JPMORGAN : Before the U.S. Senate Special Committee on the Year 2000 Technology Problem
'Corporate information / Perspectives
Testimony by Peter A. Miller
Chief Information Officer
J.P. Morgan & Co. Incorporated
Before the U.S. Senate Special Committee
on the Year 2000 Technology Problem
July 6, 1998
Introduction:
Mr. Chairman and members of the committee, thank you for the opportunity to
address this important issue. My name is Peter Miller. I am the chief information officer
of J.P. Morgan and have been involved with the Year 2000 problem since 1995. My
remarks today will focus on the nature of the Year 2000 problem, a risk-management
approach to solving it, and the need for industry-to-industry collaboration, as well as
international cooperation.
I: The Problem
Let me begin by saying that the Year 2000 problem, or the "millennium bug" as it is
sometimes referred to, is an issue that we at J.P. Morgan consider of paramount
importance to our firm, the financial services industry, and the U.S. and world
economies. No other event in history will so thoroughly expose the vulnerability of our
living and working in a world so interconnected by computers and telecommunications.
The problem, as we see it, is not really a technological one, although technology lies at
the root of both the problem and solution. Correcting the two-digit dating systems,
which in their present form cannot tell one century from the next, is easy. Rewriting
code, as a technological matter, is relatively straightforward. The real problem and the
real danger can be summed up in two words: logistics and dependency.
The logistical problem is that millions of computers are involved. A huge undertaking in
and of itself. Making the task even more daunting are the intricate, complex, and
pervasive interdependencies among the computers and computer networks that
populate the world today. It is not enough that every computer, software application,
and embedded chip affected by the Year 2000 problem be fixed. They must be fixed
in ways so that they remain compatible with all the other devices with which they
interoperate.
The financial industry offers a perfect illustration of the enormous size, scope, and
complexity of the problem. Finance today is a global business, where almost
unimaginable sums of money are in a constant state of electronic flux, and
interdependency is particularly acute given the networked nature of market
participants. We have already seen harbingers of what may be in store. The New York
Mercantile Exchange and the Brussels Stock Exchange have both experienced
date-related operating failures. Although these problems were relatively small in scope,
the scale of the issue becomes magnified when you consider that all of the world's
financial institutions will find themselves tested on the same day. At the extreme, the
price of failure could be systemic breakdown.
Yet it is not enough for the world's banks, stock exchanges, and clearing houses to
have their respective houses in order. It won't do them any good if their transaction
processing systems are ready, but they cannot relay information to clients, creditors,
regulators, and payment and settlement systems because of breakdowns in
telecommunications networks. And imagine if all the banks and telecommunications
companies are set to perform on January 3, 2000, but their employees can't get to their
desks because the elevators don't work. Simply put, our networked world is only as
good as its weakest connection.
Typically, the barriers to Year 2000 compliance come down to four things:
Time -- this is a problem with an immovable deadline
Money -- for some, compliance may not be economically possible
Skills -- even if you have the money, you still need to find people who can fix
the problem
Competing priorities -- if focus is on other issues, the likelihood increases that
Year 2000 problems simply won't get fixed. Major corporate events like
mergers, acquisitions, and privatizations are the kinds of things that can keep
managers from devoting the time necessary to address Year 2000 issues within
their companies.
II: J.P. Morgan's risk-management approach
So how does one combat such an enormous and insidious problem? At J.P. Morgan,
we have applied a comprehensive, risk-management approach. In our measured
opinion, things will go wrong. Statistical probability tells us that the logistics and
dependencies involved almost certainly dictate some level of failure. So the question is
not if things will go wrong, but how many things will go wrong. Therefore, we believe
that the best course of action, and probably the only workable one given time, cost,
and skill constraints, is to identify the most critical situations, fix them first, and then
move down the chain of priorities. Firms that will do the best will be the ones that:
put their own house in order;
coordinate their activities with their trading partners; and
prepare contingency plans in the event that unexpected failures occur.
At J.P. Morgan, we began discussing the Year 2000 problem at senior executive levels
in 1995. Early the following year, with the full commitment of Sandy Warner, our
chairman and CEO, we launched a firmwide initiative. The commitment of senior
management was crucial, for without it, we would never have been able to muster all
the resources necessary to attack the problem. With 600 people working on the
initiative at its peak, we have estimated that the total cost of making the firm Year 2000
compliant is $250 million.
Paula Larkin, a senior manager at Morgan, is charged with overseeing and
coordinating all of the firm's Year 2000 efforts. To date, these efforts have included:
raising awareness throughout the firm;
conducting a comprehensive analysis of the problem and its many impacts;
putting in place a complete end-to-end methodology and certification process;
and
applying the lessons learned broadly across the firm so as to reduce costs and
risks while accelerating progress.
By year's end, we expect to have all of our critical applications and products tested
and certified as Year 2000 compliant.
The importance of testing cannot be overstated. Our remediation efforts have shown
the problem to be pervasive and not always obvious. For example, our testing of one
product, which the manufacturer said was Year 2000 compliant, found that while the
product could handle the changeover on January 1, it had not been programmed for
the fact that 2000 is a leap year. The lesson here is that nothing can be taken at face
value.
III: Financial Services Industry Activities
With our internal testing and renovation well under way, much of our effort is currently
focused on addressing external dependencies, both inside and outside the financial
services industry. This has involved identifying and assessing our Year 2000 exposures
as posed by clients, counterparties, exchanges, depositories, clearinghouses, and
correspondent banks, as well as by power, telecommunications, and other utilities.
Key to this effort has been coordination and collaboration with others in the industry,
namely competitors, exchanges, the Federal Reserve, and trade associations. For
example, J.P. Morgan has been working with the Securities Industry Association
(SIA), the New York Clearinghouse, and others for the past two years on the Year
2000 issue. Through various committees, the SIA has been promoting awareness,
developing testing guidelines, and coordinating industrywide testing efforts. J.P.
Morgan and 28 other securities firms are currently engaged in piloting the tests that will
be used early next year to check industrywide dependencies and compliance.
The work of SIA and other organizations like it have helped place the U.S. financial
services industry into a leadership position in terms of Year 2000 readiness. The U.S.
financial services industry is ahead of its peers abroad and also appears to be ahead of
all other industries. To the best of my knowledge, financial services is the only industry
conducting integrated testing to demonstrate readiness and identify issues ahead of
time.
But for financial services companies, the need for vigilance must extend beyond their
own industry. The ripple effect from a large disruption in another industry, such as
telecommunications, transportation, or power, could have severe consequences for the
financial sector. As a result, J.P. Morgan, on its own and in conjunction with industry
efforts, is actively trying to understand the risks faced by its service providers and the
programs they have put in place to mitigate the risks.
To mitigate these risks, the free flow of timely and accurate information is essential.
This means the Year 2000 cannot be treated as a competitive issue. Traditional
barriers must give way for the sharing of best practices. Through collaborative efforts,
firms can leverage resources and minimize costs. The government can play a key role
here, through influence and legislation, to promote cooperation and information sharing
across industries.
We also strongly support two parallel government efforts. Year 2000 disclosure
requirements put in place by the Securities and Exchange Commission and the decision
by the Federal Financial Institutions Examination Council to ask companies to prioritize
their clients in terms of Year 2000 risks. For its part, J.P. Morgan already views Year
2000 readiness as a factor in conducting due diligence reviews of clients.
IV: International Coordination
This cooperation and collaboration also needs to extend beyond the borders of the
United States. For J.P. Morgan, with operations in more than 30 countries, the need
for global attention to the Year 2000 problem is clear. Currently, we are working
actively with our counterparts and regulators outside the United States to increase
awareness and action. The ultimate goal is to demonstrate industry readiness through
integrated testing with all major market participants in all major market locations.
Progress is being made, but much more work remains to be done.
Dependencies with potential cross-border implications are of particular concern in the
international arena. Disruption in a key market could prevent the settlement of trades or
movement of cash and securities, which in turn could squeeze credit and liquidity.
Were a major international investment bank, for example, to find itself in a position
where it could not deliver or receive cash or securities, the consequences could have a
ripple effect on the world economy. Through our scenario planning activities, we are
attempting to estimate the likelihood of these failures and identify appropriate remedies.
Our assessment of global readiness places the United States ahead of all other
countries. Preparedness in Europe varies country by country. Thanks in large part to
the work of the British Bankers Association, the United Kingdom ranks in the top
spot. Trade associations are active across the continent, but the entire Year 2000
effort has been hurt by the time, energy, and attention being devoted to the
implementation of European Monetary Union.
Asia ranks behind Europe. Here the biggest threat is posed by the downturn in the
regional economy. Strong progress, however, has been made in Japan over the last six
months, due in large measure to the efforts of the Japan Securities Dealers Association
working with the Ministry of Finance. Regulators are now actively reviewing firms'
programs, and coordinated industry testing is planned.
Action has generally been lagging in Latin America; however, variations exist within the
region. Mexico is proving to be a leader. Currently, the SIA is making use of work
done in the United States to provide best practices to other locations. The SIA
recently visited the major market locations in Latin America to meet with regulators
and major market participants in an effort to leverage the financial services industry's
program here.
In all these regions, as is the case in the United States, the challenge extends beyond
the financial services industry to all of the external dependencies. Although awareness
has increased abroad, not all industries have demonstrated a recognition of the full
scope and ramifications of the issue. This includes infrastructure providers, such as
electric utilities and telecommunications companies, which are vital to the conduct of
international trade.
On a global front, a recent positive development has been the birth of the Global Year
2000 Coordinating Group. The group raises awareness, identifies resources, and
coordinates initiatives on an international basis. Currently, 20 countries are represented
-- a number that is expected to rise. Members of the group are responsible for taking
leadership roles on Year 2000 initiatives within their respective countries, and the
dialogue among members provides first-hand status reports on each country's
problems, progress, and prognosis. One initiative undertaken by the group is to
develop tools to aid international testing by providing a standard set of definitions and
recommendations on scope and timing. To date, three meetings have been held with
attendance covering most major financial markets. In addition, the Basle Committee
and other international regulatory groups have created the Joint Year 2000 Council to
focus the supervisory community on the issue.
V: Conclusion
To close, I would like to reiterate a couple of key messages. The problem is serious.
Things will go wrong. And, the companies, industries, governments, countries, and
regions that will be most successful in addressing the problem will be the ones that:
get a firm handle on internal issues that are particular to them;
address the critical external dependencies that affect them;
work collaboratively with others to share information and maximize resources;
and
put in place contingency plans that guard, as much as possible, against
unforeseen events.
Addressing this problem will take hard work, and for the most part, it's a thankless
task. Success will be defined not by some great discovery, but by minimal disruption.
The financial services industry has made considerable progress to date and is well
positioned. However, the test in all this lies in the strength of the weakest link,
wherever it may be.
I thank the Committee for the opportunity to share my thoughts and look forward to
working with it and others to bring this issue to the most uneventful conclusion possible.
jpmorgan.com |
