Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.
Financial Institution Letter

Year 2000 Readiness Assessments


TO: CHIEF EXECUTIVE OFFICER
SUBJECT:

Year 2000 Readiness Assessment Strategy for
FDIC-Supervised Financial Institution s

The Federal Deposit Insurance Corporation (FDIC), with assistance from the state banking authorities, completed its second round of on-site Year 2000 readiness assessments of FDIC-supervised financial institutions by March 31, 1999.

As in the first round of on-site assessments, the efforts of each institution were assessed as "Satisfactory," "Needs Improvement," or "Unsatisfactory." The Year 2000 readiness efforts of the vast majority of FDIC-supervised institutions are progressing favorably. Of the 5,867 FDIC-supervised institutions, 5,709—or 97.3 percent—were assessed as "Satisfactory." Of the remainder, 144—or 2.5 percent of the institutions—were assessed as "Needs Improvement," and 14 institutions were assessed as "Unsatisfactory."

The FDIC and other financial institution regulatory agencies continue to place a high degree of emphasis on the Year 2000 readiness efforts of supervised institutions. Since 1996, the Federal Financial Institutions Examination Council (FFIEC) has issued 13 pieces of guidance on various Year 2000 issues. Milestone dates have been established for each of the critical phases of Year 2000 remediation, as well as other important aspects of Year 2000 readiness preparedness.

The final nine months of 1999 represent a critical phase in a financial institution's Year 2000 readiness preparations. By June 30, 1999, financial institutions' testing of mission-critical systems should be complete and implementation of mission-critical systems should be substantially complete. By June 30, 1999, financial institutions should also have substantially completed the development of their business resumption contingency plans and designed a validation method so the plans can be tested for effectiveness and viability.

Procedures for supervisory efforts for the remainder of 1999 were recently communicated to our examination staff. The guidance takes into consideration the limited time available to institutions to provide corrective action. Phase III of the Year 2000 readiness assessment process will consist of a series of quarterly contacts with each FDIC-supervised institution. A combination of on-site visits and telephone contacts will be used depending on the institution’s risk pro FILe. During these contacts, emphasis will be placed on the review of:

  • final testing results;
  • business resumption contingency planning efforts;
  • deficiencies noted during previous Y2K assessments;
  • customer communication and awareness programs;
  • liquidity planning; and
  • credit risk assessment and monitoring.

Examiners will also ensure that institutions continue to report regularly to their boards of directors on the status of Year 2000 readiness efforts.

Rating Criteria

Financial institutions' Year 2000 readiness efforts will continue to be characterized as "Satisfactory," "Needs Improvement," or "Unsatisfactory." The following rating criteria were provided to our staff for clarification:

Satisfactory - A financial institution should generally be rated "Satisfactory" if (1) it is expected to or meets the June 30, 1999, target date for mission-critical testing; (2) it has completed assessing material customers' Year 2000 preparedness, and continues to monitor such preparedness; (3) it has developed an adequate customer awareness strategy; (4) it has begun developing Year 2000 business resumption contingency plans and is expected to meet or meets the June 30, 1999, target date; and (5) the institution is expected to have a process developed to validate the contingency plan by June 30, 1999.

Needs Improvement - A financial institution should generally be rated "Needs Improvement" if (1) it is not expected to meet or does not meet the June 30, 1999, target date for mission-critical testing; (2) its assessment of material customers' Year 2000 preparedness is incomplete or not ongoing; (3) its customer awareness strategy is incomplete or is not responsive to customer concerns; (4) it has not developed Year 2000 business resumption contingency plans by June 30, 1999; or (5) the institution is not expected to meet or does not meet the June 30, 1999, target date for developing a process to validate the business resumption contingency plan.

Unsatisfactory - A financial institution should generally be rated "Unsatisfactory" if (1) its mission-critical testing misses the June 30, 1999, deadline by more than 30 days; (2) its assessment of its material customers' Year 2000 preparedness is significantly flawed; (3) it has not begun developing Year 2000 business resumption contingency plans; or (4) it misses the June 30, 1999, target date for developing a Year 2000 business resumption contingency plan by more than 30 days.

Actions for Institutions Assessed Less than Satisfactory

The short time remaining until the century date change warrants aggressive and prompt supervisory action to achieve desired remedial attention by institutions rated "Needs Improvement" or "Unsatisfactory." The FDIC will generally seek a Safety and Soundness Order pursuant to Section 39(e)(2) or a Cease and Desist Order under Section 8(b) of the FDI Act for institutions assessed as "Needs Improvement" or "Unsatisfactory."

A financial institution's failure to appropriately address Year 2000 readiness problems may result in denials of applications FILed pursuant to the Federal Deposit Insurance Act and in civil money penalties. In addition, a less than satisfactory assessment may result in reductions in the rating of an insured institution's "Management" component or in its composite rating. A less than satisfactory assessment could also result in a decline in an institution's Supervisory Subgroup assignment, causing an increase in the deposit insurance premiums to be paid by the institution.

Management is encouraged to actively utilize the services of its internal audit process and external audit programs. A well-coordinated review and reporting process should substantially lessen the risk that problems will go undetected.

For further information, please contact your Division of Supervision regional office.

James L. Sexton
Director


Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institutions letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room100, Washington, DC 20434 (800-276-6003 or
(703) 562-2200).

FIL-37-99

Last Updated: April 21, 1999