A licensee must submit to the CBB a report, prepared by the CISO and presented to the licensee's board of directors, at least annually, assessing the availability, functionality, and integrity of the licensee's electronic systems, identifying relevant cyber security risks to the licensee, assessing the licensee's cyber security program, and proposing steps for the redress of any inadequacies identified therein.