Federal Financial Institutions Examination Council
|For Immediate Release||May 6, 1999|
FFIEC ANSWERS ADDITIONAL Y2K QUESTIONS
ON CONTINGENCY PLANNING
The Federal Financial Institutions Examination Council (FFIEC) today issued additional answers to three frequently asked questions on Year 2000 contingency planning. The FFIEC Q&A on Contingency Planning clarifies expectations concerning the completion of the validation phase of business resumption contingency planning by June 30, 1999, documentation requirements, and the role of "event planning" in the development of business resumption contingency plans. It is an addition to the original FFIEC Q&A Document issued in December 1998.
FFIEC guidance issued last year states that financial institutions should complete business resumption contingency plans by June 30, 1999 and then validate these contingency plans by designing a method to test them by June 30th as well. Today's guidance states that financial institutions may execute tests of business resumption contingency plans after June 30, 1999 but early enough to allow ample time to make necessary changes and to retest the business resumption contingency plans, if necessary. A qualified and independent party should review the business resumption contingency plans and validation method. In addition, senior management and the board of directors should review and approve the business resumption contingency plans and the validation method by June 30, 1999, or shortly thereafter.
The guidance defines "event planning" as a proactive and detailed planning process that covers specific operations prior to and during the century date change. It entails monitoring and detecting problems and resolving issues related to whether and how to implement business resumption contingency plans. Event planning is a sound risk management practice that can make Year 2000 business resumption contingency plans more effective. The FFIEC encourages, but does not require, financial institutions to develop event plans. The guidance states that operationally complex institutions or institutions that are especially vulnerable to Year 2000-related risks should give special consideration to developing event plans.