On July 10, 1997, the Subcommittee held a hearing at which experts on the Year 2000 Problem testified about the impact of the problem on the financial services industry. The witnesses at that hearing urged us to call the financial institution regulators to a second hearing testify about their efforts to manage the issues associated with the Year 2000 problem.
Thus, we are here today to continue a dialogue that Senator D'Amato and I started earlier this year when we sent letters to the regulators inquiring about their efforts to address the Year 2000 problem. At that time, we recognized the pervasiveness of the problem, and sought a clear understanding of how the financial services industry was progressing in its remediation efforts. Fixing the Year 2000 problem is crucial for the financial services industry, which relies on computer systems to communicate with counterparties, process transactions, and maintain customer records.
In the past six months, we have learned a great deal about this problem, and there is some good news for the financial services industry. At our first hearing, a witness testified that 70% of financial institutions have some plan in place to address the Year 2000 problem. Similarly, remediation efforts in the securities markets and payment systems are well underway. These facts put the United States financial services industry ahead of other U.S. industries and far ahead of their European and Asian counterparts.
The news is not all good, however. While 70% of U.S. financial institutions have some plan in place, few, if any, have achieved Year 2000 compliance. Most experts recognize that with limited time and resources, the financial services industry will not be able to achieve full compliance by the end of the century. Some institutions will achieve only partial compliance. Institutions with more widespread systems failures may find themselves shut out of the financial markets when their computers fail to communicate with compliant systems.
Recognizing these facts, it is clear that the regulators will need to expand the scope of their supervision efforts to cover the broad-based risks presented by the Year 2000 problem. While regulators should not be expected to impose remediation plans on the institutions they supervise, they should be expected to shape those efforts, monitor and report on the progress within the industry, and help the industry manage the business risks associated with this problem.
As the clock ticks down to December 31, 1999, resources available to fix computer systems will become more scarce and more expensive. Many computer consultants are already completely booked up to the end of the century. For those fortunate enough to find a consultant, the average cost of fixing a line of code runs between $1.30 - $1.50. The process can be expensive for institutions with millions of lines of code to repair, and the costs are only going up. Some experts estimate that the cost of repairing a line of code will go up to $6.70 by the end of 1999.
With all those lines of code to fix and limited time and resources available, it becomes necessary for financial institutions to apply a MASH-style triage system. Devote the available time and resources to fixing the most essential computer systems, and leave less essential systems to a time when resources become available. In shaping remediation efforts, regulators should encourage financial institutions to apply a triage process to identify those systems that are most essential to the sound operation of the institution in order to properly allocate limited resources.
I believe the regulators also must monitor the progress of the industry and encourage the institutions they regulate to monitor the progress of their counterparties. It is essential for regulators to identify weak links in the financial system and alert financial institutions to potential systemic problems.
Financial institutions themselves must be concerned with not only their own systems, but those of their counterparties and business partners. A financial institution with perfectly compliant computer systems could still be vulnerable to failures by its correspondent banks or borrowers.
I believe the regulators should use their influence to increase awareness of the Year 2000 problem and encourage remediation efforts. While most financial institutions in the United States are aware of the problem, many other types of businesses, especially small ones, have not started to consider the issue. Foreign countries are far behind the curve. The financial institution regulators must use their influence to encourage foreign governments to aggressively address this problem. In a global economy, countries must work together to ensure the stability of financial systems. The failure of a foreign government to adequately address this problem is inexcusable and irresponsible.
The regulators also must prepare for the inevitable failures that will occur as a result of the Year 2000 problem. Adequate contingency planning is the key to preventing failures at individual institutions from rippling through the financial system as a whole.
Finally, I believe it is important to offer institutions that do fix their computer systems
some protection from liability due to failures in other systems over which they have no
control. Thus, I would ask the regulators to work with us in developing legislation which
would create a safe harbor to shield financial institutions which have been certified as
Year 2000 compliant from some of the liability they might otherwise face.
Home | Menu | Links | Info | Chairman's Page