VIII. The Year 2000 Information System Compliance1
1. Official efforts to prepare the Brazilian financial system for the Year 2000 began with the creation of the central bank’s year 2000 committee in the second half of 1997. Today, the central bank reports that nearly all financial institutions are Y2K compliant. This conclusion is based on the responses to questionnaires filed by individual financial institutions and on the results of on-site reviews performed by the central bank’s inspections department.
2. An important test of Brazil’s Y2K preparedness took place on June 12, 1999, when the central bank participated successfully in a global payment systems experiment along with the Banco do Brasil, Bank of New York, Euro Banking Association, Hong Kong Interbank Clearing Ltd., New York Clearing House, and the Society for Worldwide Interbank Financial Telecommunications. This test of Brazil’s integration with the global payment system follows a March 1999 test of the internal payments system involving 20 financial institutions and coordinated by the bankers association, Febraban. The 20 institutions accounted for 81 percent of Brazil’s banking assets, 81 percent of checks cleared and 83 percent of interbank volume. Besides the major commercial banks, other participants were the central bank, Tecban, Credicard (Brazil’s largest credit card company), Cetip (Clearing House for the Custody and Financial Settlement of Securities), and Banco do Brazil’s check clearing house.
The central bank’s Y2K strategy
3. In December 1997, the central bank and the National Monetary Council directed that all financial institutions needed to assess individual systems and prepare action plans explaining how they would make those systems compatible for the year 2000.2 The action plans had to be operational by end-1998. To track developments by individual institutions in implementing action plans, the following three requirements were established:
Management had to report to shareholders semiannually on progress in overcoming the year 2000 computer problem. At a minimum, the report was to detail the diagnosis and planning for individual systems, adequacy of testing and status of implementation of systems that are Y2K compliant.
External auditors were required to provide an opinion regarding the adequacy of procedures—including testing procedures—by the financial institution, and the state of development of contingency procedures. The auditor’s evaluation of the year 2000 computer problem was required semiannually beginning with the audit report completed for the December 1997 financial date.
Each financial institution had to designate a statutory director to be responsible for compliance with central bank directives.
4. At several points in 1998 and 1999, the central bank sent out detailed questionnaires to measure progress in achieving year 2000 compliance. The questionnaires were used to follow up on scheduled modifications and achievements. The progress of each individual institution was tracked through SISBACEN—the central bank’s information system.3 Through end-June 1999, virtually all Brazilian financial institutions have certified that their information systems would process correctly dates subsequent to the year 1999 (Table 8.1).
|Financial Institution Type||Number of Institutions||Percent of institutions certifying|
compliance (in percent)
|by number||by assets|
|Commercial banks and Caixa Econômica||196||95.9||98.3|
|Home loan associations||1,131||97.5||99.4|
|Mortgage lender companies||4||100.0||100.0|
|Stock exchange brokers||193||93.8||99.7|
|Stock exchange dealers||230||96.5||88.6|
5. Onsite inspection process. Progress at individual financial institutions was also reviewed during the onsite inspections by the central bank’s examiners. If needed, the central bank issued special supervisory actions to compel compliance. The inspections department classifies individual institution preparedness through a rating scheme of 1 to 3, with a rating of “1” denoting satisfactory achievement, “2” denoting specific efforts required and “3” denoting unsatisfactory performance. Supervisory staff have concentrated their efforts on institutions with low scores. As a first action against nonconforming financial institutions, the central bank summons the statutory director to sign a term of commitment. The term of commitment establishes strict conditions for the institution’s compliance, including as minimum requirements: a systems inventory, assessment of required changes, system redesign, setting of target dates and conditions for each phase.
The next steps
6. The central bank has turned its concerns to infrastructure service providers, such as power and communications, as well as business partners to financial institutions, for instance, hardware and software service providers. The central bank intends to exert influence on those strategic sectors whose noncompliance could have adverse impacts on the financial system.
Prepared by Michel Moore.
The directive applied to all financial institutions regulated by the central bank—commercial banks, development banks, investment banks, finance companies, credit unions, mortgage lenders, savings and loans, stock exchange dealers, leasing companies, stock exchange brokers, and consortium management institutions.
The central bank reports that SISBACEN was Y2K compliant by end-1998.