| CONTACT: |
| Supreme Court of the Philippines Library Services, Padre Faura, Ermita, Manila, Philippines 1000 |
| (632) 8524-2706 |
| libraryservices.sc@judiciary.gov.ph |
(NAR) VOL.8 NO. 3 / JULY - SEPTEMBER 1997
[ BSP CIRCULAR LETTER, September 04, 1997 ]
YEAR 2000 SUPERVISION PROGRAM
All Banks and Quasi-banks are enjoined to prepare an information processing system that is Year 2000 compliant. The Year 2000 poses serious problems inherent in computer software and hardware systems, especially, on the aspect of century change of date from Year 1999 to Year 2000. To insure the smooth transition of all information processing systems to the Year 2000, all banks and quasi-banks are, therefore, directed to develop/formalize their year 2000 action plans/conversion programs. The targeted dates for conversion are: by quarter-end December 1997, wherein all critical application systems affected by the Year 2000 date change shall have been identified and priorities should be set for Year 2000 work; and by year-end December 1998, all programming changes shall have been completed and program testing be underway.
Kindly submit as Year 2000 action plan or conversion program to the appropriate supervising and examining department of the Bangko Sentral ng Pilipinas within thirty (30) days from date of this Circular-Letter. Banks and quasi-banks may be guided by some of the issues enumerated in the attached "A" to A-2".
Adopted: 4 Sept. 1997
Issues to consider to ensure that all information processing systems are Year 2000 compliant:
A. Year 2000 Project Management
1. Awareness Phase — Define the Year 2000 problem and gain management's support for the resources necessary to perform compliance work. Establish a Year 2000 program team and develop an overall strategy that encompasses in-house systems, vendors, auditors, customers, suppliers and service bureaus.
2. Assessment Phase — Assess the size and complexity of the problem and detail the magnitude of the effort necessary to address Year 2000 issues. Identify all hardware, software, networks, ATMs, other processing platforms, customer and vendor inter-dependencies and environmental systems with embedded microchips (i.e. security systems, fax, vaults, telephones, elevators, etc.) affected by the Year 2000 date change.
Evaluate the Year 2000 effects on the institution's business strategy such as effects on mergers and acquisitions, major system development, corporate alliances, system interdependencies will have on existing and/or potential Year 2000 issues that may arise from Year 2000 issues.
All resource needs (personnel, contractors, vendor support, budget allocations and hardware capacity), time frames, accountability and policies should be identified. Contingency plans should be developed.
3. Renovation Phase — This includes code enhancements, hardware and software upgrades, system replacements, vendor certification and other changes. Work prioritization should be based on the information gathered in the assessment phase. For institutions relying on outside services or third-party software providers, discussions and monitoring of vendor progress are necessary.
4. Validation Phase — Testing is the most critical phase. This includes the testing of incremental changes to hardware and software components. Additionally, connections with other systems must be verified and all changes should be accepted by internal and external users. Controls should be established to assure effective users. Controls should be established to assure effective and timely completion of testing prior to final implementation. Discussions with vendors should be conducted on the success of their validation efforts.
5. Implementation Phase — All systems should be verified as Year 2000 compliant and certified accepted by users. Non-compliant systems should immediately be brought to the attention of management for resolution. This phase must ensure that all new systems or subsequent changes to verified systems are compliant with Year 2000 requirements.
B. External Issues
1. Reliance on Vendors — Management should evaluate vendor plans and actively monitor project milestones. Management should determine if vendor contracts include Year 2000 covenants and must ensure that vendors have the capacity (both financial and personnel) to complete the project and are willing to certify Year 2000 compliance, otherwise, alternate service or software providers should be considered.
2. Data Exchange — The Year 2000 project plan should include an assessment of the risk involved in the transfer/exchange of data between and among financial institutions, clearing associations, customers, regulators, government agencies, etc.
3. Corporate Customers — Banks and Quasi-banks should develop processes to periodically assess large corporate customer Year 2000 efforts. Credit and loan review should include an analysis of the borrower's Year 2000 conversion efforts.
C. Year 2000 Operating Issues
1. Replacement vs. Repair — Cost and timing consideration may affect the ban's/quasi-bank's decision to replace or repair strategic systems by Year 2000.
2. Cost and Monitoring — As the Year 2000 approaches, the cost of obtaining or retaining qualified staff to address the Year 2000 problems will significantly rise. Knowledge of market conditions for skilled programmers and developing programs to retain key personnel may be necessary to ensure that adequate resources are available throughout the project's life cycle.
3. Mergers and Acquisitions (M & As) — M & A strategies should be included in the Year 2000 assessment since conversions resulting from M & As will also compete for executive and technical resources.
4. Remote Locations — Remote or overseas operations should also be included in the system inventory and conversion plans.
5. Contracts — Legal issues may arise from lack of specificity in contract terms dealing with Year 2000 issues. Banks/Quasi-banks should modify existing contracts which do not address Year 2000 by the vendor, otherwise, conflicts may arise from responsibility to assure Year 2000 compliance. Current and future purchases should require Year 2000 certification. If modifications are refused, replacing the service or product should be considered.
6. Leap Year — All Year 2000 plans need to address the leap year February 29, 2000 issue. All date and calculation routines should be reviewed to ensure that all leap year calculations are Year 2000 certified.
D. Supervisory Strategy
Supervisory/regulatory reviews of all Banks' and Quasi-banks' Year 2000 conversion compliance shall be conducted by 1999.
Kindly submit as Year 2000 action plan or conversion program to the appropriate supervising and examining department of the Bangko Sentral ng Pilipinas within thirty (30) days from date of this Circular-Letter. Banks and quasi-banks may be guided by some of the issues enumerated in the attached "A" to A-2".
Adopted: 4 Sept. 1997
(SGD.) ALBERTO V. REYES
Deputy Governor
Deputy Governor
ANNEX A
YEAR 2000 COMPLIANCE ISSUES TO CONSIDER IN THE CONVERSION PROGRAM
YEAR 2000 COMPLIANCE ISSUES TO CONSIDER IN THE CONVERSION PROGRAM
Issues to consider to ensure that all information processing systems are Year 2000 compliant:
A. Year 2000 Project Management
1. Awareness Phase — Define the Year 2000 problem and gain management's support for the resources necessary to perform compliance work. Establish a Year 2000 program team and develop an overall strategy that encompasses in-house systems, vendors, auditors, customers, suppliers and service bureaus.
2. Assessment Phase — Assess the size and complexity of the problem and detail the magnitude of the effort necessary to address Year 2000 issues. Identify all hardware, software, networks, ATMs, other processing platforms, customer and vendor inter-dependencies and environmental systems with embedded microchips (i.e. security systems, fax, vaults, telephones, elevators, etc.) affected by the Year 2000 date change.
Evaluate the Year 2000 effects on the institution's business strategy such as effects on mergers and acquisitions, major system development, corporate alliances, system interdependencies will have on existing and/or potential Year 2000 issues that may arise from Year 2000 issues.
All resource needs (personnel, contractors, vendor support, budget allocations and hardware capacity), time frames, accountability and policies should be identified. Contingency plans should be developed.
3. Renovation Phase — This includes code enhancements, hardware and software upgrades, system replacements, vendor certification and other changes. Work prioritization should be based on the information gathered in the assessment phase. For institutions relying on outside services or third-party software providers, discussions and monitoring of vendor progress are necessary.
4. Validation Phase — Testing is the most critical phase. This includes the testing of incremental changes to hardware and software components. Additionally, connections with other systems must be verified and all changes should be accepted by internal and external users. Controls should be established to assure effective users. Controls should be established to assure effective and timely completion of testing prior to final implementation. Discussions with vendors should be conducted on the success of their validation efforts.
5. Implementation Phase — All systems should be verified as Year 2000 compliant and certified accepted by users. Non-compliant systems should immediately be brought to the attention of management for resolution. This phase must ensure that all new systems or subsequent changes to verified systems are compliant with Year 2000 requirements.
B. External Issues
1. Reliance on Vendors — Management should evaluate vendor plans and actively monitor project milestones. Management should determine if vendor contracts include Year 2000 covenants and must ensure that vendors have the capacity (both financial and personnel) to complete the project and are willing to certify Year 2000 compliance, otherwise, alternate service or software providers should be considered.
2. Data Exchange — The Year 2000 project plan should include an assessment of the risk involved in the transfer/exchange of data between and among financial institutions, clearing associations, customers, regulators, government agencies, etc.
3. Corporate Customers — Banks and Quasi-banks should develop processes to periodically assess large corporate customer Year 2000 efforts. Credit and loan review should include an analysis of the borrower's Year 2000 conversion efforts.
C. Year 2000 Operating Issues
1. Replacement vs. Repair — Cost and timing consideration may affect the ban's/quasi-bank's decision to replace or repair strategic systems by Year 2000.
2. Cost and Monitoring — As the Year 2000 approaches, the cost of obtaining or retaining qualified staff to address the Year 2000 problems will significantly rise. Knowledge of market conditions for skilled programmers and developing programs to retain key personnel may be necessary to ensure that adequate resources are available throughout the project's life cycle.
3. Mergers and Acquisitions (M & As) — M & A strategies should be included in the Year 2000 assessment since conversions resulting from M & As will also compete for executive and technical resources.
4. Remote Locations — Remote or overseas operations should also be included in the system inventory and conversion plans.
5. Contracts — Legal issues may arise from lack of specificity in contract terms dealing with Year 2000 issues. Banks/Quasi-banks should modify existing contracts which do not address Year 2000 by the vendor, otherwise, conflicts may arise from responsibility to assure Year 2000 compliance. Current and future purchases should require Year 2000 certification. If modifications are refused, replacing the service or product should be considered.
6. Leap Year — All Year 2000 plans need to address the leap year February 29, 2000 issue. All date and calculation routines should be reviewed to ensure that all leap year calculations are Year 2000 certified.
D. Supervisory Strategy
Supervisory/regulatory reviews of all Banks' and Quasi-banks' Year 2000 conversion compliance shall be conducted by 1999.