| |
Report to the Congress on the Readiness of the United States Securities Industry and Public Companies To Meet the Information Processing Challenges of the Year 2000
United States Securities and Exchange Commission
June 1997
Excerpts from link provided:
sec.gov
The staff of the Securities and Exchange Commission (SEC), in response to an inquiry from Congressman John Dingell, has undertaken a coordinated examination of the state of its internal preparedness as well as that of the nation's securities industry and public companies to properly handle the information processing challenges associated with the upcoming millennium change. This report presents the staff's findings as to the current state of readiness, their position with respect to corporate disclosure as it relates to the Year 2000 issue, actions they intend to continue to take to reduce the risk associated with the Year 2000 problem, and the staff's plans to meet future reporting requirements.
The Report is the result of the collaborative efforts of an SEC Task Force comprised of representatives of six SEC divisions and offices: the Divisions of Corporation Finance, Investment Management and Market
Regulation; and the Offices of The Executive Director, Compliance Inspections and Examinations, and The Chief Accountant. The Office of
Information Technology, which chairs the Task Force and is responsible
for SEC internal systems, is a part of the Office of the Executive
Director. The work of the Task Force and the findings of the report are organized along the lines of the regulatory or operational
responsibilities of each participating office or division.
The United States securities industry is massive in size and complex in function. It is characterized by a heavy reliance on computerized information processing technology and by the extensive interdependencies that exist among its own membership as well as by
its reliance upon both the United States and the global banking
communities. Timely, accurate information and information exchanges
are at the center of the industry's very existence. Because of the serious consequences that would result from any failure to properly prepare for and successfully negotiate the challenge of the millennium changeover, it is imperative that all participants succeed in their system remediation efforts.
Before discussing findings, it is important that one essential principle be understood:
It is not, and will not, be possible for any single entity or
collective enterprise to represent that it has achieved
complete Year 2000 compliance and thus to guarantee its
remediation efforts. The problem is simply too complex for
such a claim to have legitimacy. Efforts to solve Year 2000
problems are best described as "risk mitigation." Success in
the effort will have been achieved if the number and
seriousness of any technical failures is minimized, and they
are quickly identified and repaired if they do occur.
Addressing the Year 2000 problem within any organization proceeds
along a spectrum of activities that can be condensed into:
1.Awareness,
2.Assessment,
3.Remediation,
4.Internal Testing,
5.Integrated Testing and
6.Implementation.
Internal testing and integrated testing with one's partners in
information exchanges are almost universally acknowledged as the most
difficult, expensive and time consuming components of addressing the
Year 2000 issue. Estimates of the proportion of resources that will be
devoted to testing are generally in the range of between 50 and 70
percent of the entire Year 2000 effort.
The SEC's Internal Systems:
The SEC's Office of Information Technology (OIT) has assembled its
project team which has completed its inventory and first level
assessment of all central systems. Each system has been prioritized into a mission-critical or non-mission-critical category. A second level assessment of each system has been conducted to determine if it:
1) is already Year 2000 compliant,
2) should be eliminated, replaced or rewritten, or
3) needs further assessment and possible remediation.
Summary results are as follows:
Total Number of Mission Critical Systems: 53
Total Number of Mission Critical Systems Currently Compliant: 14
Total Number of Mission Critical Systems To Be Eliminated, Replaced or Rewritten: 1
Total Number of Mission Critical Systems Still Requiring Remediation: 38
III. The Securities Industry and the Year 2000 Challenge
With over 58 million shareholders of record participating in markets experiencing nearly 200 billion shares being traded annually, it is critical that the computer systems upon which our securities market participants rely be prepared to deal with the challenges presented by the change in millennium.
Focusing the Industry's Attention on the Issue
A crucial component of the Commission's program has been to focus the
securities industry's attention on this issue. Commissioners and staff
began this effort last year.
In 1996, Commissioner Steven M. H. Wallman began to warn the
securities industry that the Year 2000 problem has "staggering"
implications. For example, in a speech given to the Center for the Study of Equity Markets, Commissioner Wallman warned that:
Simple tasks often taken for granted, such as sorting dates,
calculating interest earned, and recording accurate trade
and settlement dates may be seriously jeopardized. And of
course, if the simple things cannot be done right, the
complex things become impossible.
In addition, in 1996, Lori Richards, Director of OCIE, sent letters to the Securities Industry Association (SIA) and the Investment Company
Institute (ICI), informing them that the Year 2000 presents a "critical data management problem," and that "nless corrective steps are taken now, computational errors and system failures can be expected." Ms. Richards also indicated that it is "imperative that the securities and investment industries take action to protect their systems from these problems."
Year 2000 effort is the highest priority project within the
Office of Information Technology.
The Project Team is working simultaneously on both the 300, distributed systems and on the centrally-administered systems. Initial assessments of the 300 indicate the majority can be made Year 2000 compliant generally by upgrading the off-the-shelf software in which the application was created.
The schedule pertaining to these systems is as follows:
Inventory Completion Target: March 1997 - Percent Completed: 95%
Assessment Completion Target: August 1997 - Percent Completed: 5%
Implementation Completion Target: December 1997 - Percent Completed: 0%
The schedule for remediating the SEC central systems is as follows:
Inventory Completion Target: December 1996 - Percent Completed: 100%
Assessment Completion Target: January 1998 - Percent Completed: 75%
Implementation Completion Target: December 1998 - Percent Completed: 5% |
|
