Year 2000 Computing Crisis:
Federal Regulatory Efforts to Ensure Financial Institution Systems Are Year 2000 Compliant
T-AIMD-98-116, Mar 24, 1998
GAO discussed the progress of the federal regulatory agencies in ensuring that the thousands of financial institutions they oversee are ready for the upcoming century date change.
GAO noted that: (1) because financial institutions are heavily dependent on information technology, their viability hinges on whether they can successfully remediate systems before the Year 2000 deadline; (2) given this possibility, regulators must take every measure possible to assist banks, thrifts, and credit unions in their Year 2000 efforts as well as to identify and take swift enforcement measures against those in danger of failing; (3) regulators have recognized this responsibility and have begun an intense effort to raise awareness of the problem, develop guidance to facilitate remediation efforts, and determine where individual institutions stand in correcting their systems; (4) in doing so, regulators have initially identified several hundred institutions at high risk of missing the deadline due to their poor performance in conducting awareness and assessment phase activities; (5) despite aggressive efforts, the regulators still face significant challenges in providing a high level of assurance that individual institutions will be ready; (6) they were late in addressing the problem and consequently, are behind in the Year 2000 schedule recommended by both GAO and the Office of Management and Budget; (7) they are also late in developing key guidance on contingency planning and dealing with servicers, vendors, and corporate customers; (8) this guidance is needed by financial institutions to complete their own preparations; (9) in addition, their follow-on assessments to be completed by June 1998 were not in all cases, designed to collect the data required to be defective about the status of individual institutions; (10) furthermore, it is questionable whether all regulators have an adequate level of technical staff to completely evaluate industry readiness; (11) with regard to their own systems, the regulators have generally done much to mitigate the risk to their mission critical systems; and (12) in some areas such as contingency planning, the regulators can do more to provide added assurance that they will be ready for the century date change and any unexpected problems.