William J. McDonough
Federal Reserve Bank of New York
Securities Industry Association
Year 2000 Conference
New York Hilton, New York
January 15, 1998
I am pleased to have been invited to speak to this group today because the issue of the Year 2000 is one that is very much on my mind. It is on my mind both as a central banker who worries about potential problems for financial markets and as a provider of services to the industry through Fedwire, ACH, check and cash services.
My presentation today is made considerably easier by two factors. First, I do not have to define the challenge because your attendance at this conference focused entirely on the Year 2000 clearly signals your awareness of the problem. Second, the number and scope of the attendees at this conference indicates that I do not have to convince you that this is not just a technical problem, but rather a business issue of the highest priority. We all recognize clearly that meeting the Year 2000 challenge is potentially a survival issue for firms or even markets.
The size of the conference and the level of the attendees also underscore the enormity of the task before us. I have heard comparisons of Year 2000 projects to the conversion the securities industry went through several years ago when settlement went from trade plus five days in next day funds to trade plus three in same day funds. That effort required what was regarded as a massive mobilization of the industry and was ultimately a complete success.
However, such comparisons seriously understate the Year 2000 challenge and may give many a false sense of security. The T+3 and same day funds conversions related to only a segment of financial market activity -- primarily equities and the back office. It also was implemented in carefully staged phases. And, implementation itself was pushed back several times to allow time to address issues as they emerged.
The Year 2000 issue poses a much greater challenge. It affects every aspect of financial markets -- trading activities, front, middle and back office applications, management information and risk management systems, routine applications like payroll and regulatory reporting, even the mechanical systems that we take for granted. Even more important, and unlike almost any other project the financial community has undertaken, Year 2000 projects have a date certain deadline that cannot be delayed by which all of these systems must be thoroughly tested as being compliant. Moreover, it is truly global in nature.
While I caution against taking too much comfort in past successes, those successes do offer hope that we can do it right. We have dealt many times with difficult issues and resolved them by working together and coordinating activities in the private and public sectors. We can do it again, but we cannot dawdle or assume success.
1998 is the key year for testing. By year-end, all business-critical applications at major financial institutions should be fully tested not only internally, but with each other as well. This schedule will allow all of 1999 for broader testing with customers and for working out any problems that are encountered.
At this stage of the Year 2000 process, what do we see as the major issues that lie immediately ahead of us that could affect our ability to conduct meaningful testing? I believe there are four key areas of vulnerability:
Managing vendor relationships effectively and testing products adequately at every institution;
Making certain the infrastructure -- especially telecommunications -- is there to support markets;
Working to assure that foreign institutions and markets also are on track; and
Understanding what your counterparties, correspondents, and clients are doing and what business risks they may pose.
Let me talk about each of these four areas in more detail.
Third-party vendors and service providers put us all at risk. We depend upon vendors for the equipment, operating systems and software utilities on which our applications run.
While the vendors have an obvious self-interest in making their products Year 2000 compliant in a timely manner, getting there is a complex and chancy matter. Some vendors may support particular products or industries as priorities over other products, delaying roll-out of compliant versions some may need for timely testing. Others may simply lack the resources to be able to make the necessary changes. In short, knowing exactly where a vendor stands is critical for your Year 2000 programs.
Getting good information on vendor plans and status has often proven to be a significant challenge for you and for us. While some vendors provided much information from the outset, many vendors initially denied that there was a Year 2000 issue or at least minimized it. As these vendors began to look at their products more closely, they realized that there was work to be done even on products they may have thought fully compliant. Once the issue was recognized as real, they typically began to speak in reassuring but very general terms that fell short of the needs for detailed information.
Financial institutions need detailed information on whether a product is compliant or when it will be, how the vendor tested the product to determine the product was compliant, and in what environments it was tested to be compliant. Only with this information can meaningful user test plans be developed.
Often the only way for financial institutions to get this information has been to meet individually with each vendor and pose very specific questions. Sometimes these meetings produced the desired results. Sometimes, they did not. In all cases, the process was very time-consuming for financial institutions and vendors alike. Also, with time scarce, vendors may not be able to meet the information needs of their clients using a one-on-one approach.
This frustrating process is beginning to change, as it must. Some vendors have recognized the advantage in being public, detailed, and clear in their disclosures and are putting appropriate information out on their websites for all to see. While such disclosure may not answer all the questions for a financial institution, it greatly simplifies follow-up discussions. Those vendors that are willing to put out not only good news but also identify products needing work and plans for those products are gaining credibility and, arguably, market advantage.
I do not have to tell this group that, while vendors becoming compliant in a timely manner is essential, it is just the start of the process. Every financial institution needs to test that products described as compliant by the vendor work with its applications and within its operating environment. This testing requires both internal and appropriate external test plans with correspondents and customers with which it does business. Compliant products and applications will work only if the environmental software and hardware upon which they depend are compatible and external communication is effective. While the magnitude of the testing is less for smaller organizations that use fewer products, testing remains the single most important part of assuring you will be able to conduct business normally.
While the principal role in vendor management lies with the private sector, is there a role that bank supervisors can play in the process? One role is that of a monitor and facilitator. Supervisors have the advantage of seeing how the financial community as a whole is responding to the challenge. When we see issues and sound practices for addressing the issue, we have the opportunity to communicate with the financial community. Programs like the one sponsored by the Federal Reserve Bank of New York last week on managing vendor relationships were designed to help develop sound plans, effective communications, and test programs. For banks we supervise, we also intend to say when we think your program for working with your vendors and testing of products appears inadequate.
Supervisors also have established target dates for completing external testing for the institutions they supervise. Early last year, we established the year-end 1998 target date for largely completing external testing. This action was taken because we saw test plan schedules lagging in many banks. We remain convinced that achieving this target is essential if we are to meet the Year 2000 challenge successfully.
To achieve this target for financial institutions, vendors must meet much earlier targets because compliant products must be delivered and tested internally before external testing can begin. If a vendor's product is not available in a timely manner, testing may be delayed or costly work-arounds devised. Serious consideration should be given to looking for alternative vendors if compliant products are not available in time to meet the targets set for the industry.
Bank supervisors also have some authority over service providers and vendors used by the financial institutions they supervise. We intend to use our ability to examine key service providers as part of our overall monitoring effort. But, this is a supplement and not a substitute for your own due diligence and -- of critical importance -- testing with vendors. Supervisors cannot test for you.
Among the most important third-party vendors are the firms which support the financial system's infrastructure, particularly telecommunications and electrical power grids. We are increasingly aware that the telecommunications industry in particular is having many of the same problems dealing with their suppliers that financial institutions have had in dealing with their vendors. I urge those responsible for providing the infrastructure and their suppliers to review their plans for becoming Year 2000 compliant and move up target dates wherever possible to permit the financial industry to meet its year-end 1998 target.
Given the importance of the telecommunications and electrical power grids to the performance of the financial system as a whole, staff from the Federal Reserve have taken an active interest in this issue. We are meeting with commissioners and staff from the Federal Communications Commission to help them better appreciate the substance of our concerns.
Turning to the third issue, readiness of financial institutions outside the United States, we hear many concerns from financial firms in this country about the pace of Year 2000 programs at many of their counterparties, customers and correspondents overseas. We have many channels of influence within that community.
At the Bank for International Settlements, the Federal Reserve has been pressing the importance of the Year 2000 with our central bank and banking supervisors colleagues for over a year. In particular, the BIS Committee on Payment and Settlement Systems, which I chair, and the Basle Committee on Banking Supervision have been the principal catalysts in this regard. A technical paper on the Year 2000 issue was endorsed by the G-10 Governors upon its release last September. I highly recommend the Governors statement of concern on the issue and the accompanying paper to anyone who has not seen it. While the paper is focused on the financial industry, it lays out the Year 2000 challenge and issues in a way that is generally applicable to almost any business.
The BIS also convened a meeting of about 25 central banks and supervisors last Fall in order to discuss their efforts to promote awareness on the Year 2000 issue and their own progress on domestic payment systems. Effective last Monday, the BIS has opened a web site which will provide the financial community with up-to-date information on key domestic payment systems from about 50 countries around the world.
The BIS has also been joined by the International Organization of Securities Commissioners and the International Association of Insurance Supervisors in highlighting the importance of this issue. In that regard, the BIS will host a meeting of international financial supervisors and globally active financial organizations in early April to call further attention to the issue.
The issue reaches far beyond the financial system to issues of macroeconomic performance and the basics of daily life for ordinary citizens on January 1, 2000. Its magnitude suggests that the broadest possible public sector response is in order. In my judgment, the Year 2000 challenge warrants the very highest level of governmental attention globally. Indeed, I understand that the Year 2000 is already scheduled to be on the agenda of the next Summit to be held in Birmingham, England, in May.
As bank supervisors, the Federal Reserve also has important responsibilities for the U.S. operations of foreign banking organizations operating here. We, therefore, have an obligation to see that their U.S. operations are able to perform business as usual as we move into Year 2000. To this end, we have requested that the U.S. offices be able to demonstrate that their U.S. activities be able to conduct business as usual using the same standards for Year 2000 readiness that we use for domestic organizations. To the extent that the local operations depend on the head office or other foreign sites for risk management controls or other information critical to the management of their U.S. businesses, we expect organizations to be able to demonstrate to our examiners that these support systems are also well on the way to becoming Year 2000 compliant. In December, the Federal Reserve Bank of New York issued an alert to the foreign banking community it supervises as to what type of information our examiners will expect to see when they visit their U.S. sites.
The international efforts of financial supervisors as well as our window on foreign banking organizations should help us monitor progress in 1998, which we see as a critical year. Many countries have only recently started supervisory programs for Year 2000 and are just beginning to assess the readiness of individual institutions.
The intensity of attention given to Year 2000 abroad often reflects the number of initiatives competing for scarce resources. The introduction of the Euro on January 1, 1999 is a major focus for many nations, as is the "big bang" of deregulation in Japan. Both represent national priorities of the highest order. Some other initiatives may be more discretionary. In the U.S., decimalization of markets represents an important but discretionary initiative that was recently deferred by the SEC until after the century date change in order to permit resources to be focused more fully on Year 2000 programs. I urge every nation to reassess its financial initiatives to see if there are similar opportunities to defer projects until after Year 2000 has been addressed successfully. We in the public sector need to recognize the enormity of the resource requirements of Year 2000 efforts and do everything in our power to prevent resources from being diverted to projects of less urgency.
Turning closer to home, where the people with whom you deal stand on Year 2000 readiness is something that cannot be ignored. I believe that over the course of 1998, as financial institutions move toward testing, this issue will receive much more attention than it has to date. Simply put, do you know what your customers are doing to address the issue and have you considered what the practical and economic consequences of a customer's systems not functioning normally would be? Only if you understand these things can the risks be factored into credit decisions and other aspects of the customer relationship.
As obvious as the concept of Year 2000 customer risk seems, few institutions have figured out how to deal with it. Just like the problems you have had in conducting due diligence reviews on your vendors, business lines are having difficulties in getting good information from customers. There is no easy way to do customer reviews. Yet, it has to be done. Bank supervisors are beginning to nudge such reviews along by paying increasing attention to customer Year 2000 assessments in the examination process.
Apart from our supervisory responsibilities with respect to Year 2000, the Federal Reserve also has an operational role to play in the delivery of financial services. Everyone in the audience depends on the Federal Reserve to some extent in his or her business and daily lives. It may be to settle a multi-million dollar transaction originated outside the U.S., or it may be to get $50 in currency out of your ATM machine. In either case, you should have the right to assume the services you expect will not be hindered by the failure of the Federal Reserve to perform. I am pleased to say that I believe you should not have to worry about the Federal Reserve's role in the payments system.
We have had an eye on the Year 2000 for more than five years. When we began consolidating our mainframe data processing applications, our new centralized mission-critical applications, such as Fedwire funds transfer, Fedwire securities transfer and ACH were designed with Year 2000 compliance in mind. Nonetheless, the Federal Reserve recognized that it would have to verify Year 2000 readiness and that considerable effort would be required both internally and externally with the banking community in order to test for readiness.
To manage these efforts, our Century Date Change project was established in 1995. Communications is a major focus of the project. We are stressing consistent and timely communication, both internally and externally, in order to promote awareness and commitment at all levels of our own organization and within the financial community more generally.
We published our detailed format specification changes last July and our general testing strategy in October. We are currently in the final stages of developing a detailed test schedule in coordination with such industry groups and service providers as the SIA, the New York Clearing House, and SWIFT whenever possible. This schedule will be published next month.
We have completed application assessments and are currently renovating and testing software internally. Critical systems that interface with our customers will be Year 2000 compliant from our perspective by mid-1998. As you know, however, internal testing is the simple part; successful external testing with customers is essential. Our schedule permits approximately 18 months for such external testing, an activity to which we are dedicating substantial support resources.
We are also well along in preparing special environments for testing our payment system applications. Our test environments will be configured to provide flexible access by customers, using procedures with which our customers are already familiar.
One other issue that is important to discuss today is the holiday issue. While the holiday schedule is generally uniform and fixed within the United States, it is both different and often flexible on an international level. As a result, there still is a great deal of uncertainty and discussion in many countries about whether Friday, December 31st, Monday, January 3rd, and even Tuesday, January 4th are or should be holidays.
In the U.S., none of these days currently is a scheduled holiday. In my view, declaring a bank holiday for Monday, January 3rd or Tuesday, January 4th in the Year 2000 at this time would only delay any problems that might develop and offer little opportunity for meaningful remedial actions.
The previous Friday, December 31st, however, may offer meaningful tangible benefits. In particular, applications that run at the end of the day, quarter, or calendar year would have a full 24 extra hours to complete processing before the date rolls into 2000. At this point, the costs of adding December 31 as a special bank and markets holiday do not appear significant, although this would change if a decision is not made very shortly. I believe it is worthwhile considering adding this holiday but we must move rapidly. Uncertainty on this issue will not help any of us.
As a bank supervisor, the Federal Reserve Bank of New York is doing whatever it can to encourage banks to deal successfully with the Year 2000 challenge. Our examiners are focusing on how well individual banks are doing and highlighting for senior management and directors those instances in which progress may be lagging. Our oversight includes not only U.S. banks but also the U.S. operations of the foreign banks we supervise. However, the motivation and determination to cope with Year 2000 must come from within the financial community rather than from regulatory oversight. Getting Year 2000 programs right is critical for every organization. Failure to get it right will affect the integrity of the payments system, financial markets, and the performance of the domestic and the global economies.
The Federal Reserve is working hard to make certain that our systems will be ready and fully tested. Every financial institution and supervisor needs to make certain that it is paying sufficient attention and applying appropriate resources to Year 2000. Only if we all address this issue together will we be able to ensure that the new millennium is an occasion for joy and optimism.