The IT Security Division Manager is responsible for implementation and administration of the program. The IT Security Division Manager will report to Executive Steering Board (ESB) at least annually on compliance by the Commission with the program. The report shall address material matters related to the program and evaluate the effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts. The ESB will approve any material changes to the program as necessary to address changing identity theft risks. (GMO 09-01 § VI)