SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
PREPARING FOR THE YEAR 2000:
FINANCIAL INSTITUTIONS, CUSTOMERS, TELECOMMUNICATIONS, AND POWER INDUSTRIES
THURSDAY, SEPTEMBER 17, 1998
U.S. House of Representatives,
Committee on Banking and Financial Services,
Washington, DC.
The committee met, pursuant to call, at 10 a.m., in room 2128, Rayburn House Office Building, Hon. James A. Leach, [chairman of the committee], presiding.
Present: Chairman Leach; Representatives Roukema, Metcalf, Fox, Kelly, and Velazquez.
Chairman LEACH. The hearing will come to order. As the committee convenes today for its final Year 2000 oversight hearing of the 105th Congress, it is clear that the American people are waking up to the potential impact of the Year 2000 computer problem in their daily lives.
In the United States banking sector, which is the focus of our hearing today, millions of Americans depend as never before on technology-intensive financial services. They are accustomed to timely access to their direct deposit paychecks and Social Security benefits. They use credit and debit cards for billions of dollars of commercial transactions each year, and most of us have long forgotten the days before we had easy, 24-hour access to cash through ATMs.
Page 2 PREV PAGE TOP OF DOC
Unfortunately, our Y2K vulnerabilities are in direct proportion to our dependence on the convenience and reliability of 20th Century technology. If banks fail to fix the Year 2000 bugs in that technology, we may find ourselves back to 1950's style banking practices.
Fortunately, thanks to the diligent efforts of our regulators and the vast majority of the 22,000 institutions they supervise, the domestic banking and financial services sector is considered to be among the best prepared for the Year 2000.
The most recent Year 2000 quarterly reports from the five Federal agencies show a very high percentage of satisfactory ratings after the first round of Year 2000 bank exams. This is good news. Nevertheless, we should temper our confidence with a heavy dose of reality. There are major challenges ahead for this industry, like any other. Most of the Year 2000 testing at institutions, both in-house as well as externally, with service providers, payment systems, and other banks, has yet to occur.
Banks are still assessing their exposure to the credit risks posed by major borrowers who may experience business failure and loan default because they are not Year 2000 compliant. The threat of litigation hangs over the heads of financial institutions and their customers which fear that despite reasonable efforts, some Year 2000 glitch might still occur.
Banks are reporting difficulty in obtaining Year 2000 status reports from local telephone and power companies, both of which are critical to the uninterrupted delivery of financial services. And, of course, as amply demonstrated at our June hearing, any financial institution in this country which maintains branch operations overseas or which relies heavily on international business partners, faces particularly daunting challenges.
Page 3 PREV PAGE TOP OF DOC
The regulators face other pressing demands. They too must finish internal Year 2000 testing and implementation of mission-critical systems. They must ensure adequate levels of expert staff capable of handling the next more technically complex round of Year 2000 bank exams, and they must have adequate resources for and test contingency plans to address potential systemic risks to the Nation's banking system.
Before closing, let me say that Congress has and will continue to work with the Administration on legislation or other initiatives to address the Year 2000 issues facing the public and private sector. In this regard, I understand that a successful compromise has been reached on the Administration's Year 2000 Information Disclosure Act which will waive liability for good faith Year 2000 disclosures by businesses and other entities.
As a cosponsor of that bill, along with the distinguished Ranking Minority Member, I am pleased with the exemplary bipartisan cooperation that has occurred over the last couple of weeks, and hope that Congress will move expeditiously to pass this measure.
At this time I would like to turn to John LaFalce.
Mr. LAFALCE. Thank you very much, Mr. Chairman. I too am very pleased with our committee's bipartisan efforts on this issue.
Review of the testimony and the many documents which underlie it suggest that substantial progress is being made toward avoiding a Y2K calamity, at least for banks, savings and loans, and credit unions.
Page 4 PREV PAGE TOP OF DOC
One purpose of today's hearing is to probe whether the power and telecommunications industries are making similar progress. There has to be adequate infrastructure support to transact business at the various deadlines which must be met to maintain normalcy. The computers might be in good shape, but will do very little without adequate power and telephone lines.
There are developments in the other congressional chamber, which I should note very favorably for the record, and which may assist all the millions of individuals and firms who face a Y2K problem including, of course, those who appear today.
Yesterday at a joint Republican-Democrat news conference, Chairman Hatch and his Ranking Minority Member, Senator Leahy of the Judiciary Committee, announced they will mark up and report S. 2392, the Year 2000 Information and Readiness Disclosure Act, and report it to the Floor today.
The House companion is H.R. 4355 which Chairman Leach and I joined in cosponsoring with 25 other Members of the House. The purpose of our bills is to help break the silence and encourage full disclosure and exchange of Year 2000 computer problems, solutions, test results, and general readiness. The bill also provides limited liability protection for a limited time for the sharing of specific types of Year 2000 information which is considered essential to correcting or avoiding the problem.
What the bill does not do is provide liability protection for failures that may arise from Year 2000 problems. As Senator Leahy noted yesterday, the legislation, which would include a manager's amendment reflecting the efforts of many industry and consumer groups to iron out differences, now enjoys rather broad support. A letter of such support has been signed by various telecommunications firms, public utilities, manufacturers, auditors, hardware, software, and information technology industries.
Page 5 PREV PAGE TOP OF DOC
Due to the effective and broad nature of compromises reached in the manager's amendment, passage might occur swiftly. While that cannot be guaranteed, it has now become most likely, and given Senate action, the ball will be in our court.
Exactly how adoption here can be arranged is uncertain, but a broad consensus is emerging that this legislation can become law before suspension of legislative activities, and we might be able to do it on the suspension calendar. The Administration is consulting with the Chairman and Ranking Democratic Member of the House Judiciary Committee and the House leadership regarding how to accomplish enactment. I would hope that the House Judiciary Committee, despite its other heavy workload, would realize the paramount importance of dealing with the Year 2000 problem.
The benefits of this consensus measure are sometimes hidden, since few understand how quickly the Internet can be used to post and trade information that is vital to Y2K corrections. This will involve not only fixes to software defects but the vexing problem of developing catalogs of faulty hardware chips. There are millions of these which will require replacement all over the Nation. I think the bill is the predicate to being able to help spot and fix them.
Many professional organizations, such as the Institute for Electronics and Electrical Engineers, the members of which represent the most sophisticated of computer specialists, stand ready to open the needed Internet sites as soon as the legislation is signed. Anticipating and addressing the Y2K problem has become a national cause, I am very happy to say, and if the spirit of bipartisan cooperation and effort can hold up—and I think it can and will—we will deal effectively with this threatening phenomenon.
Page 6 PREV PAGE TOP OF DOC
So I welcome today's witnesses and again express my appreciation for the work of many of them, not only for your presentations today but also for your participation in bringing the Year 2000 Information and Readiness Disclosure Act within striking distance of becoming law.
I thank the Chairman.
Chairman LEACH. Thank you, John.
Mrs. Roukema.
Mrs. ROUKEMA. Yes, Mr. Chairman. I simply ask unanimous consent to put the text of my remarks in the record.
Chairman LEACH. Without objection, so ordered.
Mrs. ROUKEMA. I will use this opportunity to acknowledge that you and the Ranking Member have more than adequately outlined the problems before us and the need for these ongoing series of hearings on this problem. It is especially well timed, given the knowledge that we now have of the Hatch and Leahy markup on the Senate side and the bipartisan nature of the work that they are doing.
I will continue to monitor these programs and, of course, work cooperatively with everyone to see that something is done this year. However, it is still unknown whether or not the questions of the litigation-related issues are being dealt with adequately through this legislation. We do have other legislation, such as Representative Dreier's legislation here on the House side, that has raised some other issues with regard to limitation of liability, legal liability.
Page 7 PREV PAGE TOP OF DOC
I would say that as we go through this process and certainly as we listen intently to the hearing today, the authorities that are here today, I certainly as Chairwoman of the subcommittee will be looking at whether or not other proposals are necessary in the future and would look forward to holding hearings on the litigation question next year, early in the next Congress, and perhaps put a bill out there at some point. But that is work that we must deal with cooperatively now and that should not limit our actions now.
Again it is still unknown as to how far the Senate may go on this subject, and certainly how we in the House are going to be able to progress. I thank the Chairman.
Chairman LEACH. Thank you, Mrs. Roukema.
Mr. Metcalf.
Mr. METCALF. Very briefly, I suppose we have all read some of the horror predictions for Y2K, and it is reassuring to know that key agencies are well on the way toward the necessary preparations to prevent those predictions from coming to pass, and this is one of the examples. Thank you.
Chairman LEACH. Then we will turn to our panel which is comprised of representatives from all of the five financial regulatory agencies as well as a representative of the State Bank Regulators. I would like to welcome Edward W. Kelley, Jr., testifying on behalf of the Board of Governors of the Federal Reserve System; Julie Williams, Acting Comptroller, Office of the Comptroller of the Currency; Donna Tanoue, Chairman of FDIC; Ellen Seidman, Director of the Office of Thrift Supervision; our former colleague, Norm D'Amours, Chairman of the National Credit Union Administration; and Timothy R. McTaggart, Commissioner, Delaware Department of Banking, testifying on behalf of the Conference of State Bank Supervisors. I would like to ask unanimous consent that all statements be placed in the record and without objection, so ordered.
Page 8 PREV PAGE TOP OF DOC
Chairman LEACH. Please proceed, Governor Kelley.
STATEMENT OF HON. EDWARD W. KELLEY, JR., MEMBER, BOARD OF GOVERNORS, FEDERAL RESERVE SYSTEM
Mr. KELLEY. Thank you very much, Mr. Chairman. I am pleased to appear before the committee today to discuss the Year 2000 issue. This problem poses a major challenge to public policy: the stakes are enormous, nothing less than the preservation of the safe and sound financial system that will continue to operate in an orderly manner when the clock rolls over at midnight on New Year's Eve and the millennium arrives.
In that spirit, let me update you on the Federal Reserve's efforts concerning preparation for the Year 2000, which I will refer to as Y2K. I will discuss our progress in the areas of internal readiness, contingency planning, supervision, and international coordination.
Since I last testified here in November of 1997, the Federal Reserve has met the specific goals that we set for ourselves. We have, in summary, renovated our mission-critical applications and nearly completed our internal testing; opened our mission-critical systems to customers for testing. We have progressed significantly on our contingency planning efforts, which continue; implemented a policy concerning changes to our information systems; and concluded our initial review of all banks subject to our supervisory authority.
Page 9 PREV PAGE TOP OF DOC
Much work remains. The Federal Reserve is currently supporting numerous Year 2000 initiatives. We are, among other things, finalizing plans for concurrent testing by customers of mission-critical applications; analyzing plans for coordinated tests with the Clearing House for Interbank Payment Systems, CHIPS, and the Society for Worldwide Interbank Financial Telecommunications, SWIFT and Fedwire; enhancing our contingency plans to incorporate potential failures external to the Federal Reserve; conducting a second round of supervisory reviews of the banks and service providers subject to our supervisory authority; and coordinating with domestic and international Year 2000-focused organizations.
Relative to Federal Reserve readiness, as mentioned, the Federal Reserve has completed the renovation of its mission-critical systems, and we are nearing the conclusion of our internal testing. With the exception of a few systems which will be physically replaced by March of 1999, we will complete the testing and implementation of our mission-critical applications by this year end.
Beginning in late June, we made our systems available to our customers for Year 2000 testing. We are assisting them in testing with us and have, through a series of Century Date Change, or CDC bulletins, provided them with information and guidelines concerning the testing activity. By the end of August, almost 400 organizations had conducted CDC testing with us, and these institutions represent 35 percent of the assets of our institutional customer base. The number of institutions scheduling tests is increasing rapidly, and we are currently developing schedules to support testing through late 1999.
Because of the financial services industry's critical dependence on telecommunications services, we are coordinating with the Federal Communications Commission regarding the readiness of the telecommunications industry. Commissioner Powell has been helpful in providing us and others with information regarding the FCC's oversight and plans.
Page 10 PREV PAGE TOP OF DOC
On contingency planning, in general, the focus of the financial industry has begun to shift from the renovation of systems to business continuity and contingency planning. As the Nation's central bank, the Federal Reserve, is actively engaged in contingency planning for both operational disruptions and systemic risks. Each of our business offices completed assessments of the adequacy of the existing contingency scenarios for CDC by June 30 of this year.
Federal Reserve work groups are currently identifying problems external to the Federal Reserve that could arise when the date changes to 2000, such as those affecting telecommunications providers, large financial institutions, utility companies, and other key financial market participants, as well as risks to our financial system from abroad. Our business offices plan to incorporate recommendations for mitigating these problems in their contingency plans by November 30 of this year and then, starting in the fourth quarter, we will focus efforts on testing these plans to ensure their operational readiness for the century rollover.
Regarding change management, the Federal Reserve will soon institute guidelines to significantly limit policy and operational changes as well as internal hardware and software changes during late 1999 and early 2000 in order to minimize the risks and complexities associated with new processing components. By limiting changes to our financial systems, we will provide a stable internal processing environment entering the Year 2000. In addition, we intend to coordinate with other institutions that typically generate policy and operational changes in the financial industry which lead in turn to requirements for changes in information systems. I would urge that Congress, as well as other Federal agencies, consider adoption of such change management policies as we move into 1999.
Page 11 PREV PAGE TOP OF DOC
With respect to our efforts to supervise and assist the banking industry's progress, the Federal Reserve reviewed all banks subject to its authority in the twelve months ending June 1998. In addition, we are participating in reviews of the readiness of information systems service providers and are distributing review reports to their serviced banks. We continue to work closely with the other banking agencies that comprise the FFIEC to address the banking industry's Y2K readiness. A series of seven advisory statements have been issued on this subject since I was last here in November, and we are assessing compliance with these statements during the conduct of supervisory reviews.
Through June 30, the Federal Reserve had conducted reviews of approximately 1,600 banking organizations. Based on these reviews, we can state that the vast majority of these organizations are making satisfactory progress in their Y2K readiness efforts. About 4 percent were rated ''needs improvements'' and fewer than 1 percent were rated ''unsatisfactory.'' In those cases, we have initiated a program of intensive supervisory attention. Restrictions on the expansionary activity of Y2K deficient organizations have also been put in place.
The Federal Reserve has instituted a second phase of this supervision program, and during Phase II we will conduct another round of reviews of banks and service providers. This time we will focus on testing, contingency planning, and other matters, including assessing credit quality to ensure that banks are making substantial progress and are in compliance with our guidelines.
With regard to the issue of credit quality, efforts have been made to encourage the Nation's largest banks that syndicate large loans to address the Y2K readiness of those large borrowers. To date we have seen no signs that credit quality has deteriorated as a result of Y2K readiness considerations, but it is still too early to make any judgments in that area.
Page 12 PREV PAGE TOP OF DOC
With respect to international matters, cooperation on Y2K issues has intensified over the past several months because of the efforts of the public sector Joint Year 2000 Council and the private sector Global 2000 Coordinating Group. The Joint Council, chaired by my colleague, Governor Ferguson, is working to foster a better understanding of the Y2K issues on the part of regulators and central bankers around the world through a series of regional meetings. We are also working with the President's Year 2000 Conversion Council, and we chair the Council's Financial Institutions Sector Group.
In closing, the Federal Reserve continues to address the Year 2000 issue as one of highest priority, commensurate with our ongoing goals of maintaining the stability of the Nation's financial markets and payment systems, preserving the public confidence in our financial system, and supporting reliable Government operations. Financial institutions have made significant progress in renovating their systems, and much has been accomplished to ensure the continuation of reliable services to the banking public at the century rollover.
The Federal Reserve is committed to continuing its rigorous program of industry testing and contingency planning for ourselves, the financial services industry generally, and those financial institutions which we supervise. We are looking forward to continuing to work with the President's Council on the Year 2000 Conversion, the Joint Year 2000 Council, industry associations, and the Congress to assist the banking industry in preparing for the Year 2000. Thank you, Mr. Chairman.
Chairman LEACH. Thank you, Mr. Kelley.
Page 13 PREV PAGE TOP OF DOC
Ms. Williams.
STATEMENT OF HON. JULIE L. WILLIAMS, ACTING COMPTROLLER, OFFICE OF THE COMPTROLLER OF THE CURRENCY
Ms. WILLIAMS. Mr. Chairman and Members of the committee, I welcome this opportunity to report on the progress of the Office of the Comptroller of the Currency in its efforts to ensure that the OCC and the national banking system are prepared to meet the challenges associated with the century date change.
Since our last report to Congress, the OCC has vigorously implemented its Year 2000 action plan, both inside and outside the agency. Internally, we have already renovated or replaced many of our own mission-critical internal systems, with the rest soon to follow. Testing, validation, and verification efforts are underway and on schedule. In the end, we expect to have spent approximately $8 million in making the OCC's information technology systems fully Year 2000 compliant.
We have also focused aggressively on the Year 2000 readiness of national banks. As of June 30 of this year, every one of our banks had undergone at least one on-site examination to assess the status of its Year 2000 preparations. As of that date, 2,676 of the institutions we supervise, roughly 96 percent, were rated ''satisfactory''; 111, less than 4 percent, were rated ''needs to improve''; and 8, less than 1 percent, were rated ''unsatisfactory.'' For those relatively few national banks found to be lagging behind, we took appropriate enforcement actions.
Page 14 PREV PAGE TOP OF DOC
We initiated Year 2000 information-sharing outreach efforts with financial institutions, service providers, and trade associations. Almost 600 examiners took part in intensive, specialized new training programs to help them improve the skills they need to effectively monitor Year 2000 preparedness in the banks they supervise. And, to ensure they have the proper tools to do the job, we issued written guidance and worked cooperatively with other financial regulatory agencies to maintain consistency and high standards throughout our Year 2000 supervisory efforts.
We are now entering one of the toughest phases of our whole Year 2000 preparedness effort. In the weeks and months just ahead, many financial institutions will begin to conduct the first comprehensive tests of their systems. The results of these tests will say much about how prepared they actually are to meet the Year 2000 deadline. Inevitably, in some banks, deficiencies will come to light, and where they do, intensive and expensive remediation may become necessary. Technical expertise to perform these tasks will be in great demand and may be hard to come by at any price.
The OCC believes that the key to avoiding a tidal wave of last-minute crises is to be proactive now. If there are Year 2000 problems in any national bank, problems with the tests themselves or problems revealed by those tests, we need to know about them sooner rather than later so that effective corrective action can be taken.
That is why we have adopted a strategy under which each national bank will be examined again on-site, not once, but twice, before June 30, 1999. The first set of examinations, to be conducted by December 31, 1998, will ensure that each institution has a viable testing plan in place. The second set of examinations will take place after institutions have tested their systems, and will assess testing results and contingency planning efforts. Together, these examinations should give us a clear, accurate and, most of all, timely picture of each bank's Year 2000 progress and any problems that may remain.
Page 15 PREV PAGE TOP OF DOC
As bank supervisors, credit risk is always a major focus of our concerns. The Year 2000 poses a serious challenge in that regard. Our examinations show that many national banks, including most large national banks, have systems in place now to assess borrowers' Year 2000 readiness and the potential impact of any deficiencies on those borrowers' ability to meet debt obligations.
Some national banks also are providing additional training for their loan officers so that the nature of each customer's reliance on technology and, consequently, each customer's Year 2000 risk can be properly evaluated. Some banks are adopting restrictive covenants, increasing loan-loss reserves, reducing credit lines and shortening loan maturities to protect themselves from borrowers' potential Year 2000 risks.
National banks are, however, encountering greater difficulty in evaluating the extent of their Year 2000 exposure in the international arena. Some countries around the world have been slow to acknowledge and confront the Year 2000 challenge, and are at times unable or unwilling to provide clear and consistent information about their own remediation efforts.
The OCC is currently working with several private sector and multilateral regulatory organizations established to deal with international Year 2000 issues. These include the Global Year 2000 Coordinating Group, which is composed of private sector financial firms which are located in and operate across multiple markets and jurisdictions, and the Joint Year 2000 Council, a multilateral group of financial market regulatory authorities. Through such cooperative efforts, we hope to achieve more effective action, information-sharing, and disclosure on international Year 2000 issues.
Page 16 PREV PAGE TOP OF DOC
And OCC examiners assigned to our most internationally active banks report that these institutions are working diligently, as FFIEC guidance directs, to develop appropriate contingency plans to mitigate risks that might arise from overseas operations and foreign customers where Year 2000 readiness is at issue.
You specifically asked for our views on Year 2000 liability and whether any legislative remedies are needed to facilitate our Year 2000 efforts.
First, we believe that, by limiting liability to those cases of information-sharing in which there was a demonstrable intent to mislead or deceive, the so-called ''Good Samaritan'' bills would promote voluntary disclosure and a healthy exchange of information on Year 2000 issues, and we support those initiatives.
Second, with respect to other potential legislative changes, we believe it would be desirable to amend the Bank Service Company Act to clarify the authority of the banking agencies to take enforcement actions against bank service providers. The enforcement authority of the banking agencies is stated differently than that of the OTS and the NCUA, although Congress has indicated it intended for the authorities to be the same. We think that it would be wise to clarify the statutory language itself so that essential enforcement remedies are not delayed by disputes over legislative intent.
Mr. Chairman, I want to commend you and the committee for your leadership in this important area. The focus that you have brought to this issue contributes very significantly to the effort to ensure that our Nation's financial system will function smoothly as we enter the new millennium. I appreciate the opportunity to keep you apprised of our efforts to achieve that goal. Thank you very much.
Page 17 PREV PAGE TOP OF DOC
Chairman LEACH. Thank you, Ms. Williams.
Ms. Tanoue.
STATEMENT OF HON. DONNA TANOUE, CHAIRMAN, FEDERAL DEPOSIT INSURANCE CORPORATION
Ms. TANOUE. Thank you, Mr. Chairman, and Members of the committee. The FDIC considers the Year 2000-related risks as our number one safety and soundness concern.
This morning I would like to describe briefly what we have done on a wide range of Year 2000 issues. The FDIC has three roles in addressing the Year 2000 challenge: one, maintaining public confidence; two, supervising the efforts of institutions to become Year 2000 ready; three, resolving failures that may arise from the century date change.
First, in regard to maintaining public confidence, I want to stress that no one has ever lost a penny of an insured deposit. One of the things that will not be affected by the Year 2000 is the FDIC's insurance protection. If an institution should fail because of Year 2000 problems, insured deposits will continue to be covered. To help maintain public confidence, the FDIC recently developed a brochure to educate consumers about Year 2000. The brochure, which was a cooperative effort among the Federal banking agencies, is subtitled ''What the Year 2000 Date Change Means to You and to Your Insured Financial Institution.''
Page 18 PREV PAGE TOP OF DOC
The brochure outlines the Year 2000 date change, describes its impact on bank customers, steps that institutions and regulators are taking to address Year 2000 risks and, perhaps most importantly, reminds consumers that Federal Deposit Insurance will continue to protect them before and after the Year 2000.
The brochure is available in English and Spanish and since it was issued in June, the FDIC, our colleagues in the regulatory arena, and the banking industry have distributed more than five million copies of the brochure. Many bankers and consumers have commented on its clarity and its usefulness.
In its second role, that of supervisor, the FDIC oversees how the approximately 6,000 financial institutions under its jurisdiction are managing their efforts to become Year 2000 ready.
Over the past year, the FDIC and other banking supervisors have taken aggressive action to address the century date change. We have conducted on-site assessments at all institutions, their service providers and software vendors, issued guidance to the industry, performed outreach activities for bankers, vendors and consumers, and we are currently preparing contingency plans.
I would like to take a moment to discuss our on-site assessments. More than 94 percent of the approximately 6,000 institutions we supervise were rated ''satisfactory'' as of July 31, 1998. Five percent, or 318 institutions, were rated ''needs improvement.'' Less than one-half of 1 percent, or 23 institutions, were rated ''unsatisfactory.'' These percentages are similar to those assigned to the industry as a whole. In addition, 98 percent of the 146 service providers and software companies that we examined were rated ''satisfactory.'' Only 2 percent, or three companies, were rated ''needs improvement.'' No companies were rated ''unsatisfactory.''
Page 19 PREV PAGE TOP OF DOC
These results are very encouraging, but institutions are now engaged in testing, the very critical and complex Phase II. Supervisors will have a much better idea of how many institutions will have problems preparing for the Year 2000 and how serious those problems are when the Phase II is completed. But we are preparing contingency plans now in the event that problems do emerge. We are developing scenarios where regulators would need to intervene, defining conditions where institutions may no longer be viable, and examining legal authority to close institutions.
We are also compiling information on service providers with excess capacity and developing lists of potential acquirers of failing institutions. We have made substantial progress toward completing our contingency plans and we are having discussions with the GAO on the timing of the implementation of such plans.
The FDIC and other regulators will conduct a second round of on-site assessments to address the testing phase. By December 31, we will complete our assessments of service providers, software vendors, and institutions with in-house programming. By March 31 of next year, we will complete assessments of service institutions and those institutions that rely on vendor software.
We will also be looking at contingency planning, credit risk, infrastructure risk and interconnectivity risk. If needed, we will take aggressive enforcement actions during the second round. Those institutions that don't address Year 2000 problems will be subject to enforcement actions which may include cease-and-desist orders and civil money penalties. Such institutions may also find their applications denied and the management component of their CAMELS rating or their composite CAMELS rating downgraded.
Page 20 PREV PAGE TOP OF DOC
In addition, the FDIC is concerned that some infrastructure providers are not making adequate progress in addressing the Year 2000 date change. We would support greater and more accurate disclosure. The Administration's disclosure bill appears to be aimed at allaying some of the fears about disclosure, and such legislation may encourage greater and more timely disclosure of information.
In our third role, the FDIC stands ready to resolve failing and failed banks and savings institutions to protect depositors, and again we are preparing contingency plans to address disruptions or failures that could arise from the Year 2000. We must be prepared to respond even if no failures are predicted. With more than 10,000 institutions in the country, no one can guarantee that there will be no problems, but we can mitigate and we are working to mitigate the risks of such problems occurring.
Finally, I would like to touch briefly on our efforts to prepare our internal systems for the Year 2000. We are on schedule. We recently completed renovation of all of our systems on time and in accordance with guidance from the OMB. In fact, of our 39 mission-critical systems, 10 are already compliant, 24 have been renovated, and 5 are being replaced.
Again, in accordance with the OMB guidance, testing on the renovated systems will be completed by January 31 and implementation will be completed by March 31 of next year.
That concludes my remarks and I thank you, Mr. Chairman and Members of the committee. We do look forward to continuing to work with you on the Year 2000 issues.
Page 21 PREV PAGE TOP OF DOC
Chairman LEACH. Thank you, Ms. Tanoue.
Ms. Seidman.
STATEMENT OF HON. ELLEN SEIDMAN, DIRECTOR, OFFICE OF THRIFT SUPERVISION
Ms. SEIDMAN. Thank you, Mr. Chairman, and thank you for the invitation to discuss OTS's efforts to address the Year 2000 computer problem. Chairman Leach, I want to thank you and the Members of this committee for your leadership and for your continuing focus on the Year 2000 challenges. I especially appreciate your efforts earlier this year in securing swift passage of H.R. 3116, the Examination Parity and Year 2000 Readiness for Financial Institutions Act, which is very important to our continued efforts to prepare the thrift industry for the Year 2000.
OTS has been addressing the conversion of its own systems since 1995. To date we have renovated, tested, and implemented 93 percent of our internal application systems. The remainder of our systems will be completed and implemented by the end of this year. Thirteen of our 15 mission-critical systems are Year 2000 compliant now with the two remaining systems scheduled for implementation next month. We will complete certification testing of all mission-critical systems by next month, and retest and recertify these systems twice during 1999.
The final step in our internal process involves contingency planning for each mission-critical system to help ensure that critical services continue.
Page 22 PREV PAGE TOP OF DOC
Contingency plans have been developed for each such system. Based on these plans, our master calendar will identify actions and key dates to ensure that all steps are completed to implement backup alternatives should they be needed.
Our internal preparation, of course, proceeds in tandem with our Year 2000 readiness work with the institutions we regulate.
Enhancing industry awareness of the Year 2000 problem is a significant part of our overall effort. We have worked with the other FFIEC agencies to develop industry guidance on issues such as Year 2000 business risks, planning and project management, system testing, and contingency planning. We also have an aggressive outreach program that includes coordination with industry trade groups, sponsoring conferences, preparation of a monthly Year 2000 newsletter, and a Year 2000 page on our web site. We have emphasized the Year 2000 problem in numerous speeches, press interviews, and presentations around the country. The centerpiece of our Year 2000 effort is, however, examining the institutions we regulate and the service providers on whom they depend.
We first looked at Year 2000 issues in 1995, and greatly expanded our Year 2000 examination scope in 1998. Pursuant to the May 1997 FFIEC advisory on Year 2000, we have followed an examination strategy that by mid-1998 included on-site examinations of all OTS-regulated institutions as well as, on an interagency basis, data service providers and software vendors.
OTS conducted two rounds of Year 2000 examinations prior to June 30, 1998. Our initial round of examinations coincided with the awareness and the assessment phases of FFIEC's five-phase program guidelines. These off-site examinations were conducted between May and November 1997 to ascertain the awareness of and adequacy of planning for the Year 2000 problem.
Page 23 PREV PAGE TOP OF DOC
As a result of these initial examinations, we determined that the thrift industry was generally aware of and addressing the potential impact of the Year 2000 calendar rollover. However, 15 percent of the institutions examined during that first round lacked action plans or needed to improve their due diligence efforts to monitor service providers.
Other concerns included inadequate planning for testing, the absence of contingency planning, and insufficient information to assess vendor Year 2000 compliance.
The second-round examinations were conducted on-site between November 1997 and June 1998, and coincided with the renovation phase of the FFIEC's Year 2000 project management plan. Institutions found lagging in their Year 2000 efforts during the first round of examinations were the first to be examined in the second round. In addition to reviewing renovation efforts, OTS examiners looked at institution plans for testing, contingency planning, credit risk, and public awareness.
Overall, the results of our second round examinations were encouraging. Most institutions were well into the renovation phase of their effort, and institutions had significantly improved oversight over third-party service providers. But still, after our first on-site visits in the second round, 15 percent of the institutions had less than ''satisfactory'' ratings.
Earlier this year, we notified the industry that thrifts receiving less than ''satisfactory'' ratings would be subject to supervisory follow-up, such as follow-up examinations and requirements for directors to commit to specific dates and milestones until underlying weaknesses and issues were resolved. This has encouraged the relatively few poor performers to take appropriate steps to ensure Year 2000 readiness.
Page 24 PREV PAGE TOP OF DOC
Therefore, as of August 31, 1998, after a series of second round backup examinations, 93.6 percent of the OTS-regulated thrifts were rated ''satisfactory.'' Institutions that continue to lag are being monitored closely. Where appropriate, we will take formal enforcement action, as we did in one case earlier this year, to compel institutions to address outstanding Year 2000 issues.
We have also told the institutions we regulate that we will be paying particular attention to the Year 2000 implications of mergers and acquisitions this year and next. We will not hesitate to say no to a transaction if it appears either an acquired or an acquiring institution will have a Year 2000 problem that could adversely affect the other.
Having spent the summer reviewing the results of the second round of examinations and training examiners for the third round, we are now in the early stages of our third round, which concentrates on testing and contingency planning.
Testing is a key part of validation, the fourth and most critical phase of the Year 2000 project plan. Pursuant to the FFIEC's April 1998 guidance, institutions should complete testing of internal mission-critical systems by December 31 of this year and service providers should be ready to test with customers by that date. Institutions that rely on service providers are expected to test with those providers by March 31 of next year. We will carefully monitor adherence to these testing timeframes during this third round of examinations.
A concern that we have repeatedly heard from the industry involves their exposure to various third parties, particularly suppliers of telecommunications and power. Thrifts identify these two areas as mission-critical but have experienced difficulties obtaining meaningful information from these companies.
Page 25 PREV PAGE TOP OF DOC
To address this concern, we have invited a number of telecommunications and utility companies to participate in outreach meetings, and I am happy to say that any number have indeed accepted our invitation. However, many have declined our invitations on the advice of legal counsel. The President's Council on the Year 2000 Conversion is working to encourage the dissemination of information by public and private sector organizations and to coordinate the Federal Government's effort to increase awareness of the problem.
OTS supports legislative efforts such as H.R. 4355 to facilitate the disclosure and sharing of important information about the Year 2000 problem. We too are heartened by this morning's reports of a compromise bill that could pass this year. The free flow of accurate information is a critical aspect of increasing consumer awareness of the Year 2000 issue, and encouraging responsible consumer behavior based on facts, not rumor and speculation. However it is essential that any such legislation be carefully crafted to encourage responsible representations and statements and to avoid false or misleading disclosure.
Mr. Chairman, we believe that the combination of our outreach and examination efforts, our active supervision of the thrift industry, and our own conversion efforts should ensure that effective and timely actions are taken to avoid problems involving thrifts and the OTS when the calendar rolls over to the Year 2000. We know that no matter how well we are prepared, there will be glitches and problems. We are committed to addressing those problems and making the Year 2000 conversion process as manageable as possible for our regulated institutions and as successful as possible for their customers. We look forward to working with you and your staff in the coming year on this critical issue.
Page 26 PREV PAGE TOP OF DOC
Chairman LEACH. Thank you, Ms. Seidman.
Mr. D'Amours.
STATEMENT OF HON. NORMAN E. D'AMOURS, CHAIRMAN, NATIONAL CREDIT UNION ADMINISTRATION
Mr. D'AMOURS. Thank you, Chairman Leach, Congressman LaFalce, and Members of the committee. I am happy to report that the agency and credit unions are making good progress toward becoming Year 2000 compliant. Detailed answers to each of the questions posed in your invitation letter are included in my written statement.
You asked about NCUA's internal remediation efforts. NCUA's plan for testing, repairing and verifying our internal systems is on or ahead of schedule. Six of NCUA's seven mission-critical systems are fully Y2K compliant. Repairs to the remaining system will be completed by the end of this month and that is three months earlier than the target date.
We have been conducting tests on individual parts of our mission-critical systems since December 1997, and we began end user tests of the entire system in June of this year. End user tests conducted in August ran cleanly, with no errors. KPMG Peat Marwick has reviewed our Year 2000 verification testing results and has recommended providing further documentation of the tests we conducted. KPMG Peat Marwick is scheduled to review the revised documentation next week.
Next I would like to focus on our oversight of credit unions. In general, credit unions' Y2K conversion efforts are progressing well. For the quarter ending June 30, only one-quarter of 1 percent, that is, 29 federally-insured credit unions Y2K efforts were rated ''unsatisfactory''; 7.8 percent, or 895, ''needs to improve''; while the vast majority, 10,525, 92 percent, were deemed to be making satisfactory progress.
Page 27 PREV PAGE TOP OF DOC
NCUA's oversight efforts include quarterly data collection and on-site supervisory contacts. Each quarter, each federally-insured credit union must submit a progress report on their remediation efforts. NCUA's regional offices will validate that quarterly Y2K data by conducting reviews of 3 percent of all federally-insured credit unions. Beyond this, each credit union will also have at least one on-site contact which focuses on Y2K readiness in both 1998 and 1999. In addition, we have contracted for a review of the Y2K efforts of 20 to 30 large and complex credit unions.
NCUA has taken a total of 122 supervisory actions against 116 federally-insured credit unions for Y2K reasons. Of the 52 actions outstanding, 27 are letters from regional directors, while 25 are more serious letters of understanding or memos of understanding. Of course, still more serious sanctions would apply if the credit union continues to ignore directives. The next major milestone date is September 30, 1998, a few weeks away, when renovation of mission-critical systems will be substantially complete. NCUA has also increased oversight of credit union service providers after receiving authority to examine vendors in March of this year, thanks again to the your leadership and the efforts of this committee.
When the scheduled reviews are completed, we will have covered 80 percent of credit unions which use outside service providers, and that represents 74 percent of the total assets of all federally-insured credit unions. NCUA has advised credit unions of the need to consider the Y2K readiness of local utility and telecommunications providers in order to ensure uninterrupted service to members.
The recently introduced H.R. 4455 in the House and S. 2392 in the Senate, the so-called ''Good Samaritan'' Y2K liability limitation legislation, should encourage utilities and telecommunications providers to disclose their progress with Y2K remediations. Increased disclosure will allow credit unions to develop more realistic business resumption plans and educate their members about the credit union's response to the potential Y2K threat from third parties.
Page 28 PREV PAGE TOP OF DOC
Mr. Chairman, NCUA believes the major potential systemic Y2K risk to the financial services industry relates to liquidity risk. Thus, we continue to analyze and position the National Credit Union Share Insurance Fund's expected cash flows to ensure that ample liquidity will be available.
A possible source of liquidity for credit unions will be NCUA's Central Liquidity Facility, the CLF. Although Congress has chosen to limit CLF's borrowing authority, given the as yet unknown liquidity demands driven by the Y2K situation, we believe Congress should consider removing this limit and strongly support its doing so.
Mr. Chairman, we appreciate the committee's attention to this important issue. I would like to add my congratulations to you, to Ranking Member LaFalce, and to this committee for the leadership that you have shown in this area. I would be happy to answer any questions.
Chairman LEACH. Thank you very much.
Mr. McTaggart.
STATEMENT OF TIMOTHY R. McTAGGART, BANKING COMMISSIONER, STATE OF DELAWARE, ON BEHALF OF THE CONFERENCE OF STATE BANK SUPERVISORS
Mr. MCTAGGART. Good morning Mr. Chairman and Members of the committee. I am Tim McTaggart, the Bank Commissioner for the State of Delaware. I thank you for asking CSBS to be here to discuss the Year 2000 readiness of State-charted financial institutions.
Page 29 PREV PAGE TOP OF DOC
We applaud your continuing and diligent attention to the Year 2000 problem. Public awareness is absolutely essential to address the demanding challenges posed by the century date change. It is important that all public and business leaders, not just banks and bank regulators, understand this issue and do everything that they can to educate their constituents to resolve the problem.
While the State bank supervisors are comfortable with the banking industry's progress in addressing its Year 2000 problem, we are providing a progress report today, not a final grade. It would be premature to guarantee that every bank, whether State or federally chartered, will be fully Y2K compliant on December 31, 1999 or that the century change will go off without a hitch. However, I can assure you that the States, working closely with the Federal bank regulators, have a well conceived plan to assess, guide and if necessary demand the industry's Y2K readiness.
As you have heard earlier this morning, Phase I related to the bank's assessment efforts was completed on June 30. During this first phase of examinations, the State banking department served as partners with the FDIC and the Federal Reserve to fulfill the FFIEC's Y2K readiness program for State-chartered institutions and their data service providers. This collaborative effort and efficient use of examination resources allowed us to meet that deadline on time.
In addition to participating in the Phase I examination process, a number of States are conducting their own surveys on banks' Year 2000 compliance and are sharing their findings with the appropriate Federal regulator. Also, several State banking departments are sending letters and bulletins to the banks they regulate to emphasize the importance of Y2K compliance and to suggest best practices to prepare for Y2K. Several other departments are participating in trade presentations and seminars on the importance of preparing for Year 2000. Additionally, some departments are linking application approvals to Y2K examination results.
Page 30 PREV PAGE TOP OF DOC
Given the particular concern about small bank preparedness, State bank supervisors have increasingly focused their efforts on ensuring that smaller institutions understand the various components of the Y2K issue and are taking the appropriate steps to address the problem.
Focusing our State-chartered institutions on Y2K preparedness is obviously our primary goal. However, we also need to educate and assure our citizens about our institutions' preparedness. While the Year 2000 is obviously unavoidable and the Year 2000 problem costly, it is not insurmountable. With intelligent planning and prioritization, problems associated with the millennium date change will be a nuisance rather than catastrophic.
To counter false information and simplistic assumptions that have appeared in the popular press, we are also encouraging all of the institutions we regulate to educate their customers about their Y2K efforts. Recognizing that awareness on how to plan for and address the Y2K effort is limited in the business community, CSBS, along with the American Bankers Association and U.S. Chamber of Commerce, recently produced an educational video aimed particularly at small businesses on the subject. Our organizations have provided you with copies of this video. You may wish to use the video in your own efforts to educate your constituents, helping them understand how it affects everyone and what they need to do to make sure that they are ready.
In your letter of invitation, you also asked what the State banking regulators are doing to work with other regulators to prevent major disruptions to banking from Year 2000 problems experienced by telecommunications networks and electrical power. We clearly understand the dependence of the banking industry on these critical utility providers, and in this interdependent environment, it is critical that all sectors of our economy, not just banking, address the Y2K challenge. As detailed in our testimony, the States are taking a number of steps to encourage Y2K compliance among utility providers.
Page 31 PREV PAGE TOP OF DOC
While there is much that States can do to raise awareness among utilities and encourage their Y2K compliance, it is also up to the marketplace to demand preparedness. We would encourage the business community and the business trade associations to demand that Y2K preparedness be a top priority for their utility providers.
In conclusion, the Year 2000 problem can seem overwhelming. The problem is certainly critical and requires immediate attention. However, with planning and prioritization and a lot of hard work, we do not believe that it is insurmountable. Because Federal and State bank regulators and banks have made this issue a priority, and have considerable lead time to prepare, CSBS believes that they will be prepared for the century date change.
We would be happy to answer any questions that the committee may have, and we will continue to work with you and the staff on this important issue. Thank you.
Chairman LEACH. Thank you, very much, Mr. McTaggart.
I would first like to stress something in relationship to Ms. Tanoue's testimony, and that is, there is concern among many small depositors relating to the confusion of Y2K. It should be emphasized that the Federal Deposit Insurance will apply to everyone, and that if there happens to be a snafu at a bank, every American depositor covered by deposit insurance will be protected; that every bank has backup records. Therefore, no small depositor should have any concern that their deposit will be in jeopardy. There is no reason to take money from a bank. Clearly the Congress will be looking at that very carefully and will absolutely ensure that no small depositors will have any funds jeopardized at any time because of any computer snafu of any insured depository institution in the United States, and that applies to credit unions, to banks and savings and loans, all under the jurisdiction of the Federal Deposit Insurance Corporation.
Page 32 PREV PAGE TOP OF DOC
Second, the extraordinary worldwide phenomenon of Y2K is such that it is not inconceivable that there will be a run to, rather than away from, American depository institutions. This may be a factor of deposit insurance, but it is principally going to be a factor of safety and soundness. I would like to ask Governor Kelley and Ms. Williams, do you foresee that as a potential concern or problem or do you see that as a potential opportunity for the American banking system?
Mr. KELLEY. Mr. Chairman, I think that could very easily occur. We have seen related-type things when there is international concern about the financial systems in different countries. I do not see it as a problem for the United States banking system. We should be able to readily absorb such an inflow if it should occur, and I would have no great concern about that eventuality.
Chairman LEACH. Ms. Williams.
Ms. WILLIAMS. I would agree with that. I would also note to the extent that there is a flight to quality to U.S. institutions, it doesn't necessarily mean that the money will be coming back into the United States. It may be going to the foreign branches of U.S.-based institutions.
Chairman LEACH. Governor Kelley, you presented a pretty upbeat report on the preparedness of the Fed. Despite that, what major concerns do you have at this point on Y2K compliance?
Page 33 PREV PAGE TOP OF DOC
Mr. KELLEY. That is a very interesting question, Mr. Chairman and we have given some considerable thought as to what our concerns may be. Yes, we have a good deal of confidence in the state of our development here, as I hear my colleagues do as well in their areas of responsibility. But that is not to say that there are not challenges and concerns out there.
I will quickly mention five challenges, if I may, that we specifically have:
Number one is we have a huge job of testing to do with our interfaces in the payment systems with all of the financial institutions that are our customers. We believe that we will get this done on a timely basis, but we do have a long way to go; but it is a big job and I will be concerned about that until it is accomplished.
Second, relative to contingency planning, we are doing an enormous amount of work there and will continue to do so, but it is interesting because every time we turn over a rock we find other rocks underneath that rock and it is turning out to be a truly awesome task to try to catch everything that might be relevant in the way of things that could happen. This overall episode is enormously complex and interactive. We are working hard on that.
Third, there are human resource issues that we are concerned about. As I think we have discussed here before, there is enormous competition developing for people who have the abilities necessary to help solve these problems and there is a tremendous amount of turnover going on. I hear this from all of my colleagues across the Government and also from people in the private sector. It is a problem that we all have.
Page 34 PREV PAGE TOP OF DOC
Another one that those of us who are managing these efforts should be concerned about is the sheer burnout of our key people. They are facing deadline after deadline and the pressure is only going to increase from now forward, and we have to be very careful about how hard we push these very important people.
The fourth thing; we are, of course, literally in the hands of critical utility suppliers. Power and telecommunications get brought up over and over again. I am confident that good work is being done by those industries to prepare themselves to meet their responsibilities, but here again, that is going to be a concern until we get through it and past it and see that they have all done what they need to do.
Last, we don't know as much as we would like to know about the situation internationally. We hear some things that would indicate that there is reason for concern about different countries around the world in some instances being improperly prepared, and we have to be concerned about some potential contagion that might rear its head in our own financial institutions.
So basically, in summary, while we are doing a good job, all of us, I truly believe that in preparing our industry, we certainly are not without concerns and we will not eliminate all those concerns until this thing is entirely over with.
Chairman LEACH. Let me just say that your comments are a little less optimistic than your formal presentation. We all understand in a general economic way that we have an intertwined world, and the American economy has certainly started to reflect problems in the rest of the world, whether it be 1 to 1.5 percent of our GDP that may have been affected by events in Asia. But you are suggesting a contagion based on computer sophistication and compliance.
Page 35 PREV PAGE TOP OF DOC
That is a very real circumstance which obviously raises the question of what countries, what parts of the world, do you see the greatest problems in? As we look at Asia, there is a sense that some of their countries are not as prepared. As we look at Europe, we look at the dual sense of trying to be prepared for the euro, as well as the Year 2000. How does the Fed perceive this?
Mr. KELLEY. Mr. Chairman, I do not believe that it is appropriate for me to cover specific areas which have specific problems. For one thing, I simply don't know enough to—there is not enough information available to comment responsibly on that.
Second, with our supervisory responsibilities and the confidentiality that necessarily goes along with that, I think I should be very circumspect. If you would care to pursue this in perhaps a more private venue, I would be happy to discuss it, but I don't think that I should get more specific publicly.
Chairman LEACH. Fair enough. I have a series of questions, but we have other Members of the committee here and so we will continue in a second round. At this point, let me recognize Ms. Velazquez.
Ms. VELAZQUEZ. Thank you, Mr. Chairman. One of my concerns is the readiness of small banks since many of them serve my constituents, and I apologize that I missed your testimony so you may have explained this. Would any one of you could comment on that?
Page 36 PREV PAGE TOP OF DOC
Ms. TANOUE. Perhaps I might comment on it. The vast majority of institutions that are supervised by the FDIC are the smaller community banks, and the vast majority of those institutions received ''satisfactory'' ratings during the Phase I assessments. So 94.3 percent of those institutions are rated ''satisfactory'' at this time.
Only 5.3 percent received ratings of ''needs improvement'' and fewer than one-half of 1 percent, or 23 institutions, received ''unsatisfactory'' ratings. We were very encouraged by the efforts made by the industry during the first phase, but again would emphasize that the real test is during the current testing phase.
Ms. VELAZQUEZ. Thank you.
Thank you, Mr. Chairman.
Ms. SEIDMAN. I would like to add with respect to the savings and loans, which also tend to be quite small, we are finding a similar situation where the small institutions are doing well. They are moving ahead and we are getting good results from them.
Mr. D'AMOURS. I would like to say that many of these small institutions are credit unions, but the smaller institutions tend to be less complex so their problems are easier to fix, and they are reliant upon vendors, and thanks to the efforts of this committee we are getting into vendor testing sufficiently that we believe that there will be no systemic by-size risk any greater than that throughout the rest of the system.
Ms. VELAZQUEZ. Thank you.
Page 37 PREV PAGE TOP OF DOC
Ms. WILLIAMS. I think Mr. D'Amours made a very important point. Many small institutions rely on vendors, and the agencies have had a comprehensive program for examining vendors for some time. The agencies continue to examine service providers and software providers for Year 200 readiness under the aegis of the FFIEC.
Ms. VELAZQUEZ. Thank you, Mr. Chairman.
Chairman LEACH. Mr. Metcalf.
Mr. METCALF. This is something that my wife and I happened to discuss a couple of weeks ago, and I will ask a question for any member of the panel. We have discussed how can people be assured that they will have continued access to their funds through the critical first week or weeks of Y2K. I think that is mainly in peoples minds, in the back of their minds, but it is there.
Ms. WILLIAMS. I can start on that. I think there are several ways that can occur.
Number one, through statements that the regulators can make about the state of the industry and systems generally; and number two, through customer awareness efforts by individual institutions. There is guidance that the agencies have put out on that. Institutions can tell their customers what they have done, what tests they have undertaken and what tests have been run successfully. So on an individual institution basis, I think there is a substantial amount of information that banks and thrifts and credit unions can provide.
Page 38 PREV PAGE TOP OF DOC
Mr. KELLEY. Mr. Metcalf, I think one concern that I have heard voiced by many folks is the potential availability of currency in cash which the Federal Reserve is responsible for providing. I do not believe that there is any reason for a mass run to cash, but we will be prepared and have an extensive plan in place to have whatever level of currency is going to be required by the American public. We have already released the substance of this plan and we will be making it more and more available through the industry and through our own public affairs releases as time goes along, but for purposes of answering your question this morning insofar as currency availability is concerned, there will be absolutely no reason for anyone to be concerned about the availability of our currency.
Mr. METCALF. I appreciate those comments. I thank especially Ms. Williams for mentioning the fact that the banks should assure their customers, because when it comes down to it, we would feel more comfortable, we live in a small town, if the banks in our community reassure us rather than a statement from the Federal Reserve.
Chairman LEACH. Thank you, Mr. Metcalf.
As you know, the banking industry is very concerned about the threat of litigation on the Year 2000 problem, and clearly there is potential liability for gross negligence, I would assume. But, for inadvertent error, one of the questions is, is there liability? It is my sense, in reading a spectrum of statutes that apply to inadvertent error, that probably a depository institution is protected. Is that the interpretation of the Federal Reserve Board?
Page 39 PREV PAGE TOP OF DOC
Mr. KELLEY. I have discussed this briefly with our attorneys, and my understanding is that they believe that the institution is appropriately protected under current law.
Chairman LEACH. Ms. Williams, would that be your interpretation as well?
Ms. WILLIAMS. Yes.
Chairman LEACH. Mr. D'Amours, would you assume the same thing and—my question relates to inadvertent error—do you think a credit union is protected from a liability for inadvertent error under current law?
Mr. D'AMOURS. I can't answer that question directly, Mr. Chairman, because I haven't asked our legal department for their opinion on this. But clearly in case of a systems failure, issues of liability are fact specific and dependent on local or State tort laws so it is very difficult to offer a specific guidance, but the Federal Credit Union Act does not provide protection for officers and directors, including activities related to Y2K conversion.
Nonetheless, some State statute may afford protection to these volunteers, because in the case of credit unions, the directors tend to be—are, by statute—volunteers. And also there is a matter of an optional endorsement on the fidelity bond coverage which protects. Beyond this, it is very difficult to comment and I have not asked the legal department for a specific opinion on that.
Page 40 PREV PAGE TOP OF DOC
Ms. WILLIAMS. Mr. Chairman, if I could just clarify, I would not characterize an inadvertent error as negligence. So the distinction there, I think, is important.
Chairman LEACH. It is. But the question is, is there liability for inadvertent errors, whether it is defined as negligence or not, and my sense is you are responding that there is no liability for inadvertent error. Is that correct?
Ms. WILLIAMS. That is correct.
Ms. SEIDMAN. I think it is important to distinguish between the issue of liability with respect to the Federal regulatory system. In that case, it is our position that officers and directors of institutions have a responsibility to do their very best, and it would be highly unlikely that inadvertent error would ever lead to liability.
The question, however, and Mr. D'Amours I think put it well relating to liability with respect to third parties, is very much an issue of State law. I cannot opine on the laws of 50 States and how they would interact with this issue.
Chairman LEACH. Let me then turn to Mr. McTaggart who represents the States, although a State that does the best job of protecting.
Mr. MCTAGGART. Again, I can't present a summary or delineation of what all 50 States may have. It is obviously a complex area. There are questions as to when statute of limitations provisions would run under the various laws, what items would constitute a cause of action, but I think the general sense is that there are reasonable standards brought to bear so that inadvertent errors would be likely excluded, and there is also protection under a business judgment rule generally that also would provide some comfort. But it is not a situation where you have a century date change from 1899 to 1900, and there is a body of law or an expert opinion that would be pertinent to this situation, so it is a unique aspect in that way and it is hard to understand what all the circumstances might be.
Page 41 PREV PAGE TOP OF DOC
Chairman LEACH. It is the intent of this committee to give the maximum possible incentives for institutions to comply, based upon regulatory effort in a commonsense way, but we are left with the potential problem of is there a safety and soundness concern that relates to potential legal liabilities that may exist in this area. It is really divided into two areas, one for institutions themselves, and the second for customers of institutions that then may find legal liability for which they will be unable to pay back the bank loans.
Has the Federal Reserve assessed this circumstance and what conclusions have you reached?
Mr. KELLEY. Mr. Chairman, I am afraid I am not capable of giving you a clear answer on what conclusions we have reached, but I do know as a part of our contingency planning this is in the process of being addressed and I am very candidly not sure whether or not we have come down or where at this point.
Chairman LEACH. Ms. Williams.
Ms. WILLIAMS. I would have to get back to you, Mr. Chairman, to tell you whether we have taken it through that series of steps, and I would be happy to do that.
Chairman LEACH. Thank you.
Ms. Seidman.
Page 42 PREV PAGE TOP OF DOC
Ms. SEIDMAN. On the issue of officer-director willingness to serve, which I think is part of your question, I am pleased to say that so far we have not seen any concern there. We will have to get back to you also on the broader safety and soundness issue. But in essence, we are all, more than a year before the millennium, forced to balance the need to continue to encourage institutions to really move ahead with this and to not slack off with the understanding that if institutions begin to get seriously concerned about liability, if we get a lot of strike suits or other things that could distract them, whether or not those suits are successful, this could be a problem. So I think it is a very tough balancing act, and the initial step of the Good Samaritan bill is an important step in the right direction.
Mr. D'AMOURS. I would agree with Ms. Seidman's remarks and simply point out that in the case of credit unions, these people are volunteers. They receive no compensation. That may benefit them, given the possibility of local Good Samaritan statutes.
It would certainly be helpful if, as I said earlier, this Congress would move expeditiously on the Good Samaritan legislation. From a safety and soundness standpoint we have not seen any evidence of any effect, causal relationship between such concerns and the performance of credit union boards. So while we have not studied this matter specifically, I would say that—nor have we seen any indication at any level of any diminution of attention to the problems by supervisory committees and boards of directors.
Mr. MCTAGGART. I would just echo some of the comments earlier, management attention to this problem is very important and we have not seen some drifting away because of the challenge that the problem presents.
Page 43 PREV PAGE TOP OF DOC
Chairman LEACH. We have a problem with a vote on the Floor, but let me just ask in a general way, smaller institutions in particular, but also larger institutions, are reliant on suppliers, and one of the whole points of the legislation we are considering is to try to make suppliers a little more willing to comment. Have you at this point gotten any sense that there is going to be difficulty with a software supplier company's ability to be Y2K compliant and that this will infect the banking system itself?
Mr. Kelley.
Mr. KELLEY. I do not believe that we have a concern in that specific area, Mr. Chairman.
Ms. WILLIAMS. I think the findings, both from the other agancies' exams and the exams of vendors that we have been responsible for, indicate that the prognosis is good. There are some issues with some vendors, but I can't say that at this point in time I view them as being things that can't be dealt with.
Chairman LEACH. Ms. Tanoue.
Ms. TANOUE. As I mentioned earlier, our Phase I assessments indicated only 2 percent, or three service providers, were rated ''needs improvement.'' We have taken at least one formal enforcement action against such a company and we found that in that situation corrective action was taken in a relatively short period of time. Again we will have to wait to see the Phase II results.
Page 44 PREV PAGE TOP OF DOC
Chairman LEACH. Good.
Ms. Seidman.
Ms. SEIDMAN. We are finding the same thing, in part because much of this is done on an interagency basis, but are more encouraged over the last four months or so that there has been a major shift in service providers, not so much willingness to work with their institutions but actually getting out there and doing it. I am hearing a lot less now from our institutions about problems with service providers.
Chairman LEACH. Mr. D'Amours.
Mr. D'AMOURS. I would echo that. Nor are we hearing or experiencing any problems. Your legislation last March, passed by this committee, was a watershed in breaking what had been a reluctance up to that point to be cooperative and to share information. But you geared your question, I believe, to smaller institutions also, and I would like to point out there is a lot of competition out there. There are a lot of vendors serving smaller institutions. And I think the competition, the ability of credit unions to switch, smaller institutions to switch rather quickly, your legislation I would say has provided an environment where we have seen no systemic problems.
Chairman LEACH. Mr. McTaggart.
Mr. MCTAGGART. Mr. Chairman, I would agree that we have not seen issues with the service providers. It was alluded to today that there were enforcement actions. The State of Georgia was involved with that particular matter.
Page 45 PREV PAGE TOP OF DOC
One thing I would highlight for the committee, I think it is important, there is a formal examination process of service providers which predates Y2K so there has been an ongoing review and understanding of those businesses even before there was obviously the Y2K emphasis and focus. It has been more focused in the Y2K area.
Chairman LEACH. I thank you. Let me say we have a vote on the Floor, and I think, given the particular circumstances, at least one of the panelists has a conflict. Let me bring this panel to conclusion and let me thank you all. The hearing is in recess pending the vote.
[Recess.]
Chairman LEACH. The hearing will reconvene.
Our second panel is composed of Jack L. Brock, who is Director, Governmentwide and Defense Information Service Systems of the GAO; Mr. Gaston Gianni, Jr., Inspector General of the FDIC representing the FFIEC Inspectors General; and James W. Mays, Vice President and Year 2000 Manager for First Tennessee Bank on behalf of the American Bankers Association.
We will begin with you, Mr. Brock.
STATEMENT OF JACK. L. BROCK, JR., DIRECTOR, GOVERNMENTWIDE AND DEFENSE INFORMATION SYSTEMS, GENERAL ACCOUNTING OFFICE
Page 46 PREV PAGE TOP OF DOC
Mr. BROCK. Thank you, Mr. Chairman. I would like to add my appreciation for the work of your committee to that of the regulators this morning. I think the attention that you and Mr. Bennett have given the financial community over the past year has been very instrumental in making sure that the banking industry is in the shape that it is today.
As you know, we have done a series of testimony and reports jointly for you and Mr. Bennett on all of the regulators. And because of their extensive testimony today, I don't need to repeat the findings. They have done a good job to date. I think the banking industry at this point is in good shape.
A unique situation exists with the banking industry. It is the only segment of the national economy that we have visibility into. So we have a reasonable sense for where the banking sector is. We do not share that sense with the other sectors. What we have are largely self-reported, anecdotal amounts of information, and this causes us some concern. And as you heard from some of the regulators this morning, because of the interconnection between the sectors, even though one sector may be in great shape, if another sector such as telecommunications or utilities has serious problems, that can affect the viability of the bank sector or the retail sector or the manufacturing sector.
So that even at this point in time, we believe that the banking sector is in good shape. We believe that because of the presence of the regulators, the strong presence that they have with individual institutions, the ability of the IGs and the GAO to go in and verify data, we feel comfortable with the information that we are reporting to you. We don't share that level of certainty with other sectors, and I think that is a very important point to bring up this morning before I get started.
Page 47 PREV PAGE TOP OF DOC
The enormity of the banking sector and the challenges that it presents cannot be understated. There are over 22,000 institutions that have to be reviewed, $13 trillion in assets, and a very short timeframe. You are talking less than sixteen months to go through and to reverify. It is like climbing a large mountain. It is like climbing Mt. Everest where they have established a good base camp. They have the supplies up and ready to move on, but the enormous challenge of looking at testing and reviewing continuity plans are ahead, and the regulators need to be able to face this.
We are encouraged by a lot of things that the regulators have done. They have worked collectively under the auspices of the FFIEC. They have common assessment programs. They have shared reviews of the vendors and the service providers. They have made an enormous commitment of resources in terms of evaluating the status of the financial institutions. They have completed an initial first assessment and they are well into a second assessment. They have made enormous investments in training. They have made outreach efforts and taken this very, very responsibly.
Additionally, they have been very responsive to our recommendations. They have listened very carefully and adopted our recommendations and they have moved forward. So at this point in time, we think that the regulators have done a good job.
The current status, if you add all of the numbers up across the regulators as of June 30, 1998, about 93 percent of the institutions they have evaluated rated ''satisfactory''; 7 percent ''needed improvement'' and less than 1 percent were ''unsatisfactory.''
Page 48 PREV PAGE TOP OF DOC
Those are good numbers. However, those numbers are not static. They are dynamic, and as you move into, as I mentioned earlier, the more difficult phases of the Year 2000 effort, that of testing and making sure that you have adequate contingency plans, these numbers can shift. So the regulators need to keep their eye on the ball and continue to move forward.
We believe that the regulators face five serious challenges as they move into the remaining six months:
First, the challenge of time. In sixteen months the regulators are faced with the daunting task of overseeing the efforts of the 22,000 financial institutions, service providers and software vendors with a relatively finite number of examination personnel.
Second, over the next few months many of these entities will be undertaking the most complex and difficult stage of correction; that is, testing. It will be necessary for the regulators to ensure that they have enough technical resources to review institution efforts during this phase.
The third challenge is beginning in early 1999, regulators will be pressed to take quick actions against institutions that cannot successfully complete their Year 2000 remediation efforts. But before they do so, they need to determine what will constitute financial institution failures, what regulatory options can be effectively used and when they would be implemented.
The fourth challenge is that the U.S. economy is closely linked to the international banking and financial services sector, yet many countries and their financial institutions are reported to be far behind in addressing their Year 2000 problem. Working with their foreign counterparts, the regulators need to identify and define global Year 2000 risks and work cooperatively to mitigate those risks. The regulators will also need to be able to develop contingency plans in case there are unforeseen problems in this area.
Page 49 PREV PAGE TOP OF DOC
The final challenge is that financial institution credit, deposit and payment flows are critically dependent on the public infrastructure, such as telecommunications and public utilities. However, until critical readiness assessments and tests are completed in these areas and made available to the public, it is not clear whether there will be uninterrupted telecommunications and power service. In the absence of positive information, regulators need to develop contingency plans which anticipate Year 2000-related interruption in the infrastructure.
So, in conclusion, we believe that the regulators have made positive steps in moving forward. The challenges that remain are serious and difficult. We are confident that the regulators have the wherewithal, except perhaps with technical resources, to move forward. They have good plans in place. They have shown a very good faith effort and a high level of responsibility.
We would offer two recommendations that would go to all members of the FFIEC: first of all, to finalize by the end of this year their plan for dealing with institutions that will not be ready—that will not be viable due to Year 2000 problems; and second to develop contingency plans that address international and infrastructure Year 2000 risks.
I am pleased to note that I had a conference call this morning with senior staff from most of the regulatory agencies. They agree with these recommendations, and plan to have the framework for their plan available very soon and available for public comment and would be able to implement it early in the next calendar year.
So that concludes my statement, Mr. Chairman, and I would be happy to answer questions.
Page 50 PREV PAGE TOP OF DOC
Chairman LEACH. Thank you very much, Mr. Brock. And let me just say that we appreciate the work of your organization very much. I think it has been basically pioneering.
Mr. Gianni.
STATEMENT OF GASTON L. GIANNI, JR., INSPECTOR GENERAL, FEDERAL DEPOSIT INSURANCE CORPORATION REPRESENTING THE FFIEC INSPECTORS GENERAL
Mr. GIANNI. Thank you, Mr. Chairman, it is a pleasure to be here today to provide some insight as to how my office works at the FDIC, as well as coordinating amongst my colleagues. I appear today as Inspector General of one member agency of the Federal Financial Institutions Examination Council, and would point out that my counterparts from the Department of the Treasury, the Board of Governors of the Federal Reserve System and the National Credit Union Administration have also submitted a statement for the record.
The upcoming Year 2000 date change is a challenge that all financial regulatory agencies are addressing. As such, the management officials and the Offices of Inspector General of our respective agencies have been working together to aggressively address the risks posed by this unprecedented technological challenge.
My remarks today touch upon some of the common Year 2000 issues that the financial regulatory agencies are addressing related to the institutions they oversee, as well as FDIC's Y2K activities—internally and with respect to the institutions that it supervises, the work of my office to help ensure the success of the Corporation's efforts and the tasks that remain as we approach the millennium.
Page 51 PREV PAGE TOP OF DOC
FDIC and its fellow FFIEC members have worked closely and aggressively on the Y2K matters and have structured their efforts based on guidance published by the U.S. General Accounting Office and OMB. The guidance establishes a five-phased approach, which has previously been mentioned.
FDIC and FFIEC have carried out a thorough awareness campaign. Because of the importance of a consistent approach to examinations, the FFIEC agencies have also developed and presented a common training program for their examiners, adopted a unified examination work program, implemented a process of exchanging and tracking information related to examination results, and performed joint examinations of certain large institutions. FDIC has established Y2K as the number one safety and soundness issue facing financial institutions, and the FFIEC approach seems to be an effective strategy for meeting the Y2K challenge.
Now, turning to the nature of the OIG work as it relates to Y2K. Similar to the financial regulatory agencies, my office has been working closely with the Offices of Inspector General from the Federal Reserve, the Treasury and the NCUA in assessing efforts to address Y2K issues. Representatives from my office and these IGs meet frequently to discuss approaches, issues and solutions. This sharing of ideas is crucial to providing valuable, timely and effective input to our respective agencies, the FFIEC and the Congress.
Our collaborative efforts have focused on every facet of the Y2K situation, with particular emphasis on the adequacy and consistency of approach to examination ratings because the Corporation insures deposits of over 10,000 institutions, some of which fall under the jurisdiction of other financial regulators.
Page 52 PREV PAGE TOP OF DOC
To ensure that the OIG's work is timely and benefits the corporation, we have taken a proactive approach to Year 2000 efforts. We immediately brief corporate management as issues arise and issue periodic advisory memorandums, a practice that lessens management's burden of formally responding to audit findings and recommendations. Management has responded positively and quickly to our observations and suggestions.
Our work is designed to determine two things: first, whether FDIC is following a structured and effective approach in planning, evaluating and correcting its operations that are affected by the Y2K condition; and second, FDIC' actions ensure that financial institutions have planned and implemented a structured effective approach to address Y2K concerns.
In my formal statement I have discussed a number of areas that we have brought to the attention of the Corporation and in all cases the Corporation has addressed those issues.
Looking forward, FDIC and its fellow financial institution regulators are entering the most difficult and important phase of the Y2K efforts internally and externally, the validation or testing phase.
Internally FDIC must test the renovation of its systems, make needed corrections, implement the successful tested systems, develop and test contingency plans and procedures, ensure that entities with which it exchanges information have become Y2K compliant, and ensure that facilities and related support systems are compliant. We will continue to assess FDIC's progress in these areas.
Page 53 PREV PAGE TOP OF DOC
In its supervisory role, FDIC will continue to confront significant challenges. A key task is to examine the status of Y2K testing, external data exchanges, contingency planning, efforts at financial institutions. FDIC must also determine the extent to which Y2K examination ratings should impact on deposit insurance premiums, consider enforcement actions when financial institutions do not take adequate action to address Y2K situations and develop resolution strategies in the event institutions are closed because of technological failures.
FDIC and its FFIEC counterparts have been actively planning these issues for some time, and will soon formalize their approaches. We will continue to review FDIC and FFIEC's activities related to these critical supervision responsibilities.
In conclusion, I believe that the Corporation has made good progress and has adopted an effective strategy for addressing Year 2000 issues internally and with respect to the institutions it supervises. The Corporation has been responsive to the concerns raised by my office. While many challenges remain, I remain hopeful that the same spirit of cooperation will continue to guide the efforts of the FDIC and the FFIEC agencies and that collectively we will meet with success.
Mr. Chairman, that concludes my prepared statement. At this time I would be happy to respond to any of your questions.
Chairman LEACH. Thank you very much, Mr. Gianni. I appreciate that.
Page 54 PREV PAGE TOP OF DOC
Mr. Mays.
STATEMENT OF JAMES W. MAYS, VICE PRESIDENT AND YEAR 2000 MANAGER, FIRST TENNESSEE BANK N.A., ON BEHALF OF THE AMERICAN BANKERS ASSOCIATION
Mr. MAYS. Thank you, Mr. Chairman. I am Vice President and Year 2000 Manager at First Tennessee Bank in Memphis, Tennessee, where I am responsible for the bank's Year 2000 program. And I am here today on behalf of the American Bankers Association, the largest banking trade association in the country.
First Tennessee began intensive planning in preparation for the Year 2000 in 1995. We are ahead of the aggressive milestones that we established for ourselves, and we are pleased to have received a number one ranking in the Paine Webber report published in May 1998 on the banking industry preparedness for Year 2000.
Chairman LEACH. Tennessee is leading in many areas. You have three Presidential campaigns for the Year 2000.
Mr. MAYS. That is right.
Chairman LEACH. The country is going to be following you.
Mr. MAYS. Like many other banks, First Tennessee is committing appropriate resources and staff to meet the Year 2000 challenge. Our main vulnerability at this point is incomplete Year 2000 preparedness on the part of other organizations that impact the way that we do business. These businesses would include utilities, telecommunications suppliers and transportation servicers, among others. For this reason, we are adding a Year 2000 component to our longstanding aggressive business resumption program which is in place to ensure recovery from any situation that disrupts our business.
Page 55 PREV PAGE TOP OF DOC
Through our planning, testing and contingency preparedness, we are working hard to ensure that January 2000 will be a normal business period at First Tennessee.
Bankers across the country are diligently working on the Year 2000 challenge and have been doing so for several years. The banking community understands that this is a problem that faces all economic sectors, so there is an interdependence that cannot be ignore. The ABA acknowledges that the Y2K transition has the potential to disrupt the flow of goods and services in virtually all segments of the global economy.
Accordingly, as early as 1995, the banking industry began responding with a tremendous commitment of resources. Year 2000 readiness is the top priority of the U.S. banking industry. By effectively combining the expertise of internal project teams and outside vendors, banks are determined to prepare Year 2000 readiness systems and processes and to minimize any potential disruptions to banking and financial services.
In the financial services sector, one of the measurable outcomes of Y2K readiness is the continuing operation of the payment system. Smooth functioning of the payment system is possible only through the collective efforts of its participants, those being banks, thrifts, brokerage firms, regional clearinghouses and the Federal Reserve System.
To achieve Year 2000 readiness, the payment system will also be depending on Year 2000 preparedness of economic sectors that are beyond the reach of Federal banking regulators, again industry, telecommunications, transportation, retail services and others.
Page 56 PREV PAGE TOP OF DOC
ABA encourages Congress to exercise its oversight function and urge Year 2000 remediation in all economic sectors. The banking industry's interest in the financial health of our economy's commercial sector raises a number of issues in terms of creditworthiness and liquidity. Bankers are working hard to ensure that commercial borrowers take the necessary steps to achieve Year 2000 readiness, and toward this end bankers are raising the level of awareness among the small business operators in their communities. Bankers are uniquely positioned for this task as leaders in their respective communities and as the leading source for small business credit nationwide.
Depository institutions are keenly aware of the risk they face if banking services are disrupted by Year 2000 problems. Banks are taking litigation risks into account as they allocate resources to their Y2K efforts. Expenditures wisely deployed during renovation, testing and implementation phases will do much to reduce the risk of regulatory violations and class action lawsuits occurring down the road.
Consumer banking services are among the most heavily regulated activities in the economy, and banks are taking extra steps to ensure that these business lines are fully operational both before and after the century date change.
ABA strongly supports H.R. 4455, the Year 2000 Readiness Disclosure Act, a bill introduced by David Dreier and Anna Eshoo. Among other things, H.R. 4455 would promote the exchange of Year 2000 technical information by placing limits on the subsequent use of such information as evidence in litigation and would provide a workable mechanism for protecting against Year 2000 disclosures made prior to the effective date.
Page 57 PREV PAGE TOP OF DOC
In the Senate, ABA supports the Hatch-Leahy compromise draft which is a similar Y2K disclosure bill sponsored by Senators Hatch and Leahy. We support this bipartisan legislation as a first step in addressing the Year 2000 issue, and although we will be working with a diverse coalition of trade groups to seek enactment of the compromise, ABA urges Congress to take immediate action to create a legal environment in which the technical information essential to achieving Year 2000 readiness can be exchanged without increasing litigation risk. Moreover, ABA believes that once Congress has enacted disclosure legislation, attention must be turned to addressing the broader liability issues surrounding the Year 2000 conversion, punitive damages, excessive litigation and legal fees.
ABA has taken steps to help banks communicate with their commercial customers regarding Year 2000 readiness. ABA's efforts have focused on evaluating the importance of Y2K preparedness by businesses and emphasizing the need for banks to complete Year 2000 risk assessments of their commercial customers. Financial institutions are at work establishing contingency plans to carry them through the century date change.
Banks and their service providers have years of experience with contingency plans, particularly business recovery plans for natural disasters and other emergencies. They will be calling on that experience to meet the special needs of the Y2K challenge.
The U.S. banking industry is taking the century date change very seriously with a goal of achieving Y2K readiness clearly in sight. But the banking industry alone cannot deliver business as usual in January 2000. There must be a parallel commitment by all sectors of the economy so they can become equally prepared.
Page 58 PREV PAGE TOP OF DOC
We encourage Congress to continue its oversight of the broad range of business and Government sectors that together are essential to producing Year 2000 readiness in the American economy. I will be happy to answer questions.
Chairman LEACH. Thank you.
Mr. Brock, can you talk about the availability of technical expertise in the Government, and then Mr. Mays can comment on the private sector.
You have indicated that it is a difficulty. I have this great fear that the Government can do a very good job and, perhaps to some degree has, to date, in defining the problem; but after the problem is defined, actually implementing all of the nitty-gritty work needed for the solution takes people, and the issue is whether the Government has adequate numbers of people with adequate expertise and whether the private sector can attract such people. Would you care to comment on the Government?
Mr. BROCK. Yes, that is a governmentwide problem, specifically as it relates to the regulators. They have done an outstanding job of training the safety and soundness examiners. We have a concern across the board, though, that they do not have of the technical IS-type evaluators, the type of individuals that are really necessary to help examine the test plans, evaluate the quality of the test plans, things like that.
And as you get into the more technical aspects of the remediation effort, those types of skills are going to be in high demand. A couple of the regulators, NCUA and OCC, have supplemented their staff with outside contractors. We have encouraged all of them to do a formal assessment of their technical needs and to hire additional resources if so indicated.
Page 59 PREV PAGE TOP OF DOC
I think this is the case as you go into the last year; you do not want to take any chances. You want to have both your belt and suspenders on. You are competing in a tight resource market. The criticality of this sector demands extra attention, and we are hopeful that the regulators will indeed supplement their technical resources in an admittedly tight marketplace.
Chairman LEACH. Thank you.
Mr. Mays.
Mr. MAYS. At First Tennessee we went into this. Some advantage——
Chairman LEACH. You have not only Presidential candidates, you have software engineers in your State? This is utopia.
Mr. MAYS. We do.
Part of the planning that we did began in 1995 to review our technical situation. We made assessments at that time, what software, what pieces of technology were capable of operating on into the new millennium, and made changes to upgrade those, and more importantly to improve our ability to serve our customers with Y2K issues as a corollary.
As we went into that, when we signed contracts with vendors, we gained contractual commitment from them to supply resources to us to help us get through this, so I think a lot of the banking industry has followed that same tactic, so we have contractual commitments along the way to make sure that we have the resources we need.
Page 60 PREV PAGE TOP OF DOC
Chairman LEACH. Thank you very much.
Mr. Gianni, do you want to comment on the same subject?
Mr. GIANNI. While I understand the problem is governmentwide, I think perhaps the regulatory agencies have a leg up on most Government agencies, because they are able to attract people with their pay and benefits. That is one of the benefits of working for the regulatory agencies. So I think that, in combination with the contracting that they are able to bring in the necessary resources.
Within the FDIC they are pairing up the technical types with the supervisory individuals and have developed a strategy where these technical individuals will be available to assist and consult with the staff as they go out and look at the institutions.
Chairman LEACH. Mr. Mays, you have raised the subject of liability, legal liability, and it is something that has concerned me for a long time now. We considered legislation early-on, a year or so ago, in this area. Then we took a hard look at some of the law on the books and thought that there was some accommodation there.
Then, as we attempted to develop legislation, it became apparent that other committees would have jurisdiction with very different perspectives and that legislation might end up being counterproductive, that is, legislation in the Y2K area might get subjected to review by others who would have the effect of paring back certain discretions that exist under current law.
Page 61 PREV PAGE TOP OF DOC
So it has been one of those areas of major concern, but it is also an area in which it is not clear to me that legislation, the way Congress is constituted, would in the end be constructive. That is the dilemma that I have in looking at the legislative vehicles that seem relevant.
I only raise this as kind of a warning as we have kind of walked through the legislative track in the committees of jurisdiction, many of whom have instincts that are somewhat different than a financial services committee. I think your institution, and the association that you are speaking for, is going to want to be very concerned about that.
In addition, if what might be considered perfect legislation from your perspective were to carry both houses of Congress, it is very unlikely it would survive a Presidential veto, and that is something I raise to you. That is one of the reasons why I think it is very appropriate, as we have talked informally to regulators—as I did modestly in the sense of depth of subject with the regulators this morning—to underscore that there is some current law that does apply, and that in terms of inadvertent error and compliance, I think it could well do a better job of covering than an eventual statute that might survive Congress. I just throw that out as something that I think you should all consider.
One of the things that we are all confronted with is an unprecedented situation. The other thing that we are all confronted with is the almost virtual inevitability that there will be snafus at various points in the Government and in the private sector, some of which will, I am sure, implode into the banking system.
Page 62 PREV PAGE TOP OF DOC
My own sense is that the banking system will have done more than any other sector of society, and will have made a greater good faith effort than any other sector of society, but I am just apprehensive that it will still be pinpointed for litigation.
In that regard, I just want to emphasize this as strongly as I can: As this committee has reviewed the current statutory framework as it applies to inadvertent errors, it would appear very comprehensively to cover the Y2K issue, and the legal liability of the banking sector for anything except gross negligence would appear to be, under any commonsense reading of the law, limited. But it is a difficulty that I am sure, until it is tested, no one can—or will—be able to say for sure.
Anyway, let me thank you all and particularly thank the GAO for its comprehensive efforts in this area and the regulators for being alert, Mr. Gianni. With regard to the private sector, I assume that the ABA would pick their best and brightest in this area to respond, and so we are glad to learn of the leadership of Tennessee. Thank you all.
On the last panel we are pleased to have representatives of two industries who customarily do not appear before this committee. They are going to explain the Y2K challenge for the telecommunications industry and the electric power industry, both of which are vital for delivery of financial services, as well as a number of other services, for the country.
I am pleased to welcome A. Gerard Roth, Vice President for Technology Programs at GTE Technology and Systems, who is appearing today on behalf of the Telco Year 2000 Forum, a consortium of major telecommunications companies; and Mr. Jon Arnold, Chief Technology Officer at the Edison Electric Institute, who is appearing today on behalf of the North American Electric Reliability Council.
Page 63 PREV PAGE TOP OF DOC
NERC was asked by the Chairman of the Year 2000 Conversion Council, John Koskinen, to conduct a Year 2000 survey of the power sector, and Mr. Arnold will be sharing the highlights of that survey which are being publicly released today in Houston.
Chairman LEACH. Mr. Roth, please proceed.
STATEMENT OF A. GERARD ROTH, VICE PRESIDENT, TECHNOLOGY PROGRAMS, GTE TECHNOLOGY AND SYSTEMS, ON BEHALF OF THE TELCO YEAR 2000 FORUM
Mr. ROTH. Mr. Chairman, thank you. First I think it would be useful to begin with a brief description of the Public Switched Telephone Network, the private network, and their relationship to the financial services sector. The Public Switched Network is not a unitary monolithic whole. On the contrary, it is comprised of several independent networks provided by hundreds of local exchange carriers, your local telephone company. These networks are connected to others by long-haul networks supplied by interexchange carriers, your long distance company.
In general, the financial services community obtains access to the public switch network through their own individual private networks. These private networks may be as small as a few voice lines connected through a key-set, or they may be as complex as a large, switched voice and data network, connecting several locations and thousands of people, using high-speed communications circuits. While these networks may have the look and feel of the public network, they are nevertheless the responsibility of the network owner, in this case the financial institution.
Page 64 PREV PAGE TOP OF DOC
The banking and financial services sector is a major user of independent private networks for electronic funds transfers, payment mechanisms, large volume data transfer and storage, intranet services and so forth.
I would quickly refer you to page 3 of the written testimony for a pictorial rendition of the networks, the private and public network together. Local and interexchange carriers that make up the public switched network use systems that can be described generally in three levels that represent the continuum of Year 2000 impacts from disruption to mere inconvenience.
At the top level, the network elements, are the switches and the routers, the signaling transfer protocols which provide for basic call setup connectivity and management. Electronic funds transfers and other payment mechanisms function at this level.
At the next level, operational support systems, including network management, 800 number services, database hooks-ups which enhance operations, management services and reliability of the network. ATM machines and credit card authorizations function at this level.
The lowest level is comprised of the company-specific functional and business applications. These include account management, billing, and directory services. At this level the financial institutions relationship with the telecommunications carrier is maintained.
Our industry has defined all of these systems in all three categories as our highest priority for Year 2000 remediation.
Page 65 PREV PAGE TOP OF DOC
A word about the Telco Forum to understand the relationship of this organization to the community. As I said in my prepared statement, the Forum is a voluntary, self-funded group that has started to address Year 2000 assessment and interoperability issues. Its membership includes Ameritech, Bell Atlantic, BellSouth, Cincinnati Bell, GTE, SBC, Southern New England Telephone and U.S. West.
Each of our companies establishes its own Year 2000 compliance internally, and then collectively the Forum's intranetwork testing is planned to evaluate component level, Y2K-specific interoperability testing across the network in four major service areas: emergency services; basic, enhanced, and intelligent network services; network management; and data networks.
Forum testing of the networks began on the 6th of July and is expected to be complete in December 1998. To date we are on schedule, with greater than 99 percent of our tests so far having been successful. We have completed 20 percent of approximately 2,100 test cases. These test results are very encouraging.
Once intranetwork testing is complete, the Alliance for Telecommunications Industry Solutions, ATIS, through its network test committee, will test internetwork interoperability under load conditions likely to be encountered on the 31st of December, 1999 or January 1, 2000.
ATIS testing is planned for completion in the first quarter of 1999. Overall, the telecommunications industry expects by midyear 1999 a century-compliant public switched network which is fully deployed across the United States. As noted already today, the international interoperability is also a concern to the financial sector. As you know, international interaction is not under the control of any single authority, and so far as we have seen the Year 2000 readiness and interoperability prospects vary dramatically from country to country.
Page 66 PREV PAGE TOP OF DOC
However, several initiatives have begun to address these concerns. The International Telecommunications Union has established a working group to address international Year 2000 readiness and interoperability. This group meets in London on the 28th and 29th of September.
The FCC under Commissioner Powell has established the Network Reliability and Interoperability Council, NRIC, chaired by AT&T, to address national and international Year 2000 interoperability as well as contingency planning issues.
The Canadian Telcos have also established the National Year 2000 Program and are cooperatively working with the U.S. Telco Forum on interoperability contingency planning. And on the 15th of October we are hosting a telecommunications interoperability session in London as part of a Global Year 2000 Summit. Our objective is to establish a timetable for systematic interoperability testing of high-volume intercontinental gateways and to begin to establish standard contingency planning processes and options worldwide.
In conclusion today, I would like to leave you with three main messages concerning the telecommunications sector and its relationship to the financial sector and Y2K:
One: focus your efforts on assuring Year 2000 compliance of your private networks and their compatibility with the public switched network. We will be happy to help you with that process.
Two: the public switched telephone network is generally targeted for a tested Year 2000 compliance by midyear 1999. Since every financial institution cannot test with every telecommunications provider, the financial sector should actively pursue proxy arrangements for testing to address specific concerns they may have about the network.
Page 67 PREV PAGE TOP OF DOC
And three: the local telephone companies continue to be willing to discuss their programs and to share information about plan, status, and results of testing with the financial services sector, as appropriate. Some balance and moderation is necessary because we still have much work before us in the next fifteen months on Year 2000.
Mr. Chairman, I thank you for this opportunity to testify.
Chairman LEACH. Thank you very much.
Mr. Arnold.
STATEMENT OF JON ARNOLD, CHIEF TECHNOLOGY OFFICER, THE EDISON ELECTRIC INSTITUTE, ON BEHALF OF THE NORTH AMERICAN ELECTRIC RELIABILITY COUNCIL
Mr. ARNOLD. Mr. Chairman, I am Jon Arnold, Chief Technology Officer for the Edison Electric Institute. Thank you for inviting me here to testify on electric utilities' preparations for the Year 2000 conversion.
I am appearing today on behalf of the North American Electric Reliability Council—NERC—which is conducting a comprehensive assessment of the Year 2000 preparations in the electric utility industry. NERC is a volunteer, nonprofit organization formed in 1968 to coordinate the reliability and adequacy of bulk electric systems in North America.
Page 68 PREV PAGE TOP OF DOC
Last May the U.S. Department of Energy asked NERC to undertake the coordination of an industry process to ensure a smooth transition to Year 2000. All segments of the U.S. electric utility industry are working with NERC in this process.
As part of its mission, NERC was asked to produce a status report and a Y2K coordination plan for the industry. The coordination plan was released in June and NERC's initial assessment report is being presented to DOE today in Houston. A complete report will be available later today on the NERC web site at www.nerc.com.
Ongoing data and collection will be continuous with updates provided to DOE on a quarterly basis, and DOE will receive a final report by July 1999.
The NERC Electric System Readiness Report surveyed all the electric power providers in the United States. The results of this first report are based on responses from companies that generate about three-fourths of the Nation's electricity. Given the operating characteristics of the U.S. electric system and the extent of the work already done on Y2K, the report indicates the potential for problems appears to be less than first anticipated. The report indicates that by the end of this month, companies will, on average, be 87 percent complete on the inventory, 65 complete on the assessment of the Y2K system, and 28 percent complete on the remediation and testing.
Even though a lot of work has been done, we think that this shows a need to accelerate Y2K actions. NERC is recommending May 31, 1998 as the date for all electric utilities to be Y2K ready.
Page 69 PREV PAGE TOP OF DOC
As comprehensive as this report is, it represents only a snapshot of the utility industry effort and does not fully express the scope of the work currently underway.
The comparison between this initial report and the next report due in December will better reflect the increasingly concentrated efforts being brought to bear on the Year 2000 problem. Cooperation among electric companies and between industry groups such as now in progress will improve the quality and speed of the results.
Testing electric systems for Year 2000 problems must follow the power production schedule rather than any arbitrary time line. As a result, many electric companies have scheduled their Y2K work during regularly scheduled maintenance periods this fall and spring when the demands for electricity is typically lower. The electric utility industry's goal is to ensure that electric supply and delivery during all critical transition periods is provided without interruption.
We must meet several challenges in order to achieve success. NERC and other industry associations are working to convince each of the approximately 3,200 power providers that they are an important link to the overall industry success. The utilities and customers must communicate with each other about their Y2K plans and programs.
Working together, customers must develop confidence in utilities' Y2K preparations and utilities can better understand the Y2K plans and needs of their customers. Sharing technical information on Y2K problems and solutions is improving, but it remains low for an industry that is used to open cooperation on technical and reliability issues.
Page 70 PREV PAGE TOP OF DOC
The primary concern is the threat of litigation. Congress can help in this regard. Legislation or other solutions are needed immediately to allow greater freedom to share information in good faith to solve Y2K issues. We believe that the compromise legislation currently moving through the Senate is the best means to assist the information sharing.
The interdependence of electric systems with telecommunications, gas pipelines, and rail transportation or coal supplies requires close coordination with related infrastructure providers. Steps are being taken to identify and work with counterpart organizations within those industries.
In conclusion, the electric utility industry is well aware of the seriousness of the Year 2000 problem and the risks it poses. We have just completed the first phase of a total assessment process to help guide us toward a successful transition to the Year 2000.
The electric power industry regularly works with unplanned events and problems, and exercises contingency plans on a daily basis to keep the lights on. At this time we do not expect Y2K to be any different.
Mr. Chairman, this concludes my remarks, and I would be happy to answer any questions.
Chairman LEACH. Thank you very much, Mr. Arnold.
Mr. Roth, one of the things coming from my State that I am more familiar with than some, is the number of small telephone companies that exist. My State has more than any in the country. Do you sense any greater difficulty in smaller companies versus larger in this whole area of Y2K compliance?
Page 71 PREV PAGE TOP OF DOC
Mr. ROTH. I certainly cannot speak for all of the small telephone companies, but I do know in some cases we see a requirement for them to have to modify some of their network elements and bring their switches up to current revisions, and they fortunately, as individual companies, do not have many of those. There is probably some capital cost difficulty associated with that.
In terms of information sharing, we are sharing as best we can with USTA anything that we can with the individual small companies to prevent them from unnecessary duplicative testing. I would have to defer to the USTA to discuss the status of all of the individual companies, however.
Chairman LEACH. Mr. Arnold, in your industry, one of the hallmarks of the transition from total regulation to the beginning of more deregulation has been a reduction in staff levels at many utilities in America. I am struck by reductions having occurred at a time that there is a new problem that they have never dealt with before. Is this a problem in the utility industry from your perspective?
Mr. ARNOLD. Reductions in staff levels in general has not been an issue brought to my attention. I think in general, finding technical expertise across all industries is an issue, as alluded to in testimony earlier today. In many cases looking at different systems, there is an issue of finding user experts. But I am not aware of reductions in staff levels being an issue for the member companies that I have been talking with.
Chairman LEACH. The sense that I have is that many utilities are very concerned with trying to get their profit levels as high as they can as they look at integration with other utilities, and that you are seeing great cost containment efforts that have never existed before.
Page 72 PREV PAGE TOP OF DOC
As one moves out of this kind of necessary circumstance, with easy cost recovery, virtually all of the utilities I deal with have indicated that they have personnel problems in terms of adequate numbers of people to deal with this issue. You don't see that as a problem?
Mr. ARNOLD. Companies I have been dealing are dealing with the Y2K issue by using vendors and consultants to outsource Y2K work. Many systems have technical expertise that are continually doing maintenance and running the systems. I can go back and look at that.
Chairman LEACH. I was intrigued by the revelation—and not that it is a revelation—that the Pennsylvania Public Utilities Commission has suggested fines for people that were not Y2K compliant on a given timeframe. Is this a model that is being used elsewhere? Do you think that it is a constructive model? Do you think that it is something that ought to be replicated by the banking regulators?
Mr. ARNOLD. We are not aware of it being a model. There are public utility commissions which are actively involved looking at what utilities are doing and looking at the surveys. As far as it becoming a model, I don't know at this time.
Chairman LEACH. Banks have reported some difficulties in getting disclosures from local power and phone companies. What do you think banks should reasonably expect, and do you have model efforts underway to assure that information is disclosed to the banking sector? The reason that I stress the banking sector is partly because the banking sector is a critical sector and also it transfers an awful lot of data. It is a very major user of telecommunications.
Page 73 PREV PAGE TOP OF DOC
Have you heard this as a problem from your perspective?
First, Mr. Roth.
Mr. ROTH. Well, Mr. Chairman, I have certainly heard it from various banks that have come and asked us for information about this. From my perspective and from the perspective of like-size telephone companies, it is a surprise.
Chairman LEACH. There are very few like-size.
Mr. ROTH. Six or so.
To my knowledge, and I know in our personal experience when someone from a large financial institution, a bank or the Federal Reserve poses a question to us, we don't just answer the questions in writing, but we actually visit with the company. I myself flew to Dallas and spent four hours with the Federal Reserve.
Chairman LEACH. And you came to Congress.
Mr. ROTH. We continue to want to make ourselves available. With some of the smaller companies, it has probably not been as well received, or there are more banks out there asking individual questions.
By way of example, Citicorp, when their headquarters finally created the request to us, we went down and met with them to go through in detail exactly what we are doing and what our expectations for success are, and even to share some of our status reporting. That is my perspective anyway.
Page 74 PREV PAGE TOP OF DOC
Chairman LEACH. Have you heard any concern from your industry, Mr. Arnold?
Mr. ARNOLD. Definitely. Early-on there was a lot of concern banks and financial institutions weren't getting good information from utilities. Utilities were reluctant to share that information. I think with the NERC process that is in place, we have turned that around. The NERC process is a very public process. The survey assessment forms are public. This report will be public. The data is going to be public. Through all of the trade associations that make up the various parts of the electric power industry, we are urging their members to have open communications not only with businesses, banks, financial communities, but also their other customers.
We are continuously doing presentations such as today about the NERC report, the process and where we are, and continually urging our members to communicate with their customers. I know of several utilities who are going up to New York to brief banks on their operations and facilities—it is actually an operations and facilities subcommittee—to talk about what they are doing and what their plans are. So it has been a problem in the past. We are turning that around, because the only way we are going to achieve success is through constant communication about what our plans are and how we are doing it.
Chairman LEACH. Well, thank you very much. I would just tell you I am very concerned about the personnel level issue in utilities today, and I think there are a lot of other things that they have really had as a higher priority than attention to Y2K, although Y2K is now front and center to the ones that I have talked to.
Page 75 PREV PAGE TOP OF DOC
Frankly, the American utilities have enormous engineering expertise, probably as much engineering expertise within them as any industry in America, and so I am——
Mr. ARNOLD. I know from our surveys and things like that, other projects are being delayed because Y2K has a priority. We know that there are CEOs who have this as a top priority. I was talking to a Y2K program manager yesterday, that his CEO called him just to make sure that they had submitted their information to NERC. That is the level of attention that it is getting.
Chairman LEACH. Good. Well, I appreciate that.
Mr. Roth talked about six to eight major utilities. There are approximately 300 electric utilities, but thousands of other smaller ones. They are the same by analogy: the rural electric co-op and the smaller telephone company. However, particularly in the utility industry, on the electric side, these are engineer-run companies in many cases, much more so than the average American business, so I am more optimistic based on the nature of personnel, although I am not sure based upon the size of the staff, that this thing will get done.
Mr. ARNOLD. If you look at the smaller companies, one thing that we are looking very carefully at is that these companies may not be as automated. The electric industry is not an industry that is highly dependent on computerized devices.
Chairman LEACH. It is not?
Page 76 PREV PAGE TOP OF DOC
Mr. ARNOLD. A lot of the system is manual in the distribution end. It can be set for manual operation. We are composed of wires and relays. If you look at the generation and transmission area, they have a lot of sophisticated control centers, there is computerization there. Most of the testing to this point in time indicates that most of these problems are nuisance problems.
As you move down to the smaller folks and distribution companies, the feeling is that we will have more information by December. And these are highly analog and electromechanical systems.
Chairman LEACH. Good. Well, I appreciate that. Thank you very much, and thank you both for testifying today. The hearing is adjourned.
[Whereupon, at 1 p.m., the hearing was adjourned.]