required to report violations or any significant abnormality to the person responsible for the information security incident management without delay; (3) put in place a disciplinary process to take action

damage the intermediary or the capital market or have an impact on the national security, and that they are required to report violations or any significant abnormality to the person responsible for the