Year 2000 Computing Crisis

If Year 2000 problems are not overcome, key automated bank systems--affecting trillions of dollars in assets, transactions, and insured deposits--are subject to serious consequences ranging from malfunction to failure. At a minimum, this would cause inconveniences to banks and their customers. More ominously, systems failure could lead to bank closings and serious disruptions for both the banking industry and bank customers. This testimony discusses the progress being made by the Federal Deposit Insurance Corporation (FDIC) in ensuring that the thousands of banks that it oversees are ready for the upcoming century date change. GAO also discusses FDIC's progress in addressing Year 2000 concerns for its own internal systems.

GAO noted that: (1) the year 2000 problem poses a serious dilemma for banks due to their heavy reliance on information systems; (2) it also poses a challenge for FDIC and the other bank regulators who are responsible for ensuring bank industry readiness; (3) regulators have a monumental task in making sure that financial institutions have adequate guidance in preparing for the year 2000 and in providing a level of assurance that such guidance is being followed; (4) further, regulators will likely face some tough decisions on the readiness of individual institutions as the millennium approaches; (5) GAO found that FDIC is taking the problem very seriously and is devoting considerable effort and resources to ensure that the banks it oversees mitigate year 2000 risks; (6) FDIC has been very emphatic in alerting banks to the year 2000 problem and has conducted a high-level assessment of the industry's year 2000 readiness; (7) despite aggressive efforts, FDIC still faces significant challenges in providing a high level of assurance that individual banks will be ready; (8) FDIC--as were the other regulators--was late in addressing the problem; (9) consequently, it is behind the year 2000 schedule recommended by both GAO and the Office of Management and Budget (OMB); (10) compounding this problem is that critical guidance, although under development, has not been released by the Federal Financial Institutions Examination Council (FFIEC) for banks and other financial institutions on contingency planning, assessing risks caused by corporate customers (borrowers), and assessing risks associated with third-party automated system service providers; (11) this guidance should have been provided earlier so that banks would have had more time to factor the guidance into their own assessments and plans; (12) additionally, FDIC's ability to report on individual banks' status in preparing for the year 2000 is limited by insufficient information being reported by bank examiners; (13) FDIC also needs to correct its internal systems used to support agency functions and has initiated efforts to do this; (14) FDIC is behind in assessing whether these systems are year 2000 compliant; and (15) although OMB guidance states that the assessment phase should have been completed in mid-1997, FDIC has not yet fully assessed its mission critical systems or established contingency plans in case systems repairs and replacements are not in place on time or do not work as intended.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone: