I am here to report to you on the NASD’s response to this Year 2000 problem, a project that will affect every system in our organization and that comes with a December 31, 1999, deadline that cannot be postponed.
The NASD, through its two subsidiaries, NASD Regulation and Nasdaq, operates large, highly complex computer systems on which the securities industry depends. We are fully aware of our responsibility to that industry and have embarked on a thoughtful – and costly – path to resolve the Year 2000 problem with minimal disruption. Your invitation letter requested that I address the magnitude of the problem, associated business risks, and the adequacy of remediation and risk management efforts by Nasdaq and other securities markets.
My testimony today will therefore describe the problem that we are confronting, and detail our response and the issues that we have had to deal with in meeting the challenge to our systems, the securities industry, and the economy itself. I will confine my remarks to the NASD’s activities, which I believe will provide you with some insight into the securities industry’s efforts as well.
Established under authority granted by the 1938 Maloney Act Amendments to the Securities Exchange Act of 1934, the National Association of Securities Dealers (NASD) is the largest self-regulatory organization for the securities industry in the United States. Every broker/dealer that does a securities business with the public is required by law to be a member of the NASD.
The NASD’s membership comprises more than 5,500 securities firms that operate in excess of 60,000 branch offices, and have in their employ 535,000 registered securities professionals.
In 1996, the NASD became the first securities-industry self-regulatory organization to formally separate its regulatory functions from its market operations and to adopt a governing Board structure that requires a majority of governors from outside the securities industry.
The NASD is the parent company of NASD Regulation, Inc., (NASDR), and The Nasdaq Stock Market, Inc. These wholly owned subsidiaries operate under delegated authority from the parent, which retains overall responsibility for ensuring that the organization’s statutory and self-regulatory obligations and functions are fulfilled.
The NASDR mission is to protect investors and strengthen market integrity. In carrying out its mission, NASDR fulfills a substantial portion of the parent organization’s responsibilities as the securities industry’s primary self-regulator. It regulates both the broker/dealer profession and the markets operated by its sister subsidiary, The Nasdaq Stock Market, Inc.
NASDR carries out its examination, disciplinary, and other regulatory responsibilities from its Washington headquarters and 14 District Offices located in major cities throughout the country. A committee of the NASDR Board of Directors, the National Business Conduct Committee, reviews as an appellate body the organization’s disciplinary activities, and seeks, to the extent possible, uniformity in disciplinary actions. Final NASD disciplinary actions can be appealed to the SEC and then to the United States Courts of Appeals.
In keeping with the NASD’s mission of facilitating capital formation for the ultimate benefit of investors, the Nasdaq Stock Market develops and operates a variety of market systems and services.
The Nasdaq Stock Market is the largest electronic, screen-based market in the world, capable of handling trading levels of at least one billion shares a day. Founded in 1971, Nasdaq today accounts for more than one-half of all equity shares traded in the nation and is the second largest stock market in the world in terms of the dollar value of trading. It lists the securities of more than 5,500 domestic and foreign companies, more than all other U.S. stock markets combined.
The cause of the Year 2000 problem is simple: many computer software programs store only the last two digits of the four-digit year. The century portion of the year is assumed to be "19". When the year 2000 is stored as "00", however, computer applications will continue to assume the century value as "19", incorrectly interpreting the year as 1900.
Since most business software relies heavily on date processing, the impact of incorrect date calculations will be pervasive. In the best case scenario, systems will fail, causing lost processing time as software is corrected. In the more likely scenario, applications will continue to process, producing inaccurate data and information. For example, erroneous calculations may impact billing invoices, loan interest payments, or depreciation schedules. Applications dependent on age calculations, such as benefit payments, may be severely impacted.
Computers use dates to perform many important functions such as, sorting, comparing, validating, and calculating. Dates are imbedded in every conceivable level of computing, from mainframes, to personal computers, to network devices, and they can be found in microcode, operating systems, compilers, utilities, data base management systems, applications and data files. It is critical for each and every company to assess the extent of the problem in their environment and make every effort to correct it.
This is a very large, complex challenge. It is a worldwide problem that must be corrected in a fixed timeframe. The deadline is January 1, 2000, and it is immovable.
The systems that the NASD, Nasdaq, and NASDR operate are large and the changes that will be required are extensive. The computer operations of the NASD are concentrated in two locations, each with approximately 500 staff (including contractors): Trumbull, Connecticut operates Nasdaq systems, and Rockville, Maryland operates our regulatory, corporate, and registration systems. Together they are responsible for 134 application systems that comprise 18,500 programs made up of 16,600,000 lines of computer code. These systems run on six major platforms and are written in eight major languages.
Only about 1/3 of our applications systems are already Year 2000 compliant. The NASD, Nasdaq and NASDR conversion effort will require about half of our application systems to be converted to Year 2000 compliance and then tested. The remaining application systems require testing only.
Recognizing the seriousness of the Year 2000 problem, the NASD, NASD Regulation, and Nasdaq have formed a Year 2000 Executive Steering Committee of officers representing the three NASD organizations. We have also established a centralized Year 2000 Program Office to oversee and coordinate all initiatives across the organization.
Starting in June 1996, under the auspices of the Year 2000 Program Office, the NASD, Nasdaq, and NASD Regulation undertook a Year 2000 project that includes the following phases:
Assessment and planning was the first phase. It set the scope of the problem and developed compliance standards, remediation, and testing methodology, initial cost estimates, a schedule, and a strategy for end-user computing. It conducted initial tests of operating systems and three pilot applications conversions. This phase also selected conversion tools and changed contracts to ensure Year 2000 compliance of newly purchased products
Remediation is the second and current phase, where the bulk of the work is done to convert all non-compliant systems, address legal issues, ensure compliance of third party software, set up an approach for external interfaces, install additional hardware, acquire consulting services for independent program review, and develop a contingency plan
The final phase of the project will monitor all converted systems, perform industry-wide testing through a whole business cycle, and perform any emergency repairs needed.
NASD is now well past the initial assessment phase and deep into code remediation. We already have systems that have gone through the Year 2000 conversion and testing process and are now back in use. We are satisfied, thus far, that our conversion process and tool sets are adequate for the task.
Costs of Year 2000 programs are substantial. An estimate of such programs around the world is $600 to $900 billion, with original estimates for the United States Government in the $50 to $70 billion range. The NASD estimates that the unit cost, which started at $.50 per line of code now runs $1 to $3. Total NASD, Nasdaq, and NASDR costs are now estimated at $20 million; about 3/4s of that will be spent on the actual remediation efforts in Phase 2 of our project.
As part of our regulatory activities, NASDR is developing a examination module that will require our examiners who are inspecting NASD member firms to verify that the firm is aware of the Year 2000 problem and is working to correct it. The module will not be able to evaluate the quality of the firms Year 2000 program.
The NASD has also informed all of our member firms that their systems must remain functional after January 1, 2000. NASDR will consider computer failures related to Year 2000 problems neither a defense to violations of a firm’s regulatory responsibilities nor a mitigation of sanctions for those violations.
Not only must we ensure that our systems work correctly within the NASD and its subsidiaries, they must also integrate with our vendors and subscribers and other members of the securities industry.
Nasdaq is one of the founding members of the Year 2000 Exchange and Utility Subcommittee of the Securities Industry Association (SIA), along with the New York Stock Exchange, the American Stock Exchange, the National Securities Clearing Corporation, the Depository Trust Company, and the Securities Industry Automation Corporation. Nasdaq is working with these organizations to establish data interchange guidelines and to plan for bilateral and industry wide testing. Nasdaq is also participating in a number other Year 2000 committees formed by the Data Management Division of the SIA.
A major objective of the SIA Exchange and Utility Subcommittee is to develop the means for an industry wide test in 1999. This test – which requires widespread cooperation among industry principals – will provide the securities industry with a simulated market environment to perform transaction cycle testing, and allow industry participants to synchronize their computers to simulate a particular trading date. Subscribers will be invited to use this simulated market environment and conduct cycle tests as they see fit. This testing will come as close to actual market conditions as the industry can simulate and will allow the industry participants to ensure that their systems will continue to operate in the new environment.
Because of the need to coordinate the efforts involved in Year 2000, the NASD has used a number of means to communicate with the securities industry on how the changes needed will be carried out.
Most of the tasks that the NASD must undertake to manage its business exposure are the same
ones that will enable it to minimize the effect of the Year 2000 problem on its operations.
Among the issues that must be considered are:
The SEC is monitoring securities industry efforts to ensure that all parts of it are aware of the problem and dealing with it. The SEC issued a status report in June of this year. Among other things, the report found that:
In conclusion, the NASD, Nasdaq, and NASDR are well aware of the risk that they and others in
the securities industry face from the Year 2000 problem. We have committed the resources
needed within our organizations to remediate problems in our systems. We are now on track to
complete our plan on schedule, and ahead of many other organizations. Finally, we are working
closely with the SEC and the industry to ensure that systems that interface with ours will
continue to function as we enter the next millennium.