Senior executives must get personally involved in an institution's plan for resolving year-2000 computer problems, federal regulators said Wednesday.
"The issue is of such import that we wanted to clearly outline what our expectations of senior management and directors are," said Mark L. O'Dell, director for bank technology at the Office of the Comptroller of the Currency. "We expect, as we do our examinations, to find management and the board actively engaged."
Industry officials welcomed the year-2000 guidance, which was issued by the Federal Financial Institutions Examination Council and sent to every bank, thrift, credit union, bank holding company, and banking industry data processing vendor.
"Community bankers are anxiously awaiting this," said Karen M. Thomas, director of regulatory affairs at the Independent Bankers Association of America. "They need further assistance from the regulators on how to proceed with year-2000 action plans."
Most banks already involve senior management and directors in year-2000 programs, said C. William Landefeld, president of Citizens Savings Bank, Bloomington, Ill., and immediate-past chairman of America's Community Bankers.
Regulators urged senior management to submit detailed reports to boards at least once a quarter. The reports should plot progress against the institution's 2000 compliance plan, note the status of key bank vendors and borrowers in fixing their systems, and detail contingency plans if fixes are not competed in time.
In addition, banks that fix year-2000 problems internally should identify affected systems, list the jobs performed by the systems, and summarize tests of changes already made.
The reports will be reviewed by examiners, the agencies said.
Regulators also reminded bankers that inability to solve year-2000 problems could lead to failures. "Year 2000 is much more than a technology issue," they said. "It is an enterprisewide challenge."
The guidance warned bankers not to rely solely on assurances from outside contractors hired to fix computer troubles. Instead, banks must test all systems to ensure they work.
Data-processing vendors should submit detailed plans to banks explaining when their systems will be 2000 compliant, how their systems are being fixed, and how to test the changes.
The agencies also said banks should develop contingency plans in case systems are not ready and they should be prepared to replace vendors that fall behind in 2000 compliance.
"If success is in doubt for complex applications, it may be necessary to begin implementation of the contingency plan while continuing to work on the desired solution," they said.
Finally, the agencies recommended that banks share effective 2000 compliance practices and common testing methodologies.
"By working together, financial institutions can share ideas, influence vendors, develop best management practices, and maintain competitiveness with other industries," the agencies said.
