View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

Federal Deposit Insurance Corporation

Division of Supervision

550 17th Street NW, Washington, DC 20429

Year 2000 Questions and Answers
FIL-93-98
August 28, 1998
TO:

CHIEF EXECUTIVE OFFICER

SUBJECT:

Interagency Guidance on Common Questions About FFIEC Year 2000 Policy

e

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached
statement to supplement previously issued interagency statements on Year 2000 readiness.
The guidance addresses frequently asked questions about material in those statements.

ac
tiv

The statement focuses on requests for further clarification of the April 1998 interagency
statement "Guidance Concerning Testing for Year 2000 Readiness." The answers provided are
intended to address testing issues in general terms. Institution-specific queries should be
directed to your Federal Deposit Insurance Corporation (FDIC) Division of Supervision Regional
Office.
The FDIC considers the testing phase the most critical stage of the Year 2000 project
management process. Failure to properly identify and correct remediation errors and omissions
could affect the viability of a financial institution. The FDIC acknowledges that each financial
institution is unique and that the institution's management is in the best position to judge what
testing strategies and plans are appropriate. This decision should be made after considering the
size of the institution, the complexity of its operation, and an acceptable level of business risk
exposure.
The FDIC expects each financial institution to meet the following key milestones in the Year
2000 testing process by the date indicated:
June 30,
1998

In

September
1, 1998

Institutions should have completed the development of their written testing strategies
and plans. These plans should be made available to supervisory authorities when
requested.
Institutions processing in-house and service providers should have commenced
testing of internal mission-critical systems, including those programmed in-house and
those purchased from software vendors.
Testing of internal mission-critical systems should be substantially complete. Service
providers should be ready to test with customers.
Testing by institutions relying on service providers for mission-critical systems should
be substantially complete. External testing with material other third parties (customers,
other financial institutions, business partners, payment system providers, etc.) should
have begun.
Testing of mission-critical systems should be complete and implementation should be
substantially complete.

December
31, 1998
March 31,
1999

June 30,
1999

In addition, your institution's activities regarding customer risk are subject to the following
deadlines:

June 30,
1998
September
30, 1998

Develop an evaluation process designed to identify material customers and
assess and control the Year 2000-related risks associated with funds providers,
funds takers, and capital market/asset management counterparties.
The evaluation process of an institution's customers should be substantially
complete.

Other topics addressed in the question and answer statement include data processing system
or service provider conversions, external review of the project management process,
infrastructure risk involving telecommunications and power suppliers, service provider and
software vendor assessments, and contingency planning. Institutions should refer to the seven
previously issued FFIEC Interagency Statements addressing Year 2000 readiness for a
comprehensive discussion of these topics.

e

Management is encouraged to actively utilize the services of its internal audit process and
external audit programs. A well-coordinated review and reporting process should substantially
lessen the risk that problems will go undetected.

ac
tiv

The FDIC and state banking authorities will continue to review the efforts of all FDIC-supervised
banks to become Year 2000 ready. An institution's failure to appropriately address Year 2000
readiness problems may result in supervisory action, including formal and informal enforcement
actions, denials of applications filed pursuant to the Federal Deposit Insurance Act, civil money
penalties, reductions in the institution's management component or composite ratings, and
increased risk-related premiums.
The attached interagency statement and related information on Year 2000 issues are available
on the Internet via the World Wide Web at /news/news/financial/ or http://www.ffiec.gov.
Nicholas J. Ketcha Jr.
Director

Attachment:

FFIEC Interagency Statement

In

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's
Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-2766003 or (703) 562-2200).