What is the Year 2000 Problem?
By now most people are aware that there is a "Year 2000" or
"Millennium" problem, which exists because many software programs
allow only 2 digits to describe a year (e.g. "1996" is stored as
"96") and may have difficulty in distinguishing between, for
example, the year 2000 and the year 1900.
This problem could cause serious errors in the records of banks,
brokers, insurance companies, investment managers, trustees, and
other financial services providers. Consequently, those providers
are at risk from possible common law, statutory, regulatory,
accounting and insurance problems as a result of the Year 2000
The regulatory perspective on the Year 2000 Problem
Persons authorised under the Financial Services Act 1986 are
required to ensure that the Year 2000 Problem does not result in
non-compliance with the applicable regulatory regime. Authorised
persons which are regulated by an SRO must ensure compliance with
the applicable conduct of business rules and accounting
requirements, as well as FSA (SIB) Statements of Principle.
FSA (SIB) Statements of Principle
Failure of the computer system to record or process information
accurately may result in a regulated firm breaching the Principles
Conduct of Business Rules and SRO accounting requirements
- Principle 5 - information for customers: "a firm should take
reasonable steps to give a customer it advises, in a comprehensible
and timely way, any information needed to enable him to make a
balanced and informed decision. A firm should similarly be ready to
provide a customer with a full and fair account of the fulfilment
of its responsibilities to him". The firm may be unable to provide
information in a comprehensible and timely way if it suffers from
faults in its computer system.
- Principle 9 - internal organisation: "a firm
should organise and control its internal affairs in a responsible
keeping proper records ...". This Principle may well be breached if
regulated firm does not take adequate steps to remedy the Year 2000
because account records, contract notes, valuations and so on will
disrupted. Indeed, best practice should be to correct the software
before the problem poses an immediate threat to the firm's
Taking SFA's rules as an example, the Year 2000 Problem may cause
breaches of the rules in a number of areas. It is possible to
categorise the potential breaches under three headings:
- fitness and propriety;
- breaches caused by "timing failures"; and
- failure of underlying systems.
Whilst "timing failures" may be isolated breaches concerning only
transactions effected in the transitional period of 1999/2000, a
firm's failure to avoid the Year 2000 Problem may demonstrate the
inadequacy of its internal organisation and systems which would
amount, if not to a breach of FSA (SIB) Principles, to breaches of
several SFA rules e.g.:
- Failure of systems will call into doubt the firm's compliance
with SFA's fitness and propriety requirements (Appendix 3).
- Record keeping - rules 3-10 and 10-10: financial records must
be up to date or be capable of being brought up to date within a
reasonable time. The member firm must be able to disclose with
reasonable accuracy the financial position of the firm at any point
within the previous 6 years and be able to produce a reporting
statement at that date within a reasonable time. The firm may not
be able to produce accurate information if transactions are "lost"
within the dating system. For example, if Year 2000 transactions
have mistakenly been accepted by the computer as the year 1900,
they would not form entries in a report generated in March 2000 to
cover the previous 6 months.
- Internal control systems - rules 3-12 and 10-13: the member
must maintain effective systems of internal control including
measures, so far as reasonably practicable, to minimise the risk of
losses to the business from "irregularities, fraud or error". The
firm must take prompt or immediate action where appropriate.
- Audit trail - rules 3-13 and 10-12: the firm must maintain
records which provide a satisfactory audit trail.
- "Timing failures" - rule 4-52: on handling client money, the
definition of client money does not include money paid where it is
due to the firm within one business day, unless delivery or payment
by the firm does not occur by close of business on the third
business day following the date of receipt. In the particular
instance where money is received immediately before the Year 2000,
the systems must be able to identify corresponding transactions
within the following 3 days in order to verify that client money is
not being held. These "timing failures" which could arise in a
number of areas, e.g. timely execution and allocation, will affect
only those transactions effected during the period between the end
of 1999 and the beginning of 2000. This is in addition to more
general accounting failures that may result if the Year 2000
Problem is not properly addressed.
- Investment management - rule 5-35: this requires the member to
undertake portfolio valuations at 6 monthly intervals. Such
valuation reports must include details of all transactions entered
into within the valuation period, payments of interest and any
changes made during that period. Inaccurate valuations will be
given where the computer systems are inadequate to deal with
transactions entered into in 2000 were this to form part of the
- Miscellaneous: a firm may be unable to discharge its
execution or allocation duties if a Year 2000 Problem is allowed
Isolated breaches may be capable of remedy. However, if
these problems are multiplied throughout a firm's business, then
this would give the regulators reason for concern. Persistent
breaches and an inability to remedy the systems could lead to an
investigation and/or disciplinary measures.
The firm may be required under SFA rules to notify
SFA where systems failures have caused breaches of the rules e.g.
rule 3-5 requires immediate notification of the breaches of rules
3-2 to 3-4 (financial resources, records and reporting, internal
controls and systems). A firm must notify SFA as soon as it
believes that it will be unable to submit a financial reporting
statement or that a previous statement has been misleading in any
respect. Any "emergencies" (for example, complete failure in the
accounting system) must also be notified.
Overall, SFA requires notification of any other
matter which would be material to SFA's supervision of the firm
(rule 2-46). This obligation arises immediately the firm knows, or
has reasonable grounds for believing that any such matters may have
arisen or may be about to arise. In addition, FSA (SIB) Principle
10 requires a member to deal with its regulator in an open and
co-operative manner and keep the regulator promptly informed of
anything concerning the firm which might reasonably be expected to
be disclosed to it. SFA is already well aware of the Year 2000
issue and that this may affect its members.
In its update 14 of November 1996, it commented "as
part of its supervisory mandate SFA is keen to ensure that it
identifies any firms which may be facing a problem in this area. It
is aware that many firms may have started a so-called Millennium
project to modify or rewrite systems that may have this problem.
However, some may not. If you think that you may have a problem,
SFA would like to hear from you."
Given the advance warning of the Year 2000 Problem,
the regulators are unlikely to be tolerant of members who have
taken no steps to prevent, or swiftly to remedy, widespread system
errors. Indeed the FSA commented in December 1997 that:
"...the year 2000 is an important business issue
for all financial firms and markets. They will wish, in their own
interests, to maintain continuity and quality of service for their
customers. But the year 2000 is also a regulatory issue. It has
implications for investor protection, for the prudential health of
businesses, for market integrity and for investor confidence...
"...For regulators, just as for firms, prevention is far better
than a cure. So financial service regulators across all markets
have made it clear that preparedness for the year 2000 is a
regulatory as well as a business issue. Regulators themselves will
pursue a risk based approach to the Millennium focusing on areas
which pose the highest risk to investors or depositors. They will
also track the firm's preparedness and be prepared to intervene as
necessary to protect investors or market integrity...
"...Our consistent message to firms in the
financial sector is that they should all by now have a compliance
project in place which allocates executive responsibility, requires
regular reports to the Board and furnishes the necessary resources.
There should also be a clear timetable for the achievement of
compliance. In our view, every financial firm should have completed
its remedial action and tested its systems by the end of 1998."