CSIS - 'Will Y2K Lead to a Global Flight to Quality?
Return to the Y2K Risk Assessment Task Force web site
While there is growing awareness of
the threats posed by the so-called
millennium bug, most of the focus
has been on the prospects of
Y2K-related system failures on
January 1, 2000. What is little
understood, however, is the extent
to which anticipation of such failures
could fuel a worldwide flight to
quality and exacerbate instability in
international financial markets within
the next three to six months.
This is just one of the conclusions that emerged from off-the-record and
public panel discussions with top public and private sector officials of the
CSIS Y2K Risk Assessment Task Force, chaired by former U.S.
Senator Sam Nunn. Key issues raised in the task force meetings on the
global dimensions of the Y2K threat:
Y2K is not just a January 1, 2000 problem.
The problem will not arrive as the clock strikes midnight on December
31, 1999. Nor does it end the following day. There already have been a
few Y2K problems in applications that look beyond the turn of the
century. The pace of Y2K failures likely will increase after January 1,
1999, with the beginning of fiscal years that extend into the year 2000.
In addition, increasingly companies will begin to reevaluate their
relationships with vendors that can not provide assurances of compliance.
Financial institutions will beginning to terminate counterparty relationships
with non-compliant firms. This will happen sooner rather than later - over
the next three to six months. And, according to Senator Bob Bennett,
who chairs the Senate special committee on the Y2K problem, "it will be
with us two to three years after January 1, 2000," due to knock-on
effects and a tidal wave of lawsuits.
Y2K could disrupt global financial and trading systems.
Financial markets are the central nervous system of the global economy;
a vast, complex network of linkages among corporations, financial
institutions, exchanges, regulators, depositories, and clearing firms. Not
only is the international financial system heavily reliant on computer
hardware and software applications for core operations, it is also
dependent on continuous, real-time information flows. Failures in
telecommunications or power networks could disrupt information and
capital flows at critical junctures.
While major U.S. financial institutions and exchanges have begun testing
their systems and are likely to be Y2K compliant, there is increasing
apprehension that institutions in key emerging markets, and even some
developed markets, are not giving sufficient attention to potential Y2K
problems. Indications are that financial institutions already are assessing
Y2K counterparty risk and will begin to terminate relationships with firms
that they do not believe will be Y2K-compliant. Entire markets could be
effectively blacklisted. This "flight to quality" could aggravate an already
fragile situation in global financial markets, possibly leading to a
Y2K-fueled liquidity crisis.
Similar concerns exist with regard to
global commercial relationships.
Interconnectivity problems present one of
the greatest concerns. Merely achieving
compliance in one's own company is not
sufficient. Complex upstream and
downstream linkages exist among
suppliers, vendors, service providers, and
customers, with large multinational companies typically having tens of
thousands of relationships.
With the widespread adoption of just-in-time inventory control systems
and global manufacturing operations, the health of businesses and
economies is increasingly reliant on the timely import and export of raw
materials, intermediate goods, and finished products. From shipping
facilities, to global navigation satellites, air traffic control, and customs
facilities, the smooth-functioning of international trade is dependent upon
computer systems and embedded chips. Disruptions in supply lines can
quickly shut down entire manufacturing operations.
Corporations are now assessing the state of Y2K readiness of their
service providers, suppliers, and vendors and will look for alternative
sources in the coming months.
Y2K presents multifaceted threats to national and global security.
First, Y2K poses a daunting challenge to the Pentagon, which must
evaluate and test nearly 3,000 mission critical systems and get them to
work in an integrated environment. Radars, early-warning satellites,
communication systems, and weapons systems are all reliant upon
computer technology, and thus susceptible to Y2K problems.
Second, while the Pentagon anticipates that most critical systems will be
remediated and tested before the end of 1999, it is relying on the
assurances of readiness by public utilities and private companies with
regard to critical power, water, and telecommunications services
(including those servicing overseas bases). Should these basic services
fail, it will be impossible for DoD to carry out its missions. 95% of DoD
communications moves over public lines.
Third, according to DoD analysts, only three other countries are taking
steps to make their military systems compliant. Apparently, our NATO
allies are lagging by 18 to 24 months, which could impair interoperability
and joint mission execution, such as those in the Balkans. The failure of
countries such as Russia and China to remediate nuclear command and
control systems presents the greatest concerns. While there has been
some high-level information sharing, it is doubtful that Russia, mired in an
economic crisis, has the necessary financial resources to evaluate and test
critical systems.
Fourth, Y2K may also increase U.S. vulnerability to information warfare
while limiting our own capabilities to respond. And because much of the
computer code review has been outsourced, there are security concerns
regarding the potential for terrorists and other subversive groups to insert
viruses, logic bombs, and trapdoors into the remediated code.
Liability concerns are chilling critical information flows and
litigation costs could exceed actual failure costs.
Lloyd's of London estimates that liability damages associated with the
Y2K failures could exceed $1 trillion, potentially surpassing the claims
and settlements in asbestos and tobacco liability cases in recent years.
Litigation costs would significantly exacerbate any direct losses resulting
from Y2K failures and could make this a multi-year problem.
Equally important, concerns about potential liability are exacerbating the
Y2K threat by chilling communication and information sharing among
companies and their suppliers, vendors, and customers as well as
industry counterparts. Moreover, the threat of lawsuits could imperil the
ability of companies to attract or retain qualified officers and directors.
Litigation issues must be addressed in a responsible and balanced way.
The Good Samaritan bill, expected to be approved by Congress, is a
step in the right direction, but is not sufficient.
Contingency planning is critical.
It is clear that not every mission critical system around the world will be
compliant by the year 2000. It is imperative, then, that public and private
sectors alike begin the contingency planning phase.
The focus for governments and private sector companies should shift
from readiness to survivability. Disruptions and even failures are
inevitable. Moving beyond even the so-called "mission critical systems,"
executives must look at what is essential to keeping the government or
the business operational at a very basic level. Without credible
leadership, effective contingency planning becomes difficult to achieve.
csis.org |
