Mr. Chairman and members of the Subcommittee, my name is David Iacino and I am the Senior Manager of the Millennium Project at BankBoston. I am pleased to have this opportunity to present my views on the magnitude of the Year 2000 problem, the associated business risks, and the adequacy of remediation and risk management efforts being undertaken by the financial services industry.
Let me first tell you a little about who we are. We are a large New England based Superregional Bank holding company with $65 billion in assets, ranked number 15 in the United States with 475 branches and 275 offices located in 24 countries. We offer a complete range of financial products and services both domestically and internationally.
The Year 2000 computer problem is pervasive and is global in scope. It affects not only the financial services industry, but all industries. Each business is itself both a customer and a supplier in the food chain of international commerce. Each industry is simultaneously competing for available human resources to complete its remediation processes against a fixed deadline in order to mitigate its Year 2000 risks. The millennium challenge is a significant project management challenge that requires institutionally focused attention as well as addressing dependencies on its suppliers that are facing the very same challenge. These are the parameters that make the millennium challenge unique.
Financial institutions are extremely dependent on one another as well as common service providers for the interchange of electronic commerce. The national payment system is dependent upon automation to clear checks principally through the Federal Reserve System. The Automated Clearing Houses represent the primary means of processing pre-authorized payments enabling automated payroll deposits to the consumer's Bank of choice in addition to processing standing orders for repetitive payments such as insurance premiums, automobile payments, and investments. The retail consumer is dependent on the use of credit and debit card conveniences offered internationally through suppliers such as VISA, MASTERCARD, and AMERICAN EXPRESS which have extensive electronic networks linking a transaction from its point of sale to the consumer's financial institution. The Corporate customer, heavily dependent on Electronic Data Interchange (EDI), Wire Transfers, and Letters of Credit, uses the nation's financial institutions as their financial intermediaries. The increasing globalization of the business enterprise radiates these dependencies beyond our borders to include financial institutions worldwide. It should be clear from these examples that there are significant risks associated with such tightly woven interdependencies.
Like all financial institutions, BankBoston is heavily dependent on computer technology in the conduct of our business. We have major Data Centers in New England, London, Brazil, Argentina, and Singapore with large scale data communications networks linking these Centers to our branches, remote offices, customers, and service providers like the Federal Reserve. Additionally, we participate in multiple delivery networks for ATM processing, point of sale services, information exchange, and other forms of electronic commerce. This dependence on technology was the prime motivation for BankBoston to begin its Millennium Project in the Spring of 1995. The initial assessment of our systems inventory revealed that roughly fifty percent of our software is supplied to us by external Vendors, and that this Vendor supplied software is usually customized to meet the unique needs of our institution. This heavy reliance on external Vendor software, which is common within the financial services industry, represents the single biggest risk in being able to meet the millennium challenge since the timely delivery of this millennium compliant software is outside of each bank's control. However, even managing these types of software risks that are germane to individual institutions will help ensure millennium compliance only within their own spheres of influence.
The Year 2000 problem is also very real. At BankBoston, we have identified and corrected
millennium related logic errors within our systems that have already been through the
remediation process. For example, we found that:
As I mentioned earlier, BankBoston had begun its millennium preparedness in early 1995. As such, I feel comfortable that we will be able to complete our internal preparedness given the project organization and processes that we currently have in place. It has taken us two years to structure the very rigorous program that we have in place today. Our inventory of technology applications is under constant review and newly acquired or developed applications are being scrutinized for their millennium compliance, both contractually and in their acceptance testing, in order not to propagate the millennium problem.
We have developed an extensive Communications and Awareness program within the Bank to sensitize every facet of the business to review the risks of the millennium challenge to their business. This is a mandatory program for every financial institution. We have also instituted a very rigorous Vendor and Contracts Management program to track the millennium readiness and delivery of the vendor supplied applications which account for more than half of our application inventory. We have developed comprehensive remediation and certification processes to carefully examine and test all of our systems to assure accurate operability in the year 2000 and beyond. We have developed sound Project Administration practices to track costs, maintain accurate inventory, and manage issues. We have put in place and continually monitor the Technical Support infrastructure required to conduct remediation and certification concurrently with the day to day systems demands of our business. And we have developed an elaborate Planning and Scheduling program that integrates our resource requirements planning, Vendor software availability, and triage program founded on an already existing Disaster Recovery Plan that orders our most critical applications for renovation before those of lesser importance. Complementing the systemic preparations being undertaken within BankBoston, we have a corporate-wide millennium risk management program underway where the potential impacts of the Year 2000 challenge are being addressed as risk related business issues and opportunities to gain competitive advantage. Headed by our Director of Risk Management Assessment, this program is reviewing the potential risks associated with each major line of business:
Credit. Credit policy is being reviewed to account for the potential risk that the borrower's ability to repay outstanding debt may be affected by the impact of the year 2000 on the borrower. Increased allowances for potential loan losses are accordingly being evaluated. Existing loans requiring customer unqualified financial statements are being watched in the event that the customer's own millennium preparation expense may erode comfortable profit margins. Loan participations and syndications require the cooperation of all participants in the evaluation of millennium related risk.
Finance. Regulatory requirements concerning SEC 10K and 10Q millennium disclosures are being reviewed as are FASB's treatment of accounting and tax implications of millennium related expenses.
Third Party Suppliers. Critical outsourcing arrangements such as loan portfolio servicing are being reviewed to ensure uninterrupted revenue streams. The risks associated with potential disruption of critical point solutions that augment the bank's business functions (such as news services, stock quotations, et al) are also under review.
Joint Ventures. The millennium preparedness of all joint ventures in which BankBoston is a participant is being investigated to protect the value of our investment.
Legal Issues. BankBoston is taking aggressive steps to conduct the appropriate due diligence associated with its preparedness for the millennium. These include supplier contract review of indemnification and warrantee provisions, board level project review, and escalation of critical business related issues.
Mergers and Acquisitions. BankBoston has just completed a merger with BayBanks. This merger involved extensive best of breed product integration into the surviving systems that serve the combined entity. This fifteen month effort required extensive systems renovation which consumed the attention of systems personnel involved with the merger. In future M&A activities, the valuation of any acquired software will have to be significantly discounted unless it is already millennium compliant. There simply isn't enough time remaining to affect product integration concurrent with providing for millennium readiness.
Insurance. It is imperative for all businesses to review Director and Officer liability insurance in addition to business interruption insurance policies currently in place or under renewal. Given the estimated certainty of forthcoming lawsuits surrounding predicted business failures, BankBoston has begun such reviews.
Marketing. The millennium prepared financial institution will enjoy a competitive advantage over other Banks' inaction. Cross selling of additional products and services to a nervous customer base will provide an opportunity for additional fee income to the millennium compliant bank. Communicating millennium strategy to the retail and corporate customer is becoming more of a sensitive issue as our customers' awareness of the millennium issue increases.
I bring the BankBoston model to your attention, not only because I am proud of what we have accomplished, but to underscore to you the fact that it has taken us two years to experience and overcome some of the project management complexities associated with the Year 2000 challenge. Knowing that all financial institutions must address the very same issues that we have faced with much less time remaining, I am concerned with the general preparedness of the rest of the financial services industry. In my discussions with other banks, customers, and service suppliers, I feel that unless comparable programs to BankBoston's are put in place within the next few months, the effect will adversely impact even those that are adequately prepared.
On a positive note, a cohesiveness is developing in the Banking industry to address the millennium challenge. The Bank Administration Institute (BAI), a US banking industry association representing about 80% of the nation's banking assets, has been quite proactive in bringing together its membership and service providers to address common issues. The Canadian Banker's Association has undertaken similar activities, and the two groups have cross-pollinated to address common Banking related millennium issues across North America.
The majority of the critical work, however, lies ahead. As I mentioned earlier, there is an enormous interdependency among all financial institutions on the viability of the payments system. All must be prepared for the millennium. All common financial services providers must be prepared. All systems and application vendors must be prepared. All suppliers and customers must be prepared. And then we must all test the interdependencies we share well before the year 2000 to ensure stability of the system not only domestically, but also globally.
The Federal Financial Institutions Examination Council (FFIEC), has been proactive in delivering the urgency of the millennium challenge to the industry and appears poised to step up its examinations. In many cases, especially to smaller institutions that do not have the resources to manage such large scale projects against an immutable deadline, the Regulatory bodies represented by the FFIEC will be required to offer assistance. As each financial institution must mitigate risk through rigorous contingency planning, our Regulators must develop contingency plans to assure stability of the Banking system. We have a collective fiduciary responsibility to our customers and must continue to relax the roles of the Regulator and the Regulated by working together to ensure the safety and soundness of this nation's banking system.
This concludes my testimony. Thank you.