Year 2000 Computing Crisis:
Federal Depository Institution Regulators Are Making Progress, But Challenges Remain
T-AIMD-98-305, Sep 17, 1998
Pursuant to a congressional request, GAO discussed the year 2000 risks facing financial institutions and the federal regulators, focusing on the: (1) actions taken to date to mitigate these risks; and (2) challenges that lay ahead as institutions and regulators face the more complex and difficult activities of their year 2000 programs.
GAO noted that: (1) the regulators have made good progress in assisting banks, thrifts, and credit unions in their year 2000 efforts as well as identifying which institutions are at a high risk of not remediating their systems on time; (2) they have also recognized the risk and potential impact of year 2000-induced system failures on their own core business processes and have implemented rigorous efforts to mitigate these risks; (3) nevertheless, there are still serious challenges ahead that could threaten the financial institution industry's ability to successfully meet the year 2000 deadline; (4) with less than 16 months remaining before the year 2000 deadline, the regulators are faced with the daunting task of overseeing the efforts of more than 22,000 financial institutions, service providers, and software vendors with a relatively finite number of examination personnel; (5) in the next few months, many of these entities will be undertaking the most complex and difficult stage of correction--testing; (6) it will be necessary for regulators to ensure that they have enough technical resources to review institution efforts during this crucial phase; (7) beginning in early 1999, regulators will be pressed to take quick actions against institutions that cannot successfully complete their year 2000 efforts; (8) but before they can do so, they need to determine what will constitute financial institution year 2000 failures, what regulatory options can be effectively used, and when they would be implemented; (9) the U.S. economy is intrinsically linked to the international banking and financial services sector, yet many countries and their financial institutions are reported to be behind schedule in addressing their year 2000 problem; (10) working with their foreign counterparts, the regulators will need to identify and define global year 2000 risks and work cooperatively to mitigate those risks; (11) the regulators will also need to develop contingency plans in case there are unforeseen problems; (12) financial institution credit, deposit, and payment flows are critically dependent on public infrastructure such as telecommunications and electric power networks; (13) however, until critical readiness assessments and tests are completed and made available to the public, it is not clear whether there will be uninterrupted telecommunications and power service; and (14) regulators will need to develop contingency plans that anticipate year 2000-related disruptions in the public infrastructure.