SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (Letter Report, 03/06/98, GAO/GGD/AIMD-98-51).

Pursuant to a congressional request, GAO reviewed the Securities and
Exchange Commission's (SEC) report on the status of its efforts to
ensure that its computer systems, as well as those used by participants
in the securities industry, are ready for the date changeover in the
year 2000, focusing on: (1) SEC's June 1997 report on the status of year
2000 compliance by SEC, the securities industry, and public companies to
identify any ways that future reports might be improved; (2) the
adequacy of SEC's oversight of the year 2000 remediation efforts
directed at its internal systems, self-regulatory organizations (SRO),
broker-dealers, and other regulated entities; and (3) the guidance SEC
has provided to public companies for disclosing year 2000 remediation
efforts.

GAO noted that: (1) SEC's first report in June 1997 provided an overview
of the efforts that SEC and various industry participants had made to
address year 2000 issues, but did not contain the specific, detailed
information that Congress will need to assess progress as the year 2000
approaches; (2) according to an agency official, SEC had collected more
detailed information from some market participants, such as SROs; (3)
the official said that SEC did not include this information in the
report because SEC had been focused on assessing the extent to which
market participants were aware of the year 2000 problem and had begun
taking steps to address it; (4) the Office of Management and Budget's
(OMB) reporting format offers guidance on the type of detailed
information SEC might provide Congress in future reports; (5) such
information includes: (a) the systems considered critical to the
continued functioning of the U.S. securities markets; (b) the progress
made in moving these systems through the various phases of achieving
year 2000 compliance; (c) the timeframes required to complete each
phase; (d) the efforts necessary to address systems that are behind
schedule; and (e) the contingency plans for systems that may not be
ready in time; and (6) also, as the year 2000 approaches and less time
to make adjustments is available, SEC's yearly progress updates may be
too infrequent for congressional needs.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  GGD/AIMD-98-51
     TITLE:  SEC Year 2000 Report: Future Reports Could Provide More 
             Detailed Information
      DATE:  03/06/98
   SUBJECT:  Systems conversions
             Strategic information systems planning
             Information resources management
             Data integrity
             Brokerage industry
             Reporting requirements
             Securities
             Computer software

             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Report to the Ranking Minority Member, Committee on Commerce,
House of Representatives

March 1998

SEC YEAR 2000 REPORT - FUTURE
REPORTS COULD PROVIDE MORE
DETAILED
INFORMATION

GAO/GGD/AIMD-98-51

SEC Year 2000 Report

(233533)


Abbreviations
=============================================================== ABBREV

  OMB - Office of Management and Budget
  SEC - Securities and Exchange Commission
  SRO - self-regulatory organization

Letter
=============================================================== LETTER


B-278067

March 6, 1998

Honorable John D.  Dingell
Ranking Minority Member
Committee on Commerce
House of Representatives

Dear Mr.  Dingell: 

On July 21, 1997, you asked us to review the Securities and Exchange
Commission's (SEC) report on the status of its efforts to ensure that
the computer systems it uses, as well as those used by participants
in the securities industry, are ready for the date changeover in the
year 2000.  SEC issued its report\1 in response to your request that
it report annually on the progress made in addressing this issue. 

Your letter specifically requested that we review (1) SEC's June 1997
report on the status of Year 2000 compliance by SEC, the securities
industry, and public companies to identify any ways that future
reports might be improved; (2) the adequacy of SEC's oversight of the
Year 2000 remediation efforts directed at its internal systems,
self-regulatory organizations (SRO), broker-dealers, and other
regulated entities; and (3) the guidance SEC has provided to public
companies for disclosing Year 2000 remediation efforts. 

We agreed with your office that this report would focus only on ways
to improve the content and format of future SEC Year 2000 reports to
Congress, to provide SEC as much time as possible to incorporate any
changes into its next report.  We intend to address the remaining
issues discussed in your letter separately in a subsequent review. 


--------------------
\1 Report to the Congress on the Readiness of the United States
Securities Industry and Public Companies to Meet the Information
Processing Challenges of the Year 2000, Staff of SEC (June 1997). 


   RESULTS IN BRIEF
------------------------------------------------------------ Letter :1

SEC's first report in June 1997 provided an overview of the efforts
that SEC and various industry participants had made to address Year
2000 issues, but did not contain the specific, detailed information
that Congress will need to assess progress as the year 2000
approaches.  According to an agency official, SEC had collected more
detailed information from some market participants, such as SROs. 
The official said that SEC did not include this information in the
report because SEC had been focused on assessing the extent to which
market participants were aware of the Year 2000 problem and had begun
taking steps to address it. 

The Office of Management and Budget's (OMB) reporting format offers
guidance on the type of detailed information SEC might provide
Congress in future reports.  Such information includes (1) the
systems considered critical to the continued functioning of the U.S. 
securities markets; (2) the progress made in moving these systems
through the various phases of achieving Year 2000 compliance; (3) the
time frames required to complete each phase; (4) the efforts
necessary to address systems that are behind schedule; and (5) the
contingency plans for systems that may not be ready in time.  Also,
as the year 2000 approaches and less time to make adjustments is
available, SEC's yearly progress updates may be too infrequent for
congressional needs. 


   BACKGROUND
------------------------------------------------------------ Letter :2

To function properly, the U.S.  securities industry and capital
markets require timely and accurate flows of electronic information. 
This information is transmitted through and processed within a vast
network of computerized systems managed by stock, options, and
futures exchanges; broker-dealers; banks; mutual funds; and various
other organizations.  These systems handle such tasks as displaying
price quotations, routing orders to buy or sell, executing trades,
and transferring securities and payments (clearance and settlement). 
In addition, SEC has internal systems that help it perform its
regulatory responsibilities.  All of these systems are potentially
vulnerable to errors or malfunction as a result of the impending date
changeover. 

The Year 2000 problem is rooted in the way dates are recorded and
computed in many computer systems.  For the past several decades,
systems have typically used two digits to represent the year, such as
"97" to represent 1997, in order to conserve on electronic data
storage and reduce operating costs.  With this two-digit format,
however, the year 2000 is indistinguishable from 1900, 2001 from
1901, and so on.  As a result of this ambiguity, system or
application programs that use dates to perform calculations,
comparisons, or sorting may generate incorrect results when working
with years after 1999.  For example, a broker-dealer with a system
that is not compliant may be unable to receive payment information in
January 2000 for securities that it sold in December 1999 if its
computer systems fail to accept incoming data with a Year 2000 date. 
In a speech to international bankers, the president of the New York
Federal Reserve Bank indicated that the Year 2000 software date
change poses a major risk for world financial markets and that the
world economy could be damaged if efforts to address the Year 2000
problem are not carried out correctly. 

SEC is the primary federal agency responsible for overseeing the
securities markets in the United States.  It promulgates regulations,
reviews market operations, conducts inspections of market
participants, and takes enforcement actions in response to violations
of the securities laws and accompanying regulations.  The securities
laws allow SEC to delegate some of its responsibilities to the
entities that operate the various stock and options markets as SROs. 
SROs develop and enforce rules for their members.  They include the
New York Stock Exchange, the National Association of Securities
Dealers, and other regional securities exchanges that maintain the
physical securities or their electronic equivalent.  The SROs
directly oversee their member broker-dealers, which buy and sell
securities on behalf of customers.  SEC oversees the SROs as well as
investment companies that sell mutual funds, investment advisers who
dispense investment advice or manage customer funds, and transfer
agents who maintain records on behalf of companies that issue
securities.  Consequently, SEC and the SROs have primary
responsibility for ensuring that Year 2000 problems in the securities
industry do not adversely affect individual investors or the
securities markets. 

Various organizations provide guidance for assessing, planning, and
managing Year 2000 readiness programs.  For example, we and other
organizations, such as information technology consulting firms, have
issued guidance for agencies and firms seeking assistance in
formulating their Year 2000 remediation efforts.  Our guidance on
addressing the Year 2000 problem, contained in Year 2000 Computing
Crisis:  An Assessment Guide (GAO/AIMD-10.1.14, Sept.  1997),
incorporates guidance and practices identified by leading
organizations in the information technology industry.  Our assessment
guide recommends that organizations proceed through a five-phased
approach to resolving their Year 2000 computing issues.  These phases
are awareness, assessment, renovation, validation, and
implementation.  SEC appears to be using a similar approach but has
organized its program into six phases by dividing the validation
phase into internal testing and integrated testing.\2

In May 1997, OMB issued a format for federal agencies to report on
the progress of their Year 2000 efforts.\3 Specifically, OMB has
asked that each agency report its total number of mission-critical
systems; the number that are currently Year 2000 compliant; and the
progress made in replacing, repairing, or retiring those systems that
are not yet compliant.  Although the guidance applies to a large
number of federal agencies, SEC was not one of the agencies required
to report. 

The Securities Industry Association, an organization that represents
a large segment of the securities industry, is playing an important
role in coordinating the industry's Year 2000 efforts.  This
association has established a steering committee--made up of
representatives from various SROs, broker-dealers, investment
companies, third party software vendors, and others--to develop a
strategy for industry remediation and coordinated testing schedules. 


--------------------
\2 The terminology that SEC uses to describe its approach also
differs in one other area--the agency's third phase is called
remediation, whereas our assessment guide refers to this phase as
renovation. 

\3 Memorandum for Heads of Selected Agencies:  Computer Difficulties
Due to the Year 2000--Progress Reports, Executive Office of the
President, OMB (Washington, D.C.:  May 7, 1997). 


   SCOPE AND METHODOLOGY
------------------------------------------------------------ Letter :3

To evaluate how SEC's report discussed the agency's efforts to
address the Year 2000 problem for its internal systems and identify
any ways that future reports could be improved, we interviewed
officials in SEC's Office of Information Technology.  We also
reviewed internal reports, plans, and timetables concerning the
agency's efforts to repair its own systems.  To evaluate how SEC's
report discussed the efforts of market participants to address the
Year 2000 problem, we interviewed SEC officials in the various
divisions and offices within the agency responsible for overseeing
SROs, broker-dealers, investment companies, investment advisers, and
other market participants.  We also reviewed documents SEC had
collected from market participants to assess what type of information
the agency had analyzed and thus could summarize in future reports. 
In addition, we assessed the extent to which SEC's report contained
information that related to the various criteria set out in our own
guidance for addressing Year 2000 issues and in the OMB guidance for
selected federal agencies reporting on their Year 2000 efforts. 

We requested comments on a draft of this report from the Chairman,
SEC.  SEC provided written comments, which are discussed at the end
of this report and reprinted in appendix II.  SEC also suggested
technical changes, which we incorporated where appropriate.  We
conducted our review from August 1997 through January 1998 in
accordance with generally accepted government auditing standards. 


   SEC'S REPORT PROVIDED AN
   OVERVIEW OF SECURITIES INDUSTRY
   EFFORTS TO PREPARE FOR THE YEAR
   2000
------------------------------------------------------------ Letter :4

SEC's June 1997 report provided an overview of its own and industry
participants' efforts to prepare for the year 2000.  To assemble the
report, SEC formed a task force that included representatives of each
of its major operating divisions.  These divisional representatives
contacted various market participants under the representatives'
jurisdiction by letter or telephone, requested and reviewed documents
provided by these participants, and discussed Year 2000 issues as
part of on-site examinations of some participants.  They compiled the
report from the information provided and structured it to address the
specific questions you raised in your December 6, 1996, letter that
requested annual SEC progress reports. 

SEC's report provided a high-level description of the status of Year
2000 remediation efforts for SEC internal systems, including detailed
information on the status of SEC mission-critical systems.  For
mission-critical systems, the report discussed the total number of
systems, how many are currently Year 2000 compliant, and how many are
not compliant and will be either replaced or renovated.  The report
also provided SEC's schedule for completing some of the phases of the
remediation process for mission-critical systems.  SEC did not report
the status of its critical internal systems in relation to its
six-phased approach for achieving Year 2000 readiness.  Indicating
the status of its critical systems in relation to the six phases
would provide a more structured means to assess the progress SEC has
made in addressing the Year 2000 problem for its internal systems. 

The report also described SEC's efforts to promote awareness of the
Year 2000 problem throughout the securities industry.  It included a
listing of the major organizations that SEC contacted within the
securities industry and a description of how it coordinated its
efforts with these organizations to ensure that systems throughout
the securities industry are being readied for the year 2000.  The
organizations contacted included associations that represented SROs,
broker-dealers, transfer agents, investment companies, and investment
advisers.  The report also provided a discussion of issues relating
to public company financial statements, including auditing, auditor
independence, and other accounting considerations.  Finally, the
report discussed SEC's guidance to public companies regarding the
extent to which these companies should include information in their
public disclosure filings if the costs or consequences of the Year
2000 problem would have a material effect on reported financial
information. 


   SEC'S REPORT DID NOT INCLUDE
   DETAILED INFORMATION ON MAJOR
   SYSTEMS CRITICAL TO THE
   CONTINUED FUNCTIONING OF THE
   U.S.  SECURITIES MARKETS
------------------------------------------------------------ Letter :5

Although it provided an overview of the status of its own and
securities industry participants' efforts to address the Year 2000
problem, the report did not identify those systems that might be
critical to the continued functioning of the U.S.  securities
markets.  Furthermore, it did not provide sufficient information
about the timing and status of efforts by SROs, broker-dealers,
investment companies, and other market participants to address their
systems.  In addition, it did not discuss what efforts will be made
to address systems or organizations that have fallen behind schedule
or what contingency planning is occurring to address systems that
will not be ready in time.  Such information is being required by OMB
from other federal agencies and provides a more complete picture of
Year 2000 readiness. 

According to our assessment guide, identifying and assessing
mission-critical systems are important because an enterprisewide
inventory of information systems and their components provides the
necessary foundation for Year 2000 program planning.  Identifying and
addressing Year 2000 problems in critical systems are essential to
ensuring that securities market operations continue without
disruption and could also help market participants focus on their
most critical systems as part of their overall efforts.  Since May
1997, OMB has required selected federal agencies to report on the
total number of mission-critical systems each has; the number of such
systems that are currently Year 2000 compliant; and whether remaining
systems are being replaced, repaired, or retired. 

SEC's report identified the number of internal systems SEC considered
critical to its operations, but did not provide similar information
on market participants' systems considered critical to the continued
functioning of the U.S.  securities markets.  SEC officials said that
they had determined whether SROs had conducted detailed inventories
and identified critical systems because of the importance of these
entities to the securities markets.  The officials said that they
generally had not collected similar information from market
participants such as broker-dealers or investment companies because
they had concentrated on ensuring that these participants were aware
of and beginning to focus on Year 2000 problems.  In addition, the
officials said they also had begun identifying the steps these
participants had taken to address the problems.  However, they did
not report the extent to which market participants' systems had
progressed through SEC's six-phased process. 

An SEC official also told us that SEC did not include more detailed
information on market participants' systems in its report because the
participants considered the information to be sensitive and SEC had
promised to maintain its confidentiality.  However, it may be
possible to report more detailed information without compromising the
confidentiality of data from specific market participants.  One way
to do so would be to report summary data by type of securities market
participant, with separate breakouts grouping the numbers of systems
managed by industry segments, such as SROs, broker-dealers,
investment companies, investment advisers, or transfer agents.  This
would provide more detail without identifying specific data or market
participants.  To indicate the status of systems most likely to have
a significant impact on the continued functioning of the U.S. 
securities markets, SEC could group the summary data by some measure
of their size or importance to the market, such as the percentage of
total market trading volume or market capitalization that each
grouping represented.  Appendix I shows examples of ways to report
this information for the securities industry based on OMB's suggested
reporting format. 

SEC's June 1997 report also did not indicate time frames that market
participants are following for completing the various phases
necessary to address the Year 2000 problem.  For example, our
assessment guide indicates that organizations should have been
finished with the first two phases of the process--awareness and
assessment--by around mid-1997 and should already have initiated
activities to renovate systems with date-related deficiencies. 
According to SEC officials, they have generally asked market
participants to describe the expected time frames associated with
each organization's Year 2000 readiness program, and SEC intends to
track these organizations' progress against these time frames as part
of its oversight.  For example, SEC intends to track most
organizations against the time frames established by the Securities
Industry Association, which it considered to be more aggressive than
the time frames established by other organizations, such as OMB. 
However, this information was not included in the June 1997 report. 
Such information would provide an essential measure of progress for
critical systems. 

SEC's report also did not provide information concerning the steps to
be taken to address systems or organizations that have fallen behind
schedule in addressing the Year 2000 problem.  OMB requires selected
federal agencies to include exception reports in their annual and
quarterly reports for mission-critical systems that are being
replaced or repaired and are at least 2 months behind schedule.  OMB
expects these exception reports to include an explanation of why the
systems are behind schedule, a description of what is being done to
accelerate the effort, a new schedule for replacement or completion
of the remaining phases, and a description of the funding and other
resources necessary to achieve compliance.  The reporting of such
information allows OMB to make an assessment of whether the steps
being taken to correct such systems are adequate for getting them
back on schedule. 

SEC's report also did not contain sufficient information to assess
the level of contingency planning that it and market participants are
conducting as part of preparing for the year 2000.  SEC officials
said that securities market participants were generally not far
enough along in the overall Year 2000 process to be involved in
detailed contingency planning yet, but recognized its importance. 
Because the year 2000 is less than 2 years away, contingency planning
for systems that will not be ready is an important part of any
organization's preparations.  As noted in our assessment guide,
correcting the Year 2000 problem is difficult because systems
frequently consist of multiple programs, operating systems, computer
languages, and hardware platforms.  Resolving date coding problems
for computer systems is a labor-intensive and time-consuming process,
and some systems, portions of systems, or instances of date
dependencies may be overlooked during the remediation process. 
Therefore, having sound contingency plans, which involves identifying
or designing alternative means for processing information, will be
important for ensuring the continued functioning of the securities
markets.  Developing and reporting on such plans soon might help
reveal certain alternatives or contingencies to be unworkable, too
expensive, or otherwise impractical. 


   ANNUAL REPORTING MAY NOT BE
   ADEQUATE AS THE YEAR 2000
   APPROACHES
------------------------------------------------------------ Letter :6

Monitoring an organization's efforts to ensure that its computer
systems are ready will become even more critical as the year 2000
draws nearer.  In this regard, annual reports from SEC may not
provide sufficiently timely information.  Recognizing the
time-critical nature of the Year 2000 problem, OMB's reporting
guidance for selected federal agencies requests that these
organizations provide quarterly reports on the status of their Year
2000 efforts.  Other organizations are requiring even more frequent
reporting.  For example, the Treasury Department is requiring its
bureaus to report their status monthly.  More frequent reporting by
SEC would help to identify any problems sooner and thus provide
Congress and SEC additional time to take action should the need
arise. 


   CONCLUSIONS
------------------------------------------------------------ Letter :7

Because SEC was primarily concerned with promoting and assessing
awareness of the Year 2000 problem, its June 1997 report focused on
the early stages of the industry's preparations for the year 2000 and
did not provide specific information on the status of particular
systems.  However, as the year 2000 approaches, information similar
to that required by OMB, but reported more frequently, would provide
a better indication of the progress being made to ensure the
readiness of systems critical to the continued functioning of the
U.S.  securities markets. 


   RECOMMENDATION
------------------------------------------------------------ Letter :8

We recommend that the Chairman, SEC, include in SEC's Year 2000
status reports to Congress information similar to that required of
other federal agencies by OMB.  Specifically, SEC reports should
include information on

  -- the systems critical to the continued functioning of the U.S. 
     securities markets;

  -- the progress made in moving critical systems through the various
     phases of achieving Year 2000 compliance;

  -- the time frames required to complete each phase of the process;

  -- the efforts necessary to address systems that are behind
     schedule; and

  -- the contingency plans for systems that may not be ready in time. 

SEC should also report such information more frequently, such as
quarterly update briefings, to keep Congress informed as the year
2000 approaches. 


   AGENCY COMMENTS AND OUR
   EVALUATION
------------------------------------------------------------ Letter :9

SEC provided us with written comments on a draft of this report. 
(See app.  II.) SEC generally agreed with our recommendation that it
report more specific, detailed information to Congress on the
industry's Year 2000 progress.  SEC also agreed with our suggestions
to focus particularly on the industry's overall progress in moving
its operations through the various phases of achieving Year 2000
compliance and on providing contingency planning information for the
1998 report.  SEC also agreed that an annual report to Congress may
not provide sufficiently timely information.  It said that it is
currently providing briefings to certain congressional staff and
would be willing to include the staff of any member of Congress in
such briefings.  If made available to all interested Members and
staff and conducted as frequently as needed, such briefings could
meet the intent of our recommendation. 

SEC stated, however, that OMB reporting requirements are not a
workable model for reporting on the systems of entities that SEC
regulates.  Specifically, SEC stated that it is not feasible to
provide all the information required by OMB for the mission critical
and non-mission-critical systems of every regulated entity in the
securities industry because of the size of the industry, limited SEC
resources, and the SEC's sharing of oversight authority. 

We used the OMB reporting requirements as an example of how SEC could
improve its reporting on the progress being made to ensure the
readiness of systems critical to ongoing market operations.  We did
not intend that SEC report detailed information for the
mission-critical and non-mission-critical systems of each regulated
entity, although each entity should be tracking the progress of its
own systems.  We believe that, for Congress to have the information
necessary to assess industry readiness, SEC needs to identify and
provide detailed information on those systems that are critical to
the functioning of the industry as a whole.  Such systems likely
include those related to trading, clearing, and other functions
important to market operations, as well as those used by major market
participants.  We revised the text and recommendation to clarify our
intent and discuss alternative ways to consolidate information about
these critical systems in appendix I.  For example, rather than
reporting the status of systems for every member of an exchange or
every broker-dealer, SEC could, at a minimum, report on the combined
status of the systems for the major exchanges and largest
broker-dealers. 


---------------------------------------------------------- Letter :9.1

As arranged with your office, unless you publicly announce this
report's contents earlier, we plan no further distribution of it
until 15 days after the date of the letter.  We will then send copies
to other interested members of Congress, SEC, the New York Stock
Exchange, the National Association of Securities Dealers, and other
relevant organizations.  Copies will be made available to others on
request. 

Please contact me on (202) 512-8678 if you or your staff have any
questions.  Major contributors to this report are listed in appendix
III. 

Sincerely yours,

Richard J.  Hillman
Associate Director
Financial Institutions and Markets Issues


EXAMPLE OF REPORTING FORMAT FOR
INFORMATION ON MISSION-CRITICAL
SYSTEMS USED BY VARIOUS SECURITIES
MARKET PARTICIPANTS
=========================================================== Appendix I

The following table represents a possible format for reporting
information on the readiness of securities market participants'
electronic systems.  Other equally acceptable reporting formats or
means of presenting this information likely exist.  The format
presented here seeks to capture several key aspects of the
information, including some measure of importance for the entities
(such as percentage of market trading volume); the extent to which
systems are already compliant; and for those that are not, how far
along in the six phases of the Year 2000 readiness process they are. 
The names of individual organizations would not have to be identified
but instead information could be combined and presented for groups of
organizations, as shown.  Further, the percentage of systems that
have completed each Year 2000 phase may not accurately reflect the
amount of work remaining to be done if the larger systems with more
lines of code remain unfinished.  In such cases, market participants
could disclose more information to better describe the actual work
remaining. 



                                                                      Table I.1
                                                       
                                                          Example of Format for Reporting on
                                                       Status of Mission-Critical Systems Used
                                                       by Major Securities Market Participants

                                                                         Percentage of systems completed by phase of Year 2000 readiness
                                                            -----------------------------------------------------------------------------------------
                                                                                                         Internal       Integrated
                                                             Awareness     Assessment   Remediation      testing         testing      Implementation
                                                            ------------  ------------  ------------  --------------  --------------  ---------------
                         Percentage of     Total number of
Major market              total market    mission-critical    Milestone:    Milestone:    Milestone:      Milestone:      Milestone:       Milestone:
participant             trading volume             systems        (date)        (date)        (date)          (date)          (date)           (date)
------------------  ------------------  ------------------  ------------  ------------  ------------  --------------  --------------  ---------------
Exchanges
Major exchanges                    xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
Other exchanges                    xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
All options                        xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
 exchanges

Clearing organizati
-----------------------------------------------------------------------------------------------------------------------------------------------------
Major clearing                     xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
 organizations
Other clearing                     xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
 organizations
Broker-dealers
Top 10 firms                       xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
Other firms\a                      xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%

Investment companie
-----------------------------------------------------------------------------------------------------------------------------------------------------
Top 10 firms                       xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
Other firms\b                      xx%                 xx%           xx%           xx%           xx%             xx%             xx%              xx%
-----------------------------------------------------------------------------------------------------------------------------------------------------
\a Results from SRO and/or SEC examinations for other firms could be
reported here. 

\b Results from SRO and/or SEC examinations for other firms could be
reported here. 

Source:  GAO. 




(See figure in printed edition.)Appendix II
COMMENTS FROM SEC
=========================================================== Appendix I



(See figure in printed edition.)


MAJOR CONTRIBUTORS TO THIS REPORT
========================================================= Appendix III

GENERAL GOVERNMENT DIVISION

Michael Burnett, Assistant Director
Cody Goebel, Senior Evaluator
Jean-Paul Reveyoso, Senior Evaluator

ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION

John Stephenson, Assistant Director
Gary Mountjoy, Assistant Director
Karen Bell, Senior Auditor

*** End of document. ***