[Congressional Record Volume 145, Number 48 (Thursday, March 25, 1999)]
[Senate]
[Pages S3451-S3452]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. INHOFE:
  S. 723. A bill to provide regulatory amnesty for defendants who are 
unable to comply with federal enforceable requirements because of 
factors related to a Y2K system failure; to the Committee on 
Governmental Affairs.


                   y2k regulatory amnesty act of 1999

 Mr. INHOFE. Mr. President, I am pleased to rise today to 
introduce Y2K Regulatory Amnesty Act of 1999. I believe this is a 
timely piece of legislation considering the current debate over the 
Year 2000 issue. Senators Bennett, Dodd, Hatch, Feinstein, and McCain 
have been working diligently on Year 2000 issues for quite some time. I 
applaud them for their efforts in dealing with such a unique and 
complex issue.
  However, as I have watched their progress and listened to their 
reports, I have noticed one significant omission in their discussions. 
Virtually nothing has been said about the potential regulatory 
nightmare that regulated entities could face as a result of a Y2K 
disruption. While the debate has been centered on getting government 
and businesses ready for the date change, very little has been said 
about how the government will actually deal with the private sector's 
problems associated with the year 2000. The last thing we need is for 
Regulatory Agencies to view a Y2K problem as an opportunity for a fine.
  As a result, I began to ask several regulated communities about their 
concerns over regulatory penalties as a result of a Y2K disruption. 
Surprisingly, many had not yet begun to think about the potential for 
regulatory problems. Instead, they have been focusing on becoming Y2K 
complaint, which is what they should be doing. However, one question 
remains; how will the federal government react to regulatory 
noncompliance due to a Y2K systems disruption?
  In response to that unanswered question, I am introducing the Y2K 
Regulatory Amnesty Act. My legislation will create a ``Y2K upset'', 
which is defined as an exception in which there is unintentional and 
temporary noncompliance beyond the reasonable control of the party. It 
will provide regulated communities with an affirmative defense from 
punitive actions from the federal government should they encounter a 
Y2K systems disruption.
  My legislation does not create a ``free pass'' for entities to 
violate federal regulations. A ``Y2K upset'' is strictly defined and 
can only be invoked if the entity has made all possible efforts to 
become Y2K complaint and meets other stringent requirements. 
Additionally, if the noncompliance would result in an immediate or 
imminent threat to public health, the defense is not applicable. For 
those individuals who do attempt to use this defense frivolously or 
fraudulently, there will be severe criminal penalties.
  Let me give you an example of how this provision will work. Assume 
that a small, local flower shop is run by a simple 3-computer network. 
The flower shop uses its computer network to manage payroll, accounts 
payable/receivable, and to track orders from customers. In an effort to 
become Y2K complaint, the flower shop hires an outside consultant to 
examine his network for signs of the Y2K bug and solve any problems 
that exist. This process costs the flower shop just over $1,000 but is 
well worth the investment considering the shop wants to be in business 
in January 2000.

  On January 1, 2000, flower shop finds that its payroll software is 
failing to operate. The shop owner contacts the software manufacturer, 
the computer manufacturer, and his consultant in order to find a 
solution. From the outset, the shop owner knows this delay means that 
he will be unable to calculate how much he owes the IRS in payroll 
taxes--not to mention, they will be late. For that small business owner 
that means a hefty penalty on top of the hassle and lost business the 
failure caused in the first place.
  Under my legislation, this small business owner would not be facing 
IRS penalties. The flower shop will still have to pay the taxes, but 
they won't be hit with a fine for a computer problem outside of their 
control.
  This is just one example of how this legislation would assist 
businesses as they attempt to become compliant. However, this 
legislation would also help many others. I have heard from several 
schools in my state that fear that if they lose federally required 
reporting information, they may face losses in federal funding. I have 
also heard from small, rural telephone cooperatives who fear that even 
a short-term Y2K-related systems disruption could result in significant 
FCC fines and penalties. The list is exhaustive. Virtually, anyone 
regulated by the federal government faces the unanswered question as to 
how the federal government will handle a Y2K systems disruption.
  There is also an added benefit to this legislation. Because this 
defense would only apply to those who have made good faith efforts to 
become compliant, it will serve as an added incentive for everyone to 
fix their Y2K problems upfront.
  Some people will say this legislation is unnecessary. However, I 
believe it is prudent to define how the federal government will 
approach Y2K systems disruptions in a regulatory context. But, more 
importantly, I believe we need to establish the rules of the game in 
advance so that everyone is operating from the same page.
  In closing, I would urge each of my colleagues to become a cosponsor 
of the Y2K Regulatory Amnesty Act and join with me in working to 
remediate the potential regulatory problems associated with the coming 
date change.
  Mr. President, I ask that the full text of the bill be inserted in 
the Record.
  The bill follows:

                                 S. 723

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Y2K Regulatory Amnesty Act 
     of 1999''.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Y2K failure.--The term ``Y2K failure'' means any 
     failure by any device or system (including any computer 
     system and any microchip or integrated circuit embedded in 
     another device or product), or any software, firmware, or 
     other set or collection of processing instructions, however 
     constructed, in processing, calculating, comparing, 
     sequencing, displaying, storing, transmitting, or receiving 
     date-related data, including--
       (A) the failure to accurately administer or account for 
     transitions or comparisons from, into, and between the 20th 
     and 21st centuries, and between 1999 and 2000; or
       (B) the failure to recognize or accurately process any 
     specific date, and the failure accurately to account for the 
     status of the year 2000 as a leap year.
       (2) Y2K upset.--The term ``Y2K upset''--
       (A) means an exceptional incident involving temporary 
     noncompliance with applicable federally enforceable 
     requirements because of factors related to a Y2K failure that 
     are beyond the reasonable control of the defendant charged 
     with compliance; and
       (B) does not include--
       (i) noncompliance with applicable federally enforceable 
     requirements that constitutes or would create an imminent 
     threat to public health or safety;
       (ii) noncompliance to the extent caused by operational 
     error or negligence;
       (iii) lack of reasonable preventative maintenance; or
       (iv) lack of preparedness for Y2K.

     SEC. 3. CONDITIONS NECESSARY FOR A DEMONSTRATION OF A Y2K 
                   UPSET.

       A defendant who wishes to establish the affirmative defense 
     of Y2K upset shall demonstrate, through properly signed, 
     contemporaneous operating logs, or other relevant evidence 
     that--
       (1) the defendant previously made a good faith effort to 
     effectively remediate Y2K problems;
       (2) a Y2K upset occurred as a result of a Y2K system 
     failure or other Y2K emergency;
       (3) noncompliance with the applicable federally enforceable 
     requirement was unavoidable in the face of a Y2K emergency or 
     was intended to prevent the disruption of critical functions 
     or services that could result in the harm of life or 
     property;
       (4) upon identification of noncompliance the defendant 
     invoking the defense began immediate actions to remediate any 
     violation of federally enforceable requirements; and
       (5) the defendant submitted notice to the appropriate 
     Federal regulatory authority of a Y2K upset within 72 hours 
     from the time that it became aware of the upset.

     SEC. 4. GRANT OF A Y2K UPSET.

       Subject to the other provisions of this Act, the Y2K upset 
     defense shall be a complete defense to any action brought as 
     a result of noncompliance with federally enforceable 
     requirements for any defendant who establishes by a 
     preponderance of the evidence

[[Page S3452]]

     that the conditions set forth in section 3 are met.

     SEC. 5. LENGTH OF Y2K UPSET.

       The maximum allowable length of the Y2K upset shall be not 
     more than 30 days beginning on the date of the upset unless 
     granted specific relief by the appropriate regulatory 
     authority.

     SEC. 6. VIOLATION OF A Y2K UPSET.

       Fraudulent use of the Y2K upset defense provided for in 
     this Act shall be subject to penalties provided in section 
     1001 of title 18, United States Code.
                                 ______