"The Year 2000 software crisis requires board-level and executive management education, awareness and leadership - starting now - if we as a society are to come to grips with this problem and if our companies are to avoid potentially crippling liabilities. Any company which treats the Year 2000 crisis as just a technology problem instead of a major business problem is headed for deep trouble. Executives and board members cannot afford to adopt an ostrich-like response to this crisis." Steven L. Hock
While many companies are coming to grips in their IT departments with technical Year 2000 issues and solutions, fewer companies have devoted the necessary resources from their legal departments and senior management to identify and adequately address all of the related financial, business, tax, contractual, employment, securities, intellectual property and legal problems that the Year 2000 software crisis will expose. 1 Some of the questions facing senior management include the following:
1.1 Ensure that executive management is fully aware of the Year 2000 software crisis and its potential impact on the company and its customers. The CIO has the responsibility to provide leadership in defining and explaining the critical importance of Year 2000 compliance, obtaining management consensus and commitment, determining the overall structure and approach for the company's Year 2000 program, assessing the adequacy of the existing information management infrastructure to adequately support the Year 2000 efforts and mobilizing needed resources.
1.2
Prepare a business case presentation to senior management and the board of directors setting out a high-level overview of the potential impact of the Year 2000 problem on the organization and the estimated cost and effort required to implement and test remediation.
1.3
Obtain and formalize executive management support through issuance by CEO of Year 2000 policy directive and issuance by the board of directors of a supporting resolution. Without this formal support, the Project may not be able to mobilize adequate resources or obtain sufficient cooperation from the business lines and offices to implement the Year 2000 strategy. 3
1.5Set up procedures for regular reporting to senior management and the board of directors.
1.6Conduct a Year 2000 awareness campaign to raise understanding at management and staff levels of the potential impacts of the Year 2000 problem and the need for cooperation and support in addressing the problem.
1.7Establish processes for periodic updates to management and staff on Year 2000 Project progress.
Establishment of Project Office and Project Committees
2.1Formalize responsibility for the Project at senior management levels. Day-to-day operational decisions in the remediation effort would rest with the Project team and its manager, while senior management provides oversight and resources and ensures organizational coordination. The board's resolution should designate a member of senior management or a subcommittee of the board to take responsibility for implementation of the Project plan and who will have sufficient authority within the organization to assure cooperation from the business lines and offices.
2.2Establish Year 2000 technical team with representatives who have responsibility for the major data centers, mainframes, client/server networks, PCs and embedded chip equipment. Primary responsibility for development and implementation of the Project plan will rest with this team.
2.3Establish Year 2000 executive oversight committee with high level representatives of each of the business lines and each office. This committee is needed to continually coordinate with the business lines and offices on priorities in the remediation effort and to resolve conflicts. This committee is not intended as a decision-making council but as a vehicle for transmitting information throughout the organization and for obtaining data for use in developing and implementing the Project plan. The designated representatives on this committee should be at a sufficiently senior level of management to ensure the cooperation of their respective business units and offices (although they may act in the committee through representatives).
2.4Establish a core Year 2000 operational support team with representatives from information technology, legal, human resources, risk management (both insurance and credit risk management), contracting, corporate communications, investor relations, audit and end users. This team will be responsible for implementing the non-technical legal, financial and business aspects of the Year 2000 program.
3.External Corporate Communications and Disclosures
3.1Draft a statement for inclusion in securities filings and disclosures and ensure safe harbor protection for forward-looking statements in such filings. 4
3.2Establish procedure to alert the Project team when securities filings or disclosures are imminent and to update the Year 2000 disclosure statement in such filings.
3.3Organize and centralize requests for information on Year 2000 status from vendors and customers, and prepare standard responses to vendors and customers.
3.4Establish procedure for reviewing and responding to inquiries from regulatory agencies, media, investors and analysts, and prepare standard responses to such requests.
3.5Establish procedure to identify requests for information requiring special handling and for preparing such responses.
3.6Establish procedure for regular updating of standard responses to ensure accuracy.
3.7Coordinate all external communications to ensure consistency.
4.Existing Licenses, Maintenance Agreements and Other Agreements
4.1Collect and review all existing licenses, warranties, software development contracts, outsourcing agreements, purchase agreements, systems, hardware and software maintenance agreements and sales or promotional literature.
4.2Analyze legal responsibilities of vendors and determine extent to which vendors are responsible for Year 2000 compliance or remediation for their products.
4.3Put all such vendors on notice of claims under warranties, licenses, maintenance agreements and other technology agreements.
4.4Follow up with vendors whose products will require significant remediation efforts or costs.
5.Copyright Infringement Issues 5
5.1Review existing licenses for limitations on modification or disclosure of code for Project staff and third-party remediation consultants.
5.2Draft standard letter requesting licensors to provide Year 2000 compliant code and send to all copyright holders.
5.3Draft standard letter requesting permission for modifications and/or disclosure and send to copyright holders who have not agreed to provide Year 2000 compliant code.
5.4Document, to the extent applicable, compliance with 17 U.S.C. Section 117 for modifications required as an essential step in the utilization of the software programs.
5.5Document, to the extent applicable, compliance with 17 U.S.C. Section 107 regarding fair use of copyrighted materials.
5.6Ensure that the Company holds the copyright for all programs developed by Project staff and third-party remediation consultants.
6.Insurance Risk Management
6.1Collect and review existing insurance coverage for first-party damages, business interruption, third-party liability, errors and omission, directors and officers liability, valuable records and fiduciary responsibility.
6.2Determine whether there are any gaps in coverage with respect to Year 2000 risks and obtain insurance for those gaps, if appropriate.
6.3Review all renewals for changes in coverage and new exclusions relating to Year 2000 exposures.
6.4Coordinate responses to renewal or new insurance application questions relating to Year 2000 compliance with other external communications.
6.5Review new "Millennium Risk Insurance" policies as they come on the market and determine whether to obtain such coverage for the Company.
6.6Determine whether there is coverage under first-party policies, business interruption riders and valuable records riders for Year 2000 remediation costs.
6.7Determine whether there has been a covered occurrence and loss other than remediation costs, and if the loss is of sufficient magnitude to put insurers on notice. If so, provide notice to insurers of claim.
6.8Determine at what level of loss the Company will pursue claims against insurers, and establish procedures for identifying and quantifying losses and notifying risk management personnel.
6.9Monitor developments in coverage litigation relevant to Year 2000 losses.
7.Credit Risk Management
7.1Provide awareness and assessment training for credit risk management department.
7.2Develop guidelines for Year 2000-related credit risks.
7.3Develop standard language for credit facilities and loan agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
7.4Review existing credit risks for additional risk arising from potential Year 2000 non-compliance and remediation failures.
8.M&A; Activities
8.1Provide awareness and assessment training for corporate acquisitions department. 6
8.2Develop standard language for M&A; related agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
8.3Develop procedure to ensure adequate assessment and disclosure of Year 2000 risks in M&A; transactions.
9.Underwriting Activities
9.1Provide awareness and assessment training for all departments involved in underwriting equities and fixed income securities or in equity or fixed income finance.
9.2Develop standard language for underwriting-related agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
9.3Develop procedures to ensure adequate disclosure of Year 2000 risks in securities filings and disclosures and private placement documentation.
10.Client Advisory and Investment Research Activities
10.1Provide awareness and assessment training for all departments providing fixed income, equity or other investment research, advice or assistance.
10.2Develop procedures to ensure adequate assessment and disclosure of Year 2000 risks.
10.3Develop, to the extent appropriate, disclaimers and limitations of liability regarding Year 2000 risks.
11.Year 2000 Compliance in Technology Products
11.1Develop standard language for contracts for Year 2000 warranties and compliance.
11.2Develop language for contracts with Year 2000 remediation and testing consultants addressing issues relating to confidentiality, non-disclosure of trade secrets and proprietary information, non-compete provisions, notice of employment by competitors, intellectual property rights and work-for-hire status.
11.3Develop and send to vendors standardized notices of their responsibility to be Year 2000 compliant and to provide Year 2000 compliant products.
11.4Develop, distribute, collect and analyze requests for information on Year 2000 compliance and responses from technology vendors.
11.5On an organization-wide basis, with the assistance of the Year 2000 executive management council, determine which technology products and equipment are mission critical for the Company.
11.6Develop, distribute and analyze detailed requests for information on Year 2000 compliance for vendors of all mission critical products and equipment.
11.7Develop procedures to follow up with mission critical vendors to assure that their products and equipment will be Year 2000 compliant, including requiring milestone reports or follow-up information requests.
11.8Develop contingency plans and identify alternative vendors for mission critical products, equipment or services that may not achieve timely Year 2000 compliance.
11.9Analyze legal rights under existing long-term vendor contracts and take action to preserve rights to terminate vendors who will not achieve timely Year 2000 compliance.
1.Vendors' Own Internal Year 2000 Compliance
12.1Develop standard language for contracts providing that Year 2000 problems are not within force majeure exceptions or excusable delays for time sensitive contracts.
12.2Develop and send to vendors standardized notices of their responsibility to be Year 2000 compliant and that Year 2000 problems are not within force majeure exceptions or excusable delays for time sensitive contracts.
12.3Establish guidelines for selecting vendors for vendor management program.
12.4Develop, distribute, collect and analyze form requests for information on Year 2000 compliance from vendors in vendor management program.
1
2.5On an organization-wide basis, with the assistance of the Year 2000 executive management council, determine which vendors are mission critical for the Company.
12.6Develop, distribute and analyze a more detailed request for information on Year 2000 compliance and responses from all mission critical vendors.
12.7Develop procedures to follow up with mission critical vendors to assure that they will be internally Year 2000 compliant, including milestone reports or follow-up information requests.
12.8Develop contingency plans and identify alternatives for mission critical vendors that may not achieve timely Year 2000 compliance.
12.9Analyze legal rights under existing long-term vendor contracts and take action to preserve rights to terminate vendors who will not achieve timely Year 2000 compliance.
13.Technology Products Developed and Distributed by the Company
13.1Inventory technology products developed and distributed by the company and related sales literature, sales contracts, warranties, licenses and other agreements.
13.2Determine whether the company's products are Year 2000 compliant.
1.3For any non-compliant products, determine whether the company has a legal obligation to upgrade or remediate existing products and the associated costs, efforts and impacts of failure to do so.
13.4Determine the company's position on remediation of its products.
13.5Monitor inquiries, notices and demands from customers and develop standard responses to inquiries from customers regarding Year 2000 compliance and for demands from customers that the company upgrade or remediate its products.
13.6Develop standard language for future contracts disclaiming or limiting warranties, limiting damages and consequential damages and addressing the company's obligations with regard to Year 2000 compliance.
14.Human Resources Issues
14.1Determine strategy for staffing of Project with the company employees, new hires, independent contractors, technical services providers and leased employees.
14.2Determine whether to establish a separate, controlled temporary services organization. If a determination is made to create such a subsidiary, additional issues must be addressed in implementing that decision.
14.3Identify key Project personnel and establish retention policy for key Project personnel and for programming staff. The policy may include additional compensation, performance bonuses, retention bonuses and bonus pools, stock options, early retirement plans, top-hat plans, rabbi trusts, enhanced retirement benefits, enhanced retirement medical benefits and special working conditions. 7
1
4.4Determine critical staffing needs and develop a program for meeting those needs, including signing bonuses and appropriate elements of the retention plan.
1
4.5Plan for Project staff-down at completion of the Project.
14.6Review employee manual provisions regarding confidentiality, non-disclosure, non-compete, notice of employment by competitors, intellectual property rights and work-for-hire.
14.7To the extent necessary, prepare specific agreements for Project staff on these issues.
1
4.8Prepare contract language for independent contractors and technical services providers on these issues.
15.Tax Strategy 8
15.1Prepare overall strategy for Project expenses to maximize current-year deductibility and minimize amortization periods. 9
15.2Determine extent to which Project expenses qualify for tax treatment as repairs and establish procedure to document and support such tax treatment.
15.3Determine extent to which Project expenses qualify as self-directed research and development and establish procedure to document and support such tax treatment.
15.4Review third-party contracts for compliance with requirements for tax treatment as repairs or research and development and prepare standard or special contract language as required.
15.5To the extent not currently deductible, review expenses and third-party contracts to minimize amortization periods.
15.6Review and determine foreign tax law implications for Project expenses, to the extent applicable.
16.International Issues
16.1Ensure compliance with export restrictions for any encryption software sent overseas for remediation.
16.2Monitor governmental responses to the Year 2000 problem and proposed laws and regulations affecting the private sector for any foreign countries in which the Company does business. 10
16.3Review foreign tax issues relating to the costs of remediation, to the extent applicable.
16.4Monitor the responses to the Year 2000 problem of overseas financial institutions. 11
17.Regulatory Issues1
7.1Monitor the legislative and regulatory agency responses to the Year 2000 problem for additional obligations and responsibilities. 12
18.Documentation and Records
18.1Establish central repository for Year 2000 Project records.
18.2Establish records retention policy and avoid retention of non-essential documents.
18.3Ensure documentation of senior management and board commitment to, and follow-up for, Year 2000 Project.
18.4Provide for and document third-party expert reviews of the Year 2000 plan implementation, testing and validation.
18.5Ensure documentation of notices to preserve rights under existing licenses, warranties and technology agreements.
18.6Ensure documentation of notices to vendors and suppliers and due diligence in reviewing vendor, supplier and data exchange compliance.
18.7Ensure documentation of notices to insurers.
18.8Ensure documentation of good faith efforts to achieve Year 2000 compliance.
18.9Ensure documentation of issues relating to third-party copyrights.
18.10Establish policy and train staff to avoid "rogue" and "flame" e-mail and memos.
18.11Establish procedure to route complaints and problems through counsel to protect such communications under attorney-client privilege. As a final note, Bart Starr, the Green Bay Packers' Hall of Fame quarterback, once said that he never lost a game, he only ran out of time. For the Year 2000 software crisis, the clock ticks down no later than 28 months from now. Every company must confront the question of what the score will be for the company when its time to fix its Year 2000 problem runs out.
1. The Federal Reserve Bank of New York, in its April 4, 1997 Year 2000 Alert, found: "Most institutions have focused their efforts to date on identifying the changes that must be made internally to address the Year 2000 issue. Most are well along in this process. Fewer institutions are as advanced in their thinking about how the Year 2000 may affect their dealings with customers, vendors or service providers. In this District, many institutions are significant providers of financial services to others, giving rise to potential implications more broadly if problems develop."
2. For good discussions of the stages your IT department must address in its technical solution of the Year 2000 problem, see U.S. G.A.O. Accounting and Information Management Division, Year 2000 Computing Crisis: An Assessment Guide and the best practices document for Year 2000 remediation projects that the federal government's CIO Subcommittee on the Year 2000 and the GSA Office of Governmentwide Policy (MK-Y2K) is preparing
3. This concern was recognized in the CIO Subcommittee's best practice document The section on awareness includes the following: "Obtain High Level Management Support: To be successful in addressing Y2K, senior leadership must understand and vigorously support efforts to resolve Y2K. Without buy-in from the top, all Y2K efforts will be difficult and the acquisition of required resources, all but impossible. Sometimes a business case . . . must be prepared before senior leadership will be convinced of the impact of Y2K and ensure that the Chief Executive Officer (or equivalent) understands that Y2K is a business issue, which needs the active support of the senior managers in each of the business/functional areas. Initial briefings must . . . clearly emphasize the scope of the problem and the consequences of not addressing it immediately."
4.The safe harbor under the Private Securities Litigation Reform Act of 1995 for forward-looking statements in securities filings requires that such statements be accompanied by meaningful cautionary statements identifying important factors that could cause results to differ materially from those in the forward-looking statements. SEC Chairman Arthur Levitt reported to the Senate Subcommittee on Finance that an SEC staff legal bulletin is being prepared to make sure that companies understand that they must disclose any material financial impact that may arise from the Year 2000 problem. Once the bulletin is released later this year, the staff will consider the adequacy of company disclosures to determine whether additional measures are needed.
5. For a discussion of this issue see Steven Hock and Christine Lofgren, Year 2000 Software Solutions Raise Copyright Issues and Steven Hock, The Year 2000 Copyright Maze.
6.With respect to bank acquisitions, at a conference in May, John Wixted, senior vice president of the Chicago Fed, stated that the Fed is "beginning to pay closer attention to [the Year 2000] issue as it relates to merger and acquisitions activity. We've noted that there are a number of companies that have been readying themselves for sale or may have made decisions that they don't want to remain independent . . . who haven't paid a lot of attention to the Year 2000 issue." To address this issue, the Fed will be requiring banks to evaluate potential Year 2000 computer problems as part of doing due diligence on acquisition targets. The Fed will be expecting acquiring banks to quantify potential costs. Mr. Wixted noted that the Fed is "also going to be asking questions of people filing acquisitions to see how well they are prepared in terms not only of integrating different operating systems, but also dealing with Year 2000 issues."
7. For a discussion of this issue, see Benjamin Delancy, The Year 2000 Problem: Paying the Programmers.
8. For a discussion of this issue, see Joan Paul, Year 2000 Tax Issues: Preventing An Even Bigger Hit to the Bottom Line.
9. While the consensus of the Emerging Issues Task Force of the F.A.S.B. requires "that the external and internal costs specifically associated with modifying internal-use software for the Year 2000 should be charged to expense as incurred" for financial reporting purposes, the treatment of such expenses for tax purposes may not be the same. Careful planning is required if the company if to obtain current year deductibility.
10 For example, on April 22, 1997, the Hon. Peter Dunne, M.P. introduced in the New Zealand Parliament a bill, entitled the Millennium Computer Compliance Act, which would require all companies licensed to do business in New Zealand to perform a millennium computer audit according to certain specified standards and to report the audit results to the government. Failure to complete the audit and report the results would be punishable by a fine of up to NZ$250,000. Legislative responses are also under consideration in the United Kingdom. 1
1. For a discussion of this issue, see Joan Paul, International Tax Consequences of Year 2000 Fix Costs. For example, Sen. Bob Bennett, chairman of the Senate Subcommittee on Finance, has stated that the subcommittee has been studying proposals to sanction companies that fail to satisfy their fiduciary duties to customers as a result of negligence in Year 2000 remediations efforts.
While many companies are coming to grips in their IT departments with technical Year 2000 issues and solutions, fewer companies have devoted the necessary resources from their legal departments and senior management to identify and adequately address all of the related financial, business, tax, contractual, employment, securities, intellectual property and legal problems that the Year 2000 software crisis will expose. 1 Some of the questions facing senior management include the following:
- Has your company taken the necessary measures to reduce your exposure to securities class actions and other shareholder lawsuits, which also impose personal liability on officers and directors?
- Has your company structured its Year 2000 remediation contracts and in-house work so that the costs will be deductible currently, or will you suffer the adverse financial impacts of having to expense the remediation costs for financial reporting purposes, while having to amortize the costs for tax purposes?
- Has your company violated your software licenses and unnecessarily exposed your company to copyright infringement or trade secrets litigation when you remediated third-party software?
- Has your company structured its technology contracts with third-party providers and contractors to provide the maximum protection, even where Year 2000 contractors have refused to provide warranties or guaranties?
- Are your company's risk managers aware of the recent developments in Year 2000 coverage for directors & officers, errors & omissions and business interruption, and do they have a plan to preserve maximize coverage for Year 2000-related liabilities?
- Has your company mined its service agreements, maintenance agreements, warranties and licenses for their potential value in transferring the costs of Year 2000 compliance?
- Has your company's HR department adequately addressed critical staff retention issues for the project and prepared for eventual staffing down of the project?
- Has your company's corporate acquisition and development group been brought up to speed on the potential effect of Year 2000 issues on business valuation, and are they conducting adequate due diligence, or are you at risk of buying someone else's Year 2000 problem?
- Does your company have adequate provisions in its long-term supply and service contracts to identify vendors at risk of failing to achieve compliance and to replace those vendors before their own non-compliance affects your company's operations?
- Does your company's credit risk management staff have provisions in place to ensure that companies with substantial payables to you will be Year 2000 compliant as the millennium approaches?
- Does your company have in place a program to identify mission critical vendors and to ensure that they will achieve timely Year 2000 compliance?
- Does your company's project team have the senior management support and enterprise-wide participation that will be necessary to ensure successful preparation for the millennium?
Set out below is a detailed list of issues that each company's management and its Year 2000 Project team will have to confront in the near future as they address Year 2000 remediation and compliance. However, this article cannot be and is not intended to be exhaustive. The points below were prepared for banking and securities clients of our firm. No single checklist could be applicable in all of its detail to every company in every industry. Nonetheless, most of these thinking points are applicable to companies in any industry, and it is not difficult to modify the checklist for your company's particular concerns. These thinking points are a starting place for organizing a complete, enterprise-wide response to your company's Year 2000 software problems.
This article focuses on legal, financial and management issues; it does not address the multitude of technical issues arising from project planning, inventory, assessment, validation, testing and implementation of a Year 2000 remediation project plan. Other issues not set out here are sure to arise over the next 28 months until the millennial changeover. But, a company that has thought through and addressed the thinking points below should be well on its way to resolving all of the legal, financial and management issues that the Year 2000 software crisis encompasses.
1.1 Ensure that executive management is fully aware of the Year 2000 software crisis and its potential impact on the company and its customers. The CIO has the responsibility to provide leadership in defining and explaining the critical importance of Year 2000 compliance, obtaining management consensus and commitment, determining the overall structure and approach for the company's Year 2000 program, assessing the adequacy of the existing information management infrastructure to adequately support the Year 2000 efforts and mobilizing needed resources.
1.2
Prepare a business case presentation to senior management and the board of directors setting out a high-level overview of the potential impact of the Year 2000 problem on the organization and the estimated cost and effort required to implement and test remediation.
1.3
Obtain and formalize executive management support through issuance by CEO of Year 2000 policy directive and issuance by the board of directors of a supporting resolution. Without this formal support, the Project may not be able to mobilize adequate resources or obtain sufficient cooperation from the business lines and offices to implement the Year 2000 strategy. 3
1.5Set up procedures for regular reporting to senior management and the board of directors.
1.6Conduct a Year 2000 awareness campaign to raise understanding at management and staff levels of the potential impacts of the Year 2000 problem and the need for cooperation and support in addressing the problem.
1.7Establish processes for periodic updates to management and staff on Year 2000 Project progress.
Establishment of Project Office and Project Committees
2.1Formalize responsibility for the Project at senior management levels. Day-to-day operational decisions in the remediation effort would rest with the Project team and its manager, while senior management provides oversight and resources and ensures organizational coordination. The board's resolution should designate a member of senior management or a subcommittee of the board to take responsibility for implementation of the Project plan and who will have sufficient authority within the organization to assure cooperation from the business lines and offices.
2.2Establish Year 2000 technical team with representatives who have responsibility for the major data centers, mainframes, client/server networks, PCs and embedded chip equipment. Primary responsibility for development and implementation of the Project plan will rest with this team.
2.3Establish Year 2000 executive oversight committee with high level representatives of each of the business lines and each office. This committee is needed to continually coordinate with the business lines and offices on priorities in the remediation effort and to resolve conflicts. This committee is not intended as a decision-making council but as a vehicle for transmitting information throughout the organization and for obtaining data for use in developing and implementing the Project plan. The designated representatives on this committee should be at a sufficiently senior level of management to ensure the cooperation of their respective business units and offices (although they may act in the committee through representatives).
2.4Establish a core Year 2000 operational support team with representatives from information technology, legal, human resources, risk management (both insurance and credit risk management), contracting, corporate communications, investor relations, audit and end users. This team will be responsible for implementing the non-technical legal, financial and business aspects of the Year 2000 program.
3.External Corporate Communications and Disclosures
3.1Draft a statement for inclusion in securities filings and disclosures and ensure safe harbor protection for forward-looking statements in such filings. 4
3.2Establish procedure to alert the Project team when securities filings or disclosures are imminent and to update the Year 2000 disclosure statement in such filings.
3.3Organize and centralize requests for information on Year 2000 status from vendors and customers, and prepare standard responses to vendors and customers.
3.4Establish procedure for reviewing and responding to inquiries from regulatory agencies, media, investors and analysts, and prepare standard responses to such requests.
3.5Establish procedure to identify requests for information requiring special handling and for preparing such responses.
3.6Establish procedure for regular updating of standard responses to ensure accuracy.
3.7Coordinate all external communications to ensure consistency.
4.Existing Licenses, Maintenance Agreements and Other Agreements
4.1Collect and review all existing licenses, warranties, software development contracts, outsourcing agreements, purchase agreements, systems, hardware and software maintenance agreements and sales or promotional literature.
4.2Analyze legal responsibilities of vendors and determine extent to which vendors are responsible for Year 2000 compliance or remediation for their products.
4.3Put all such vendors on notice of claims under warranties, licenses, maintenance agreements and other technology agreements.
4.4Follow up with vendors whose products will require significant remediation efforts or costs.
5.Copyright Infringement Issues 5
5.1Review existing licenses for limitations on modification or disclosure of code for Project staff and third-party remediation consultants.
5.2Draft standard letter requesting licensors to provide Year 2000 compliant code and send to all copyright holders.
5.3Draft standard letter requesting permission for modifications and/or disclosure and send to copyright holders who have not agreed to provide Year 2000 compliant code.
5.4Document, to the extent applicable, compliance with 17 U.S.C. Section 117 for modifications required as an essential step in the utilization of the software programs.
5.5Document, to the extent applicable, compliance with 17 U.S.C. Section 107 regarding fair use of copyrighted materials.
5.6Ensure that the Company holds the copyright for all programs developed by Project staff and third-party remediation consultants.
6.Insurance Risk Management
6.1Collect and review existing insurance coverage for first-party damages, business interruption, third-party liability, errors and omission, directors and officers liability, valuable records and fiduciary responsibility.
6.2Determine whether there are any gaps in coverage with respect to Year 2000 risks and obtain insurance for those gaps, if appropriate.
6.3Review all renewals for changes in coverage and new exclusions relating to Year 2000 exposures.
6.4Coordinate responses to renewal or new insurance application questions relating to Year 2000 compliance with other external communications.
6.5Review new "Millennium Risk Insurance" policies as they come on the market and determine whether to obtain such coverage for the Company.
6.6Determine whether there is coverage under first-party policies, business interruption riders and valuable records riders for Year 2000 remediation costs.
6.7Determine whether there has been a covered occurrence and loss other than remediation costs, and if the loss is of sufficient magnitude to put insurers on notice. If so, provide notice to insurers of claim.
6.8Determine at what level of loss the Company will pursue claims against insurers, and establish procedures for identifying and quantifying losses and notifying risk management personnel.
6.9Monitor developments in coverage litigation relevant to Year 2000 losses.
7.Credit Risk Management
7.1Provide awareness and assessment training for credit risk management department.
7.2Develop guidelines for Year 2000-related credit risks.
7.3Develop standard language for credit facilities and loan agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
7.4Review existing credit risks for additional risk arising from potential Year 2000 non-compliance and remediation failures.
8.M&A; Activities
8.1Provide awareness and assessment training for corporate acquisitions department. 6
8.2Develop standard language for M&A; related agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
8.3Develop procedure to ensure adequate assessment and disclosure of Year 2000 risks in M&A; transactions.
9.Underwriting Activities
9.1Provide awareness and assessment training for all departments involved in underwriting equities and fixed income securities or in equity or fixed income finance.
9.2Develop standard language for underwriting-related agreements providing for Year 2000 compliance and audit rights including representations, covenants, warranties, reporting requirements and audit rights.
9.3Develop procedures to ensure adequate disclosure of Year 2000 risks in securities filings and disclosures and private placement documentation.
10.Client Advisory and Investment Research Activities
10.1Provide awareness and assessment training for all departments providing fixed income, equity or other investment research, advice or assistance.
10.2Develop procedures to ensure adequate assessment and disclosure of Year 2000 risks.
10.3Develop, to the extent appropriate, disclaimers and limitations of liability regarding Year 2000 risks.
11.Year 2000 Compliance in Technology Products
11.1Develop standard language for contracts for Year 2000 warranties and compliance.
11.2Develop language for contracts with Year 2000 remediation and testing consultants addressing issues relating to confidentiality, non-disclosure of trade secrets and proprietary information, non-compete provisions, notice of employment by competitors, intellectual property rights and work-for-hire status.
11.3Develop and send to vendors standardized notices of their responsibility to be Year 2000 compliant and to provide Year 2000 compliant products.
11.4Develop, distribute, collect and analyze requests for information on Year 2000 compliance and responses from technology vendors.
11.5On an organization-wide basis, with the assistance of the Year 2000 executive management council, determine which technology products and equipment are mission critical for the Company.
11.6Develop, distribute and analyze detailed requests for information on Year 2000 compliance for vendors of all mission critical products and equipment.
11.7Develop procedures to follow up with mission critical vendors to assure that their products and equipment will be Year 2000 compliant, including requiring milestone reports or follow-up information requests.
11.8Develop contingency plans and identify alternative vendors for mission critical products, equipment or services that may not achieve timely Year 2000 compliance.
11.9Analyze legal rights under existing long-term vendor contracts and take action to preserve rights to terminate vendors who will not achieve timely Year 2000 compliance.
1.Vendors' Own Internal Year 2000 Compliance
12.1Develop standard language for contracts providing that Year 2000 problems are not within force majeure exceptions or excusable delays for time sensitive contracts.
12.2Develop and send to vendors standardized notices of their responsibility to be Year 2000 compliant and that Year 2000 problems are not within force majeure exceptions or excusable delays for time sensitive contracts.
12.3Establish guidelines for selecting vendors for vendor management program.
12.4Develop, distribute, collect and analyze form requests for information on Year 2000 compliance from vendors in vendor management program.
1
2.5On an organization-wide basis, with the assistance of the Year 2000 executive management council, determine which vendors are mission critical for the Company.
12.6Develop, distribute and analyze a more detailed request for information on Year 2000 compliance and responses from all mission critical vendors.
12.7Develop procedures to follow up with mission critical vendors to assure that they will be internally Year 2000 compliant, including milestone reports or follow-up information requests.
12.8Develop contingency plans and identify alternatives for mission critical vendors that may not achieve timely Year 2000 compliance.
12.9Analyze legal rights under existing long-term vendor contracts and take action to preserve rights to terminate vendors who will not achieve timely Year 2000 compliance.
13.Technology Products Developed and Distributed by the Company
13.1Inventory technology products developed and distributed by the company and related sales literature, sales contracts, warranties, licenses and other agreements.
13.2Determine whether the company's products are Year 2000 compliant.
1.3For any non-compliant products, determine whether the company has a legal obligation to upgrade or remediate existing products and the associated costs, efforts and impacts of failure to do so.
13.4Determine the company's position on remediation of its products.
13.5Monitor inquiries, notices and demands from customers and develop standard responses to inquiries from customers regarding Year 2000 compliance and for demands from customers that the company upgrade or remediate its products.
13.6Develop standard language for future contracts disclaiming or limiting warranties, limiting damages and consequential damages and addressing the company's obligations with regard to Year 2000 compliance.
14.Human Resources Issues
14.1Determine strategy for staffing of Project with the company employees, new hires, independent contractors, technical services providers and leased employees.
14.2Determine whether to establish a separate, controlled temporary services organization. If a determination is made to create such a subsidiary, additional issues must be addressed in implementing that decision.
14.3Identify key Project personnel and establish retention policy for key Project personnel and for programming staff. The policy may include additional compensation, performance bonuses, retention bonuses and bonus pools, stock options, early retirement plans, top-hat plans, rabbi trusts, enhanced retirement benefits, enhanced retirement medical benefits and special working conditions. 7
1
4.4Determine critical staffing needs and develop a program for meeting those needs, including signing bonuses and appropriate elements of the retention plan.
1
4.5Plan for Project staff-down at completion of the Project.
14.6Review employee manual provisions regarding confidentiality, non-disclosure, non-compete, notice of employment by competitors, intellectual property rights and work-for-hire.
14.7To the extent necessary, prepare specific agreements for Project staff on these issues.
1
4.8Prepare contract language for independent contractors and technical services providers on these issues.
15.Tax Strategy 8
15.1Prepare overall strategy for Project expenses to maximize current-year deductibility and minimize amortization periods. 9
15.2Determine extent to which Project expenses qualify for tax treatment as repairs and establish procedure to document and support such tax treatment.
15.3Determine extent to which Project expenses qualify as self-directed research and development and establish procedure to document and support such tax treatment.
15.4Review third-party contracts for compliance with requirements for tax treatment as repairs or research and development and prepare standard or special contract language as required.
15.5To the extent not currently deductible, review expenses and third-party contracts to minimize amortization periods.
15.6Review and determine foreign tax law implications for Project expenses, to the extent applicable.
16.International Issues
16.1Ensure compliance with export restrictions for any encryption software sent overseas for remediation.
16.2Monitor governmental responses to the Year 2000 problem and proposed laws and regulations affecting the private sector for any foreign countries in which the Company does business. 10
16.3Review foreign tax issues relating to the costs of remediation, to the extent applicable.
16.4Monitor the responses to the Year 2000 problem of overseas financial institutions. 11
17.Regulatory Issues1
7.1Monitor the legislative and regulatory agency responses to the Year 2000 problem for additional obligations and responsibilities. 12
18.Documentation and Records
18.1Establish central repository for Year 2000 Project records.
18.2Establish records retention policy and avoid retention of non-essential documents.
18.3Ensure documentation of senior management and board commitment to, and follow-up for, Year 2000 Project.
18.4Provide for and document third-party expert reviews of the Year 2000 plan implementation, testing and validation.
18.5Ensure documentation of notices to preserve rights under existing licenses, warranties and technology agreements.
18.6Ensure documentation of notices to vendors and suppliers and due diligence in reviewing vendor, supplier and data exchange compliance.
18.7Ensure documentation of notices to insurers.
18.8Ensure documentation of good faith efforts to achieve Year 2000 compliance.
18.9Ensure documentation of issues relating to third-party copyrights.
18.10Establish policy and train staff to avoid "rogue" and "flame" e-mail and memos.
18.11Establish procedure to route complaints and problems through counsel to protect such communications under attorney-client privilege. As a final note, Bart Starr, the Green Bay Packers' Hall of Fame quarterback, once said that he never lost a game, he only ran out of time. For the Year 2000 software crisis, the clock ticks down no later than 28 months from now. Every company must confront the question of what the score will be for the company when its time to fix its Year 2000 problem runs out.
1. The Federal Reserve Bank of New York, in its April 4, 1997 Year 2000 Alert, found: "Most institutions have focused their efforts to date on identifying the changes that must be made internally to address the Year 2000 issue. Most are well along in this process. Fewer institutions are as advanced in their thinking about how the Year 2000 may affect their dealings with customers, vendors or service providers. In this District, many institutions are significant providers of financial services to others, giving rise to potential implications more broadly if problems develop."
2. For good discussions of the stages your IT department must address in its technical solution of the Year 2000 problem, see U.S. G.A.O. Accounting and Information Management Division, Year 2000 Computing Crisis: An Assessment Guide and the best practices document for Year 2000 remediation projects that the federal government's CIO Subcommittee on the Year 2000 and the GSA Office of Governmentwide Policy (MK-Y2K) is preparing
3. This concern was recognized in the CIO Subcommittee's best practice document The section on awareness includes the following: "Obtain High Level Management Support: To be successful in addressing Y2K, senior leadership must understand and vigorously support efforts to resolve Y2K. Without buy-in from the top, all Y2K efforts will be difficult and the acquisition of required resources, all but impossible. Sometimes a business case . . . must be prepared before senior leadership will be convinced of the impact of Y2K and ensure that the Chief Executive Officer (or equivalent) understands that Y2K is a business issue, which needs the active support of the senior managers in each of the business/functional areas. Initial briefings must . . . clearly emphasize the scope of the problem and the consequences of not addressing it immediately."
4.The safe harbor under the Private Securities Litigation Reform Act of 1995 for forward-looking statements in securities filings requires that such statements be accompanied by meaningful cautionary statements identifying important factors that could cause results to differ materially from those in the forward-looking statements. SEC Chairman Arthur Levitt reported to the Senate Subcommittee on Finance that an SEC staff legal bulletin is being prepared to make sure that companies understand that they must disclose any material financial impact that may arise from the Year 2000 problem. Once the bulletin is released later this year, the staff will consider the adequacy of company disclosures to determine whether additional measures are needed.
5. For a discussion of this issue see Steven Hock and Christine Lofgren, Year 2000 Software Solutions Raise Copyright Issues and Steven Hock, The Year 2000 Copyright Maze.
6.With respect to bank acquisitions, at a conference in May, John Wixted, senior vice president of the Chicago Fed, stated that the Fed is "beginning to pay closer attention to [the Year 2000] issue as it relates to merger and acquisitions activity. We've noted that there are a number of companies that have been readying themselves for sale or may have made decisions that they don't want to remain independent . . . who haven't paid a lot of attention to the Year 2000 issue." To address this issue, the Fed will be requiring banks to evaluate potential Year 2000 computer problems as part of doing due diligence on acquisition targets. The Fed will be expecting acquiring banks to quantify potential costs. Mr. Wixted noted that the Fed is "also going to be asking questions of people filing acquisitions to see how well they are prepared in terms not only of integrating different operating systems, but also dealing with Year 2000 issues."
7. For a discussion of this issue, see Benjamin Delancy, The Year 2000 Problem: Paying the Programmers.
8. For a discussion of this issue, see Joan Paul, Year 2000 Tax Issues: Preventing An Even Bigger Hit to the Bottom Line.
9. While the consensus of the Emerging Issues Task Force of the F.A.S.B. requires "that the external and internal costs specifically associated with modifying internal-use software for the Year 2000 should be charged to expense as incurred" for financial reporting purposes, the treatment of such expenses for tax purposes may not be the same. Careful planning is required if the company if to obtain current year deductibility.
10 For example, on April 22, 1997, the Hon. Peter Dunne, M.P. introduced in the New Zealand Parliament a bill, entitled the Millennium Computer Compliance Act, which would require all companies licensed to do business in New Zealand to perform a millennium computer audit according to certain specified standards and to report the audit results to the government. Failure to complete the audit and report the results would be punishable by a fine of up to NZ$250,000. Legislative responses are also under consideration in the United Kingdom. 1
1. For a discussion of this issue, see Joan Paul, International Tax Consequences of Year 2000 Fix Costs. For example, Sen. Bob Bennett, chairman of the Senate Subcommittee on Finance, has stated that the subcommittee has been studying proposals to sanction companies that fail to satisfy their fiduciary duties to customers as a result of negligence in Year 2000 remediations efforts.