Little action has been taken to address the Year 2000 problem. Although much has been written about it, somehow few think that the problem really applies to them. This is all the more regrettable since the problem is fixable. But it is essential that it be addressed immediately. For the most part, that is not happening.
Current estimates by reliable industry groups suggest that only one-third of US companies and government agencies have seriously started work on a Year 2000 fix. And the rest of the world has been even slower to take action. A recent British study says that fewer than one in five businesses have taken action. Those figures only represent companies that have started work on the millennium. We would roughly estimated that only five percent of the total work to complete Year 2000 compliance has been accomplished. That means 95 percent of the work remains to be done. This is not a problem about money. It is about time and resources.
Based on a mid-range estimate, it will require an additional ten million staff months in the 30 months remaining before 2000 for all US business to correct its computer systems software. When you factor in the additional requirements for updating new hardware and embedded systems, the estimate can be expanded by at least 25 percent. All these corrections require highly qualified technical personnel. The financial sector probably represents five to ten percent of these requirements.
There is one more element. If companies do not have a solution in place by the end of September 1998 less than 15 months from now their chances of being Year 2000 compliant are greatly diminished. That is because year-end testing should be accomplished prior to the rollover to year 2000 and 1999 is the only opportunity to do so and then make corrections. To accomplish this, we need nearly 1 million people working on the solution today or about 50 percent of the estimated 2 million technical personnel available.
It is an oversimplification, but nevertheless realistic, to say that this problem affects everyone. The size of the company and its assets don't matter. The geopolitical boundaries in which it operates are virtually meaningless. Even those organizations that expect to be Year 2000 compliant could be affected because their computer interfaces, in the normal course of dealing with other institutions which may or may not be compliant, could be contaminated. In short, the problem is all-pervasive.
Banks, at least, seem to be ahead of the field in recognizing that Year 2000 poses a significant problem. In April, Chase disclosed that it will spend $250 million to work on the problem. Recent research from Tower Group disclosed that securities firms spent $7 billion in 1996 on Year 2000 and related computer maintenance projects. Everyone has heard the Gartner Group prediction of $600 billion for a worldwide solution.
In a review of our banking and financial clients, we determined that the majority over 70 percent have programs in place to address the problem. However, our estimates indicate that the banking and financial sector is no more than 10 percent complete.
One of the major concerns for the financial community is the risk to the global infrastructure, particularly to the servicing organizations such as Swift, credit reporting and the ATM networks. The lack of concern and action on the part of the international banking community is particularly distressing. The ability of international banks to operate effectively after the Year 2000 is, in our estimate, seriously in question.
And there are other factors that intensify the basic problem. The current tendency in the banking industry towards consolidation, particularly in terms of mergers and acquisitions, poses and added risk. A bank that has worked hard to become Year 2000 compliant might acquire another bank that hasn't. Then the whole process is back to square one. And what about the creditworthiness of companies to which banks have lent money? If those companies are not Year 2000 compliant, the risk to the banks is greatly magnified. It is very difficult to pinpoint all the possible consequences of non-compliance. All one can do is say that the problem is pervasive.
It should be emphasized that we know what the problem is and how to fix it. And the Federal government can take some specific steps to help. The most obvious is for the appropriate bodies of Congress to use their oversight capabilities to ensure that all government agencies are doing all they can to become Year 2000 compliant and, whether through hearings such as these, legislation, or whatever is necessary, broadcast the fact that this is a real problem with an unmoveable deadline.
More to the point, millennium risk should be factored into the overall risk ranking system used with financial institutions. Insist that auditors apply a consistent, complete and scalable process management approach to all audits. Taking such action will help minimize the risk of short-term failure, maintain relative confidence in the regulatory process and promote consistency across regulated financial industries.
The Federal government could also ensure that network and interconnect systems (ATMs, wire transfer networks, credit verification networks) maintain stated exchange standards which all participants must use. This would also minimize failure risk and help international commerce to continue to operate at or near current levels of effectiveness.
All regulated financial institutions should be required to define the scope of their millennium efforts, including the estimated cost, percentage of completion based on completed systems and outstanding risks, in their quarterly financial disclosures. This will help bring national focus on the major risks associated with the millennium and bolster confidence that the Federal government is providing necessary oversight.
Finally, the government could and should set all-inclusive Year 2000 milestones for the financial services industry if equal or more aggressive milestones are not already in place.
Can any company afford to risk the possibility of not being ready for the Millennium? Those who might take that risk could be sowing the seeds of disaster not just for themselves, but also for many other companies with whom they do business. That is very definitely not worth the risk.
A Washington Post editorial in April was helpful in calling attention to the Year 2000 problem.
But it concluded with the wishful thinking that, while computers "may be too dumb to navigate
the millennium...their human overseers are sure to figure out a way." We have figured out a
way. But is there time for everyone to get the job done? Not unless they start immediately.
Home | Menu | Links | Info | Chairman's Page