Interagency Guidance on Institution Due Diligence Concerning Service Provider and Software Vendor Year 2000 Readiness, and Year 2000 Impact on Customers
The Federal Financial Institutions Examination Council (FFIEC) has issued the attached statements to provide guidance to the industry on the risks associated with Year 2000 readiness for a financial institution's service providers and software vendors, as well as for its customers. The statements supplement the FFIEC's statement "Year 2000 Project Management Awareness," issued May 5, 1997.
The interagency statement on "Guidance Concerning Institution Due Diligence in Connection with Service Provider and Software Vendor Year 2000 Readiness" clarifies the importance of developing and executing a due-diligence process for each mission-critical service and product supplied by service providers or software vendors. This process should enable an institution's management to identify the obligations of the institution and its service providers and software vendors, to establish an effective monitoring program of the renovation phase, to establish a process for testing the renovated products and services, and to adopt contingency plans in the event of information systems disruptions. The statement emphasizes the importance of user groups in the monitoring and testing stages of a Year 2000 readiness plan. Additionally, where institutions engage the same service providers or software vendors, they should consider joining forces to enlist third parties to assess the Year 2000 readiness progress of these service providers and software vendors.
The interagency statement on "Guidance Concerning the Year 2000 Impact on Customers" provides guidance that should enable a financial institution's management to effectively assess the Year 2000 readiness of the institution's fund takers, fund providers, and capital markets/asset management counter parties. The statement further provides guidelines for controlling both general and specific risks related to an institution's customers.
The FDIC and state banking authorities will continue to review the efforts of all FDIC-supervised banks to become Year 2000 ready. An institution's failure to appropriately address Year 2000 readiness problems may result in supervisory actions, including formal and informal enforcement actions, denials of applications filed pursuant to the Federal Deposit Insurance Act, civil money penalties, and reductions in the institution's management component or composite ratings.
The attached interagency statements and related information on Year 2000 issues are available on the Internet via the World Wide Web at /banknews/fils or http://www.ffiec.gov.
The FFIEC will make additional guidance on testing and contingency planning available over the next few months.
For further information, please contact your Division of Supervision Regional Office.
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial
institution letters may be obtained through the FDIC's Public
Information Center, 801 17th Street, N.W., Room 100, Washington,
D.C. 20434 (800-276-6003 or (703) 562-2200).