Prepared Testimony of Subcommittee Chairman Robert F. Bennett (R-UT)

Hearing on Year 2000 Liability and Disclosure.

In Subcommittee hearings held over the summer, we learned that the Year 2000 problem is more than a computer problem; it is a pervasive business issue for which there is no quick fix. Businesses rely on computer systems for nearly every aspect of their operations -- from operating elevators to calculating interest on loans to launching satellites. A failure in one computer system could not only devastate the operation it controls, but could domino through other systems and cause other seemingly unrelated operations to shut down. As a result, virtually every business in this country will face a stream of potential direct and contingent liabilities based on the failures of their own systems or those of their business partners.

Estimates of the litigation companies could face as a result of the Year 2000 problem now exceed $1 trillion. Despite this incredible figure, individual companies are not talking about what specific liabilities they face or how they plan to manage their litigation risk. This silence raises two very important questions that we plan to explore in today's hearing.

What should individual companies be doing to identify and manage their Year 2000 litigation risks and what can the federal government do to help?

If there is indeed more than a trillion dollars worth of litigation lurking in the next century, what should individual companies be doing to identify and manage that risk? It seems that few companies have been able to determine whether and to what extent they are vulnerable. Companies that are unable to determine their specific risks will certainly not be able to manage them or properly disclose them to the public. That leads me to the second, and perhaps more important question --

Should individual companies be required by law to disclose the projected expenditure and legal and operational uncertainties associated with their Year 2000 remediation efforts?

I believe that investors have a right to know what type and amount of risk individual companies face as a result of the Year 2000 problem. Nevertheless, a review of 10-K's published on the SEC's EDGAR database reveals that very few companies have made specific disclosures with regard to the Year 2000 problem. Most of the disclosures that have been made state generally that the companies are spending money to fix the problem. Despite the enormous projected litigation figures, companies are not reporting specific exposure.

The SEC recently issued a legal interpretation recommending that companies properly disclose the legal and operational risks and uncertainties related to the Year 2000 problem. While I look forward to the SEC's testimony on how they plan to enforce this interpretation, I question whether a legal interpretation is sufficient to encourage companies to make appropriate disclosures.

I believe some stronger action, perhaps in the form of a law, is necessary to require, rather than simply encourage, companies to keep investors informed. Such a law could require companies to disclose, on an ongoing basis, the projected expenditures and legal and operational uncertainties associated with their Year 2000 remediation efforts. This type of law would help to ensure that investors and the general public are made aware of the progress of remediation efforts within U.S. companies and the direct and contingent liabilities those companies face as a result of the Year 2000 problem.

Every potential investor has a right to those facts, and the burden must be on the corporation to disclose them. It is unfair and unrealistic to expect an individual investor in a corporation or an individual depositor at a financial institution to make those inquiries and get accurate information on their own.

With that brief introduction, I would like to introduce today's witnesses:

Panel # 1

• Jeff Jinnett is the president of LeBoeuf Computing Technologies and also serves as of counsel to the New York law firm of LeBoeuf, Lamb, Greene & MacRae. He has written extensively on Year 2000 topics and has appeared before this Subcommittee earlier this year;
  
  
• Dana McDaniel is the chairman of the Technology and Intellectual Property Section at the law firm of Williams, Mullen, Christian & Dobbin in Richmond, Virginia; and
  
  
• Harris Miller is the president of the Information Technology Association of America;

These witnesses will discuss the potential liability companies face as a result of the Year 2000 problem and offer recommendations on what can be done to manage that risk.

Panel #2

• Brian J. Lane is the Director of the Division of Corporation Finance at the SEC. Mr. Lane will discuss the SEC's policy on Year 2000 disclosure.

Panel #3

• Bob Austrian is a Senior Enterprise Software Analyst at Montgomery Securities in San Francisco. He is the author, along with his colleague Tom Pagel, of a report entitled "Millennium Morass: A New Perspective for Every Investor and Business Leader." Mr. Austrian will address Year 2000 disclosure issues from the investor's perspective.

In conclusion, and as we close this hearing on Year 2000 liability and disclosure, I want to revisit our last Year 2000 compliance hearing. At that time we had all of the financial regulatory agencies here to discuss their efforts and the efforts of the institutions that they regulate to become Year 2000 compliant. We asked each regulatory agency to provide us with periodic updates on their progress.

In addition, I sent a request to the General Accounting Office (GAO) to evaluate the status and progress of each of these agencies so that we might have some benchmark by which to gauge their progress. The GAO has substantially completed its initial assessment of one financial regulatory agency, the National Credit Union Administration, and I will include this GAO statement in the hearing record and remind those other regulatory agencies, that the GAO will be visiting them shortly to assist them in identifying their status and evaluating their plans for corrective action.

Due to the lack of time and the need to maintain continuity of thought, I will briefly summarize the GAO testimony. GAO reports that NCUA is not as far along in its assessment of Year 2000 compliance as OMB and GAO guidelines to Federal Agencies recommend. While NCUA has taken positive steps to address Year 2000 problems, GAO reports that:

a - NCUA does not have an accurate picture of where credit unions and vendors stand in resolving such problems.


b - NCUA lacks a formal contingency plan to address potential Year 2000 problems.


c - NCUA has not yet ensured that credit union auditors address Year 2000 problems in connection with internal management control audits which guard against error, carelessness, and fraud.


d - NCUA lacks qualified staff to conduct examination work in complex systems areas. It is in the process of hiring one EDP auditor and is considering hiring two more.

Inasmuch as one in four Americans have membership in over 11,000 credit unions nationwide, this is an important issue for all of us. Federally insured credit union employees are responsible for managing almost $326 billion in assets. In order to ensure that credit union employees can continue to provide top notch service to their members, we want them to have the best supervisory support and assistance possible. I encourage NCUA to accelerate its Year 2000 activities and I commend the GAO for this, the first in a series of evaluations on Y2K compliance of financial regulatory agencies.

Home | Menu | Links | Info | Chairman's Page