Upcoming Year 2000 Assessments and Revised WorkProgram
FIL-74-98 July 8, 1998
CHIEF EXECUTIVE OFFICER
Confidentiality of Year 2000 Assessment Rating
The Federal Deposit Insurance Corporation (FDIC), in partnership with state banking regulators, recently completed initial on-site Year 2000 assessments of all state non-member banks. A number of insured financial institutions have asked whether they may disclose to the public the rating assigned to their institution. FDIC regulations strictly prohibit such a disclosure.
Information from Year 2000 assessments are governed by the same rules of confidentiality that apply to FDIC examinations for safety and soundness, compliance, information systems, and trust activities. Under Part 309 of the FDIC's rules and regulations, disclosure of reports of examination, or any information contained in them, is strictly prohibited. Accordingly, institutions may not disclose results from Year 2000 assessments just as they may not disclose other types of examination information.
Moreover, disclosure of such information to third parties such as financial ratings firms or fidelity bond carriers is likewise prohibited. Requests from such entities are not authorized by the FDIC or any other banking regulator. In light of the blanket prohibition on disclosing ratings, compilations of Year 2000 ratings by such firms are necessarily incomplete and unreliable.
While the disclosure of Year 2000 assessment information is prohibited, the FDIC strongly encourages financial institutions to publicly disclose the steps they have taken to address Year 2000 issues, including their own evaluation of their compliance with Year 2000 guidance issued by the Federal Financial Institutions Examination Council (FFIEC). Such disclosures are an effective method for institutions to inform customers of their Year 2000 readiness, and are recommended by the FDIC. In FIL-52-98: Inactive Financial Institution Letters: "Year 2000 Customer Awareness Guidance" issued on May 13, 1998, the FDIC emphasized the importance of effective communication between institutions and their customers. In FIL-24-98: Inactive Financial Institution Letters: "Discussion of Year 2000 Issues in Annual Disclosures" issued on February 27, 1998, the FDIC highlighted the Securities and Exchange Commission's (SEC) Year 2000 disclosure requirements for publicly traded institutions. The FDIC also encouraged other institutions not subject to SEC requirements to use the SEC guidance as the basis for voluntary public disclosure about Year 2000 readiness.
The FDIC, in conjunction with the other federal banking agencies, also assesses the Year 2000 readiness of the majority of service providers and selected software vendors.
The FDIC and the other federal banking agencies disclose the assessment information of such service providers, and those software vendors who consent to disclosure, to their insured financial institution customers. However, under the same disclosure rules that apply to financial institutions, service providers and software vendors are not authorized to disclose their Year 2000 assessment information. Likewise, insured financial institution customers may not disclose the assessment information of their service providers or software vendors. The FDIC does not "certify" Year 2000 compliance of service providers or software vendors, nor does it rank their Year 2000 readiness efforts. Like insured financial institutions, service providers and software vendors are encouraged to share with their customers the steps they have taken to address Year 2000 issues.
For further information, please contact your Division of Supervision regional office.
Nicholas J. Ketcha Jr.
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial
institution letters may be obtained through the FDIC's Public
Information Center, 801 17th Street, NW, Room100, Washington, DC
20434 (800-276-6003 or (703) 562-2200).