Interagency Guidance on Common Questions About FFIEC Year 2000 Policy
The Federal Financial Institutions Examination Council (FFIEC) has issued the attached statement to supplement previously issued interagency statements on Year 2000 readiness. The guidance addresses frequently asked questions about material in those statements.
The statement focuses on requests for further clarification of the April 1998 interagency statement "Guidance Concerning Testing for Year 2000 Readiness." The answers provided are intended to address testing issues in general terms. Institution-specific queries should be directed to your Federal Deposit Insurance Corporation (FDIC) Division of Supervision Regional Office.
The FDIC considers the testing phase the most critical stage of the Year 2000 project management process. Failure to properly identify and correct remediation errors and omissions could affect the viability of a financial institution. The FDIC acknowledges that each financial institution is unique and that the institution's management is in the best position to judge what testing strategies and plans are appropriate. This decision should be made after considering the size of the institution, the complexity of its operation, and an acceptable level of business risk exposure.
The FDIC expects each financial institution to meet the following key milestones in the Year 2000 testing process by the date indicated:
June 30, 1998
should have completed the development of their written testing strategies
and plans. These plans should be made available to supervisory authorities
processing in-house and service providers should have commenced testing
of internal mission-critical systems, including those programmed in-house
and those purchased from software vendors.
Testing of internal
mission-critical systems should be substantially complete. Service
providers should be ready to test with customers.
March 31, 1999
Testing by institutions
relying on service providers for mission-critical systems should be
substantially complete. External testing with material other third
parties (customers, other financial institutions, business partners,
payment system providers, etc.) should have begun.
June 30, 1999
Testing of mission-critical
systems should be complete and implementation should be substantially
In addition, your institution's activities regarding customer risk are subject to the following deadlines:
June 30, 1998
Develop an evaluation
process designed to identify material customers and assess and control
the Year 2000-related risks associated with funds providers, funds
takers, and capital market/asset management counterparties.
process of an institution's customers should be substantially complete.
Other topics addressed in the question and answer statement include data processing system or service provider conversions, external review of the project management process, infrastructure risk involving telecommunications and power suppliers, service provider and software vendor assessments, and contingency planning. Institutions should refer to the seven previously issued FFIEC Interagency Statements addressing Year 2000 readiness for a comprehensive discussion of these topics.
Management is encouraged to actively utilize the services of its internal audit process and external audit programs. A well-coordinated review and reporting process should substantially lessen the risk that problems will go undetected.
The FDIC and state banking authorities will continue to review the efforts of all FDIC-supervised banks to become Year 2000 ready. An institution's failure to appropriately address Year 2000 readiness problems may result in supervisory action, including formal and informal enforcement actions, denials of applications filed pursuant to the Federal Deposit Insurance Act, civil money penalties, reductions in the institution's management component or composite ratings, and increased risk-related premiums.
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial
institution letters may be obtained through the FDIC's Public
Information Center, 801 17th Street, NW, Room 100, Washington, DC
20434 (800-276-6003 or (703) 562-2200).