Federal Financial Institutions Examination Council
|For Immediate Release||August 31, 1998|
FFIEC ISSUES ANSWERS TO COMMONLY ASKED Y2K QUESTIONS
The Federal Financial Institutions Examination Council (FFIEC) today issued guidance on the Year 2000 that addresses commonly asked questions of concern to financial institutions and their service providers and software vendors. The questions and answers focus primarily on testing, the most difficult and time-consuming phase of a financial institution's Year 2000 preparation process, but also cover topics such as documentation and the FFIEC report distribution process.
Today's guidance reiterates previous FFIEC guidance that, to the extent possible, financial institutions should test their systems for Year 2000 readiness in their own unique operating environments. However, the FFIEC recognizes that it is not always feasible for a financial institution that relies on service providers or software vendors to perform Year 2000 testing in its own environment. As a result, a financial institution can rely on proxy testing, under several specific conditions.
Today's guidance provides additional detail on the conditions that apply when financial institutions use Year 2000 proxy testing for service providers. Also, for the first time, the FFIEC indicates that proxy tests can be acceptable for products provided by software vendors under several specific conditions. The conditions are outlined in the guidance.
The guidance encourages financial institutions to participate in testing efforts coordinated by industry trade associations and other organizations. This approach could be more cost-effective by enabling a financial institution to share the cost of testing with other financial institutions and material third parties.
Other questions and answers in the guidance address the following topics: clarification of FFIEC policy concerning the types of testing documentation that financial institutions should retain; expectations regarding software and operating system upgrades in 1999; conversions to new mission-critical systems in 1999; and procedures for regulators to examine service providers and software vendors.
Financial institutions, service providers and software vendors are reminded in the guidance that they may not disclose Year 2000 examination report information, including Year 2000 ratings. The FFIEC agencies are solely responsible for disclosing this information to client financial institutions.