Testimony of the Honorable Marsha Pyle Martin

Chairman and Chief Executive Officer

Farm Credit Administration

Before the

Senate Committee on Agriculture, Nutrition, and Forestry

May 14, 1998

Mr. Chairman and Members of the Committee, I am Marsha Martin, Chairman of the Board and Chief Executive Officer of the Farm Credit Administration (FCA/Agency). I appear before you today, not as a technical expert on Year 2000 computer issues, but because I want you and your committee members to know that as the Chairman of FCA, I take this issue seriously and place a high priority on the successful, on-schedule, completion of my agency's Year 2000 initiatives. My fellow board members and I have provided the necessary leadership, direction, and financial and human resources necessary to accomplish this important effort. Having asked the salient questions and having received the confident answers from staff, I am cautiously optimistic that our actions and their positive results will ensure that both the Farm Credit System (FCS or System) institutions' and the Agency's internal computer systems are prepared for the millennium date change.

INTERNAL ACCOMPLISHMENTS AND INITIATIVES

The Agency already has made much progress internally toward achieving Year 2000 compliance. Over the past 3 years, we have replaced completely our information system architecture. The new system is fully Year 2000 compliant. In January, we completed migration of all applications from our old system to the new system. As a result, we need not review COBOL programming code as many other organizations are doing. Additionally, as called for in our Information Resources Management strategic plan, we have completed our scheduled replacement cycle for computer hardware, which allowed us to purchase new computers that are Year 2000 compatible. This has allowed us to address a number of compliance issues in the normal course of business.

From our internal perspective, the Year 2000 issue involves much more than technology and our computer specialists. It is a challenge for the whole Agency. We understand the potential for competing interests within the Agency in addressing internal compliance issues and the importance of stability. As a result, the Agency's Information Resources Management Operating Committee has been charged with overseeing Agencywide internal efforts and monitoring the business risks posed by vendors, business partners, and customers. This committee is chaired by the Chief Information Officer who serves with the Director of Operations, Office of Examination; the Deputy Chief Financial Officer; an Associate General Counsel; a Senior Economist; and a Public Affairs Specialist. The committee represents all Agency disciplines and provides a broad perspective to the Agency's compliance efforts. The Chief Information Officer reports to me and has the authority necessary to ensure that FCA takes appropriate action on its mission critical systems. Additionally, the Agency's Inspector General provides an independent review of efforts taken by FCA to become Year 2000 compliant.

At my direction, a detailed action plan to address internal Year 2000 issues was prepared and presented to the FCA Board. One of the first steps in the plan, which was adopted by the board, was to inventory all systems and applications used by FCA and assess their relative importance. Through the inventory we identified and evaluated all mission critical systems necessary to fulfill the Agency's responsibilities as the safety and soundness regulator of the FCS. We also identified mission critical systems supporting administrative needs, such as the payroll system. Twenty-five out of 309 of our information systems were identified as mission critical. Within this category of mission critical, 20 relate to FCA's safety and soundness mission. The remaining 5 are administrative systems.

The inventory process calls for certification from vendors and other third parties regarding the level of Year 2000 compliance of the products and services that FCA uses. We recognize that formal certification alone is not sufficient to ensure that a product or service will operate properly in FCA's unique environment. Therefore, we are implementing our own internal testing and verification processes to ensure that all significant applications, systems, and data function properly together.

We control 22 of 25 mission critical information systems. The remaining three rely on other agencies for renovation or are third party vendor software. We will effect contingency replacements for these mission critical systems if compliance cannot be demonstrated by the first quarter of FY 1999. Of the 25 mission critical information systems, 17 comply, 1 will be replaced, and 1 will be retired. The remaining 6 will be made compliant and, thankfully, will not require a major expenditure of staff time or financial resources.

In addition to the 25 mission critical information systems, FCA has identified 3 physical plant and facility systems that are also mission critical. These systems, which support the telephone, sprinkler, and electric services, are outside our control because they rely on third party vendors. We will effect contingency replacements for these systems, as well, if compliance cannot be demonstrated by the first quarter of FY 1999. The remaining systems identified during this inventory are not mission critical.

We believe the Agency is well on the way to Year 2000 compliance; however, we will not take for granted external factors. The compliance certifications of FCA's essential internal systems, hardware, software, vendors, customers, and interfaces should be completed by September 20, 1998.

EXTERNAL EFFORTS AND INITIATIVES

Our efforts on Year 2000 do not stop with assuring that the Agency's internal operations are compliant. As the regulator of the FCS, we must also address Year 2000 compliance in our regulated institutions. The Year 2000 problem, most assuredly, is the most pervasive technological change affecting the System over the next several years. This presents FCA with an extraordinary challenge as a regulator. The computer problems associated with the Year 2000 potentially pose safety and soundness concerns because there is zero tolerance for late delivery or project failure. Also, experience has shown that modification projects are nearly always more costly and time consuming than anticipated.

To heighten awareness of Year 2000 issues, the Agency has provided all FCS institutions with information and guidance through Informational Memorandums on a variety of Year 2000 topics. These include the following:

Year 2000 awareness

Disclosure of Year 2000 costs

Business risk

Service providers and software vendors

Effect on borrower/customers

Testing of mission critical systems, including key testing dates

Additionally, we just completed meetings throughout the U.S. at which we emphasized the importance of Year 2000 compliance to leaders of Farm Credit System institutions.

Examining and reviewing the Year 2000 efforts of the FCS has been and will continue to be a primary focus area in the Agency's examination program through FY 2000. We have 11 examiners who have been specially trained to complete information systems examinations. These special examinations will enable us to accurately assess the degree of exposure in the System and in individual institutions. This assessment will identify high-risk institutions early enough so that corrective action can be implemented.

A special Year 2000 Task Force in our Office of Examination oversees and coordinates our Year 2000 examination activities. The Task Force, comprised of the Director of Operations, Office of Examination, a Quality Assurance examiner, and an Information Systems examiner, has developed examination strategies and provided direction and guidance for staff to ensure a consistent and reliable examination approach. Each of the 211 FCS institutions has been surveyed to assess its status in achieving Year 2000 compliance. While the survey shows that most institutions are addressing the problem, it also indicates that more than 30 institutions must increase substantially their Year 2000 efforts. In those instances, we have required the organizations to develop action plans and have them approved by their boards of directors. These are also the institutions on which our examination resources will be concentrated in the coming months.

Having completed the initial assessment, we will continue with a program of quarterly assessment of FCS institutions' and their Year 2000 preparedness. A Year 2000 Readiness Report showing FCS institutions that have achieved compliance and the status of those that have not will be implemented in the first quarter of FY 1999.

We have instructed FCS institutions to identify borrowers that represent material Year 2000 risk exposure to the institution. Institutions will perform a basic assessment of Year 2000 risk posed by their borrowers. The status of the borrowers' Year 2000 efforts will be periodically updated, including an evaluation of the risk to the institution.

Also, we have required each FCS institution to develop contingency plans in the event outside vendors are unable to achieve Year 2000 compliance. This is especially important since even an institution that has its own operations fully compliant could be severely affected by external forces.

I would also note that FCA participates on the Contingency Planning Work Group at the Federal Financial Institutions Examination Council. This group will develop institution failure criteria that will be still another tool utilized by our examination staff to evaluate FCS institutions' Year 2000 readiness. And, in addition to our examination activities, we are reviewing the status of Year 2000 compliance as we consider special approval requests from the institutions we regulate. Finally, when considering revisions to reporting requirements placed on FCS institutions, we evaluate the potential impact on the institutions' ability to meet Year 2000 deadlines before implementing changes.

CLOSING

As I have indicated, the Year 2000 issue affects every aspect of FCA's operations. We have projected FCA's labor costs for Year 2000 compliance efforts to be $1.1 million over 3 years--$400,000 for internal compliance and $700,000 for evaluating external compliance. These costs will be absorbed within our current budget. We will not seek additional funds.

In closing, Mr. Chairman, I am confident we are doing and will continue to do all we possibly can to ensure Year 2000 compliance. However, we will only know for sure when the clock strikes the new millennium. Meanwhile, as I mentioned earlier, we are cautiously optimistic about the ability of FCA and the FCS to be Year 2000 compliant by January 1, 2000. We will continue to do all that is humanly possible, mustering every resource we can, to make sure our systems do not miss a beat when the clock strikes 12 in the Year 2000.

I thank you for the opportunity to appear before the Committee today.