An operational risk analyst at a large bank is preparing a year-end report of the bank's operational loss events. The analyst uses the Basel operational risk taxonomy to classify different events into Level 1, Level 2, and Level 3. As part of this process, the analyst considers the following four events that occurred during the year:

• A sales representative in the lending department forged a senior manager's signature to approve an application for a large commercial loan that defaulted.
• The bank failed to deliver sufficient collateral to support a swap position, which was later terminated at a loss.
• Several managers in the bank's wealth management group were found to have misused confidential customer information by sharing this information with other employees and a third-party vendor representative.
• Some personal customer information was stolen in a cyber-attack in which an external hacker broke into a database stored in the cloud.

In classifying the four events and considering the Basel taxonomy in general, which of the following actions would be most appropriate for the analyst to take?