Federal Deposit Insurance Corporation
Status of Year 2000 Progress in the Banking and Financial Services Sector before the Committee on Banking and Financial Services
U.S. House of Representatives
10:00 A.M., April 13, 1999
Room 2128 Rayburn House Office Building
Good morning, Mr. Chairman and Members of the Committee. I appreciate this opportunity
to testify on behalf of the Federal Deposit Insurance Corporation (FDIC) regarding the
status of Year 2000 progress in the banking industry. The uncompromising deadline of
January 1, 2000, presents extraordinary challenges for financial institutions and their
regulators. As you know, we have made preparation for the Year 2000 date changeor
Y2K, as it is commonly knownthe number one safety-and-soundness priority at the
Today, we would like to provide an overview of the state of bank readiness regarding
Y2K. The industry continues to make headway and although some financial institutions have
experienced delays in meeting Federal Financial Institutions Examination Council (FFIEC)
milestone dates, overall the progress is satisfactory. We believe the efforts and
resources of the industry, coupled with the aggressive supervisory program carried out by
the federal and state regulators, have contributed to the level of success.
It is unrealistic, however, to expect that there will not be any problems as a result
of the century date change. There are too many unknowns for anyone to reach such a
conclusion. For example, factors outside the banking industry, both domestic and
international, could pose problems to individual financial institutions. However, media
reports predicting a worst-case scenario are not borne out by the results of our on-site
examinations, which indicate that the overwhelming majority of institutions remain
on-track for being prepared for the century date change.
In this testimony, we will outline the results of our second round of on-site Year 2000
assessments, and discuss our supervisory concerns and the actions we will take. Next, we
will address the need to provide the public with adequate information about the Year 2000
date change and the steps the banking industry should take to inform the public of their
Y2K preparations and the steps the FDIC is taking to inform the public. Every depositor
should know that an FDIC-insured deposit is safe. In addition, we will explain our
contingency plans if financial institutions fail because of problems caused by the century
date change and we will discuss the FDIC's efforts to prepare our internal systems.
Finally, we will address several other issues raised in the Committee's letter of
RESULTS OF PHASE II ON-SITE ASSESSMENTS
Since our last appearance before this Committee, the FDIC, along with the other federal
and state banking and thrift regulators, has completed the second phase of our Y2K
assessment program. In this phase of the program, FDIC examiners focused on the results of
systems testing of financial institutions, service providers, and software vendors. The
overwhelming majority of banks remain on-track to be Y2K ready. In addition, we are taking
aggressive action to ensure that those financial institutions, service providers, and
software vendors that did not receive a Satisfactory rating in this phase take the actions
necessary to prevent disruptions because of the century date change.
Year 2000 Assessment Program
The FDIC is the primary federal supervisor of 5,867 institutions (FDIC-supervised
institutions). Our overall Year 2000 supervisory plan is to conduct a risk-focused
analysis of Year 2000 assessment data for each supervised institution in order to gauge
the effectiveness of its readiness efforts and formulate ongoing supervisory strategy. To
this end, the FDIC, along with the other members of the FFIEC, developed and enhanced
examination procedures to address each of the phases of the Year 2000 project and provided
training to ensure examination staff competency.
The FFIEC also developed several guidance papers to aid the industry in achieving Year
2000 readiness. These papers incorporated milestones by which an institution should
complete certain tasks such as testing, contingency planning, and customer readiness
assessments. The milestones, however, are not the sole factor for the assignment of a
rating. Other factors to be considered include the overall effectiveness of the
institution's readiness project, the resources available to accomplish its goals, and the
competency of management.
The federal and thrift banking agencies use a three-tier rating system (Satisfactory,
Needs Improvement, or Unsatisfactory) to measure the readiness of financial institutions,
service providers and software vendors. The Satisfactory rating is assigned to those
institutions exhibiting acceptable performance and where project weaknesses, if any, are
minor and can be readily corrected within the existing project management framework. A
Satisfactory institution's remediation progress to date meets or nearly meets expectations
laid out in its Year 2000 project plan. In addition, senior management and the board of
directors of the institution recognize and understand Year 2000 risk, are active in
overseeing institutional corrective efforts, and have ensured that the necessary resources
are available to address this risk area.
A Needs Improvement rating is assigned to an institution that is not expected to meet
all FFIEC testing time frames on or shortly after the target dates; its written testing
program does not adequately address all testing issues; its assessment of material
customers' Year 2000 preparedness is incomplete; or its customer awareness strategy is
incomplete or unresponsive to customer concerns. In addition, the institution's
remediation progress to date may be behind schedule and senior management or the board of
directors may not be fully aware of the status of Year 2000 corrective efforts, may not
have committed sufficient financial or human resources to address this risk, or may not
fully understand Year 2000 date change implications.
Those institutions rated Unsatisfactory exhibit poor performance and project weaknesses
that are serious in nature and not easily corrected within the existing project management
framework. The institution's progress to date is seriously behind the schedule laid out in
its Year 2000 project plan. In addition, senior management and the board of directors do
not understand or recognize the effect that the Year 2000 will have on the institution.
To ensure that our ratings, and the examination data on which our ratings are based,
are accurate and consistent with FFIEC standards, FDIC staff has received extensive
training in the application of the FFIEC guidance to the examination process. In addition,
staff has been given a number of examination tools, work programs and clarifying memoranda
to assist in the consistent application of policy. Also, all Year 2000 assessment findings
are reviewed at an FDIC regional office by Case Managers who are highly trained in
examination and review procedures. The assessments are then subject to final review by a
senior regional official.
Year 2000 Phase II Assessment Results
As of March 31, 1999, the FDIC, with the assistance of state banking supervisors,
completed the second round of on-site assessments at the financial institutions we
supervise. In addition, on-site assessments of the 142 data service providers and software
vendors for which we are responsible were completed. Ratings were assigned on the basis of
a qualitative analysis of an institution's risk profile, taking into consideration the
institution's size and sophistication, as well as the nature and complexity of its
Financial Institution Results
Our results show that approximately 97 percent of FDIC-supervised institutions were
rated Satisfactory. Less than 3 percent were rated Needs Improvement, and less than
one-half of one percent were rated Unsatisfactory.
Year 2000 Ratings for FDIC-Supervised Institutions as of March 31, 1999
Number of Institutions
As the insurer of deposits at all banks and savings associations, the FDIC also reviews
information from the other federal banking and thrift regulators on the Year 2000 status
of the financial institutions they supervise. In the aggregate, of the insured depository
institutions assessed, over 96 percent were rated Satisfactory, 3 percent were rated Needs
Improvement, and less than one-half of one percent were rated Unsatisfactory.
Year 2000 Ratings for All FDIC-Insured Institutions as of March 31, 1999
Number of Institutions
Service Provider and Software Vendor Results
The FDIC and the other banking agencies also completed Phase II assessments of 256
service providers and software vendors that provide data processing services or software
to the industry. Virtually all banks and savings associations rely on service providers
and software vendors for at least a portion of their data processing services. Therefore,
these companies play a critical role in helping financial institutions become Year 2000
Of the 142 service providers and software vendors examined by the FDIC, our data
show that over 96 percent were rated Satisfactory and under 4 percent were rated Needs
Improvement. None were assessed as Unsatisfactory.
Year 2000 Assessment Ratings for FDIC-Examined
Service Providers and Software Vendors as of March 31, 1999
Number of Companies
Taken together, of the total service providers and software vendors examined by the
FFIEC agencies, data show that more than 97 percent were assessed as Satisfactory and less
than 3 percent were rated Needs Improvement. None were rated Unsatisfactory. Federal
banking and thrift examiners are contacting each of the service providers and software
vendors, regardless of their rating, every three months to follow up on their progress.
Year 2000 Assessment Ratings for All FFIEC-Examined
Service Providers and Software Vendors as of March 31, 1999
Number of Companies
The FFIEC member agencies share the results of service provider and software
vendor reviews with the client financial institutions. This information provides financial
institutions with facts regarding the efforts and state of readiness of their service
providers and software vendors. We are continuing to stress the importance of continued
monitoring on the financial institution's part. We also are emphasizing that these reviews
show a company's progress at a particular point in time and the ratings could change over
Throughout the various phases of our supervisory program, the FDIC took a number of
actions against institutions that failed to address Year 2000 issues appropriately. During
Phase II, guidance issued by the FDIC suggested that a board resolution or a Memorandum of
Understanding be sought from institutions rated Needs Improvement. For institutions rated
Unsatisfactory, the guidance suggested that a plan or a Safety-and-Soundness Order under
Section 39 or a Cease-and-Desist Order under Section (8)(b) of the Federal Deposit
Insurance Act (FDI Act) generally should be sought.
As of March 31, 1999, the FDIC had 379 financial institutions adopt board resolutions
and another seven are in process. The FDIC had entered into 141 Memoranda of Understanding
and another 24 Memoranda are in process. The FDIC also requested 22 corrective plans under
Section 39 of the FDI Act and issued 10 formal Cease-and-Desist Orders. In total, as of
March 31, 1999, the FDIC completed a total of 552 corrective actions and had 41 pending.
These actions have been effective in getting management to address deficiencies and
take necessary action toward Year 2000 readiness. For example, of the 552 institutions for
which corrective actions were completed, 488 institutions now are rated Satisfactory.
FDIC Year 2000 Supervisory Corrective Programs and Enforcement Actions
against Financial Institutions as of March 31, 1999
Type of Action
Bank Board Resolution
Memorandum of Understanding
Request for Plans under Section 39 of the FDI
As of March 31, 1999, the FDIC also took actions against 13 service providers and
another two actions are in process. The actions included board resolutions, Memoranda of
Understanding, and formal enforcement actions. These actions also appear to have been
effective in getting management to take necessary steps. Of the thirteen service providers
against which supervisory action has been taken, eight are now rated Satisfactory and one
has been sold.
Given the short time remaining until the century date change, the FDIC has adopted a
more aggressive stance to achieve desired remedial attention at institutions rated Needs
Improvement or Unsatisfactory during Phase III. In procedures spelled out in a Memorandum
dated April 6, 1999, from the FDIC Director of Supervision to all Regional Directors, the
FDIC will generally seek action under Section 39 or a Cease-and-Desist Order for
institutions assessed as Needs Improvement or Unsatisfactory. The FDIC has prepared
standard language to enable us to process such actions quickly.
FDIC Year 2000 Supervisory Corrective Programs and Enforcement Actions
against Service Providers as of March 31, 1999
Type of Action
Memorandum of Understanding
Formal Enforcement Actions
aThese actions were issued jointly with the other FFIEC agencies.
PHASE III SUPERVISORY STRATEGY
On April 1, 1999, the FDIC and the other banking agencies, began Phase III of our Year
2000 supervisory assessment program. This phase will focus on the following:
By June 30, 1999, financial institutions' testing of mission-critical systems should be
complete and implementation of mission-critical systems should be substantially complete.
By June 30, 1999, financial institutions should have substantially completed the
development of their business resumption contingency plans and designed a method of
validation so the plans can be tested for effectiveness and viability.
Financial institutions should have identified their material customers and should have
evaluated their Year 2000 readiness in order to assess their risk to the institution.
Financial institutions should be communicating with their customers about their Year
During Phase III, for those institutions with a Satisfactory assessment rating, FDIC
examiners will either visit or telephone their management at least every 90 days. For
every institution rated less than Satisfactory, examiners will go on-site every 90 days,
or more frequently if necessary, to monitor progress and ensure that deficiencies are
corrected. At a minimum, a follow-up phone contact with their management will be made to
these institutions within 45 days of the on-site assessment. In addition, we will visit
on-site every 90 days, and contact every 45 days, those entities with a composite CAMELS
rating or management component rating of 4 or 5.
Certain institutions that play a critical role in the regional financial
structuresuch as those with extensive interstate or intrastate operations (or both),
significant retail operations, large merchant processing volume, or large funds transfer
volumealso will receive an on-site assessment. The exclusion of any institution with
deposits over one billion dollars as of December 31, 1998, must be justified in writing.
FDIC examiners will conduct an on-site assessment at any financial institution that has
converted any or all of its mission-critical systems during Phase III after the conversion
is completed and tested. Service providers and software vendors will continue to be
contacted every 90 days. If circumstances warrant, we will contact institutions, and
service providers and software vendors more frequently, as we have done in the past.
Role of the Office of Inspector General
An important component of the FDIC's Year 2000 effort has been the ongoing assessments
and suggestions of our Office of Inspector General (OIG). The OIG has had significant
oversight of our Year 2000 efforts. This oversight is an important part of the FDICs
overall quality assurance of its Year 2000 effort, and we welcome the views and
suggestions for improvement that the OIG has provided.
Recently, the OIG completed a review of selected Phase II exams. We are pleased that
the OIG has indicated to us its belief that the FDICs overall Y2K supervisory
program is effective. However, the OIG noted certain exceptions that, while they cannot be
extrapolated to the Year 2000 program as a whole, did suggest possible improvements to the
examination process. Our Division of Supervision has worked closely with the OIG to
implement these suggestions.
In its report, the OIG discussed how the Y2K supervisory program could be improved. The
OIG's suggestions were incorporated into guidance that was issued on April 6, 1999, to all
Regional Directors for distribution to examiners. The guidance discussed the frequency and
nature of the contacts with FDIC-supervised institutions during Phase III. For example, a
combination of on-site visits and telephone contacts was specified, depending on the risk
profile of the institution. The areas of concentration for examiners were delineated,
including deficiencies noted at previous Y2K assessments. Weaknesses identified must be
documented and resolved through acquisition of supporting documentation from the
institution. The time frame for preparation and distribution of assessment reports was
specified and rating criteria were clarified. The FDIC reminded regional staff that we
place a high premium on accuracy in the examination process and we have reaffirmed to our
staff that they should take sufficient time to ensure that examinations are complete and
The FDIC has a unique responsibility to the public to maintain confidence in the
financial system. Over the past 66 years, we have worked to make bank failures a non-event
for insured depositors. As a result, three generations of Americans have been secure in
the knowledge that their insured deposits are safe.
The FDIC recognizes that the unique challenges of the Year 2000 date change present us
with an additional obligation to provide information to the public, but the primary
obligation rests with individual banks and the banking industry. Year 2000 readiness is,
and ultimately must be, the responsibility of each financial institution's directors and
officers. These individuals are in the best position to know their institution's
operations, strategies, resources and exposure, as well as the concerns of their
customers. Therefore, the federal banking and thrift regulators have repeatedly advised
banks and savings associations that providing meaningful information to customers should
be an important part of their Y2K project plans. Information should be available regarding
the progress a bank is making and when the bank expects to complete its preparations.
Unfortunately, it appears that many institutions have not communicated sufficiently with
their customers about the Year 2000 date change. We are concerned about this situation and
will continue to stress the need for consumer awareness and communication efforts on the
part of the industry during Phase III of the Y2K program.
Fostering Consumer Awareness
For its part, the FDIC will continue efforts over the next few months to inform and to
educate the public. The FDIC has formed a partnership with the Conference of State Bank
Supervisors to educate the public about Y2K and financial institutions. In addition, the
FDIC is a member of the President's Council on Year 2000 Conversion. The FDIC is
disseminating Year 2000 information through local civic organizations.
FDIC staff is being made available to respond to speaking requests or other outreach
opportunities and we have participated in local seminars sponsored by Members of Congress.
Our most senior-level officialsincluding Vice Chairman Hove and myselfare
discussing Y2K issues and industry preparations with the public.
To help bank customers understand Y2K and how it might affect them, we are providing
various educational materials to the public. For example, the Fall 1998 issue of FDIC
Consumer News was devoted entirely to Y2K. It provides a comprehensive guide to the
issues of Y2K and banking. Copies of this issue are being distributed to the public
through the Consumer Information Center, in Pueblo, Colorado. Its availability was
announced in the February 7, 1999, edition of Parade magazine. In the first three
days following the announcement, the Consumer Information Center received 14,000 phone
calls requesting the FDIC Consumer News and their Web site received 50,000 hits. In
addition, we will be providing cautions against various Y2K scams in the next issue of FDIC
The agencies also have published a pamphlet, The Year 2000 Date Change,
available in English and Spanish. Trade associations have distributed more than 12 million
copies of The Year 2000 Date Change pamphlet to financial institutions for further
distribution to their customers. These materials also are available to the public at no
charge and can be obtained through our Web site (www.fdic.gov).
The FDIC, in conjunction with the other banking and thrift regulators, is finalizing A
Y2K Checklist for Customers, an expanded version of which has appeared in the FDIC
Consumer News. Although the public has absolutely no reason to question the deposit
insurance guarantee, the checklist provides steps that each person can take to help reduce
or eliminate any problems that might occur as a result of the century date change. It
includes helpful suggestions for consumers, such as:
Educate Yourself About Y2KRead all you can about the Year 2000 issue and what your
financial institution is doing to protect customers.
Keep Copies of Financial RecordsAs always, keep good records of all your financial
transactions, especially for the last few months of 1999, until you get several statements
Pay Attention to Your FinancesAs always, balance your checkbook regularly and
check your transactions for accuracy.
Make Prudent PreparationsRemember all your payment options (checks, credit cards,
debit cards, ATMs, and tellers) in the event one form of payment doesn't work as planned.
Be On Guard Against Y2K ScamsBe skeptical if someone asks for your account
information or tries to sell you a product, service, or investment that is supposedly Y2K
safe. Protect your personal information, including your bank account, credit-card, and
social security numbers.
Review Your FDIC Deposit Insurance CoverageThe federal government's protection of
insured deposits will not be affected by Y2K.
Aside from providing information to the public, the FDIC is implementing measures to
make it easier for the public to obtain answers to questions about the Year 2000 and
banking. The FDIC has begun operation of a toll-free telephone line (1-877-FDIC-Y2K) to
respond to public inquiries about the Year 2000 date change and its effect on financial
FDIC CONTINGENCY PLANNING
FOR FAILED FINANCIAL INSTITUTIONS
Throughout its history, the FDIC has continually created and refined contingency plans
to address different types of bank failures involving diverse types of financial
institutions. Our current contingency plans are intended to ensure that should any
institution be closed because of Year 2000 problems, there will be minimal disruption to
insured depositors. We are developing plans to provide depositors access to their insured
funds in a timely manner. In addition, the FDIC is represented on the various subgroups
established by the FFIEC that are formulating contingency plans to address issues raised
Contingency planning is particularly important because a Year 2000 failure, should one
or more occur, will not be similar to past bank failures. The FDIC always has relied upon
the fact there is reasonably good information available when a bank fails. This may not be
true if computer systems break down and data are corrupt. Although the unavailability of
information could make the job more complicated, appropriate contingency planning should
enable the FDIC to address this new type of failure and protect depositors just as we have
in the past.
The FDICs contingency plans address issues related to: (1) reconstructing
corrupted data; (2) transferring deposit accounts and assets from a failed bank to a
healthy institution; (3) providing insured depositors their money even if there is no
acquirer; (4) providing customer service; and (5) having available resources to carry out
those responsibilities if there are multiple failures in various locations.
Although some institutions that could fail may be readily identified with reasonable
lead-time, it is possible that an institution could fail with little or no warning
starting in January 2000. If a failure occurs, the FDIC will need to arrange a resolution
transaction for the failed bank quickly, perhaps within a few days of the problem being
uncovered. To accomplish this, the FDIC needs to identify potential acquirers and inform
them of the types of resolution transactions available to them in advance of any Y2K
In a typical closure of an insured financial institution, financial information systems
are not subject to corruption. In the event of a Year 2000 technological disruption,
however, financial data may not be accessible or accurate. The FDIC may have to recreate
electronic data files and validate information systems before the resolution process can
proceed. With input from institutions, service bureaus, trade groups, and regulatory
agencies, we have been exploring options for possibly requiring some financial
institutions to backup and retain data. These options include requirements for some
high-risk institutions to maintain a limited standardized asset and liability backup
program for a short period of time. In the event of a failure of an insured financial
institution, such a backup program would facilitate the transfer of information on insured
deposits to a new acquirer or to the FDICs payoff system for insured deposits. This
backup program would reduce the time for deposit insurance determinations and provide
depositors with quicker access to their funds.
In addition, we have formulated planning scenarios to ensure appropriate resources are
available in the event of a technological failure. The resolution and closing experience
of current FDIC employees has been assessed and training materials are being updated to
include a possible Year 2000 failure scenario.
In summary, our planning is directed toward having a well-developed contingency plan
designed to protect insured depositors in the event Year 2000 failures occur. We are
working diligently on minimizing potential disruptions. We intend to ensure that insured
depositors will have timely access to their money, should failures occur.
STATUS OF FDIC INTERNAL EFFORTS
The FDIC is on schedule to complete preparation of all of its internal systems in time
for the Year 2000 date change. We have adhered to the time frames established in guidance
from the Office of Management and Budget (OMB) and the General Accounting Office (GAO) for
the five stages of Year 2000 project management: awareness, assessment, renovation,
validation and implementation. Since our last testimony in September 1998, we have
completed the validation and implementation phases, in accordance with the OMB schedule
for mission-critical systems.
The FDIC currently has a total of 36 mission-critical systems. Of these, 35 systems
were validation tested by the end of January 1999. The final system was replaced with a
new system, tested, and implemented by February 28, 1999. The remaining mission-critical
systems, cited in our previous testimony, have been retired or replaced. In one case, two
systems were replaced by one.
Three hundred forty-eight of our non-mission-critical information technology systems
are scheduled to continue beyond January 1, 2000. These systems were all validation tested
by January 31, 1999. In addition, 33 new non-mission-critical systems were validation
tested before implementation by March 31, 1999. Four additional minor, and
non-mission-critical, internal work-tracking systems will be implemented this month.
Independent verification and validation of a subset of our applications are ongoing,
sponsored by both the Internal Year 2000 Project Team and the OIG. These efforts will
confirm that our renovation and test procedures were effective, and that the test results
reflect Year 2000 compliance.
Maintaining an applications Year 2000 compliance while normal production
activities occur is a vital task in the FDICs Year 2000 plan. The FDIC currently is
improving its configuration management process to ensure management of renovated code
through 1999. In February 1999, we instituted a new process specifically to evaluate Year
2000 issues before system enhancement or modification. Changes will require risk
assessment, re-testing as needed, and approval by the Year 2000 project manager for
internal systems. This system will augment increased emphasis on existing configuration
management software on both the mainframe and client/server platforms. Together, these
processes will ensure that renovated code will remain compliant.
We continue working with our data exchange partnersfinancial institutions, the
Federal Reserve System, the Office of the Comptroller of the Currency, the Office of
Thrift Supervision, the National Credit Union Administration, state banking authorities,
and other business partners. We have resolved Y2K issues in nearly all exchanges of
pertinent data and are completing testing with exchange partners.
The FDIC has over 1,800 purchased products supporting its operations, including
commercial off-the-shelf software, mainframe operating systems and associated software,
and vendor-provided hardware components, including personal computers and telephones. We
have purchased replacements for all identified non-compliant personal computers, and
expect to complete nationwide installation by June 30, 1999. We contacted vendors to
request Year 2000 readiness information on software packages, and will conduct tests on
those most important to our business functions. We have identified upgrades that are
necessary for our telephone equipment to be Year 2000 ready, and are implementing the
upgrades. We also have replaced other equipment, such as facsimile machines, that were not
Year 2000 ready. We are working with a contractor who specializes in remediation of
embedded systems to complete our efforts with respect to building systems controls by the
end of July 1999.
We believe that our efforts will enable us to continue business as usual after January
1, 2000. As recommended by the GAO and the OIG, the FDIC has nonetheless prepared a
business continuity plan outlining how the agency would resume normal business operations
for each of the FDIC's core business processes in the event that unforeseen Year 2000
problems cause disruptions.
In summary, the FDIC has a rigorous, centralized Year 2000 project for its internal
systems. We believe our comprehensive approach will result in a smooth transition of our
In the Committees letter of invitation, we were asked to respond to several
issues regarding pending Year 2000 related legislation. First, you asked us to respond to
the suggestion that the federal holiday observance be moved from December 31, 1999, to
January 3, 2000. The FDIC sees no particular advantage to moving this holiday to Monday,
because it would require that banks reprogram their computers to recognize the holiday
date change, thus placing an additional burden on the industry.
You asked us also to comment on pending Y2K liability legislation, and H.R. 775, in
particular. Any legislation, including H.R. 775the Year 2000 Readiness and
Responsibility Act of 1999, could have a significant effect on the FDIC as a supervisor of
state nonmember banks, as insurer, and as receiver of failed insured depository
institutions. The FDIC believes that H.R. 775, or any other Y2K liability bill, should
preserve the authority of the FDIC and the other banking and thrift agencies to take
enforcement actions necessary to maintain the safety and soundness of insured depository
institutions. This will ensure that the FDIC is able to exercise its statutory enforcement
authority because of false, inaccurate, or misleading Year 2000 related filings, reports,
or statements made by depository institutions or their employees. As Congress considers
legislation to limit liability related to Y2K failures, we recommend that any such bill
contain an exception for any action brought by a federal, state, or other public entity,
agency, or authority acting in a regulatory, supervisory, or enforcement capacity. This
exception would parallel the exception in the Year 2000 Information and Readiness
Disclosure Act, which was enacted last year.
We would note further that H.R. 775 would prohibit civil penalties for first-time
violations by small businesses, including small depository institutions, of federal
collection of information requirements, if the violation were related to a Year 2000
failure. Given the importance of some of this information to our monitoring of the
condition of insured institutions and assessing their deposit insurance obligation, a
general prohibition on penalties for such institutions would seem imprudent. The FDIC,
therefore, would suggest that the definition of "small business concern" be
amended to exclude expressly financial institutions, which are regulated by the federal
banking and thrift agencies.
Liability legislation also could affect financial institutions and their customers. The
proposals generally would increase the burden of proof on plaintiffs, limit damage
recoveries for Y2K related claims, and offer additional defenses to such claims.
Therefore, the restrictions on liability can help or hurt a financial institution, or its
customers, depending on what its position as plaintiff or defendant is in any particular
litigation. Liability legislation should, however, not be so broad as to afford immunity
or complete unlimited protection for any exposure for gross negligence or recklessness
resulting in a failure and loss to the insurance funds.
Finally, you asked for our response to whether references to bona fide error in
current banking consumer law should be clarified to include, in the definition of computer
error, explicit reference to Y2K related errors. Computer malfunction and programming
error related to the century date change could be covered under current law by the federal
statutory provisions dealing with bona fide errors, and institutions presumably
would assert this defense in the event of a Y2K problem. As the Federal Reserve Board is
charged with implementing many of the consumer protection laws, it could define generally
the circumstances that would qualify as bona fide errors. These cases however,
would involve a defense against civil liability to third parties, so the courts, rather
than the banking agencies, will determine how these provisions apply in specific cases. We
have not determined, at this point, that additional legislation would be beneficial. We
remain concerned that any legislative proposals to limit liability be crafted carefully so
as not to reduce incentives for financial institutions to correct their Y2K problems.
The Year 2000 date change is the highest safety-and-soundness priority for
the FDIC. We have been aggressively assessing Year 2000 progress at FDIC-supervised
financial institutions and service providers and software vendors. As we begin the final
phase of assessments, the FDIC will continue to direct all necessary human and financial
resources to ensure public confidence in the banking system. The FDIC has taken, and will
continue to take, aggressive supervisory and enforcement action against institutions that
fail to meet regulatory guidance and expectations.
Both the banking and thrift industries and the FDIC have a responsibility to inform the
public. The FDIC, for its part, is on schedule to complete its efforts for internal Year
2000 readiness. We are developing comprehensive contingency plans in the event that
institutions do not become Year 2000 ready. Above all, however, no insured depositor need
worry. The FDIC will protect insured deposits.
Mr. Chairman and Members of the Committee, the FDIC will continue to ensure that
insured deposits are protected and that public confidence in our nation's banking system