Year 2000 Testing Guidance

Information Technology / Cybersecurity

April 10, 1998

TO:	CHIEF EXECUTIVE OFFICER
SUBJECT:	Interagency Guidance on Testing for Year 2000 Readiness

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance for the industry on Year 2000 readiness testing. The statement supplements the FFIEC's statement "Year 2000 Project Management Awareness," issued May 5, 1997.

The interagency statement emphasizes the critical nature of the validation phase, particularly for an institution's mission-critical systems. Financial institutions should develop and implement written testing strategies and testing plans for both internal systems and interfaces with external systems. The FDIC expects financial institutions to meet the following key milestones in the Year 2000 testing process:

June 30, 1998	Institutions should complete the development of their written testing strategies and plans.
September 1, 1998	Institutions processing in-house and service providers should have commenced testing of internal mission-critical systems, including those programmed in-house and those purchased from software vendors.
December 31, 1998	Testing of internal mission-critical systems should be substantially complete. Service providers should be ready to test with customers.
March 31, 1999	Testing by institutions relying on service providers for mission-critical systems should be substantially complete. External testing with material other third parties (customers, other financial institutions, business partners,payment system providers, etc.) should have begun.
June 30, 1999	Testing of mission-critical systems should be complete and implementation should be substantially complete.

All financial institutions, including those that use software supplied by vendors or receive services from service providers, will be responsible for ensuring that systems operate correctly in their own environment. Serviced financial institutions that rely on proxy testing are cautioned to comprehensively assess the reliability of their servicers' testing strategies, plans and results to ensure that applications and interfaces, especially those that are unique to an institution, are appropriately tested.

Previous guidance has emphasized the importance of user groups in the monitoring and testing stages of a Year 2000 readiness plan. User groups can be an effective forum for exchanging ideas and information on testing.

While the FFIEC agencies will conduct focused Year 2000 readiness reviews of service providers and certain software vendors, the agencies will not certify the testing strategies, plans or results of these parties.

The FDIC and state banking authorities will continue to review the efforts of all FDIC-supervised banks to become Year 2000 ready. An institution's failure to appropriately address Year 2000 readiness problems may result in supervisory actions, including formal and informal enforcement actions, denials of applications filed pursuant to the Federal Deposit Insurance Act, civil money penalties, and reductions in the institution's management component or composite ratings.

The attached interagency statement and related information on Year 2000 issues are available on the Internet via the World Wide Web at /news/financial-institution-letters/ or http://www.ffiec.gov .

The FFIEC will issue additional guidance on contingency planning in the near future. For further information, please contact your Division of Supervision Regional Office.

	Nicholas J. Ketcha Jr.
	Director

Attachment: FFIEC Interagency Statement: Guidance Concerning Testing for Year 2000 Readiness

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, N.W., Room 100, Washington, D.C. 20434 (800-276-6003 or (703) 562-2200).

FIL-38-98

About

Resources

Analysis

News

Year 2000 Testing Guidance