The Year 2000 Problem - the regulatory perspective

United Kingdom
What is the Year 2000 Problem?


By now most people are aware that there is a "Year 2000" or "Millennium" problem, which exists because many software programs allow only 2 digits to describe a year (e.g. "1996" is stored as "96") and may have difficulty in distinguishing between, for example, the year 2000 and the year 1900.


This problem could cause serious errors in the records of banks, brokers, insurance companies, investment managers, trustees, and other financial services providers. Consequently, those providers are at risk from possible common law, statutory, regulatory, accounting and insurance problems as a result of the Year 2000 Problem.


The regulatory perspective on the Year 2000 Problem


Persons authorised under the Financial Services Act 1986 are required to ensure that the Year 2000 Problem does not result in non-compliance with the applicable regulatory regime. Authorised persons which are regulated by an SRO must ensure compliance with the applicable conduct of business rules and accounting requirements, as well as FSA (SIB) Statements of Principle.


FSA (SIB) Statements of Principle


Failure of the computer system to record or process information accurately may result in a regulated firm breaching the Principles e.g.:


  • Principle 5 - information for customers: "a firm should take reasonable steps to give a customer it advises, in a comprehensible and timely way, any information needed to enable him to make a balanced and informed decision. A firm should similarly be ready to provide a customer with a full and fair account of the fulfilment of its responsibilities to him". The firm may be unable to provide information in a comprehensible and timely way if it suffers from faults in its computer system.


  • Principle 9 - internal organisation: "a firm
    should organise and control its internal affairs in a responsible manner,
    keeping proper records ...". This Principle may well be breached if the
    regulated firm does not take adequate steps to remedy the Year 2000 Problem
    because account records, contract notes, valuations and so on will all be
    disrupted. Indeed, best practice should be to correct the software now,
    before the problem poses an immediate threat to the firm's internal
    organisation.

Conduct of Business Rules and SRO accounting requirements


Taking SFA's rules as an example, the Year 2000 Problem may cause breaches of the rules in a number of areas. It is possible to categorise the potential breaches under three headings:


  • fitness and propriety;


  • breaches caused by "timing failures"; and


  • failure of underlying systems.


Whilst "timing failures" may be isolated breaches concerning only transactions effected in the transitional period of 1999/2000, a firm's failure to avoid the Year 2000 Problem may demonstrate the inadequacy of its internal organisation and systems which would amount, if not to a breach of FSA (SIB) Principles, to breaches of several SFA rules e.g.:


  • Failure of systems will call into doubt the firm's compliance with SFA's fitness and propriety requirements (Appendix 3).


  • Record keeping - rules 3-10 and 10-10: financial records must be up to date or be capable of being brought up to date within a reasonable time. The member firm must be able to disclose with reasonable accuracy the financial position of the firm at any point within the previous 6 years and be able to produce a reporting statement at that date within a reasonable time. The firm may not be able to produce accurate information if transactions are "lost" within the dating system. For example, if Year 2000 transactions have mistakenly been accepted by the computer as the year 1900, they would not form entries in a report generated in March 2000 to cover the previous 6 months.


  • Internal control systems - rules 3-12 and 10-13: the member must maintain effective systems of internal control including measures, so far as reasonably practicable, to minimise the risk of losses to the business from "irregularities, fraud or error". The firm must take prompt or immediate action where appropriate.


  • Audit trail - rules 3-13 and 10-12: the firm must maintain records which provide a satisfactory audit trail.


  • "Timing failures" - rule 4-52: on handling client money, the definition of client money does not include money paid where it is due to the firm within one business day, unless delivery or payment by the firm does not occur by close of business on the third business day following the date of receipt. In the particular instance where money is received immediately before the Year 2000, the systems must be able to identify corresponding transactions within the following 3 days in order to verify that client money is not being held. These "timing failures" which could arise in a number of areas, e.g. timely execution and allocation, will affect only those transactions effected during the period between the end of 1999 and the beginning of 2000. This is in addition to more general accounting failures that may result if the Year 2000 Problem is not properly addressed.


  • Investment management - rule 5-35: this requires the member to undertake portfolio valuations at 6 monthly intervals. Such valuation reports must include details of all transactions entered into within the valuation period, payments of interest and any changes made during that period. Inaccurate valuations will be given where the computer systems are inadequate to deal with transactions entered into in 2000 were this to form part of the valuation period.


  • Miscellaneous: a firm may be unable to discharge its
    execution or allocation duties if a Year 2000 Problem is allowed to
    arise.


Isolated breaches may be capable of remedy. However, if
these problems are multiplied throughout a firm's business, then this would give the regulators reason for concern. Persistent breaches and an inability to remedy the systems could lead to an investigation and/or disciplinary measures.

Notification requirements

The firm may be required under SFA rules to notify SFA where systems failures have caused breaches of the rules e.g. rule 3-5 requires immediate notification of the breaches of rules 3-2 to 3-4 (financial resources, records and reporting, internal controls and systems). A firm must notify SFA as soon as it believes that it will be unable to submit a financial reporting statement or that a previous statement has been misleading in any respect. Any "emergencies" (for example, complete failure in the accounting system) must also be notified.

Overall, SFA requires notification of any other matter which would be material to SFA's supervision of the firm (rule 2-46). This obligation arises immediately the firm knows, or has reasonable grounds for believing that any such matters may have arisen or may be about to arise. In addition, FSA (SIB) Principle 10 requires a member to deal with its regulator in an open and co-operative manner and keep the regulator promptly informed of anything concerning the firm which might reasonably be expected to be disclosed to it. SFA is already well aware of the Year 2000 issue and that this may affect its members.

In its update 14 of November 1996, it commented "as part of its supervisory mandate SFA is keen to ensure that it identifies any firms which may be facing a problem in this area. It is aware that many firms may have started a so-called Millennium project to modify or rewrite systems that may have this problem. However, some may not. If you think that you may have a problem, SFA would like to hear from you."

Conclusion

Given the advance warning of the Year 2000 Problem, the regulators are unlikely to be tolerant of members who have taken no steps to prevent, or swiftly to remedy, widespread system errors. Indeed the FSA commented in December 1997 that:

"...the year 2000 is an important business issue for all financial firms and markets. They will wish, in their own interests, to maintain continuity and quality of service for their customers. But the year 2000 is also a regulatory issue. It has implications for investor protection, for the prudential health of businesses, for market integrity and for investor confidence...


"...For regulators, just as for firms, prevention is far better than a cure. So financial service regulators across all markets have made it clear that preparedness for the year 2000 is a regulatory as well as a business issue. Regulators themselves will pursue a risk based approach to the Millennium focusing on areas which pose the highest risk to investors or depositors. They will also track the firm's preparedness and be prepared to intervene as necessary to protect investors or market integrity...

"...Our consistent message to firms in the financial sector is that they should all by now have a compliance project in place which allocates executive responsibility, requires regular reports to the Board and furnishes the necessary resources. There should also be a clear timetable for the achievement of compliance. In our view, every financial firm should have completed its remedial action and tested its systems by the end of 1998."