BALANCING THE Y2K PICTURE FOR BANK DIRECTORS

It’s time to introduce balance into the Year 2000 dialogue. We’ve all got it, the Y2K bug, and the cure is costly but not necessarily fatal in itself. It helps, as with any disease, to learn as much about it as possible, but the constant focus on the mortality rate obscures a set of positives and one major opportunity that bank directors should not overlook.

Setting the Y2K problem apart from most others is that it does not distinguish between industries. Any function that is directly or indirectly dependent on computers is susceptible. Every computer-reliant organization that may have the bug in the operating system from financial institutions to telephone systems, from oil pipelines to grain elevators, from correctional facilities to auto industry production robotics has to deal with the effects of this decades old coding shortcut. This creates a level of cross-industry dependence that may be unparalleled in world history.

Another unusual factor, yet common in this case to everyone, is the January 1, 2000 date certain. It is a hard deadline. No one can apply for an extension. To be sure, there are other significant dates both before and after the turn of the century (for example, many programmers are interested in how September 9, 1999, read 9999 on computers, will affect systems, if at all), but we all meet the challenge at the same time.

Y2K got our attention not too long ago and, helped along by a certain amount of doomsday hype, inspired an avalanche of "you must" directives and "how to" advice in every form from articles to videos, seminars, and special legal, programming and consulting practices. The initial challenge, of course, is to select which is best for the organization to read, watch, attend, and/or hire to avoid "crashing and burning" on January 1, 2000.

Maybe there will be a crash or, then again, maybe not. The fact is, no one knows. Some predict a mere blip in the system with minor inconveniences such as checks being deposited or delivered a day or two late. Others predict apocalypse as in the case of a major bank economist who assigns a 70 percent probability of worldwide recession. Or the government official who told an audience recently that he intends to be out of the stock market by December 1, 1999. Or the advice that comes in waves to avoid elevators and airplanes, and to be sure to have a full tank of gas and enough cash for 60 days of expenses. All of this is part of an increasingly tense atmosphere that focuses attention on the problem. The challenge of those in positions of responsibility is to move the industry toward solution without causing a level of panic that may be worse than the problem itself.

Let there be no mistake -- Y2K is a problem, a serious one that resonates particularly in the financial services industry. It should neither be ignored nor underestimated. Management and boards of directors have a special interest because of their responsibility for compliance plus, as the regulators are making clear, their liability for non-compliance. As reported in The American Banker (March 4, 1998), a senior FDIC official

. . . also noted that directors are personally responsible for ensuring that their banks are ready. Referring to the hundreds of director and officer liability suits the FDIC filed in the wake of the banking and thrift failures of the late 1980s, he said, "Memories shouldn’t be short. Rose-colored glasses should not be put on."

Federal Reserve Board Governor Edward Kelley’s recent testimony before a committee of the U.S. Senate is equally direct. "Ultimately, the boards of directors and senior management of banks and other financial institutions must shoulder the responsibility for ensuring that the institutions they manage are able to provide high quality and continuous services beginning on the first business day in January of the Year 2000 and beyond."

The American Association of Bank Directors has expressed its concerns with the federal banking agencies that their unbridled enforcement powers not be used indiscriminately against bank directors in connection with the banks’ good faith efforts to comply with agency Y2K directives. Bank directors and senior bank management are not guarantors that glitches will not develop on or after January 1, 2000, and the federal banking agencies should not hold them liable if such glitches develop after the Board of Directors and senior management have made good faith efforts to assure that the bank’s systems will be Y2K compliant.

There is no shortage of articles, seminars and professional advisors on how to deal with Y2K from technical, management, competitive, regulatory and legal perspectives, including how to protect against or at least mitigate liability in post-Y2K law suits. As financial institution managers and directors continue to address Y2K, it would be well to balance (but not temper) the sense of urgency with recognition of several positive trends.

The regulators are on top of the situation. The OCC, FDIC, Fed, OTS and state banking departments are well organized and rigorously working to ensure that banks and savings institutions take all the necessary steps to achieve compliance. Most agencies have established a team or department devoted to Y2K and set up a central information point to handle questions. Assistance is also readily available on agency Web sites. Testing schedules have been set, slow moving institutions have been warned—sometimes painfully—and contingency planning is being emphasized. Federal agency activities have been well coordinated through the Federal Financial Institutions Examination Council (FFIEC), which also has an excellent Web site for banker and director reference.

Banks are expanding outreach efforts to business lines and customer bases in light of Y2K risk. Given the co-dependency caused by Y2K, banks are evaluating in greater depth the technology risk related to their customer and depositor bases. Institutions are reaching out to educate and inform customers about Y2K actions being taken by the bank. The FDIC has provided camera-ready brochure art that can be distributed by any insured institution. Other mailings are directed by banks to customers to raise awareness and help adjust their business systems handle the millennium bug.

Raising senior level awareness among bankers, bank directors and regulators, to the importance of technology. It appears that Y2K is bringing home to senior bank managers, bank directors and regulators the strategic and operating implications of technology more forcefully than ever before. It is dangerous to generalize, but technology has been viewed in many organizations as a separate (albeit necessary) silo of expertise, staffed by technologists who support operations, but are not fully integrated into the management process. As a result of the Y2K initiative, senior bank management, bank directors and senior regulatory officials are reported to be more aware of the growing importance of, as well as the risk related to, the many applications of technology in the financial marketplace.

Approaching Y2K as an opportunity rather than a problem. This is an area that seems to be getting little attention, but is likely to be closely analyzed once the total cost of compliance (not including litigation) is in. Is Y2K being approached in the broad context of an IT (information technology) problem or is simple compliance the end-game? Y2K may be one of, if not the most expensive IT endeavor undertaken by banks. While it may be difficult to focus on anything else in light of the pressures discussed earlier, there are likely to be opportunities to do much more with the same level of expenditure. How many banks are taking advantage of the funding, resources, and senior management attention devoted to Y2K to improve the broader IT base, to identify obsolete systems, upgrade hardware, consolidate software and generally improve investment in legacy systems? There are clearly definable benefits to be realized and strategic information to be leveraged to enhance follow-on projects and improve the quality of the bank’s technology as it moves well into the next century. One international IT executive calls Y2K "an opportunity disguised as a problem."

The impact of Y2K on banking continues to evolve. The M&A market is shifting as the readiness of target institution computer systems are evaluated in terms of compliance liability. The President’s call for legislation to protect businesses—presumably including banks—that disclose fully the status of their Y2K preparations and share information freely may take some of the wind out of the litigation sails and allow resources to be fully directed to Y2K solutions rather than preparing for potential legal fallout. Additionally, the concept of "globalization" of financial services has more practical implications in light of Y2K. The same bug resides in computers world-wide, making international cooperation and communication even more imperative.

And let’s not forget the Y2K entrepreneurs. The next time you page through the American Banker, look at all the ads for Y2K related products. An entire cottage industry is developing around the millennium. Our favorite is the countdown clock that lets you know to the second how much time remains until the Year 2000. That may be the cheapest item on your Y2K shopping list, but what do you do with it after 11:59:59 on December 31, 1999?