Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.

Upcoming Year 2000 Assessments and Revised WorkProgram

Information Technology / Cybersecurity
July 2, 1998

TO: CHIEF EXECUTIVE OFFICER
SUBJECT: Ongoing Year 2000 Readiness Supervisory Review Initiatives

The Federal Deposit Insurance Corporation (FDIC), in partnership with state banking authorities, completed its first round of on-site Year 2000 assessments on May 29, 1998. The first phase of the supervisory process focused primarily on the Year 2000 project management awareness and assessment phases. Most financial institutions, service providers and software vendors are now in the process of completing the renovation phase and initiating validation. Testing is considered the most critical phase of the Year 2000 project and, because of its importance, the FDIC will complete a second round of Year 2000 on-site reviews.

On-site assessments of service providers, software vendors and institutions with in-house programming will be completed by December 31, 1998. On-site assessments of serviced and turnkey institutions will be completed by March 31, 1999.

The on-site assessments may be conducted as part of a regularly scheduled Safety and Soundness or Information Systems examination, or as a separate visitation. Upon completion of the assessment, examiners will again categorize the organization's efforts as "Satisfactory," "Needs Improvement," or "Unsatisfactory." At the conclusion of the assessment, the examiner-in-charge will meet with the board of Directors, a committee thereof, or senior management representatives to discuss the assessment findings, as appropriate. The examiner will meet with a quorum of the board of Directors for institutions assessed as "Needs Improvement" or "Unsatisfactory."

Examiners may be contacting financial institutions, service providers and software vendors for a copy of their testing plans, which were to be completed by June 30, 1998. These testing plans will be used to assist in planning and scheduling reviews. Examiners may expedite pre-assessment planning by reviewing an institution's testing plans. However, the examiner will not serve as a consultant to these plans.

The FDIC will use supervisory actions for institutions assessed as less than satisfactory due to the criticality of testing and contingency planning to the success of Year 2000 projects. The FDIC intends to mandate supervisory action for virtually all institutions assessed less than satisfactory. In addition, the FDIC will consider a change in a component or composite rating if identified deficiencies so warrant. The FDIC will also consider the impact of Year 2000 readiness risk factors in the assignment of any insured financial institution's supervisory subgroup and when processing applications.

Revised Workprogram

The Federal Financial Institutions Examination Council's (FFIEC) Task Force on Supervision has issued the attached Year 2000 Workprogram Phase II for use during a second round of on-site Year 2000 assessments. The procedures are designed to focus on the adequacy of the institution's plans and processes for achieving Year 2000 readiness, with particular emphasis on the final phases of the Year 2000 project-testing and implementation-and on the institution's contingency plans.

The Workprogram is intended to assist the examiner:

  • Determine whether the institution has implemented an effective plan for testing Year 2000 renovated products and implementing Year 2000 compliant products into their production environment;
  • Assess the adequacy of the institution's Year 2000 contingency plans;
  • Determine if the institution is handling Year 2000 issues in a safe and sound manner; and
  • Identify whether corrective action may be necessary to assure an appropriate level of attention to Year 2000 readiness activities.

The FFIEC has previously issued Year 2000 guidance on the following topics: project management; business risk; due diligence concerning service provider and software vendor readiness; impact on customers; testing; customer awareness programs; and contingency planning. These papers should be reviewed to ensure compliance with the current guidance. Critical dates included in the testing and customer impact papers should be met. Each board of Directors should continue its close oversight of the financial institution's Year 2000 readiness efforts. The institution's management is encouraged to actively utilize the services of its internal audit process and external audit programs. A well-coordinated review and reporting process should substantially lessen the risk that problems will go undetected.

For more information, please contact your Division of Supervision regional office.

Nicholas J. Ketcha Jr.
Director
Attachments:

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).


FIL-72-98

Last Updated: July 2, 1998