Preparing for the New Century - The Y2K Challenge
Let me take you forward 289 days and about 11 hours from now. It's 11:59 on December 31, 1999, and instead of being sensibly home in bed, or out ringing in the new millennium, your chief technology officer, and perhaps even you yourself, are sitting in the central control room of your financial services firm. The atmosphere is hushed, and as the clock ticks out the seconds to midnight not a sound is heard around the room. Everyone is holding his or her breath awaiting the big moment when midnight comes, and everything moves into Y2K mode.
The preparations for this moment probably began at your firm as much as a year or two ago. They have involved thousands of hours of investigating where and how dates are used in your firm's computer systems; renovating code and testing, and have absorbed millions of your firm's dollars. It's Friday night, and many of the world's major markets (the U.K., Germany, and Japan) were closed during the day, and will be closed Monday as well because of traditional holidays, giving you Saturday and Sunday to test and a relatively quiet Monday as well. You realize that transaction volumes may well be greater on Tuesday as a result, but your firm has also engaged in efforts to reduce the volume of business that needs to settle around the date change. You've tried to foresee important contingencies, tested with major customers, and stayed abreast of local utility and infrastructure efforts to be Y2K compliant, and, if you are a bank, filed all the forms to borrow from the Federal Reserve Bank of Boston if necessary. Yet you are holding your breath as well, realizing that Y2K problems anywhere in the complex and increasingly integrated world of global finance could quickly become yours. What will happen?
I am becoming increasingly confident that as it regards the U.S. financial world, and the variety of systems that support it, the answer to that question is clear. Not much will happen. I want to focus my comments today on why I have this level of confidence, and what I believe some of the remaining issues are.
First, a quick definition of the problem. The Y2K problem started as a short-term solution to the high cost of computer memory in the 1950s and '60s. One report on the year 2000 challenge notes that in the early '60s, core memory for an IBM computer cost about $1 per byte; today's semiconductor memory costs around $1 per million bytes. Thus, there was a very strong economic incentive to minimize the amount of memory needed to store a program and its data in the computer's memory.
This problem was addressed by using only the last two digits of a 4-digit date in the record-68 for 1968, for example. This became the convention, and, until quite recently, this short-cut was used even when systems were completely redesigned and memory costs were lower. The problem posed by the short-cut is simple and was always well-known-after December 31, 1999 two-digit dates could mean dates in either of two different centuries and cause errors of uncertain proportion. However, a concerted effort to address this problem was not made. Most enterprises given the choice between developing new products and services or fixing computer programs that could wait a while longer made the obvious choice. Thus, the two-digit standard for representing years continued much longer than anyone would have anticipated.
Now, however, we no longer have the luxury of time. The Y2K short-cut has to be eliminated, and it is not proving easy or cheap to do so. Estimates of the costs involved both nationally and worldwide vary considerably, especially when the potential for litigation and damages is considered. The Gartner Group estimates about $600 billion will be spent worldwide, but that does not include litigation and damage costs. Another estimate--that of Capers Jones Software Productivity Research in Burlington, Massachusetts-is $1.6 trillion including litigation and damages. Obviously the vast majority of those costs will be incurred by the developed countries, and within that amount, the U.S. will likely bear the lion's share.
Indeed one of the enduring lessons of Y2K applies to almost all "short cuts" in operations or technology-pay me now, or pay me more, much more, later. This problem should have been fixed with each software redesign but it wasn't and now the cost of doing so looms large.
That said, how are we doing? I think we're doing pretty well. That's based on extensive oversight of our efforts within the Federal Reserve System to make our own systems Y2K compliant, to test our connections with 12,000 depository institutions around the country, and our supervisory oversight of those institutions. Moreover, my sense of confidence is also buoyed by surveys and assessments done by J.P. Morgan, the Special Senate Committee on the Year 2000 Technology Problem, and the President's Council on Year 2000 Conversion, all released during this first quarter of 1999. I want to share some specifics on industry readiness with you from these various sources. But first, a couple of additional thoughts.
One of the key factors in my level of confidence in the financial industry's readiness for Y2K lies in the fact that the industry as a whole has an impressive record of coping with operational challenges. From blizzards to power outages to major software failures, the industry has coped, learned from its errors, built sophisticated and expensive back-up capabilities, and gone on to create a record of virtually error-free operation. The industry knows how to solve problems when they occur, and how to resume operations as quickly as possible.
And we're already gaining expertise in analyzing and fixing Y2K problems. For example, credit card expiration dates after 2000 when first encountered could not be processed-now they can. According to a Price Waterhouse Coopers study, during 1998 Y2K problems caused travel agents difficulty with advanced bookings; automatic inventory order systems halted in some cases, and in some systems, leases, securities, and other orders could not be processed. All of these problems have now been resolved. As the J. P. Morgan study puts it, "the real Y2K effect on society and the economy has been spread across a much wider spectrum of time and is of a much more subtle form then the overnight chaos predicted by Y2K doomsday experts. Y2K problems have been occurring, continue to occur, will occur on January 1, 2000, and will continue to occur throughout 2000 and into 2001 ". Indeed, Gartner Group expects that only about 8% of Y2K affected code will actually be at issue on January 1, 2000.
Second, its one thing for me-a knowledgeable insider-or any of you seasoned financial professionals-to be confident of success. Its quite another to have broad-based public confidence. Such confidence is critically necessary if people are to avoid doing things that are inherently more risky than anything Y2K might present-like drawing all their savings out of banks or mutual funds. Communication of the solid progress being made is key here, and I'll speak more to that later.
Finally, glitches will certainly occur, maybe even large ones. But with adequate contingency planning and event management, glitches can be contained. I'll talk a little bit about contingency planning and event management later as well. But first, let me bring you up to date on the readiness of the financial services industry as I see it.
When I think about Y2K readiness I often draw the analogy of throwing a rock into a still pool of water. You can control the speed of the throw and the trajectory and thus the height of the splash of water made by the stone. But you cannot control the ripples of water in concentric circles around the entry point of the stone. And the further away from that entry point, the fainter and less complete the ripples seem. Using this analogy, I think of the Federal Reserve's own efforts as the splash; I know a lot about them and feel largely in control. The closer ripples-those efforts of entities closely tied to the Federal Reserve like depository institutions-are more sharply delineated. I have great confidence in their readiness as well. The farthest out ripples-efforts in other countries-are clearly harder to know about, and information about some is fuzzy.
The splash and ripple analogy highlights the responsibility every organization has to be responsible first for the Y2K readiness of its own systems. If this job is done well and extensive tests are conducted with business partners, the "big picture" of overall readiness will be addressed. This is clearly true in the case of Reserve Banks which play a special role in the settlement of financial markets. Each day over $2 trillion passes through Reserve Bank books representing the settlement of the U.S. Government securities market, the Eurodollar market, the dollar leg of all other foreign exchange transactions, settlement for a wide variety of security and bond markets, about 66 million checks and 16 million ACH payments, among other things. Without functioning Reserve Bank systems, much of everything else in the U.S. financial world comes to a halt. Thus, Federal Reserve concern from the beginning has been that our systems and those of depository institutions be Year 2000 ready as soon as possible.
Reserve Banks began Y2K project efforts more than two years ago. By the middle of 1998, all of the systems Banks use to interface electronically with depository institutions had been made Y2K compliant and were ready for testing with customers. By early this year, nearly all systems, both external and internal were fixed and tested, and those systems are now in production. This means that the systems that Reserve Banks use in the provision of financial services today are Y2K compliant. These systems function today exactly as they will in the new century.
Moreover, these are the same systems that are being used in test mode with depository institutions; thus they are also being stressed continually with the variety of test scenarios used by those institutions. About 8,000 of the 12,000 depository institutions that connect electronically with Reserve Banks, including virtually all major banks, have tested their connections with us, and all users of Fedwire funds transfer will be required to do so. These tests have been going well. The impact on staff time in both Reserve Banks and depository institutions has been considerable, but this kind of testing with business partners is essential for Y2K preparedness. Recognizing that nothing in life can be fully guaranteed, I am as confident that Reserve Bank systems and their customer connections will function without fail in the new century as I am that they will function this afternoon. The splash in the pond is well under control.
What about the first ripple-the depository institutions that connect with Reserve Banks electronically, and other financial institutions? The Federal Reserve and the other federal banking agencies have been working hard to examine every federally insured depository institution in the country for Y2K readiness-not just once but several times.
The banking agencies have established objective milestone dates for completing all phases of Year 2000 preparations, from the inventory of systems for Y2K problems and development of plans to replace those systems, to remediation and testing-the areas we are examining at banks right now-to the implementation of Y2K compliant systems and completion of contingency plans by June 30 of this year. We have found that banks are making excellent progress in meeting these milestone dates, with close to 97 percent of all banks making satisfactory progress. We are requiring banks to assess customer and counter party risk and take steps to mitigate those risks, and we are overseeing major service providers and software vendors as well.
What about financial services firms beyond commercial banks? Much is being done there as well. Major securities firms actually began Y2K efforts somewhat before the banking industry and have successfully conducted at least two extensive end-to-end street-wide tests. Smaller broker dealers and registered investment companies were thought by the SEC to be somewhat behind the larger firms last September, with only about 30 percent of their efforts completed. However, six months have passed since then, and many of these firms were able to participate in the recent industry-wide test, so there is reason to be confident progress is being made. We've brought insurance and mutual fund companies in the First District together here at this Bank, and their comments on their own, and their industry's readiness were reassuring. All states have initiated a survey or examination effort for domestic insurance companies, and June 30, 1999 has been established as the date by which mission-critical systems should be Y2K compliant. For both banks and other types of financial service firms, the impact of counterparty readiness is clearly significant. For those firms with a domestic business concentration, I believe risks have been reduced substantially. Firms with a large foreign presence obviously face greater risks, which I'll speak to a little more later.
Moving to the next ripple, what is known about financial utilities, such as stock exchanges, clearing houses and the like? In September 1998, the SEC reported that for the eight national securities exchanges and for the NASD, 95 percent of critical system coding and testing was complete, and Y2K compliant systems were being put into production. For the nine registered or exempt clearing agencies, about 90 percent of code change testing had been completed, and about that percentage of systems had been implemented. Surveys done in the first quarter of 1999 indicated that these systems will achieve Y2K compliant operations well in advance of the new century.
None of us will function very well without the variety of public utilities-power, water, transportation and telecommunications-that make modern life possible. Indeed, the dependence of the financial sector on various utilities, especially power and telecommunications has been recognized by those charged with national Y2K coordination-The Presidents Council. The Council's financial sector workgroup, chaired by the Federal Reserve, works closely with utilities to ensure problems are addressed and priorities are clear. Reliable utility operations are expected especially from major vendors, but less is known about small carriers and services in small communities and rural areas. Just to make the scope of the issue a little clearer, there are 3,200 electric utility companies in the United States, and about 60,000 community public water systems. Problems affecting particular areas are possible, if not probable, but much effort is underway to ensure they do not occur.
Officials from this Bank met recently with suppliers of power to New England. We were told that steps are being taken not only to make those suppliers' systems compliant, but also to insulate New England from failures elsewhere more fully than it is today. In a sense, then, we may be more protected from power failure during the century changeover than we are currently. Similarly, much has been made about the potential for transportation difficulties. According to the President's Council on the Year 2000, air carriers, larger airports and transit providers are making significant Y2K progress, but there is concern about airport and transit services in small communities and rural areas.
Moving to the next ripple, U.S. Government agencies have been seen as challenged in several reports, and some are thought to be behind schedule in fixing some mission-critical systems. However, those systems that most directly affect the financial world-those in the Treasury and Social Security-seem to us to be in good shape. Social Security systems are renovated and tested, and are now fully in production in Y2K mode. Reserve Banks have been asked to run end-to-end tests with social security files, ensuring operation is problem free from the inception of the file to the posting of social security payments to recipient accounts. Clearly this would be a useful test, and we are exploring ways it might be conducted.
Finally, the last ripple-the one that is less clear in its resolution-is the state of foreign entities, financial firms and governments. Here the various report results are mixed and data is more limited. In general, foreign entities are seen to be behind their U.S. counterparts in both the private and public sectors. Gartner reports that the U.K. and Scandinavia are on a par with the U.S., while Germany and Latin America are further behind. Not surprisingly, developing countries are seen to be behind the developed world.
Considerable effort is being made to bring this ripple into better resolution. Roger Ferguson, one of the Governors on the Federal Reserve Board, chairs an international group known as the Joint Year 2000 Council. This council of central bankers, bank supervisors, and insurance and securities regulators has sought information from bodies in 170 countries. The council shares information on Y2K regulatory and supervisory strategies and acts as a point of contact with national and international private sector initiatives. It has established a committee to share information with international entities such as the IMF, VISA, SWIFT, Euroclear and Cedel. In addition, a totally private sector group known as the Global 2000 Coordinating Group has been formed to coordinate initiatives related to Y2K in the global financial community. Both the Joint 2000 Council and the Global 2000 Group have assessed readiness in a variety of markets, conducted surveys and encouraged readiness in a variety of ways. But the degree of penetration here remains a question.
On an optimistic note, I view the relatively glitch-free implementation of the Euro in January as an indication that at least Europe is likely to be ready for Y2K. A number of systems in some institutions were made Y2K compliant when the changes needed for the Euro were made. More importantly, institutions demonstrated the ability to meet a time bound, technologically complicated deadline albeit one with a more narrow impact. In my view this augurs well for Y2K, but clearly risks are higher in the foreign arena.
In sum, then, Reserve Bank assessments, and reports and surveys done by others on the state of Y2K readiness all point in the same direction. The financial sector-especially domestically-and the needed utilities that support it-are highly likely to succeed in making a smooth transition to the new century. Risks remain-most clearly in the foreign sector-and glitches are inevitable, but with every passing day the likelihood of success is greater.
That likelihood of success should not lull us into a false sense of security. In order for it to be achieved, we must continue to make progress and that requires continued work, testing, and attention. Moreover, it also requires that contingency scenarios and the need for managing operations and communications around critical periods-so called "event" management-be addressed.
From a contingency perspective, much Reserve Bank attention has been devoted to the matter of liquidity-for individuals in the form of cash, and adequate funding for financial institutions. While the nation's major ATMs are generally compliant now, and the likelihood of bank problems is small, we have recognized the public may choose to hold more cash as a precautionary measure. To address that, Reserve Banks will have extra cash to increase the amount in circulation. Based on normal growth, U.S. currency in circulation should increase from $460 billion in mid 1998 to close to $500 billion by late 1999. About two-thirds of that is held in foreign countries, so about $170 billion will be in circulation in the United States at year-end. In addition, Reserve Bank vaults hold about $150 billion in reserve. That amount will be increased by $50 billion by late 1999 simply as a Y2K precautionary measure. That means Reserve Banks will have sufficient currency in reserve to more than double the amount in circulation domestically, in the highly unlikely event that this is necessary. One remaining issue that we're working hard on is how to ensure that this large amount of valuable paper is where it is needed, rapidly and securely.
Liquidity issues for financial institutions can take two forms-too much, and too little. Many institutions have focused their contingency planning on assessing counterparty readiness, and developing plans to limit both the amount of business that will need to settle at year-end, and where and with whom it will settle. Roll-overs may be avoided, leaving some institutions with swelling balance sheets. On the other hand, problems may disrupt normal funding patterns creating shortages for other institutions. Overnight funds markets could be strained in the equilibrating process, leaving some firms flush at settlement, and others in deficit. Reserve Banks have made it clear that they will stand ready to lend in appropriate circumstances to depository institutions, and an extensive outreach effort has been launched to help institutions get the paperwork and collateral ready. In addition, the normal tools used to absorb excess liquidity by the Open Market Desk will be available to deal with soft funds markets.
Event management, and the handling of contingencies, are tightly linked. As we see it, addressing matters that occur during key time periods during the century date change will be critical to maintaining public confidence. That puts the emphasis on good communications, on being proactive about seeking information on the status of critical counterparties, and on quick problem resolution. These are matters that are absorbing a lot of Reserve Bank attention right now. We don't have any magic bullets here, but we are stepping through both how all our offices communicate with each other and with the wider world, and establishing appropriate protocols for addressing and resolving problems.
Finally, let me leave you with a few more Y2K related thoughts. First, despite all my reassuring words, and all the work that has been and will be put into this effort, something can and will go wrong. However, the impact of problems, even large ones, will vary depending on public perception. On one end of the spectrum, the failure of one ATM could cause a crisis if people are nervous enough; on the other end, the stoicism that gets us through snowstorms and other calamities will be the reaction if people are calm. The key to public confidence increasingly is communication. Most, if not all of the nations' banks, financial firms, utilities-you name it-have good, reassuring stories to tell. However, many firms have been heeding their lawyer's advice and saying nothing for fear that unavoidable problems may occur. A bit of legislative relief from the potential for litigation occurred last fall with the passage of the Year 2000 Information and Readiness Disclosure Act. Even with this help, the complexities of Y2K can make it hard for firms to speak clearly. But speak clearly they must, for now is the time to convey messages of confidence.
Second, I think the likelihood of economic demise as a result of Y2K is remote. Based on past experience, and the knowledge rapidly piling up on Y2K readiness, the inevitable problems are more likely to be of short duration, and affecting limited areas than they are to cause widespread, extended disruptions. While there is a potential for mild inventory building in late 1999, and then a reversal in early 2000, the effects of this will likely be small and hard to sort out from the usual quarterly volatility. Moreover, if Reserve Banks are any indication, there won't even be a steep drop in the need for technology support or equipment. We have enormous pent-up demand from deferred projects which should keep our systems areas fully employed well into the new millenium.
Third, I believe all financial service firms need to be especially vigilant about security, both in how their systems are modified for Y2K compliance, and how they are implemented. In particular, it may be tempting to relax electronic security safeguards if problems occur. I would strongly advise against this and Reserve Banks will be vigilant here. The challenge of the new millenium will not be lost on computer hackers, and the financial industry must be particularly focused on this.
Finally, let me reiterate the necessity for continued focused attention on Y2K. Despite my reassuring assessment, much remains to be done, and there are no guarantees of total success. Everyone must concentrate on his or her own piece of this effort. In that regard, to return to my splash and ripple analogy, if all the efforts of every firm and every country are firmly directed and well-controlled, then the entire pond will be covered, not with faint ripples, but with the splashes of success.