SEC Staff, Bank Examiners Speak on Year 2000
SEC Staff, Bank Examiners Speak on Year 2000 By Jonathan T. Cain
The staff of the Securities and Exchange Commission has finally offered its view of the duty of publicly traded companies, investment advisors and investment companies to disclose anticipated costs, problems and uncertainties related to computer systems in the year 2000.
The Oct. 8 SEC Staff Legal Bulletin followed the release earlier this year of a memorandum by the Federal Financial Institutions Examination Council describing the procedures that will be used in the examination of all federally supervised financial institutions for year 2000 readiness.
While the two statements may not be directly applicable to companies not subject to federal securities or banking regulation, they do illustrate examples of the actions that could be embraced by state agencies and courts in determining whether the management of a nonregulated company has taken prudent steps to prepare for the year 2000 and has fairly represented its preparedness, or lack of preparedness, to investors, lenders and customers.
The SEC staff bulletin does not have the legal effect of a formal rule or a statement of the SEC itself, but it is notice of how the staff will address questions related to disclosure of financial consequences of year 2000 issues.
According to the bulletin, management's discussion and analysis of financial condition and operations in quarterly, annual and other required reports should include year 2000 disclosures if addressing the year 2000 is a material event or involves an uncertainty that would cause reported financial information not to be necessarily indicative of future operating results or financial condition.
One question frequently raised is how a company is to report the costs of modifying computer software to accommodate the year 2000. According to the SEC staff, software modification expenses are to be charged to expenses as they are incurred.
Disclosure should also be made if management determines that an incomplete or untimely effort to address year 2000 consequences would affect future financial results of the company.
The staff also contends that if year 2000 issues may materially affect a company's products, services or competitive conditions, the company may need to disclose this information in its description of its business in required reports.
Entities that are not subject to SEC regulation should consider whether, in their dealings with lenders and investors, they have taken similar care to avoid misrepresenting their future financial uncertainties resulting from year 2000 consequences.
The bank examiners have given notice that they will be looking for a comprehensive, deliberate plan to address year 2000 issues in financial institutions. The examiners expect management's plan to include, in addition to accounting systems, such embedded software as telecommunications systems, ATMs, audio response systems, and environmental systems with embedded microchips, such as vaults, security and alarm systems, elevators, telephones and fax machines.
They will be looking to see if management has performed a third-party software contract review, reviewed all data processing outsourcing agreements for year 2000 maintenance obligations, and determined whether their hardware and software vendors have the financial and operational capabilities to actually solve the bank's year 2000 issues. The examiners also are to review the institution's contingency plans to assure the institution's ongoing operations if the institution's systems will not be year 2000 compliant by Dec. 31, 1998.
Each of these steps, and many others outlined in the published notice, could well be recommended to the management of any business. If management is hesitant to engage in a full-scale year 2000 audit and remediation plan, it may find that it is answering questions on the subject well before December 1999.
One of the elements of the bank examiners' review is to determine whether bank management has discussed the effect of the year 2000 issue with its large corporate borrowing customers to ensure the customers' ability to meet financial and informational obligations to the institution.
According to the examiners, loan and credit review officers should consider in their credit analysis whether the borrower's year 2000 conversion efforts are sufficient to avoid significant disruptions to operations. If a significant loan customer is delinquent in addressing its own year 2000 issues, it may find its loan being reviewed with more scrutiny as the year 2000 approaches.
Hardware and software vendors dealing with financial institutions should anticipate changes as well. The examiners expect that financial institutions will modify existing contracts that do not specifically address year 2000 compliance by the vendor.
Current and future purchases of hardware and software by federally supervised financial institutions are to require year 2000 certification. The examiners' advice to the bank if the vendor declines to comply is blunt: "If contract changes or modifications are refused, then the institution should consider replacing the service or product."
Jonathan T. Cain chairs the Technology Practice Group of Mays & Valentine LLP, McLean, Va. His e-mail address is email@example.com.