Testimony

of

America’s Community Bankers

on the

The Depository Institution Year 2000 Computer
Problem Remediation Act

before the

Committee on Banking and Financial Services
U. S. House of Representatives

February 5, 1998

James D. Shelton
Chairman, President & CEO
First Federal Savings and Loan Association
East Hartford, CT

Mr. Chairman and members of the Committee, my name is James D. Shelton. I am Chairman, President and Chief Executive Officer of First Federal Savings and Loan Association, East Hartford, Connecticut. I am also Chairman of America's Community Banker's Task Force on Electronic Banking and Community Banks as well as Chairman of the Board for Connecticut On-Line Computer Center, a full service data processor which serves the financial community in the Northeast.

I am pleased to appear before the Committee on behalf of America’s Community Bankers (ACB) to discuss the Year 2000 problem and the important role of the federal regulatory agencies.

ACB is the national trade association for 2,000 savings and community financial institutions and related business firms. The industry has more than $1 trillion in assets, 253,000 employees and 14,500 offices. ACB members have diverse business strategies based on consumer financial services, housing finance and community development. ACB members serve millions of consumers and businesses that will be affected by the Year 2000 issue and are actively working in their institutions and with their customers to solve this serious problem.

At the outset, let me state that ACB strongly supports the legislation under consideration by this Committee to address an important but technical deficiency in the supervision of service providers. The federal regulators do not have uniform supervisory authority. The Office of Thrift Supervision (OTS) lacks the authority of its sister regulators to examine service providers. This legislation provides that authority. ACB called for such an approach last fall and welcomes the engagement of the Congress in such an issue.

The Year 2000 Challenge

The Year 2000 problem presents several formidable systems hurdles for financial institutions. First, the unique role of depository institutions in maintaining the U.S. payments and monetary systems must be maintained as we move to the next millennium. With both the consumer and business sectors relying on financial institutions to conduct their daily business, it is imperative that financial institutions be ready and able to handle all the challenges of the date change at January 1, 2000. For example, external data processors, internal and external software programs, and embedded systems, such as environmental, security and related controls, are among the areas within each institution that must be examined.

In addition, financial institutions must continue to provide the new delivery channels that our customers are demanding. The integration of new with old systems and the verification that both will be Year 2000 compliant is a formidable task. At the same time, all financial institutions must continue to comply with their respective supervisory requirements. The guidance provided by the Federal Financial Institutions Examination Council (FFIEC): Year 2000 Project Management Awareness (May, 1997); and Safety and Soundness Guidelines Concerning The Year 2000 Business Risk (December, 1997), has been extremely helpful in addressing these challenges. I am looking forward to FFIEC’s guidelines on testing and vendor management as those two tasks represent the next big hurdles our members must clear.

Supervisory Agencies & Year 2000 Compliance

It is essential that each of the agencies represented on the FFIEC -- the Federal Reserve Board (FRB), the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), and the National Credit Union Administration (NCUA) -- is furnished with the necessary examination authority to ensure that the institutions they supervise comply with the FFIEC Year 2000 mandates in a timely and effective fashion. The legislation under consideration by this Committee will help accomplish this objective, and ACB urges its prompt enactment.

The Year 2000 compliance effort requires active coordination among all the parties involved: federal agencies, federally insured institutions, and their affiliated and unaffiliated service providers. The FFIEC has played a valuable role in developing uniform guidance on the major components of the Year 2000 problem resolution process. These include: (1) awareness of the problem; (2) institutions’ assessment of the problem and management and board oversight; (3) hardware and software upgrades and replacement; (4) testing of hardware and software and verifying the results of upgrades and replacements; (5) certification that systems are Year 2000 compliant; and (6) ensuring that contingency plans are in place.

The FRB, OCC, and the FDIC already have broad statutory authority under the Bank Service Company Act to examine bank service corporations that provide various types of services for banks, as well as unaffiliated, third-party vendors that service banks or their affiliates. This examination authority implicitly includes Year 2000 compliance. The agency supervising the principal investor in the service corporation may authorize another federal banking agency that supervises an institution that has shares in the bank service corporation to examine the service corporation. The proposed legislation would give the OTS comparable examination authority.

The OTS examination authority over service corporations and other service providers would extend somewhat beyond just Year 2000 compliance. This legislation is consistent with the authority of the FRB, OCC, and FDIC, and appropriate for the technological environment in which banks, savings institutions, and credit unions operate. Today, various types of outside service provides are actively involved with institutions as they take advantage of new technological opportunities in a wide range of their operations. According to ACB research, approximately 97 percent of savings institutions use third-party service providers for some part of their operations. All of the federal banking agencies must be assured that all of an institution’s relationships with a service provider are conducted in a safe and sound fashion.

Despite differences in size and product offerings among the institutions supervised by each of the agencies on FFIEC, all types of depositories share a common role in the financial services marketplace. Consumers and corporate customers have entrusted their funds with these institutions and rely on them for payment and related services. Each FFIEC member agency has a responsibility to ensure that the Year 2000 challenges will be met by the institutions they supervise. Public confidence in our banks, savings institutions, and credit unions, both up until and after the "witching hour", is at stake.

ACB’s Actions To Date

America’s Community Bankers has been a leader in raising the awareness of community bankers to the serious nature of systems problems associated with the year 2000, and it continues to provide leadership in resolving these problems. The major steps that ACB has taken include:

• ACB, in cooperation with the FDIC and OTS, is sponsoring a series of three "Quick Strike" conferences on the Y2K problem in February and March 1998, in Washington, Los Angeles and Chicago.

• In December 1996, ACB published a comprehensive background report and planning guide for its member organizations in its widely-read, highly-respected Special Management Report series (SMB-340 12/06/96).

• ACB published Y2K articles throughout 1997 in its bi-monthly, Operations Alert newsletter to increase awareness, and plans to continue to highlight the issue in this publication.

• ACB featured the Y2K topic in the November 1997 issue of its new Technology Management newsletter - in print and electronic formats.

• America's Community Banker, ACB’s flagship monthly magazine, featured an article in the January 1998 issue that addressed the Year 2000 problem and included interviews with business leaders and Y2K experts.

• ACB highlighted the issue at its 1997 Annual Convention and at other recent national conferences.

• ACB’s Board recently adopted a policy position supporting FFIEC Year 2000 guidelines and elevated it to a priority position.

• The Y2K problem has been a high priority for several other ACB standing committees, including its Task Force on Electronic Banking and Community Banks and the Retail Banking, Operations, Security and Technology Committee.

• ACB has been active in several inter-industry and government working groups on the Y2K problem, including groups led by FFIEC and the Federal Reserve Bank System.

• ACB’s World Wide Web site – www.acbankers.org - has been expanded to include a special section on the Y2K issue, including hot links to a wide variety of Y2K sites, and will be expanded further to include a unique list server discussion forum and other features.

In December, 1997, ACB mailed a comprehensive survey on Y2K issues to all member CEOs. We have received responses from almost 50% of our institutional members so far, and are compiling those responses for release in the near future. Some preliminary results from this survey are presented in the Appendix. The insights gained from this survey effort will help shape the details of ACB’s future service strategy for this area.

Looking ahead to the rest of 1998 and 1999, ACB will provide appropriate additional information to its members, cooperate with Congress and the banking regulators in addressing this serious issue, and look for other opportunities to assist community banks in meeting the Y2K challenge.

First Federal’s Year 2000 Efforts

At First Federal, we began to formalize our Year 2000 compliance during the third quarter of 1997. As a first step, we assigned responsibility for the year 2000 Project to a Senior Manager who reports to the Senior Management Committee, which in turn reports to the Board of Directors. We also assigned other appropriate staff with the cooperation of all department heads, and, over the second half of 1997, identified the following areas of concern: outsourced services; internally developed software; purchased software; office equipment; building equipment; and, finally and very importantly, any Y2K-related credit quality risk among our business borrowers.

In addition, we sent out formal Year 2000 software certification requests to all of our significant vendors. In the first quarter of this year we are setting up a dedicated, stand-alone PC for Y2K testing. Shortly, we shall begin loading and testing our transaction processing applications and related software, finish the testing on the stand-alone PC, and complete an assessment of our testing and certification results. During the second through fourth quarters, 1998, we plan to institute additional action according to plans and results developed in the first quarter of 1998, and to be Year 2000 compliant by December 31, 1998. Our experience to date indicates the following:

• Outsourced Services - Certifications have been received or correspondence with servicers indicates they will be Y2K compliant in a timely manner; Transaction processing testing to be completed during the first quarter, 1998.

• Internally Developed Software - The mortgage origination system is certified as Y2K compliant already and testing to ensure the accuracy of the certification is underway. Teller system coding changes are being made, as indicated above. No major problems have been encountered and none are foreseen at this point.

• Purchased Software - Certifications have been received or correspondence with software vendors indicates they will be Y2K compliant in a timely manner.

• Office Equipment - PCs are Y2K compliant at the hardware level. Need for ATMs software upgrade is recognized and planned for timely implementation. Local Area Network (LAN) software will be upgraded in February, 1998.

• Building Equipment - Building management reports that environmental control systems (heating, air conditioning, elevator, etc.) are already Y2K compliant.

• Commercial Borrowers Credit Risk - Loan officer preliminary reports indicate that our business customers do not have undue Y2K exposure and that efforts are underway to provide reasonable assurance that systems will respond robustly to Y2K transition.

Year 2000 Examinations

The initial Year 2000 examination process for First Federal and for our main data processor, Connecticut On-Line Computer Center (COCC), will be completed shortly. First Federal's Y2K plan was assessed by the OTS last fall and they will examine our progress during their annual visit that begins this month. COCC's Y2K plan was assessed by the OTS last year. COCC has completed its systems inventory and expects to complete its systems testing this year, its own systems by June and its vendors' systems by December. COCC is also setting up a test environment for its customers to use for live testing of their transaction interfaces. A users committee was just formed by COCC at its meeting in January, 1998 specifically to address Year 2000 compliance issues.

In the past, OTS exams of COCC were conducted within the terms of First Federal's service contract with COCC. The proposed legislation would give the OTS more direct authority and extend its authority to independent computer utilities not owned by banks.

As Chairman of the Board of Directors for Connecticut On-Line Computer Center (COCC), I have reviewed COCC's Year 2000 Plan and I have every confidence in their commitment to take all reasonable measures to become Y2K compliant. Of course, this does not relieve my institution of its obligation to test COCC’s Year 2000 performance. All insured institutions have their own separate requirement to test how well each vendor is progressing towards Y2K compliance, regardless of their relationship with that vendor. The grant of new examination authority to OTS does not alter that basic obligation of OTS-supervised (or any other) institutions.

Interconnectivity and Dependence on Third Parties

Much as financial institutions would like to offer complete assurance of a smooth transition to the new millennium, we cannot. Even with all the testing that we shall do, complete certainty is unattainable. For example, we are all implicitly assuming that basic telecommunications services will not be seriously interrupted. Without these dedicated networks, embedded within the overall phone system, we would be helpless. Naturally, we have every confidence in the remedial work of these highly sophisticated service providers, but we have seen in the past how disruption can spread. At least in this case, we know the source of the problem well in advance, but its pervasiveness creates a new level of complexity. No test will substitute for the actual turn of the clock.

On a less cosmic basis, the validity and reliability of the various Y2K certifications that we depositories have received will remain something of an unknown quantity (or quality) until we actually go live in the new environment. Even so, the FFIEC requirement that in-place testing be complete by year-end 1998, leaving a full year for implementation of upgraded systems, has conferred real benefits. Providers have been given uniform timelines and this has helped to get us ready for the best testing that we can do, short of complete certainty.

Summary

The Year 2000 presents a substantial challenge for financial institutions, their customers and regulatory agencies. The proposed legislation is certainly a worthwhile step in the right direction, and ACB supports the Chairman's initiative. The industry welcomes the helpful and thoughtful oversight that the entire Committee has provided in an area of vital interest to consumers and to the economic system. By continuing in the cooperative spirit that has been shared to date, we can come as close as possible to the best outcome from all this effort and attention: a true "non-event".

Thank you for the opportunity to express our views.

APPENDIX

Summary of ACB Y2K Survey

ACB conducted a Year 2000 Executive Review survey of its approximately 1,450 member institutions during December 1997. More than 600 surveys were received and tabulated. The following observations summarize the key survey findings.

ACB Member Organizations Are Familiar with the Y2K Problem
and Have Taken Responsible Management Steps to Address It

• More than 80% of survey respondents report that they are "very familiar" with theY2K problem and all other survey respondents report at least some familiarity with the problem.

• Nearly all respondents (98%) indicate that a senior staff member has been given responsibility for overseeing and completing Y2K renovations.

• More than 83% of respondents have a written plan for addressing the critical date change problem.

• Nearly all respondents (97%) have discussed their Y2K plans with their board of directors and most (72%) plan on frequent – at least quarterly – updates.

• Two-thirds of survey respondents report that they have a contingency plan or that they have one under development, in the event things don’t go well, but one in three doesn’t have such a plan, revealing a shortcoming that is particularly pronounced for survey respondents with less than $500 million in assets.

• Only one-third of respondents who make business loans have a plan for assessing Year 2000 risk for their business customers, suggesting that additional emphasis needs to be given to this aspect of the problem.

Computer Systems Are in Widespread Use and Remediation Is Well Underway

• 15% of survey respondents make "extensive" use of mainframe computers, while 85% make "extensive" use of service bureaus.

• A substantial majority of survey respondents (85%) make "extensive" or "moderate" use of third-party service providers, other than service bureaus, suggesting the importance of addressing the date change interface with these providers.

• Nearly 90% of community banks make "extensive" or "moderate" use of personal computers for word processing or to support bank customer and/or internal accounting, control or systems applications, such as payroll, general ledger, financial information reporting and similar systems, which makes Y2K readiness an important issue for these systems.

• Slightly less than 40% of respondents report "extensive" or "moderate" use of computer-controlled environmental systems, such as heating and cooling, telephone, security or similar systems, suggesting that this area may deserve greater attention. Either banks make relatively limited use of these kinds of systems or they may be unaware of the extent to which computer controlled systems are in use.

• About 40% of survey respondents with mainframe computers report that modifications are substantially complete and testing is underway and another 34% report that modifications are underway but that no testing has yet taken place. Less than 5% of respondents report that modifications are complete and tested, while one in five respondents with mainframe computers report that they have only inventoried their systems and that modifications and testing have not yet begun.

• Service bureau users report better progress. 61% of respondents report that service bureau modifications are substantially complete and testing is underway. Another one-third report that modifications are underway and that no testing has taken place. Less than 2% report that service bureau changes and testing are complete and 2.4% report that systems have just been inventoried.

Y2K Remediation Costs Are Not Well Understood and May Be Understated

• Only 40% of survey respondents provided an estimate of the out-of-pocket costs associated with the Y2K problem. Other respondents indicated that they don’t have a budget or can’t estimate the costs for the problem.

• Nearly 90% of respondents of less than $100 million in asset size estimate that total out-of-pocket costs to correct the Y2K problem will be under $100,000. At the other extreme, 36% of respondents of over $1 billion in asset size estimate that costs will exceed $1,000,000.

• Slightly less than one-third of survey respondents have examined contracts with third-parties to ascertain liability exposure and recourse relief, but another 45% are in the process of doing so. Still, nearly one-fourth (23%) have not taken this important step in vendor management.

Service Bureau Users Are Content with Y2K Remediation Progress

• Nearly one-half (49.1%) of respondents with extensive use of service bureaus are "extremely confident" that their service bureau will be ready on a timely basis; about the same percentage (48.5%) of respondents are "reasonably confident." Only 12 respondents (2.4%) report that they are "not at all confident" in their service bureau will be ready.

• Most service bureaus seem to be reasonably responsive in providing Y2K information to their clients and they provide it in a variety of forms. Nearly 80% of respondents receive regular written communications and more than one-third of respondents report that they receive executive updates and one-third report that they receive technical updates. User working groups were reported by 11.2% of respondents and 9.4% reported that an independent consultant review had been conducted.