Year 2000 Computing Crisis

The federal depository institution regulators have made good progress in assisting banks, thrifts, and credit unions in their Year 2000 efforts as well as identifying those institutions at high risk of not remediating their systems on time. They have also recognized the risk and potential impact of Year 2000-induced system failures on their own core business processes and have made rigorous efforts to mitigate these risks. Nevertheless, serious challenges lie ahead that could threaten the banking industry's ability to meet the Year 2000 deadline. First, with less than 16 months remaining before the Year 2000 deadline, regulators face the daunting task of overseeing the efforts of more than 22,000 financial institutions, service providers, and software vendors. Second, in the coming months, many of these entities will be undertaking the most complex and difficult stage of correction--testing. Regulators will have to ensure that they have enough technical resources to review institution efforts during this critical phase. Third, beginning in early 1999, regulators will be pressed to take quick action against institutions that cannot successfully complete their Year 2000 efforts. But before they can do so, they must determine what will constitute financial institution Year 2000 failures, what regulatory options can be effectively used, and when they would be implemented. Fourth, regulators will need to work with their foreign counterparts to identify and define global Year 2000 risks and mitigate them. Fifth, financial institution credit, deposit, and payment flows depend on public infrastructure, such as telecommunications and electric power networks. Regulators will need to develop contingency plans that anticipate Year 2000-related disruptions in the public infrastructure.

GAO noted that: (1) the regulators have made good progress in assisting banks, thrifts, and credit unions in their year 2000 efforts as well as identifying which institutions are at a high risk of not remediating their systems on time; (2) they have also recognized the risk and potential impact of year 2000-induced system failures on their own core business processes and have implemented rigorous efforts to mitigate these risks; (3) nevertheless, there are still serious challenges ahead that could threaten the financial institution industry's ability to successfully meet the year 2000 deadline; (4) with less than 16 months remaining before the year 2000 deadline, the regulators are faced with the daunting task of overseeing the efforts of more than 22,000 financial institutions, service providers, and software vendors with a relatively finite number of examination personnel; (5) in the next few months, many of these entities will be undertaking the most complex and difficult stage of correction--testing; (6) it will be necessary for regulators to ensure that they have enough technical resources to review institution efforts during this crucial phase; (7) beginning in early 1999, regulators will be pressed to take quick actions against institutions that cannot successfully complete their year 2000 efforts; (8) but before they can do so, they need to determine what will constitute financial institution year 2000 failures, what regulatory options can be effectively used, and when they would be implemented; (9) the U.S. economy is intrinsically linked to the international banking and financial services sector, yet many countries and their financial institutions are reported to be behind schedule in addressing their year 2000 problem; (10) working with their foreign counterparts, the regulators will need to identify and define global year 2000 risks and work cooperatively to mitigate those risks; (11) the regulators will also need to develop contingency plans in case there are unforeseen problems; (12) financial institution credit, deposit, and payment flows are critically dependent on public infrastructure such as telecommunications and electric power networks; (13) however, until critical readiness assessments and tests are completed and made available to the public, it is not clear whether there will be uninterrupted telecommunications and power service; and (14) regulators will need to develop contingency plans that anticipate year 2000-related disruptions in the public infrastructure.