Home > News & Events > Speeches and Testimony
Speeches and Testimony
ADDRESSING THE YEAR 2000 DATE CHANGE
COMMITTEE ON BANKING AND FINANCIAL SERVICES
Good morning Mr. Chairman and members of the Committee. I appreciate this opportunity to testify before you today on behalf of the Federal Deposit Insurance Corporation (FDIC) regarding the actions of the FDIC to address the Year 2000 date change. Because every bank and savings association is at risk, the scale of this problem is enormous. Although every business faces risk from the Year 2000 date change, banks and savings associations face generally greater risks. They carry out transactions that are highly dependent upon date-sensitive functions and they also participate in many date-sensitive transactions with other parties, both domestic and international. The Year 2000 date change presents complex technological difficulties that must be overcome by an unmovable deadline. At the FDIC, this is the number one safety and soundness priority.
Today I will discuss the roles of the FDIC and the industry in responding to the date change, highlight initiatives we have taken over the past year and summarize the results of the FDIC's first round of on-site assessments. I will also outline our supervisory focus during the second round of on-site Year 2000 assessments, discuss our supervisory concerns and the actions we will take. In addition, I will address liability issues that financial institutions face. Next, I will explain the issues we are analyzing in developing contingency plans if financial institutions experience temporary disruptions or failure due to problems caused by the millennium date change.
Finally, I will address the FDIC's efforts to prepare our internal systems.
ROLES OF THE FDIC AND THE INDUSTRY
Relative to the banking industry, the FDIC has three roles in addressing the Year 2000 date change. First, in our capacity as supervisor, our role is to oversee FDIC-supervised institutions' management of their Year 2000 projects, to identify potential shortcomings in advance and, if necessary, to take aggressive actions to induce institutions to take timely steps to prevent disruptions due to the date change. We will do everything in our power to accomplish these objectives.
Second, given our deposit insurance role, the FDIC has a unique responsibility to maintain public confidence in the financial system. This will become increasingly important as we move closer to the end of the millennium. Consumers have legitimate concerns about the impact of the Year 2000 date change on their banking relationships. We are responsible for reminding the public that their insured deposits are safe. We are committed to helping the public understand the substantial Year 2000 oversight efforts of the FDIC and other regulators, and to understand our obligation to take any needed supervisory or enforcement action.
A recent example highlighting our role in communicating with the public and maintaining public confidence was the FDIC's development, along with the other agencies of the Federal Financial Institutions Examination Council (FFIEC), of guidance on customer awareness programs that financial institutions must establish, and a brochure for consumers. The guidance suggests several components institutions should consider in establishing a program to respond to inquiries and communicate with customers on Year 2000 issues. The brochure, available in English and Spanish, outlines what the Year 2000 date change is and how it may affect financial institutions. It describes the actions the financial institutions and regulators are taking to address Year 2000 risks, provides suggestions for consumers to reduce their exposure to potential Year 2000 problems, and reminds consumers that deposit insurance will continue to apply. The FDIC and the banking industry have distributed more than five million copies of the brochure since June and we have received positive feedback both from the industry and consumers.
The FDIC's third role also relates to its deposit insurance responsibilities. In the event that institutions experience temporary disruptions or failures, we must stand ready to resolve failing and failed financial institutions. Given the unique circumstances that may accompany a technological failure (e.g., such as inaccurate or inaccessible data), we are developing contingency plans to enable us to fulfill our role as deposit insurer.
Because of the scope of the Year 2000 date change, the FDIC cannot guarantee that any of the over 10,000 banks and savings associations we insure will have absolutely no problems related to the Year 2000 date change. Nor can the FDIC and the other federal banking agencies -- Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS) and Federal Reserve -- disclose the Year 2000 assessment ratings of institutions due to current regulatory prohibitions. Our regulations prohibiting disclosure of examination results are designed to enable bank examiners and financial institution management to speak freely of any difficulties the institution may experience and to provide a chance for the institution to address these problems without causing a loss of public confidence.
Year 2000 assessment ratings do not constitute certification of a financial institution's Year 2000 readiness. They reflect an institution's progress in addressing Year 2000 issues at a certain point in time, and it is possible that the ratings could change over time as the institution moves through various phases of its Year 2000 project. The FDIC is concerned that if Year 2000 assessment ratings are made public, uninformed users of rating reports may place undue reliance on them or misinterpret them. Thus, just like other safety-and-soundness ratings, the FDIC has advised financial institutions not to disclose their Year 2000 assessment rating.
Instead, we are urging financial institutions to make meaningful disclosures to their customers regarding the status of their preparatory efforts.
Ultimately, achieving Year 2000 readiness is and must be the responsibility of each financial institution's directors and officers.
These individuals have a fiduciary duty in this regard and are in the best position to know their institution's operations, strategies, resources and exposure, as well as their customer concerns.
Over the past year, the FDIC and the banking industry have taken aggressive actions to address the Year 2000 date change. Along with the other financial institution regulators, our initiatives include issuing guidance to financial institutions, conducting assessments, training staff, performing outreach activities for bankers, vendors and consumers, and preparing contingency plans. With the other FFIEC agencies, we issued guidance to the industry on key Year 2000 topics including: Year 2000 project management, the business risk associated with the Year 2000 date change, vendor management, impact on customers, testing, customer awareness programs, contingency planning and fiduciary responsibilities.
In order to ensure that our examiners are prepared to conduct Year 2000 assessments we provided, and continue to update, specific Year 2000 training. In the fourth quarter of 1997 we trained approximately 1,400 FDIC examiners and 600 examiners from state banking departments.
We recently participated in an interagency effort to develop advanced training for the comprehensive and detailed examination procedures that will be used during the second round of assessments. Our examiners will complete this advanced training the last week in September, although many of our examiners have already been trained and are now conducting assessments. The examination procedures specifically address testing and contingency planning. We also have trained foreign bank supervisors and regulators from 25 countries.
The FDIC and the FFIEC developed an extensive nationwide outreach program for bankers with participation by banking industry trade organizations. Over the past six months, as part of this effort, we participated in over 100 one-day seminars with bankers, focusing primarily on regulatory expectations in the areas of testing and contingency planning. More than 9,000 bankers and vendors attended these sessions.
In addition to this outreach, the FDIC has taken every opportunity to speak directly with the banking industry and its service providers about the Year 2000 date change. For example, in the past year FDIC staff spoke at four vendor conferences arranged by the federal banking and thrift agencies and over 130 other conferences and meetings with bankers' associations and other interested parties, including speeches by myself and Vice Chairman Hove. We plan to continue this aggressive outreach in the remainder of 1998 and throughout 1999. I will continue to emphasize the importance of the Year 2000 date change and actions we are taking to mitigate Year 2000 risks in my speeches and press interviews. Similarly, FDIC staff will continue to speak out on the Year 2000 issue.
We are publishing a monthly Year 2000 newsletter to financial institutions. The newsletter highlights key dates for project milestones, discusses important current issues, and reminds bankers of regulatory expectations. Further, as discussed below, the FDIC is developing comprehensive contingency plans in the event that institutions do experience disruptions in operations due to the date change, as well as for handling potential failures that may occur.
Finally, the U.S. General Accounting Office and the FDIC's Office of Inspector General have had significant oversight of our Year 2000 efforts. We welcome the independent views that these organizations provide. In particular, our Office of Inspector General has provided continuous feedback to management on Year 2000 programs rather than waiting to complete a formal audit. This approach has worked well, enabling the FDIC to incorporate suggestions on a timely basis into both our internal and external Year 2000 programs.
RESULTS OF THE PHASE I ON-SITE ASSESSMENTS
By May 31, 1998, one month before the FFIEC target date of June 30, the FDIC, with assistance from state bank regulators, completed the first round of on-site assessments for the more than 6,000 institutions that we supervise. We also completed on-site assessments of all 146 data service providers and software vendors that we are responsible for examining. In these on-site assessments, designated "Phase I," we primarily focused on the progress of institutions in the initial three phases of the Year 2000 project management process created by the FFIEC: awareness, assessment and renovation.
Examiners focused on whether the board and senior management were actively involved in their institutions' Year 2000 projects, whether they were taking an enterprise-wide approach, and whether they understood regulatory expectations. Examiners also assessed whether institutions had properly identified the scope of the Year 2000 problem and the resources that would be required to address technical problems.
The federal banking agencies use three assessment categories to rate the readiness of financial institutions, service providers and software vendors at a particular point in time. However, ratings can change over time, depending upon an institution's remedial actions and the results of testing. The "Satisfactory" rating is assigned to financial institutions, service providers, and software vendors that exhibit acceptable performance in all key phases of the financial institution's Year 2000 project management process. The "Needs Improvement" rating indicates weaknesses considered correctable within the institution's existing project management framework. An "Unsatisfactory" rating indicates serious weaknesses that are not easily correctable within the existing project management framework.
Financial Institution Results
As of July 31, 1998, over 94 percent of FDIC-supervised institutions (or 5,678 of 6,019 banks) were rated "Satisfactory." Approximately 5 percent (318 institutions) were rated "Needs Improvement," and less than one-half of one percent (23 institutions) were rated "Unsatisfactory."
Year 2000 assessment ratings of FDIC-supervised institutions as of July 31, 1998
FDIC examiners continue to follow up on the initial assessments to monitor the progress of institutions. Under Phase I, examiners are reviewing the status of "Satisfactory" institutions every six months. Examiners are contacting institutions rated "Needs Improvement" and "Unsatisfactory" every three months to follow up on corrective efforts. Many of the problems found in Phase I assessments were corrected within 30-60 days.
Improvements to the FDIC's assessment ratings between the first and second quarters of 1998 show the effectiveness of our follow-up contacts and institutions' corrective actions. The assessment ratings for over 11 percent of institutions were upgraded, while only about one percent were downgraded. The following tables show changes to assessment ratings between the first and second quarters of 1998.
FDIC Year 2000 assessment rating upgrades between the first and second quarters of 1998
FDIC Year 2000 assessment rating downgrades between the first and second quarters of 1998
Because the FDIC insures deposits at all banks and savings associations, we also collect and review information from the other three federal banking regulators on the status of the financial institutions they supervise. The Phase I results of these agencies were similar to those of the FDIC. In the aggregate, of the 10,687 insured depository institutions assessed, more than 94 percent were rated "Satisfactory," about 5 percent were rated "Needs Improvement," and less than one-half of one percent were rated "Unsatisfactory."
Year 2000 assessment ratings of FDIC-insured institutions as of July 31, 1998
Service Provider and Software Vendor Results
The FDIC and other banking agencies also have completed their initial assessments of the major service providers and software vendors that provide data processing services or software to the banking industry.
These assessments are important because virtually all banks and savings associations rely on service providers and software vendors.
Of the 146 service providers and software vendors examined by the FDIC, 98 percent (143 companies) were rated "Satisfactory" and 2 percent (3 companies) were in the "Needs Improvement" category. No service providers or software vendors supervised by the FDIC are currently assessed as "Unsatisfactory."
Year 2000 assessment ratings for FDIC-examined Service providers and software vendors as of July 31, 1998
We have shared the results of service provider and software vendor reviews with their client financial institutions to enable them to make informed decisions. We also emphasized that these reviews show a company's progress at a particular point in time and the ratings could change over time based on the results of remediation and testing. The FDIC also encouraged financial institutions as part of their vendor due diligence efforts to join user groups to increase their leverage in communicating with service providers and software vendors about their Year 2000 status and as an avenue for sharing solutions to common problems.
In the aggregate, of the total 337 service providers and software vendors examined by the FFIEC agencies, more than 95 percent were assessed as "Satisfactory," approximately four percent as "Needs Improvement," and less than one percent as "Unsatisfactory." All of the banking agencies' examiners are calling or visiting service providers and software vendors, regardless of their rating, every three months to follow up on their progress. These companies have a critical role in helping financial institutions become Year 2000 ready.
Year 2000 assessment ratings for all FFIEC-examined service providers and software vendors as of July 31, 1998
The Phase I results show that financial institutions, and their service providers and software vendors, recognize the risk of the Year 2000 date change and are acting to address the issue. The FDIC has notified institutions that failure to appropriately address Year 2000 readiness problems will result in supervisory actions. These actions may include enforcement and corrective actions, denial of applications filed pursuant to the Federal Deposit Insurance Act, civil monetary penalties, and reductions in the management component or composite CAMELS ratings.
For those institutions that did not take satisfactory action during Phase I, the FDIC has moved to ensure that they take corrective action. In most cases, the deficiencies in the earlier stages of project management that were reviewed during Phase I could be corrected relatively easily and quickly, and the FDIC did not need to take formal enforcement action. As of July 31, 1998, the FDIC had 227 financial institutions adopt board resolutions A board resolution is adopted by a financial institution's directors, as suggested by the FDIC. The resolution outlines corrective actions that will be taken during a specified time period to address supervisory recommendations.
The FDIC does not publicly disclose a board resolution and it is not enforceable.
addressing deficiencies and specifying specific milestones for corrective action. Twenty-eight more institutions were in the process of adopting resolutions. The FDIC also had entered into 57 memoranda of understanding A Memorandum of Understanding is a written agreement between a financial institution and the FDIC that is used to reflect the bank's commitment to correct its problems within a specified time period. This action is stronger than a board resolution since it is a two-party agreement between the institution and the FDIC. A memorandum of understanding is not disclosed publicly and is not enforceable.
with institutions and was finalizing another eight. The FDIC instituted five formal enforcement actions. Formal enforcement actions include Cease and Desist Orders. The FDIC notifies the public when orders are final and they are enforceable. Thus, the FDIC completed a total of 289 corrective actions and had 36 pending.
FDIC Year 2000 supervisory corrective programs and enforcement actions Against financial institutions as of July 31, 1998
The FDIC also took action against seven service providers during Phase I. This action included three board resolutions, three Memoranda of Understanding, and one formal action.
FDIC Year 2000 supervisory corrective programs and enforcement actions Against service providers as of July 31, 1998
To assure the Year 2000 risks that banks and savings associations pose to the insurance funds are adequately captured in the FDIC's risk-related deposit insurance premium system, we review our supervisory risk classifications to ensure that they reflect Year 2000 risk. The FDIC uses these supervisory risk classifications to calculate deposit insurance premiums on a semi-annual basis. The FDIC has contacted the other banking agencies as well, to ensure that they consider Year 2000 risk when they assess an institution's supervisory risk for deposit insurance premiums. Factoring Year 2000 risk into the calculation of an institution's risk rating can increase its insurance assessment.
PHASE II ON-SITE ASSESSMENTS
Financial institutions, service providers and software vendors are now in the most critical phase of their Year 2000 project management efforts -- the testing (or validation) phase. The results of testing will provide the clearest indication of the risks of disruption or failure of mission critical systems. The FDIC has developed a comprehensive plan to assess the readiness of financial institutions and their service providers. By December 31, 1998, the FDIC will complete assessments of the testing progress of service providers and larger software vendors, as well as financial institutions with in-house programming. By March 31, 1999, the FDIC will complete assessments of the testing progress of serviced institutions and institutions relying on vendor software ("turnkey" institutions).
The FDIC and FFIEC developed a Phase II Examination Work Program to provide detailed instructions to examiners in conducting the assessment. The work program is designed to provide a risk-focused review of each institution's continuing efforts toward achieving Year 2000 readiness, with special attention on testing plans, testing process results, and contingency plans. The FDIC has completed advanced training in the use of the work program for most of the examiners who will be performing the Phase II examinations. These examinations are currently underway.
Because testing and contingency planning are critical in mitigating technological risk, we have intensified the frequency of our contacts with FDIC-supervised institutions and the service providers and software vendors we examine. Under Phase II, FDIC examiners are either telephoning or visiting institutions with a "Satisfactory" assessment rating every three months. For every institution rated less than satisfactory, examiners are going on site every three months to monitor progress. Service providers and software vendors are contacted every three months, regardless of their rating. If circumstances warrant, we will contact institutions, service providers and software vendors more frequently, as we have done in the past.
As noted above, deficiencies in the early stages of project management were easily and quickly addressed. In the future, as we move into the testing phase, deficiencies may not be so easily or quickly corrected. Accordingly, the FDIC will take much stronger supervisory and enforcement action during Phase II. We will aggressively confront institutions when they fail to correct Year 2000 deficiencies.
During Phase II, we have mandated that our supervisory staff take action at virtually every institution assessed as less than satisfactory. Specifically, for institutions assessed as "Needs Improvement," the FDIC will pursue corrective action in the form of board resolutions or memoranda of understanding. For institutions assessed as "Unsatisfactory," the FDIC will pursue supervisory or enforcement actions based on the institution's lack of compliance with outstanding guidance. The FDIC has prepared standard language for corrective programs to enable us to process such actions quickly.
The FDIC cannot guarantee that institutions will be free from Year 2000 related disruptions. In part, this is because neither the FDIC nor the other bank regulators can replicate the test results of financial institutions or service providers and software vendors. Even if examiners were to replicate testing results, they could not guarantee that an institution would not experience Year 2000 disruptions due to factors beyond an institution's control. However, examiners review the plans, process and testing results at institutions. The work program that examiners are using to assess an institution's readiness poses comprehensive and detailed questions regarding a financial institution's actions, and institutions must provide documentation supporting their actions. The FDIC's Office of Inspector General has reviewed the work program and believes it will meet the objective of assessing whether a financial institution is on track for achieving Year 2000 readiness.
Based on the comprehensive and detailed work program in use for Phase II, as well as our examiners' experience and intensive training, we are confident that examiners will be able to assess the status of a financial institution's Year 2000 project at the time of the review.
Our follow up contact will enable us to monitor additional developments and whether institutions have taken corrective action, if required.
ADDITIONAL SUPERVISORY CONCERNS TO BE ADDRESSED DURING PHASE II
During Phase II, in addition to assessing banks' readiness as to the risk of disruption or failure of mission critical systems, the FDIC plans to examine financial institutions' progress in addressing three additional kinds of risk: credit risk, infrastructure risk, and interconnectivity risk.
With respect to credit risk, the FFIEC guidance required financial institutions to implement by June 30, 1998, a due diligence process that identified, assessed and established controls for Year 2000 risk posed by customers, including depositors, borrowers and capital markets or asset management counterparties. By the end of this month, banks and savings associations are to have substantially completed an assessment of their individual customers' Year 2000 preparedness and any effect of customers' risks on the institution. During Phase II, examiners will monitor compliance in this area and take corrective action if necessary.
Many bankers are concerned that even if they mitigate technological and business risks at their institutions, they may still face difficulties after January 1, 2000, due to possible problems with infrastructure providers, including telecommunications and energy providers and the transportation network. In many cases, bankers have reported an inability to obtain objective, detailed information on or commitments from large infrastructure providers.
Banking regulators cannot directly mitigate infrastructure risks but they can ensure that financial institutions are monitoring the status of their infrastructure providers. We have encouraged bankers to work through user groups or trade groups to apply pressure to infrastructure providers not forthcoming with information on their Year 2000 project plans and status. We have received some reports that this approach is working. We also have asked energy companies to make presentations at our outreach seminars. In addition, financial institutions are required to have business resumption plans in place that would be invoked by infrastructure interruptions caused by the Year 2000 date change. Through our participation in the Financial Institutions Sector Group of the President's Council on Year 2000 Conversion, the FDIC should be able to obtain useful information on the readiness of various infrastructure sectors. The Conversion Council will make this information public on an ongoing basis.
Interconnectivity risks arise from external systems that interact with a financial institution's internal systems, such as interactions that come from correspondent banking relationships, capital markets activities, payment systems providers and international business relationships. Interconnectivity risks are primarily technological in nature.
To mitigate interconnectivity risks, the FFIEC guidance states that institutions should test with their external business partners. The guidance states that external testing with material third parties should begin no later than March 31, 1999 and by June 30, 1999, institutions should have completed this testing and implementation should be substantially complete. During Phase II assessments, examiners will determine if institutions are testing external system interfaces. Upon completion of Phase II on March 31, 1999, the FDIC and other banking agencies should have a better understanding of the interconnectivity risks in the banking industry. We will continue to contact bankers on a quarterly basis throughout 1999 to further assess this risk.
As noted above, the FDIC has heard informally from bankers that some infrastructure providers, such as local utility companies or voice and data communication providers, have not been willing to share objective, detailed information on their Year 2000 readiness. The FDIC is concerned about the responsiveness of these parties and supports disclosure as an important means of facilitating everyone's Year 2000 readiness.
To the extent that infrastructure providers are not sharing Year 2000 readiness information because of concerns regarding potential civil liability, the President's initiative, embodied in H.R. 4355 and S. 2392, appears to be aimed at allaying some of those concerns, as it would provide limited liability protection for some claims. Such legislation may, as a result, encourage greater and more timely disclosure of information related to Year 2000 readiness and enhance the ability of public and private entities, including financial institutions, to improve their Year 2000 readiness. Importantly, from our perspective, this legislation preserves the authority of federal and state government entities in their regulatory, supervisory, or enforcement capacities and would not limit liability in those cases.
Another issue that has been raised in the Year 2000 context is whether additional legislation is necessary with regard to professional liability. Under current law, directors and officers of financial institutions could face potential liability if they fail to take appropriate action to address Year 2000 problems. Shareholders likely would file suit against the board of directors if an institution failed to become Year 2000 ready. Such suits, brought either individually or derivatively on behalf of the institution, would allege breach of the state law duty of care. The parameters of that duty will vary from state to state.
We have placed financial institution directors and officers on notice of their responsibilities for addressing Year 2000 issues, and our examinations indicate that almost all institutions are taking appropriate action. Although directors' and officers' diligence will not prevent all lawsuits from shareholders, it is ultimately the best defense against liability. The FDIC and the other banking agencies have provided extensive guidance on what must be done to address the range of potential Year 2000 issues.
If an institution fails as a result of not becoming ready for the Year 2000 date change, the FDIC will review carefully the activities of directors and officers to determine whether they are accountable for the losses suffered by the institution. Litigation would be undertaken only after careful review by staff and approval by the FDIC Board of Directors.
FDIC CONTINGENCY PLANNING
Through comprehensive supervisory programs, the FDIC and the other federal banking regulators are taking steps to prevent disruption or failure of a financial institution due to the millennium date change. Because institutions may nevertheless experience technological or other disruptions due to Year 2000 problems, the FDIC is preparing contingency plans to address such key issues as liquidity and resolutions strategies.
For many bankers, the risk of liquidity problems is the greatest concern. Even if a financial institution is technologically ready for the Year 2000, liquidity problems could occur if customers lack confidence in the banking industry and withdraw large amounts of cash. We are working with the Federal Reserve, the lead agency on this issue, and the other agencies to use a common approach in evaluating regulatory strategies to ensure that financial institutions have an ample amount of cash on hand or readily available. In addition, we are undertaking initiatives such as our consumer brochure to promote public confidence by informing the public about what is being done to mitigate Year 2000 risks that could affect their banking relationship with their financial institution.
The FDIC's contingency planning also includes efforts to estimate potential losses to the insurance funds as a result of technological failures and to identify banks that are actually experiencing disruptions. Estimating potential losses from the Year 2000 date change is difficult due to the lack of historical experience with this type of problem, the dynamic nature of Year 2000 assessment ratings, and the uncertainty regarding the nature and cost of any failures.
A financially sound institution may experience technological or other disruptions that are only temporary or so severe as to cause an institution to fail. The vast majority of financial institutions are well-capitalized and operating under prudent management and the regulators want to avoid having to unnecessarily close a potentially viable institution. Thus, together with the other banking regulators, we are reviewing technical and legal issues to help differentiate between temporary problems and technological failures and determine appropriate regulatory responses. We are formulating possible scenarios that may require FDIC intervention and coordinating with state authorities and other federal agencies to assure appropriate resources are brought to bear to maximize the chances for resolution of Year 2000 issues without requiring financial assistance from the FDIC.
Even if no failures are predicted, the FDIC must be prepared in the event they do occur. Thus, we have identified a range of scenarios to test our planning and enable us to assess our resources and ability to respond. Institutions historically have failed due to insufficient capital rather than technological problems. Our planning addresses unique situations that could occur due to the Year 2000 date change.
For example, the FDIC may have to recreate files and validate information systems before the resolution process can proceed. We are studying options for financial institutions to back up and retain data.
Specifically, the FDIC is reviewing how the Year 2000 date change affects our resolutions strategies should an institution experience technological failure. While some failures might be readily identified with reasonable lead time, it is possible that an institution could fail without warning signs in early January 2000.
External factors beyond the control of the institution or the regulators could be the cause of such a failure. In that case, the FDIC would need to arrange a resolution transaction quickly, even though the data needed to structure the transaction could be inaccurate or inaccessible due to technological disruptions. We are identifying the concerns that potential buyers might have in acquiring a Year 2000 failing or failed institution and are considering possible resolution transaction structures that would address potential acquirer concerns and would be cost effective.
Also, we are exploring options for staffing a range of failure scenarios, assessing the skills of supplemental staff that may be needed, and developing training programs to ensure that staff are prepared to respond. For example, we will be training additional claims agents to respond to unique circumstances in paying depositors under a Year 2000 failure scenario. In addition, we are developing procedures to handle a failed financial institution's assets and to process loan payments from borrowers in the event an institution is placed into receivership due to Year 2000 problems. We are confident that our supervisory strategy will mitigate Year 2000 risks to institutions, but we will be ready in the event disruptions occur.
The FDIC continues to review whether legislation is needed to address Year 2000 issues. At this time, we have not identified a need for legislative changes to implement the contingency options we are reviewing. If we determine that legislative changes would be useful, we will immediately notify the Committee of this need. We appreciate the support of the Committee in this regard.
STATUS OF THE FDIC's INTERNAL EFFORTS
The FDIC is on schedule to complete preparation of all of its internal systems --both mission critical and non-mission critical -- in time for the Year 2000 date change. We are adhering the timeframes established in guidance from the Office of Management and Budget (OMB) and the General Accounting Office for the five stages of Year 2000 project management: awareness, assessment, renovation, validation and implementation. We have completed the first three phases -- awareness, assessment, and renovation. We completed the renovation phase at the end of August in accordance with the OMB schedule. The FDIC is on schedule to continue to meet the other timeframes in the guidance.
The FDIC has a total of 39 mission critical systems. Of these, 10 systems are Year 2000 ready and have been fully tested and implemented. Of the remaining 29 systems, 24 mission critical systems have been renovated and 5 mission critical systems are being replaced.
Testing on renovated systems will be completed by January 31, 1999 and implementation will be completed by March 31, 1999.
About 380 of our information technology systems are currently scheduled to continue beyond January 1, 2000. Of these 380 systems, 101 (28 percent) are Year 2000 ready and have been tested and implemented. Seventy-five systems (19 percent) are currently being tested. The remaining 204 systems (53 percent) have been renovated and are awaiting testing. Test plans are being developed for each application and testing is scheduled to occur between now and January 1999. Testing will be completed by January 31, 1999 and the implementation of systems will be completed by the end of March 1999.
The FDIC has over 1,800 purchased products supporting its operations, including commercial off-the-shelf software, mainframe operating systems and associated software, and vendor provided hardware components, including personal computers and telephones. We contacted vendors and requested Year 2000 readiness information on each of these 1,800 products. We have responses from many of these vendors and are validating the information. In addition, we have identified upgrades that are necessary for our telephone equipment to be Year 2000 ready, and will complete the upgrades this year. We also have identified personal computers and other equipment, such as facsimile machines, that are not currently Year 2000 ready. We plan to replace this equipment in 1998 and 1999 and these efforts are on schedule.
We believe that our strong project management efforts will enable us to continue business as usual after January 1, 2000. Nonetheless, as recommended by the U.S. General Accounting Office and the FDIC's Office of Inspector General, the FDIC is preparing a business continuity plan outlining how the agency would resume normal business operations for each of the FDIC's core business processes in the event that unforeseen Year 2000 problems cause disruptions. We also have developed contingency plans for each of our mission critical systems to ensure continuity of core business processes.
The FDIC has a rigorous, centralized Year 2000 project for its internal systems. We believe our comprehensive approach will result in a smooth transition of our automated systems in the Year 2000.
The Year 2000 date change is the highest safety and soundness priority for the FDIC. We have been diligently providing guidance to institutions on mitigating Year 2000 risks and examining institutions to determine their compliance with the guidance and overall state of readiness. We have directed all necessary human and financial resources to ensure that we effectively address the Year 2000 date change. In dealing with the results of supervisory reviews, the FDIC has followed up with supervisory or enforcement action where needed.
The results of the first round of assessments are encouraging, but the nature and scope of Year 2000 challenges will not be evident until we finish our assessments of the critical work that institutions must still complete -- testing, implementation and contingency planning -- to mitigate Year 2000 risks.
The FDIC is now beginning a second phase of on-site assessments of FDIC-supervised institutions and certain service providers and software vendors, primarily to assess testing, implementation and contingency planning. The FDIC will take aggressive supervisory and enforcement action against institutions that fail to meet regulatory guidance and expectations. We are developing comprehensive contingency plans in the event that institutions experience temporary disruptions or do not become Year 2000 ready. Finally, the FDIC is on schedule to complete its efforts for internal Year 2000 readiness.
Last Updated 06/25/1999