TESTIMONY OF ARTHUR LEVITT, CHAIRMAN U.S. SECURITIES AND EXCHANGE COMMISSION CONCERNING THE READINESS OF THE UNITED STATES SECURITIES INDUSTRY AND PUBLIC COMPANIES TO MEET THE INFORMATION PROCESSING CHALLENGES OF THE YEAR 2000 BEFORE THE SUBCOMMITTEE ON FINANCIAL SERVICES AND TECHNOLOGY COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS UNITED STATES SENATE JULY 30, 1997 U.S. Securities and Exchange Commission 450 Fifth Street, N.W. Washington, D.C. 20549 ======END OF PAGE 1====== TESTIMONY OF ARTHUR LEVITT, CHAIRMAN U.S. SECURITIES AND EXCHANGE COMMISSION CONCERNING THE READINESS OF THE UNITED STATES SECURITIES INDUSTRY AND PUBLIC COMPANIES TO MEET THE INFORMATION PROCESSING CHALLENGES OF THE YEAR 2000 BEFORE THE SUBCOMMITTEE ON FINANCIAL SERVICES AND TECHNOLOGY COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS UNITED STATES SENATE JULY 30, 1997 Chairman Bennett and members of the Subcommittee: I appreciate this opportunity to testify on behalf of the U.S. Securities and Exchange Commission (Commission or SEC) on the readiness of the securities industry and publicly held companies to meet the information processing challenges presented by the Year 2000. As we have all come to realize, a very large percentage of the world's computer systems need to be modified before the change in millennium. The United States securities industry faces a particularly serious test in preparing itself for the Year 2000 given its size, complexity, degree of interdependency, and extraordinarily heavy reliance upon computers. We believe that the industry is preparing itself to make sure that the problems are corrected. Although the government, in the public interest, must keep abreast of the industry's progress, the most punishing blow for any firm's failure to correct the problem will be dealt not by the government, but rather by the market. It is in the securities firms' own self-interest to make sure that trading, clearing, and operational systems are converted on time. The U.S. securities markets are very aware of the need to convert their systems and are making a strong, widespread ======END OF PAGE 1====== commitment of time and money for this effort. Based on the information we have received thus far, the SEC does not anticipate that the securities industry will pose systemic risk to the rest of the U.S. financial services system as a result of the Year 2000 problem. Although there is obviously no guarantee, we are confident that market forces, with active government oversight, will foster widespread compliance. The Commission and Its Regulatory Approach The Commission administers and enforces the federal securities laws of the United States in order to protect investors and to maintain fair, honest, and efficient markets. The securities laws provide that companies seeking to raise capital through these markets fully disclose to investors sufficient information to permit informed investment decisions. Regulated Entities As a small agency of less than 2,800 employees, the Commission relies heavily upon a public-private partnership to oversee our nation's securities markets. The Commission sets standards for market participants and market structure. Much of the direct, day-to-day regulation of securities market participants is done by the market participants themselves and by industry self-regulatory organizations (SROs) under SEC oversight. The SROs include the exchanges, the National Association of Securities Dealers (NASD), and the clearing agencies. This system of shared responsibility and shared regulation between the SEC and the industry allows the SEC to oversee effectively our dynamic securities markets that have grown to be worth over $10 trillion. Entities regulated by the Commission consist of: ======END OF PAGE 2====== * 8 registered securities exchanges, * the NASD, * 15 registered clearing agencies, * 748 transfer agents, * the Municipal Securities Rulemaking Board, * the Securities Investor Protection Corporation, * approximately 8,500 registered broker-dealers, * approximately 5,350 investment companies (including mutual funds), * approximately 8,000 investment advisers, and * 15 registered public utility holding companies. Disclosure Public companies, while not regulated by the Commission, are subject to the securities laws administered by the SEC that address corporate disclosure obligations. All publicly-held and traded companies must provide investors with detailed material information about their corporate business strategies, prospects, problems, and financial status. Investment companies, including mutual funds, and investment advisers also disclose operational or financial obstacles to shareholders and clients. This information permits informed investment decisions and is an important factor in the confidence Americans have in our securities markets. Over 15,000 corporations and investment companies make filings with the Commission every year. The majority of these filings are made electronically on the agency's Electronic Data Gathering Analysis and Retrieval system (EDGAR). Just as the Year 2000 problem affects the securities industry, it impacts the nation's businesses. Disclosure of the cost and problems associated with Year 2000 remediation efforts is each company's responsibility and must be provided, where material, in accordance with the securities laws. ======END OF PAGE 3====== Actions Taken to Date and Future Actions The Commission takes the Year 2000 problem very seriously. We are engaged in a number of efforts to educate various participants in the securities markets regarding the need to respond successfully to the challenge presented by the Year 2000 and to monitor actively the progress of these entities. In order to coordinate these efforts, the Commission established a task force in February 1997. The task force members interviewed industry groups and market participants in developing an assessment of industry readiness. This June the task force issued a staff report on the Readiness of the United States Securities Industry and Public Companies to Meet the Information Processing Challenges of the Year 2000 (see Appendix 1). The staff has not dictated a specific approach for the securities industry to take in addressing the Year 2000 problem. Rather, the staff has worked to ensure widespread industry awareness of the problem and to encourage corrective action, both through its own actions and through the SROs. Set forth below is a summary of specific actions we have taken and plan to take in the future. Self-Regulatory Organizations The Commission's staff has been reviewing for several years the plans and progress of the exchanges, the NASD, and the clearing agencies in preparing for the Year 2000. The areas specifically reviewed include: (1) planning; (2) impact and risk analysis; (3) configuration management; (4) data conversion; (5) testing and debugging; and (6) contingency planning. We have conducted on-site examinations and reviewed documentation on their ======END OF PAGE 4====== conversion plans. Overall, the staff has found that all the SROs are well aware of the Year 2000 problem and have begun planning to address it. Most have made significant progress. We will not tolerate any laggards. We are confident that the SROs will be prepared on time. The SROs know it is important that their members are ready for Year 2000 and fully understand that it is in their best interest to be ready. They have been using their examination programs to both educate members about the potential impact of the Year 2000 on the operation of their computer systems and to put members on notice that they will be held accountable for failing to take corrective action. In fact, the NASD informed its members that computer failures related to Year 2000 problems will not be considered a defense to violations of a firm's regulatory or compliance responsibilities or a mitigation of sanctions for such violations. In addition, the New York Stock Exchange (NYSE) has told its members that they should have a target completion date of December 1998 for their corrective actions with 1999 earmarked for testing. The Commission's staff will continue to monitor closely SRO progress to remedy their internal computer systems. The staff also will monitor the activities of information processors (such as the Securities Industry Automation Corporation) that perform trade processing and account administrative functions for the securities exchanges. The staff also will monitor SRO member inspection and surveillance programs to ensure that the Year 2000 issue is vigorously addressed by the SROs. In addition, Commission staff will work with the SROs to continue to emphasize to member firms the importance of fixing Year 2000 problems. ======END OF PAGE 5====== Broker-Dealer, Transfer Agent, Investment Adviser, and Investment Company Communities The Commission has worked hard to focus industry attention on the challenges presented by the Year 2000. Efforts include speeches and letters to the Securities Industry Association (SIA) and the Investment Company Institute (ICI) (both large trade groups of firms the SEC regulates) emphasizing the potential problems if the Year 2000 issues are not solved. We anticipate continued promotion of effective Year 2000 remediation efforts among the broker-dealer and transfer agent communities through the combined efforts of the Commission, the securities exchanges, the NASD, and the SIA. Additionally, the Commission is using its examination authority to heighten industry awareness of the Year 2000 problem. As part of an examination, the Commission staff now asks registrants a series of questions designed to inform them of the problem and of the need to take corrective steps. The results of these examinations appear to confirm that the securities industry is well aware of the problem. Of the 44 clearing broker-dealers examined by the Commission staff, 43 (98%) indicated that they were already taking remedial steps or that such steps were planned. Of the 371 investment advisers and investment companies examined, 314 (85%) gave similar responses. Finally, of the 29 transfer agents examined, 27 (93%) gave similar responses. The Commission recognizes that these findings represent a small sample of the universe of these entities; nevertheless, the large majority of these registrants examined indicated that they were either taking or planning corrective action. ======END OF PAGE 6====== For the investment company community the challenges are somewhat different. There are no SROs for this industry. Although many investment companies are affiliated with SRO members, the Commission is the only federal regulator for investment companies. We are working with the ICI to ensure that the investment company community is aware of Year 2000 issues and takes all steps necessary to address them. Prompted in part by a letter from our staff, the ICI sent a memorandum to its members over a year ago stressing the need for immediate action to ensure that computer systems are prepared for the Year 2000. In discussions with the SEC's task force, ICI representatives expressed the view that the fund industry is well aware of the problems and most investment companies have targeted completion of changes to internal systems by the end of 1998. Fund groups are coordinating with counterparts in the banking community and with transfer agents and fund administrators to address information exchange issues. ICI members, through their service agents, will participate in industry-wide testing. The Year 2000 risk in the investment company industry is significantly reduced because transfer agents and other service providers handle most of the information processing. Only five of the largest fund complexes handle all of their administration in-house and those companies appear ready to deal with Year 2000 issues. The bulk of the remaining portfolio and investor account processing is heavily concentrated among large transfer agents and other service providers that will help ensure Year 2000 readiness. For example, one of the largest transfer agents for the fund industry began preparing for the Year 2000 several years ago and appears to ======END OF PAGE 7====== be well-positioned to avoid processing problems. The Commission will continue to work with the ICI and its members to oversee their efforts. Coordination with the Securities Industry Association (SIA) In addition to conducting direct inspections of regulated entities and monitoring the adequacy of SRO inspection programs to examine their members, the Commission has established a close working relationship with the SIA. The SIA, as the trade association for the securities industry, is especially well-positioned to coordinate Year 2000 activities across its membership, which includes brokers, dealers, investment banks, mutual funds, and others. The SIA's Year 2000 Steering Committee and four working subcommittees have established a program for SIA members designed to share information on common problems and solutions. Of particular note is the SIA's plans to develop and conduct during 1999 controlled, industry-wide testing with exchanges, data processors, registered clearing corporations, depositories, and broker-dealers to prepare for Year 2000 compliance. The Commission views the SIA's industry-wide testing program as a critical element to successful negotiation of the Year 2000 problem within the securities industry, and we will actively encourage as many firms as possible to participate in this testing program. Public Companies The Commission has examined whether it is necessary or appropriate to initiate rulemaking in order to assure adequate disclosure by public companies, investment companies, and investment advisers about Year 2000 activities, expenditures, and the risk of potential adverse consequences of failure to complete necessary corrective action. For the present, the Commission believes that current laws and regulations are sufficient to ======END OF PAGE 8====== cover the reporting obligations of public companies, funds, and advisers as they pertain to any material impact of Year 2000 problems on operations and costs. The Commission's staff has reminded companies of their disclosure requirements in this area by issuing some informal guidance to the public. In addition, the staff is preparing a Staff Legal Bulletin to make sure that companies understand that they must disclose any anticipated material financial impact arising from the Year 2000 problem. Later this summer, after the Bulletin is issued to the public, the staff will consider the adequacy of company disclosures pertaining to the Year 2000 issues to determine whether or not additional steps are necessary. Auditing, Independence, and Accounting Considerations The SEC's staff has examined the role of the independent auditor in helping to ensure effective corporate disclosure as it pertains to the Year 2000 problem. In particular, the existing auditing and accounting standards were reviewed to determine their adequacy for the protection of investors in connection with the Year 2000 issue. Discussions have been held with the American Institute of Certified Public Accountants and with representatives of industry and others in the accounting and auditing profession to determine whether any special preparations are needed. SEC staff members, including the participants of the task force, have concluded that sufficient accounting and auditing standards exist to alert management, investors, and other users of financial information as to the seriousness of any problem associated with the Year 2000 and to alert management of the need to initiate corrective action. ======END OF PAGE 9====== The Commission's Internal Systems The Commission's Office of Information Technology (OIT) is responsible for SEC internal information systems. OIT initiated its Year 2000 effort by establishing a project team in May 1996. The project team is responsible for ensuring that all SEC computer systems are Year 2000 compliant by the end of 1998. This project has been assigned the highest priority within OIT. As the SEC's largest (with approximately 2.8 million lines of code) and most prominent computer system, EDGAR was the team's first priority. EDGAR has been examined closely, and the Commission is confident that all components are currently Year 2000 compliant and that filers, SEC staff users, and investors will not experience any EDGAR difficulties related to the Year 2000. The project team identified 88 centrally-administered systems and 300 distributed applications that need to be evaluated for Year 2000 compliance. Centrally-administered systems are those which currently reside on the mainframe and are administered by OIT. Distributed applications are those which have been developed and/or are operated by divisions, offices, or individual SEC staff members. The inventory of 88 central systems has been divided into two categories: mission-critical and non-mission-critical systems. Fifty- three systems have been designated as mission critical. Of these, 6 are Year 2000 compliant, 1 will be replaced, and 46 will require further examination and possible corrective action. OIT intends to outsource the majority of the detailed examination and remediation work. It is anticipated that 95% of these central systems will have been replaced or ======END OF PAGE 10====== corrected by December 1998. The remaining 5% are non-mission-critical and will be completed during 1999. Initial assessments of the 300 distributed applications indicate the majority can be made Year 2000 compliant generally by upgrading the off- the-shelf software in which the application was written. We expect the distributed applications will be compliant by December 1998. Contingency Planning Contingency planning is an essential component of all Year 2000 preparations. The SIA will address contingency planning as a separate topic at a planning meeting tentatively scheduled for September 15, 1997. The Commission will actively participate in that planning meeting and will be prepared to examine the approaches being taken by the industry. Although each organization's contingency needs and capabilities are different, it is essential that approaches to recovering from operational problems arising after January 1, 2000 be firmly established and communicated both within an organization as well as with one's information exchange partners. Conclusion The challenge of the millennium change for automated information processing is as formidable as any issue the securities industry has ever faced. It is simply unrealistic to presume there will be no missteps as we move across this threshold date. I am, however, confident that this industry, which has so successfully dealt with any number of serious obstacles in the past, will be well prepared to deal with this issue. ======END OF PAGE 11====== Although we are unable to promise or achieve perfection in our efforts to prepare for the Year 2000, we can promise that we will have made every effort to be as prepared as is humanly possible. Automated information processing is so essential to the operation and continued health of every single member of the securities industry, that no firm, large or small, can afford to ignore this problem. In closing, we would like to mention that we are aware that this issue has international implications. To that end, we have raised the seriousness of this issue with our fellow international securities regulators, and we are working together through the International Organization of Securities Commissions on the Year 2000 problem. ======END OF PAGE 12======