Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts to
Ensure Thrift Systems Are Year 2000 Compliant (Testimony, 03/18/98,
GAO/T-AIMD-98-102).

Pursuant to a congressional request, GAO discussed the progress being
made by the Office of Thrift Supervision (OTS) in ensuring that the more
than 1,200 thrifts it oversees have adequately mitigated the risks
associated with the year 2000 date change.

GAO noted that: (1) the year 2000 problem poses a serious dilemma for
thrifts due to their heavy reliance on information systems; (2)
regulators have a monumental task in making sure that financial
institutions have adequate guidance in preparing for the year 2000 and
in providing a level of assurance that such guidance is being followed;
(3) further, regulators will likely face some tough decisions on the
readiness of individual institutions as the millenium approaches; (4)
GAO found that OTS is taking the problem very seriously and is devoting
considerable effort and resources to ensure the thrifts it oversees
mitigate the year 2000 risks; (5) despite aggressive efforts, OTS still
faces significant challenges in providing a high level of assurance that
individual thrifts will be ready; (6) in fact, the problems GAO found at
OTS are generally the same as those found at the other regulators
reviewed; (7) OTS was late in addressing the problem and consequently,
is behind the year 2000 schedule recommended by both GAO and the Office
of Management and Budget; (8) in addition, key guidance--being developed
under the auspices of the Federal Financial Institutions Examination
Council (FFIEC)--needed by thrifts and other financial institutions to
complete their own preparations is also late which, in turn, could
potentially hurt individual institutions' abilities to address year 2000
issues; (9) OTS needs to better assess whether it has an adequate level
of technical resources to evaluate the industry's year 2000 efforts;
(10) these problems hinder the regulators' ability to develop more
positive assurance that institutions will be ready for the century date
change; (11) consequently, the challenge for them at this point is how
can they use their resources from here to the millenium to ensure that
thrifts, banks, and credit unions mitigate year 2000 risks; (12) OTS has
done much to mitigate the risk to its mission-critical internal systems
and has already renovated, tested, and implemented 13 of its 15
mission-critical systems; (13) however, it has not yet completed
contingency plans necessary to ensure business continuity in case system
renovations or replacements are not completed in time or do not work as
intended; (14) compounding this problem is the fact that OTS has not
developed a comprehensive year 2000 conversion program plan providing a
clear understanding of the interrelationships and dependencies among the
automated systems that support, for example, its supervisory functions,
office equipment, and facilities; and (15) such a plan provides added
assurance that all systems are assessed.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-98-102
     TITLE:  Year 2000 Computing Crisis: Office of Thrift Supervision's 
             Efforts to Ensure Thrift Systems Are Year 2000
             Compliant
      DATE:  03/18/98
   SUBJECT:  Computer software
             Internal controls
             Data integrity
             Systems conversions
             Strategic information systems planning
             Regulatory agencies
             Lending institutions
             Bank examination
             Information resources management
IDENTIFIER:  OTS Year 2000 Problem
             NCUA Year 2000 Strategy
             FDIC Year 2000 Program
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Subcommittee on Financial Services and Technology,
Committee on Banking, Housing, and Urban Affairs, U.S.  Senate

For Release on Delivery
Expected at
10 a.m.
Wednesday,
March 18, 1998

YEAR 2000 COMPUTING CRISIS -
OFFICE OF THRIFT SUPERVISION'S
EFFORTS TO ENSURE THRIFT SYSTEMS
ARE YEAR 2000 COMPLIANT

Statement of Jack L.  Brock, Jr.
Director, Governmentwide and Defense
Information Systems
Accounting and Information Management Division

GAO/T-AIMD-98-102

GAO/AIMD-98-102t


(511111)


Abbreviations
=============================================================== ABBREV

  FDIC -
  FFIEC -
  NCUA -
  OMB -
  OTS -

============================================================ Chapter 0

Mr.  Chairman and Members of the Subcommittee: 

We are pleased to be here to discuss the progress being made by the
Office of Thrift Supervision (OTS) in ensuring that the more than
1,200 thrifts it oversees are ready for the upcoming century date
change.  If Year 2000 issues are not adequately addressed, key
automated thrift systems--affecting hundreds of billions of dollars
in assets, transactions, and insured deposits--are subject to serious
consequences ranging from malfunction to failure.  Such consequences
would at the very least cause significant inconveniences to both
thrifts and their customers.  More significantly, system failure
could lead to thrift closings and serious disruptions to both the
thrift community and customers.  We will also be discussing the
progress OTS is making in addressing Year 2000 concerns for its own
internal systems. 

This testimony is the third in a series of reports you requested on
the status of efforts by federal financial regulatory agencies to
ensure that the institutions they oversee are ready to handle the
Year 2000 computer conversion challenge.\1 We previously reported on
the status of the Federal Deposit Insurance Corporation (FDIC) and
the National Credit Union Administration\2 (NCUA) and plan to report
on the Office of the Comptroller of the Currency and the Federal
Reserve System. 

To prepare for this testimony, we evaluated OTS' efforts to date to
ensure that the thrifts it oversees have adequately mitigated the
risks associated with the Year 2000 date change and compared these
efforts to criteria detailed in our Year 2000 Assessment Guide\3 and
Year 2000 examination guidance and procedures set forth by the
Federal Financial Institutions Examination Council (FFIEC).\4 We
reviewed OTS' Year 2000 procedures and guidance used to perform the
initial industry assessment and the follow-on on-site examinations. 
We reviewed relevant correspondence to its examiners and the
institutions it supervises and interviewed OTS officials responsible
for overseeing the safety and soundness of thrift management
practices and procedures.  We also interviewed officials from
America's Community Bankers, a trade association representing
thrifts, to obtain its views on the adequacy of OTS' efforts and
determine what the industry was doing to ensure Year 2000 readiness. 

In addition, we compared OTS' efforts to prepare its own systems for
the century date change with our assessment guide.  To accomplish
this, we reviewed OTS' project plan, monthly status reports, and
other Year 2000 documentation.  We interviewed officials responsible
for planning and implementing the Year 2000 initiative.  We also
reviewed an October 1997 contractor assessment of OTS' internal
system readiness.  We performed our work at OTS headquarters in
Washington, D.C., and its field offices in Jersey City, New Jersey;
Atlanta, Georgia; and San Francisco, California, from December 1997
through early March 1998 in accordance with generally accepted
government auditing standards. 

In summary, we found that the Year 2000 problem poses a serious
dilemma for thrifts due to their heavy reliance on information
systems.  It also poses a challenge for OTS and the other financial
institution regulators who are responsible for ensuring the Year 2000
readiness of thrifts, banks, and credit unions.  Regulators have a
monumental task in making sure that financial institutions have
adequate guidance in preparing for the Year 2000 and in providing a
level of assurance that such guidance is being followed.  Further,
regulators will likely face some tough decisions on the readiness of
individual institutions as the millennium approaches.  We found that
OTS is taking the problem very seriously and is devoting considerable
effort and resources to ensure the thrifts it oversees mitigate Year
2000 risks.  It has been very emphatic in alerting thrifts to the
Year 2000 problem, conducted a high-level assessment of the
industry's Year 2000 readiness, and is in the process of making more
detailed assessments. 

Despite aggressive efforts, OTS--like the other regulators--still
faces significant challenges in providing a high level of assurance
that individual thrifts will be ready.  In fact, the problems we
found at OTS are generally the same as those found at the other
regulators we reviewed.  First, OTS was late in addressing the
problem and, consequently, is behind the Year 2000 schedule
recommended by both GAO and the Office of Management and Budget
(OMB).  In addition, key guidance--being developed under the auspices
of FFIEC--needed by thrifts and other financial institutions to
complete their own preparations is also late, which in turn could
potentially hurt individual institutions' abilities to address Year
2000 issues.  Finally, OTS needs to better assess whether it has an
adequate level of technical resources (staff) to evaluate the
industry's Year 2000 efforts.  These problems hinder the regulators'
ability to develop more positive assurance that institutions will be
ready for the century date change.  However, the regulators cannot
turn the clock back and start again.  Consequently, the challenge for
them at this point is how can they use their resources from here to
the millennium to ensure that thrifts, banks, and credit unions
mitigate Year 2000 risks. 

OTS has done much to mitigate the risk to its mission-critical
internal systems.  In fact, it has already renovated, tested, and
implemented 13 of its 15 mission-critical systems.  However, it has
not yet completed contingency plans--which should have been completed
by mid-1997 as part of the assessment phase--necessary to ensure
business continuity in case system renovations or replacements are
not completed in time or do not work as intended.  Such plans are
expected within the next 3 months.  Compounding this problem is the
fact that OTS has not developed a comprehensive Year 2000 conversion
program plan providing a clear understanding of the
interrelationships and dependencies among the automated systems that
support, for example, its supervisory functions, office equipment,
and facilities.  Such a plan provides added assurance that all
systems and interrelationships are assessed and corrected, mitigating
the risk that systems will not operate as intended in the year 2000
and beyond. 

We are making recommendations to strengthen both the OTS examination
process and its internal mitigation processes.  Further, we are
making recommendations designed to sharpen OTS' strategy for focusing
its limited resources over the limited time remaining. 


--------------------
\1 The Year 2000 problem is rooted in the way dates are recorded and
computed in automated information systems.  For the past several
decades, systems have typically used two digits to represent the
year, such as "97" representing 1997, in order to conserve on
electronic data storage and reduce operating costs.  With this
two-digit format, however, the year 2000 is indistinguishable from
1900, or 2001 from 1901, etc.  As a result of this ambiguity, system
or application programs that use dates to perform calculations,
comparisons, or sorting may generate incorrect results or, worse, not
function at all. 

\2 Year 2000 Computing Crisis:  National Credit Union
Administration's Efforts to Ensure Credit Union Systems Are Year 2000
Compliant (GAO/T-AIMD-98-20, October 22, 1997), Year 2000 Computing
Crisis:  Actions Needed to Address Credit Union Systems' Year 2000
Problem (GAO/AIMD-98-48, January 7, 1998), and Year 2000 Computing
Crisis:  Federal Deposit Insurance Corporation's Efforts to Ensure
Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98-73, February 10,
1998). 

\3 Year 2000 Computing Crisis:  An Assessment Guide
(GAO/AIMD-10.1.14, September 1997).  Published as an exposure draft
in February 1997 and finalized in September 1997, the guide was
issued to help federal agencies prepare for the Year 2000 conversion. 
It advocates a structured approach to planning and managing an
effective Year 2000 program through five phases:  (1) raising
awareness of the problem, (2) assessing the extent and severity of
the problem and identifying and prioritizing remediation efforts, (3)
renovating, or correcting, systems, (4) validating, or testing,
corrections, and (5) implementing corrected systems.  The guide also
stipulates that interfaces with outside organizations be identified
and agreements with these organizations executed for exchanging Year
2000-related data.  Contingency plans must be prepared during the
assessment phase to ensure that agencies can continue to perform even
if critical systems have not been corrected.  GAO and the Office of
Management and Budget established a schedule for completing each of
the five phases, including requiring agencies to complete assessment
phase activities last summer and the renovation phase by mid- to
late-1998. 

\4 FFIEC was established in 1979 as a formal interagency body
empowered to prescribe uniform principles, standards, and report
forms for the federal examination of financial institutions, and to
make recommendations to promote uniformity in the supervision of
these institutions.  The Council's membership is composed of the
federal bank regulators--FDIC, the Federal Reserve System, and the
Comptroller of the Currency--plus the regulators for credit unions
and thrift institutions--the National Credit Union Administration and
the Office of Thrift Supervision, respectively. 


   THE YEAR 2000 POSES A SERIOUS
   PROBLEM FOR THRIFTS
---------------------------------------------------------- Chapter 0:1

Located organizationally within the Department of the Treasury, the
Office of Thrift Supervision through its five regional offices
supervises 1,210 federal and state chartered savings
institutions--commonly called thrifts--to maintain the safety,
soundness, and viability of the industry.  Thrifts primarily
emphasize residential mortgage lending and are an important source of
housing credit.  Most of these institutions have assets of under $500
million and are locally owned and managed.  Together, they are
responsible for about $770 billion in assets.  As part of its goal of
maintaining safety and soundness, OTS is responsible for examining
and monitoring thrifts' efforts to adequately mitigate the risks
associated with the century date change.  To ensure consistent and
uniform supervision on Year 2000 issues, OTS and the other regulators
coordinate their supervisory efforts through FFIEC.  For example, the
regulators jointly prepared and issued an August 1996 FFIEC letter to
banks, thrifts, and credit unions informing them of the Year 2000
problem and its potential adverse impacts.  Together, they also
developed and issued in May 1997 an FFIEC examination program and
guidance on how to use it.  More recently, the regulators established
an FFIEC working group to develop guidance on mitigating the risks
associated with using contractors that provide automated systems
services and software to thrifts. 

According to OTS, virtually every insured financial institution
relies on computers--either their own or those of a third-party
contractor--to process and update records and to perform a variety of
other functions.  Because computers are essential to their survival,
OTS believes that all its institutions are vulnerable to the problems
associated with the year 2000.  Failure to address Year 2000 computer
issues could lead, for example, to errors in calculating interest and
amortization schedules.  Moreover, automated teller machines may
malfunction, performing erroneous transactions or refusing to process
transactions.  In addition, errors caused by Year 2000
miscalculations may expose institutions and data centers to financial
liability and loss of customer confidence.  Other supporting systems
critical to the day-to-day business of thrifts may be affected as
well.  For example, telephone systems, vaults, and security and alarm
systems could malfunction. 

In addressing the Year 2000 problem, thrifts must also consider the
computer systems that interface with, or connect to, their own
systems.  These systems may belong to payment system partners, such
as wire transfer systems, automated clearinghouses, check clearing
providers, credit card merchant and issuing systems, automated teller
machine networks, electronic data interchange systems, and electronic
benefits transfer systems.  Because these systems are also vulnerable
to the Year 2000 problem, they can introduce errors into thrift
systems. 

In addition to these computer system risks, thrifts also face
business risks from the year 2000, that is, exposure from its
corporate borrower's inability to manage their own Year 2000
compliance efforts successfully.  Consequently, in addition to
correcting their computer systems, thrifts have to periodically
assess the Year 2000 efforts of large corporate customers to
determine whether they are sufficient to avoid significant
disruptions to operations.  OTS and the other regulators established
an FFIEC working group to develop guidance on assessing the risk
corporate borrowers pose to thrifts. 


   OTS HAS DEVELOPED A STRATEGY
   AND HAS INITIATED ACTION TO
   ADDRESS THE YEAR 2000 PROBLEM
---------------------------------------------------------- Chapter 0:2

OTS has taken a number of actions to raise the awareness of the Year
2000 issue among thrifts and to assess the Year 2000 impact on the
industry.  To raise awareness, OTS formally alerted thrifts in August
1996 to the potential dangers of the Year 2000 problem by issuing an
awareness letter to thrift chief executive officers.  The letter,
which included a statement from the interagency Federal Financial
Institutions Examination Council, described the Year 2000 problem and
highlighted concerns about the industry's Year 2000 readiness.  It
also called on thrifts to perform a risk assessments of how systems
are affected and develop a detailed action plans to fix them. 

In May 1997, OTS, along with the other regulators, issued a more
detailed awareness letter that

  -- described the five-phase approach to planning and managing an
     effective Year 2000 program;

  -- highlighted external issues requiring management attention, such
     as reliance on vendors, risks posed by exchanging data with
     external parties, and the potential effect of Year 2000
     noncompliance on corporate borrowers;

  -- discussed operational issues that should be considered in Year
     2000 planning, such as whether to replace or repair systems;

  -- related its plans to facilitate Year 2000 evaluations by using
     uniform examination guidance and procedures; and

  -- directed thrifts to (1) inventory core computer functions and
     set priorities for Year 2000 goals by September 30, 1997, and
     (2) to complete programming changes and to have testing of
     mission-critical systems underway by December 31, 1998. 

As of November 30, 1997, OTS had completed its initial assessment of
all thrifts for which it has supervisory responsibility.  In
conducting this assessment, OTS performed off-site examinations of
the thrifts that addressed whether (1) their systems were ready to
handle Year 2000 processing, (2) they had established a structured
process for correcting Year 2000 problems, (3) they prioritized
systems for correction, (4) they had determined the Year 2000 impact
on other internal systems' important to day-to-day operations, such
as vaults, security and alarm systems, elevators, and telephones, (5)
they had estimated Year 2000 project costs and targeted sufficient
resources, (6) their milestones for renovating and testing
mission-critical systems were consistent with those recommended by
FFIEC, and (7) they had been closely tracking the progress of service
bureau and vendor Year 2000 remediation efforts.  Thrifts were also
asked to submit Year 2000 assessment reports, action plans, and their
most recent progress reports. 

According to OTS, this assessment showed that the thrift industry was
generally aware of and addressing the potential impact of Year 2000. 
For example, 94 percent of thrifts had assigned Year 2000 oversight
duties or a senior officer or committee and 90 percent were then
developing a Year 2000 action plan.  However, OTS did find that about
170 thrifts were designated at high risk due to poor performance in
conducting awareness and assessment phase activities. 

OTS is following up on this initial assessment with on-site exams to
all thrifts to be completed by the end of June 1998.  To help thrifts
prepare for these visits, OTS developed a detailed Year 2000
checklist.  It is a self-assessment tool addressing the five phases
of the Year 2000 correction process and about 10 other areas,
including reliance on vendors and borrowers' credit risk that informs
thrifts of key activities to be performed and allows them to quantify
their progress.  OTS also issued additional examination guidance and
procedures to supplement those of the FFIEC.  This supplemental
guidance, if implemented correctly, will address the FFIEC
examination procedure shortcomings (i.e., lack of detailed questions,
vague terminology) reported in our previous testimony. 

To ensure OTS completes the on-site visits by June 1998, each
regional office has been given the authority to establish its own
plans for assessing institutions.  OTS' national Year 2000
coordinator is currently reviewing regional plans to assess their
reasonableness.  To make sure regions stay on track, the coordinator
is monitoring regional progress in completing the on-site reviews on
a biweekly basis and, starting in April, on a weekly basis.  More
recently, on March 13, 1998, OTS issued a memorandum to the regional
offices that, among other things, reiterated its supervisory goal of
ensuring that the thrift industry becomes Year 2000 compliant and
provided guidance on exam followup for thrifts assigned a Year 2000
rating less than satisfactory. 

OTS has also been participating with other regulators to conduct
on-site Year 2000 assessments of major data processing servicers and
software vendors.  These servicers and vendors provide support and
products to a majority of financial institutions.  OTS and the other
regulators expect to complete their first round of servicer and
vendor assessments in April 1998.  OTS is providing the results of
the servicer assessments to OTS-supervised thrifts that use these
services.  Together with the results of on-site assessments conducted
at thrifts, OTS expects to have a better idea of where the industry
stands, which thrifts need close attention, and thus where to focus
its supervisory efforts. 


   OTS EFFORTS TO ENSURE THRIFT
   YEAR 2000 READINESS ARE
   HAMPERED BY SIMILAR PROBLEMS
   IDENTIFIED AT OTHER REGULATORS
---------------------------------------------------------- Chapter 0:3

As noted in our summary, OTS must successfully address a number of
issues to provide adequate assurance that the thrift industry will
meet the Year 2000 challenge.  Also noted, these issues for the most
part are similar to those we found at FDIC and NCUA. 

First, like the other regulators, OTS is behind in assessing
individual institution's readiness.  As with NCUA and FDIC, OTS got
off to a late start assessing the readiness of the institutions it
oversees and, consequently, was late in completing assessment phase
activities.  For example, it did not complete its initial assessment
of all thrifts until November 1997.  According to OMB guidance and
our Assessment Guide, these activities should have been completed by
the summer of 1997.  Because OTS is behind the recommended timelines,
the time available for assessing institutions' progress during
renovation, validation, and implementation phases and for taking
needed corrective actions is compressed. 

Second, OTS and the other regulators are still developing key
guidance to help institutions complete their Year 2000 efforts.  In
their May 1997 letter to thrifts, banks, and credit unions, the
financial regulators recommended that institutions begin (1)
developing contingency plans to mitigate the risk that Year
2000-related problems will disrupt operations and (2) ensuring that
their data processing services, software vendors, and large corporate
customers are making adequate Year 2000 progress. 

In recommending these measures, the regulators noted that they have
found that some financial institutions were heavily relying on their
service providers to solve their Year 2000 problems.  They outlined
an approach for dealing with vendors that included (1) evaluating and
monitoring vendor plans and milestones, (2) determining whether
contract terms can be revised to include Year 2000 covenants, and (3)
ensuring that vendors have the capacity to complete the projects and
are willing to certify Year 2000 compliance.  The regulators also
noted that all institutions--even those who have Year 2000-compliant
systems--could still be at risk if they have significant business
relations with corporate customers who, in turn, have not adequately
considered Year 2000 issues.  If these customers default or are late
in repaying loans, then banks and thrifts could experience financial
harm.  The regulators recommended that institutions begin developing
processes to periodically assess large corporate customer Year 2000
efforts and to consider writing Year 2000 compliance into their loan
documentation. 

The regulators agreed to provide guidance on contingency planning and
dealing with vendors and borrowers.  The guidance on vendors and
borrowers is expected to be issued in mid-March 1998 and the
contingency planning guidance by the end of April 1998.  As noted in
our last testimony, these time lags in providing guidance increase
the risk that thrifts have taken little or no action on contingency
planning and dealing with vendors and corporate borrowers in
anticipation of pending regulator guidance.  Moreover, in the absence
of guidance, thrifts may have initiated action that does not
effectively mitigate risk of Year 2000 failures. 

Third, although OTS has been working hard to assess industrywide
compliance, it has yet to determine the level of technical resources
needed to adequately evaluate the Year 2000 conversion efforts of the
thrifts and vendors who service them.  Instead, OTS is using its
existing resources to perform the evaluations.  Specifically, OTS is
using its 24 information systems examiners to (1) evaluate the
progress of the roughly 250 institutions with in-house or complex
systems, (2) work with systems examiners from the other regulators to
assess the progress of about 260 computer centers of data processing
vendors that service thrifts, and (3) assist 84 OTS safety and
soundness examiners with their evaluations of the remaining 1,000
institutions that rely heavily or entirely on vendors.  As
institutions and vendors progress in their Year 2000 efforts, we are
concerned that the evaluations of the examiners will increase in
length and technical complexity, and put a strain on an already small
pool of technical resources.  Without sufficient resources, OTS could
be forced to slip its schedule for completing the current on-site
exams or, worse, reduce the scope of its evaluations in order to meet
its deadline.  In the first case, institutions would be left with
less time to remediate any deficiencies.  In the second, OTS might
overlook issues that could lead to failures.  In either case, the
risk of noncompliance by thrifts and service bureaus--and the
government's exposure to losses--is significantly increased. 

OTS officials told us they are in the process of adding four
additional systems examiners.  They also believe that it is effective
to use its safety and soundness examiners to perform Year 2000
assessments at the thrifts not visited by the system examiners. 
Finally, these officials expressed concern that even if they could
hire more technical examiners, it is very hard to find and hire staff
with these skills.  However, without the requisite analysis, OTS
cannot know whether adding four additional examiners will meet it
needs.  In addition, by using safety and soundness examiners, OTS
runs the risk of having examiners make incorrect judgments about the
readiness of thrifts.  This risk will only increase as we get closer
to the millennium because the latter phases of
correction--renovation, testing, and implementation--take a higher
level of technical knowledge to asses whether these steps are
performed correctly. 


      CHALLENGE FOR REGULATORS IS
      HOW TO EFFECTIVELY USE THEIR
      RESOURCES DURING THE TIME
      REMAINING
-------------------------------------------------------- Chapter 0:3.1

Looking forward, the challenge for OTS--and the other regulators--is
to make the best use of limited resources in the time remaining.  The
challenge is immense:  thousands of financial institutions, numerous
service providers and vendors, and a finite number of examiners and
time to address the problem.  By mid-1998, however, OTS and the other
regulators should have available a good picture of how their industry
stands.  The on-site examinations will be complete as will the
assessment of vendors and service providers. 

This information should provide good definition as to the size and
magnitude of the problem.  That is, how many institutions are at high
risk of not being ready for the millennium and require immediate
attention and which service providers are likely to be problematic. 
Further, by carefully analyzing available data, OTS should be able to
identify common problems or issues that are generic to thrifts that
are of similar size, use specific service providers, etc.  This in
turn will allow regulators to be able to develop a much better
understanding of which areas require attention and where to focus
limited resources.  In short, regulators have an opportunity to
regroup, develop specific strategies, and have a more defined sense
of where the risks lie and the actions required to mitigate those
risks. 


   CONCERNS WITH OTS' EFFORTS TO
   CORRECT ITS INTERNAL SYSTEMS
---------------------------------------------------------- Chapter 0:4

OTS internal systems are critical to the day-to-day operation of the
agency.  For example, they facilitate the collection of thrift
assessments, monitor the financial condition of thrifts, provide the
Congress and the public with information on thrift mortgage activity,
schedule and track examinations, and calculate OTS employee payroll
benefits.  As with the other regulators, the effects of Year 2000
failure on OTS could range from annoying to catastrophic.  OTS system
failures could, for example, result in inaccurate or uncollected
assessments, inaccurate or unpaid accounts payable, and miscalculated
payroll and benefits.  Because of the systems' importance, Treasury
hired a contractor to assess OTS' internal Year 2000 efforts, and the
contractor reported its results in October 1997. 

The contractor reported that OTS had made good progress in completing
its assessment phase activities and was well underway in performing
renovation and testing for selected systems.  We also found that OTS
was making substantial progress in remediating its systems.  For
example, 13 of OTS' 15 mission-critical systems have already been
renovated, tested, and implemented.  The remaining two--the Home
Mortgage Disclosure Act system and the Interest Rate Risk system--are
expected to be completed by the end of this year.  OTS has also
inventoried and assessed the nonmission-critical systems that were
developed and maintained outside the Information Resources Management
office at OTS' headquarters.  In addition, it has assessed other
electronic equipment important to day-to-day operations, such as
telecommunications equipment, office equipment, security systems, and
personal computers and made plans to modify or replace the equipment
it identified as being noncompliant. 

Despite OTS' good efforts to convert its internal systems, the
contractor (1) found that OTS had not prepared contingency plans as
part of its assessment phase activities and (2) recommended that it
develop such plans.  As of the time of our work, OTS had not yet
implemented this recommendation.  It was still developing these plans
to ensure continuity of operations in the event its remediated
systems fail or the two systems being renovated are not fixed in
time.  Our Assessment Guide calls on agencies to initiate contingency
plans during the assessment phase so that they have enough time to
(1) identify the manual or other fallback procedures, (2) define the
specific conditions that will cause the activation of these
procedures, and (3) test the procedures.  The agency expects to
complete these plans by the middle of 1998. 

Our final concern is that even though OTS has corrected the majority
of its mission-critical systems and is making good progress toward
remediating other systems and equipment, it does not have a
comprehensive Year 2000 program plan.  To its credit, the agency has
prepared plans for correcting its systems and has been reporting its
progress to Treasury on a monthly basis.  However, OTS did not
develop a single plan providing a clear understanding of the
interrelationships and dependencies among the automated systems that
support its business operations, such as thrift supervision, office
equipment, payroll, and facilities.  Instead, OTS officials told us
they prepared separate plans for (1) systems operated and maintained
by the Information Resources Management office, (2) systems operated
and maintained by other offices and regions, and (3) office equipment
and facilities.  Without an integrated plan, OTS cannot provide
assurance that all systems and interrelationships had been assessed
and corrected.  This increases the risk that systems will not operate
as intended in the year 2000 and beyond. 


-------------------------------------------------------- Chapter 0:4.1

In conclusion, Mr.  Chairman, we believe that OTS has a good
appreciation for the Year 2000 problem and has made significant
progress, especially with regard to its effort in correcting its own
systems.  However, OTS and the other regulators are facing a finite
deadline that offers no flexibility.  OTS needs to take several
actions to improve its ability to enhance the ability of thrifts to
meet the century deadline with minimal problems and to enhance the
agency's ability to monitor the industry's efforts and to take
appropriate and swift measures against thrifts that are neglecting
their Year 2000 responsibilities.  We, therefore, recommend that OTS

  -- work with the other FFIEC members to complete their guidance to
     institutions on mitigating the risks associated with corporate
     customers and reliance on vendors.  Further, OTS should work
     with the other FFIEC members to complete the contingency
     planning guidance by its April 1998 deadline. 

Additionally, a combination of factors--including starting the thrift
assessment process late and issuing more specific guidance to thrifts
at a relatively late date--are hindering OTS' and the other
regulators' ability to develop more positive assurance that their
institutions will be ready for the year 2000.  Accordingly, we
recommend that OTS work with the other FFIEC members to

  -- develop, in an expeditious manner, more explicit instructions to
     thrifts for carrying out the latter stages of the Year 2000
     process--renovation, validation, and implementation--which are
     the critical steps to ensuring Year 2000 compliance. 

Because OTS and the other regulators will have more complete
information on the status of institutions, servicers, and vendors by
mid-1998, we recommend that OTS work with the other FFIEC members to

  -- develop a tactical plan that details the results of its
     assessments and provides a more explicit road map of the actions
     it intends to take based on those results.  This should include
     an assessment of the adequacy of OTS' technical resources to
     evaluate the Year 2000 efforts of the thrifts and the servicers
     and vendors that service them. 

Finally, with regard to OTS' internal systems, we recommend that the
Director instruct the agency to develop (1) contingency plans for
each of OTS' mission-critical systems and core business processes and
(2) a comprehensive Year 2000 program plan. 

Mr.  Chairman, that concludes my statement.  We welcome any questions
that you or Members of the Subcommittee may have. 


*** End of document. ***