Year 2000 Computing Crisis: Federal Deposit Insurance Corporation's Efforts to Ensure Bank Systems Are Year 2000 Compliant
T-AIMD-98-73 Published: Feb 10, 1998. Publicly Released: Feb 10, 1998.
Skip to Highlights
Skip to Recommendations
Pursuant to a congressional request, GAO discussed the progress being made by the Federal Deposit Insurance Corporation (FDIC) in ensuring that the thousands of banks it oversees are ready to handle the year 2000 computer conversion challenge.
Recommendations for Executive Action
|Federal Deposit Insurance Corporation||FDIC should work with other FFIEC members to expeditiously revise the year 2000 assessment work program to include questions on each phase of the correction process, such as those outlined in GAO's assessment guide, to better enable examiners to determine and report the exact status of each bank and vendor in addressing the year 2000 problem.||
FDIC responded to the recommendation by revising its examination procedures to include additional questions on the various phases of the year 2000 conversion process that would enable examiners to determine and report precise year 2000 status.
|Federal Deposit Insurance Corporation||FDIC should work with the other FFIEC members to complete by the end of March 1998, their guidance to institutions on mitigating the risks associated with corporate customers and reliance on vendors. Further, FDIC should work with other FFIEC members to quickly establish a working group to develop contingency planning guidance and set a deadline for completing this effort.||
On March 17, 1998, FDIC along with the other FFIEC members issued corporate customer and vendor guidance (Year 2000 Impact on Customers and Institution Due Diligence in Connection with Service Provider and Software Vendor Year 2000 Readiness) to the Board of Directors and Chief Executive Officers of all federally supervised financial institutions, service providers, and software vendors. Further, FDIC and the other regulators formed a working group to develop contingency planning guidance. Contingency planning guidance, "Contingency Planning in Connection With Year 2000 Readiness," was issued on May 13, 1998.
|Federal Deposit Insurance Corporation||FDIC should work with the other FFIEC members to develop in an expeditious manner, more explicit instructions to banks for carrying out the latter stages of the year 2000 process--renovation, validation, and implementation--which are the critical steps to ensuring year 2000 compliance.||
In April 1998, FDIC and the FFIEC issued testing guidance ("Testing for Year 2000 Readiness") and in May 1998, issued contingency planning guidance ("Contingency Planning in Connection with Year 2000 Readiness"). Since then, FDIC and FFIEC have issued 7 additional pieces of guidance on year 2000 subjects including data entry software, customer awareness, fiduciary services, customer communications, and business resumption contingency planning.
|Federal Deposit Insurance Corporation||Because the results of the bank assessments to be completed in June 1998 are so critical to FDIC in focusing its activities through the year 2000, FDIC should develop a tactical plan which details the results of its assessments and provides a more explicit road map of the actions it intends to take based on those results.||
FDIC did not prepare a tactical plan that analyzes the results of the year 2000 examinations and that lays out future oversight steps. However, FDIC used its electronic exam tracking system to analyze the results of the examinations to identify those institutions which need increased supervision. In addition, FDIC, along with the other members of FFIEC, has established milestones for banking institutions to complete testing and for regulators to complete the next round of examinations.
|Federal Deposit Insurance Corporation||With regard to FDIC's internal systems, the Chairman, FDIC, should direct the year 2000 oversight committee to: (1) ensure that adequate resources are allocated to complete the internal systems' assessment by the end of March 1998 and take necessary action to ensure this effort is completed on time; and (2) develop contingency plans for each of FDIC's mission-critical systems and core business processes.||
FDIC accelerated its schedule and efforts to complete the assessment phase by the end of March 1998 and prepared contingency plans for FDIC's mission-critical systems and core business processes.
|Federal Deposit Insurance Corporation||FDIC should apply revised year 2000 assessment work program to each bank and vendor, including those where assessments are completed, to determine whether appropriate data have been obtained to make complete assessments.||
FDIC revised its examination procedures to include additional questions on the phases of the year 2000 conversion process. FDIC asked these questions of all banks for which it has supervisory responsibility, including re-contacting institutions that had been examined before the new questions were added.