The chairman of the Federal Deposit Insurance Corporation (FDIC) has admitted that the nation's banks rely almost completely on third-party providers of software.
The FDIC has no authority over the approximately 300 software providers. It can only "monitor" their y2k progress.
The FDIC says it is confident that these providers will meet their y2k goals. The problem is, there is no indication that any of them was compliant as of November, 1997.
This is the testimony of Andrew Hove.
* * * * * *
The FDIC also is working closely with the other depository institution regulatory agencies to assess the efforts of data processing servicers and bank software providers in resolving Year 2000 problems. Over 90 percent of all FDIC-insured institutions receive data processing support from an independent party external to the bank or have purchased their financial software applications (such as deposit and loan information systems) from a vendor. For the most part, these banks must rely on the data processing servicers or vendors to make their financial software applications Year 2000 compliant. The agencies are currently performing initial assessments at each of the approximately 300 data processing servicers that serve financial institutions including the 16 large multi-regional data processing servicers that have been identified by the agencies as potentially posing a significant and disruptive risk to the financial industry should one or more fail. With respect to bank software providers, the agencies are performing a similar assessment of the 12 major bank software products used by a wide segment of financial institutions. We estimate that these twelve packages are used by 75 percent of the FDIC-supervised financial institutions that purchase bank software applications for their data processing.
We have completed initial assessments at 81 percent of the 147 data processing servicers and vendors assigned to the FDIC for review. Less than one percent of the servicers are experiencing significant problems at this point. Approximately 5 percent of servicers present a moderate level of concern, while we estimate that about 95 percent of servicers have adequate processes in place to make mission critical systems compliant by December 31, 1999. Some of our smaller institutions, however, are having problems obtaining specific information regarding their vendors' Year 2000 remediation efforts and, in particular, their project time lines. Our on-site supervisory reviews of servicers which will be completed by early 1998, will enable us to better evaluate how well the servicers are implementing their processes and meeting their project timelines.