In view of the potential economic impact of the Year 2000 problem, senior management's involvement in addressing related technical and legal issues is warranted. Shareholders may look toward management if future losses are incurred due to the improper implementation of Year 2000 compliance programs. With the recent media coverage, the business world is on notice of this issue and officers and directors who do not address this problem now may be greeting the next millennium with a multitude of directors' and officers' lawsuits. In view of the potential business and legal exposures, businesses of all sizes should make "Year 2000" compliance a top priority.
Compliance efforts to prepare for January 1, 2000 vary widely from business to business. On one hand, a prominent group of mutual funds recently announced to its investors that it successfully completed the renovation and testing phases of its internal computer systems for its Year 2000 compliance program. Many other businesses, on the other hand, are only in the initial planning stages of addressing potential Year 2000 problems, and may be surprised to find that little time remains to retain Year 2000 consultants whose "Year 1998" and "Year 1999" availability is becoming scarce. On the far end of the compliance spectrum are businesses that are not yet formally addressing the Year 2000 problem or are contemplating a more "reactionary" approach to the compliance issue. For instance, the Russian Department of Defense recently announced that its compliance program will begin promptly on January 1, 2000 by turning on its computers to "see what happens."
No matter where your business falls on the Year 2000 compliance spectrum, you will need to develop a strategic plan to deal with this problem. In this article, we identify crucial steps you should consider in addressing your company's approach to the Year 2000 problem.
Identify Potential Affected Systems
First, identify all systems which may be affected by the Year 2000 problem. These systems include computer software application programs, computer hardware systems, computer networks, word processing systems, billing systems, customer databases and employee databases. In addition, affected systems may include a company's office equipment, communications equipment, security systems, smoke alarms, heat and air conditioning systems, elevators and any other systems affected by date information. Once this task is completed, you should be able to better evaluate the scope of potential problems that you may encounter and the resources and time required to become Year 2000 compliant.
Review Existing Systems and Software Agreements and Licenses for Legal Rights
We are recommending that our clients conduct a comprehensive review of their software and systems agreements and licenses to determine their legal rights with respect to software, hardware and other systems. First, the agreements and licenses relating to your business should be reviewed to determine whether your vendors are obligated to "fix" applicable software or systems to render them Year 2000 compliant. Certain licenses and agreements may include representations or warranties regarding the performance of software, hardware and equipment, and may also require vendors to complete certain upgrades or improvements, with or without an additional charge. These provisions may or may not require the vendor to upgrade software or a system for Year 2000 compliance.
Your review should include not only a careful study of all licenses and agreements, but also an analysis of "implied" responsibility under the law. In certain instances where a vendor does not expressly disclaim certain "implied warranties," the vendor may have a legal obligation to assist a business in making its software, hardware or other systems Year 2000 compliant, even where no express warranties or representations are made.
More recently prepared software licenses may include an express "Year 2000" representation or warranty. Nevertheless, many of the legal approaches being advanced to address this problem have not been tested by our courts. Accordingly, interpretation of Year 2000 provisions may vary widely from license to license. A careful review of the language in your licenses and other agreements, particularly in view of the evolving nature of the applicable law, is an essential step of any compliance program.
Determine Rights of Your Business (or its Hired Consultants) to Remedy or Modify Software and Systems
Your business' licenses and agreements should also be analyzed to determine whether you (or a hired consultant, on your behalf) can legally modify the programs and code underlying the software and systems. This analysis includes not only a review of applicable licenses and agreements, but also of state and federal copyright law. If a software user does not hold the copyright to software, the user may not be entitled to modify its software without infringing on another's copyright. Modification of software without the copyright holder's permission may lead to copyright infringement litigation. Consequently, if your business does not hold the copyright to certain software, you will be required to either: (1) contact the original software vendor or copyright holder to make the "fix" or (2) obtain permission from the copyright holder to modify the software.
Similarly, software licenses and systems agreements should be reviewed to determine the extent to which warranties will apply if software is modified. Modifications may eliminate or alter the protections afforded by express and implied warranties.
Arrange for "Fixes" of Software and Other Systems
After you determine your business' contractual and other rights with respect to its software and systems, you should arrange for the Year 2000 "fix" to your business' software and systems as quickly as possible. First, you must evaluate how to make your software and systems Year 2000 compliant from a cost effectiveness standpoint. For this determination, you may wish to retain a reputable third-party computer consultant. The threshold question will be whether your systems should be replaced or repaired. Prior to engaging the licensor, vendor or consultant to make any required repairs, we are recommending that our clients include relevant protections in the engagement contracts they are using, such as indemnification of losses or other appropriate remedies should the "fix" not work properly. A carefully drafted contract may be very useful in the event improper repairs are made to your software and systems.
Prepare Vendor Compliance Requests
In addition to reviewing and testing your business' own software and systems, you should contact your vendors, suppliers and independent contractors to: (1) determine the extent to which their systems and products are Year 2000 compliant and (2) request assurance about their Year 2000 compliance programs. If a key vendor is not Year 2000 compliant, your business could be crippled if that vendor cannot efficiently interact with your company after January 1, 2000. Further, any of your vendors' systems which have Millennium Bug problems are capable of infecting your own systems if they are integrated for certain purposes, including the simple transfer of data.
This part of the compliance process may begin with questionnaires and other requests about your vendors' testing for Year 2000 compliance. Certificates of compliance may be sought in certain situations. Several bodies, such as the Information Technology Association of America (ITAA), have drafted language which defines Year 2000 compliance, which can be incorporated into your compliance requests or questionnaires. However, since these definitions typically only cover software, they should be supplemented with language relating to all systems.
Review Business Documents And Other Agreements For Representations Made
Business should also conduct a review of documents and materials distributed to customers and other agreements for representations made which could affect its Year 2000 liability. Documents distributed in connection with products or services, including advertising and promotional materials, product manuals and customer service agreements, may contain warranties and representations concerning the quality and/or functionality of those products or services. While product documentation and advertising rarely warrant Year 2000 compliance directly, indirect statements may be construed by a court to address the problem. For instance, product manuals may state that a product properly deals with date-related data or contains mechanisms to ensure that no incorrect dates are entered into the product. Similarly, advertising may include claims that a system or product is "fool-proof" or "error-free." Likewise, companies may make similar representations and warranties about themselves or their products and services in other agreements such as merger and acquisition agreements, third party agreements with trading partners, and supplier and customer contracts. Such representations and warranties may be used by customers and other parties as the basis for lawsuits in the event that your business encounters or its systems and/or products encounter problems related to the Millennium Bug which result in losses. Accordingly, a careful legal analysis of such agreements and other documents is necessary to determine the possible impact of representations and warranties made by your business.
Review Insurance Coverage and Determine Exposures
Businesses also need to review the applicable provisions of insurance policies to determine whether they are covered for costs to remedy software and systems for Year 2000 compliance. Similarly, insurance policies should be analyzed to determine the scope of coverage for liability claims associated with the Millennium Bug. Because most general liability policies probably will not provide coverage for Year 2000 problems, businesses should evaluate the possibility of purchasing specific new "millennium policies" covering Year 2000-related risks. Directors and Officers liability policies should be reviewed for Year 2000 exclusions.
Verify Compliance with Federal and State Laws and Regulations
Certain federal and state laws and regulations require that businesses be Year 2000 compliant. For instance, the SEC has certain disclosure requirements which must be made in the financial statements of publicly held companies with respect to the Year 2000 problem.1 In addition, certain states have enacted legislation prohibiting state entities from contracting with new vendors or ordering new business from existing vendors that are not Year 2000 compliant.
Analyze Financial and Tax Effects
Potential costs that may be incurred to address your business' Year 2000 problem could have a material impact on your company's profits. Recognizing adequate reserves for compliance costs in your financial statements may be appropriate. Other financial statement disclosures may be required, whether or not the company is publicly owned. Further, tax issues may arise regarding whether costs may be expensed or capitalized. Accordingly, a thorough analysis of the Year 2000 problem with your tax and financial advisors is an important part of a comprehensive Year 2000 compliance plan.
The Year 2000 is almost upon us. Businesses need to carefully analyze their business and legal aspects of this critical problem.
1. On July 29, 1998, the SEC published an Interpretative Release (No. 33-7558), effective August 4, 1998, which superseded its previous Staff Legal Bulletin No. 5, on the Year 2000 disclosure issue. The Release provides guidance to public companies, investment advisors, investment companies and municipal securities issuers with respect to their disclosure obligations. Disclosure is required if the consequences of a company's Year 2000 issues would have a "material" effect on its business, results of operations or financial condition. The Release includes four categories of information which a company must address in its Year 2000 disclosures: (1) the company's state of readiness; (2) the costs to address the company's Year 2000 issues; (3) the risks of the company's Year 2000 issues; and (4) the company's contingency plans.