Any prediction as to the ultimate litigation which will result from the Year 2000 computer problem is pure speculation, since little substantial litigation has been reported on the Year 2000 computer problem and we do not know how much necessary corrective work will ultimately not be completed. However, if the Gartner Group prediction is accurate that as many as one-half of the companies with the Year 2000 computer problem will not become fully compliant by January 1, 2000, some Year 2000 litigation appears inevitable.
The first step in a Year 2000 risk managment program is recognizing that the Year 2000 computer problem poses not only technical issues and risks, but also business and legal issues and risks. The following are examples of steps a company can take to identify and reduce Y2K business and legal risks.
Enterprises often create technical dependency models mapping out how the enterprise's products and services depend on internal computer systems (internal dependencies) and can be impacted by noncompliancy of third parties (external dependencies). These technical dependency models would be of significantly greater utility to an enterprise if expanded to include business and legal information and factors.
After the enterprise's technical staff has prepared a list of possible technical loss scenarios, ranked according to magnitude of impact on the enterprise, the above dependency model could be augmented with business and legal risk factors, so as to assist the enterprise in running simulations to determine the likely business and legal impact of each potential technical failure scenario. Top management could then take preventive steps to eliminate or reduce the possible business/legal risk associated with the technical failures most likely to occur and which have the greatest adverse impact on the enterprise.
Enterprises should consider the possibility that they may become involved in litigation due to the failures of business partners to become compliant. Plaintiffs' attorneys may not be able at the outset of litigation to determine why a defendant's computer systems suffered a "hard" crash or "soft" crash and will have to assume that third parties which share data or software with the defendant may have contributed to the computer system failure. The plaintiff's attorneys are likely to sue not only the primary defendant, but also any business partner which conceivably could have played a part in the system failure due to the sharing of contaminated data or software.
Enterprises should take all necessary steps to create a due diligence record which could be introduced into evidence in litigation, if necessary, to show that the enterprise acted in good faith, using commercially reasonable efforts to solve its Year 2000 problem. The enterprise should review its Year 2000 corrective plan against currently available industry metrics as to remediation and testing costs and methods in order to confirm that the plan adopted by the enterprise matches the current industry best practices.
If a public company's shareholders develop concerns over the company's Y2K status due to "doomsday" articles in the press, the shareholders might "short" the company's stock. The enterprise could consider using Y2K audit reports and the securing of Y2K insurance to reassure shareholders that the enterprise is at low risk of a Year 2000 failure. The company could also create a rapid response team to handle press inquiries if Y2K-based system problems arise.
Congress can be of considerable assistance to the financial services industry in its efforts to solve its Y2K problem and also promote fuller disclosure of Y2K issues and information. Y2K Litigation "Safe Harbor"
Due to fears of providing plaintiffs' attorneys with litigation "ammunition", financial institutions may be reluctant to engage in industry-wide Y2K information-sharing efforts. This fear of litigation exposure is heightened due to the potential imposition of punitive damages on defendants. In order to encourage financial institutions to become fully compliant and to share necessary information with other institutions, I recommend that this Subcommittee consider introducing legislation to provide a "safe harbor" from punitive damages for financial institutions which establish that they have made a good faith effort to become Year 2000 compliant and which cooperate with industry-wide sharing of Y2K information as may be requested by appropriate regulatory authorities. The demonstration of a good faith effort to become Year 2000 compliant could be made by a national bank, for example, by passing a Year 2000 compliancy audit conducted by the Office of the Comptroller of the Currency. For financial institutions where no Federal regulatory authority has planned to conduct extensive Y2K audits, a quasi-public entity could be established by Congress to conduct the audits.
Punitive damages are imposed to punish reprehensible conduct and to deter others from similar behavior. This simply does not apply to the Year 2000 computer problem. As Dr. Leon Kappelman has demonstrated, over the past thirty-five years companies have saved far more in computer memory costs (by using two digits for date fields rather than four digits) than they will spend on Y2K remediation and therefore the use of two digits for year date fields constituted good business judgment. Further, since the Y2K problem is a one-time occurrence, imposing punitive damages on an individual defendant in Y2K litigation will not serve any deterrence function whatsoever, either with respect to the specific defendant or to other potential defendants.
Additional aspects of a Y2K litigation "safe harbor" could be considered, including (a) the prohibition of liability for noneconomic "pain and suffering" losses, (b) elimination of joint and several liability in favor of a proportionate liability standard, (c) a required determination by the court as to whether the plaintiff's cause of action is frivolous, with the imposition of reasonable attorney's fees and costs if determined to be frivolous, and/or (d) a requirement that the plaintiff establish proof by "clear and convincing evidence" rather than merely by a "preponderance of the evidence".
If financial institutions adopt a comprehensive Y2K risk management approach rather than merely a
technical remediation approach, they should be better able to identify and reduce their technical,
business and legal Y2K risks. In this effort, open disclosure by financial institutions of Y2K compliancy
status to their counterpart financial partners, sharing of remediation techniques and other information
sharing would aid in the industry-wide Y2K effort. The financial industry's justifiable concerns over
providing plaintiffs' attorneys with ammunition through this disclosure makes it imperative that Congress
consider enacting legislation creating a Y2K litigation "safe harbor" shielding financial institutions from
excessive litigation risks (such as punitive damages), provided the institutions make a good faith effort
to become Year 2000 compliant and participate in industry-wide sharing of Y2K information, as
requested by appropriate regulatory authorities.
Mr. Chairman, Distinguished Members of the Subcommittee:
My name is Jeff Jinnett and I am President of LeBoeuf Computing Technologies, a business subsidiary of the law firm of LeBoeuf, Lamb, Greene & MacRae, of which law firm I was formerly a Partner and now serve as Of Counsel. I appreciate the opportunity to again testify before this Subcommittee.
Over the past year, I have consulted with numerous large corporations in the financial services industry. For the most part, these corporations are quite confident that they will successfully complete their Year 2000 remediation efforts and make their internal computer systems fully Year 2000 compliant. However, many of these large financial institutions are concerned about their operations being disrupted by Year 2000 system failures of smaller business partners who have fewer resources to devote to their Y2K compliance efforts. An additional risk these financial institutions may not have considered is that they may become defendants in litigation brought against their smaller business partners where the cause of the business partners' computer system failures is unclear. Due to applicable statutes of limitation and the desire of the plaintiffs to seek joint and several liability from all defendants in case the primary defendant files for bankruptcy, the plaintiffs' attorneys are likely to sue not only the primary defendant, but also any business partner which conceivably could have played a part in the computer system failure due to the sharing of contaminated data or software.
Companies should be mindful that such a trial can become a very expensive battle of conflicting expert witnesses. If at the time of trial the Year 2000 computer problem has resulted in serious personal injuries in the society at large due to malfunctioning hospital equipment or air traffic control systems or has resulted in higher unemployment due to increased corporate bankruptcies, some juries may be pre-disposed to the plaintiff's position and be inclined to award punitive damages to "send a message" to corporate America. Plaintiffs' counsel may point out to the juries that the Y2K problem has been known for decades and yet the defendants did not begin actual corrective work until late in the 1990's, arguing that this is evidence of a reckless disregard for the problem. "After all", plaintiffs' counsel may say to the juries, "it's only a matter of going from two digits to four digits--how hard could that be? There must be gross negligence here."
In light of the above potential scenario, financial institutions should take all necessary steps to create a due diligence record which could be introduced into evidence in litigation, if necessary, to show that the enterprise acted in good faith, using commercially reasonable efforts to solve its Year 2000 problem. Financial institutions should adopt a comprehensive risk management approach to the Year 2000 problem rather than merely a technical remediation approach. For example, the enterprise should review its Year 2000 corrective plan against currently available industry metrics as to remediation and testing costs and methods in order to confirm that the plan adopted by the enterprise matches the current industry best practices. As part of this effort, the enterprise could seek to obtain certification of its Year 2000 corrective plan under the ITAA*2000 program, as was recently done by BankBoston.
Dr. Edward Yardeni, Chief Economist with Deutsche Morgan Grenfell, has estimated that a recession may occur by the year 2000 due, in part, to the Year 2000 computer problem. In light of the complexity of the Y2K problem and the potentially severe impact it may have on the U.S. economy, it is advisable that financial institutions be encouraged to share information as to Year 2000 compliancy status, remediation techniques which they have found helpful and Y2K technical, business and legal risks which they discovered which may impact other financial institutions. However, due to fears of providing plaintiffs' attorneys with litigation ammunition, financial institutions may be reluctant to engage in industry-wide Y2K information-sharing efforts. This fear of litigation exposure is heightened due to the potential imposition of punitive damages on defendants. In order to encourage financial institutions to become fully compliant and to share necessary information with other institutions, I recommend that this Subcommittee consider introducing legislation to provide a "safe harbor" from punitive damages for financial institutions which establish that they have made a good faith effort to become Year 2000 compliant and which cooperate with industry-wide sharing of Y2K information as may be requested by appropriate regulatory authorities. The demonstration of a good faith effort to become Year 2000 compliant could be made by a national bank, for example, by passing a Year 2000 compliancy audit conducted by the Office of the Comptroller of the Currency. For financial institutions where no Federal regulatory authority has planned to conduct extensive Y2K audits, a quasi-governmental entity could be established by Congress to conduct the audits.
A strong case can be made that punitive damages are inappropriate in Y2K litigation, in any event. Punitive damages are imposed to punish reprehensible conduct and to deter others from similar behavior in the future. This simply does not apply to the Year 2000 computer problem. As Dr. Leon Kappelman has demonstrated, the use by programmers of two digits rather than four digits in year date fields was necessary in past years to save expensive computer memory. Dr. Kappelman calculates that over the past thirty-five years, companies have saved far more in computer memory costs than they will spend on Y2K remediation and therefore the use of two digits rather than four digits for year date fields constituted good business judgment. The Y2K problem therefore did not arise from reprehensible conduct. Further, since the Y2K problem is a one-time occurrence, imposing punitive damages on an individual defendant in Y2K litigation will not serve any deterrence function whatsoever, either with respect to the specific defendant or to other potential defendants. Additional aspects of a Y2K litigation "safe harbor" could be considered, including the prohibition of liability for noneconomic pain and suffering losses and the elimination of joint and several liability in favor of a proportionate liability standard.
In conclusion, the Year 2000 computer problem poses significant litigation risks for many financial services institutions, not necessarily because they themselves will fail to become Year 2000 compliant, but because they may be affected by the failures of third party business partners to become fully Year 2000 compliant. As a critical part of the U. S. infrastructure, the financial services industry must become Year 2000 compliant if severe disruptions to the economy are to be avoided. If financial institutions adopt a comprehensive Y2K risk management approach rather than merely a technical remediation approach, they should be better able to identify and reduce their technical, business and legal Y2K risks, not only as individual institutions, but also as an industry. In this effort, open disclosure by financial institutions of Y2K compliancy status to their counterpart financial partners, sharing of remediation techniques and other information sharing would aid in the industry-wide Y2K effort. The financial industry's justifiable concerns over attracting punitive damage awards due to such disclosures makes it imperative that Congress consider enacting legislation creating a Y2K litigation "safe harbor" shielding financial institutions from excessive litigation risks, provided the institutions make a good faith effort to become Year 2000 compliant and participate in industry-wide sharing of Y2K information, as requested by appropriate regulatory authorities.
Mr. Chairman and distinguished Members of the Subcommittee, that concludes
my testimony and I would be pleased to address any questions you may have.
Home | Menu | Links | Info | Chairman's Page