

we consult closely with the naic and state insurance regulators and the federal insurance office.vision cycle of savings and loan holding companies, many of which are, some of which have significant insurance activities and of course we are several insurance companies have been designated as -- and we're supervising those as well. we are taking the time and doing the work that's necessary to understand their unique characteristics and fully plan to tailor our supervision and capital and liquidity requirements for those insurance companies to make our supervisory regime appropriate. they're very important differences between the risks faced by insurance companies and banking organizations. we have undertaken a quantitative impact study and are actively engaged in working with the firms we'll will supervising to understand the unique characteristics of their operations before promulgating supervision regime. >> thank you you answered my third question as well. will the fed issue an advanced notice of rule making before issues proposed rules on -- >> yes, we will issue proposed rules