Federal Financial Institutions Examination Council
|For Immediate Release||December 17, 1997|
FFIEC ISSUES GUIDANCE ON YEAR 2000 BUSINESS ENTERPRISE RISK
WASHINGTON, D.C. -- The Federal Financial Institutions Examination Council (FFIEC) today issued safety and soundness guidance on business-wide risk posed to financial institutions by the Year 2000 problem. The guidance underscores that Year 2000 preparation is not only an information systems issue, but an enterprise-wide challenge that must be addressed at the highest level of a financial institution. The guidance lays out what the financial institution regulators expect from senior management and boards of directors in overseeing and managing their Year 2000 projects.
"Financial institutions that treat the Year 2000 only as a technology issue will be caught short," said Eugene Ludwig, chairman of the FFIEC. "We want to emphasize to senior management and the boards of directors of financial institutions that we expect this issue to be addressed across the full spectrum of financial institution operations."
The purpose of these safety and soundness guidelines is to underscore the responsibilities of senior management and the boards of directors for addressing the business risks associated with the Year 2000. This includes managing the internal and external risks presented by providers of data-processing products and services (vendors), business partners, counterparties, and major loan customers.
The guidance instructs senior management to provide the board of directors with status reports, at least quarterly, on the efforts being made to reach Year 2000 goals both internally and by the institutions major vendors. Senior managers and directors must allocate sufficient resources to ensure that high priority is given to seeing that remediation plans are fulfilled, and that the project receives the quality personnel and timely support it requires.
The guidance also makes clear that regulators are not asking financial institutions to obtain certification from their vendors of Year 2000 compliance. Rather, an institution needs to implement its own internal testing or verification processes for vendor products and services to ensure that its different computer systems function properly together.
The guidance underscores the importance of contingency planning in Year 2000 preparations. If a financial institution's Year 2000 corrections will not be completed on schedule, management should be ready to implement contingency plans to ensure that all mission-critical renovations or replacements are made within the timeframe established in the FFIEC Year 2000 Project Management Awareness guidelines, issued in May.
The FFIEC member agencies strongly encourage financial institutions and their trade organizations to work collectively to address issues pertaining to the year 2000. Effective industry cooperation can help reduce costs and improve results. By working together, financial institutions can share ideas, influence vendors, develop best management practices, and maintain their competitiveness with other industries.
The FFIEC prescribes uniform principles, standards and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.