The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
Before the Professional Banker's Association, Washington, D.C. December 15, 1997 Remarks on the "Millennium Bug" I am pleased to appear before the Professional Banker's Association to discuss the Millennium Bug from a public sector perspective. The Millennium Bug, or Year 2000 problem, has the potential to seriously disrupt the infrastructure of computer systems and telecommunications that the world community depends upon for the free flow of funds and payments and hence, virtually all of everyday commerce. The Year 2000 problem is a business continuity issue that requires a coordinated effort by public and private business and information technology management. Although the problem itself is not technically difficult, ensuring that information systems are Year 2000 compliant is a management challenge of enormous scale and complexity. While this matter will impact every organization everywhere, my talk today will focus specifically on the key areas of public sector finance and banking. The global nature of today's financial services industry relies upon the interconnection of computer systems world-wide. My purpose today is to identify the serious nature of the problem and the urgent need for immediate action by the government of every nation. As it will impact every country with which you interact, I believe that you of the Professional Banker's Association are in a unique position to be a catalyst for promoting attention to the Year 2000, stimulating action, and promulgating best practices in developing nations. This afternoon, after sketching out the critical nature of the problem, I will focus on plans and actions being taken by the Federal Reserve System to address the Millennium Bug in its own internal operation, as a case study of what an organization like ours must do. Then on to our efforts within the U.S. financial services industry and the international financial community, and finally a few words on how you can help. The Millennium Bug What is this problem all about? Most computer operating systems and applications in use today register dates as two digits. Consequently, such computer systems, software programs, or embedded chip devices can not distinguish the year 2000 from 1900, when both dates are registered as "00." When the clock rolls over the next millennium, computations based on two digit dates will produce errors. Those relatively few systems using four digit date fields will have different problems, but they will have problems, nonetheless. While the situation can be stated simply, its scope is vast and fixing it is enormously time consuming. As this audience knows, banking systems and financial services rely heavily on computer systems to manage and deliver services electronically. With the linkage of payment systems globally, a failure of any linked system could have waterfall effects to other systems and a disastrous result to the world economy. The scope of the Millennium Bug extends far beyond financial services and beyond the traditional notion of large mainframe processing systems. Computer systems that control telecommunications, electric utilities, transportation services, and a host of other critical infrastructure systems are vulnerable. The Gartner Group estimates 50 million embedded-system devices worldwide will exhibit Year 2000 problems. Embedded chips are used to control elevators, environmental systems, navigational devices, household appliances, safes and vaults, and on and on. The pervasive reliance on computer systems is not constrained to large industrialized countries; developing countries are also vulnerable, particularly those with older computer systems and software. I think that some "what if's" cited by the Computer Information Center in the UK brings a practical perspective of the effect of what could happen in our everyday life as the millennium arrives. The computers in financial services organizations, etc. cannot deliver payments to counter parties, or receive funds from them. Gridlock ensues. There's a collapse in financial markets because of the bad news coming from companies about their inability to trade normally. The power fails, and it is mid-winter in the Northern hemisphere and mid-summer in the Southern hemisphere. The power company's production is controlled by innumerable computer chips, which were installed many years ago and no one knows what they do, how they work, nor dare they touch them, because the whole of the plant might come irreparably to a standstill. More personal possibilities: The telephone system fails -- and you're unable to notify anyone of your pyramiding problems. Your medical center's computer has problems and cannot trace the medicines your elderly mother has been prescribed in the past nor the conditions she has had. A doctor prescribes the wrong medicine and she becomes very ill. You try to draw money from an ATM and it refuses, even though you know you have money in your account. Your bank's computer thinks it is January 1, 1900 -- and you weren't a customer then! As I said, fixing the Year 2000 bug is not technically difficult but it is an enormous task that will be frightfully costly. After all, one needs only to find and repair all date instances in programs. But when you consider the number of lines of code in computer programs in the aggregate, however, the scale of this task is monumental. Consider these estimates: The Gartner Group believes that there are about 180 billion lines of COBOL code alone in the U.S. British Telecommunications estimates it will need 1,000 staff at peak to check and correct some 300 million lines of computer code. The Federal Reserve is faced with checking some 90 million lines, and some very large financial institutions have many more than that. Clearly, solving the Year 2000 problem requires skilled staff and is time consuming. Because of so many unknowns, however, it is difficult to accurately estimate the amount of resources that will ultimately be required. Killen & Associates estimates that $280 billion will be spent worldwide between 1997 and 2002. Other responsible estimates run to over twice that. Federal Reserve Readiness Efforts Let me now turn to the approach toward Year 2000 compliance that we have taken at the Federal Reserve, as it may be a useful case study of the scope and scale of what a substantial public agency faces. Doubtless there are larger entities that will confront larger tasks internally, but there are probably not very many with more substantial external relationships requiring attention. For example: The Federal Reserve operates several payments applications that process and settle payments and securities transactions between depository institutions in the United States. Three of these applications, Fedwire funds transfer, Fedwire securities transfer, and Automated Clearing House (ACH) are the most critical payment systems. About 10,000 depository institutions use the Fedwire funds transfer system to transfer each year approximately 86 million payments valued at over $280 trillion. About 8,000 depository institutions use the Fedwire securities transfer service to transfer each year approximately 13 million securities valued at over $160 trillion. The average total daily values of Fedwire funds and securities transfers are about $1.1 trillion and $650 billion respectively. The ACH is an electronic payment service that is used by approximately 14,000 financial institutions, 400,000 companies, and an estimated 50 million consumers. Approximately 4 billion ACH transactions were processed in 1996 with a total value of approximately $12 trillion. About 3.3 billion of these payments were commercial transactions and the remainder were originated by the Federal government. The scope of the Federal Reserve's Year 2000 activities includes remediation and testing of all components of these processing environments, the supporting telecommunications network, and all of the many systems supporting the operations of this complex organization. That is just for payment systems; bank supervision and monetary policy management pose challenges of similar magnitude. I believe that we have developed a successful program to ensure Year 2000 readiness that is based on industry best practices. This program is receiving the highest level of executive support that emphasizes awareness and commitment throughout our organization. To date, we have completed application assessments, developed internal test plans, and we are currently renovating software. All Federal Reserve computer program changes are scheduled to be completed by year-end 1998 with the financial services systems that interface externally with the industry completed by mid-1998. This schedule will permit approximately 18 months for customer testing, to which we are dedicating considerable support resources. Challenges ahead include managing a highly complex project involving multiple interfaces with others, ensuring the readiness of vendor components, ensuring the readiness of applications, thorough testing, extensive communications, and establishing contingency plans. We are also faced with labor market pressures that call for creative measures to retain staff who are critical to the success of our activities. And the entire project is being closely coordinated among the twelve Reserve Banks, the Board of Governors, numerous vendors and service providers, approximately 13,000 customers, and numerous other government agencies. Federal Reserve Bank Supervision As a bank supervisor, the Federal Reserve has worked closely with the other U.S. supervisory agencies that are part of the Federal Financial Institutions Examination Council (FFIEC) to alert the industry to our concerns and to monitor Year 2000 preparations of the institutions we supervise, so that we can identify and address problems that arise as early as possible. By mid-year 1998 we expect to complete a thorough compliance preparedness examination of every bank, U.S. branch and agency of a foreign bank, and service provider that we supervise. Our examination program includes a review of each organization's Year 2000 project management plans in order to evaluate their sufficiency, to ensure the direct involvement of senior management and the board of directors, and to monitor their progress against the plan. When facing the most serious supervisory cases of lack of preparedness for the Year 2000, the Federal Reserve will use its enforcement authority as necessary to require corrective action. Recently, the Federal Reserve issued the first cease and desist order against a bank holding company for failing to provide its subsidiary banks with reliable information systems services and for not addressing the needs resulting from the approach of the century date change. Federal Reserve Contingency Planning While our main focus is on our Year 2000 readiness and the avoidance of problems, we know from experience that on occasion things can go wrong. Given our unique role as the nation's central bank, the Federal Reserve has always stressed contingency planning -- for both systemic risks as well as operational failures. As a result of our experience in responding to problems arising from such diverse events as natural disasters and power outages, as well as liquidity problems in institutions, we expect to be well positioned to deal with Year 2000 problems that might arise. We are mindful, however, that Year 2000 failures may present many unique situations and we are developing specific contingency plans to address various operational scenarios. Our existing business resumption plans will be updated to address date-related difficulties, and key technical staff will be ready to respond quickly to problems with our computer and network systems. We recognize that despite their best efforts, some depository institutions may experience operating difficulties, either as a result of their own computer problems or those of their customers, counter parties, or others. The Federal Reserve is prepared to provide information to depository institutions on the balances in their accounts with us throughout the day, so that they can identify shortfalls and seek funding in the market. And, of course, the Federal Reserve will be prepared to lend in appropriate circumstances. Federal Reserve Efforts to Promote Public Awareness We believe that extensive communication with the industry and the public is crucial to the success of century date change efforts. Our public awareness program concentrates on communications with the financial services industry related to our testing efforts and our overall concerns about the industry's readiness. We have inaugurated a Year 2000 industry newsletter to advise our bank customers of our plans and time frames for making our software Year 2000 ready. We have also established an Internet Web site to provide depository institutions with information regarding the Federal Reserve System's CDC project. This site can be accessed at the following Internet address: http://www.frbsf.org /fiservices/cdc. On behalf of the FFIEC, the Federal Reserve has developed a Year 2000 information distribution system, including an Internet Web site and a toll free Fax Back service (888-882-0982). The Web site provides easy access to policy statements, guidance to examiners, and paths to other Year 2000 Web sites available from numerous other sources. It can be accessed at the following Internet address: http://www.ffiec.gov/y2k. We have also produced a ten-minute video entitled "Year 2000 Executive Awareness", intended for viewing by a bank's board of directors and senior management, which presents a summary of the Year 2000 five-phase project management plan outlined in the interagency policy statement. The video can be ordered through the Board's Web site. International Awareness Early in 1996, the Federal Reserve began to have concerns about international progress on the Year 2000. Informal discussions within the Bank for International Settlements (BIS) Committee on Banking Supervision indicated that the Year 2000 was not then a priority in many countries. That has now changed. We are working intensively through the Committee, which is composed of many international supervisory agencies. Through formal and informal discussions, the distribution of several interagency statements, advisories, and the Federal Reserve's Year 2000 video, we have sought to elevate bank supervisors' awareness of the risks posed by the century date change. The G-10 central bank governors issued an advisory in September, that included a paper by the bank supervisors committee on the Year 2000 challenge, to ensure a higher level of awareness and activity among leading bankers. If you have not seen it, I commend it to your attention. Federal Reserve speakers have been featured in a number of Year 2000 conferences and are looking for others wherever they can be found or promoted. We also participated in a BIS meeting for G-10 and major non-G-10 central banks in September which provided a forum to share views on, and approaches to, dealing with Year 2000 issues. The majority of those present seemed confident that payment and settlement applications under their management would be ready, but the approach of many central banks toward raising industry awareness in their countries varies widely, and little is known about preparations in smaller emerging nations. These efforts within the BIS have confirmed what we had been hearing anecdotally from U.S. financial institutions and from the U.S. branches and agencies of foreign banks. Reportedly, many foreign banks continue to be less focused on the Year 2000 than prudence might suggest. Many organizations appear to be underestimating how important and difficult effective preparation is to a successful Year 2000 effort. To broaden the base of global supervisory awareness of the issue, the Basle Supervisors are working with securities and insurance authorities to sponsor additional activities, and I understand that final arrangements are now being made to hold a large meeting for financial supervisors from around the world in early April to further focus on this topic. Additionally, the banking supervisors are working to see that third-party vendors and service providers rise to the issue. Our supervisory agencies sponsored a conference for vendors in November and the New York Reserve Bank is sponsoring two half-day conferences on managing vendor relationships in early January. In areas such as telecommunications, where the financial industry is highly dependent on companies supervised by other regulators, we have also initiated contact with the FCC to help assure that federal supervisors are coordinated in their approaches. How can the Professional Bankers Association Help? You can help. Time is of the essence. As you can see, much is being done, but we fear that on a worldwide comprehensive basis we are far behind where we should be, and the days are inexorably going by. The problem is global and must be solved worldwide, or all will suffer. I believe the membership of the PBA is in a unique position to raise the awareness of developing countries to this looming problem. Your intervention might take many forms, and your assistance in stimulating action within your constituency can help bridge the readiness gap we believe now exists in international Year 2000 preparedness efforts. Each member of the PBA can help to help raise the visibility of the problem, publicize its critical nature, and ensure that a compliance commitment originates from the most senior executive level within all of the organizations you monitor. Your own senior executives could communicate the priority placed on this issue to all constituents through public policy statements such as that issued by the G-10 governors of the BIS. As the FED case demonstrates, your awareness program should emphasize that this is not just a technical matter, but rather a comprehensive business continuity problem that requires the joint cooperation of government and industry sectors. Your organizations have access to the highest levels of government within your constituent countries that can enable you to effectively elevate concern about the danger this problem poses to the safety and soundness of each country's financial system. The PBA could also work closely with the financial community within developing countries to assist in identifying Year 2000 risks, prioritizing resources, and assessing the application and system inventories of your constituents. You can identify common third-party applications and systems and assist in coordinating efforts among these product suppliers and developing countries. The PBA can promote collaborative efforts among developing nations, and sponsor conferences and workshops on Year 2000. You can act as a clearinghouse for information and share "best practices" that could provide a valuable jump-start to those countries still behind the curve. Finally, Year 2000 assessment must also evaluate the level of financial resources available to developing countries to successfully complete a readiness program, and funding to constituents for Year 2000 initiatives should receive a high priority. Closing Remarks As I indicated at the outset, the Federal Reserve views Year 2000 preparations with great seriousness. We have placed a high priority on the remediation of date problems and the development of action plans that will ensure business continuity for the critical financial systems we operate. While we have made significant progress, and are on schedule in validating our internal systems and preparing for testing with depository institutions and others using Federal Reserve services, we must ensure that our efforts remain on schedule and that problems are addressed in a timely fashion. Much remains to be done. We intend to be as prepared as is humanly possible, and believe that most U.S. banking institutions will be, as well. So will the central and private banks of various other countries. But we would be greatly comforted if this were the outlook for every nation, and for every industry. At this time, that is not the prospect. Let me close by urgently requesting your concern and assistance. Return to top 1997 Speeches Home | News and events Accessibility | Contact Us Last update: December 15, 1997, 12:45 PM
@FedFRASER