Checking Vendors for Y2K Compliance
The banking industry, which has taken action to reduce its own year 2000 (Y2K) risks, now requires its vendors to do the same. Bank regulatory agencies issued guidance on how banks can ensure that service providers and software vendors are prepared for computer-related problems or failures that could occur on January 1, 2000.
The Federal Financial Institutions Examinations Council (FFIEC), which comprises the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the National Credit Union Administration, published an interagency statement that outlines a due-diligence process for each mission-critical service and product vendors supply. Guidance Concerning Institution Due Diligence in Connection With Service Provider and Software Vendor Year 2000 Readiness clarifies the importance of effective monitoring and testing programs, including contingency plans for use in the event of a breakdown.
According to the statement, due diligence gives managers the ability to
- Identify the mission-critical services and products.
- Understand and articulate vendors obligations for becoming Y2K-compliant.
- Establish testing and monitoring procedures to verify that vendors are taking appropriate action.
- Adopt contingency plans.
Copies of the FFIEC statement are available on the FDIC Web site at www.ffiec.gov .