Comment: |
This testimony by an official with the General Accounting Office, Congress's financial watchdog on the executive department's bureaucracy, indicates how vulnerable the thrift industry is.
Notice the word "challenge." It means "problems not yet solved."
Notice also the number of things that can go wrong in 2000, assuming (ha!) that bank runs have not closed the thrifts.
The report emphasizes how late in the game the correction process began, at every level.
This is the unsolved problem of shared data. Noncompliant data can corrupt the data in a compliant computer. "In addressing the Year 2000 problem, thrifts must also consider the computer systems that interface with, or connect to, their own systems. These systems may belong to payment system partners, such as wire transfer systems, automated clearing houses, check clearing providers, credit card merchant and issuing systems, automated teller machine networks, electronic data interchange systems, and electronic benefits transfer systems. Because these systems are also vulnerable to the Year 2000 problem, they can introduce errors into thrift systems."
These words are ominous: "Our final concern is that, even though OTS has corrected the majority of its mission critical systems and is making good progress toward remediating other systems and equipment, it does not have a comprehensive Year 2000 program plan."
This testimony was presented to the Subcommittee on Financial Services and Technology, Senate Banking, Housing and Urban Affairs Committee, on March 18.
* * * * * *
If Year 2000 issues are not adequately addressed, key automated thrift systems -- affecting hundreds of billions of dollars in assets, transactions, and insured deposits -- are subject to serious consequences ranging from malfunction to failure. Such consequences would at the very least cause significant inconveniences to both thrifts and their customers. More significantly, system failure could lead to thrift closings and serious disruptions to both the thrift community and customers. We will also be discussing the progress OTS is making in addressing Year 2000 concerns for its own internal systems. . . .
In summary, we found that the Year 2000 problem poses a serious dilemma for thrifts due to their heavy reliance on information systems. It also poses a challenge for OTS [Office of Thrift Supervision] and the other financial institution regulators who are responsible for ensuring the Year 2000 readiness of thrifts, banks, and credit unions. Regulators have a monumental task in making sure that financial institutions have adequate guidance in preparing for the Year 2000 and in providing a level of assurance that such guidance is being followed. . . .
Despite aggressive efforts, OTS -- like the other regulators -- still faces significant challenges in providing a high level of assurance that individual thrifts will be ready. In fact, the problems we found at OTS are generally the same as those found at the other regulators we reviewed. First, OTS was late in addressing the problem and consequently, is behind the Year 2000 schedule recommended by both GAO and the Office of Management and Budget (OMB). In addition, key guidance -- being developed under the auspices of FFIEC -- needed by thrifts and other financial institutions to complete their own preparations is also late which, in turn, could potentially hurt individual institutions' abilities to address Year 2000 issues. . . .
OTS has done much to mitigate the risk to its mission critical, internal systems. In fact, it has already renovated, tested, and implemented 13 of its 15 mission-critical systems. However, it has not yet completed contingency plans -- which should have been completed by mid-1997 as part of the assessment phase -- necessary to ensure business continuity in case system renovations or replacements are not completed in time or do not work as intended. Such plans are expected within the next 3 months. Compounding this problem is the fact that OTS has not developed a comprehensive Year 2000 conversion program plan providing a clear understanding of the interrelationships and dependencies among the automated systems that support, for example, its supervisory functions, office equipment, and facilities. Such a plan provides added assurance that all systems and interrelationships are assessed and corrected, mitigating the risk that systems will not operate as intended in the year 2000 and beyond. . . .
Thrifts primarily emphasize residential mortgage lending and are an important source of housing credit. Most of these institutions have assets of under $500 million and are locally owned and managed. Together, they are responsible for about $770 billion in assets. . . .
According to OTS, virtually every insured financial institution relies on computers -- either their own or those of a third-party contractor -- to provide for processing and updating of records and a variety of other functions. Because computers are essential to their survival, OTS believes that all its institutions are vulnerable to the problems associated with year 2000. Failure to address Year 2000 computer issues could lead, for example, to errors in calculating interest and amortization schedules. Moreover, automated teller machines may malfunction, performing erroneous transactions or refusing to process transactions. In addition, errors caused by Year 2000 miscalculations may expose institutions and data centers to financial liability and loss of customer confidence. Other supporting systems critical to the day-to-day business of thrifts may be affected as well. For example, telephone systems, vaults, security and alarm systems could malfunction.
In addressing the Year 2000 problem, thrifts must also consider the computer systems that interface with, or connect to, their own systems. These systems may belong to payment system partners, such as wire transfer systems, automated clearing houses, check clearing providers, credit card merchant and issuing systems, automated teller machine networks, electronic data interchange systems, and electronic benefits transfer systems. Because these systems are also vulnerable to the Year 2000 problem, they can introduce errors into thrift systems.
In addition to these computer system risks, thrifts also face business risks from the Year 2000. That is exposure from its corporate borrower's inability to manage their own Year 2000 compliance efforts successfully. Consequently, in addition to correcting their computer systems, thrifts have to periodically assess the Year 2000 efforts of large corporate customers to determine whether they are sufficient to avoid significant disruptions to operations. OTS and the other regulators established an FFIEC working group to developing guidance on assessing the risk corporate borrowers pose to thrifts. . . .
First, like the other regulators, OTS is behind in assessing individual institution's readiness. As with NCUA and FDIC, OTS got off to a late start assessing the readiness of the institutions it oversees and, consequently, was late in completing assessment phase activities. . . .
Second, OTS and the other regulators are still developing key guidance to help institutions complete their Year 2000 efforts. . . .
In recommending these measures, the regulators noted that they have found that some financial institutions were heavily relying on their service providers to solve their Year 2000 problem. . . .
Third, although OTS has been working hard to assess industrywide compliance, it has yet to determine the level of technical resources needed to adequately evaluate the Year 2000 conversion efforts of the thrifts and vendors who service them. Instead, OTS is using its existing resources to perform the evaluations. . . .
OTS officials told us they are in the process of adding four additional systems examiners. They also believe that it is effective to use its safety and soundness examiners to perform Year 2000 assessments at the thrifts not visited by the system examiners. Finally, these officials expressed concern that even if they could hire more technical examiners, it is very hard to find and hire staff with these skills. However, without the requisite analysis, OTS cannot know whether adding four additional examiners will meet it needs. In addition, by using safety and soundness examiners, OTS runs the risk of having examiners make incorrect judgments about the readiness of thrifts. This risk will only increase as we get closer to the millennium because the latter phases of correction--renovation, testing and implementation--take a higher level of technical knowledge to asses whether these steps are performed correctly. . . .
Despite OTS' good efforts to convert its internal systems, the contractor found that OTS had not prepared contingency plans as part of its assessment phase activities and recommended that it develop such plans. As of the time of our work, OTS had not yet implemented this recommendation. It was still developing these plans to ensure continuity of operations in the event its remediated systems fail or the two systems being renovated are not fixed in time. Our Assessment Guide calls on agencies to initiate contingency plans during the assessment phase so that they have enough time to (1) identify the manual or other fallback procedures, (2) define the specific conditions that will cause the activation of these procedures, and (3) test the procedures. The agency expects to complete these plans by the middle of 1998.
Our final concern is that, even though OTS has corrected the majority of its mission critical systems and is making good progress toward remediating other systems and equipment, it does not have a comprehensive Year 2000 program plan. To its credit, the agency has prepared plans for correcting its systems and has been reporting its progress to Treasury on a monthly basis. However, OTS did not develop a single plan providing a clear understanding of the interrelationships and dependencies among the automated systems that support its business operations such as thrift supervision, office equipment, payroll, and facilities. Instead, OTS officials told us they prepared separate plans for (1) systems operated and maintained by the Information Resources Management office, (2) systems operated and maintained by other offices and regions, and (3) office equipment and facilities. Without an integrated plan, OTS cannot not provide assurance that all systems and interrelationships had been assessed and corrected. This increases the risk that systems will not operate as intended in the year 2000 and beyond.
|