TO: |
CHIEF EXECUTIVE OFFICER |
SUBJECT: |
Ongoing Year 2000 Readiness Supervisory Review Initiatives |
The Federal Deposit Insurance Corporation (FDIC), in partnership with state banking authorities, completed its first round of on-site Year 2000 assessments on May 29, 1998. The first phase of the supervisory process focused primarily on the Year 2000 project management awareness and assessment phases. Most financial institutions, service providers and software vendors are now in the process of completing the renovation phase and initiating validation. Testing is considered the most critical phase of the Year 2000 project and, because of its importance, the FDIC will complete a second round of Year 2000 on-site reviews.
On-site assessments of service providers, software vendors and institutions with in-house programming will be completed by December 31, 1998. On-site assessments of serviced and turnkey institutions will be completed by March 31, 1999.
The on-site assessments may be conducted as part of a regularly scheduled Safety and Soundness or Information Systems examination, or as a separate visitation. Upon completion of the assessment, examiners will again categorize the organization's efforts as "Satisfactory," "Needs Improvement," or "Unsatisfactory." At the conclusion of the assessment, the examiner-in-charge will meet with the board of Directors, a committee thereof, or senior management representatives to discuss the assessment findings, as appropriate. The examiner will meet with a quorum of the board of Directors for institutions assessed as "Needs Improvement" or "Unsatisfactory."
Examiners may be contacting financial institutions, service providers and software vendors for a copy of their testing plans, which were to be completed by June 30, 1998. These testing plans will be used to assist in planning and scheduling reviews. Examiners may expedite pre-assessment planning by reviewing an institution's testing plans. However, the examiner will not serve as a consultant to these plans.
The FDIC will use supervisory actions for institutions assessed as less than satisfactory due to the criticality of testing and contingency planning to the success of Year 2000 projects. The FDIC intends to mandate supervisory action for virtually all institutions assessed less than satisfactory. In addition, the FDIC will consider a change in a component or composite rating if identified deficiencies so warrant. The FDIC will also consider the impact of Year 2000 readiness risk factors in the assignment of any insured financial institution's supervisory subgroup and when processing applications.
Revised Workprogram
The Federal Financial Institutions Examination Council's (FFIEC) Task Force on Supervision has issued the attached Year 2000 Workprogram Phase II for use during a second round of on-site Year 2000 assessments. The procedures are designed to focus on the adequacy of the institution's plans and processes for achieving Year 2000 readiness, with particular emphasis on the final phases of the Year 2000 project-testing and implementation-and on the institution's contingency plans.
The Workprogram is intended to assist the examiner:
- Determine whether the institution has implemented an effective plan for testing Year 2000 renovated products and implementing Year 2000 compliant products into their production environment;
- Assess the adequacy of the institution's Year 2000 contingency plans;
- Determine if the institution is handling Year 2000 issues in a safe and sound manner; and
- Identify whether corrective action may
be necessary to assure an appropriate level of attention to Year
2000 readiness activities.
The FFIEC has previously issued Year 2000 guidance on the following topics: project management; business risk; due diligence concerning service provider and software vendor readiness; impact on customers; testing; customer awareness programs; and contingency planning. These papers should be reviewed to ensure compliance with the current guidance. Critical dates included in the testing and customer impact papers should be met. Each board of Directors should continue its close oversight of the financial institution's Year 2000 readiness efforts. The institution's management is encouraged to actively utilize the services of its internal audit process and external audit programs. A well-coordinated review and reporting process should substantially lessen the risk that problems will go undetected.
For more information, please contact your Division of Supervision regional office.
|
Nicholas J. Ketcha Jr. |
|
Director |
Attachments:
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial
institution letters may be obtained through the FDIC's Public
Information Center, 801 17th Street, NW, Room 100, Washington, DC
20434 (800-276-6003 or (703) 562-2200). |