Year 2000 Preparations in the Australian Banking and Financial System 2. Australian Prudential Regulation Authority

2.1. Framework for Achieving Year 2000 Compliance

A broad framework for achieving Year 2000 compliance, based on international standards, was provided in earlier editions of this booklet. In brief, it comprises five key stages: assessment, renovation, validation (testing), implementation and contingency planning. Financial institutions are now in the process of finalising their Year 2000 contingency plans. This approach is consistent with guidance issued by the Basel Committee on Banking Supervision, which has been adopted internationally by financial sector regulators.

To avoid confusion, and to provide a reference point for the industries it regulates, APRA has decided to use the following definition of Year 2000 compliance:

A Year 2000 compliant system is one which is able to operate on and after 1 January 2000 and manage and represent information involving dates, without being abnormally affected by dates spanning the period prior to, during and after the Year 2000. A Year 2000 compliant system should also be able to accurately exchange information involving dates with other systems.

A more detailed definition of Year 2000 compliance prepared by the British Standards Institute is included in Appendix 3.

The distinction is often made between ‘critical’ and ‘non-critical’ systems in respect of Year 2000 compliance. This is to ensure that attention is focused on those systems likely to have the most disruptive impact should they fail to be compliant. APRA has defined a system to be ‘critical’ if its failure would:

  • result in a substantial loss (either in money or reputation);
  • have a significant impact on the organisation's operations; or
  • adversely affect the organisation's customers/counterparties for an extended period of time (eg over 24 hours, but this could vary depending on the type of business).

This definition typically covers the following systems: payments, accounting, treasury, risk management, front office, communications and operating systems directly supporting essential financial services. Examples of ‘non-critical’ systems might include other internal information systems and some administrative systems.

2.2 Supervision of Regulated Institutions

APRA's Role

As mentioned above, APRA was formed on 1 July 1998, combining the banking supervision operations of the RBA and the supervision of life insurance, general insurance and superannuation funds previously undertaken by the Insurance and Superannuation Commission (ISC); responsibility for the supervision of building societies, credit unions, friendly societies and special service providers was transferred from the Financial Institutions (FI) Scheme supervisors to APRA on 1 July 1999. Prior to the transfer, APRA and AFIC (the lead regulator of the FI Scheme supervisors) worked closely to ensure consistency in their approach to the supervision of the Year 2000 preparations of their respective regulated entities.

APRA's overall approach to the supervision of regulated entities is based on the view that the prime responsibility for the prudent management of the entity resides with its board and management. APRA expects regulated entities to have systems in place which identify and limit risks to prudent levels. Therefore, ultimate responsibility for ensuring that a regulated entity will continue to operate successfully in the Year 2000 rests with the board and senior management. APRA's role is to ensure that institutions have in place an adequate program to address the Year 2000 problem, which is supported by the board and senior management, and that sufficient resources are being devoted to the task.

APRA (and, prior to its formation, the RBA, ISC and AFIC) has been monitoring the Year 2000 programs of regulated institutions since 1997. The degree of supervision varies according to the type and size of institution, with the most intensive supervision directed at banks because of their critical role in the payments system. APRA has also promoted awareness of Year 2000 related issues ­ this is especially important for the smaller institutions and those institutions which had originally focused on Year 2000 as a technology issue and had not fully taken into account the wider business implications.

Quarterly Progress Returns

Regulated entities are required to provide APRA with quarterly Progress Returns in respect of their Year 2000 programs. (The returns provided to the FI Scheme supervisors prior to 1 July 1999 were largely consistent with those provided to APRA.) The range of information sought in the quarterly returns has changed over time in line with the advancing stages of Year 2000 preparations. While the focus over late 1998/early 1999 was on renovation and testing of critical applications, attention has now shifted to finalisation and testing of contingency plans.

In addition to the returns, APRA also obtains a range of information from regulated institutions on their Year 2000 preparations, through meetings and prudential consultations, correspondence and telephone conversations. APRA also monitors the public information put out by institutions, including disclosure statements to the ASX and information placed on web sites and provided to customers.

Pro-active Measures

Where it has looked uncertain that a financial institution would meet its timeframe or adequately addressed those issues which it considers important, APRA has expressed its concerns directly to the Chief Executive Officer/Board/Country Head; where foreign banks are involved, APRA has also communicated directly with the bank's home supervisor. For example, where there was slippage in programs, APRA has sought additional information on the measures being taken to address this ­ APRA expects institutions to have ‘trigger dates’ and alternative, or ‘fallback’, positions (this is especially important where there is a reliance on third-party software/hardware suppliers or in respect of outsourced operations).

Where APRA has had particular concerns about an institution's progress, it has visited the institution to discuss its Year 2000 program in more detail. Over the past six months, APRA has met with a small number of institutions for this purpose. It should be emphasised that these visits are not aimed at verifying that financial institutions will not experience any Year 2000 related problems. Rather, they allow APRA to make a judgement as to whether the institution has in place an adequate program for Year 2000, that there is high-level commitment and that sufficient resources are being devoted to the task.

APRA wrote to regulated institutions in December 1998 informing them that, where they intend to outsource functions or undertake mergers with, or acquisitions of, other institutions, it would be assessing these plans in view of the possible impact on the Year 2000 remediation programs of regulated entities. Any plans to integrate systems, in the case of mergers or acquisitions prior to the Year 2000, require prior consultation with APRA.

Contingency Plans

Most institutions have completed the renovation and testing of critical systems and are now finalising contingency plans in order to mitigate the impact of a range of possible Year 2000 related problems arising through internal or external causes. APRA's target date for the completion of these contingency plans was end-June 1999. While APRA acknowledged that this date was somewhat ambitious, the majority of institutions have now either completed, or are close to completing, these plans. Those financial institutions that have not yet done so have some additional time to deal with any slippages. All institutions are expected to test these plans well in advance of 1 January 2000.

A number of the larger global institutions learned some valuable lessons with the introduction of the Euro on 1 January 1999 and have taken these into account in their contingency plans. APRA has provided financial institutions with a number of useful documents on contingency planning, including those put out by the Joint Year 2000 Council and the Australian Year 2000 Interbank Working Group. While most institutions already have contingency plans to handle a range of events, APRA wrote to institutions in March and June highlighting a number of issues which it believes are unique to Year 2000. These include:

  • liquidity issues, including potential changes in the behaviour of depositors, other customers and market participants. These could impact at both the retail and wholesale level, and could arise in the period leading up to, as well as on and after, 1 January 2000. A large number of institutions have indicated to APRA that they intend to significantly reduce the number of transactions they initiate in financial markets in the week or so before and after the date change. In fact, some have put in place total prohibitions on ‘over-the-counter’ financial market transactions during this period. Other measures that have been, or are likely to be, adopted include lengthening the maturity of funding to limit volumes maturing prior to the date change and during January 2000, building up holdings of highly liquid assets, and arranging stand-by lines from other institutions. These responses highlight the need for all institutions (and those with which they deal) to take into account the fact that trading volumes, and hence access to liquidity, may be significantly less than normal over the period around the date change;
  • institutions already have robust back-up arrangements to ensure that essential data (such as account information and customer records) are not lost due to system or other problems. APRA has asked that these arrangements be reviewed to take into account any potential problems specifically associated with the Year 2000. This is important in providing reassurance to depositors, policy holders, members of superannuation funds and other customers that their essential records are safe;
  • boards of financial institutions should take into account the broader implications of Year 2000. This includes issues such as a potential increase in insurance claims and an assessment of the impact of Year 2000 related issues on current investment strategies; and
  • where critical functions are outsourced, contingency plans should take this into account.

APRA has also written to institutions suggesting that they should consider setting periods in the latter part of 1999 and early 2000 (including the period around 29 February 2000) during which changes to critical systems will only be undertaken if deemed absolutely necessary. This is to ensure that any changes do not introduce errors into systems that have already been tested. Most institutions have put in place a freeze period on changes to critical applications. APRA supports the Australian Payments Clearing Association's initiatives in this area (refer Chapter 5).

The following outlines APRA's supervision of Year 2000 issues by individual sector.

2.2.1 Authorised Deposit-Taking Institutions

Banks

APRA is closely monitoring each bank's Year 2000 program through quarterly Progress Returns, which are signed by a director of the bank (or Country Head in the case of foreign bank branches operating in Australia). External auditors are required to verify the information provided in the return in accordance with Prudential Statement H1, Relationship Between Banks, Their External Auditors and APRA. In addition to verifying the Year 2000 returns, APRA has asked external auditors to report on banks' ‘Business Continuity (Disaster Recovery) Plans’, including preparations for business to continue in the face of difficulties associated with the Year 2000. APRA has also requested the Chief Executive Officer (CEO) of each bank to attest that progress on Year 2000 issues meets the timeframe set by APRA in respect of critical systems (ie the completion of renovation and internal testing by end-December 1998 and completion of external testing by end-June 1999). CEOs and Country Heads have provided attestations as at end-December and end-June (with qualifying statements as necessary where some critical systems had not been internally tested). The attestations as at end-June 1999 also required CEOs and Country Heads to attest that comprehensive contingency plans were in place to deal with a broad range of possible events and ensure that essential data (eg account information and customer records) will not be lost as a result of system or other problems.

APRA has been closely watching banks' participation in testing of domestic payments clearing streams and other external testing programs, such as those conducted by SWIFT, the Australian Stock Exchange and the Sydney Futures Exchange.

The Banking Act 1959 provides APRA with considerable powers over authorised deposit-taking institutions (ADIs), which now include banks, building societies, credit unions and their industry Special Service Providers. APRA will use these powers where it is of the view that an ADI has not taken adequate measures in respect of its Year 2000 preparations and where it believes that this could have an adverse effect on depositors or other financial institutions. In such cases, APRA has a range of options, including restricting the operations of the ADI. As mentioned above, APRA has already met with a small number of institutions where it had concerns, and indicated to them the broad approach it would take if it was not satisfied about the extent of progress. However, APRA is of the view, on the basis of the information it has at this time, that it is unlikely that such steps will be necessary.

Survey Results

The RBA undertook its first survey of banks' Year 2000 preparations in May 1997 (the results were outlined in a speech by Deputy Governor Thompson in October 1997 and published in the Reserve Bank Bulletin in November 1997). In March 1998, the RBA sought additional information and the results of that survey were given in the first of these booklets in July 1998.

APRA introduced its first quarterly Year 2000 Progress Return in September 1998 (the results of the September and December returns were published in the January and April 1999 versions of this booklet, respectively). Banks have had the option of completing these returns on a ‘whole organisation’ basis, reflecting the fact that many financial groups (consisting of banks, life insurers, funds managers etc) have tended to manage their program on a centralised basis. It was also decided to adopt this approach so as to simplify the provision of information to APRA for those financial groups having more than one entity regulated by APRA. While most respondents have chosen to adopt this approach (many had provided information on this basis in the previous surveys), others opted to provide the information on a bank-only basis. As a result, the information in the Progress Returns is not directly comparable with the earlier surveys.

The main results of the latest Progress Return, which detailed the state of Year 2000 preparations as at end-June 1999, are outlined below:

  • there was significant progress during the June 1999 quarter, with more than half of the banks reporting at end-June that all critical systems had been completely renovated and tested. Most of the remaining banks finalised testing during July and August. The few remaining systems where testing is yet to be finalised are systems where any problems would have little or no impact on retail bank accounts or the payments system. Where a bank has not completed its renovation/testing activities for all of its critical applications, APRA is confident that appropriate ‘trigger dates’ and ‘fallback’ arrangements are in place to minimise disruptions should these systems not be made compliant in time. This is especially important where there is a possibility that third-party vendors will fail to provide compliant software/hardware within an acceptable timeframe;
  • banks and banking groups continue to allocate considerable financial and staffing resources to their Year 2000 programs. They expect to spend around $1.1 billion (this amount remains unchanged from the end-September 1998 figure)[1]. While there was considerable variation between institutions, in aggregate, around 80 per cent of the budgeted amount had been spent by end-June, compared with 70 per cent at end-March and 60 per cent in December 1998;
  • banks and banking groups had around 2,800 staff working on Year 2000 issues at end-June. This represents a fall of nearly 10 per cent since March, reflecting the fact that the most labour-intensive component of banks' Year 2000 projects – testing – has now largely been completed. To date, banks have not experienced any problems in obtaining – or retaining – suitably qualified staff;
  • most foreign bank branches are dependent on their parents for their Year 2000 compliance program. Most have only a small number of local IT staff and, being restricted to the wholesale market, tend to have less extensive systems than the large domestic banks involved in the retail market. APRA has exchanged information with the home-country supervisors of all foreign banks operating in Australia regarding Year 2000 preparations;
  • banks are well into the contingency planning phase of their Year 2000 programs. Around 85 per cent of banks had completed their contingency plans by end-June, allowing the rest of the year for testing and further refinement. These plans address the impact on banks' operations should their own systems experience Year 2000 problems and take into account the potential impact of problems experienced by counterparties, customers and suppliers. As mentioned in Chapter 2.2, APRA has indicated to banks those areas which it considers are most important;
  • as at end-June, banks assessed that around two-thirds of their customers and counterparties were taking adequate measures to address the Year 2000 problem. Banks have included Year 2000 issues in their criteria for assessing potential exposures to customers and counterparties and most have provided disclosure statements on their Year 2000 preparations to their customers and counterparties. The vast majority of banks have now put in place programs to raise customer awareness of the Year 2000 problem and are seeking details of what customers and counterparties are doing to address the problem; and
  • almost all banks plan to undertake a final check of some or all of their systems over the New Year long weekend as a final check for Year 2000 issues. Should problems be detected which cannot be resolved immediately, the three-day break provides ample time for banks to invoke contingency plans before normal trading resumes on 4 January. APRA will be seeking assurances from those not conducting tests, and those opening for business on 1 January, that appropriate safeguards are in place.

Credit Unions, Building Societies and Special Service Providers

As noted above, the responsibility for the prudential regulation of Australia's credit unions, building societies and their special service providers was transferred to APRA on 1 July 1999. Prior to July, the state-based FI Scheme was responsible for the supervision and regulation of these entities; AFIC was the lead supervisor in the FI Scheme. Throughout the period leading up to the transfer, AFIC worked closely with APRA to ensure a consistent approach to the supervision of the Year 2000 preparations of Australian financial institutions.

The approach adopted by FI Scheme supervisors included both on-site and off-site supervision activities. The on-site activities involved visits to specific institutions to assess the adequacy of their Year 2000 preparations, and the overall corporate governance of the Year 2000 problem. Off-site supervision activities focused on the collection of relevant information from quarterly returns. In addition, FI Scheme supervisors met with industry service providers and common IT vendors to discuss their Year 2000 preparations. AFIC also encouraged external auditors to consider the adequacy of an institution's Year 2000 preparations before signing-off on risk management audit reports.

Throughout the process, the FI Scheme supervisors have emphasised that the prime responsibility for the management of the Year 2000 problem resides with the board and management of each institution.

Survey Results – Credit Unions and Building Societies

All FI Scheme institutions have been required to submit quarterly returns on their Year 2000 preparations. The returns have been largely consistent with those required by APRA, with the range of information sought in the quarterly returns changing over time in line with the advancing stages of Year 2000 preparedness. The type of information sought has included board awareness, Year 2000 project planning, contingency planning and current project status. The results from the returns have been useful in identifying specific issues and in influencing the focus of on-site inspections.

Credit unions have approached Year 2000 preparations from an industry viewpoint. There has been a high level of cooperation between individual institutions and considerable assistance from industry special service providers.

The June 1999 returns indicated that the very large majority of building societies and credit unions had completed the testing and implementation phase of their Year 2000 project by end-June 1999. Where there has been some slippage in testing timetables, this has been largely due to external service providers, an issue that was addressed by additional testing periods in July and August. FI Scheme supervisors have encouraged institutions to impose a freeze on changes to critical applications over the two main periods of risk.

With the completion of most of the renovation activities, the main focus of these financial institutions has now shifted to contingency planning, which includes issues such as potential liquidity demands, disclosure of Year 2000 preparations, staff training, and so on.

Survey Results – Special Service Providers

There are three Special Service Provider (SSP) groups ­ Credit Union Services Corporation of Australia Limited (CUSCAL), CreditLink and AAPBS Settlements Limited (ASL). The role of the SSPs is critical as they provide access to the payments system for the credit union and building society industries.

FI Scheme supervisors were responsible for the supervision of the Year 2000 preparations of SSPs prior to 1 July 1999, at which time responsibility was transferred to APRA. As with credit unions and building societies, SSPs have been required to submit quarterly returns on their Year 2000 progress. While these returns have been specifically tailored for each SSP based on the functions and services it provides, the returns have been, again, largely consistent with those required by APRA. Similarly, the range of information sought in the quarterly returns has changed over time in line with the advancing stages of Year 2000 preparedness.

The results of the June 1999 survey indicated that the SSPs have continued to make steady progress and that by end-June 1999, all testing phases relating to critical systems had largely been completed (the SSPs were also participants in the APCA payments system testing that was successfully completed at end-June). The SSPs' Year 2000 preparations are now heavily focused on contingency planning.

2.2.2 Life Insurance Companies and Friendly Societies

Life Insurance Companies

As the Year 2000 problem could potentially have a significant impact on the life insurance industry and interests of policy-holders, APRA has undertaken a number of initiatives to raise awareness of the problem within the industry and to closely monitor industry progress towards resolving the problem.

APRA has surveyed all registered life companies on five separate occasions to assess the amount of attention being given to the Year 2000 problem. The first of these surveys was conducted in July 1997 in order to assess the level of awareness of the problems which could arise. In November 1997, the results of the survey were relayed to the industry through letters to the CEOs of all life companies and approved auditors. This emphasised CEO and board responsibility to ensure that a company's computer systems are adapted in time to avoid any Year 2000 problems, especially those which may harm policy-holder interests. The letter highlighted the role a company's auditor should play in assisting companies to monitor the progress of Year 2000 preparations. It also raised a number of business issues relating to the problem, in particular dependencies on external service providers (including reinsurers, investment managers and custodians) and the importance of contingency planning (including disaster recovery plans).

The second survey, and first of APRA's quarterly Year 2000 Progress Returns, was in September 1998. Further Progress Returns were conducted in December 1998, March 1999 and, most recently, June 1999.

In between these industry surveys, a series of inspections of life companies' Year 2000 preparations were conducted in April/May 1998. A range of companies were visited on the basis of size, type of business written, etc, in order to cover a cross-section of the industry. The prime focus of these inspections was to ascertain whether companies had appropriate processes in place to minimise the risk of loss or disruption to policy owners. During the second quarter of 1999, further inspections were conducted of a number of companies whose returns raised some concern.

Feedback from both the visits and the September 1998 survey were relayed to the industry through letters to the CEOs of all companies. During 1999 all feedback has been provided on an individual company basis when issues have arisen from a company's return.

On the whole, companies are now well advanced, if not finished, with renovation, testing and preparation for any potential disruptions. APRA is now dealing with any remaining issues on a company-by-company basis, including visits to companies and continued close monitoring.

Survey Results

The surveys conducted by APRA since 1997 have revealed:

  • companies have recognised the importance of the Year 2000 issue and are committed to ensuring compliance. Although some companies started their preparations late, and have lagged behind the generally accepted international timetables, the industry is now well positioned for the date change;
  • the level of attention paid to Year 2000 issues at board level has varied between companies and over time but is now a major focus of the board in all companies;
  • companies originally concentrated on addressing the Year 2000 readiness of internal systems. Most are now addressing the compliance of other service providers (eg reinsurers, investment managers). All life companies have now contacted and received some responses from external service providers concerning their preparations. However, response rates have varied between companies;
  • almost all life companies had completed the renovation and testing (including testing with external parties where appropriate) of all their critical computer systems by 30 June 1999. The few remaining companies have been contacted by APRA and their progress is being closely monitored; and
  • the majority of companies have developed contingency plans for the Year 2000. The remaining companies are currently in the process of finalising and testing these plans.

APRA will continue to monitor life companies' Year 2000 compliance closely.

Friendly Societies – Survey Results

As with other entities supervised by APRA and the FI Scheme supervisors, friendly societies have been required to submit quarterly returns on their Year 2000 progress. These returns have been largely consistent with the returns required from credit unions and building societies.

The June 1999 returns indicated that the friendly society industry is well progressed with its Year 2000 projects. The very large majority of institutions have completed their testing and implementation phases and are now focused on their contingency planning.

2.2.3 General Insurance Companies

Approach to Supervision

APRA has undertaken a range of measures to raise awareness of the Year 2000 issue in the general insurance industry. In addition to the protection of policy-holders' interests, as the prudential supervisor of entities which might provide cover to others in respect of insurance risks relating to Year 2000 events, APRA's concern extends to the potential liability of such entities for claims.

In January 1998, all authorised general insurers and approved auditors were surveyed to assess their awareness of, and measures being taken to address, the Year 2000 problem. This was followed up with another survey of authorised general insurers in November 1998. Between the surveys, APRA visited 15 groups of insurers to obtain a better understanding of their approach to Year 2000 issues.

As a result of the surveys and company visits APRA was able to confirm that the industry was giving sufficient priority to Year 2000 preparations and that the proposed projects covered the broad issues within acceptable timeframes. In particular, the critical functions for renewals and new policies were renovated before the end of 1998.

Most insurers have changed their policies to exclude losses that arise directly from Year 2000 problems, but they have not excluded losses that arise indirectly from such problems (ie consequential losses). However, reinsurers have tended to provide reinsurance to direct insurers without Year 2000 exclusion clauses. On this point it is worth noting that the Insurance Council of Australia (ICA), the industry association representing private sector general insurers, has advised that many potential Year 2000 related losses can be predicted and can be avoided by careful planning and timely action. As a result, the ICA is of the view that such losses may not be covered by insurance, which covers losses arising only from accidental or unforeseen events. The actual outcomes based on specific claims cannot be forecast with any certainty at this stage.

Survey Results

The Year 2000 progress of general insurance companies that are part of a financial group containing banks and/or life insurers has been monitored through the ‘whole of organisation’ quarterly Progress Returns requested of those institutions. The remaining stand-alone general insurers and reinsurers were required to file quarterly Progress Returns for the March and June 1999 quarters. The main results of the returns are as follows:

  • general insurers had largely completed renovation and internal testing of critical systems by end-June 1999. A large proportion of the residual work-in-progress relates to post-June upgrading to Year 2000 compliant software. APRA will continue to closely monitor the renovation and testing of remaining systems;
  • where APRA has had concerns with the pace of an individual insurer's progress, it has raised these concerns directly with the insurer. APRA's experience has been that, where such concerns have been raised with insurers (mainly as part of conglomerates), they have been addressed as a priority;
  • contingency planning for the industry is well advanced, with the majority of insurers providing summaries of their plans, as requested by APRA. Most of the remaining insurers have identified their risks and proposed action and are in the process of finalising the plans;
  • most insurers have indicated that they intend to test all or key aspects of their contingency plans prior to 1 January 2000;
  • a standard element of individual insurers' contingency preparations includes plans to verify over the date change weekend that internal systems are functioning normally; and
  • a feature of general insurers and reinsurers is the high percentage of customer and supplier Year 2000 assessments.

APRA required the CEO, or authorised agent in the case of branch operations, to attest by mid-August 1999 as to the status of their preparations as at end-June. The attestations are being examined by APRA as part of the assessment process.

2.2.4 Superannuation

Because of the number of superannuation entities regulated by APRA, it is impractical to approach each entity to assess its preparations for Year 2000 issues. Instead, APRA has focused on raising the awareness of trustees about their responsibilities in managing the risks. Central to this is that APRA believes Year 2000 compliance is an important control issue with respect to the statutory obligations of all trustees.

APRA has assessed preparedness through surveys of larger entities and service providers, as well as placing special emphasis on the Year 2000 issue during the normal ongoing prudential review program. Where concerns have been raised they have been relayed directly to the trustees. APRA's findings, including general concerns and ‘best practice’ information, have been continually disseminated to the broader industry by trustee newsletters, speeches, brochures and press releases.

Approved trustees are responsible for funds whose membership accounts for approximately 90 per cent of the industry and nearly two-thirds of total assets. Reflecting their importance within the industry, APRA has obtained quarterly Year 2000 Progress Returns from all approved trustees since December 1998. In addition, Year 2000 compliance forms part of the annual certification as to the adequacy of approved trustees' internal control systems. Many approved trustees are part of banking or insurance conglomerates which have reported Year 2000 progress on a ‘whole of organisation’ basis.

APRA raised any issues directly with trustees or their agent in writing or as part of the ongoing review processes. These concerns generally related to the timing for completion of renovation and testing of systems and/or contingency planning. A particular issue for some trustees, in view of the high level of outsourcing of functions, has been the need for more pro-active management of progress by critical service providers. APRA has continually reminded trustees that it is their responsibility to form an opinion of their service providers' progress, regularly review progress against milestones and determine fallback positions with appropriate trigger dates.

Because of the large number of superannuation funds serviced by external administrators, APRA has sought information directly from administrators as well as from funds themselves. The selected administrators' clients were concentrated mainly in the excluded funds part of the superannuation industry (also known as D-I-Y funds). Where individual administrators did not provide APRA with a sufficient degree of comfort, APRA has approached some of the affected trustees directly and emphasised their responsibility to assess their service providers and, if necessary, take appropriate action to protect members' interests. All trustees approached have responded that they consider that the administrator does not present a material risk to member benefits.

Survey Results

The first survey of Year 2000 awareness among the major entities in the superannuation industry was undertaken in 1997. This survey covered the top 100 industry funds, all approved trustees and selected administrators. This survey indicated a mixed degree of preparedness and, as a result, all survey participants were written to expressing concern at the inadequate attention apparently being paid to this issue by the superannuation industry.

Throughout 1998, APRA focused on Year 2000 preparations as part of its ongoing program of prudential reviews of superannuation funds. A follow-up survey was sent to more than 300 approved trustees, fund administrators and large superannuation funds in July 1998. An additional tier of superannuation funds with 200 or more members was surveyed in October 1998. These surveys highlighted critical areas where superannuation trustees and administrators needed additional focus as part of their Year 2000 compliance programs. The survey responses showed that there had been a significant increase in awareness of the issues within the superannuation industry compared with the position twelve months earlier.

Commencing in December 1998, all approved trustees and a selected population of administrators were approached as part of APRA's program of quarterly Progress Returns. The major findings, which detailed the state of Year 2000 preparations at end-June 1999, are:

  • most of the internal systems of approved trustees have been renovated and tested. Most of the applications outstanding relate to the delivery and upgrading to Year 2000 compliant versions of commercial software ­ this should be finalised by early September 1999. Those approved trustees that had not finished renovation and testing at end-June 1999 are being closely monitored;
  • approved trustees who are critically dependent on service providers have generally improved their process for service provider assessment since the first quarterly survey in December 1998. At 30 June 1999, most were satisfied with service provider progress and expected to sign off in August 1999. The majority of significant service providers are part of banking or insurance conglomerates which have been closely monitored through the ‘whole of organisation’ returns provided to APRA;
  • over half of the approved trustees have finalised their contingency plans. The remainder are well advanced in their contingency planning and expect to have this process completed by end-August. The delay largely reflects the critical dependency of many approved trustees on service providers and the need to build on the contingency plans of those service providers;
  • most approved trustee contingency plans include testing and confirmation over the date change weekend that the operations are functioning normally;
  • of the administrators surveyed, the more significant report to APRA as part of bank, insurance or approved trustee conglomerates and their progress reflects the position of these conglomerates, as described earlier. In respect of the remaining institutions surveyed, it was found that their services were mostly to the ‘excluded fund’ (less than 5 members) sector. While the nature of the relationship between the excluded funds and the reporting administrator, and the size of the funds, present little material risk to either individual funds or to the superannuation industry as a whole, the administrators have nonetheless identified compliance requirements and have either renovated or are in the process of installing Year 2000 upgrades or patches to the commercial software on which their services rely; and
  • a minority of approved trustees have either indicated that they have made, or intend to make, a Year 2000 disclosure to members. ASIC has decided against a modification to the Superannuation Industry (Supervision) Act 1993 (the ‘SIS Act’) requiring such disclosure statements. Both ASIC and APRA encourage voluntary disclosure. In any event, trustees must consider their position on Year 2000 statements under the notifiable event provisions of the SIS Act and its Regulations.

2.3 APRA's Internal Preparations for Year 2000

Management Structure

APRA's compliance program is overseen by the Year 2000 Committee, which reports to the Board through the Risk Management and Audit Committee. The committee is chaired by the Chief Executive Officer and comprises the three Executive General Managers, the heads of the Legal and IT areas and the head of the Policy area responsible for developing and implementing APRA's supervisory approach to Year 2000 issues.

APRA's Year 2000 Program

The Year 2000 compliance program was independently certified as complete on 30 July 1999. APRA is continuing the former ISC's participation in the ‘whole-of-government’ compliance program being managed by the Office for Government Online (formerly the Office of Government Information Technology).

APRA's Year 2000 program addressed all major areas of APRA's operations, including computer hardware and software, building infrastructure and telecommunications.

APRA has around 500 PCs and 15 network servers. These have been assessed for Year 2000 compliance. A similar process will be undertaken for any additional PCs purchased prior to the Year 2000.

APRA uses a range of software that was assessed for Year 2000 compliance. This includes:

  • specialised software which has been developed ‘in-house’ (such as those used to process statistical information from regulated entities);
  • application packages supplied by third parties; and
  • endor-supplied operating systems and workstation software.

The software systems that were developed in-house required the greatest attention in respect of ensuring Year 2000 compliance. APRA has also received written certification from software vendors that its third-party application packages are Year 2000 compliant. In some cases it has been necessary to upgrade to a later version of this software.

APRA has engaged a consultant to independently verify APRA's state of Year 2000 readiness. The consultant's report was received at 30 July and confirmed APRA was at low risk from any Year 2000 issues.

The lease for APRA's new head office building contains an assurance of Year 2000 compliance and inquiries are being made in relation to the other buildings tenanted by APRA.

APRA has tested all communications facilities, and these were modified as necessary to achieve Year 2000 compliance. The new head office communication systems were already certified as being compliant.

APRA is currently preparing a Year 2000 Contingency Plan, which is expected to be implemented by end-September.

Costs

APRA estimates the total cost for its Year 2000 program will be around $350,000.

Footnote

This is only an approximate figure as, in most cases, separate figures could not be provided for foreign bank branches operating in Australia, reflecting the fact that Year 2000 programs were being managed by head office. In these cases, costs have been allocated on the basis of the size and type of operations in Australia. A number of banks increased their budgets in June 1999, but others reported an expectation that they will come in under budget. [1]