With banks well on their way to preparing their computers to deal with the century change, most are turning their attentions to business-risk management, contingency planning, and event preparation.
"Hopefully, banks have got their remediation and testing done," said Mark C. Pomeroy, head of the year-2000 practice group at the Columbus, Ohio, law firm Bricker & Eckler. "Now they should be into contingency planning and looking at details like how many staff they will need on Jan. 1 and what they will do if their providers shut down.
"It's a huge task for banks of any significant size."
At Chase Manhattan Bank, about 1,400 contingency plans are being tested, and about 350 risk scenarios have been identified across all geographies and businesses.
In the event of disruption, plans include identifying alternative ways to deliver services, alternative locations for operations, and increased staff support.
"Banks have remediated huge amounts of code and are now concentrating on planning their first rehearsals,'' said John Hall, spokesman for the American Bankers Association. "Sept. 9 is the first glitch date," he said, referring to the date abbreviation "9/9/99," which could cause some programming anomalies..
Last week, Chase raised its estimates for year-2000-related spending this year from $127 million to $158 million.
The largest part of the increase is directly related to hiring Independent Validation and Verification, or IVV, vendors. IVV is a means of uncovering potential errors in remediated code that may have been missed in testing. Independent third parties take the bank's computer code and run it through sophisticated and specialized examination tools to identify potential problems. Reports to the bank pinpoint the errors.
In December, Chase ran pilots with two vendors. One found a system with an error, and the other discovered a handful of errors.
"If one had actually happened, it could have caused disruption to our overnight processing," said Brian D. Robbins, senior vice president at Chase. "So we asked ourselves, 'Could we handle it if each system had an error?' "
In February, Chase expanded the number of vendors doing its year-2000 remediation from two to five: International Business Machines Corp., CAPGemini, Primeon Inc., Software AG, and Computer Sciences Corp.
More than 80% of Chase's internal mission-critical software, representing more than 130 million lines of code, has been processed through IVV. "For relatively small costs, we can take as much of our internal critical systems as possible and go through IVV," said Mr. Robbins.
Turnaround can take the vendors four to six weeks. "We package the software, the IVV vendors do the reporting, and we analyze their results," Mr. Robbins said.
Generally, he said, "what they find is larger than what the real problems are."
Mr. Pomeroy said getting independent validation is not easy. "Banks need to find the right vendors for different types of systems at the right price." He said such work can involve close coordination with the bank's technology employees, "most of whom have other jobs to do."
Despite the challenges, the banking industry is "the star case of advanced preparation and lack of risk," said Thomas E. Crocker, a partner at the Alston & Bird law firm in Washington. "There has been a concerted effort by the federal bank regulators to have banks complete their compliance programs," Mr. Crocker said.
The Federal Financial Institutions Examination Council has approved the readiness status of 99% of the banks in the country. But like Edward Yardeni, chief economist at Deutsche Banc Alex. Brown, Mr. Crocker questions the preparedness of other countries and said reports from overseas are alarming.
For contingency planning, Chase has implemented two levels of support:
From the bottom up, every business process and support process is looked at in an effort to anticipate systems not working.
At the top, management looks at potential Y2K scenarios. "They are more focused on external events, like reliance on third parties or the supply chain, that could cause slowdown or an isolated disruption," said Mr. Robbins.
When planning, said Mr. Robbins, there are three categories to consider: the "known knowns," the "known unknowns," and the "unknown unknowns."
One way to prepare for known unknowns is to create early-warning indicators in expectation of telecommunications or utility outages. In the case of unknown unknowns, there is no way to prepare or plan except to practice for responses by focusing on simulations and walk-throughs, said Mr. Robbins.
"We're really exercising the decision-making skills of the institution," he said. "Are the right people in place to help us better respond to the event?"
Chase has done a year-2000 credit assessment of its loan portfolios. It has developed scenarios for monthly stress-testing of market-sensitive portfolios through the end of the year. It is also preparing to have appropriate liquidity available at yearend, including increased cash for automated teller machines.
Event preparation continues. Year-2000 command centers are being created, problem tracking and reporting tools designed, and training of "rapid-response teams" taking place. Dress rehearsals have been scheduled for three weekends during the fourth quarter, and command centers will become operational in late December.
"I expect there to be more instances of problems as we hit the fourth quarter," said Mr. Robbins. He said problems could arise because companies are not completely prepared or are behind schedule. This could lead to adequate systems testing being "squeezed out of the process," he said.
But if problems do arise in the fourth quarter, he added, there will be time to react before Jan. 1.
"Y2K has now shifted from a technology focus to a business focus," said Mr. Robbins.
Chase has about 1,500 people doing repair work and systems testing. Another 1,000 are focused on event preparation, contingency planning, getting the command centers ready, and packaging software for the IVV providers.
"Clearly, Y2K is the bank's No. 1 priority, and it remains so until through 2000," said Mr. Robbins.
Most law firms, said Mr. Pomeroy, are "getting ready for damage control." He expects to see the effects of the programming problem showing up sporadically throughout the new year.
Last month Congress enacted the Year-2000 Readiness and Responsibility Act to give "producers and users of technology products" time to assess and remedy, or develop contingency plans for Y2K problems without having to worry about a "significant volume" of "insubstantial" litigation. The law "has eliminated frivolous lawsuits," Mr. Crocker said.