Notice to Members 98-22

Year 2000 Frequently Asked Questions

Published Date:

SUGGESTED ROUTING

Senior Management
Legal & Compliance
Operations

Research
Systems
Trading


Executive Summary

In December 1997, NASD Regulation, Inc. (NASD RegulationSM) sent a compliance survey (Special Notice to Members 97-96) to find out the status of member firms' Year 2000 efforts. Member firms have the responsibility to determine the readiness of their internal computer systems, and other computer systems that they rely upon, for the Year 2000 challenge.

Since that time, the National Association of Securities Dealers, Inc. (NASD®) and NASD Regulation have found that there are still many questions surrounding Year 2000-related issues. In order to help facilitate member firms' awareness and understanding of Year 2000, following are frequently asked questions (and associated answers) concerning the Year 2000 and industry issues, the NASD Year 2000 Program, and the NASD Regulation Year 2000 Survey.

Questions regarding this Notice or Year 2000 issues should be directed to Lyn Kelly, NASD Year 2000 Program Director, at (301) 590-6342, or send an e-mail to [email protected]. For further information about the NASD Year 2000 Program, visit the Year 2000 Web Pages on the NASD (www.nasd.com) and NASD Regulation (www.nasdr.com) Web Sites.

Frequently Asked Questions Industry Overview Of The Year 2000 Problem

Question 1: What is the Year 2000 challenge?

Answer 1: The Year 2000 challenge is not only a technical issue. It is a business problem—with various components and implications— requiring a technical solution. Stated simply, the Year 2000 challenge is that computers typically have been programmed to use a two-digit number, instead of a four-digit number, to represent the year for any date. Since dates are essential to many automated functions, it is absolutely critical for each and every firm to act now to assess its information technology environment and make necessary changes to ensure that automated processes with date sensitive components will correctly identify "00" as the year 2000, rather than 1900, when processing dates on and after January 1, 2000.

This system carried over when writing computer programs. However common this practice, it causes computer software performing arithmetic operations, comparisons, or sorting of data fields to yield incorrect results when working with years beyond 1999. It also affects facilities, utilities, and office automation equipment— such as fax machines, phones, and security and elevator systems.

Question 2: Who does this impact?

Answer 2: It is a significant, worldwide challenge across all business and industry lines for any company, social or government agency, institution, or individual using computers or other certain automated applications/ systems to accomplish a task. Any system or program, including desktop software, could be affected if two digits are used for year representation.

Question 3: What actually happens if the Year 2000 issue isn't corrected?

Answer 3: Any system application calculation that involves a date— such as a consumer credit card transaction, a payroll billing, an electric company statement, a mortgage calculation—could yield incorrect answers.

Question 4: What should computer users do?

Answer 4: Computer users need to update applications and data fields that do not handle century markers or dates beyond 1999. Specifically, they should:

  • Determine the magnitude of the problem by assessing their entire portfolio of system and application software source code, including any off-the-shelf applications, to determine what needs to be updated and made Year 2000 ready.


  • Decide the best way to make the updates—most likely on an individual, program-by-program basis.


  • Implement the updates to the source code; test to make sure it handles both 199X and 2XXX data correctly; and establish a procedure to ensure the source code cannot be inadvertently changed back to a two-digit format.

Question 5: What needs to be done to a computer user's hardware?

Answer 5: Computer users should review their users manual or, if necessary, contact their vendor or sales representative to determine whether the internal timing mechanism in their computer hardware can handle the change of century.

Question 6: Is there any information on costs and timing associated with addressing the Year 2000 challenge?

Answer 6: This information depends upon firm size, industry, level and types of technology, but following are some estimates:

  • Overall costs to meet the Year 2000 challenge are estimated to exceed $600 billion worldwide.


  • Costs for automated Wall Street firms estimated to be $3 to $4 billion.


  • Costs for large organizations estimated to be $200 million.


  • Securities firms will spend up to 63 percent of technology budgets on Year 2000 and maintenance solutions.


  • As time passes, the demand for resources to address this issue will accelerate and costs will increase.


  • In a September 1997 survey from the Securities Industry Association (SIA)—84 percent of the industry expects to complete Year 2000 conversion by December 1998; most have started conversion but are less than 20 percent complete as of September 1997; 83 percent stated Year 2000 was not a fulltime effort of the project manager assigned to this issue.


  • External industry experts predict that only 70 percent of all companies will be ready in time.


  • The majority of securities firms will rely upon service bureaus and outside consultants to solve the problem.

Question 7: What are the potential risks to the industry?

Answer 7: There are liability issues for corporations, directors, and officers. There may be an inability to provide accurate regulatory/compliance-based reporting/information. There will be a significant impact to all business-critical operations. Such risks could include incorrect market data, settlement agent system failures, inaccurate reconciliation of accounts, incorrect time-based calculations, and customer failure to settle trades, among others.

NASD Year 2000 Program

Question 8: What is the NASD's Year 2000 Program?

Answer 8: The NASD has instituted a Year 2000 Program to address the unique challenges this coming century poses for the NASD's and its members' date-sensitive systems. (The NASD urges all of its members to conduct a comprehensive Year 2000 plan as well.) The NASD Year 2000 Program Office (the Office) is responsible for the control, review, and reporting functions of NASD, NASD Regulation, and The Nasdaq Stock MarketSM (Nasdaq®)Year 2000 activities. The Office is responsible for development of metrics and reporting; oversight for standardization for testing and certification; and development and implementation of various processes ( i.e., correspondence tracking, different types of reporting).

Question 9: Where can I find out more about the NASD Program?

Answer 9: The NASD communicates regularly about Year 2000 issues through various publications, including the NASD Regulatory & Compliance Alert, NASD Notices to Members, and Nasdaq's Subscriber Bulletin. Also, in May 1997, Nasdaq Trading and Market Services began including Year 2000 as a topic at its quarterly vendor focus groups. And, there are Year 2000 Web Pages on both the NASD Web Site (www.nasd.com) and the NASD Regulation Web Site (www.nasdr.com). For more information about Year 2000, contact Lyn Kelly, NASD Year 2000 Program Director, at (301) 590-6342, or send an e-mail to [email protected].

Question 10: What is the NASD's role, as a self-regulatory organization, with respect to its members and the Year 2000 issue?

Answer 10: The NASD's Year 2000 mission in terms of member compliance is "to raise industry awareness of the Year 2000 technology problem and educate member firms on the importance of analyzing the readiness of all computer systems and facilities used to conduct a securities business."

NASD members are expected to:

  • Analyze the readiness of internal computer systems, facilities, and external systems/companies critical to operations.


  • Take appropriate steps to ensure automated systems used to meet regulatory, market participant, and investor protection obligations are Year 2000 compliant.


  • Develop and implement action plans to address required system changes.


  • Complete the NASD Regulation Year 2000 Survey (if the firm has not completed the New York Stock Exchange [NYSE] survey).


  • Contact vendors of hardware, software, office products, and facilities to ensure they are addressing the Year 2000 challenge.


  • Obtain written assurances from all service providers (including clearing firms) that they will be Year 2000 ready.


  • Accomplish all system changes by year-end 1998.


  • Perform monitoring operations of all converted systems in 1999.


  • Perform quality assurance and interface tests with external organizations in 1999.

Question 11: My firm has specific systems or products that it uses from (or with) the NASD. How will member firms know that the NASD and its systems and services will be Year 2000 compliant?

Answer 11: The NASD, NASD Regulation, and Nasdaq all have programs in place to ensure systems or products they use will be Year 2000 ready. A complete inventory of these systems has been published on the NASD and NASD Regulation Web Sites, with current status and quarterly updates. You may also contact the NASD Year 2000 Program Office, Attn: Lyn Kelly, (301) 590- 6342 ([email protected]), if you wish to be put on our mailing list for updates.

Question 12: What type of testing will the NASD Year 2000 Program undertake?

Answer 12: NASD, NASD Regulation, and Nasdaq have established test centers available for testing those systems that interact with our organizations. Testing will be available in July 1998. Details regarding testing are available via the NASD Regulation and NASD Internet Web Sites.

The securities industry, coordinated by the SIA, is planning for industrywide testing from August 1998 to December 1999. This testing is intended to allow firms and other market participants to perform integrated, industry-wide testing.

Question 13: Under the NASD's Year 2000 Program, will member firms be "certified" in any way with respect to their individual Year 2000 programs?

Answer 13: The NASD plans to require that members certify to NASD Regulation later in 1998 the status of their Year 2000 compliance program and their readiness for testing. Subsequently, NASD Regulation also plans to require that each member certify that its systems have been remediated and other necessary steps have been taken to address systems compliance for Year 2000.

Question 14: Will the Year 2000 issue be addressed through the examination cycles of member firms?

Answer 14: As one measure to ascertain whether members are taking appropriate steps to make certain that the automated systems they rely upon to meet their regulatory, market participant, and investor protection obligations are Year 2000 compliant, NASD Regulation has included a special Year 2000 section in all cycle examinations. NASD Regulation examiners will also use member firm survey responses in the examinations process.

NASD Regulation Year 2000 Survey

Question 15: Why does my firm have to fill out the survey? What is the NASD's purpose in conducting his survey?

Answer 15: The NASD has regulatory responsibilities with respect to its member firms and has mandated that its members complete the survey. The deadline for submission of the survey was January 31, 1998, but if you have not yet submitted the survey, please do so immediately. As an NASD member, you are an integral part of the securities industry. As a self-regulatory organization, the NASD is seeking to educate its members and to assure that its members have the tools to remain stable and viable, for the integrity of the marketplace and the protection of investors, as we enter the next century. Furthermore, you should remember that computer failures related to Year 2000 problems generally will be considered neither a defense to violations of firms' regulatory or compliance responsibilities nor a mitigation of sanctions for such violations.

Question 16: What is the NASD going to do with this information?

Answer 16: The information collected through this survey will help the NASD ensure that its member firms are implementing their own Year 2000 initiatives, and are aware of issues and risks surrounding the Year 2000 challenge. The NASD will also use this data to track and compile statistical information on the industry as a whole, and to help adjust or fine-tune NASD Year 2000 objectives/activities currently in place.

Question 17: If my firm completed and submitted an NYSE Year 2000 survey, do I need to complete an NASD Regulation survey?

Answer 17: No.

Question 18: I don't know if my firm submitted the NYSE survey. How do I find out?

Answer 18: If you are unsure, your firm should submit the NASD Regulation survey. You should also contact the NYSE to find out if your firm, in fact, submitted the survey.

Question 19: My firm lost/did not receive a copy of the NASD Regulation survey. How do we get a second copy?

Answer 19: If members need an additional copy of the survey, it is posted on both the NASD Regulation and NASD Web Sites. To download the survey, go to either Web Site's Year 2000 section or to the Notices to Members Web Pages (and seek Special Notice to Members 97-96). Or, members may call Lyn Kelly, NASD Year 2000 Program Director, at (301) 590-6342, to have another copy mailed to their attention.

Question 20: What does a firm do if it discovers the survey has not been properly signed? And, can someone other than my firm's Chief Executive Officer (CEO) sign the survey?

Answer 20: You must resubmit the survey, along with the appropriate signature (CEO signature required), and write "2nd Copy" on the top of the form.

Question 21: What if the member firm now realizes that it improperly or did not fully complete the survey?

Answer 21: You must submit a fully executed copy of the survey marked "2nd Copy."

Question 22: This Year 2000 issue does not affect my firm. My firm has no computers—we only use personal computers (PCs). Does my firm need to complete the survey?

Answer 22: The full scope of the Year 2000 challenge is not to be underestimated. Facilities, phones, fax machines, power, and elevators, as well as service bureaus and other vendors that you conduct business with, will all be affected. In other words, yes, your firm must fill out the survey indicating that it has a plan to ensure that anything that operates by computer or automated business system will be Year 2000 ready.

As a due diligence exercise, firms must also be cognizant and assured that any third-party vendors upon which the firms depend are doing their part to be ready to meet Year 2000 challenges; your firm's plan should also indicate steps to validate their readiness. In fact, member firms should obtain written assurances from all service providers that the software and hardware products they use are being reviewed for Year 2000 compliance.

As for firms only having PCs, your plan should include making sure your hardware and desktop software are tested for Year 2000 readiness as well. Even PCs sold and delivered in the last six months may have components that will have problems.

Question 23: In reference to question #1 of the NASD Regulation survey, my firm is neither an "introducing" nor "clearing" firm. Does the firm still need to fill out the survey?

Answer 23: Yes. You should fill in what type of firm you are and complete the survey. The survey applies to every NASD member firm.

Question 24: Does my firm have to fill out the survey if it uses a service bureau?

Answer 24: Yes. As mentioned above, your firm must have a plan in place to work with third-party service providers—including service bureaus—to ensure they will be able to support your firm and will be operational in the year 2000. If possible, your firm should offer to test with them.