Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure Financial
Institutions Are Fixing Systems, But Challenges Remain (Letter Report,
09/17/98, GAO/AIMD-98-248).

Pursuant to a congressional request, GAO evaluated the Federal Reserve
System's (FRS) efforts to oversee that the 1,618 financial institutions
it supervises successfully address the year 2000 computer problem.

GAO noted that: (1) FRS has been taking the year 2000 problem very
seriously, devoting considerable resources and effort to ensure that the
institutions it oversees mitigate year 2000 risks; (2) it also has been
emphatic in alerting these institutions to the problem and has recently
completed a detailed assessment of the industry's readiness and issued
important year 2000 guidance in conjunction with other financial
institution regulators; (3) further, FRS is planning to conduct
additional readiness examinations between now and March 1999; (4)
however, FRS, like the other regulators, still faces significant
challenges in providing a high level of assurance that individual
institutions will be ready for the year 2000; (5) the primary challenge
is time; (6) with less than 16 months remaining until January 1, 2000,
FRS, with a small number of examiners, must carefully track remediation
efforts being carried out by 1,618 financial institutions, service
providers, and vendors; (7) this time pressure is compounded by the fact
that FRS was late in initiating its detailed assessments of the
industry's year 2000 status and in issuing key guidance documents to
banks to assist them in mitigating their year 2000 risks; (8) to
alleviate this pressure and to better ensure its readiness to address
upcoming challenges, it will be important for FRS to complete the
development of its supervision plans to define in detail the tasks it
must complete in the 16 months remaining; and (9) it will also be
essential for FRS to develop a higher level of assurance that it has
enough technically qualified staff, trained in a timely manner, to carry
out its supervisory and evaluation responsibilities through the year
2000.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-98-248
     TITLE:  Year 2000 Computing Crisis: Federal Reserve Is Acting to 
             Ensure Financial Institutions Are Fixing Systems, But
             Challenges Remain
      DATE:  09/17/98
   SUBJECT:  Information systems
             Computer software
             Systems conversions
             Bank examination
             Systems compatibility
             Strategic information systems planning
             Data integrity
             Federal reserve banks
             Human resources training
             Insured commercial banks
IDENTIFIER:  Y2K
             FFIEC Year 2000 Program
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Report to Congressional Requesters

September 1998

YEAR 2000 COMPUTING CRISIS -
FEDERAL RESERVE IS ACTING TO
ENSURE FINANCIAL INSTITUTIONS ARE
FIXING SYSTEMS, BUT CHALLENGES
REMAIN

GAO/AIMD-98-248

FRS Y2K Bank Oversight

(511112)


Abbreviations
=============================================================== ABBREV

  FFIEC - Federal Financial Institutions Examination Council
  FRS - Federal Reserve System
  IG - Inspector General
  OMB - Office of Management and Budget

Letter
=============================================================== LETTER


B-278918

September 17, 1998

The Honorable Robert F.  Bennett
Chairman, Subcommittee on Financial
 Services and Technology
Committee on Banking, Housing, and
 Urban Affairs
United States Senate

The Honorable James A.  Leach
Chairman, Committee on Banking and
 Financial Services
House of Representatives

This report responds to your requests that we evaluate the Federal
Reserve System's (FRS) efforts to oversee that the 1,618 financial
institutions it supervises successfully address the Year 2000
computer problem.\1 The problem is rooted in the way dates are
recorded and computed in automated information systems.  For the past
several decades, systems have typically used two digits to represent
the year, such as "97" representing 1997, in order to conserve
electronic data storage and reduce operating costs.  With this
two-digit format, however, the year 2000 is indistinguishable from
1900, or 2001 from 1901.  As a result of this ambiguity, system and
application programs that use dates to perform calculations,
comparisons, or sorting may generate incorrect results.  If financial
institutions do not address this problem in time, key automated
systems affecting trillions of dollars will be subject to serious
consequences ranging from malfunction to failure.  Such consequences
could at the very least inconvenience institutions and their
customers.  More significantly, system failures could lead to the
closing of institutions and serious disruptions to the financial
community. 

This report is part of a series of reports and testimonies we have
issued on the status of efforts by federal financial regulatory
agencies to ensure that the institutions they oversee are ready to
handle the Year 2000 computer conversion challenge.  As part of this
series, we previously reported on the efforts of the National Credit
Union Administration, the Federal Deposit Insurance Corporation, and
the Office of Thrift Supervision.\2


--------------------
\1 This number of institutions that FRS is responsible for
supervising excludes bank holding companies with assets under $1
billion.  According to FRS, the Year 2000 efforts of these bank
holding companies are being examined by other federal financial
institution regulators.  (For example, the Federal Deposit Insurance
Corporation and the Office of the Comptroller of the Currency are
responsible for examining the banks owned by the holding companies). 

\2 Year 2000 Computing Crisis:  National Credit Union
Administration's Efforts to Ensure Credit Union Systems Are Year 2000
Compliant (GAO/T-AIMD-98-20, October 22, 1997); Year 2000 Computing
Crisis:  Actions Needed to Address Credit Union Systems Year 2000
Problem (GAO/AIMD-98-48, January 7, 1998); Year 2000 Computing
Crisis:  Federal Deposit Insurance Corporation's Efforts to Ensure
Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98-73, February 10,
1998); Year 2000 Computing Crisis:  Office of Thrift Supervision's
Efforts to Ensure Thrifts' Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-102, March 18, 1998); FDIC's Year 2000 Preparedness
(GAO/AIMD-98-108R, March 18, 1998); and Year 2000 Computing Crisis: 
Federal Regulatory Efforts to Ensure Financial Institution Systems
Are Year 2000 Compliant (GAO/T-AIMD-98-116, March 24, 1998). 


   RESULTS IN BRIEF
------------------------------------------------------------ Letter :1

FRS has been taking the Year 2000 problem very seriously, devoting
considerable resources and effort to ensure that the institutions it
oversees mitigate Year 2000 risks.  It also has been emphatic in
alerting these institutions to the problem and has recently completed
a detailed assessment of the industry's readiness and issued
important Year 2000 guidance in conjunction with other financial
institution regulators.\3 Further, FRS is planning to conduct
additional readiness examinations between July 1998 and March 1999. 

However, FRS, like the other regulators, still faces significant
challenges in providing a high level of assurance that individual
institutions will be ready for the Year 2000.  The primary challenge
is time.  With less than 16 months remaining until January 1, 2000,
FRS, with a small number of examiners, must carefully track
remediation efforts being carried out by 1,618 financial
institutions, service providers, and vendors. 

This time pressure is compounded by the fact that FRS was late in
initiating its detailed assessments of the industry's Year 2000
status and in issuing key guidance documents to banks to assist them
in mitigating their Year 2000 risks.  To alleviate this pressure and
to better ensure its readiness to address upcoming challenges, it
will be important for FRS to complete the development of its
supervision plans to define in detail the tasks it must complete in
the time remaining.  It will also be essential for FRS to develop a
higher level of assurance that it has enough technically qualified
staff, trained in a timely manner, to carry out its supervisory and
evaluation responsibilities through the Year 2000. 


--------------------
\3 These other regulators are the Federal Deposit Insurance
Corporation, the Office of the Comptroller of the Currency, the
National Credit Union Administration, and the Office of Thrift
Supervision. 


   OBJECTIVE, SCOPE, AND
   METHODOLOGY
------------------------------------------------------------ Letter :2

Our objective was to evaluate FRS' efforts to date to ensure that the
institutions it oversees have adequately mitigated the risks
associated with the Year 2000 date change.  We compared these efforts
to criteria detailed in our Year 2000 Assessment Guide.\4 This guide
advocates a structured approach to planning and managing an effective
Year 2000 program through five phases:  (1) raising awareness of the
problem, (2) assessing the extent and severity of the problem, and
identifying and prioritizing remediation efforts, (3) renovating or
correcting systems, (4) validating, or testing, corrections, and (5)
implementing corrected systems.  The guide also identifies other
facets involved in solving the Year 2000 problem, such as identifying
interfaces with outside organizations; specifying how data will be
exchanged in the Year 2000 and beyond; remediating, validating, and
implementing the interfaces; and developing contingency plans to
ensure that core business functions can continue to be performed even
if systems have not been made Year 2000 compliant.  The Office of
Management and Budget (OMB) established a schedule for completing
each of the five phases, including requiring agencies to complete the
assessment phase in the summer of 1997 and the renovation phase by
mid-to late 1998. 

We also compared FRS' efforts against Year 2000 guidance and
procedures set forth by the Federal Financial Institutions
Examination Council (FFIEC).\5 FRS and the federal bank, credit
union, and thrift institution regulators have been coordinating their
efforts through FFIEC to ensure consistent and uniform supervision on
Year 2000 issues. 

In addition, we reviewed correspondence FRS sent to its examiners and
to the institutions it supervises.  In conjunction with the Federal
Reserve's Office of Inspector General (IG), we interviewed examiners
and reviewed examination work papers at the Federal Reserve Banks of
New York, Atlanta, Kansas City, Chicago, Cleveland, and San
Francisco.  In addition, we obtained and reviewed the IG's March 31,
1998, and July 1, 1998, reports on its interim assessment of FRS'
progress on Year 2000 activities.  We also interviewed Federal
Reserve Board officials in Washington, D.C., responsible for
developing and overseeing the implementation of FRS' Year 2000
supervision program, policies, and procedures. 

Our audit work was performed between December 1997 and July 1998 in
accordance with generally accepted government auditing standards.  On
August 4, 1998, we provided the Chairman of the Board of Governors of
the Federal Reserve System with a draft of this report for review and
comment.  On August 7, 1998, and August 26, 1998, we met with the
Federal Reserve Board Assistant Director who is the Year 2000 Program
Officer to discuss the Board's comments, which are discussed in the
"Agency Comments" section of this report. 


--------------------
\4 Year 2000 Computing Crisis:  An Assessment Guide
(GAO/AIMD-10.1.14, September 1997). 

\5 FFIEC was established in 1979 as a formal interagency body
empowered to prescribe uniform principles, standards, and report
forms for the federal examination of financial institutions, and to
make recommendations to promote uniformity in the supervision of
these institutions.  The Council's membership is composed of the
federal bank regulators--the Federal Deposit Insurance Corporation,
the Federal Reserve System, and the Office of the Comptroller of the
Currency--plus the regulators for credit unions and thrift
institutions--the National Credit Union Administration and the Office
of Thrift Supervision, respectively. 


   BACKGROUND
------------------------------------------------------------ Letter :3

Established by the Federal Reserve Act of 1913, FRS is responsible
for conducting monetary policy, maintaining the stability of
financial markets, providing services to financial institutions and
government agencies, and supervising and regulating banks and
bank-holding companies.  FRS is headed by a seven-member Board of
Governors and is comprised of 12 federally chartered corporations,
located throughout the United States, which are known as federal
reserve banks.  FRS is responsible for overseeing the Year 2000
activities of 1,618 institutions, including 990 state member banks,
349 bank holding companies, 221 foreign bank offices, and 9 Edge Act
corporations.\6 According to FRS, these organizations held assets
totaling over $7.7 trillion and deposits of about $3.6 trillion as of
June 30, 1998.  FRS also oversees 49 service providers and software
vendors. 

As part of its goal of maintaining the safety and soundness of
financial institutions, FRS is responsible for examining and
monitoring these institutions' efforts to address the Year 2000
problem.  Addressing the Year 2000 problem in time will be a
tremendous challenge for financial institutions and FRS.  Nearly all
of FRS-regulated financial institutions rely on computers--either
their own or those of a third-party contractor--to process and update
records and for a variety of other functions.  To complicate matters,
most institutions have computer systems that interface with systems
belonging to payment system partners, such as wire transfer systems,
automated clearinghouses, check clearing providers, credit card
merchant and issuing systems, automated teller machine networks,
electronic data interchange systems, and electronic benefits transfer
systems.  Because of these interdependencies, bank systems are also
vulnerable to failure caused by incorrectly formatted data provided
by other systems that are not Year 2000 compliant. 

Financial institutions and their regulators cannot afford to neglect
any of these issues.  If they do, the impact of Year 2000 failures
could be potentially disruptive to vital bank operations and harmful
to customers, as the following examples illustrate. 

  -- Loan systems could make errors in calculating interest and
     amortization schedules.  In turn, these miscalculations may
     expose institutions and data centers to financial liability and
     loss of customer confidence. 

  -- Automated teller machines may malfunction, performing erroneous
     transactions or refusing to process transactions. 

  -- Telephone systems, vaults, and security and alarm systems could
     malfunction. 


--------------------
\6 Edge Act corporations are corporations chartered by FRS to engage
in international banking.  The Board of Governors of FRS reviews and
approves the applications to establish Edge Act corporations and also
has supervisory responsibility for examining the corporations and
their subsidiaries. 


   FRS IS TAKING POSITIVE ACTIONS
   TO ASSESS FINANCIAL
   INSTITUTIONS' YEAR 2000
   READINESS
------------------------------------------------------------ Letter :4

FRS has taken important steps to alert financial institutions to the
risks associated with the Year 2000 problem and to assess what these
institutions are doing to mitigate the risks.  In June 1996, FRS
began its Year 2000 efforts by issuing, with the other FFIEC members,
an awareness letter to financial institutions pointing out the
potential dangers of the Year 2000 problem.  The letter described the
Year 2000 problem and highlighted concerns about the industry's Year
2000 readiness.  It also called on institutions to perform a risk
assessment of how their systems are affected by the Year 2000 problem
and develop a detailed action plan, delineating how to fix their
systems. 

In February 1997, FRS began devoting a full-time effort to the Year
2000 problem, and in May 1997, issued a second, more detailed
awareness letter in conjunction with the other FFIEC members.  This
letter described the five-phase approach to planning and managing an
effective Year 2000 program and highlighted external issues--reliance
on vendors, risks posed by exchanging data with external parties, and
the potential effect of Year 2000 noncompliance on corporate
borrowers--requiring management attention.  The letter also addressed
FFIEC's plans to facilitate Year 2000 evaluations by using uniform
examination guidance and procedures.  Additionally, it (1) directed
banks to inventory core computer functions and set priorities for
Year 2000 goals by September 30, 1997, and (2) strongly encouraged
that programming changes be completed and testing of mission-critical
systems be well underway by December 31, 1998. 

After making its financial institutions aware of the Year 2000
problem, FRS began assessing whether these institutions were taking
appropriate Year 2000 mitigation steps.  This assessment--which
consisted of administering FFIEC's high-level Year 2000 questionnaire
via telephone or on-site visit to about 1,000 organizations--covered
all large banks in the U.S., both domestic and foreign, a sample of
smaller organizations, and some third party providers of data
processing services used by banks, including software vendors.  FRS
completed this initial assessment in mid-1997 and determined that
about 40 percent of the organizations contacted had yet to complete
awareness phase activities, although most had initiated some
assessment phase work. 

Following this initial assessment, FRS undertook more detailed Year
2000 examinations at the 1,618 institutions.  These examinations were
completed in June 1998.  To its credit, FRS made the FFIEC Year 2000
examination procedures more specific to alleviate shortcomings
reported in our previous testimonies.\7 These shortcomings included
using vague terms (such as well into, largely, and well underway) to
describe Year 2000 progress and not collecting all the data needed to
determine where banks are in the Year 2000 correction process. 

According to FRS, the results of its on-site Year 2000 examinations
show that, as of June 30, 1998, 96 percent of the 1,618 institutions
examined are performing satisfactorily.  This does not mean that
these institutions are Year 2000 ready, but rather that they are
proceeding on schedule in accordance with the five-phase Year 2000
approach described in FFIEC's May 5, 1997, guidance.  FRS also
reported that 4 percent of the institutions examined needed to
improve their Year 2000 programs, while less than 1 percent was
performing unsatisfactorily.  Banks needing improvement were
generally behind schedule, not fully aware of the status of Year 2000
efforts, and insufficiently committed to the effort.  Banks
performing unsatisfactorily were seriously behind schedule, did not
understand or recognize the impact of the Year 2000 problem, and were
only minimally committed to the effort.  FRS is taking actions to
deal with institutions in these latter two categories.  For example,
as of June 30, 1998, FRS had issued notification letters to these
institutions requiring that they take formal corrective actions to
address Year 2000 deficiencies.  FRS is also requiring these
institutions to report monthly on how they are progressing in
correcting identified deficiencies.  FRS and the other FFIEC members
are planning to conduct another round of examinations, which will end
on March 31, 1999.  To accomplish this, they recently developed
detailed examination procedures that focus primarily on an
institution's plans and processes for achieving Year 2000 readiness,
with particular emphasis placed on the final phases of the Year 2000
project--testing and implementation--and on the institution's
contingency plans.  On June 23, 1998, FRS also issued guidance
directing each reserve bank to develop a plan--referred to as a Year
2000 Supervisory Review Plan--by July 15, 1998, to ensure that these
follow-on examinations are completed on time. 

In addition to assessing the status of financial institution Year
2000 readiness, FRS has issued guidance to assist in other critical
Year 2000 tasks.  For example, in May 1998, FRS issued guidance in
conjunction with FFIEC on contingency planning.  This guidance was
modeled on our business continuity and contingency planning guide,
which provides a conceptual framework for helping large agencies
manage the risk of potential Year 2000-induced disruptions to their
operations.\8 The FRS guidance emphasized that management and
directors should place a high priority on developing, validating, and
implementing an institution's Year 2000 contingency plan and take
into account the impact of external systems belonging to other
financial institutions, service providers, customers, and suppliers
of power and telecommunications.  In addition, in March 1998, FFIEC
and FRS issued guidance on mitigating the Year 2000 risks associated
with critical bank customers (e.g., large borrowers and capital
providers) and the use of data processing servicers and software
vendors that support bank operations. 

Moreover, FRS initiated outreach efforts to further raise awareness
of the Year 2000 problem.  Specifically, FRS (1) established an
internet site that provides information on its Year 2000 supervisory
program, (2) developed and distributed a Year 2000 awareness video
for bank executives, and (3) conducted about 230 Year 2000 seminars
nationwide for banking industry personnel. 


--------------------
\7 See footnote 2. 

\8 Year 2000 Computing Crisis:  Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998). 


   CHALLENGES CONFRONTING FRS'
   EFFORTS TO ENSURE THAT
   FINANCIAL INSTITUTIONS ARE YEAR
   2000 READY
------------------------------------------------------------ Letter :5

With less than 16 months remaining before the millennium, FRS must
continue to vigorously oversee the Year 2000 correction efforts of
more than 1,600 financial institutions, service providers, and
vendors.  This task will become increasingly challenging as many of
these entities undertake the more difficult and complicated stages of
the remediation efforts. 

FRS was at least 6 months late in addressing the Year 2000 problem. 
As mentioned previously, FRS did not initiate its Year 2000 program
until June 1996, when FFIEC issued its first Year 2000 awareness
memorandum.  However, our guidance\9

indicates that Year 2000 efforts should have begun by January 1996. 
Further, FRS initially did not keep pace with generally accepted Year
2000 schedules.  According to both GAO and OMB, organizations should
have completed awareness and assessment phases and be midway through
the renovation phase by December 1997.  FRS began detailed on-site
examinations in mid-1997, but did not complete them until June 1998,
when organizations should have been nearly done with renovations. 

FRS' late start was further compounded by limited Year 2000 training
for information systems and other examiners during the early phase of
the detailed examinations.  Prior to the examinations, FRS addressed
the century date change as part of information systems examiner
training on emerging bank technologies.  Recognizing that more
comprehensive training was needed, FRS developed a Year 2000 course
for information systems and other examiners to raise their Year 2000
awareness, increase their knowledge of steps financial institutions
should take to address the Year 2000 problem, teach them to review
bank project planning efforts, and enable them to use the FFIEC's
standard Year 2000 examination procedures.  The training, however,
was not initiated until January 29, 1998--well after detailed
examinations were underway.  For the next round of examinations, FRS
finished training examination staff by the end of July 1998 and did
not schedule the vast majority of examinations until after that time. 

Lastly, FRS and the other regulators were late in issuing key
guidance on business continuity and contingency planning, corporate
borrowers, and software and service vendors.\10 For example, in our
testimony on the Federal Deposit Insurance Corporation's Year 2000
efforts,\11 we pointed out that business continuity and contingency
planning guidance should have been issued before banks began
completing the assessment phase (around mid-1997).  FFIEC's
contingency planning guidance, however, was not issued until mid-May
1998. 

Because FRS and the other regulators started late and fell behind
recommended schedules, they had less time to conduct follow-up
reviews.  In addition, the delay in providing timely guidance
increased the risk that banks and other financial institutions would
postpone taking action to mitigate important Year 2000 risks or would
take actions that did not effectively mitigate the risks.  One
regulator found during its on-site examinations that some community
banks had not prepared contingency plans because they were waiting
for the regulators to issue their contingency planning guidance. 

FRS is now working to mitigate the effects of these problems. 
Specifically, it directed the reserve banks to develop supervisory
review plans to ensure that the next round of exams--referred to as
Phase II exams--are completed on time.  FRS also directed the reserve
banks, in preparing the plans, to place a high priority on (1) the
largest financial institutions that present the greatest degree of
risk to the financial system, (2) those institutions that have been
previously identified as less than satisfactory, and (3) the largest
service providers and software vendors. 

As of July 31, 1998, FRS had received and approved the reserve bank
plans.  However, because FRS had not directed the reserve banks to
assess whether they had the technical examiners needed to execute
their plans, the plans do not address this problem.  As part of this
planning effort, it is critical that FRS determine whether it has the
number of technical examiners needed to evaluate the later stages of
the Year 2000 conversion process.  FRS currently has 73 information
systems examiners--31 full time and 42 part time; it does not yet
know whether this number is sufficient to complete technically
complex examinations in 1,618 institutions by March 1999. 

FRS is aware of this challenge and has begun to take steps to address
it.  First, FRS has begun to assess the number of technical and other
examiners needed for the Phase II exams.  In addition, FRS officials
told us they have trained and are making available 106 examiners--32
full time and 74 part time--from other disciplines (e.g., safety and
soundness) to assist in the exams.  Finally, FRS officials told us
they plan to defer approximately 300 regularly scheduled bank
information technology exams to free up technical resources for Year
2000 work.  While these steps may mitigate the problem, FRS will not
know whether these steps will be sufficient until a comprehensive
assessment is performed and completed.  If resources are strained or
insufficient, FRS could be forced to delay completing Year 2000
examinations, reduce their scope, or not perform some of them at all. 
In the first case, institutions would be left with less time to
remediate any deficiencies.  In the second, FRS might overlook issues
that could lead to failures.  In any case, the risk of noncompliance
by banks--and the government's exposure to losses--is increased as
examination coverage is reduced. 


--------------------
\9 Year 2000 Computing Crisis:  An Assessment Guide
(GAO/AIMD-10.1.14, September 1997). 

\10 See footnote 2. 

\11 GAO/T-AIMD-98-73, February 10, 1998. 


   CONCLUSIONS
------------------------------------------------------------ Letter :6

FRS has a good appreciation for the Year 2000 problem, has made
significant progress in assessing the readiness of member
institutions, and is preparing itself for the work that needs to be
done over the next 16 months to ensure that the institutions it
supervises are ready for the Year 2000.  Looking forward, the
challenge for FRS, and the other regulators, is to make the best use
of limited resources in the time remaining.  The challenge is great,
as a small number of examiners have limited time to assess the
problems of thousands of financial institutions, service providers,
and vendors.  To their advantage, FRS and the other regulators have
spent the last year developing a picture of how their industry
stands, including which institutions are at high risk of not being
ready for the millennium and require immediate attention, which
service providers and vendors are likely to be problematic, and the
extent of the problems remaining.  For example, by carefully
analyzing available data, the regulators should be able to identify
common problems or issues generic to institutions that are of similar
size and use specific service providers.  This, in turn, will allow
regulators to regroup, develop specific strategies, and have a more
defined sense of the risks and the actions required to mitigate those
risks. 


   RECOMMENDATIONS
------------------------------------------------------------ Letter :7

We recommend that the Chairman of the Board of Governors of the
Federal Reserve System direct the reserve banks to revise their
supervisory review plans by October 1, 1998, to include (1) a
determination of how many technical and other examiners they need to
adequately oversee the Year 2000 efforts of member banks, data
processing servicers, and software vendors and (2) a strategy for
obtaining these resources and maintaining their availability. 


   AGENCY COMMENTS
------------------------------------------------------------ Letter :8

In commenting on a draft of this report, FRS agreed with our
findings, conclusions, and recommendations.  FRS also provided
certain technical comments, which we incorporated as appropriate. 


---------------------------------------------------------- Letter :8.1

We are sending copies of this report to the Ranking Minority Members
of the Subcommittee on Financial Services and Technology, Senate
Committee on Banking, Housing, and Urban Affairs, and the House
Committee on Banking and Financial Services and to the Chairman and
Ranking Minority Members of the Senate Committee on Banking, Housing
and Urban Affairs, Senate Special Committee on the Year 2000
Technology Problem, and the Subcommittee on Government Management,
Information and Technology, House Committee on Government Reform and
Oversight.  We are also sending copies to the Chairman of the Board
of Governors of the Federal Reserve System, the Comptroller of the
Currency, the Chairman of the Federal Deposit Insurance Corporation,
the Director of the Office of Thrift Supervision, the Chairman of the
National Credit Union Administration, the Chair of the President's
Council on Year 2000 Conversion, the Director of the Office of
Management and Budget, and the Federal Reserve Board's Inspector
General.  Copies will also be made available to others upon request. 

If you have any questions on matters discussed in this report, please
call me or Gary Mountjoy, Assistant Director, at (202) 512-6240. 
Major contributors to this report are listed in appendix I. 

Jack L.  Brock, Jr.
Director, Governmentwide and Defense
 Information Systems


MAJOR CONTRIBUTORS TO THIS REPORT
=========================================================== Appendix I

ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION, WASHINGTON,
D.C. 

Ronald Hess, Senior Information Systems Analyst
Cristina Chaplain, Communications Analyst


   ATLANTA FIELD OFFICE
--------------------------------------------------------- Appendix I:1

Carl Higginbotham, Evaluator-in-Charge
Tonia Brown, Senior Evaluator
Teresa Tucker, Senior Information Systems Analyst
John Ortiz, Evaluator


*** End of document. ***