Year 2000 Computing Crisis:

Federal Deposit Insurance Corporation's Efforts to Ensure Bank Systems Are Year 2000 Compliant

T-AIMD-98-73: Published: Feb 10, 1998. Publicly Released: Feb 10, 1998.

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO discussed the progress being made by the Federal Deposit Insurance Corporation (FDIC) in ensuring that the thousands of banks it oversees are ready to handle the year 2000 computer conversion challenge.

GAO noted that: (1) the year 2000 problem poses a serious dilemma for banks due to their heavy reliance on information systems; (2) it also poses a challenge for FDIC and the other bank regulators who are responsible for ensuring bank industry readiness; (3) regulators have a monumental task in making sure that financial institutions have adequate guidance in preparing for the year 2000 and in providing a level of assurance that such guidance is being followed; (4) further, regulators will likely face some tough decisions on the readiness of individual institutions as the millennium approaches; (5) GAO found that FDIC is taking the problem very seriously and is devoting considerable effort and resources to ensure that the banks it oversees mitigate year 2000 risks; (6) FDIC has been very emphatic in alerting banks to the year 2000 problem and has conducted a high-level assessment of the industry's year 2000 readiness; (7) despite aggressive efforts, FDIC still faces significant challenges in providing a high level of assurance that individual banks will be ready; (8) FDIC--as were the other regulators--was late in addressing the problem; (9) consequently, it is behind the year 2000 schedule recommended by both GAO and the Office of Management and Budget (OMB); (10) compounding this problem is that critical guidance, although under development, has not been released by the Federal Financial Institutions Examination Council (FFIEC) for banks and other financial institutions on contingency planning, assessing risks caused by corporate customers (borrowers), and assessing risks associated with third-party automated system service providers; (11) this guidance should have been provided earlier so that banks would have had more time to factor the guidance into their own assessments and plans; (12) additionally, FDIC's ability to report on individual banks' status in preparing for the year 2000 is limited by insufficient information being reported by bank examiners; (13) FDIC also needs to correct its internal systems used to support agency functions and has initiated efforts to do this; (14) FDIC is behind in assessing whether these systems are year 2000 compliant; and (15) although OMB guidance states that the assessment phase should have been completed in mid-1997, FDIC has not yet fully assessed its mission critical systems or established contingency plans in case systems repairs and replacements are not in place on time or do not work as intended.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: With regard to FDIC's internal systems, the Chairman, FDIC, should direct the year 2000 oversight committee to: (1) ensure that adequate resources are allocated to complete the internal systems' assessment by the end of March 1998 and take necessary action to ensure this effort is completed on time; and (2) develop contingency plans for each of FDIC's mission-critical systems and core business processes.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: FDIC accelerated its schedule and efforts to complete the assessment phase by the end of March 1998 and prepared contingency plans for FDIC's mission-critical systems and core business processes.

    Recommendation: Because the results of the bank assessments to be completed in June 1998 are so critical to FDIC in focusing its activities through the year 2000, FDIC should develop a tactical plan which details the results of its assessments and provides a more explicit road map of the actions it intends to take based on those results.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: FDIC did not prepare a tactical plan that analyzes the results of the year 2000 examinations and that lays out future oversight steps. However, FDIC used its electronic exam tracking system to analyze the results of the examinations to identify those institutions which need increased supervision. In addition, FDIC, along with the other members of FFIEC, has established milestones for banking institutions to complete testing and for regulators to complete the next round of examinations.

    Recommendation: FDIC should work with the other FFIEC members to develop in an expeditious manner, more explicit instructions to banks for carrying out the latter stages of the year 2000 process--renovation, validation, and implementation--which are the critical steps to ensuring year 2000 compliance.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: In April 1998, FDIC and the FFIEC issued testing guidance ("Testing for Year 2000 Readiness") and in May 1998, issued contingency planning guidance ("Contingency Planning in Connection with Year 2000 Readiness"). Since then, FDIC and FFIEC have issued 7 additional pieces of guidance on year 2000 subjects including data entry software, customer awareness, fiduciary services, customer communications, and business resumption contingency planning.

    Recommendation: FDIC should work with the other FFIEC members to complete by the end of March 1998, their guidance to institutions on mitigating the risks associated with corporate customers and reliance on vendors. Further, FDIC should work with other FFIEC members to quickly establish a working group to develop contingency planning guidance and set a deadline for completing this effort.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: On March 17, 1998, FDIC along with the other FFIEC members issued corporate customer and vendor guidance (Year 2000 Impact on Customers and Institution Due Diligence in Connection with Service Provider and Software Vendor Year 2000 Readiness) to the Board of Directors and Chief Executive Officers of all federally supervised financial institutions, service providers, and software vendors. Further, FDIC and the other regulators formed a working group to develop contingency planning guidance. Contingency planning guidance, "Contingency Planning in Connection With Year 2000 Readiness," was issued on May 13, 1998.

    Recommendation: FDIC should work with other FFIEC members to expeditiously revise the year 2000 assessment work program to include questions on each phase of the correction process, such as those outlined in GAO's assessment guide, to better enable examiners to determine and report the exact status of each bank and vendor in addressing the year 2000 problem.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: FDIC responded to the recommendation by revising its examination procedures to include additional questions on the various phases of the year 2000 conversion process that would enable examiners to determine and report precise year 2000 status.

    Recommendation: FDIC should apply revised year 2000 assessment work program to each bank and vendor, including those where assessments are completed, to determine whether appropriate data have been obtained to make complete assessments.

    Agency Affected: Federal Deposit Insurance Corporation

    Status: Closed - Implemented

    Comments: FDIC revised its examination procedures to include additional questions on the phases of the year 2000 conversion process. FDIC asked these questions of all banks for which it has supervisory responsibility, including re-contacting institutions that had been examined before the new questions were added.

    Aug 5, 2014

    Jul 31, 2014

    Jun 18, 2014

    Apr 29, 2014

    Apr 7, 2014

    Jan 8, 2014

    Dec 11, 2013

    Nov 14, 2013

    Oct 29, 2013

    Looking for more? Browse all our products here