Domestic drone service providers such as AMZN and FLT will be likelybeneficiaries of this theme due to a combination of cabotage advantage andhigh barriers to entry thanks to the strict regulatory environment while TSGand Aeryon are two private co’s with exposure to this theme. Notably, thecabotage law establishes a natural barrier for foreign drone delivery operators,allowing AMZN to become an enabler of drone penetration in the US and FLT tocapitalize on drone delivery in Canada upon regulatory approval. Meanwhile, TSGand Aeryon have established strong relationships with local regulators, whichappear to have paved the way for them to operate in strategic sectors such as lawenforcement, energy and infrastructure on data collection and real-time analysis.
The Sky Guys (TSG, private), a leading drone service company based in Toronto,is teaming with NVIDIA, IBM and University of Toronto to work with Ministry ofTransportation of Ontario (MTO) to develop an artificial intelligence-powered dronesolution to better enforce the usage of the 16.5km stretch of the high-occupancy toll(HOT) / high-occupancy vehicle (HOV) lanes along Ontario’s 400-series highways(LINK). TSG has been awarded $750k from Ontario Centres of Excellence for thisproject.
Article 44. Commercial banks should have in place a problem management and processing system to respond promptly to IT operations incidents， to escalate reported incidents to relevant IT management staff and to record， analyze and keep tracks of all these incidents until rectification of the incidents with root cause analysis completed. A helpdesk function should be set up to provide front-line support to users on all technology-related problems and to direct the problems to relevant IT functions for investigation and resolution.
Article 59. In implementing a relationship management framework， and drafting the service level agreement with the service provider， the commercial bank should have regarded to （but not limited to）：
Companies with exposures to this theme…AeroVironment (NR), Aeryon Labs (private), Amazon, AT&T, GraniteConstruction, Intel, NVIDIA, PG&E, Qualcomm, Splunk, and The Sky Guys(private) have exposure to the drone/AI theme as a revenue enabler (ie, delivery)and/or cost enhancer (ie, asset inspection). Listed Canadian companies such asDrone Delivery CA, Deveron UAS (NR), Kraken Robotics (NR) also haveexposure to the drone services theme.
Privacy concerns remain a hurdle to broader adoption but we think that companiessuch as TSG can eventually work alongside the regulators to formulate a mechanicthat can properly ensure privacy while carryout proper law enforcement.
Loss of failure of internal and external resources （such as people， systems and other assets）；
（3） Conduct appropriate due diligence of the service provider‘s financial stability， expertise and risk assessment of the service provider， facilities and ability to cover the potential liabilities；
# 11The impact of regulations on the supply and quality of care in child care markets
标签：1_美国托儿服务市场-对托儿所的管制-减少了市场上托儿服务供给尤其低收入地区-提高了托儿所服务质量尤其高收入地区 2_投入质量管制-质量保证效应-dominate-质量成本效应 3_2011_American_Economic_Review 4_Duck_V.Joseph.Hotz_hotz2011impact
[V. Joseph Hotz](), [Mo Xiao]()
`Objective` To determine their intended and unintended consequences, we examine the impact of child care centers regulations on the **child care service supply** in market and **child care centers quality**.
`Method` We exploit both individual establishments and local markets panel data to control for state, time, and, where possible, establishment-specific fixed effects to mitigate the potential bias due to policy endogeneity.
`Result` We find that the such regulations reduces the child care centers number, especially in lower income markets. However, such regulations increase the child care service quality , especially in higher income areas.
`Conclusion` Thus, there are winners and losers from the regulation of child care services.
## (1) Fact
One of the most notable and consequential recent trends in the US labor force has been the rise of women in the labor force, especially among those with young children`.`
The rise of women fueled a substantial expansion of the child care services market`.`
The increasing utilitzation of nonparental child care services had led to a policy interest in insuring these market-supplied services quality and safety`.` In United States, such regulations are almost exclusively the domain of states. States do not regulate the child care services quality directly, rather than input quality`.`
## (2) Literature
## (3) Objective
At issue is whether such regulations necessarily improve the young children and their parents well being. If not, why they may have unintended consequences. Provider input substitution effec, demander corss effect`.` First, because states regulate input quality, rather than output quality itself, the mapping between the service quality and the regulation stringency is indirect at best. Regulations can induce providers to engage in input substituion that leads to no, or possibly negative effect on the child care service quality`.` Second, to the extent that imposing regulations acturlly eliminates lower quality child care services, some parents and children may be priced out of the service market, or face inadequate service supplies`.` Finally, States regulate only part of the nonparental child care services market, and the these regulations stringency can vary across types of child care providers`.`
To determine the intended and unintended consequences of the child care regulation, we investigate the impact of imposing minimum standards on the input on supply and quality of such services`.`
## (4) Method (model, econometric, and data)
We have assembled a unique panel dataset obtained by merging child care center data (1987, 1992, and 1997) with state regulation data and child care centers accreditation data`.` The resulting dataset contains detailed establishment-level information as well as state-level child care regulations`.` Furthermore, we have gathered state-level data family day care homes (1987, 1992, and 1997) to examine the cross effects of center regulations on this alternative child care form.
## (5) Result.
We have three sets of findings.
[A,B]`regulation reduce child care centers number, reduce the availability of services in the center-based sector.` First, the imposition and greater stringency of child care centers regulations reduces the number of child care centers and thereby reduces such service provide. We also do not find that the day care centers that remain in business respond to these regulations by hiring more workers. Taken together, these findings indicate that regulations reduce the availability of services in the center-based sector. Moreover, this reduction is greater in markets with more poor households.
[C] `center regulation donot affect the family day care home number, increase their revenus, decrease the children well-being.` Second, we examine how regulating child care centers affects the family day care homes.
While more stringent regulation of child care centers has no effect on the numberof family day care homes in local markets, more stringent staff-to-child ratio requirements for child care centers do lead to higher revenues in family day care homes, with the larger increases in higher income markets.
[D] Third, in contrast to the negative effects of more stringent regulations on the availability of child care services in local markets, such regulations do increase the centers accreditation rates.
## (6) Conclusion
## (7) Contribution
Ours is not the first study seeking to estimate the causal effects of child care regulations on the child care supply side. But, Our data sources and econometric methods enable us to **provide a more comprehensive and robust assessment of the impact of regulation on the child care supply side** compared to the existing literature in several ways`.`
First, we are able to better address the identification of the causal effects of regulation on the child care provider's input choice`.`
We attempt to reduce, if not eliminate, such bias by exploiting child care centers and local child care markets panel data to control for state, time, and establishment-specific fixed effects in the empirical models`.`
Second, we exploit not only the across-state and over-time variation in the stringency of existing regulations, but also differences in whether states impose any regulations on certain dimensions of child care center operations`.` This allows us to distinguish between the marginal effect of changes in the a standard stringency, and the average effect of imposing a standard relative to imposing none`.` As has been noted in the recent treatment effects literature, these two effects measure different things and can have different signs`.`
Third, we investigate the indirect, cross effects of child care centers regulation on family day care homes in order to assess the spillover and possible crowd-out effects of regulating only part of the child care services market`.`
Finally, we examine whether the impacts of the regulation of child care centers differ by the local markets characteristics`.` In particular, we examine whether the imposition or stringency of regulations has different consequences for poorer versus wealthier markets in order to develop a better understanding of which consumers gain and which lose from regulating the child care services provision`.`
## (8) organization
## 3. Literature
To help frame our empirical investigations and findings, we briefly review the existing theoretical literature on **the effects of regulating the products quality on the firm behavior** and indicate the key differences in the child care market from the settings in this literature`.`
`the effect of regulation on the sevice supply and the firm profitability.`The theoretical literature most relevant for our work is on the quality effects of minimum quality standards and/or licensing`.` **Hayne E. Leland (1979), Carl Shapiro (1986), and Benjamin Klein and Keith B. Leffler (1981)** focus on the quality effects of minimum quality standards or licensing requirements in the presence of informational asymmetries between buyers and sellers`.` Assuming a competitive environment, they argue that imposing binding minimum quality standards increases the marginal cost of (higher quality) products, lead to low-quality firms exiting the market and deter their future entry`. `At the same time, the imposition of minimum quality standards increases, all else equal, the average quality available to consumers, thereby increasing their willingness to pay a higher price for these goods and services`. ` Which of these two effects—the cost-of-quality effect and the quality-assurance effect—prevails depends on the availability of substitutes for the product, how price-sensitive consumers are with respect to the products quality, and the relative importance of the marginal to fixed costs of quality`.`
`heterogeneity` Consumer welfare, the distribution of quality in a market, as well as the profitability of firms, are also affected by the market structure`.` For example, **Uri Ronnen (1991)and Claude Crampes and Abraham Hollander (1995)** find that imposing more stringent minimum quality standards can induce quality (and possibly price) competition among sellers in markets that are less than perfectly competitive`.` As a result, the quality of products of all firms in an industry, and not just those on whom the standards are binding, will increase, even if price competition between rivals may reduce the price of each firm’s product`.` As a result, consumers are better off, and their demand for all products will increase`. ` More recently, **Paolo G. Garella and Emmanuel Petrakis (2008)** have shown that this strategic, quality-increasing and consumer welfare-increasing response to imposing minimum quality standards is sensitive to the degree of substitutability of products, the share of consumers in the market with limited information, and the presence of variable costs of producing quality`.`
`effect of regulation on the service quality`There are two important features of the child care market and its regulation that are not adequately captured in the existing theoretical literature`.` First, as noted above, states do not regulate the child care services quality directly`.` Rather, they regulate the production of these services by imposing restrictions on the inputs used such as imposing minimum staff-to-child ratios for children in different age groups`.` Complications immediately arise from regulating inputs rather than quality directly as regulating inputs may distort care providers’ incentives concerning input use and substitution`.` With such distortion, the success of these regulations in increasing and maintaining the quality of care provided in the child care market becomes questionable`.` In the empirical analysis below, we explicitly investigate what happens to the quality of child care provided in local markets subject to more stringent child care regulations on inputs used in the production of such services`.`
`effect of regulation on the alternative option` Second, the existing theoretical literature does not adequately characterize the alternative options facing parents when assessing the impact of more stringent regulations on their choice of child care services`.` As noted in the introduction, the child care market consists of two types of providers, child care centers and family day care homes that are subject to different regulations. Moreover, there are other options for the care of young children available to parents—such as the use of relatives or babysitters—that are not directly regulated at all. These “outside options”
for child care services make the evaluation of welfare effects of imposing more stringent regulations on a subset of the providers in the child care market more complicated`.` For example, one might expect that more stringent regulations of child care centers would induce parents to move their children into the family day care sector`.` To the extent that there is capacity to absorb these children, evidence of reductions in available supply in the child care center sector would not necessarily imply any reduction of parents’ access to market-based child care services`.` Moreover, the presence of these alternative forms of care is likely to influence the strategic response of firms in the regulated (or more highly regulated)sector in ways that are not captured by the above simple models`.` For example, more-regulated firms may want to switch to operate in the less regulated sector of the industry`.` A full exploration of how the imposition of regulations affects the behavior of firms and the well being of consumers in the presence of segments of markets that are differentially regulated is beyond the scope of this article`.` However, we do explore the extent to which regulations of child care centers affect the availability of child care in the less regulated, loosely structured sector of the market, family day care homes`.`
## 4. Model
**Optimal decision rule**
## 5. Econometric
In this section, we briefly outline our estimation strategy and describe the alternative measures of the effects of regulation.
As we noted in the introduction, there is a potential for bias in the estimation of the causal effects of regulation stringency on the child care market. The most challenging source of such bias is “policy endogeneity” (Timothy Besley and Anne Case 2000), i.e., the possibility that state policies are influenced by (or correlated with) unobserved state-level factors or conditions that influence the behavioral outcomes under investigation. Then failure to control for the potentially unobserved differences in the distribution of tastes across states—as well as other differences across states and over time—will result in biased estimates of the effects of policy on the outcomes of interest.
To mitigate the influence of this type of policy endogeneity, we exploit two features of our data.
>* First, we control for a rich set of observable establishment and market-level characteristics.
>* Second, we exploit our panel data on establishments and local markets to control for state, time, and, where possible, establishment fixed effects in these regression models. Including establishment fixed effects in these models not only controls for time-invariant state-specific sources of unobserved heterogeneity, but also controls for time-invariant establishment level factors
More precisely, for market-level analyses we can estimate regressions of the following form:
The inclusion of state and establishment fixed effects implies that our effects of regulations are identified holding constant any time-invariant differences across marketsin (1)and any time-invariant differences across establishmentsin (2). The inclusion of year fixed effects implies that we also hold constant any shocks which hit all the states in the same year. Our data allow us to support a richer set of strategies to mitigate policy endogeneity bias than any previous attempts to estimate the effects of regulations on the availability or quality of child care services.
## 6. Data
We combine several sources to create a unique panel dataset of child care centers, family day care homes, NAEYC accreditation, and state regulation.
We obtain establishment-level data for all child care centers in 1987, 1992, and 1997.
We only obtain the state-level data for family day care homes.
We don't have data for other child care form (grandparents, babysitters and nannies).
### Child care markets
We use zip codes as our measure of local market. In order to assess the robustness of our findings, we conducted all of our analysis using zip-code bundles and counties.
In order to characterize differences in the population residing in our local market, we use the 1990 and 2000 census data to construct market-level measures of the demographic characteristics.
### Child care centers
We obtain establishment-level data for all child care centers in 1987, 1992, and 1997. After merging the 87, 92, and 97 child care centers data, we ended up with a panel dataset with approximately 150,000 establishment-year observations. We also organized our data into zip code level, zip code bundles level and counties level. Based on the zip-code definition, we had approximately 10,000 markets for 87, 92, and 97.We provide summary statistics for the resulting establishment- and market-level data in Tables 1 through 5.
Table 1 summarize establishment-level characteristics of child care centers.
Table 2 summarize market-level characteristics of child care centers.
Table 3 summarize market-level demographic characteristics.
### Family day care homes
Given the structure of the child care industry, it is important to assess whether child care centers regulation leads to changes in family day care homes number.
We only have state-level family day care homes data, including number of providers, the total revenues of providers in a state in a given year.
We donot have comparable measures of the their services quality.
Nonetheless, we are able to analyze the spillover effects of child care centers regulations on several aspects of the operations in family day care homes.
Table 5 present descriptive statistics for family day care home establishments for the years 1987, 1992 and 1997.
### NAEYC accreditation data
We determine the accreditation status of establishments in 87, 92 and
- We also used the NAEYC data to measure the fraction of accredited child care centers, or accreditation rate by year for each local markets.
Table 4 recorded the establishment and market level accreditation rates.
### State child care center regulations data
In the analysis presented below, we focus on the effects of state regulations of the labor intensiveness and staff qualifications of child care centers.
We use tow alternative strategies to characterize state regulations.
Under one strategy, we make use of sets of representative standards for labor intensity and staff qualifications, such as staff-child ratio requirements for infants and the ducation requirement for directors, since most states regulate these dimensions, and they differ across states.
Following Blau(2003), we also construct summary indices of the stringency of state standards for labor intensiveness and staff educational qualifications. In particular, for staff-child ratio requirements, we average the requirements for the six age groupings and , for staff qualifications, we use the average of the number of years of schooling required for center directors and teachers.
## 7. Result
Tables 7 through 12 present results on the effects of state child care centers regulations on the supply and quality of child care services`.` To keep the size of these tables manageable, we report only the coefficients on our regulation variables and their interactions in the local markets`.` For every table, we include two panels: the upper panel (panel A) presents estimates of the effects of specific regulation. The bottom panel (panel B) presents estimated effects of the regulation stringency indices`.`
We begin by making some general observations about our empirical findings`.` First, we consistently find that the estimated effects of regulations (marginal effects and average treatment effects)that control for time, state, and/or establishment fixed effects are markedly different from those that do not. For example, the estimated effects results often switch signs when we control for fixed effects. Furthermore, unlike in Blau (2007), we do not find that controlling for fixed effects systematically renders the estimated effects of regulations to be statistically insignificant. Rather, for many outcomes, regulations do significantly affect firm behavior`.`Second, the signs and statistical significance of the effects of regulations on firm and market-level outcomes are not very sensitive to whether we use direct measures of regulations or the regulation stringency indices. our results are not sensitive to whether we hold constant measures of regulations on other dimensions of the production of child care services or whether we control for indicators of whether a state actually imposed any regulatory restriction`.` Finally, our reulsts are also robust to the zip codes-level, zip code bundles level, counties level markets.
### A. Effects of Center Regulations on Number of Child Care Centers
As we noted in Section 1, one cannot sign the effects of imposition or stringency of regulation on the child care services supply. They depend on the balance between the increased costs of complying with regulations and the increased willingness of consumers to pay higher prices. Moreover, the fact that inputs, rather than quality, are regulated implies that the mapping between the quality of services and the stringency of regulations is not direct. In this section, we examine estimates of the net effect of these forces on the child care services supply as measured by the number of establishments per local market.
`regulation reduce the number of child care centers`Table 7 present results on the effect of regulations on the number of child care centers in the zip codes level markets`.` The regressions both without and with state and time fixed effects (column 1-4)show that the average effect and the marginal effect of increasing the stringency of this standard significantly reduce the number of establishments, although the average effect of the minimum staff-child ratio regulation is not statistically significant`. `
The estimated effects of child care regulations on the availability of child care centers in Table 7 are not uniform across different markets`.` In column 5 of Table 7, we provide estimates of the interaction of the various regulations with the median household income in the local markets`.`
`Conclusion`Overall, we find consistent evidence that the imposition of and tightening of minimum staff-child ratios lead to a reduction in the availability of child care centers in local markets. Our findings with respect to the effects of minimum educational requirements on the supply of centers to local markets are somewhat less consistent in that statistical significance varies by which type of effect one considers and somewhat by household income. Nonetheless, we do find evidence that, on average, imposing minimum requirements on the educational qualifications of center staff reduces the availability of centers in local markets.
### B. Effects of Center Regulations on size of Child care Centers
The previous section established that the imposition and increased stringency of child care regulations reduce the number of child care centers available in local markets`.` However, these findings do not imply that the capacity of center services in these markets is necessarily reduced, since the remaining providers could increase the labor they use, and thus the size of their operations, in response to changing regulations and possibly completely offset the loss of centers`.` More generally as noted by Blau (2007), child care centers may adjust their labor inputs in response to changes in these regulations, regardless of whether such responses increase or decrease the production of child care services`.` Accordingly, we directly examine the effects of the stringency of state child regulations on the number of employees per child care establishment using establishment-level data`.` The results of this analysis are presented in Table 10`.` While we do find significant effects of regulations when we do not control for establishment fixed effects (columns 1 and 2), none of these effects is statistically insignificant once these fixed effects are included in the regressions (columns 3 and 4). The latter findings suggest that the centers that remain in business do not fully comply with states’ minimum staff-child ratios orthat these centers end up reducing the number of children they cared for. Our data do not allow us to sort out these alternatives, since we do not have information on the number of children enrolled in a child care center. But, taken together with our evidence that the number of establishments decline as a result of the imposition of and increased stringency of state regulations, these findings do point to the conclusion that such changes in regulations reduce the supply of centerbased child care services in local markets.
### C. Effects of Center Regulations on Family Day Care Homes (cross effect)
**As we noted in section 1**, the child care centers regulations either increase the center-based services price and/or otherwise reduce their supply, thereby increase the demand for non-center-based child care services`.` **In this section**, we examine the evidence on whether this "crowding in" to family day care home occurs and asses its likely consequences for the well being of children and their parents`.`
In Table 11 and column 2 of Table 8, we present estimates of the marginal and average effects of state child care center regulations on the number of family day care homes (nonemployer establishments)per 1,000 children under age five in a state to determine how child care center regulations affect the supply of family day care homes`.` We also present estimates of effects of regulations on the average annual revenues per family day care home`.`
### D. Effects of Center Regulations on quality of Child Care Centers
We next examine whether child care center regulations achieve their goal of increasing the child care services quality.
Existing theories of regulation suggest that whether regulation promotes the quality of child care services depends on whether the quality-assurance effects of such regulations outweigh the greater costs of producing higher quality services.
Furthermore, as noted by Blau (2003), child care regulations affectting the input quality, and not service quality itself, implies that imposing or tightening regulations could induce substitution toward other inputs and have little or no effect on quality.
Finally, the models of Ronnen (1991)and others suggest that imposing or tightening minimum quality standards can induce quality competition in less perfectly competitive markets.
In the following analysis, we focus on the average and marginal effects of regulation on the center-based care quality in local markets.
We present, in `Table 12`, estimates of the average and marginal effects of child care regulations on market accreditation rates of child care centers in local markets. we also estimated the effects of regulation on the probability of child care centers accredited using establishment-level data. In most cases, the signs and statistical significance of the average and marginal effects were the same as those presented in Table 12.
`result`We find that the imposition of and increased stringency of minimum staff-child ratio requirements significantly increase the rates of accreditation in local markets. `2`We also find that the marginal effects for both of our measures of minimum educational requirements for child care center staff in panels A and B are negative, although the marginal effect of our average measure of these requirements (panel B)is not statistically significant. `3` Furthermore, our estimates of the average effects of these regulations are either positive or negative but are not statistically significant.
`conclusion`Thus, our evidence indicates that the imposition of either type of regulation increases the quality of center-based care available in local markets. This is consistent with the quality-assurance effect dominating the cost-of-quality effect among typical consumers and with the regulation of these inputs actually improving the quality of child care. It is also consistent with Ronnen’s prediction that imposing minimum quality standards will not only reduce the provision of low-quality services but also will generate strategic increases in the quality provided by already high-quality centers. Recall that attaining NAEYC accreditation requires a center to meet a set of minimum standards for its operation that are well above the minimum standards imposed by any state.
`result`Finally, based on the estimates of coefficients on the interactions of the regulations with the median household income in Table 12, we find that any increases in the quality of center-based care that result from the imposition of these regulations accrue only to high income markets (Table 8, column 3), although the interactions with income are statistically significant only for the average minimum educational requirements measure in panel B of Table 12. In fact, the effect of imposing these standards on quality is consistently negative in very poor local markets.
`conclusion`The latter findings suggest that any quality-assurance effects of imposing regulations are swamped by the effects of the higher costs of quality among the poor.
## 8. Conclusion
>* `data/Census_data`: include demographic variables as control variables
the main data sets are zip-code level `c1990_clean.dta` and `c2000_clean.dta`, a stata program `Census_clean.do` explain the construction of zip-code level demographic variables.
>* `data/Childcare_nonemployer_data`: contains the child care non-employer variables
>* NAEYC Accreditation:
>* child care center data:
-> extract child care establishments from 87, 92 and 97 Census CSR and SSEL files (`estract.sas`)
-> concatenates 87, 92 and 97 census data (`merge.sas`)
-> match the cunsus data with the NAEYC, demographic and regulation data (`matching.do`). all other STATA do files are called from matching.do
-> aggregates individual establishments to the zip code level(`analysis9_aer.do`), the zip bundle level (`analysis9_aer_zbundle5*.do`), the zip bundle level (`analysis9_aer_zbundles10*.do`), the county level(`analysis9_aer_cnty.do`)
-> generates descriptive statistics(`analysis9_aer_descriptives.do`)
-> calculates orbust standard errors, clustering at the state level instead of at the state-year level.(`analysis9_aer_STCLUST*.do`)
-> perform analyses using an alternative definition fro missing state minimum education requirements regulation requirements
We consider these recent cases to be incrementally supportive of the growingpenetration of drone services in North America although we acknowledge thatwe are still in the early stage of scaled drone deployments and that concerns onprivacy, safety and security still need to be addressed in order for the regulators gaingreater confidence in their operational feasibility.
We consider this to be a good indicator of the growing interest by theprovincial government to utilize drone-based solutions as a way to properlyenforce traffic regulations, collect revenue and lower personnel cost. Currentenforcement of the HOT/HOV lanes involves manual visual by the law enforcementagencies, which is a daunting task given the number of vehicles traveling on the400-series highways and the difficulty associated with proper enforcement in poorweather conditions such as rain and snow. Drone-based solutions could cover abroader area and longer distance without requiring a large number of personnelwhile the AI-enabled image recognition that is designed to detect and analyse thenumber of passengers can ensure a more proper enforcement.
The extent to which the service provider must comply with the commercial bank‘s polices and procedures covering IT Risk；
a） Resource requirements such as people， systems and other assets， and arrangements for obtaining these resources；
More important, TSG’s collaboration with MTO illustrates the importance ofArtificial Intelligence in the future of monitoring/inspection and as adifferentiator from the other aerial-based drone services. We recently met withTSG and were impressed by the company’s impressive list of clientele, provenbusiness model across multiple sectors and the fact that it is one of few droneservice providers in Canada that is actively investing in artificial intelligence incollaboration with industries leaders such as NVDA and IBM (LINK). Going forward,we can expect more Canadian drone service providers to move beyond simpleaerial imagery but to adopt AI in their respective verticals (ie. agriculture,underwater) by leveraging big data in order to gain a sustainable advantage.
Information security event management
Chapter XI Supplementary Provisions
Drone-based road monitoring is already being used in France and has proven tobe an effective toll in traffic enforcement. We note the Bordeaux police force havebeen using drones for traffic enforcement over the past several months as a low-costalternative to helicopters, and drones have so far been proven as an effectivecomplement to local law enforcement, stopping 10-15 trucks per hour that violatecommon traffic laws compared with the single-digit rate under manual monitoring(LINK). We think Canada may be on the path to adopt similar measure given ouroutsized landmass and limited number of enforcement personnel.
Article 13. Commercial banks should， in accordance with relevant laws and regulations， disclose the risk profile of their IT normatively and timely.
Article 73. Commercial banks with no board of directors should have their operating decision-making bodies perform the responsibilities of the board with regard to IT risk management specified herein.
Drone Delivery Canada (FLT CN, OP, TP: $1.00) is already implementing earlyforms of AI but we think the future progression will be to leverage flight and weatherdata so that drones can operate more efficiently as they operate out of sight. This isparticularly important when larger drones such as the Flyox model that can carry>1 ton of payload are being utilized. Other Canadian-listed companies that areexposed to this theme include Deveron UAS (DVR CN, NR), Kraken Robotics(PNG CN, NR), Global UAV Technology (UAV CN, NR).
Article 50. Commercial banks should have in place appropriate arrangements， having regard to the nature， scale and complexity of its business， to ensure that it can continue to function and meet its regulatory obligations in the event of an unforeseen interruption. These arrangements should be regularly updated and tested to ensure their effectiveness.
Article 25. Commercial banks should secure the operating system and system software of all computer systems by
The related staff of service provider should be authorized on ;need to know; and ;minimum authorization; basis；
（1） Formal business continuity plans that outline arrangements to reduce the impact of a short， medium and long-term disruption， including：
The CIO should also be responsible for the establishment of an effective and efficient IT organization to carry out the IT functions of the bank. These include the IT budget and expenditure， IT risk management， IT policies， standards and procedures， IT internal controls， professional development， IT project initiatives， IT project management， information system maintenance and upgrade， IT operations， IT infrastructure， Information security， disaster recovery plan ， IT outsourcing， and information system retirement；
（3） The CIO should also be responsible for the establishment of an effective and efficient IT organization to carry out the IT functions of the bank. These include the IT budget and expenditure， IT risk management， IT policies， standards and procedures， IT internal controls， professional development， IT project initiatives， IT project management， information system maintenance and upgrade， IT operations， IT infrastructure， Information security， disaster recovery plan （DRP）， IT outsourcing， and information system retirement；
Requiring technical staff to include important items such as unsuccessful logins， access to critical system files， changes made to user accounts， etc. in system logs， monitors the systems for any abnormal event manually or automatically， and report the monitoring periodically.
（3） Approving IT risk management strategies and policies， understanding the major IT risks involved， setting acceptable levels for these risks， and ensuring the implementation of the measures necessary to identify， measure， monitor and control these risks.
Ensuring the appropriating funding necessary for IT risk management works；
Article 37. Commercial banks should ensure that Information system problems could be tracked， analyzed， and resolved systematically through an effective problem management process. Problems should be documented， categorized， and indexed. Support services or technical assistance from vendors， if necessary， should also be documented. Contacts and relevant contract information should be made readily available to the employees concerned. Accountability and line of command should be delineated clearly and communicated to all employees concerned， which is of utmost importance to performing emergency repair.
Article 63. Depending on the nature， scale and complexity of its business， it may be appropriate for the commercial banks to delegate much of the task of monitoring the appropriateness and effectiveness of its systems and controls to an internal audit function. An internal audit function should be adequately resourced and staffed by competent individuals， be independent of the day-to-day activities of the commercial bank and have appropriate access to the bank‘s records.
（1） Encryption facilities in use should meet national security standards or requirements；
b） The recovery priorities for the commercial bank‘s operations； and
Article 17. Commercial banks should implement a comprehensive set of risk mitigation measures complying with the IT risk management policies and commensurate with the risk assessment of the bank. These mitigation measures should include：
Chapter XI Supplementary Provisions
（1） Pre and post-implementation review of IT projects；
Article 3. The term ;information technology; stated in the Guidelines shall refer to the system built with computer， communication and software technologies， and employed by commercial banks to handle business transactions， operation management， and internal communication， collaborative work and controls. The term also include IT governance， IT organization structure and IT policies and procedures.
Article 69. Commercial bank should communicate with the service provider in depth before the audit to determine audit scope， and should not withhold the truth or do not corporate with the service provider intentionally.
Article 70. CBRC and its local offices could designate certified service providers to carry out IT audit or related review on commercial banks when needed. When carrying out audit on commercial banks， as commissioned or authorized by CBRC or its local offices， the service providers shall present the letter of authority， and carry out the audit in accordance to the scope prescribed in the letter of authority.
Article 74. The China Banking Regulatory Commission supervises and regulates the IT risk management of commercial banks under its authority by law.
Consider how it will ensure a smooth transition of its operations from its current arrangements to a new or changed outsourcing arrangement （including what will happen on the termination of the contract）； and
Chapter V Application System Development， Testing and Maintenance
Analyze how the arrangement will fit with its organization and reporting structure； business strategy； overall risk profile； and ability to meet its regulatory obligations；
（2） Consider whether the arrangements will allow it to monitor and control its operational risk exposure relating to the outsourcing；
Article 72. Commercial banks should ensure the service providers to strictly comply with laws and regulations to keep confidential and data security of any commercial secrets and private information learnt and IT risk information when conducting the audit. The service provider should not modify copy or take away any documents provided by the commercial banks.
（4） Access control policy
Chapter X External Audit
（3） Setting up a system of approval， verification， and monitoring procedures for using the highest privileged system accounts；
Consider any concentration risk implications such as the business continuity implications that may arise if a single service provider is used by several firms.
Information security policy should include the following areas：
Article 53. Commercial bank should document its strategy for maintaining continuity of its operations， and its plans for communicating and regularly testing the adequacy and effectiveness of this strategy. Commercial bank should establish：
Article 51. Commercial banks should consider the likelihood and impact of a disruption to the continuity of its operation from unexpected events. This should include assessing the disruptions to which it is particularly susceptible including but not limited to：
c） Inadequate provision of services that may lead to the commercial bank being unable to meet its regulatory obligations.
（5） Arrangement with vendors and business units for periodic review of service level agreements （SLAs）。
- A system of approvals and authorizations； and
（4） All outsourcing arrangements related to customer information should be identified as material outsourcing arrangements and the customers should be notified；
Arrangement with vendors and business units for periodic review of service level agreements The possible impact of new development of technology and new threats to software deployed.
（3） To verify compliance with those recommendations；
Ensure service provider guarantee its staff for meeting the confidential requests；
（5） Physical security policy
Pre and post-implementation review of IT projects；
Article 13. Commercial banks should， in accordance with relevant laws and regulations， disclose the risk profile of their IT normatively and timely.
Article 71. Once the IT audit report produced by the service providers is reviewed and approved by CBRC or its local offices， the report will have the same legal status as if it is produced by the CBRC itself. Commercial banks should come up with a correction action plan prescribed in the report and implement the corrective actions according to the timeframe.
a） A change of ownership or control of the service provider or commercial bank； or
Chapter IV Information Security
Promoting changes of program or system configuration from development and testing systems to production systems should be jointly approved by IT organization and business departments， properly documented， and reviewed periodically.
（4） Requiring verification of input or reconciliation of output at critical junctures；
To verify compliance with those recommendations；
Chapter IX Internal Audit
- Access granted on ;need to know; and ;minimum authorization; basis；
（6） Ensure all related sensitive information be refunded or deleted from the service provider‘s storage when terminating the outsourcing arrangement.
System development， testing and maintenance policy
（6） Performing other related IT risk management tasks.
The eva luation of performance through service delivery reports and periodic self assessment and independent review by internal or external auditors； and
（1） Effectively separated from other customer information of the service provider；
Ensuring the effectiveness of IT risk management throughout the organization including all branches.
（5） The extent to which the service provider must comply with the commercial bank‘s polices and procedures covering IT Risk；
Article 29. Commercial banks should put in place an effective and efficient system of securing all end-user computing equipment which include desktop personal computers ， portable PCs， teller terminals， automatic teller machines ， passbook printers， debit or credit card readers， point of sale terminals， personal digital assistant ， etc and conduct periodic security checks on all equipments.
（1） Loss of failure of internal and external resources （such as people， systems and other assets）；
Setting high ethical and integrity standards， and establishing a culture within the bank that emphasizes and demonstrates to all levels of personnel the importance of IT risk management.
Article 21. Commercial banks should put in place an information security management function to develop and maintain an ongoing information security management program， promote information security awareness， advise other IT functions on security issues， serve as the leader of IT incident response team， and report the evaluation of the information security of the bank to the IT steering committee periodically. The Information security management program should include Information security standards， strategy， an implementation plan， and an ongoing maintenance plan.
（4） Personnel security
b） Significant change in the business operations of the service provider or commercial bank； or
（3） Network protocols and ports used by the applications and network equipment deployed within the domain；
Article 25. Commercial banks should secure the operating system and system software of all computer systems by
Article 45. Commercial banks should establish service level agreement and assess the IT service level standard attained.
Requiring verification of input or reconciliation of output at critical junctures；
（9） Information security event management
The processes for making changes to the outsourcing arrangement and the conditions under which the commercial bank or service provider can choose to change or terminate the outsourcing arrangement， such as where there is：
（13） Cooperating with the CBRC and its local offices in the supervisory inspection of the risk management of information systems， and ensure that supervisory opinions are followed up； and
Nature of the domain， i.e. production or testing， internal or external；
Article 32. Commercial banks should have the capability to identify， plan， acquire， develop， test， deploy， maintain， upgrade， and retire information systems. Policies and procedures should be in place to govern the initiation， prioritization， approval， and control of IT projects. Progress reports of major IT projects should be submitted to and reviewed by the IT steering committee periodically. Decisions involving significant change of schedule， change of key personnel， change of vendors， and major expenditures should be included in the progress report.
Requiring the input and output of confidential information are handled in a secure manner to prevent theft， tampering， intentional leakage， or inadvertent leakage；
（4） Consider how it will ensure a smooth transition of its operations from its current arrangements to a new or changed outsourcing arrangement （including what will happen on the termination of the contract）； and
Communication and operation security
（6） The possible impact of new development of technology and new threats to software deployed.