Background. After festering for years behind the scenes in computer technology circles, the Year 2000 software crisis has finally emerged as a hot topic in the business and popular media. Much of what you read and hear may be unduly dramatic and doomsday-like. But much will also be unjustifiably complacent and ostrich-like. There lies the danger.
What is the problem? Dates play a key role in dependable functioning of the software systems our companies rely upon in day-to-day operations for innumerable computerized tasks, including any tasks requiring date dependent arithmetic calculations, sorting and sequencing data, and many other functions. To oversimplify the problem a bit, most software developed during the past two decades for mainframes, client/server and personal computers recognizes years by only two digits ("96" for 1996) instead of four digits.
Unfortunately, when the system is asked to perform a date sensitive function involving the year 2000 ("00") or beyond, the system may crash or yield inaccurate and often wildly unpredictable results. Any doubts about this can be put to rest by calling in a competent testing service to run various scenarios on a company's system or, worse yet, purely in a controlled testing environment, reset the system clock (the device that tells the system today's date) to 11:58 p.m. on December 31, 1999, wait a couple of minutes and just watch what happens.
The Need For Immediate Action At The Highest Corporate Levels. Amidst the emerging noise in the media, several points have become non-debatable among those who comprehend the nature and magnitude of the Year 2000 software crisis:
- Directors, executive management and corporate counsel at all companies must become personally involved now in leading the effort and committing the resources necessary to solve the problem in time. The deadline is non-negotiable, and time is growing short. Estimates are that less than 20% of American companies have begun to come to grips with the problem in ways serious enough to solve it in time.
- The Year 2000 software crisis has an estimated $300 to $600 billion price tag just to fix the problem. The problem cuts across all industry boundaries. In scale, it is like the S&L crisis, the environment, and asbestos. In kind, it is different because it affects almost all companies.
- Even though the problem may sound simple, it is extraordinarily difficult, labor intensive and time consuming to fix. No "silver bullet" technological solution has emerged, and despite the ever-accelerating rate of scientific innovation (combined with very strong economic incentives) it is unlikely that one will. Any company that adopts a Year 2000 strategy of waiting for the "silver bullet" will probably find itself on the losing end of a game of Russian roulette.
- Despite their best efforts, a significant number of companies will fail to solve the problem. The costs of failure will be extremely high-business disruption and in some cases extinction, liability to third parties such as customers damaged by the failure, and embroilment in years of litigation.
Key Legal Issues And Strategies. When confronting and solving the Year 2000 software crisis, directors, officers and counsel must bear in mind a host of legal issues, summarized below.
Directors' And Officers' Liability And Securities Law Issues. To avoid personal liability, directors and officers are required to meet the applicable legal standards of care in taking action to solve the Year 2000 problem at their company. Directors' and officers' efforts should be carefully documented to strengthen defenses under the due diligence and business judgment rules in the event of litigation over the company's failure to solve the problem in whole or in part.
Even if directors and officers take all appropriate action and the company eventually solves its Year 2000 problem, more may be required. If a company's Year 2000 problem is significant (in terms of possible effect on the business or fix costs) failure to disclose currently the existence of the problem and the potential costs of dealing with it (1) in connection with sale of securities or (2) in Management's Discussion and Analysis of Financial Condition and Results of Operations (MD&A), poses a serious risk of liability on the part of the company, directors and officers under federal and state securities laws.
Officers, directors and corporate counsel should not grasp for a false sense of security in the Private Securities Litigation Reform Act of 1995. Although the Act includes "reforms" concerning class action representatives, pleading with particularity, and some protection for "forward looking statements", plaintiffs' securities lawyers are salivating over the prospect of Year 2000 lawsuits, and with good reason.A sampling of 1996 10Ks filed in 1997 reveals that some companies, primarily in banking and insurance, have begun to disclose Year 2000 problems in the MD&A. Companies who have not done so need to consider the legal issues seriously.
Tax Law Issues. Over the next few years most companies face Year 2000 costs ranging from several million dollars to tens of millions of dollars, and some companies face costs in the hundreds of millions of dollars. The federal and state tax law treatment of these costs (as opposed to the financial accounting and reporting treatment, which is governed by GAAP rather than tax law) will in most cases have a significant impact on the company's after-tax income.
From a tax standpoint, the preferred result is generally a current year tax deduction of the costs as incurred rather than capitalization and amortization, and if the costs must be capitalized in whole or in part, amortization over as short a period as possible. Year 2000 costs will only be tax deductible currently under federal tax law if they qualify as "repairs" or as "research and development" costs for self-developed property under a special provision of tax law.
To maximize the prospects for favorable tax treatment, companies must develop a coherent tax strategy, including careful structuring of agreements with outside vendors, careful documentation of the plans for solving the Year 2000 problem, and careful documentation of costs as incurred. The IRS has not yet stated a position on Year 2000 costs, but given the amount of money at stake it is reasonable to expect that the agency will resist current year deductibility.
Legal Rights Under Existing Licensing, Maintenance, Outsourcing And Other Agreements. One of the most important company assets available to defray Year 2000 costs consists of agreements with third parties relating to the company's computer systems: hardware and software licenses, system maintenance agreements, data processing outsourcing agreements and others.
The company should undertake a comprehensive inventory of all hardware and all software currently in use; locate and identify all licenses and other agreements for each hardware component and software program; conduct a legal analysis of each agreement, including scope, warranties, representations, limitations on liability and other key provisions; identify third party vendors who may have a legal responsibility to participate in solving the problem or contribute to defraying the costs; and put them on appropriate legal notice in writing as soon as possible. Companies should not overlook providers of hardware and software-related services, especially system maintenance vendors and contractors and outsourcing companies, who may be legally obligated to participate in the fix. The inventory and review of all existing licenses and agreements is a complex undertaking, requiring careful legal analysis, but in many cases it will pay handsome dividends.
Legal Issues Relating To Future Licenses And Agreements With Vendors Of Computer-Related Products And Services. The Year 2000 crisis is common knowledge among all but the least sophisticated suppliers of computer-related products and services. In negotiation of all future licenses and agreements Year 2000 compliance should be a key subject of negotiation and should be addressed expressly and explicitly in the contracts. Warranties and representations with vague references to Year 2000 compliance will not suffice. Drafting contract provisions regarding Year 2000 compliance requires a unique blend of technical and legal know-how, so that performance of the contract is objectively verifiable and enforceable. Even if the appropriate contractual provisions are negotiated, all software products licensed over the next few years should be tested in a live operating environment to determine compliance.
Insurance Law Issues. Another important company asset potentially available to defray Year 2000 fix costs, as well as to protect against liability for Year 2000-related failures, consists of the company's insurance policies. The company should locate and inventory all policies (including first party property and casualty and business coverage, third party liability, errors and omissions, directors and officers coverage, and fiduciary policies). The company should then conduct a careful legal analysis of each policy to determine (1) whether any policies provide coverage for fix costs, and (2) whether the company and its directors and officers are adequately protected from potential claims arising from Year 2000 system failures.
First party property and casualty policies may provide coverage for fix costs under insuring clauses relating to property damage and accounts receivable and other valuable records. Again, putting carriers on appropriate written notice as soon as possible is imperative. Looking further down the road, the company needs to be as certain as possible that the wide variety of claims by third parties potentially resulting from Year 2000 system failures are covered. Where gaps in coverage exist, fill them. Attention should be given to the pros and cons of the new "millennium policies" being marketed by some carriers. At the same time, when renewing policies or applying for new policies, careful legal attention is required to possible obligations to disclose Year 2000-related problems.
Legal Issues Regarding Mergers And Acquisitions. If a company is currently involved in or is planning an M&A transaction, what due diligence has the company done or planned regarding Year 2000 issues? Completing an M&A transaction without due diligence and contractual safeguards on Year 2000 issues is a prescription for inheriting a potentially enormous liability and compounding a company's existing Year 2000 problems.
The due diligence process requires expert assistance to determine reliably the nature, extent and potential costs of Year 2000 problems the company may inherit. The M&A contracts should include representations, warranties and indemnities on the subject, and, where appropriate, escape clauses in the event post-acquisition due diligence reveals problems larger than anticipated. The company should approach Year 2000 due diligence no differently than environmental due diligence is now customarily conducted, but with even greater care because the potential liabilities are larger.
Trade Secret And Intellectual Property Law Issues. In many instances, achieving Year 2000 compliance will require inter-company access to information that is sensitive and proprietary. Protecting the company's trade secrets and intellectual property, while at the same time obtaining necessary access to other companies' proprietary information, is not a simple matter of drafting and signing non-disclosure agreements. Establishing the legal framework for innovative escrow arrangements, monitored access and usage procedures and other new legal mechanisms will be required.
Given that trade secrets and intellectual property are increasingly the life blood of many companies, this challenge will be overcome only through legal creativity and an unprecedented degree of inter-company cooperation.
At the same time, the company must assure that it does not infringe the intellectual property rights of vendors in the process of implementing the company's project to fix its Year 2000 problem. Vendors commonly retain copyrights to software source code. If the company substantially modifies programs as part of its Year 2000 project, or hires vendors other than the original vendor to do so, the company may be liable for infringing the copyright owner's exclusive right to create derivative works under federal copyright law. Other vendors treat source code as a trade secret, with stringent protections in licenses. Diving into the source code as part of the company's Year 2000 project, especially with the assistance of third party vendors, may expose the company to claims for misappropriation of trade secrets. The company's inventory and review of licenses and other system-related agreements should be conducted with a careful eye on these issues.
Legal Issues Relating to Non-Technology Contracts. Every company needs to pause and think seriously about the full range of contracts it enters into in the ordinary course of business and to determine whether the Year 2000 problem needs to be addressed in those contracts and, if so, how. As just one example, major banks enter into thousands of credit agreements. Do they currently address the Year 2000 problem? Debtor companies who are not aggressively addressing their Year 2000 problems now may be very poor credit risks. Banks need to determine what covenants, audit rights and other provisions are necessary to protect credit facilities. Banks are by no means unique in this respect. Companies in every industry enter into contracts daily in connection with which Year 2000 problems should be anticipated and expressly addressed. Cookie cutter provision with vague references to "Year 2000 compliance" will not suffice. As with technology contracts, drafting appropriate Year 2000 provisions for non-technology contracts requires a unique blend of technical and legal expertise.
Labor And Employment Law Issues. Unless a technological "silver bullet" miraculously emerges, most Year 2000 "fix" projects will be labor intensive and must be accomplished within a finite period of time. Companies will be required to staff up and then staff down within a relatively short period of time via new hires, independent contractors or "leased" employees. Any company that has experienced significant short term fluctuations in work force knows the inevitable result: labor and employment claims. Advance planning and a number of legal steps are necessary to minimize such claims. If temporary services personnel or "leased" employees are utilized, special attention is required to the unique legal issues concerning such personnel.
Legal Issues Relating To System Interfaces and Relationships With Non-Technology Suppliers. In today's economy, almost every company has computer system interfaces with others in the private and public sectors. These interfaces raise a host of legal issues relating to the company's potential liability for passing non-Year 2000 compliant data to others, and potential damage to the company's own systems as a result of receiving non-compliant data from others. Interfaces need to be identified early and legal preventive measures need to be taken.
Regardless of whether systems interface, every company depends on suppliers of ordinary goods and services. Their Year 2000 problems may eventually become the company's problem, especially if the company relies on the suppliers for uninterrupted business operations.
The company needs to communicate with all mission critical suppliers about their plans for Year 2000 compliance, run tests, and reach a comfort level. The company also needs to inventory and analyze supply contracts, including force majeure and liability limitation clauses, to determine how suppliers' nonperformance might be legally excused or limited. If appropriate, the company should place suppliers on written notice that their failure to achieve Year 2000 compliance will not excuse performance. If the company is bound to a supplier by long term exclusivity, the supplier's inability to demonstrate compliance may give the company legal justification to change suppliers.
A company's Year 2000 problem resides not only in its own systems, but in the systems of all others with whom computer interfaces exist or whose performance is essential to the conduct of the company's business. Companies whose systems interface with government systems or are uniquely reliant on government systems should be especially wary (see discussion below). The business and legal steps necessary to address this broader problem should not be delayed.
Litigation Issues. Given the amounts of money at stake, the complexities of the problem, and the certainty that some degree of failure is inevitable, a wide variety of litigation concerning the Year 2000 problem seems inevitable. No other business problem of similar scale has been resolved completely outside the judicial process. Companies must bear in mind that their efforts to solve the problem, and the internal documentation they create in doing so, may some day be held up to the bright light of a courtroom. Companies should manage their efforts and internal document control accordingly.
Legal And Non-Legal Issues Regarding Government. As of this writing, it does not appear that any federal or state statutes or regulations have been enacted requiring companies in the private sector to achieve Year 2000 compliance. As public media coverage of the Year 2000 software crisis inevitably mounts, however, ambitious politicians will undoubtedly seize the issue and seek press coverage and prominence by attempting to impose legislative and regulatory mandates on the private sector. Federal or state statutes and regulations would, of course, multiply the already complex legal issues surrounding the problem. Private sector companies will no doubt be on the alert for such legislative and regulatory efforts and respond appropriately.
The concept of government mandates to the private sector regarding the Year 2000 problem is ironic. Those most familiar with the problem agree that government agencies at both the federal and state level are extremely dependent on antiquated computer systems; that those systems are as rife, if not more rife, with the Year 2000 problem than in the private sector; that most agencies of government have done little, if anything, to fix the problem in their own back yard; and that they are less well equipped and funded than private sector companies to achieve Year 2000 compliance in time. Time is growing extremely short, and bureaucratic inertia is a potentially insurmountable problem. The consequences of government's failure to become Year 2000 compliant are beyond the scope of this briefing paper, but the subject is one that should be of interest and concern to business leaders.
The Problem As An Opportunity. The Year 2000 software crisis is unquestionably a big problem. But as Henry Kaiser once put it, "Every problem is an opportunity dressed in work clothes." The good news about the Year 2000 software crisis is that it also presents big opportunities to forward-looking companies:
- Companies that act quickly to solve the problem will achieve a strong advantage over their competitors who lag behind. Becoming "Year 2000 compliant" not only will become an increasingly decisive edge in marketing, but will engender confidence among business partners and investors.
- Companies that confront the problem head on in creative ways will not only fix the problem, but take the opportunity to reevaluate their long-term information technology strategies and lay the groundwork for more efficient systems moving into the 21st Century - a doubly decisive competitive advantage.
Conclusion. To put it bluntly, as a matter of responsibility to their companies, customers, employees, shareholders and society, the directors, executive management and corporate counsel of all companies must take decisive action now to provide the leadership and commit the resources necessary to solve the Year 2000 software crisis.