Testimony of Governor Edward W. Kelley, Jr.|
Y2K and Federal Reserve readiness
Before the Subcommittee on Financial Services and Technology of the Committee on Banking, Housing, and Urban Affairs, U.S. Senate
July 30, 1997
I am pleased to appear before the Subcommittee today to
discuss the Federal Reserve’s efforts to address the Year 2000
computer systems problem. I will discuss what action is being
taken by the Federal Reserve System to address internal systems,
our supervisory efforts, coordination with the industry, and
Year 2000 Readiness
The Federal Reserve System has developed and is executing a comprehensive plan to ensure its own Year 2000 readiness and the bank supervision function is well along in a cooperative, interagency effort, to promote early remediation and testing by the industry. The supervision function is completing an assessment of the industry’s readiness, will examine every bank subject to our jurisdiction by mid-1998, and will review their progress as part of all examinations conducted throughout the remaining months before the millennium.
We are taking a comprehensive approach to preparedness which includes assessments of readiness, remediation, testing, and updating proven plans and techniques used during other times of operational stress in order to be prepared to address potential century data change difficulties. All Federal Reserve computer program changes, as well as system and user-acceptance testing, are scheduled to be completed by year-end 1998. Further, critical financial services systems that interface with customers will be Year 2000 ready by mid-1998, permitting approximately 18 months for customer testing.
Many top personnel in the Federal Reserve System are working hard to manage this initiative. Our staff is putting in many extra hours to prepare for testing with customers, planning for business continuity in the event of any unanticipated internal systems problem, and enhancing our ability to respond to possible operating failures of depository institutions. While there are challenges before us, I can report that we expect to be fully prepared for the century date change.
Federal Reserve Readiness
According to industry experts, one-quarter of an organization’s Year 2000 compliance efforts are devoted to project management. Managing preparations for the century date change is particularly resource-intensive given the number of automated systems to be addressed, systems interrelationships and interdependencies, interfaces with external data sources and customers, and testing requirements. In addition, Year 2000 preparations must address computerized environmental systems such as power, heating and cooling, voice communications, elevators, and vaults. In the case of the Federal Reserve, management of this project is particularly challenging in that it requires coordination among Reserve Banks, the Board of Governors, government agencies, numerous vendors and service providers, and approximately 13,000 customers.
In late 1995, a Federal Reserve System-wide project was initiated, referred to as the Century Date Change (CDC) project, to coordinate the efforts of the Reserve Banks, Federal Reserve Automation Services (FRAS) -- the Reserve Banks’ centralized mainframe data processing and data communications services organization - and the Board of Governors. Our project team is taking a three-part approach to achieve its objectives, focusing on planning, readiness, and communication. Our planning began with a careful inventory of all applications and establishment of schedules and support mechanisms to ensure that readiness objectives are met. The readiness process involves performing risk assessments, modifying automated systems, and testing internally and with depository institutions, service providers, and government agencies. Finally, we are stressing effective, consistent, and timely communication, both internal and external, to promote awareness and commitment at all levels of our own organization and the financial services industry, more generally. Some of our most senior executives are leading the project and the Board is now receiving formal status reports at least every 60 days. Any significant compliance issues will be reported to the Board immediately.
A significant challenge in meeting our Year 2000 readiness objectives is our reliance on commercial hardware and software products and services. Much of our information processing and communications infrastructure is comprised of hardware and software products from third-party vendors. Additionally, the Federal Reserve utilizes commercial application software products and services for certain administrative functions and other operations. As a result, we must coordinate with numerous vendors and manufacturers to ensure that all of our hardware, software, and services are Year 2000 ready. In many cases, compliance will require upgrading, or even replacing, equipment and software. We have completed an initial inventory of vendor components used in our mainframe and distributed computing environments, and vendor coordination and system change are progressing well.
As we continue to assess our systems for Year 2000 readiness, we are preparing a central environment for testing our payment system applications. We are establishing isolated mainframe data processing environments to be used for internal testing of all system components as well as for testing with depository institutions and other government agencies. These environments will enable testing for high-risk dates such as year-end 1999, beginning of year 2000, and February 29, 2000 (leap year). Testing will be conducted through a combination of future-dating our computer systems to verify the readiness of our infrastructure, and testing critical future dates within interfaces to other institutions. Our test environments will be available to our customers for testing on a twenty-four hour basis, six days a week. Network communications components will also be tested and certified in a special test lab environment at FRAS.
The testing effort for Year 2000 readiness within the Federal Reserve will be extensive and complex. Industry experts estimate that testing for readiness will consume about half of total Year 2000 project resources. To leverage existing resources and processes, we are modeling our Year 2000 testing, both internally and with depository institutions, on proven testing methods and processes. Our customers are already familiar with these processes and testing environment. We will finalize and distribute our testing strategy to depository institutions by the end of September this year and begin coordinating test schedules January 1998. As I noted earlier, the Reserve Banks are targeting June 1998 to commence testing with their customers, which allows an 18-month time period for depository institutions to test their systems with the Federal Reserve.
The next challenge I would like to discuss regards retaining staff critical to the success of the project. As I mentioned earlier, we have placed a high priority on our CDC project, and as such have allocated many of the best managers and technical staff in the Federal Reserve System to work on the project. The information technology industry is already experiencing market pressures due to the increased demand for technical talent. As the millennium draws closer, the global market requirements for qualified personnel will intensify even further. We are responding as necessary to these market-induced pressures by offering incentives to retain staff members in critical, high-demand positions.
Our focus at the Board goes beyond the immediate need to prepare our systems and ensure reliable operation of the payments infrastructure. We are also working hard to address the supervisory issues raised by Year 2000 and are developing contingency plans which I will discuss later.
Early this year, the Federal Reserve and the other regulatory agencies developed a uniform Year 2000 assessment questionnaire to collect and aggregate information on a national basis. We have received over 1000 responses from financial organizations and service providers supervised by the Federal Reserve. Based on these responses and other information, we believe the banking industry’s awareness level has improved substantially during 1997 and is reflected in the intensified project management, planning, budgeting, and renovation efforts that have been initiated.
Generally speaking, the nation’s largest banking organizations have done much to address the issues and have devoted significant financial and human resources to preparing for the century date change. Many larger banks are already renovating their operating systems and have commenced testing of their critical applications. Large organizations appear capable of renovating their critical operating systems by year-end 1998, and will have their testing well underway by then. Some of these organizations have recently come to realize that their initial resource and cost estimates to address this project need to be raised, given the magnitude of the tasks to be performed and the growing scarcity of available programming staff with the skills necessary to renovate older systems.
Smaller banks, including the U.S. offices of foreign banks and those dependent on a third party to provide their computer services, are generally aware of the issues and are working on the problem; however, their progress is less visible and will be carefully monitored as part of our supervision program. Many of these organizations appear to have underestimated the efforts necessary to ensure that their systems will be compliant. Accordingly, we will direct significant attention to ensure that these banks intensify their efforts to prepare for the Year 2000. We intend to update our assessment periodically in order to maintain a current awareness of the industry’s readiness.
Our focus on the industry’s readiness began last year, when the Federal Reserve commenced examining banks' plans and initiatives for the century date change. Through mid-year 1998 we will continue this program and conduct a thorough Year 2000 preparedness examination of every bank, U.S. branch and agency of a foreign bank, data processing center, and service provider that we supervise. Our examination program includes an extensive review of each institution's Year 2000 project management plans in order to evaluate their sufficiency, to ensure the direct involvement of senior management and the board of directors, and to monitor their progress against the plan. Our examiners are actively engaged in ensuring that the board of directors and senior management are addressing the issues and assembling the necessary resources. Based on the examination results and the findings collected during the current assessment program, we are identifying those institutions that require intensified supervisory attention and establish our priorities for subsequent examinations.
To heighten the industry’s awareness level, the Federal Financial Institutions Examination Council (FFIEC), issued a policy statement on May 5th entitled "Year 2000 Project Management Awareness," which updates the supervisory guidance first issued in 1996. The statement emphasizes the regulators’ concerns that inability to provide a compliant hardware and software environment to support the upcoming century date change would expose a bank to inordinate operational, financial, and legal risks. A set of uniform examination procedures accompanying the statement provides guidance for examiners as well as bank management, stressing the need for sponsorship at the highest levels of the organization to effectively manage the remediation process and address any deficiencies that may surface.
Bank management must not only be aware of the many Year 2000 problems, but must also be sensitive to the magnitude of the efforts needed to achieve compliance and the consequent budgetary implications. Industry experts maintain that costs to perform Year 2000 renovation tasks will increase as the demand for skilled information technology professionals grows. Accordingly, the interagency policy statement emphasizes the need for bank management to be aggressive in securing sufficient human and computer resources. The statement also encourages banks to be largely completed with their renovation and well into testing of their major applications by year-end 1998 so that any substantive problems can be addressed in 1999.
The statement also calls upon banks to consider the Year 2000 risks posed by their borrowers and customers, as banks could be adversely affected by borrowers who are not prepared for Year 2000 processing. Corporate customers who have not considered Year 2000 issues may experience a disruption in business, resulting in financial difficulties that could negatively influence their creditworthiness. Examiners now verify that a bank incorporates a borrower’s Year 2000 preparedness into its underwriting standards, and that loan officers assess the extent of Year 2000 computer problems that may influence a borrower’s ability to repay its loans on a timely basis.
On behalf of the FFIEC, the Federal Reserve has developed a Year 2000 information distribution system, including an Internet web site and a toll free Fax Back service (888-882- 0982). The web site provides easy access to policy statements, guidance to examiners, and paths to other Year 2000 web sites available from numerous other sources. The site has been used heavily since its introduction in early May of this year. The FFIEC Year 2000 web site can be accessed at the following Internet address: http://www.ffiec.gov/y2k.
The Federal Reserve has also produced a ten-minute video entitled "Year 2000 Executive Awareness" intended for viewing by a bank’s board of directors and senior management. The video presents a summary of the Year 2000 five-phase project management plan outlined in the interagency policy statement. In my introductory remarks on the video, I note that senior bank officials should be directly involved in managing the Year 2000 project to ensure that it is given the appropriate level of attention and sufficient resources to address the issue on a timely basis. The video has already been distributed to banks and their service providers, and can be ordered through the Board’s Web site.
We are also taking steps to provide this information to foreign bank supervisors. With regard to the international aspects of the Year 2000 issue, U.S. offices of foreign banks pose a unique set of challenges. Based on our assessments, we are concerned that some offices may not have an adequate appreciation of the magnitude and ramifications of the problem, and may not have committed the resources necessary to address the issues effectively. This is a particular concern for foreign bank offices that are dependent on their foreign parent bank for information processing systems.
Therefore, we are working through the Bank for International Settlements’ (BIS) committee of bank supervisors composed of many of the international agencies responsible for the foreign banks that operate in the U.S. Through several presentations and the distribution of the interagency statement and the Year 2000 video to the BIS Supervisors Committee, we have sought to elevate foreign bank supervisors’ awareness of the risks posed by the century date change and to solicit their assistance in monitoring the state of overall preparedness of foreign bank parents to ensure that they consider the needs of their U.S. offices.
We are also participating in the BIS Group of Computer Experts’ meeting of G-10 and non-G-10 central banks in September which provides a forum to share views on and approaches to dealing with Year 2000 issues and have been active in various private sector forums. The participants will discuss their involvement with raising bank industry awareness, remediation of payment systems, and the readiness of the central banks' internal systems. Information garnered from this meeting will assist the BIS Committee on Payment and Settlement Systems, as well as the Federal Reserve, in understanding the current state of preparedness of payment systems on a global level.
In this regard, we regularly conduct exhaustive business resumption tests of our major payment systems that include depository institutions. Moreover, as a result of our experience in responding to problems arising from such diverse events as earthquakes, fires, storms, and power outages, as well as liquidity problems in institutions, we expect to be well positioned to deal with problems in the financial sector that might arise as a result of CDC. We are, of course, developing specific CDC contingency plans to address various operational scenarios. Our existing business resumption plans will be updated to address date-related difficulties that may face the financial industry.
We already have arrangements in place to assist financial institutions in the event they are unable to access their own systems. For example, we are able to provide financial institutions with access to Federal Reserve computer terminals on a limited bases for the processing of critical funds transfers. This contingency arrangement has proven highly effective when used from time to time by depository institutions experiencing major hardware/software outages or that have had their operations disrupted due to natural disasters such as the Los Angeles earthquake, hurricane Hugo in the Carolinas, and hurricane Andrew in south Florida. In these cases we worked closely with financial institutions to ensure that adequate supplies of cash were available to the community and also arranged for our operations to function virtually without interruptions for 24 hours a day during the crisis period. We feel the experience gained from such crises will prove very helpful in the event of similar problems triggered by century date change. We are also beginning to formulate responses for augmenting certain functions, such as computer help desk services and off-line funds transfers, to respond to short-term needs for these services.
Although operational contingency is something that the Federal Reserve is confronted with on a daily basis, preparation for contingencies in the century date change environment does offer some new and significant challenges. For example, in the software application arena, the normal contingency of falling back to a prior release of the software is not a viable option. This underscores the importance of the rigorous assessment and testing to which all applications must be subjected.
Beyond reliance on a sound plan and effective execution of the plan, the Federal Reserve is not totally dependent upon any single system for executing payment orders. While we have very sophisticated automated systems in place, such as Fedwire and our Automated Clearing House systems, we also operate paper- based payment systems that offer a set of alternatives in the event of a disruption in a segment of the electronic payment system.
Clearly, the Federal Reserve and other bank supervisors expect depository institutions to work diligently and effectively to ensure that automation issues associated with the Year 2000 are resolved fully and in a timely fashion. However, we anticipate that at least a few financial institutions will experience difficulty in completing their Year 2000 preparations in a timely manner, and we are developing plans to address such cases. The Federal Reserve will identify and monitor these organizations closely and work to ensure that senior management and boards of directors are aware of their Year 2000 issues, cost implications, and possible consequences. A bank’s need for adequate preparation for the Year 2000 is regarded as a safety and soundness issue. Where progress is deemed to be substantively less than satisfactory, resulting in excessive risk and a possibly unsafe or unsound condition, we will address the issue in a manner consistent with our long-standing supervisory approach to dealing with other safety and soundness issues. The full range of our supervisory tools and remedies are available, including intensified monitoring, progressively more detailed reporting requirements, presentations to the board of directors, insistence on bank commitments to initiate corrective action, and, ultimately, possible use of enforcement actions as appropriate.
We recognize, nonetheless, that despite their best efforts, some depository institutions may experience operating difficulties, either as a result of their own computer problems or those of their customers, counterparties, or others. These problems could be manifested in a number of ways and would not necessarily involve funding shortfalls. Nevertheless, the Federal Reserve is always prepared to provide information to depository institutions on the balances in their accounts with us throughout the day, so that they can identify shortfalls and seek funding in the market. The Federal Reserve will be prepared to lend in appropriate circumstances and with adequate collateral to depository institutions when market sources of funding are not reasonably available. The terms and conditions of such lending may depend upon the circumstances giving rise to the liquidity shortfall.
Discussions are also underway with the other federal banking agencies to ensure that we are jointly prepared to address the challenge resulting from serious operating problems. If such operating problems were not correctable within a reasonable time frame, it could necessitate a federal resolution comparable to that used for a bank that has become capital insolvent.
Our preparations for possible liquidity difficulties also extend to the foreign bank branches and agencies in the U.S. that may be adversely affected directly by their own computer systems or through difficulties caused by the linkage and dependence on their parent bank. Such circumstances would necessitate coordination with the home country supervisor. Moreover, consistent with current policy, foreign central banks will be expected to provide liquidity support to any foreign banking organizations that experience a funding shortfall.
As a bank supervisor, the Federal Reserve will continue to address the industry’s preparedness, monitor progress, and target for special supervisory attention those organizations that are most in need of assistance. Lastly, we will continue to participate in international forums with the expectation that these efforts will help foster an international awareness of Year 2000 issues and provide for the sharing of experiences, ideas, and best practices.