Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (Testimony,
03/24/98, GAO/T-AIMD-98-116).

GAO discussed the progress of the federal regulatory agencies in
ensuring that the thousands of financial institutions they oversee are
ready for the upcoming century date change.

GAO noted that: (1) because financial institutions are heavily dependent
on information technology, their viability hinges on whether they can
successfully remediate systems before the Year 2000 deadline; (2) given
this possibility, regulators must take every measure possible to assist
banks, thrifts, and credit unions in their Year 2000 efforts as well as
to identify and take swift enforcement measures against those in danger
of failing; (3) regulators have recognized this responsibility and have
begun an intense effort to raise awareness of the problem, develop
guidance to facilitate remediation efforts, and determine where
individual institutions stand in correcting their systems; (4) in doing
so, regulators have initially identified several hundred institutions at
high risk of missing the deadline due to their poor performance in
conducting awareness and assessment phase activities; (5) despite
aggressive efforts, the regulators still face significant challenges in
providing a high level of assurance that individual institutions will be
ready; (6) they were late in addressing the problem and consequently,
are behind in the Year 2000 schedule recommended by both GAO and the
Office of Management and Budget; (7) they are also late in developing
key guidance on contingency planning and dealing with servicers,
vendors, and corporate customers; (8) this guidance is needed by
financial institutions to complete their own preparations; (9) in
addition, their follow-on assessments to be completed by June 1998 were
not in all cases, designed to collect the data required to be defective
about the status of individual institutions; (10) furthermore, it is
questionable whether all regulators have an adequate level of technical
staff to completely evaluate industry readiness; (11) with regard to
their own systems, the regulators have generally done much to mitigate
the risk to their mission critical systems; and (12) in some areas such
as contingency planning, the regulators can do more to provide added
assurance that they will be ready for the century date change and any
unexpected problems.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-98-116
     TITLE:  Year 2000 Computing Crisis: Federal Regulatory Efforts to 
             Ensure Financial Institution Systems Are Year 2000
             Compliant
      DATE:  03/24/98
   SUBJECT:  Systems conversions
             Regulatory agencies
             Financial institutions
             Banking regulation
             Information systems
             Financial management systems
             Strategic information systems planning
             Systems compatibility
             Bank management
IDENTIFIER:  FFIEC Year 2000 Program
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Committee on Banking and Financial Services,
House of Representatives

For Release on Delivery
Expected at
2 p.m.
Tuesday,
March 24, 1998

YEAR 2000 COMPUTING CRISIS -
FEDERAL REGULATORY EFFORTS TO
ENSURE FINANCIAL INSTITUTION
SYSTEMS ARE YEAR 2000 COMPLIANT

Statement of Jack L.  Brock, Jr.
Director, Governmentwide and Defense Information Systems
Accounting and Information Management Division

GAO/T-AIMD-98-116

GAO/AIMD-98-116T


(511119)


Abbreviations
=============================================================== ABBREV

  FDIC - x
  FFIEC - x
  NCUA - x
  OCC - x
  OMB - x
  OTS - x

============================================================ Chapter 0

Mr.  Chairman and Members of the Committee: 

We are pleased to be here to discuss the progress of the federal
regulatory agencies in ensuring that the thousands of financial
institutions they oversee are ready for the upcoming century date
change.  These financial institutions--banks, thrifts, and credit
unions--are at the center of our payment systems and credit flows. 
They also hold trillions of dollars of assets and deposits.  To
conduct business, these institutions rely heavily on computer systems
for virtually every aspect of their operations.  If they do not
address the Year 2000 problem\1 in time, key systems--which assist
these institutions in making loans, investing deposits, transferring
funds, issuing credit cards, and handling routine business functions
such as accounting and personnel management--can malfunction.  At the
very least, this could cause significant inconveniences to banks,
thrifts, and credit unions and their customers.  More significantly,
system failures could lead to closings and serious disruptions. 

This testimony is the latest in a series of reports we have conducted
on the status of efforts by the five federal financial institution
regulatory agencies to ensure that (1) the entities they oversee are
ready to handle the Year 2000 computer conversion challenge and (2)
internal regulator systems are made compliant by the millennium.  We
previously reported on the status of the Office of Thrift Supervision
(OTS), the Federal Deposit Insurance Corporation (FDIC), and the
National Credit Union Administration\2 (NCUA) and plan to report in
the coming months on the Office of the Comptroller of the Currency
and the Federal Reserve System.  As you requested, today I will
summarize our findings from our OTS, FDIC, and NCUA reports--focusing
largely on their oversight responsibilities.  I will also discuss the
challenges ahead for all five regulators as they enter the more
complex and difficult stages of their Year 2000 efforts. 

To prepare for this testimony, we evaluated regulator efforts to date
to ensure that the institutions they oversee have adequately
mitigated the risks associated with the Year 2000 date change and
compared these efforts to criteria detailed in our Year 2000
Assessment Guide\3 and Year 2000 examination guidance and procedures
set forth by the Federal Financial Institutions Examination Council
(FFIEC).\4 We reviewed procedures and guidance developed by the
regulators to perform their initial industry assessment and the
follow-on on-site examinations.  We reviewed relevant correspondence
from the regulators to their examiners and the institutions they
supervise and interviewed officials responsible for overseeing the
safety and soundness of financial institution management practices
and procedures.  We also interviewed officials from various trade
associations representing banks, thrifts, and credit unions to obtain
their views on the adequacy of regulatory efforts and determine what
the bank, thrift, and credit union communities were doing to ensure
Year 2000 readiness. 

In summary, we found that because financial institutions are heavily
dependent on information technology, their viability hinges on
whether they can successfully remediate systems before the Year 2000
deadline.  Given this possibility, regulators must take every measure
possible to assist banks, thrifts, and credit unions in their Year
2000 efforts as well as to identify and take swift enforcement
measures against those in danger of failing.  Regulators have
recognized this responsibility and have begun an intense effort to
raise awareness of the problem, develop guidance to facilitate
remediation efforts, and determine where individual institutions
stand in correcting their systems.  In doing so, regulators have
initially identified several hundred institutions at high risk of
missing the deadline due to their poor performance in conducting
awareness and assessment phase activities. 

Despite aggressive efforts, the regulators still face significant
challenges in providing a high level of assurance that individual
institutions will be ready.  First, they were late in addressing the
problem and, consequently, are behind the Year 2000 schedule
recommended by both GAO and the Office of Management and Budget
(OMB).  They are also late in developing key guidance on contingency
planning and dealing with servicers, vendors, and corporate customers
(e.g., borrowers).  This guidance is needed by financial institutions
to complete their own preparations.  In addition, their follow-on
assessments to be completed by June 1998 were not in all cases
designed to collect the complete data required to be definitive about
the status of individual institutions.  Furthermore, it is
questionable whether all regulators have an adequate level of
technical staff to completely evaluate industry readiness.  Despite
these problems, the regulators cannot turn back the clock and start
again.  Consequently, it will be important for regulators to address
these problems quickly and confront their next challenge which is how
they can best use their resources from here to the millennium to
ensure that banks, thrifts, and credit unions mitigate Year 2000
risks. 

With regard to their own systems, the regulators have generally done
much to mitigate the risk to their mission-critical systems.  In some
areas, such as contingency planning, the regulators can do more to
provide added assurance that they will be ready for the century date
change and any unexpected problems. 

Accordingly, we have made recommendations to strengthen both Year
2000 examination processes and internal system mitigation efforts. 
We have also made recommendations to sharpen the regulators' strategy
for focusing limited resources over the limited time remaining. 


--------------------
\1 The Year 2000 problem is rooted in the way dates are recorded and
computed in automated information systems.  For the past several
decades, systems have typically used two digits to represent the
year, such as "97" representing 1997, in order to conserve on
electronic data storage and reduce operating costs.  With this
two-digit format, however, the year 2000 is indistinguishable from
1900, or 2001 from 1901, etc.  As a result of this ambiguity, system
or application programs that use dates to perform calculations,
comparisons, or sorting may generate incorrect results or, worse, not
function at all. 

\2 Year 2000 Computing Crisis:  National Credit Union
Administration's Efforts to Ensure Credit Union Systems Are Year 2000
Compliant (GAO/T-AIMD-98-20, October 22, 1997), Year 2000 Computing
Crisis:  Actions Needed to Address Credit Union Systems' Year 2000
Problem (GAO/AIMD-98-48, January 7, 1998), Year 2000 Computing
Crisis:  Federal Deposit Insurance Corporation's Efforts to Ensure
Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98-73, February 10,
1998), Year 2000 Computing Crisis:  Office of Thrift Supervision's
Efforts to Ensure Thrift Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-102, March 18, 1998), and FDIC's Year 2000
Preparedness (GAO/AIMD-98-108R, March 18, 1998). 

\3 Year 2000 Computing Crisis:  An Assessment Guide
(GAO/AIMD-10.1.14, September 1997).  Published as an exposure draft
in February 1997 and finalized in September 1997, the guide was
issued to help federal agencies prepare for the Year 2000 conversion. 
It advocates a structured approach to planning and managing an
effective Year 2000 program through five phases:  (1) raising
awareness of the problem, (2) assessing the extent and severity of
the problem and identifying and prioritizing remediation efforts, (3)
renovating, or correcting, systems, (4) validating, or testing,
corrections, and (5) implementing corrected systems.  The guide also
stipulates that interfaces with outside organizations be identified
and agreements with these organizations executed for exchanging Year
2000-related data.  Contingency plans must be prepared during the
assessment phase to ensure that agencies can continue to perform even
if critical systems have not been corrected.  GAO and the Office of
Management and Budget established a schedule for completing each of
the five phases, including requiring agencies to complete assessment
phase activities by last summer and the renovation phase by mid- to
late-1998. 

\4 FFIEC was established in 1979 as a formal interagency body
empowered to prescribe uniform principles, standards, and report
forms for the federal examination of financial institutions, and to
make recommendations to promote uniformity in the supervision of
these institutions.  The Council's membership is composed of the
federal bank regulators--FDIC, the Federal Reserve System, and the
Comptroller of the Currency--plus the regulators for credit unions
and thrift institutions--the National Credit Union Administration and
the Office of Thrift Supervision, respectively. 


   BACKGROUND
---------------------------------------------------------- Chapter 0:1

The federal financial regulators are responsible for examining and
monitoring the safety and soundness of approximately 22,000 financial
institutions, which, together, manage more than $6 trillion in assets
and hold over $3 trillion in deposits.  Specifically,

  -- The Federal Reserve System supervises about 992 state-chartered,
     member banks and bank holding companies, which are responsible
     for $1.2 trillion in assets. 

  -- The Office of the Comptroller of the Currency (OCC) supervises
     approximately 2,600 federally-chartered, national banks, which
     comprise about $2.9 trillion in assets--about 58 percent of the
     total $5 trillion assets of the FDIC-insured commercial banks. 
     OCC also supervises federal branches and agencies of foreign
     banks. 

  -- FDIC supervises about 6,200 state-chartered, nonmember banks,
     which are responsible for $1 trillion in assets.  It is also the
     deposit insurer of approximately 11,000 banks and savings
     institutions that have insured deposits totaling upwards of $2.7
     trillion. 

  -- OTS oversees about 1,200 savings and loan associations
     (thrifts), which primarily emphasize residential mortgage
     lending and are an important source of housing credit.  These
     institutions hold approximately $770 billion in assets. 

  -- NCUA supervises and insures more than 11,000 federally- and
     state-chartered credit unions whose assets total about $345
     billion.  Credit unions are nonprofit financial cooperatives
     organized to provide their members with low-cost financial
     services. 

As part of their goal of maintaining safety and soundness, these
regulators are responsible for assessing whether the institutions
they supervise are adequately mitigating the risks associated with
the century date change.  To ensure consistent and uniform
supervision on Year 2000 issues, the five regulators are coordinating
their supervisory efforts through FFIEC.  For example, they jointly
prepared and issued Year 2000-related guidance and letters to banks,
thrifts, and credit unions.  They also worked together to develop and
issue, in May 1997, Year 2000 examination procedures and guidance for
all examiners to use in performing their work at the institutions. 
Additionally, the regulators--under the auspices of FFIEC--are
jointly examining the major data service providers and software
vendors that support the financial institutions. 


   THE YEAR 2000 POSES A SERIOUS
   PROBLEM FOR FINANCIAL
   INSTITUTIONS
---------------------------------------------------------- Chapter 0:2

According to the regulators, virtually every insured financial
institution relies on computers--either their own or those of a
third-party contractor--to provide for processing and updating of
records and a variety of other functions.  Because computers are
essential to their survival, the regulators believe that all
institutions are vulnerable to the problems associated with the year
2000.  Failure to address Year 2000 computer issues could lead, for
example, to errors in calculating interest and amortization
schedules.  Moreover, automated teller machines may malfunction,
performing erroneous transactions or refusing to process
transactions.  In addition, errors caused by Year 2000
miscalculations may expose institutions and data centers to financial
liability and loss of customer confidence.  Other supporting systems
critical to the day-to-day business of financial institutions may be
affected as well.  For example, telephone systems, vaults, and
security and alarm systems could malfunction. 

In addressing the Year 2000 problem, financial institutions must also
consider the computer systems that interface with, or connect to,
their own systems.  These systems may belong to payment system
partners, such as wire transfer systems, automated clearinghouses,
check clearing providers, credit card merchant and issuing systems,
automated teller machine networks, electronic data interchange
systems, and electronic benefits transfer systems.  Because these
systems are also vulnerable to the Year 2000 problem, they can
introduce errors into bank, thrift, and credit union systems. 

In addition to these computer system risks, many financial
institutions also face business risks from the Year 2000:  exposure
from their corporate customers' inability to manage their own Year
2000 compliance efforts successfully.  Consequently, in addition to
correcting their computer systems, these institutions have to
periodically assess the Year 2000 efforts of large corporate
customers to determine whether they are sufficient to avoid
significant disruptions to operations.  FFIEC established a working
group to develop guidance on assessing the risk corporate customers
pose to financial institutions and the group issued guidance on March
17, 1998. 


   REGULATORS ARE TAKING STEPS TO
   ENSURE INSTITUTION YEAR 2000
   READINESS
---------------------------------------------------------- Chapter 0:3

The Year 2000 efforts of the five regulators began in June 1996,
when, through FFIEC, they formally alerted banks, thrifts, and credit
unions to the potential dangers of the Year 2000 problem by issuing
an awareness letter to chief executive officers.  This letter
described the Year 2000 problem and highlighted concerns about the
industry's Year 2000 readiness.  It also called on institutions to
perform a risk assessment of how systems are affected and develop a
detailed action plan to fix them. 

In May 1997, the regulators issued a second, more detailed awareness
letter that described the five-phase approach to planning and
managing an effective Year 2000 program and highlighted external
issues requiring management attention, such as reliance on vendors,
risks posed by exchanging data with external parties, and the
potential effect of Year 2000 noncompliance on corporate borrowers. 
The letter also related regulatory plans to facilitate Year 2000
evaluations by using uniform examination procedures.  It directed
institutions to inventory their core computer functions and set
priorities for Year 2000 goals by September 30, 1997.  It also
directed them to complete programming changes and to have testing of
mission-critical systems underway by December 31, 1998. 

As regulators alerted institutions to the Year 2000 problem, they
began assessing whether banks, thrifts, and credit unions had
established a structured process for correcting the problem;
estimated the costs of remediation; prioritized systems for
correction; and determined the Year 2000 impact on other internal
systems important to day-to-day operations, such as vaults, security
and alarm systems, elevators, and telephones.  This initial
assessment was completed during November and December 1997.  Among
other things, it revealed that most institutions were aware of Year
2000 and taking actions to correct their systems.  However, the three
regulators we reviewed reported--based on the initial
assessment--that in total, over 5,000 institutions were not
adequately addressing the problem.  For example, OTS designated about
170 thrifts as being at high risk due to poor performance in
conducting awareness and assessment phase activities.  Additionally,
FDIC identified over 200 banks that were not adequately addressing
Year 2000 risks and 500 banks that were very reliant on third-party
servicers and software providers but had not followed up with them to
determine their Year 2000 readiness.  Furthermore, NCUA reported that
it had formal agreements for corrective action with 4,862 credit
unions deemed not to be making sufficient progress in at least one
awareness or assessment phase activity. 

The regulators are now conducting a more detailed assessment of Year
2000 readiness.  This assessment will involve on-site examinations of
institutions and their major data processing services and software
vendors.  These visits are expected to be completed by the end of
June 1998.  The results of the servicer assessments will be provided
to the banks, thrifts, and credit unions that use these services. 
Once the on-site assessments are completed, the regulators expect to
have a better idea of where the industry stands, which institutions
need close attention, and, thus, where to focus supervisory efforts. 


   REGULATORS FACE PROBLEMS IN
   ENSURING INSTITUTIONS ARE READY
---------------------------------------------------------- Chapter 0:4

As noted in our summary, the regulators must successfully address a
number of problems to provide adequate assurance that financial
institutions will meet the Year 2000 challenge.  First, all were
behind in assessing individual institution's readiness due to the
fact that they got a late start.  For example, the regulators did not
complete their initial institution assessments until November and
December 1997.  According to OMB guidance and GAO's Assessment Guide,
these activities should have occurred by the summer of 1997.  Because
the regulators are behind the recommended timelines, the time
available for assessing institutions' progress during renovation,
validation, and implementation phases and for taking needed
corrective actions is compressed. 

Second, we also found that the FFIEC-developed examination work
program and guidance for the initial and follow-on assessments were
not designed to collect all the data needed to determine where (i.e.,
in which phase) the institutions are in the Year 2000 correction
process.  For example, the guidance for the work program does not
contain questions that ask whether specific phases have been
completed.  In addition, the work program used to perform the on-site
assessments is not organized by the 5 phases of the Year 2000
correction process.  Furthermore, the terms used in the guidance to
describe progress are vague.  For example, it notes that banks should
be well into assessment by the end of the third quarter of 1997, that
renovation for mission-critical systems should largely be completed,
and testing should be well underway by December 31, 1998.  Without
defining any of these terms, it would be very hard to deliver uniform
assessments on the status of institutions' Year 2000 efforts. 

At the time of our reviews, OTS had issued additional examination
guidance and procedures to supplement those of FFIEC.  This
supplemental guidance, if implemented correctly, will address the
FFIEC examination procedure's shortcomings.  However, although we
reviewed FDIC and NCUA earlier in the process, we found that both
were using or planning to use the FFIEC guidance for their initial
and follow-on assessments.  We were concerned at the time that by
using the FFIEC guidance, FDIC and NCUA would not be able to develop
an accurate picture of their institutions' Year 2000 readiness.  In
the case of FDIC, this problem was compounded by the fact that the
tracking questionnaire FDIC examiners were to complete after their
on-site assessment also did not ask enough questions to determine
whether the bank had fully addressed the phases.  Since our work,
FDIC and NCUA have responded to our findings by providing examiners
with supplemental guidance, which we think is a positive development. 
FDIC officials told us that they are also in the process of going
back to institutions and asking more detailed questions to provide
added assurance that the corporation can tell precisely where each
bank is in the Year 2000 correction process. 

Third, FFIEC is still developing key Year 2000 guidance.  For
example, as of the time of our review, the regulators had not yet
completed critical guidance related to (1) developing contingency
plans to mitigate the risk of Year 2000-related disruptions and (2)
ensuring that their data processing services, software vendors, and
large corporate customers are making adequate Year 2000 progress.  In
May 1997, the regulators--through FFIEC--recommended that
institutions begin these actions.  FFIEC recently issued the
servicer/vendor and corporate customer guidance on March 17, 1998,
but does not plan to provide contingency planning guidance until the
end of April 1998.  This time lag has increased the risk that
institutions have taken little or no action on contingency planning
and dealing with servicers, vendors, and corporate customers in
anticipation of pending regulator guidance.  Moreover, in the absence
of guidance, institutions may have initiated action that does not
effectively mitigate risk of Year 2000 failures. 

Finally, although the regulators have been working hard to assess
industrywide compliance, it is not clear all have an adequate level
of technical resources needed to adequately evaluate the Year 2000
conversion efforts of the institutions and the service providers and
software vendors that service them.  As institutions and vendors
progress in their Year 2000 efforts, we are concerned that the
evaluations of the examiners will increase in length and technical
complexity, and put a strain on an already small pool of technical
resources.  Without sufficient resources, the regulators could be
forced to slip their schedules for completing the current on-site
exams or, worse, reduce the scope of their exams in order to meet
deadlines.  In the first case, institutions would be left with less
time to remediate any deficiencies.  In the second, regulators might
overlook issues that could lead to failures.  In either case, the
risk of noncompliance by institutions and service bureaus--and the
government's exposure to losses--is significantly increased.  OTS and
NCUA have responded to this concern by adding more technical staff or
augmenting it with contractors. 


   SERIOUS YEAR 2000 CHALLENGES
   AHEAD FOR REGULATORS
---------------------------------------------------------- Chapter 0:5

It will be important for regulators to quickly address problems
associated with their late start since the challenge for them is
certain to grow as banks progress into the later and more complex
stages of their Year 2000 efforts.  For example, regulators will soon
have to pinpoint which, if any, of the thousands of banks, thrifts,
and credit unions are not going to meet their Year 2000 deadline.  In
doing so, they will have to weigh a range of factors, including the
financial condition of the institution, the resources it has to
address the problem, how far behind it is in correcting its systems,
whether its service provider's systems are Year 2000 compliant, etc. 
Once these decisions are made, regulators will have to then determine
which enforcement actions--which include increased on-site
supervision, directives to institution boards of directors, written
supervisory agreements, cease-and-desist orders, civil monetary
penalties--are appropriate.  All of this needs to be done before the
Year 2000 deadline, which is less than 21 months away. 

In addition, as institutions and vendors progress in their Year 2000
efforts, regulatory evaluations will increase in length and technical
complexity and put a strain on an already small pool of technical
resources.  Thus, the regulators will need to ensure that they have
the technical capacity to complete their Year 2000 examinations as
well as their routine safety and soundness examinations.  Already,
some are finding this to be a difficult task.  OTS officials, for
example, expressed the concern that even if they could hire more
technical examiners, it is very hard to find and hire staff with
these skills. 

The regulators will be better prepared to handle these challenges
once the on-site assessments are completed.  This information should
provide good definition as to the size and magnitude of the problem,
that is, how many institutions are at high risk of not being ready
for the millennium and require immediate attention and which service
providers are likely to be problematic.  Further, by carefully
analyzing available data, the regulators should be able to identify
common problems or issues that are generic to institutions that are
of similar size, use specific service providers, etc.  This in turn
will allow regulators to develop a much better understanding of which
areas require attention and where to focus limited resources.  In
short, regulators have an opportunity to regroup, develop specific
strategies, and have a more defined sense of the risks and the
actions required to mitigate those risks. 


-------------------------------------------------------- Chapter 0:5.1

In conclusion, Mr.  Chairman, we believe that the financial
regulators have a good appreciation for the Year 2000 problem and
have made significant progress in assessing the readiness of banks,
thrifts, and credit unions.  However, the regulators are facing a
finite deadline that offers no flexibility.  They need to take
several actions to improve their ability to enhance the ability of
financial institutions to meet the century deadline with minimal
problems and to enhance their own ability to monitor the industry's
efforts and to take appropriate and swift measures against
institutions that are neglecting their Year 2000 responsibilities. 

Accordingly, we have made recommendations to the regulators
individually, and collectively via FFIEC, to work together to, among
other things, (1) improve their Year 2000 examination and reporting
processes, (2) provide additional guidance to the institutions on
contingency planning and the latter phases of the Year 2000
correction process, (3) develop a tactical plan that details the
results of their on-site assessments, provides a more explicit road
map of the actions to be taken based on those results, and includes
an assessment of the adequacy of technical resources to evaluate the
Year 2000 efforts of institutions and the servicers and vendors that
support them, and (4) improve the regulators' internal system
mitigation programs.  So far, we have been generally pleased with the
regulators' responsiveness to implementing our recommendations. 


-------------------------------------------------------- Chapter 0:5.2

Mr.  Chairman, that concludes my statement.  We welcome any questions
that you or Members of the Committee may have. 


*** End of document. ***