Senator Dodd and members of the committee, my name is David Iacino and I am the Senior
Manager of the Millennium Project at BankBoston. I am pleased to have this opportunity to
present my views on the magnitude of the Year 2000 problem, the associated business risks, and
the adequacy of remediation and risk management efforts being undertaken by the financial
services industry.
Let me first tell you a little about who we are. We are a New England based Superregional Bank
holding company with $69 billion in assets, ranked number 16 in the United States with 475
branches and 275 offices located in 24 countries and 67 of those branches are here in
Connecticut. We offer a complete range of financial products and services both domestically and
internationally.
The Year 2000 computer problem is pervasive and is global in scope. It affects not only the
financial services industry, but all industries. Each business is itself both a customer and a
supplier in the food chain of international commerce. Each industry is simultaneously competing
for available human resources to complete its remediation processes against a fixed deadline in
order to mitigate its Year 2000 risks. The millennium challenge is a significant project
management challenge that requires institutionally focused attention as well as addressing
dependencies on its suppliers that are facing the very same challenge. These are the parameters
that make the millennium challenge unique,
Financial institutions are extremely dependent on one another as well as common service
providers for the interchange of electronic commerce. The national payment system is dependent
upon automation to clear checks principally through the Federal Reserve System. The
Automated Clearing Houses represent the primary means of processing preauthorized payments
enabling automated payroll deposits to the consumer's Bank of choice in addition to processing
standing orders for repetitive payments such as insurance premiums, automobile payments, and
investments. The retail consumer is dependent on the use of credit and debit card conveniences
offered internationally through suppliers such as VISA, MASTERCARD, and AMERICAN
EXPRESS which have extensive electronic networks linking a transaction from its point of sale
to the consumer's financial institution. The Corporate customer, heavily dependent on Electronic
Data Interchange (EDI), Wire Transfers, and Letters of Credit, uses the nation's financial
institutions as their financial intermediaries. The increasing globalization of the business
enterprise radiates these dependencies beyond our borders to include financial institutions
worldwide. It should be clear from these examples that there are significant risks associated with
such tightly woven interdependencies.
Like all financial institutions, BankBoston is heavily dependent on computer technology in the
conduct of our business. We have major Data Processing Centers in Windsor, Providence and
Boston with large scale data communications networks linking these Centers to our branches,
remote offices, customers, and service providers like the Federal Reserve. Additionally, we
participate in multiple delivery networks for ATM processing, point of sale services, information
exchange, and other forms of electronic commerce. This dependence on technology was the
prime motivation for BankBoston to begin its
Millennium Project in the Spring of 1995. The initial assessment of our systems inventory
revealed that roughly fifty percent of our software is supplied to us by external Vendors, and that
this Vendor supplied software is usually customized to meet the unique needs of our institution.
This heavy reliance on external Vendor software, which is common within the financial services
industry, represents the single biggest risk in being able to meet the millennium challenge since
the timely delivery of this millennium compliant software is outside of each bank's control.
However, even managing these types of software risks that are germane to individual institutions
will help ensure millennium compliance only within their own spheres of influence.
The Year 2000 problem is also very real. At BankBoston, we have identified and corrected millennium related logic errors within our systems that have already been through the remediation process. For example, we found that:
And keep in mind that had these situations not been identified in advance, our ability to respond
to all of them simultaneously in the Year 2000 may have been hampered by the availability of
computer resources and the pressures brought on by the demands of our customer base.
As I mentioned earlier, BankBoston had begun its millennium preparedness in early 1995. As
such, I feel comfortable that we will be able to complete our internal preparedness given the
project organization and processes that we currently have in place. It has taken us three years to
structure the very rigorous program that we have in place today. Our inventory of technology
applications is under constant review and newly acquired or developed applications are being
scrutinized for their millennium compliance, both contractually and in their acceptance testing, in
order not to propagate the millennium problem.
We have developed an extensive Communications and Awareness program within the Bank to
sensitize every facet of the business to review the risks of the millennium challenge to their
business. This is a mandatory program for every financial institution. We have also instituted a
very rigorous Vendor and Contracts Management program to track the millennium readiness and
delivery of the vendor supplied applications which account for more than half of our application
inventory. We have developed comprehensive remediation and certification processes to
carefully examine and test all of our systems to assure accurate operability in the year 2000 and
beyond. We have developed an elaborate Planning and Scheduling program that integrates our
resource requirements planning, Vendor software availability, and triage program founded on an
already existing Disaster Recovery Plan that orders our most critical applications for renovation
before those of lesser importance.
Complementing the systemic preparations being undertaken within BankBoston, we have a
corporate-wide millennium risk management program underway where the potential impacts of
the Year 2000 challenge are being addressed as risk related business issues and opportunities to
gain competitive advantage. Headed by our Executive Vice President of Risk Management, this
program is reviewing the potential risks associated with each major line of business: examples
can be found in my written testimony.
Credit. Credit policy is being reviewed to account for the potential risk that the borrower's ability
to repay outstanding debt may be affected by the impact of the year 2000 on the borrower.
Increased allowances for potential loan losses are accordingly being evaluated. Existing loans
requiring customer unqualified financial statements are being watched in the event that the
customer's own millennium preparation expense may erode comfortable profit margins. Loan
participations and syndications require the cooperation of all participants in the evaluation of
millennium related risk.
Finance. Regulatory requirements concerning SEC 10K and 10Q millennium disclosures are being reviewed as are FASB's treatment of accounting and tax implications of millennium related expenses.
Third Party Suppliers. Critical outsourcing arrangements such as loan portfolio servicing are
being reviewed to ensure uninterrupted revenue streams. The risks associated with potential
disruption of critical point solutions that augment the bank's business functions (such as news
services, stock quotations, et al) are also under review.
Joint Ventures. The millennium preparedness of all joint ventures in which BankBoston is
a participant is being investigated to protect the value of our investment.
Legal Issues. BankBoston is taking aggressive steps to conduct the appropriate due diligence
associated with its preparedness for the millennium. These include supplier contract review of
indemnification and warrantee provisions, board level project review, and escalation of critical
business related issues.
Mergers and Acquisitions. BankBoston completed a merger with BayBanks last May. This
merger involved extensive best of breed product integration into the surviving systems that serve
the combined entity. This fifteen month effort required extensive systems renovation which
consumed the attention of systems personnel involved with the merger. In future M&A
activities, the valuation of any acquired software will have to be significantly discounted unless it
is already millennium compliant. There simply isn't enough time remaining to affect product
integration concurrent with providing for millennium readiness.
Insurance. It is imperative for all businesses to review Director and Officer liability insurance in
addition to business interruption insurance policies currently in place or under renewal. Given
the estimated certainty of forthcoming lawsuits surrounding predicted business failures,
BankBoston has begun such reviews.
Marketing. The millennium prepared financial institution will enjoy a competitive advantage
over other Banks' inaction. Cross selling of additional products and services to a nervous
customer base will provide an opportunity for additional fee income to the millennium compliant
bank. Communicating millennium strategy to the retail and corporate customer is becoming
more of a sensitive issue as our customers' awareness of the millennium issue increases.
I bring the BankBoston model to your attention, not only because I am proud of what we have
accomplished, but to underscore to you the fact that it has taken us three years to experience and
overcome some of the project management complexities associated with the Year 2000
challenge. Knowing that all financial institutions must address the very same issues that we have
faced with much less time remaining, I am concerned with the general preparedness of the rest of
the financial services industry domestically and, more so, internationally. In my discussions with
other banks, customers, and service suppliers, I feel that unless comparable programs to
BankBoston's are put in place within the next few months, the effect will adversely impact even
those that are adequately prepared.
On a positive note, a cohesiveness is developing in the Banking industry to address the
millennium challenge. The Bank Administration Institute (BAI), a US banking industry
association representing about 80% of the nation's banking assets, has been quite proactive in
bringing together its membership and service providers to address common issues. The
American Banker's Association has undertaken similar activities, and the two groups have cross
pollinated to address common banking related millennium issues across the United States.
The majority of the critical work, however, lies ahead. As I mentioned earlier, there is an
enormous interdependency among all financial institutions on the viability of the payments
system. All must be prepared for the millennium. All common financial services providers must
be prepared. All systems and application vendors must be prepared. All suppliers and customers
must be prepared. And then we must all test the interdependencies we share well before the year
2000 to ensure stability of the system not only domestically but globally.
The Federal Financial Institutions Examination Council (FFIEC), has been proactive in
delivering the urgency of the millennium challenge to the industry through its Advisories and
Examinations. In many cases, especially to smaller institutions that do not have the resources to
manage such large scale projects against an immutable deadline, the Regulatory bodies
represented by the FFIEC will be required to offer assistance. Congress can also render
assistance by considering legislation that would 1) give examination parity to all members of the
FFIEC, 2) permit software copyright exceptions where needed, 3) enhance the 'bona fide errors"
definitions to include millennium-specific language in the existing Expedited Funds Availability
Act, and 4) to provide financial institutions protection from punitive damages arising from class
action law suits (a.k.a. "Safe Harbor").
As each financial institution must mitigate risk through rigorous contingency planning, our
Regulators must develop contingency plans to assure stability of the Banking system
internationally as well as domestically. We have a collective fiduciary responsibility to our
customers and must continue to relax the roles of the Regulator and the Regulated by working
together to ensure the safety and soundness of this nation's banking system.
This concludes my testimony. Thank you.
Home | Menu | Links | Info | Chairman's Page