Y2000 Update - January 1999

Year 2000 Update (January)

Published Date:

January 01, 1999

January 1999

Contingency Planning

Although most businesses are working diligently to ensure that their Year 2000-related issues will be resolved in time, everyone must anticipate that some things will be overlooked, ignored, or not completed on or before December 31, 1999. In addition, businesses must realize that there are things beyond their control that could impact various entities in 2000. One important way to be prepared is through the development and execution of a well-defined contingency plan. As mentioned in previous National Association of Securities Dealers, Inc. (NASD^®) publications, each broker/dealer is responsible for developing a written plan that ensures business continuity through 2000. According to industry guidelines, organizations should already have begun constructing their contingency plans by the end of 1998 and should be spending 1999 detailing results and preparing business contingency operations where necessary.

While most organizations may already have contingency plans in place for natural disasters and other types of contingencies, the distinct difference with Year 2000-related problems is due to the potential for widespread and simultaneous failures, for which a traditional backup or contingency plan may be inadequate. Data compiled from NASD member firms' 1998 Forms BD-Y2K revealed that less than 50 percent of all member firms have a Year 2000 contingency plan in place, and less than 20 percent have a written contingency plan.

The best way to view the need for Year 2000 contingency planning is, "hope for the best, but prepare for the worst." What will you do if one or more of your "mission-critical" applications (telecommunications, personal computers, networks, electricity, gas, water, transportation) does not function? What if one of your "mission-critical" vendors (clearing firm, mail delivery, Internet service provider, payroll processing) is unable to perform? How would you be able to conduct your normal business activities? What "work-arounds" could you employ to ensure business continuity?

While the answers to these questions may not always be easy or foolproof, addressing such potential and significant issues before they occur may be much easier than having to address them after they occur.

A well-prepared Year 2000 contingency plan should include:

1 The objective of the plan (e.g., continue normal operations, continue in a degraded mode, abort the function as quickly and safely possible, etc.)

2 Criteria for invoking the plan (e.g., missing a renovation milestone, reaching a Year 2000-related failure date, experiencing serious system failures, inability of a vendor to provide required service, etc.)

3 Schedule of activities, dependencies, and resources required from triggering events.

4 Expected life of the events (How long can operations continue in contingency operating mode?)

5 Roles, responsibilities, and authority (e.g., identify where roles are different than normal operations; establish lists of critical skills among personnel).

6 Procedures for invoking contingency mode (e.g., failure/interruptions of internal/external communications, loss of environmental controls, loss of power).

7 Procedures for operating in contingency mode (e.g., perform the operation manually, shift operation to alternate provider).

8 Resource plan for operating in contingency mode (e.g., staffing, scheduling, materials, supplies, facilities, temporary hardware and software, communications, etc.)

9 Criteria for returning to normal operating mode.

10 Procedures for returning to normal operating mode.

11 Procedures for recovering lost business events or data.

While the list of contingency plan components presented here is not meant to be all inclusive or specific to every firm, it is meant to be a high-level outline of what a typical contingency plan entails. Also, here are a few pointers to take into consideration when preparing a contingency plan. First, approach it from the business point of view, not the technology point of view. Looking at it strictly from the technology perspective, one would miss many non-technology failure points that must be addressed. Second, be sure to test your contingency plan; like any other business plan, a contingency plan is a theory until it is tested or implemented. In order to locate any problems or oversights within your contingency plan, you should test your plan before you are required to implement it.

In addition, the Internet is an excellent resource for gathering contingency planning information. While the NASD does not endorse any specific organization nor guarantee any information contained at the following Web sites, we do feel these sites offer beneficial and practical information pertaining to contingency planning.

www.y2k.gov	The President's Council on Year 2000 Conversion
www.gartner.com	The Gartner Group
www.sba.gov	The Small Business Administration
www.business-continuity.com	The Business Continuity Info. Center
www.fdic.gov	FDIC
www.ffiec.gov	Federal Financial Institutions Examination Council
www.gsa.gov/gsacio/ssay2kb1.htm	Social Security Administrations Cont. Plan
www.mitre.org/technology/y2k/	Mitre Company
www.gao.gov/y2kr.htm	U.S. General Accounting Office
www.year2000.com	Year 2000 Web Site

Remember, contingency planning is the last, best step you can take to minimize the business risks posed by the Year 2000 problem. Plan now, so you won't have to put out fires later. For more information on required Year 2000 reporting, or help in developing a member firm Year 2000 contingency plan, contact the NASD Year 2000 Program Office by e-mail at [email protected] by calling our toll-free number at (888) 227-1330.

Reminder:

The second BD-Y2K Report must be filed by April 30, 1999. Broker/dealers that are required to file Part II of Form BD-Y2K must also file a report prepared by an independent public accountant regarding the broker/dealer's process for preparing for the Year 2000. The independent public accountant's report must be prepared in accordance with standards that have been reviewed by the Securities and Exchange Commission (SEC) and that have been issued by a national organization that is responsible for promulgating authoritative accounting and auditing standards. The SEC has already stated that an independent public accountant's report prepared in accordance with the American Institute of Certified Public Accountants (AICPA) Statement of Position 98-08 (SOP 98-08) would satisfy this standard. A copy of SOP 98-08 will be included with the Forms BD-Y2K that will be mailed to members soon. Additional information regarding Form BD-Y2K and the independent public accountant's report is available on the SEC's Web Site (www.sec.gov). Additional information regarding SOP 98-08 is available on the AICPA's Web Site (www.aicpa.org).

More Information/Questions

NASD Year 2000 Program Office

e-mail: [email protected]

phone: (888) 227-1330

Virtual Workshops

As published in previous Notices to Members, the NASD Year 2000 Program Office is holding Virtual Workshops—workshops in which NASD members may hear about important Year 2000 issues via conference call-in sessions. During the call-in sessions, members will hear a presentation, followed by a question and answer period. The following sessions will provide an opportunity for members to share ideas and learn from other firms' experiences. Please note that all Virtual Workshops begin at 11 a.m. Following is a description of each of the workshops, and further below is a listing of times and other vital information.

Legal Issues

Issues to be covered:

Due diligence efforts for brokers/dealers

Litigation helpful hints

Recent developments in disclosure

Mandatory Testing

Issues to be covered:

internal testing

SIA-sponsored industry-wide testing

Testing with the NASD

BD-Y2K for Small Firms

Issues to be covered:

Upcoming BD-Y2K Report and a small firm approach

1999 Report vs. 1998 Report

Part III of BD-Y2K

Issues to be covered:

How completing Part III of your BD-Y2K Form affects you

What does the SOP cover

Helpful hints in the completion of Part III

To participate in the Virtual Workshops, the NASD strongly encourages registration, but it is not required. To register call MCI at (800) 839-9159 for the January workshops and at (888) 567-0578 for the February workshops, listen to the greeting, and provide the following information when prompted: firm name, Broker/Dealer #, and workshop date. On the day of the session, call the phone number listed below with the associated workshop, and indicate the password, conference leader, and confirmation number provided for the specific workshop (see below for a list of these specifics organized by date of session).

January 12 - Legal Issues
Password: Legal
Leader: Angela Lacroix
Conf #: 2519205
Call-in phone number: (888) 282-9568

January 14 - Mandatory Testing
Password: Mandatory Testing
Leader: Donna Nichols
Conf #: 3402274
Call-in phone number: (888) 455-5419

January 20 - BD-Y2K (small firms)
Password: BD-Y2K
Leader: Donna Nichols
Conf #: 3402355
Call-in phone number: (888) 455-5419

January 27 - Part III of BD-Y2K
Password: SOP
Leader: Brooks Johnson
Conf #: 3402391
Call-in phone number: (888) 455-5419

January 28 - Mandatory Testing
Password: Mandatory Testing
Leader: Donna Nichols
Conf #: 3402436
Call-in phone number: (888) 455-5419

February 16 - BD-Y2K (small firms)
Password: BD-Y2K
Leader: Brooks Johnson
Conf #: 3818571
Call-in phone number: (888) 455-5419

February 18 - Part III of BD-Y2K (large firms)
Password: SOP
Leader: Brooks Johnson
Conf #: 3818625
Call-in phone number: (888) 455-5419

February 23 - BD-Y2K (small firms)
Password: BD-Y2K
Leader: Brooks Johnson
Conf #: 3818611
Call-in phone number: (888) 455-5419

February 25 - Part III of BD-Y2K (large firms)
Password: SOP
Leader: Brooks Johnson
Conf #: 3818652
Call-in phone number: (888) 455-5419

District Office Workshops

The NASD Year 2000 Program Office is offering two sets of workshops—Mandatory Testing and Year 2000 Plan Overview - for NASD member firms to be held at various NASD Regulation District Offices.

*Mandatory Testing*		*Year 2000 Plan Overview*
January 20		January 20
Dallas District Office	9:00 a.m. & 1:00 p.m.	Dallas District Office	10:30 a.m. & 2:30 p.m.
January 25		January 25
Dallas District Office	9:00 a.m. & 1:00 p.m.	Denver District Office	10:30 a.m. & 2:30 p.m.
January 26		January 26
Los Angeles District Office	9:00 a.m. & 1:00 p.m.	Los Angeles District Office	10:30 a.m. & 2:30 p.m.
Issues to be covered: Testing requirements SIA-sponsored testing Testing with NASD Registration required; call (888) 227-1330.		Issues to be covered: Year 2000 Overview Industry Guidelines Contingency Planning Question and Answers Registration required; call (888) 227-1330.

NASD Year 2000 Event Calendar

Topic	Date	Time (if available)	Location
Legal Issues	January 12	11:00 a.m.	Virtual
Mandatory Testing	January 14	11:00 a.m.	Virtual
BD-Y2K (small firms)	January 20	11:00 a.m.	Virtual
Mandatory Testing	January 20	9:00 a.m. & 1:00 p.m.	Dallas District Office
Y2K Plan Overview	January 20	10:30 a.m. & 2:30 p.m.	Dallas District Office
Mandatory Testing	January 25	9:00 a.m. & 1:00 p.m.	Denver District Office
Y2K Plan Overview	January 25	10:30 a.m. & 2:30 p.m.	Denver District Office
Mandatory Testing	January 26	9:00 a.m. & 1:00 p.m.	Los Angeles District Office
Y2K Plan Overview	January 26	10:30 a.m. & 2:30 p.m.	Los Angeles District Office
Part III of BD-Y2K	January 27	11:00 a.m.	Virtual
Mandatory Testing	January 28	11:00 a.m.	Virtual
BD-Y2K (small firms)	February 16	11:00 a.m.	Virtual
Part III of BD-Y2K (large firms)	February 18	11:00 a.m.	Virtual
BD-Y2K (small firms)	February 23	11:00 a.m.	Virtual
Part III of BD-Y2K (large firms)	February 25	11:00 a.m.	Virtual