QUESTIONS AND ANSWERS ABOUT THE FDIC'S INTERNAL YEAR 2000 PROGRAM

Q.1 What is the Year 2000 compliance status of the FDIC's systems and interfaces with financial institutions? Is the system that calculates insurance coverage for individual deposits Year 2000- compliant?

There is no automated system that calculates insurance coverage for individual accounts to determine payoff amounts as a result of a bank closing. However, the FDIC has several applications that process financial institution data that may have Year 2000 implications:

* Call Processing System (CALL). CALL processes the quarterly survey of financial institution income, assets, and liabilities. The system stores data in a four-digit format. CALL renovation is complete and the system will undergo validation testing during the fourth quarter of 1998.

* Summary of Deposits - Banks (SOD). SOD processes the survey of deposit data of all FDIC-insured commercial banks, FDIC-supervised savings banks, and U.S. foreign bank branches. Changes have been made to make SOD Year 2000 compliant. SOD will undergo validation testing during the fourth quarter of 1998.

* Annual Report of Trust Assets System (ARTAS). ARTAS processes the survey of financial institution trust assets. The system has been renovated to make it Year 2000 compliant. It will undergo validation testing during the fourth quarter of 1998.

* Assessment Invoice Management System (AIMS). AIMS supports the FDIC's new quarterly assessments invoicing and collection process. Prior to the development of AIMS, insured institutions calculated their own assessments and provided payment via check to the FDIC semiannually. With the implementation of AIMS (Phase 1), the FDIC is now able to calculate, invoice, and collect assessments from insured institutions on a quarterly basis. AIMS also supports the FDIC's "rolling" adjustment process by identifying changes to the variables used in calculating a prior quarter's assessment and invoicing the necessary adjustment(s) and interest during the subsequent quarter. AIMS has been certified as Year 2000-compliant and has recently completed validation testing.

* Risk Related Premium System (RRPS). RRPS assists the FDIC in determining an insured institution's placement in the RRPS matrix, which is used to determine the premiums an institution is charged for FDIC insurance. RRPS has been renovated and will undergo validation testing in October 1998.

* Uniform Bank Performance Reports (UBPR) System. The UBPR system provides an integrated view of an institution's financial data. The system is produced under the auspices of the Federal Financial Institutions Examination Council as a uniform interagency report to be used as a surveillance tool by the FDIC, the Office of the Comptroller of the Currency, and the Federal Reserve Board. The UBPR system has been renovated and will undergo validation testing during the fourth quarter of 1998.

Q2. Does the FDIC have an internal Year 2000 compliance project?

Yes. In January 1997, the FDIC created the Millennium Information Technology Strategies Section (MISS) within the Division of Information Resources Management to coordinate all internal Year 2000 efforts, and appointed a Program Manager.

Q3. Does the Corporation have a Y2K project plan? If so, please summarize the plan.

MISS has developed a Year 2000 Project Plan that closely mirrors the U.S. General Accounting Office's (GAO) Year 2000 Assessment Guide. The Project Plan focuses on five phases: awareness, assessment, renovation, validation, and implementation. The plan also lists over 3,000 tasks that must be accomplished before the Year 2000, along with estimated start and completion dates to ensure timely implementation. The awareness, assessment, and renovation phases have been completed, and the Corporation is now fully engaged in validation and implementation.

Q4. When will all mission-critical FDIC computer systems become Year 2000-compliant?

The FDIC completed renovation of all systems by August 31, 1998. It will validate all systems by January 31, 1999, and implement them by March 31, 1999.

Q5. Has a third party reviewed the project plan?

Senior FDIC management have reviewed and approved the Corporate Year 2000 Project Plan, and GAO and the FDIC's Office of Inspector General have reviewed it.

Q6. Will the computer systems properly recognize February 29, 2000, and September 9, 1999?

When implementation of all renovated systems is complete, FDIC systems will accurately process all dates between now and year-end 1999, across the transition to the Year 2000, and well into the 21st century.

Q7. Has the Corporation contacted hardware and software manufacturers, security providers, and vendors of building components about Y2K? If so, what was the response?

Yes. To date, the FDIC has sent approximately 500 letters requesting Year 2000 compliance information on 1,800 products to vendors and manufacturers of commercial off-the-shelf software, mainframe computer software, data network hardware and software, voice network hardware and software, and building systems components. Responses to those letters are being analyzed. Purchased products that will still be in use after December 31, 1999, and that are not Year 2000-ready, will be replaced with compliant versions.

Q8. Is the FDIC using four-digit years?

Yes. The basic two approaches for correcting an application with a Year 2000 problem are the "expansion" approach and the "logic" approach. In most cases, the FDIC is using the expansion approach, which requires expanding all two-digit year fields to four-digit year fields, e.g.,YYYYMMDD for all data (current and historical), all interfaces, all data display (screens, reports), and all date routines. In other cases, the FDIC is using the logic approach (windowing). The logic approach ignores the expansion of date fields and requires coding of standard date routines in copy or callable modules, using a 100-year date window to represent the "century" (high-order two digits of the year) in performing calculations and sorting on two-digit years. The FDIC uses the logic approach in some applications that are vendor-provided and internally based for date processing.

Q9. Do senior management and oversight groups routinely monitor and receive reports on Y2K progress?

Yes. MISS publishes monthly Year 2000 Status Reports for distribution to FDIC senior managers, system developers, and other interested parties within the FDIC. The Corporation has also established a Year 2000 Oversight Committee comprised of the Deputy Directors of all FDIC offices and divisions, which is responsible for coordinating Year 2000 interagency working groups, contingency planning, a public information campaign, institution outreach and education, and reporting on the results of bank assessments and examinations. The internal Year 2000 project group reports to the Oversight Committee on a monthly basis and to the FDIC Board of Directors quarterly. The FDIC also provides quarterly reports on Year 2000 activities to the U.S. Congress.

Q10. Does the Corporation have contingency plans for its mission-critical applications?

Yes. The FDIC has prepared contingency plans for all mission-critical applications. The contingency plans closely parallel GAO's March 1998 guide Year 2000 Computing Crisis: Business Continuity and Contingency Planning Exposure Draft.

Q11. Identify external parties with whom you are working on the Y2K issues.

The FDIC is working with financial institutions, state regulatory agencies, federal financial institution regulators, and other government agencies to capitalize on lessons learned, share best practices, address data exchanges, and ensure a smooth business transition to the Year 2000.

Q12. How can we obtain more information about the FDIC's Year 2000 program?

Additional information and updates about the FDIC's internal Year 2000 program can be found on the FDIC's Internet site at /about/y2k/.