Is Your Contingency Plan All That It Can Be

As the ultimate Y2K deadline gets closer, banks should check and recheck their plans--and their work There's a concept in Zen Buddhism called the beginner's mind. It has roughly to do with not assuming too much about a situation, looking at it as if for the first time. When you don't harbor the prejudice of an expert, the theory goes, you can often begin to see the problem in a clearer, more profound way. Rather than stray too far into the territory occupied by Stuart Smalley's "deep thoughts," suffice to say that the myriad of Y2K preparation, from project formation to contingency planning, could benefit from fewer preconceptions. While U.S. bankers don't have the time to start over, they can, between now and next fall, check and recheck the functioning of mission critical and peripheral systems. In fact, regulators, Year 2000 consultants, and the ABA are urging them to do so--and communicate their progress to consumers. Additionally, a well-prepared bank will examine its contingency plan, keeping a variety of business and legal issues, not just technical issues, in mind. If you'd like to upgrade your plan, there are numerous upcoming seminars on the subject as are there consultants with tips. Some of those tools, methods, and options will be explored here. In addition, all the major government agencies publish some form of guidelines on their Web sites Remediation on target Of course, contingency plans should be just that, contingency. So far, it seems, the majority of banks have taken this dictum to heart. From the regulators' collective perspective, banks, in general, seem on target with remediation. David Barr, a spokesperson for the Federal Deposit Insurance Corp., indicates that for the 5,971 institutions under the FDIC's jurisdiction, for example, 5,802 of them have received satisfactory ratings. As most bankers realize, a "satisfactory" rating from regulators means that a bank has met all previously stated guidelines for producing plans of action, and that, in addition, it has made sufficient progress in actually fixing systems. (See sidebar on p.46 for exam results.) He adds that in the months since last December, there has also been no evidence of slippage out of satisfactory status as regulators begin to check on progress with implementation. Marvin Thornton is vice-president and Y2K Project Director for the $38.1 billion asset South Trust Bank, Birmingham, Ala. Thornton's bank is one example of early bank soundness and he is proud to report that South Trust has completed testing and certification of all mainframe and midrange computing systems. "We got started somewhere in late 1995--and appointed an internal committee to get the job done." The bank also relied on a consultant early in the process and is hiring another third party to recheck remediation. At the same time, peripheral systems (such as personal computers that access the mainframe) are getting evaluated. And it isn't just the few and proud--or the big banks--that are on top of things. A study recently completed by Grant Thornton, the accounting firm in New York City, shows that community bankers believe themselves and their outsource partners to be prepared, with 98% reporting general confidence in their ability to address Y2K issues. As bankers also know, the regulators aren't counting on general assurances in this matter; they want specifics. This requirement of specificity carries over into the contingency area. Barr said that individual banks are being entrusted to define their methods. Still, there are general guidelines in need of consideration, including the need for a codified approach for resumption of business should disruptions in electricity, telecommunications, or other services occur. Contingency: "looking good" When regulators (including coordinating organization the Federal Financial Exam Council) first looked at contingency plans last year, they were thought to be lacking in sufficient depth. …