Here is an article from Gary north that appeared in IT manager's Journal , a computer industry internet magazine.
Gary's translations are in brackets.
* * * * * * * * * * * *
Today, we would like to provide an overview of the state of bank readiness regarding Y2K. The industry continues to make headway and although some financial institutions have experienced delays in meeting Federal Financial Institutions Examination Council (FFIEC) milestone dates, overall the progress is satisfactory. We believe the efforts and resources of the industry, coupled with the aggressive supervisory program carried out by the federal and state regulators, have contributed to the level of success.
[The industry is not yet compliant.]
It is unrealistic, however, to expect that there will not be any problems as a result of the century date change. There are too many unknowns for anyone to reach such a conclusion. For example, factors outside the banking industry, both domestic and international, could pose problems to individual financial institutions. However, media reports predicting a worst-case scenario are not borne out by the results of our on-site examinations, which indicate that the overwhelming majority of institutions remain on-track for being prepared for the century date change. . . .
[The industry is not compliant.]
RESULTS OF PHASE II ON-SITE ASSESSMENTS
Since our last appearance before this Committee, the FDIC, along with the other federal and state banking and thrift regulators, has completed the second phase of our Y2K assessment program. In this phase of the program, FDIC examiners focused on the results of systems testing of financial institutions, service providers, and software vendors. The overwhelming majority of banks remain on-track to be Y2K ready. . . .
[The industry is not compliant.]
Year 2000 Assessment Program
The FDIC is the primary federal supervisor of 5,867 institutions (FDIC-supervised institutions). Our overall Year 2000 supervisory plan is to conduct a risk-focused analysis of Year 2000 assessment data for each supervised institution in order to gauge the effectiveness of its readiness efforts and formulate ongoing supervisory strategy. To this end, the FDIC, along with the other members of the FFIEC, developed and enhanced examination procedures to address each of the phases of the Year 2000 project and provided training to ensure examination staff competency.
[We are trying to find out if the industry will be able to get compliant by 1/1/99.]
The FFIEC also developed several guidance papers to aid the industry in achieving Year 2000 readiness. These papers incorporated milestones by which an institution should complete certain tasks such as testing, contingency planning, and customer readiness assessments. . . .
[Because it is not yet compliant, testing has not yet begun, but if it ever does reach the testing stage, we have guidelines.]
The federal and thrift banking agencies use a three-tier rating system (Satisfactory, Needs Improvement, or Unsatisfactory) to measure the readiness of financial institutions, service providers and software vendors. The Satisfactory rating is assigned to those institutions exhibiting acceptable performance and where project weaknesses, if any, are minor and can be readily corrected within the existing project management framework.
[With nine months to go, we have still not defined "acceptable" as "compliant and in the final testing stage."]
A Satisfactory institution's remediation progress to date meets or nearly meets expectations laid out in its Year 2000 project plan. In addition, senior management and the board of directors of the institution recognize and understand Year 2000 risk, are active in overseeing institutional corrective efforts, and have ensured that the necessary resources are available to address this risk area.
[We assume that senior management knows what it is doing, despite the fact that the banks are not yet compliant, and the managers didn't find out about Y2K until 1995 or 1996.]
A Needs Improvement rating is assigned to an institution that is not expected to meet all FFIEC testing time frames on or shortly after the target dates; its written testing program does not adequately address all testing issues; its assessment of material customers' Year 2000 preparedness is incomplete; or its customer awareness strategy is incomplete or unresponsive to customer concerns. In addition, the institution's remediation progress to date may be behind schedule and senior management or the board of directors may not be fully aware of the status of Year 2000 corrective efforts, may not have committed sufficient financial or human resources to address this risk, or may not fully understand Year 2000 date change implications. . . .
[Since cease and desist orders -- see below -- are our main sanction, and too many of these could cause a banking panic, we have issued only 10 -- see below --and we aren't saying to which banks. But we do have standards, make no mistake about it.]
To ensure that our ratings, and the examination data on which our ratings are based, are accurate and consistent with FFIEC standards, FDIC staff has received extensive training in the application of the FFIEC guidance to the examination process. In addition, staff has been given a number of examination tools, work programs and clarifying memoranda to assist in the consistent application of policy. Also, all Year 2000 assessment findings are reviewed at an FDIC regional office by Case Managers who are highly trained in examination and review procedures. The assessments are then subject to final review by a senior regional official. . . .
[We've got committees reviewing committees.]
Financial Institution Results
Our results show that approximately 97 percent of FDIC-supervised institutions were rated Satisfactory. Less than 3 percent were rated Needs Improvement, and less than one-half of one percent were rated Unsatisfactory. . . .
[Grade inflation is rampant here, as everywhere else.]
Year 2000 Ratings for FDIC-Supervised Institutions as of March 31, 1999
Service Provider and Software Vendor Results
The FDIC and the other banking agencies also completed Phase II assessments of 256 service providers and software vendors that provide data processing services or software to the industry. Virtually all banks and savings associations rely on service providers and software vendors for at least a portion of their data processing services. Therefore, these companies play a critical role in helping financial institutions become Year 2000 ready.
[If these guys blow it, the banking system will go down.]
Of the 142 service providers and software vendors examined by the FDIC, our data show that over 96 percent were rated Satisfactory and under 4 percent were rated Needs Improvement. None were assessed as Unsatisfactory. . . .
[The same degree of grade inflation operates here. We believe in self-esteem as a motivational tool.]
Throughout the various phases of our supervisory program, the FDIC took a number of actions against institutions that failed to address Year 2000 issues appropriately. During Phase II, guidance issued by the FDIC suggested that a board resolution or a Memorandum of Understanding be sought from institutions rated Needs Improvement. For institutions rated Unsatisfactory, the guidance suggested that a plan or a Safety-and-Soundness Order under Section 39 or a Cease-and-Desist Order under Section (8)(b) of the Federal Deposit Insurance Act (FDI Act) generally should be sought.
As of March 31, 1999, the FDIC had 379 financial institutions adopt board resolutions and another seven are in process. The FDIC had entered into 141 Memoranda of Understanding and another 24 Memoranda are in process. The FDIC also requested 22 corrective plans under Section 39 of the FDI Act and issued 10 formal Cease-and-Desist Orders. In total, as of March 31, 1999, the FDIC completed a total of 552 corrective actions and had 41 pending.
[We nailed 10 banks. You've never heard of any of them. The day we issue one to a money center bank, the world's banking system could unravel. Don't hold your breath.]
These actions have been effective in getting management to address deficiencies and take necessary action toward Year 2000 readiness. For example, of the 552 institutions for which corrective actions were completed, 488 institutions now are rated Satisfactory. . . .
[Just about everyone is doing just fine. Fine.]
As of March 31, 1999, the FDIC also took actions against 13 service providers and another two actions are in process. The actions included board resolutions, Memoranda of Understanding, and formal enforcement actions. These actions also appear to have been effective in getting management to take necessary steps. Of the thirteen service providers against which supervisory action has been taken, eight are now rated Satisfactory and one has been sold. . . .
[But none of them is compliant.]
By June 30, 1999, financial institutions' testing of mission-critical systems should be complete and implementation of mission-critical systems should be substantially complete.
[Testing should be substantially complete. This assumes that all banks are compliant before June 30. Well, their mission-critical systems should be. So, since hardly any bank is compliant today, this leaves 10 weeks to get all of them compliant and then through with all the tests. Check with me on July 15. I'll let you know what happened.]
By June 30, 1999, financial institutions should have substantially completed the development of their business resumption contingency plans and designed a method of validation so the plans can be tested for effectiveness and viability.
Financial institutions should have identified their material customers and should have evaluated their Year 2000 readiness in order to assess their risk to the institution.
Financial institutions should be communicating with their customers about their Year 2000 preparedness. . . .
[This should really be something.]
PUBLIC AWARENESS
The FDIC has a unique responsibility to the public to maintain confidence in the financial system. Over the past 66 years, we have worked to make bank failures a non-event for insured depositors. As a result, three generations of Americans have been secure in the knowledge that their insured deposits are safe.
[They are therefore sleepwalking today; let's not awaken them.]
The FDIC recognizes that the unique challenges of the Year 2000 date change present us with an additional obligation to provide information to the public, but the primary obligation rests with individual banks and the banking industry.
[Let the public sue the bankers for lying, not the FDIC.]
Year 2000 readiness is, and ultimately must be, the responsibility of each financial institution's directors and officers.
[The buck stops there.]
These individuals are in the best position to know their institution's operations, strategies, resources and exposure, as well as the concerns of their customers. Therefore, the federal banking and thrift regulators have repeatedly advised banks and savings associations that providing meaningful information to customers should be an important part of their Y2K project plans.
[Stop giggling, please. I'm trying to be serious here.]
Information should be available regarding the progress a bank is making and when the bank expects to complete its preparations. Unfortunately, it appears that many institutions have not communicated sufficiently with their customers about the Year 2000 date change.
[I am shocked! Shocked!]
We are concerned about this situation and will continue to stress the need for consumer awareness and communication efforts on the part of the industry during Phase III of the Y2K program.
[We have decided not to penalize the banks that refused to obey our suggestions.]
Fostering Consumer Awareness
For its part, the FDIC will continue efforts over the next few months to inform and to educate the public. The FDIC has formed a partnership with the Conference of State Bank Supervisors to educate the public about Y2K and financial institutions. In addition, the FDIC is a member of the President's Council on Year 2000 Conversion. The FDIC is disseminating Year 2000 information through local civic organizations. . . .
[This is not flak. This is education. Trust me.]
To help bank customers understand Y2K and how it might affect them, we are providing various educational materials to the public. For example, the Fall 1998 issue of FDIC Consumer News was devoted entirely to Y2K. It provides a comprehensive guide to the issues of Y2K and banking.
[Except for anything on fractional reserves.]
Copies of this issue are being distributed to the public through the Consumer Information Center, in Pueblo, Colorado. Its availability was announced in the February 7, 1999, edition of Parade magazine. In the first three days following the announcement, the Consumer Information Center received 14,000 phone calls requesting the FDIC Consumer News and their Web site received 50,000 hits. In addition, we will be providing cautions against various Y2K scams in the next issue of FDIC Consumer News.
[Y2K scams are a big threat. People are calling innocent victims and telling them that if they will just move their money to a special account, their funds will be safe. Can you imagine such a claim?]
The agencies also have published a pamphlet, The Year 2000 Date Change, available in English and Spanish. Trade associations have distributed more than 12 million copies of The Year 2000 Date Change pamphlet to financial institutions for further distribution to their customers. These materials also are available to the public at no charge and can be obtained through our Web site (www.fdic.gov).
The FDIC, in conjunction with the other banking and thrift regulators, is finalizing A Y2K Checklist for Customers, an expanded version of which has appeared in the FDIC Consumer News. Although the public has absolutely no reason to question the deposit insurance guarantee, the checklist provides steps that each person can take to help reduce or eliminate any problems that might occur as a result of the century date change.
[Absolutely no reason. Pretty strong words, right? Absolutely. And we have the proof: $1.40 on deposit electronically with the noncompliant U.S. Treasury for every $100 in bank deposits.]
It includes helpful suggestions for consumers, such as:
Educate Yourself About Y2K—Read all you can about the Year 2000 issue and what your financial institution is doing to protect customers.
Keep Copies of Financial Records—As always, keep good records of all your financial transactions, especially for the last few months of 1999, until you get several statements in 2000.
Pay Attention to Your Finances—As always, balance your checkbook regularly and check your transactions for accuracy.
Make Prudent Preparations—Remember all your payment options (checks, credit cards, debit cards, ATMs, and tellers) in the event one form of payment doesn't work as planned.
Be On Guard Against Y2K Scams—Be skeptical if someone asks for your account information or tries to sell you a product, service, or investment that is supposedly Y2K safe. Protect your personal information, including your bank account, credit-card, and social security numbers.
Review Your FDIC Deposit Insurance Coverage—The federal government's protection of insured deposits will not be affected by Y2K.
[Be aware that there is only about $1.17 in currency for every $100 in deposits. Ha, ha. Just kidding. We did not actually mention this.]
Aside from providing information to the public, the FDIC is implementing measures to make it easier for the public to obtain answers to questions about the Year 2000 and banking. The FDIC has begun operation of a toll-free telephone line (1-877-FDIC-Y2K) to respond to public inquiries about the Year 2000 date change and its effect on financial institution customers.
FDIC CONTINGENCY PLANNING
FOR FAILED FINANCIAL INSTITUTIONS
Throughout its history, the FDIC has continually created and refined contingency plans to address different types of bank failures involving diverse types of financial institutions. Our current contingency plans are intended to ensure that should any institution be closed because of Year 2000 problems, there will be minimal disruption to insured depositors. We are developing plans to provide depositors access to their insured funds in a timely manner. In addition, the FDIC is represented on the various subgroups established by the FFIEC that are formulating contingency plans to address issues raised by Y2K.
[We haven't finished these plans, after four years, but we're working on them. We're having a little trouble with inter-bank cross default problems and worldwide bank runs. But we know we'll get a handle on these soon.]
Contingency planning is particularly important because a Year 2000 failure, should one or more occur, will not be similar to past bank failures. The FDIC always has relied upon the fact there is reasonably good information available when a bank fails. This may not be true if computer systems break down and data are corrupt. Although the unavailability of information could make the job more complicated, appropriate contingency planning should enable the FDIC to address this new type of failure and protect depositors just as we have in the past.
[I emphasize the word "should."]
The FDIC’s contingency plans address issues related to: (1) reconstructing corrupted data; (2) transferring deposit accounts and assets from a failed bank to a healthy institution; (3) providing insured depositors their money even if there is no acquirer; (4) providing customer service; and (5) having available resources to carry out those responsibilities if there are multiple failures in various locations.
[As soon as we have answers, we'll let you know.]
Although some institutions that could fail may be readily identified with reasonable lead-time, it is possible that an institution could fail with little or no warning starting in January 2000. If a failure occurs, the FDIC will need to arrange a resolution transaction for the failed bank quickly, perhaps within a few days of the problem being uncovered. To accomplish this, the FDIC needs to identify potential acquirers and inform them of the types of resolution transactions available to them in advance of any Y2K failures.
[Bank A -- compliant -- will buy up the computerized files of Bank B -- noncompliant -- thereby corrupting its own computers. It makes sense to us. Keep reading.]
In a typical closure of an insured financial institution, financial information systems are not subject to corruption. In the event of a Year 2000 technological disruption, however, financial data may not be accessible or accurate. The FDIC may have to recreate electronic data files and validate information systems before the resolution process can proceed. With input from institutions, service bureaus, trade groups, and regulatory agencies, we have been exploring options for possibly requiring some financial institutions to backup and retain data. These options include requirements for some high-risk institutions to maintain a limited standardized asset and liability backup program for a short period of time. In the event of a failure of an insured financial institution, such a backup program would facilitate the transfer of information on insured deposits to a new acquirer or to the FDIC’s payoff system for insured deposits. This backup program would reduce the time for deposit insurance determinations and provide depositors with quicker access to their funds.
[As soon as we decide what options might work, we'll let you know.]
In addition, we have formulated planning scenarios to ensure appropriate resources are available in the event of a technological failure. The resolution and closing experience of current FDIC employees has been assessed and training materials are being updated to include a possible Year 2000 failure scenario.
[As soon as we have these training materials finished, we'll let you know.]
In summary, our planning is directed toward having a well-developed contingency plan designed to protect insured depositors in the event Year 2000 failures occur. We are working diligently on minimizing potential disruptions. We intend to ensure that insured depositors will have timely access to their money, should failures occur.
STATUS OF FDIC INTERNAL EFFORTS
The FDIC is on schedule to complete preparation of all of its internal systems in time for the Year 2000 date change.
[The FDIC is not compliant.]
We have adhered to the time frames established in guidance from the Office of Management and Budget (OMB) and the General Accounting Office (GAO) for the five stages of Year 2000 project management: awareness, assessment, renovation, validation and implementation.
[If we don't get compliant, we've covered our backsides by following the book.]
Since our last testimony in September 1998, we have completed the validation and implementation phases, in accordance with the OMB schedule for mission-critical systems.
[The FDIC is not compliant.]
The FDIC currently has a total of 36 mission-critical systems. Of these, 35 systems were validation tested by the end of January 1999. The final system was replaced with a new system, tested, and implemented by February 28, 1999. The remaining mission-critical systems, cited in our previous testimony, have been retired or replaced. In one case, two systems were replaced by one.
Three hundred forty-eight of our non-mission-critical information technology systems are scheduled to continue beyond January 1, 2000. These systems were all validation tested by Jan. 31, 1999. In addition, 33 new non-mission-critical systems were validation tested before implementation by March 31, 1999. Four additional minor, and non-mission-critical, internal work-tracking systems will be implemented this month. Independent verification and validation of a subset of our applications are ongoing, sponsored by both the Internal Year 2000 Project Team and the OIG. These efforts will confirm that our renovation and test procedures were effective, and that the test results reflect Year 2000 compliance.
[The FDIC is not compliant.]
Maintaining an application’s Year 2000 compliance while normal production activities occur is a vital task in the FDIC’s Year 2000 plan. The FDIC currently is improving its configuration management process to ensure management of renovated code through 1999. In February 1999, we instituted a new process specifically to evaluate Year 2000 issues before system enhancement or modification. Changes will require risk assessment, re-testing as needed, and approval by the Year 2000 project manager for internal systems. This system will augment increased emphasis on existing configuration management software on both the mainframe and client/server platforms. Together, these processes will ensure that renovated code will remain compliant.
[The FDIC is not compliant.]
We continue working with our data exchange partners—financial institutions, the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the National Credit Union Administration, state banking authorities, and other business partners. We have resolved Y2K issues in nearly all exchanges of pertinent data and are completing testing with exchange partners.
[The FDIC is not compliant.]
The FDIC has over 1,800 purchased products supporting its operations, including commercial off-the-shelf software, mainframe operating systems and associated software, and vendor-provided hardware components, including personal computers and telephones. We have purchased replacements for all identified non-compliant personal computers, and expect to complete nationwide installation by June 30, 1999. We contacted vendors to request Year 2000 readiness information on software packages, and will conduct tests on those most important to our business functions. We have identified upgrades that are necessary for our telephone equipment to be Year 2000 ready, and are implementing the upgrades. We also have replaced other equipment, such as facsimile machines, that were not Year 2000 ready. We are working with a contractor who specializes in remediation of embedded systems to complete our efforts with respect to building systems controls by the end of July 1999.
[The FDIC is not compliant.]
We believe that our efforts will enable us to continue business as usual after January 1, 2000. As recommended by the GAO and the OIG, the FDIC has nonetheless prepared a business continuity plan outlining how the agency would resume normal business operations for each of the FDIC's core business processes in the event that unforeseen Year 2000 problems cause disruptions.
[The FDIC is not compliant.]
In summary, the FDIC has a rigorous, centralized Year 2000 project for its internal systems. We believe our comprehensive approach will result in a smooth transition of our automated systems. . . .
[The FDIC is not compliant.]
Link: http://www.fdic.gov/publish/speeches/99s...
You must read the testimony of bureaucrats very carefully. Here is the testimony of Donna Tanoue to the House Banking Committee (April 13). The FDIC insures accounts in American banks.
|
Get These Daily Updates by E-mail
Enter e-mail address:
|
Home Page: Future, Doomsday, Year2000
