INDY Committee Meeting

STANDING COMMITTEE ON INDUSTRY

COMITÉ PERMANENT DE L'INDUSTRIE

EVIDENCE

[Recorded by Electronic Apparatus]

Thursday, February 19, 1998

• 0909

[English]

The Chair (Ms. Susan Whelan (Essex, Lib.)): I call the meeting to order. Pursuant to Standing Order 108(2), we are conducting a study on information technology preparedness for the year 2000.

Today we have several witnesses before the committee. We have from the Office of the Superintendent of Financial Institutions Mr. Thompson and Mr. Webb; and we have from the Canadian Bankers Association Mr. Beasley, Mr. Riddell, Mr. Shaughnessy, and Mr. Weseluck.

We're going to begin with the Office of the Superintendent of Financial Institutions. What will happen is that both groups will make their presentations before we go to questions.

Mr. Thompson, could you begin, please?

Mr. John Thompson (Deputy Superintendent, Policy Sector, Office of the Superintendent of Financial Institutions): Thank you very much. It's a pleasure to be here today to talk about this important issue.

I propose to make a brief presentation and make a few comments as it relates to the work OSFI does. Before commencing my presentation, however, I would like to extend my congratulations to the task force on the year 2000 for a report that is both timely and comprehensive and that clearly sets out the need to deal with this matter.

• 0910

I was pleased to note that the report identified the financial sector as the leader in terms of taking action with respect to this problem. I was also very pleased that OSFI had been commended by the task force for being proactive in focusing senior management of financial institutions on the year 2000 issue.

My presentation today consists of three parts: what OSFI has done in respect of the year 2000 problem, what OSFI is currently doing, and what other OSFI initiatives are under way.

The year 2000 problem did not come as a complete surprise to us. A number of people at OSFI and in the industry have been aware for a long time that systems malfunctions were a real possibility due to programming conventions and limitations. In addition to the year 2000 problem, we are aware that other dates, such as February 29 and September 9, 1999, also pose possible systems problems. However, it is only in the past few years that the staggering potential costs of preparing computer systems for the year 2000 have forced attention on this issue.

OSFI's concerns crystallized in late 1995 and early 1996 with the decision to include in our examinations of institutions a review of the plans they had in place to address this problem. The results of that review, which were communicated to the industry in October 1996, indicated that all institutions were aware of the problem; most institutions had completed a preliminary review of their systems, had developed estimates of the magnitude of the problem, and had plans for correcting the problem; most institutions had involved their internal and external auditors in the process; some institutions had seen fit to engage outside consultants; many institutions found the problem was larger than they had first anticipated; and most institutions had estimated a target date of December 31, 1998, for completion of the required changes, thereby allowing them one year for systems testings.

Our review did, however, reveal one issue. Although institutions were focusing on the problems that related to their operations, they had not generally considered the readiness of others with whom they dealt or on whom they depended for certain aspects of their operations.

During 1997 OSFI continued to make year 2000 readiness reviews part of our examination process. The results of these reviews, which were again communicated to the industry in September 1997, revealed the following: all institutions had identified the addressing of the problem as an important issue; some institutions had developed comprehensive, broad-based plans, while others had focused their efforts on internal computer applications; and the degree of preparations varied from institution to institution.

As a result of what we had learned during these reviews, OSFI issued a best practices paper in late 1997, setting out what we saw as the minimum matters to be addressed in the year 2000 project. OSFI also notified institutions that future reviews would address the following matters: the manner in which the institution had addressed and developed its strategy; the accountability framework that had been established, including the internal audit, compliance, and legal departments; the key deliverables that had been established for internal operating systems and the applications systems provided by third parties; progress against the project development milestones and the implementation schedule; the institution's assessment of the preparedness of its major clients; and also copies of presentations made to the boards of directors to ensure they had been properly briefed on progress.

In addition, OSFI notified institutions that it expected that they would be fully year 2000-compliant or that they would at least be at the acceptance testing phase by the end of 1998.

• 0915

So what is OSFI doing in addition to its reviews and industry notifications? Recognizing that little in the financial services sector is of a purely national or local nature, OSFI is working with the Basel Committee on Banking Supervision—which we refer to as the Basel committee—and the International Association of Insurance Supervisors to improve the readiness of regulators and institutions around the world to face this critical issue.

In September 1997 the Basel committee published a document entitled “The Year 2000—A Challenge for Financial Institutions and Bank Supervisors”. This document stresses the need for the creation and adoption of an action plan and sets out specific actions to be taken at each phase of that plan.

On the insurance side, the International Association of Insurance Supervisors joined the Basel committee and the International Organization of Securities Commissions in issuing a joint press release stressing the urgency of the year 2000 problem. This was followed in November 1997 by a statement by the International Association of Insurance Supervisors, mirroring the principles that had been identified in OSFI's best practices paper and the Basel committee's year 2000 paper.

The IAIS paper also identified a number of year 2000 exposures specific to the insurance industry. These include exposures related to professional liability insurance in connection with technology producers, designers, consultants and so on, who may be sued for errors, omissions, and failure to complete contracts; and directors' and officers' liability insurance in connection with the failure by mangers and directors to take proper and corrective action.

We also identified the loss of property, property damage, and business interruption insurance in connection with all risk coverage policies and from indirect losses due to technology failure such as fire, water damage and so on, and third party liability insurance in connection with losses due to technology failures. Finally, we identified marine, aviation and automobile insurance in connection with failures of guidance systems, traffic control, street lighting systems, and that sort of thing.

The business of insurance relates to the assumption of risk in connection with possible or probable events. Some events such as the year 2000 are certain and unavoidable, and they should be recognized as such. The property and casualty insurance industry is taking steps to protect itself against the preventable losses that could flow from the year 2000 problem by adding to their policies the appropriate exclusion clauses. However, the types of products listed above have a long-term horizon, and many have provided limited exposure opportunities to change those contracts.

Earlier this month, OSFI participated in a year 2000 meeting organized by the G-30 working group, which is a group of industry associations and regulators originally created to address clearing and settlement systems issues. Recently, it has turned its attention to the year 2000 issue with the goal of ensuring that initiatives across the industry are widely communicated and that adequate testing has taken place. The purpose of the meeting was to ensure that support from the industry determined the scope of the efforts to be undertaken and to discuss the implementation and funding of the efforts. The ultimate goals of the group are to ensure that the year 2000 efforts of each participant are coordinated and to test the interconnectivity of the various systems by running mock transactions on weekends.

What further action is planned? At OSFI, the deposit-taking, property, and casualty insurance sectors plan to conduct industry ride assessments through our regular monitoring processes. In conjunction with the information that we have already obtained, the results of the assessments will then be evaluated against our best practices documents. Those institutions that are not at an acceptable stage of planning or development will be identified for further action by OSFI.

• 0920

This action may include notifying the internal audit departments of the deficient institutions and reinforcing the principles set out in our best practices paper that they are to assume an independent assessment function. We would then review their work on an ongoing basis, including a review of any reports they may have prepared.

Internationally, the Basel committee, the International Association of Insurance Supervisors, the International Organization of Securities Commissions, and the committee on payment and settlement systems of the central banks of the group of ten countries—the BIS—have organized a round table on the year 2000 problem for April 8 in Basel, Switzerland.

The objectives of this round table are to continue to raise the awareness of this issue at the senior levels around the world and to advance industry preparations for the year 2000; to provide a global forum for the sharing of relevant strategies and experiences across key industries by both regulatory bodies and industry representatives, including financial organizations, telecommunications companies, the computer industry, accountants, consultants, etc.; and to identify whether there is a need for further and possibly coordinated action.

It appears the recommendation of the task force most germane to OSFI's responsibilities is recommendation 13. As I hope I have demonstrated here today, we at OSFI have been, and continue to be, aggressive in our pursuit of information from our institutions with respect to the year 2000 problem. We continue to revise our compliance assessment procedures and to exercise moral suasion on financial institutions to ensure they are addressing the problem in an organized and effective manner.

I hope this information is useful to the committee. I would ask your indulgence to allow me to end my presentation with several observations.

First, OSFI concurs totally with the view of the task force that the year 2000 problem is a critical issue and failure to address it adequately may result in more than extra inconvenience and expense. It may well be the death knell for unprepared businesses.

Second, the full scope of the damage and costs to business and society as a result of the problem cannot be predicted. Damages can only be minimized, and even then, only by timely and structured planning and implementation.

Third, although larger institutions appear to be ahead in the planning and implementation stages, the consequences of inadequate planning may be less devastating for smaller companies. If they're very small, they may be able to deal with matters manually for a short period of time.

Fourth, institutions with implemented and tested plans will have a competitive advantage over those that do not, as they will be in a position to devote their resources to the promotion of their businesses rather than the correction of problems. Moreover, they may well be beneficiaries of the failures of those institutions that failed to address the problem adequately.

Fifth, no matter how complete an institution's planning and implementation may appear on paper, there will doubtlessly be unforeseen problems, consequences, and glitches. Accordingly, the ability of management and technical staff to deal quickly and decisively with these unforeseen problems will be crucial to the ultimate success of the rectification plan.

Sixth, the financial services business is increasingly becoming an international one, and the interdependence of financial services providers on one another and on sharing services is growing. This means Canadian financial institutions have to coordinate their preparation with those of other institutions in many jurisdictions.

Thank you very much, Madam Chairman.

The Chair: Thank you very much, Mr. Thompson.

We'll now turn to the presentation from the Canadian Bankers Association. Mr. Weseluck, the vice-president of banking operations from the association, will begin.

Mr. Mark Weseluck (Vice-President, Banking Operations, Canadian Bankers Association): Thank you. Good morning, Madam Chair and committee members.

• 0925

With me today are Gerry Beasley, senior executive vice-president for risk management at the CIBC and chairman of the CBA's senior risk management committee; Kelly Shaughnessy, senior vice-president for small business banking at the CIBC and chairman of the CBA's independent business committee; and Frank Riddell, manager of Project Year 2000 at the TD Bank and vice-chairman of the CBA's year 2000 interbank working group.

We appreciate being invited to provide the committee with the banking industry's views on the year 2000 issue, particularly with regard to the industry's readiness. Given the extent to which the year 2000 problem affects various aspects of the Canadian economy, we applaud this initiative by the industry committee to raise awareness of the potential implications of the problem and to assess the readiness of various participants in the economy.

As part of our presentation, we have provided each of you with a package of material containing the summary points of our presentation. Also included are brochures distributed by various banks to their customers to advise them of the year 2000 challenge; a copy of a fast-fact sheet that the CBA and the banks have used for enquiries by the media, government, and other interested parties; a sample progress chart that a business could use to track its preparedness—Mr. Riddell will refer to it—and samples of the banks' websites that explain the year 2000 problem and how it can be addressed.

I will now turn to Mr. Riddell to explain the steps that banks are taking to make their systems year-2000 compliant and to review some industry initiatives to assess the potential impact of interfaces with third parties. He will be followed by Mr. Beasley, who will discuss current initiatives under way by the banks to assess year 2000 credit risk and to inform clients of the issue. Mr. Shaughnessy will then provide some concluding remarks, after which we would be pleased to answer your questions.

Mr. Eric Lowther (Calgary Centre, Ref.): I'm sorry to interrupt, but if you've handed out documents that we should be using to follow along, I'd like to be clear on which ones they are. We have quite a bit of paper here.

Mr. Mark Weseluck: It's the presentation.

The Chair: They'll be referring to it as they go.

Mr. Eric Lowther: Thank you very much.

The Chair: Mr. Riddell.

Mr. Frank Riddell (Manager, Project Year 2000, Toronto-Dominion Bank): Thank you, Mark.

Good morning, members of the committee, Madam Chair. This morning I would like to focus my remarks on two aspects of year 2000. One is the magnitude of effort and the other is the banks' preparedness to deal with this high-risk project. The chart here will show that we have basically been focusing on internal systems, and OSFI's John Thompson mentioned that in his remarks. That was back three years ago. In the past year, we've really started to focus on external influences: those customers, suppliers, trading partners, and exchanges with which we deal.

It is a monumental task. It's a project that is larger than any that Canadian banks have undertaken. However, I want to assure you this morning that Canadian banks are well positioned. Our target date of December 1998 to have all our systems individually compliant, ready for street testing, and ready for testing with external companies, is on schedule.

As I mentioned, we're also dealing with our suppliers, our customers, and exchanges. This is different project management for us. Basically, we are managing our critical vendors and critical exchanges. We are asking them for detailed project plans and we are using them to manage the whole process.

Banks basically started in 1993. At that point in time, we were faced with five-year mortgages, five-year term deposits that we would not be able to issue in 1995 because they were going to mature in year 2000, and our systems were not going to be ready for that. We therefore had exposure to the problems of year 2000 early on. We fixed our systems at that point in time and had them ready for 1995, but that really was the tip of the iceberg.

At that point in time, in parallel with these activities, we started to form dedicated teams in-house to deal with the issue. These teams have grown considerably over the last few years. We're now at the point at which we have plans in place, and we're monitoring these plans very closely.

• 0930

I want to give you an overview of the aspects of this. It's not just mainframe systems. It's our vendor systems. It's all the PC systems. It's elevators. It's vaults. It's telephone systems.

The chart included in your package is a chart we use to monitor progress internally within TD Bank, but we also think it's a good chart to be used for other companies.

I've covered four categories. Then it goes through the phases we go through in this process. We take inventory, which means identifying everything possible that could go wrong, from a PC to a major supplier, then analyse it, get a plan in place, and monitor that plan.

The task force recommendations highlighted that the banks are at the forefront of year 2000 readiness. It has, however, helped us considerably in influencing bank management, in influencing priorities. For every one of the banks, this is their number one priority. We are deferring business initiatives and product initiatives to work on this.

The survey of the CBA members in 1997 indicated that, on average, each major FI was going to spend $100 million on this. This represented 600 person-years of effort, plus a lot of capital expenditure in equipment to upgrade.

These targets are basically the same. They have not changed that much in the last year. They're increasing slightly. The increase we're noticing is in testing. Of that budget, 50% is testing initiatives. We are going to test this from start to finish.

There are three phases of testing. The first one is internal systems. Get all our own systems working and then collectively run them. We're planning a full enterprise test to simulate the period from December 1999 through to January 5, with all of our critical systems running together.

In addition to that, we'll be testing individual systems for leap year, for fiscal year end, for many ranges of dates. September 9 is one that John mentioned—and that's part of our plan, John—but extensive testing is the key to controlling this. The chart shows various levels of testing. Each one will be a major effort.

I'm going to jump to the interbank working group. I joined that group in 1996. I have found it tremendously beneficial. We share ideas. We have learned a lot of lessons.

Initially, the solution to year 2000, most people think, is to expand from a two-digit year to a four-digit year. That's the logical solution. That's not the practical solution. That is basically for an individual system. That's the solution. But when you start looking at all the system interfaces, as soon as you expand one, all have to change at the same time. That goes outside of individual banks. It goes outside of countries. We could never coordinate that effort. So we are using logic within our systems to interpret dates and thus arrive at a much more practical solution to this problem.

I'm going to conclude by saying that the banks are on schedule. We're managing this very closely. We report to our boards on a quarterly basis. We report to our executive monthly. We at TD have an executive steering committee that meets biweekly to monitor progress, deal with issues, and make sure we track on schedule. We're not in this alone. We are managing our vendors and we are managing our customers.

• 0935

I hope this brief overview has been of interest to you. I'm sure you have many more questions for me, and we'll deal with them afterwards.

I will turn to Gerry Beasley to address the year 2000 credit risk considerations. Thank you.

The Chair: Thank you, Mr. Riddell.

Mr. Beasley.

Mr. Gerry Beasley (Senior Executive Vice-President, Canadian Imperial Bank of Commerce): Thank you, Frank.

Good morning, Madam Chair and members of the committee. It's a pleasure to be able to join you this morning as the representative of the CBA's senior risk management committee.

I'd like to begin by reinforcing some of Mr. Weseluck's opening comments. We fully agree with the assessment of the task force that the year 2000 challenge is an important one facing every Canadian business in every sector. Stats Canada's recent study shows a significant lack of appropriate attention across business sectors and sizes. Even for large businesses, some 52% were reported as having no formal plan, and the number is even higher for the medium and small business sector. For some businesses this will be a critical viability issue, and it is a challenge that cannot be postponed. There are less than 23 months left to meet it, with resources to help meet it in greater and greater demand every day.

The banking industry has been working for some time to communicate with our clients, both borrowing and non-borrowing, to raise their awareness of the potential impact that year 2000 may have on their businesses. To help inform them, we have produced a variety of literature including brochures and newsletters, a sample of which you have in your materials. The Internet web sites for various banks also include information on what the bank is doing to prepare itself, as well as tips and guidelines for businesses undertaking their own projects to resolve their year 2000 challenge.

Further, your materials include extracts from our web pages relating to year 2000 issues and a list of bank web sites for further reference. I'd like to add that clients are also referred to the Industry Canada strategist web site, which provides excellent information for businesses on how to get started on a year 2000 compliance plan.

As lenders we wish to bring value to our client relationships. We certainly don't have solutions for all the unique challenges of businesses. However, our wide exposure to many businesses and how they are doing things can be of assistance to our clients in helping them to identify the presence of year 2000 risk.

So our goal in this first phase has been to raise awareness and share information. The industry has also been examining the effect of the year 2000 challenge on its clients and the implications for credit decisions. Our focus and priority will continue to be the long-term financial health of our borrowing clients. As lenders, of course, we want to preserve that. We want our clients to remain financially healthy and we want them to continue to be able to borrow from us and repay us. That includes assisting them in being aware of the extent of their year 2000 risks, both the direct risk arising from their own computing technology requirements and resources and the indirect risk that is posed through the supply chain, which my colleague Frank referred to several times—their various dependencies on suppliers, service vendors, and customers.

This involves asking clients questions about their year 2000 risk through the regular loan review process and through special year 2000 questionnaires or surveys. These questions provide a framework for discussing the issue and for reviewing creditworthiness and readiness of the client to manage the challenge. That enables us to assess the risk on a client-by-client basis. I'm going to return later in my remarks to this issue of the individual approach, the client-by-client basis. It is key to our approach to this situation.

I'd like to give you some background on the CBA's efforts to help its own members examine this question of year 2000 credit risk. In the fall of 1997, the committee of which I am the chair created a subcommittee known as the year 2000 credit risk task force. The mandate of this task force was to assess credit risk considerations specifically arising from the year 2000 and recommend appropriate action for the industry.

• 0940

Thankfully, the task force determined that member institutions were already taking steps to incorporate year 2000 credit risk criteria into their lending practices. As I indicated, lenders have already begun to ask year 2000 questions of their clients during the annual credit review process or through separate year 2000 questionnaires.

There are some typical questions. Do you have a plan? Who is responsible for the plan? What does the plan include? What is the budget for your year 2000 conversion efforts? The last one is very important: what contingency plans do you have in place?

You've heard comments from my colleague at OSFI and indeed from Frank. For most businesses, this is in all likelihood not going to be something they solve absolutely. As they get nearer to the time there's going to have to be some prioritization in terms of which systems are mission-critical and which are not. Even for those judged to be so, is the contingency plan in place? The purpose of all of these questions is to help our clients recognize the degree of complexity in their businesses for year 2000 issues and to assist us in our assessment of their readiness.

Some businesses may in fact face very little risk or have solutions that are as easy to obtain as an upgraded version of off-the-shelf software. Mid-market and large corporate clients face much different and more complex risks, depending on the degree of automation, computer technology, or customized programming they have in place to run their businesses.

We recognize that these may be tough questions to answer, but businesses and banks must ask them and be satisfied with the answers and progress on solutions.

No less is expected of us, of course, by our regulator, depositors, shareholders, and investors. They expect bank management to make good-quality lending decisions. In this regard, we will give our customers every chance to respond and satisfy us of their continuing creditworthiness.

I would also like to comment this morning on a specific recommendation of the task force year 2000 that was directed specifically at the banking industry. Recommendation 3 is that lending institutions make loans to corporate borrowers contingent on the availability of a formal year 2000 plan to be implemented by April 1, 1998.

We agree with the task force that business owners must take ownership of the year 2000 problem within their own organizations and that the private sector is responsible for its own solutions. But while we must assess the borrower's readiness to respond on year 2000, lenders should continue to deal with their clients on an individual basis, assessing the specific risks facing them and working with them to resolve their own unique challenges.

We expect to remain fully flexible in assessing and accepting the risks facing our clients in dealing with year 2000 credit criteria in the same way we assess our clients' capacity to operate in other areas: financial performance, industry prospects, market trends, management capability, and environmental risk management. These are several of the aspects that credit decision-makers must assess as they make their judgments always in terms of the creditworthiness of the client. We intend to continue to review the particular needs of loan clients on a case-by-case basis, which will include therefore a review of the year 2000 risk.

By talking all of these steps I've described to you briefly this morning, raising awareness with our clients, being aware of supply-chain implications, and helping clients assess their own particular year 2000 risk, we intend to continue approaching the issue cooperatively with our clients. It's our goal to work with them and continue to support them with their financing needs while encouraging them to take the steps they should and must to ensure their own ongoing success.

Thank you very much for your attention. I'd like to turn now to my colleague, Mr. Shaughnessy.

Mr. Kelly Shaughnessy (Senior Vice-President, Small Business Banking, Canadian Imperial Bank of Commerce): Thank you, Mr. Beasley. Thank you, Madam Chair.

I'd like to thank this committee for providing us with the opportunity to discuss the challenges of the year 2000 problem. I also want to say that we welcome the task force's report “A Call for Action”.

• 0945

According to the recent StatsCan national survey on the preparedness of Canadian business for the year 2000, only 45% of businesses indicate that they are taking either formal or informal steps to prepare their technology for the problem. A 45% preparedness rate cannot be viewed as acceptable, and unfortunately businesses have less than two years to deal with the reality of the problem. Clearly the time to encourage action is now. Business owners must be reminded that the year 2000 challenge extends beyond their business operations to the entire supply chain. Business owners should be speaking with their suppliers, their trading partners, and their customers about their respective year 2000 readiness.

In your material you will find a diagram we have prepared to illustrate the potential risks facing any business that neglects to prepare for the problem. As you can see, a failure at one point along the chain could have detrimental impacts on a company's ability to conduct business, and in doing so jeopardize the firm's financial stability.

My colleagues and I in the banking industry take seriously the role we can play in raising awareness of the need for businesses to act. That is why we have been communicating with our borrowing and, I have to stress, with our non-borrowing clients about the year 2000 challenge for some time.

Individually banks have developed their own communication tools to inform their clients of the problem and to explain the necessity to act. There is a limit, though. There is a limit to what we as bankers can do to influence a client's action. Indeed the year 2000 challenge extends well beyond those companies that borrow from Canada's banks. At any time a majority of our small business clients do not have a loan from their banker, yet they may have a year 2000 problem. Each business is ultimately responsible for its own year 2000 risk exposure. A client's decision to ready their business for the year 2000 is their decision to make.

However, I cannot stress enough that we all want business to succeed. Our industry is committed to working with our clients to make sure they are aware of the year 2000 challenge and are informed of the need to take appropriate steps to diminish their risk.

We also recognize that time is of the essence. The process initiated by this committee to address the recommendations of the task force is especially valuable in light of the urgent need for businesses to take this matter seriously. As the year 2000 challenges affect every industry, we are pleased to learn that you will be hearing from other industry associations and representatives from the business community to help you develop a plan to increase awareness and encourage action.

In the past, we in the banking industry had expressed the desire to work in partnership with the government to assist Canada's small and medium-sized businesses to be successful. We believe that the need to heighten the awareness of the year 2000 challenge is an ideal opportunity for the government, the banking industry, and other key industry groups to come together to get the message out in the most effective manner.

Madam Chair, by working together we can make a difference.

I'd like to thank you again for inviting us. We would now be pleased to answer any of your questions.

The Chair: Thank you, Mr. Shaughnessy.

We're going to begin with Mr. Schmidt.

Mr. Werner Schmidt (Kelowna, Ref.): Thank you very much, Madam Chair. I really want to express my appreciation to each of the witnesses who appeared here this morning. It's a pleasure to meet you all personally, but also to enter into a discussion about this very serious question.

The first question is going to be a very easy one. I think, Mr. Beasley, you made the point that we want each of your customers to have a contingency plan. Perhaps you did say something about it, but I somehow missed it. What is your contingency plan?

Mr. Gerry Beasley: I actually have a great deal of pleasure in responding to that question. Among the responsibilities I have in our own bank is for what we refer to as our business recovery capability. We have put a lot of time and resources towards that effort for the past many years. It was not always an easy endeavour even within the organization to convince people to spend money to have alternate sites available, etc. However, we, as I'm sure the rest of my banking friends do, now have that capability in place. We have hot sites available in the event that different parts of the organization are not capable of operating.

• 0950

I must also say, with a bit of regret, we've actually had ample opportunity to test those facilities over the past year, as we've suffered various outages of one sort or another, both from natural causes and otherwise. So we have given the facilities a good working over.

Basically, then, we are using that framework. We will use that framework to ensure that if one or more of our operations are not operating on January 1, 2000, then we have the back-up and we have whatever the alternative is to be able to operate. It is very much part of our planning within the existing framework for business recovery to be able to deal with any aspect of the facilities that does have an interruption at that time.

Mr. Werner Schmidt: I appreciate that very much.

I wonder if the OSFI representatives could tell us whether they are demanding a contingency plan from all the other financial institutions.

Mr. John Thompson: We will be reviewing contingency plans from each of the institutions as we go through our on-site examination and analysis process. Yes, we do.

Mr. Werner Schmidt: The most intriguing part of all this is that really it was the financial institutions that initiated or became aware of the year 2000 problem earlier than other people in our economy did. It's not that they didn't know about it intellectually—they all knew about it—but they actually recognized the practical impact of these kinds of things.

My hard question really is this. You have a plan, you have a commitment to the plan, and there's an execution of the plan, so we have all that in place. How do you actually test, and how can a person determine ahead of the year 2000 that yes, I am ready, so they can come to you and say yes, Mr. Bank Manager, I want this money, but I am ready, and then you ask him, well, how do you know? How do you know?

Mr. Frank Riddell: We will be running a full simulation test. We will have computers with totally year 2000...a dedicated computer, separate from our normal production computers, which will have all the latest operating systems. We will then put all our individual applications on that system. We will develop databases dated 1999, probably in the latter part of 1999. We will run transactions against these. We will simulate merchants, customers, ATMs, home banking, business banking, branch banking, telephone banking. We will do a full simulation and go from start to finish, to make sure our systems are working.

It's testing on a magnitude we have not done before. We are scoping and planning it right now. Each of the major banks is planning such a test.

We will also test with our system suppliers. The banks use many external service bureaux, but we will be testing individually with them on the same basis. We will be testing with our exchanges, with the CPA, with CDS, Interac, Visa, to make sure all pieces of the system are working together.

Does that answer your question?

Mr. Werner Schmidt: Yes. That part is fine. But there is another dimension to this, and that's the individual person who does business with the bank. That's one side of it, but suppose I want to come to you and ask whether you can provide me with a test so I will know I can do this. I really appreciated the point that you're going to review this on a case-by-case basis as far as borrowers are concerned, but I'm concerned also about the person who is not necessarily borrowing money but who does have access to the bank and needs the Canadian payment system through the bank and so on. How does that business recognize that it is ready? How can it test itself?

• 0955

Mr. Kelly Shaughnessy: Mr. Schmidt, I think there are two aspects to such an endeavour. One, and I think the most important, especially for the small and medium-sized businesses, is to create a level of awareness that doesn't exist today. In your handouts you can see the various brochures or examples of what the banks have produced. I do believe, and certainly judging by the StatsCan survey, there's a need to further raise awareness. That is why in my remarks I suggested that there might be an ideal opportunity for a partnership between the government, between the banking industry, between the communication industry, all industries who are serving small and medium-sized businesses, to raise the level of awareness.

The other thing we're doing as an industry, and I think I can speak for all my colleagues in the other banks, is for our account managers to have questionnaires available so they can go in and ask a client various questions that will point out whether or not that client is prepared for the year 2000 problem. The complexity ranges through the size of the client. If it's a small business operating off a PC with basically off-the-shelf software, it may just be an upgrade. For a medium-sized business, and certainly for a large business where they're using custom mainframe applications, the complexity is somewhat different and will require more in-depth analysis and probing and testing by the account manager.

The Chair: Thank you, Mr. Schmidt. We'll come back.

Mr. Lastewka.

Mr. Walt Lastewka (St. Catharines, Lib.): Thank you very much. I must apologize. I have to go to the House at the start of the sitting.

However, there is one question that has come out for me continuously. Although we've done a lot of advertising—and I'm really pleased at the work you've done as far as getting the message out—the message that you can't wait until the end of 1999 to test and to find out whether you're in or out is a real problem for me. I was glad you mentioned earlier that you were testing everything and you're trying to aim for December 31, 1998. To me, that message is still not heard out in the field.

As far as I'm concerned, what I'm hearing is, yes, people are starting to understand that there's a year 2000 problem. Yes, they have to get into it, but they don't understand that the work has to be done earlier, because of overlapping—whether it's contracts, agreements, mortgages, or whatever arrangements they have. As soon as overlaps occur in the year 2000, they've got a problem. I'd like to have your comment on that.

I must apologize. I'm probably getting heck for not being in the House.

Mr. Mark Weseluck: That's exactly bang on in terms of where much of the concern is. I think Frank mentioned about half of the budgets are devoted to the testing. It's just part of it to actually do the fixes, but you want to know all your interfaces, whether it's going to work both internally and with your external interfaces. I think it certainly is a point to be well taken, to make sure that is emphasized, because we are getting into the stage where people should be completing their fixes and starting to think about testing.

Mr. Walt Lastewka: Am I to believe that of the $600 million, in the range of $300 million is dedicated for testing to be ready? I think Mr. Schmidt was heading in that direction. How do we know we're ready and we're not going to falter later on? Would it be correct to say that?

Mr. Frank Riddell: Basically, yes. Fifty percent is for testing. We're planning that right now. We're testing each system individually, then collectively, then with customers with outside suppliers.

I'm not sure what your question is.

Mr. Walt Lastewka: You mentioned you're spending 50% of the $600 million you gave us toward testing and getting ready, and I just wanted to get confirmation of that.

Mr. Frank Riddell: Absolutely. Testing is proof that we will be compliant.

Mr. Walt Lastewka: Thank you, Madam Chair.

Mr. Frank Riddell: We have a number of systems in place that are deemed compliant. We are demanding that they be retested as part of this process.

The Chair: Thank you, Mr. Lastewka. Thank you, Mr. Riddell.

M. Dubé, do you have any questions?

[Translation]

Mr. Antoine Dubé (Lévis, BQ): I think that Mr. Lastewka gave a wrong number: he talked about $600 million, but according to our documentation, you referred to 600 person-years and a budget of approximately $100 million. Is that right? Six hundred million is not correct.

[English]

Mr. Mark Weseluck: If it's for the six banks, $100 million average is another way of looking at it, but 600 man-years is typically the description, per bank.

• 1000

[Translation]

Mr. Antoine Dubé: I have glanced through your documents quickly and note that you say that nearly half of Canadian businesses are not ready, which leads one to believe that some are in danger of disappearing. If some of these businesses do disappear, this will be a problem for your banks because this will mean fewer assets for you.

I see that your initiative focuses primarily on providing consultation and information services and all of that. But does this truly represents a financial risk for your clients, you are running a risk as well. Have you thought about this eventuality in financial terms? For example, we know that the equipment will be expensive. Have you considered granting special loans to businesses to enable them to obtain the required equipment?

[English]

Mr. Gerry Beasley: Thank you. I'd be pleased to respond to that question.

For some businesses, the money they spend on equipment or on software upgrades or on testing will certainly be the most important money they have to spend in the next 25 months. As we assess the overall business, we would therefore look quite favourably at it in terms of this being a high-priority expense. It may very well be that in the case of any particular business—as it is indeed in our own businesses—it will have to be at the expense of something else the business might like to do, some other piece of equipment they might like to buy, some other new software package they might like to entertain. This will be the critical priority for a business.

Yes, in terms of the funding we will provide if we judge them to be creditworthy overall, we will certainly provide them with funding to help them with this very important and high-priority item.

[Translation]

Mr. Antoine Dubé: So you have already begun to think about it, but you view this more as an ultimate measure. This is not the first thing that you looked at; you have been focusing more on prevention, consulting and information.

[English]

Mr. Gerry Beasley: As has been very apparent and as has been re-emphasized by the task force, the first problem was one of awareness. There was little point in talking to clients about spending money to fix a problem they had not yet even agreed was a problem. So yes, awareness, communication, and an understanding have been very much the first phase. We have of course recognized all the way along that for businesses, large and small, this may be a significant expense item that is going to have an impact on their overall cashflow and on the priority decisions that any entity is going to have to make.

[Translation]

Mr. Antoine Dubé: I would now like to go back to Mr. Schmidt's question pertaining to the task force's third recommendation, which is that clients should present an official action plan before they are given a loan. Do you agree with this recommendation? Do you think it is too rigid?

[English]

Mr. Gerry Beasley: I think I best answer that by repeating what I said in my prepared remarks. The only way we see to deal with this problem is on a client-by-client basis. We will work with each client in terms of discussions with them in order to be able to assess their readiness, to assess their program for compliance, and the availability of resources for them to do that. We do not see that we will approach all clients in the same way.

[Translation]

Mr. Antoine Dubé: Before I ask my next question, I would like to congratulate everyone for having submitted documents in French this morning, which always makes the work and communication easier. Not everyone does this and I appreciate it when organizations such as yours do .

• 1005

I know that the caisses populaires in Quebec are governed by provincial legislation. The small businesses served by the caisses populaires are also worried about the year 2000 problem. Are you working in cooperation with institutions such as the caisses populaires in Quebec?

[English]

Mr. Mark Weseluck: With regard to the interbank working group—actually, “interbank” may be a bit of a misnomer—Frank is the vice-chairman and members include Caisses populaires, Canada Trust, and Bank of Canada. We felt it was helpful to exchange information and best practices. So they were invited and were interested in participating. They have been members as well.

[Translation]

Mr. Antoine Dubé: I had not noticed that they were part of your group. Thank you.

The Chair: Thank you, Mr. Dubé.

Mr. Bellemare, please.

Mr. Eugène Bellemare (Carleton—Gloucester, Lib.): Madam Chair, I must congratulate the group representing the banks and the Superintendent of Financial Institutions for their wonderful presentations. You are up-to-date. However, I have a few questions.

[English]

Is the problem really one of a COBOL program and not the other programs?

Mr. Frank Riddell: No. It's a lot more than a COBOL program. We reckon the conversion of our COBOL program is probably 10% to 15% of the budget.

Mr. Eugène Bellemare: Of the budget or the problem?

Mr. Frank Riddell: Both. Fundamentally, it's any computer system, whether it's a large mainframe, a mid-size or a PC system. It can be a chip embedded in a robot. It can be in elevator systems or in vault systems. Anything that has a computer chip could be non-compliant.

Mr. Eugène Bellemare: We were told the other day that if you have a recent computer, it doesn't matter what size, you don't have that problem. Is that a fact?

Mr. Frank Riddell: That, I don't believe, is a fact. The computer itself will probably roll over to the year 2000, but the software running on it may not work. It needs to be tested.

Mr. Eugène Bellemare: The financial institutions people said they were going to be ready for program testing by the end of 1998. The bankers said by December 1998 they'd be ready for testing.

Am I wrong to believe that “99” is something like “30”, which, when you write a communiqué, means “The end”? In computer programs, when you write 99, that means everything becomes blank. It's finished. It's cancelled.

If that is the case, if I am not wrong in my understanding that 99 means blank, finished, that's it, kaput—and “kaput” might be the best term—if you're going to be playing around with a little testing at the end of December 1998, which, in anyone's books, is about the worst month of the year to be implementing things because of holidays and so on, are you not going to be facing a panic situation if your programs fall apart because of that 99 kaput code?

Mr. Frank Riddell: I think there are two aspects to your question. First, we're not implementing all our systems in December 1998. Many of our converted systems have already been implemented, and they will be implemented throughout 1998. We said they would all be tested and finished by the end of 1998.

Now, concerning your point about 99 meaning kaput, or the end, in some cases the figure 99 is used for end of file, but rarely is it used in a date field. It's probably used in another field within the files in the computer system.

• 1010

In our testing we have found very few instances of what John Thompson referred to as programmers using the 9th day of the 9th month, 1999, to mean something other than September 9, 1999.

We have found a couple of instances where that was used, and it was used to say, “This is the end of the file.” Basically we have converted these systems and changed them so that it will not mean the end of the file. Something else will mean “end of file”. Basically, we have taken that logic out of our systems.

Mr. Eugène Bellemare: Thank you.

You've done a wonderful job, most of you. One bank had wee little paragraphs, but the other banks seem to have gone all out to have large publications. As a former teacher, I would give 75% of you an A+ in communications.

Voices: Oh, oh!

Mr. Eugène Bellemare: But it's fine to say to the kids, “Hey, you better stop at that corner because we're going to install a stop sign.” I think you ought to put the stop sign up and do a little policing.

Do you actually say to your suppliers, and also the borrowers—and when you talk about borrowers.... Awhile ago you gave the impression—and you're correct and it's proper to do that, you're protecting your money—that you don't want to do business with people who are going to squander it either by spending it or by stupidly not preparing in the systems phase.

So are you sort of telling them that there's going to be some kind of penalty, that they're being put on notice, that you don't want to do business with them, especially if they're suppliers, if they cannot prove by a given date—in 1998, I would have hoped—that their programs are ready? Of course, if you're a borrower, if you're not ready by a certain date...because then your accounts receivable may go kaput on you and then we have problems in collecting, “we” meaning the banks.

That's a general question.

A voice: We'll divide it.

Mr. Gerry Beasley: We're going to have Mr. Riddell speak in terms of “us suppliers” and then I'll try and talk about “us borrowers”.

Mr. Frank Riddell: In the case of the suppliers, yes, we are asking to see their plans and we are monitoring their plans. We're not just waiting for an end date. We want to see them progress towards finalizing that plan and delivering compliant products to us. We're monitoring that very closely.

A large part of our dealings with external customers or suppliers is in fact the monitoring of their plans. We meet with many of our critical systems suppliers on a biweekly basis and we share. If we're a customer of theirs and we can identify other customers, we all meet collectively with that supplier to review their plans and make sure they're tracking on progress. And we will test with them as well. We will not only see their test results, but we will provide them with test data that we want to test with them.

Mr. Eugène Bellemare: My final question, Madam Chair—

The Chair: I believe Mr. Beasley was going to answer that question. Then we'll come back to you.

Mr. Eugène Bellemare: Okay.

The Chair: Mr. Beasley.

Mr. Gerry Beasley: Yes, I was going to answer in terms of the borrowers. To use your metaphor, it is correct that it is not enough merely to point and tell them there is a stop sign. We are now moving into the phase where we are having direct discussions, client by client, in terms like this: “This is a serious issue and what are you doing about it? Are you committing the resources to it and do you have the plan so that your business will continue to progress, to survive?”

We're doing this so we will have a valuable client and so they will survive. Yes, there is an aspect of dialogue and probing that we are moving into in terms of the clients—and not just the borrowing clients either. As Kelly said in his remarks, whether clients are borrowing or not, this is an important issue for them and they must have their programs in place as well.

The Chair: Thank you.

Last question, Mr. Bellemare.

• 1015

Mr. Eugène Bellemare: Do you have what I would term a panic 99 readiness program? In other words, when your borrowers, your clients and your potential clients, all of a sudden panic in the fall of 1999 and they're really not ready...? What about this panic 99 readiness program? Do you have that?

Mr. Gerry Beasley: We are doing our utmost to ensure that the panic is limited. We've talked so much this morning about awareness. The Department of Industry is doing things; your committee is building awareness. I would expect essentially that responsible business with capable management will address the issue. Quite frankly, it's only the irresponsible who will reach the fall of 1999 and will be in a panic. If they do, and if they have not addressed the issue, then they indeed have a problem and it might be too late for them.

The Chair: Thank you, Mr. Bellemare.

Mr. Lowther, please.

Mr. Eric Lowther: I too want to compliment the presentation. We've had a number of presentations to this committee, and I think yours is probably the one that has instilled the most confidence in me, that you are actually going to be close to being ready, hopefully. Compared to some of the others we've seen, I think you're in a stronger position.

At the same time, I have one question, and I'll probably pass it over to Mr. Schmidt to follow up with a couple of his.

My primary question here is this. In spite of all the efforts you've taken to be ready—and we've heard this in other industries; airline executives don't want to fly on the eve of the year 2000—I'm just wondering, for those people who have deposits in your banks, the general consumers out there—and Mr. Bellemare talked about panic—what kinds of guarantees or assurances...? There's a lot about awareness, and we're talking about awareness, but nowhere do I see in the literature for the general consumer or depositor any kind of guarantee or assurance that his balance on the eve will be the same on the day after the year 2000.

Are you fellows leaving your money in the bank that day?

I'd like to see some sort of assurance for the general public as part of the program. If we don't address this, as this clock ticks down there is a real concern that people could panic and want to run the bank or whatever. I hate to even mention that, but unless we address this now I think you run that risk.

Mr. Gerry Beasley: I'd like to begin, and I'm going to invite Mr. Riddell to have a word in terms of the automated banking machines, which are perhaps an interesting example of that. Mr. Thompson may also like to make a comment.

It's a very good point. We also need to be communicating to the world what we are doing so they develop a level of confidence, and I might say continue the level of confidence they have, in the Canadian banking system, that their money is safe.

Yes, I will be keeping my money in the bank over that period of time.

We will do that. We will continue to provide all of the assurance we can. We are doing everything that's possible to be ready. We will be doing all the testing. Obviously our regulators, our own internal auditors, our shareholders' auditors, are all reviewing our progress and plans quite carefully. Our boards of directors are doing likewise. All of the elements of governance, both by the corporation itself and by external agencies, including this committee, will all play a role in our being able to assure our depositors and give them that very high level of confidence that, yes, their bank will be in business and their money will be safe.

Mr. Eric Lowther: Let me just close with a comment before I turn it over to Mr. Schmidt.

I don't have your level of expertise in banking, obviously, but from a consumer perspective, in your publications, or somewhere along this continuum, there must be a clear statement of assurance to depositors that their money is not at risk, some sort of a guarantee that they're not going to have to go through some difficult process to correct errors the day after to justify what they had the day before that is no longer there. Those guarantees must be part of your package here or we run a substantial risk, I believe.

• 1020

Secondly, I believe part of that whole strategy should also be some sort of a problem resolution appeal board. I don't know if that's just within the bank or if it's something national, but there will be problems the day after. What does the consumer do? Line up to deal with the teller? That's not going to work. There needs to be some sort of problem resolution appeal board the day after, because there will be problems. That would be my comment from Joe Q. Public.

The Chair: Thank you, Mr. Lowther.

Before we go on, did you have anything to add, Mr. Riddell or Mr. Thompson?

Mr. Frank Riddell: We will be advertising the results of our testing. When we're into 1999 and we're running these tests, the key elements of the test for January 1, which is a Saturday, are going to be home banking, business banking, ABMs, and telephone banking. Our branches will probably be closed on the Saturday, because that's a national holiday. We'll probably be closed right through the Monday, opening on the Tuesday, so many people will be using these systems to check to make sure their money is there.

We anticipate that. We anticipate high volume on ATMs and in home banking. I think what you're saying is that we will probably also produce paper back-up of every customer's position as of December 31, 1999, as a contingency measure in order to show what was in there as of year-end, so that we can use that to provide customers with information if there are in fact problems. I think our testing should assure us that there will not be problems, but if there are in fact problems, we will have a contingency; we will have back-up there.

Mr. Eric Lowther: Mr. Riddell, in this committee, I don't think I've heard from anybody in whom I've had as much confidence as I do in you and your ability to understand this issue. I think you really have it nailed and I applaud you for it. But you have also admitted in the literature, and I think in this presentation, that there will be problems occurring that we cannot foresee. No one is saying that's not going to be the case. That will be the case. Consumers want to have an assurance that when those problems occur they are not at risk. I think it's part of the bank's mandate to do that, but I appreciate your comments.

Mr. Frank Riddell: Thank you.

The Chair: Mr. Thompson.

Mr. John Thompson: Madam Chair, I don't have much to add to that except that I would agree that since we are talking about computer systems and the testing of those computer systems, there is a reasonable chance that systems somewhere in that chain will not work. Although the branches of banks will be closed on the days we're talking about, it is a high holiday period and it is a period of time when you have people travelling in other countries. You therefore have currency issues, you have credit card issues, and a lot of other issues that relate directly to the banking system.

The banking system—in fact, the financial services system generally—is built very heavily on the confidence the public has that the system will be there when they want it, that their balances in their accounts will in fact represent what they think they have—not what they should have, but what they think they have. When they lose confidence in the system, it is a dramatic problem.

I think your suggestion is one that should be considered. We who are associated with the financial services business, both directly and indirectly, should all be ready for complaints and problem solving immediately as we move into this period.

The Chair: Thank you, Mr. Thompson, Mr. Lowther.

I'm going to move to Mr. Peric.

Mr. Janko Peric (Cambridge, Lib.): Thank you, Madam Chair.

Mr. Thompson, in your statement, you say:

In addition to the Year 2000 problem, we were aware that other dates—such as February 29 and September 9, 1999—also posed possible dangers.

Could you be a little bit more specific?

Mr. John Thompson: I'd be glad to.

• 1025

We've already spoken on the panel to the question of September 9, 1999. That has been used in some cases as a reference that this would be the last record in the file and all of the fields would be filled with nines.

That was a common testing technique years ago and in some cases the date September 9, 1999, because it's all nines, was used to mean the end of time. Instead of using the infinity symbols in some cases, it was used by programmers to be the last possible date you could possibly imagine on which this system would work.

Those were primarily testing functions in systems. The risk was that in changing from a program or a system that was developed in a test phase and putting it into production, some of the testing phases would not be undone in moving across into a production phase of that system. That should be a relatively easy issue to solve.

The February 29 problem is a more interesting one. Not every year that is divisible by four is a leap year. I believe the rule is that if it's divisible by four it is a leap year, except if it's divisible by 100 it's not a leap year, except if it's divisible by 400 it is a leap year. The year 2000 is a leap year. That may sound like an obvious situation, but many years that end in zero zero are not leap years.

So February 29 becomes a date recognition issue. If you tried to run a transaction on the 32nd of January it should be rejected by the computer. If you tried running a transaction on February 29, 1998, it should be rejected by the computer. If you want to run a transaction on February 29, 2000, you want it recognized as a valid date. That's the issue.

Mr. Janko Peric: As we can see, the major financial institutions have plans and will most likely reach their goals. What about foreign banks that are doing business here and local credit unions? Do they have plans?

Mr. John Thompson: We subject all of the banks we supervise, including the subsidiaries of foreign banks in Canada, to the same criteria on our examination and analysis processes and make sure they are as ready for this issue as the big Canadian banks. You have heard from the big Canadian banks. They are very much aware of this issue and are taking very active steps toward resolving it.

The subsidiaries of foreign banks that are operating in Canada are, by comparison, very small and very focused in their markets. The problems are not as diverse, but their readiness is tested against the same standards. We want to make sure they're able to meet their obligations through this period, as well as anyone who's on a broad-base basis. Our reviews indicate they're as conscious of these problems and are working as hard on these issues as everyone else.

Mr. Janko Peric: Credit unions as well.

Mr. John Thompson: I can't speak to the issue of credit unions because we do not supervise them. They're supervised by the provinces.

Mr. Janko Peric: Thank you.

[Translation]

The Chair: Mr. Dubé, do you have any more questions?

M. Antoine Dubé: The Office of the Superintendent of Financial Institutions deals with other financial institutions in addition to the banks. You spoke to us briefly about insurance companies. Could you tell us how this sector in particular is dealing with the Year 2000 problem?

[English]

Mr. John Thompson: I'd be glad to. The issues in dealing with transactions and day-to-day business around insurance, be it life insurance or property and casualty insurance, are very similar to the issues the banking industry faces in dealing with transactions with customers—deposits, loans, and those sorts of issues.

There are some unique features, though, of both the life insurance business and the property and casualty insurance business that have to be recognized.

• 1030

The life insurance business is typically a very long-term business, so back in the 1950s and 1960s, when computer systems were being developed to support life insurance contracts, the life insurance industry was aware that those contracts could extend beyond the year 2000. So it was not unusual, back in the 1960s, to put logic into those computer systems to handle the year 2000 issue. It was not necessarily a neat fix, it was not necessarily an appropriate fix by today's standards, but they were attempting to address those issues. The accounting systems within the life insurance industry and a variety of other systems did not have to have that degree of readiness.

So one of the issues the life insurance industry actually has to face is the very diverse range of readiness within its systems. Some of their systems have been ready from the beginning. Some of their systems are in fact, like the banking systems, not going to be stressed until you get very close to the year 2000. One of their big issues actually has been to identify the problems.

A number of their systems are purpose-built. They are built by technicians. Actuaries, for example, would write systems to do their valuations. Those systems typically are very, very difficult to test, because the documentation typically is not to the same standard as if they were done by professional programmers.

On the property and casualty insurance side, you have all those issues, transaction issues as well as normal business issues, but you have the insured risk issue on the property and casualty side. Where the insurance company is providing, let's say, directors and officers' insurance, that would provide coverage in the event something went wrong and they got sued, but they would not be absolved from responsibility if in fact they were negligent.

The year 2000 is an issue we all know is going to happen. We know the year 2000 is coming. But if a company chooses to do nothing about it and relies on the insurance to meet its liabilities to customers or whomever, it really should not be insured, because this is not an insurable risk. This will have to be modified in the policy terms and conditions, to make sure the insurable risk covers those situations where institutions have done their best, they have worked hard at it, they have done everything they could possibly do, but through no fault of their own the systems did not work. It may have been one of their suppliers. It may have been something else. It may have been a related incident. I don't know.

These sorts of issues are unique to the property and casualty insurance industry.

On the other side of the coin, I have heard individuals claim they felt some comfort in perhaps not being 100% ready for the year 2000 because they had insurance to protect them. The fact is that the insurance will only give them a cheque, it will not solve the problem. The cheque will be written months, maybe even years, after the fact, which will be far too late for anyone to rely on their insurance to provide them any comfort that they will be in business on January 2. Any industry or any company that believes it has some comfort because it has insurance I believe should think about that very carefully, because that comfort is really false comfort.

[Translation]

Mr. Antoine Dubé: The House of Commons is debating shipping and the increase in premiums of insurance policies providing damage protection. Usually the other types of insurance cover real property, and we know that real property does not move. People move and can easily be identified. But this is different when it comes to insurance in the marine sector. Your report makes mention of this, but you have not discussed this issue in explicit terms. What makes this different?

• 1035

[English]

Mr. John Thompson: Marine insurance really comes down to a variety of issues. Most of the marine insurance that we would be talking about would be cargo-related types of coverage and that kind of thing.

The cargo type of coverage would relate, in part, to the best efforts of the shipping line to navigate safely, as they're supposed to. The issue here relates to things like navigation systems, not only on-board navigation systems but the high reliance that individuals around the world have now on satellite navigation systems. Not only do you have airlines relying on navigation systems that are based on satellites, but you have shipping based on navigation systems that are heavily into satellites.

So it's a very interdependent relationship. The person who wants to ship something from Halifax to Amsterdam is relying very heavily on computer chips that are not only driving navigation systems but the computers that are on-board those ships that all have to work through this entire period of time.

The issue on cargo coverage is related to that high interdependence, and you cannot necessarily look as simply at the on-board computer systems on a ship or the computer systems for the shipping company itself, its cargo management processes; you have to look beyond that into navigation systems. It's a very complex web.

The Chair: Thank you.

[Translation]

Thank you, Mr. Dubé.

[English]

Mr. Shepherd.

Mr. Alex Shepherd (Durham, Lib.): Thank you.

Getting back to small and medium-sized businesses and the findings of the report, that basically they're not up to speed, and maybe touching on some of the other comments that were presented, that maybe we need some new products to sell, loans, I guess, in this area, I wonder how we can move this file along a little bit in terms of what the government could do to assist a year 2000 loan package. A suggestion was made in the report to allow for a super write-off of 150% for one year and possibly a kickback in the next year for small corporations eligible for the small business deduction. I wonder about a rapid write-off of capital cost allowance. The finance department could kick in and give 100% write-off on new hardware.

How can we move this file along so we bridge this gap of how the small and medium-sized businesses...? Is it a matter of resource allocation?

There's going to be a lot of resistance to actually doing this. Is this something the banking community should try to promote and say, look, we're offering year 2000 loans? What is it that the government could contribute to that package?

Mr. Kelly Shaughnessy: I think, Madam Chair, there are probably a number of things we could do in partnership.

One is the awareness issue. We have to make sure they're aware of it. We have to make sure all the small business people know there's a problem. So there's a tremendous opportunity for partnership on the awareness issue.

The government mails to virtually every small business in Canada. We mail to all our clients. Maybe in partnership we can raise the awareness.

I can talk for the CIBC. If I take my CBA hat off and talk for the CIBC, we also see this as an opportunity. You touched upon loan packages, things of that nature. I don't want to say to the committee in a public forum exactly what we have up our sleeve, but we see it as an opportunity. We see it as an opportunity to form alliances with other people to offer a package to our clients that will be very attractive in assisting them in identifying the problem and, if they need financial assistance, in financing that which it takes to solve the problem for themselves.

I would suggest to you that we're not unique in that, that all my competition is out there with the same idea up their sleeve.

So I think you're going to find that we're going to heighten the awareness. The momentum on the awareness campaign is going to take off at a very quick pace.

Secondly, I think you're going to find all the financial institutions seizing this as an opportunity, and as an opportunity to bring additional value to their clients.

Mr. Alex Shepherd: We missed the one question I was asking. What does the Department of Finance do to assist that? Is it providing it rapid write-offs? Is it access to the SBLA loan program? How can the government push this along, partnering with the financial community?

• 1040

Mr. Kelly Shaughnessy: The SBLA program today would permit small businesses to obtain loans for their hardware. But there's probably a need if the program could be extended to software. That would be something.

I can't comment on the accelerated write-offs and things of that nature. I imagine there's an equity question the government would have to ask itself on this, in that there are companies that have resolved the problem, etc. Is it equitable to those companies that the ones that procrastinated, the ones that didn't move, now get a write-off on the person who did it? I leave that to the government to debate.

Mr. Alex Shepherd: But we're trying to address the issue that so many of them are non-compliant now, a high percentage of small and medium-sized businesses are non-compliant. I'm trying to find some way to shove this issue a little bit so it's attractive.

Mr. Kelly Shaughnessy: For instance, you as a member of Parliament have a householder. Is it material we can send out in the householder? Things like that. I think we just have to basically get it right between the eyes of everybody out there that this is a problem, that, as one of the members said, you can't wait until December 1999 on the New Year's Day weekend to fix it. The householder, other mailings, things of that nature, can really make it imperative that everybody understands there's a problem, and then leave it to the FIs to compete amongst themselves to come out with the best product to help the small business people resolve that problem.

Mr. Alex Shepherd: We'll work on the Minister of Finance.

The Chair: Thank you, Mr. Shepherd.

Mr. Schmidt.

Mr. Werner Schmidt: Thank you, Madam Chair.

I would like to focus on the insurance side of the business, and I think it involves everyone now, because I think most banks, if not all of them, own at least one insurance company and trust company, and securities dealers and investment dealers. It seems to me that there is this intricate web of interrelationships, which I think Mr. Thompson alluded to just a moment ago.

I know, Mr. Beasley, you're the expert in managing risk. I'm intrigued by the paragraph on page 3 in your report, Mr. Thompson, where you suggested at the end of the paragraph that: “This action may include”, that is, people who don't comply with getting ready for the year 2000, “notifying the Internal Audit departments of the deficient institutions, reinforcing the principle, set out in the Best Practices document.

I'm asking myself, does this mean in part that you will do, as OSFI now in particular or as the underwriting insurance company, the same thing as we were told before? It would be done on a client-by-client basis? Does this mean now then that each policy will be re-examined in terms of compliance or non-compliance with readiness to the year 2000? The risk could be very substantial if they hadn't met.

With all the answers you gave to my colleague's question earlier, this is a far more difficult question to answer, I think. I don't know. Maybe it's easy to answer.

It seems to me that the risk is not just to provide assurance to the people that their deposits are going to be okay. There's a far greater risk involved for the automated heating systems, electrical management systems, and irrigation systems. It just goes on and on and on. All of these have a calculated risk factor included in them.

So it's not just the insurance industry and the banking industry; they're all involved in this thing. Are we going to do this now and find out that if you didn't do it your insurance policy is probably gone, your deposits are gone, you're in trouble, it's over?

Mr. John Thompson: I'll attempt to answer the question. You're quite correct, there's a long, very complicated interdependency, not only in the financial services business but in everything from internal fire systems, elevator systems, etc., within any business.

As far as OSFI's role is concerned in this, our role is to make sure that the individual institutions we supervise do have a program in place, that they're following the program, and that in our judgment and theirs the program should work.

• 1045

We do not have the staff to read every single policy within an insurance company or to read every single program, but the individual institutions have to satisfy themselves that at that level they are ready and are able to handle the situation, whether it's a business situation, such as the risks of insurance—if they happen to be an insurance company—all the way through to the normal business of being able to handle transactions in that particular timeframe.

Our role is to make sure they're doing everything they can to be ready. Their role is far more detailed than ours.

Mr. Werner Schmidt: I quite agree. That's why I also addressed the question to the banking industry, because they're involved in this as well.

Mr. Frank Riddell: I have a comment there.

Basically, when I was talking this morning I was not talking on behalf of TD Bank, the bank. Our plan includes brokerage, trust, insurance, foreign subsidiaries. It's all the same process, the same year 2000 compliance program. I think I can speak for the other banks as well.

Mr. Werner Schmidt: I appreciate that.

May I expand specifically on the phrase, “client-by-client basis”? What did that mean when we heard that from either Mr. Beasley or Mr. Shaughnessy.

Mr. Gerry Beasley: I used the phrase several times. It was particularly in regard to the relationships with the borrowing clients in terms of trying to understand and ensuring we understood their readiness to continue in business.

In terms of the insurance side of things, certainly I will echo Frank's comment that our own preparedness and state of readiness assesses all of our operations, whether they be via branches or subsidiaries or the like. I have the pleasure of being on the board of our own insurance companies, so I'm well aware of them going through their own readiness assessments and governance.

From the point of view of an insurer writing insurance, that is not the business of the insurance companies we are involved in. They are writing life insurance, they are writing basic home insurance, basic auto insurance or some travel or accident insurance. In the extreme, of course, one might contemplate that if there was difficulty with an airline caused by this problem, that could cause that problem. As far as that's concerned, that would be our normal assessment of catastrophic insurance and we would be protecting ourselves through our reinsurance treaties.

It is not the focus of the insurance underwriting that we are involved in that would lead us into a direct exposure in this case. It would be more those who would be involved in business interruption or business continuity insurance, I would suggest, that need to be more careful in terms of the wording of their policies.

I believe this was addressed in some of the earlier commentary.

Mr. Werner Schmidt: But it comes into the other area in particular, and I think you're absolutely right on this other thing as well.

On the errors and omissions of the performance of professional services, as a bank you have access and you use professional services both inside and outside. You want to protect yourself as well against errors and omissions of people who serve you and of whom you are clients. So the question now becomes a very real one. What comfort level do you have that in fact the cashflow management and the requirements of cash from time to time are going to be accurate and that you can build on them? We're now concerned with actuarial tables; we're concerned with the major projection of interest rates and the requirements of capital at certain points in time and things of that sort. This is a very serious kind of issue. If there's one error, that throws all of those calculations out. So who's responsible?

Mr. Gerry Beasley: I think I will address what you're coming at.

It really comes back to our own assessment of the plan and the program and the capabilities of those we are dealing with, either as clients or as suppliers. Certainly, those who are significant suppliers to us...as Frank has said before, we're undergoing rigorous discussions with them in terms of our being able to assess their readiness. It's not easy, but each of us must do our own part, because we do live in a completely interlinked society. If others have problems, that can be an issue. So we must examine this, we must probe everywhere, among those with whom we do business, to be as confident as we can.

• 1050

The Chair: Mr. Bellemare.

Mr. Eugène Bellemare: Again it's to the Office of the Superintendent of Financial Institutions. September 9, 1999: do you see that as a problem that has not yet been resolved and tested?

Mr. John Thompson: This problem rarely occurs, but it does occur from time to time in computer systems. We're not aware of this being a problem in any of the institutions we have actually supervised. We have run across a couple of situations where this was used as a file-ending indicator, but they have been remedied, as far as we know.

Mr. Eugène Bellemare: Your institution is responsible for making sure there are reserves in the banks and for the level of the reserves and so on. Aside from making sure the reserves are there, what would happen...? There are two case scenarios: the person who is affected by a bank that did not do its job properly and where his organization is strong enough to bring that bank to court because of loss.... But you get the consumers, who generally cannot take on the banks—generally—because in their account there was a problem of a few dollars, or at the most a few hundred dollars. They can't take on the bank. For some of them it may be in the thousands, and they may even be affected very negatively financially. Is there part of that reserve such that you can actually say, hey, gang, we act as an ombudsman for cases of individual consumers who cannot take you on, and they have made a loss, and it's a proven loss, and you must pay up, plus interest?

Mr. John Thompson: OSFI itself does not act as an ombudsman, but each of the banks does have an ombudsman as well as there being—

Mr. Eugène Bellemare: We'll move on to that topic. I think what they have is ombudsman public relations; self-help within the bank.

Mr. John Thompson: I won't comment on that, but a mechanism is there for resolution of consumer complaints beyond the normal—

Mr. Eugène Bellemare: Are there funds in the reserves? Can people pick that reserve?

Mr. John Thompson: There are not funds we would ask to have set aside specifically for this particular issue.

Mr. Eugène Bellemare: Okay. Is there a section in the Office of the Superintendent of Financial Institutions Act that should be amended to address Y2K, according to you?

Mr. John Thompson: Is the question whether there should be an amendment to our act specifically to this?

Mr. Eugène Bellemare: Yes.

Mr. John Thompson: I don't think so. I think in this case the Bank Act, the Insurance Companies Act, and indeed the Office of the Superintendent of Financial Institutions Act, all give us the appropriate scope of powers to deal with this kind of issue, the most powerful of which is issuing a direction of compliance to any financial institution that is not behaving in a prudential way. The ultimate of this is that if a financial institution is ignoring this issue and refuses to deal with it, we can give them a direction of compliance actually to fix it, or we can wind them up.

Mr. Eugène Bellemare: Is there a very important question that hasn't been asked today, one you are aware of, one that should be asked, and one that perhaps down the line you would say they could have asked and they didn't ask? We will see your answer down the line. If you don't tell us the truth, we're going to go back to these records and possibly say, that particular question was asked of you; why did you not advise us? Is there a question that should be addressed?

• 1055

Mr. John Thompson: The toughest question you could possibly address is the question you've just asked, and that is, where is that ultimate question of readiness?

We are dealing here with an issue that is very difficult. On the one hand, computer systems are written by humans. Those of us who have been involved in writing computer systems have all been involved in writing computer systems that, even though they were written and tested very carefully, in the final analysis did not do the job perfectly. We know that. That is just a fact of working with computer systems.

A great deal of work is going on to fix computer systems in this particular area. Some of those fixes will not work. Will we know in advance what those systems fixes are that won't work? No, we won't. But we do know that we will not, as a nation and as a world, get this job done perfectly.

On the other extreme is this interconnected complexity of dependence, one industry on another, one business on another, shared facilities, etc. You're almost in the situation of trying to identify the weakest link in the chain, and we don't know where that weakest link is. So the toughest question would be, which systems are going to fail and which links in that chain are going to be the weakest ones? Unfortunately, I don't think any of us know.

The Chair: Thank you.

Thank you, Mr. Bellemare.

Mr. Shepherd, you had one final question?

Mr. Alex Shepherd: In your presentation, you mentioned that the way you are going after the small business sector is based on when their reviews come up. It seems to me that is inherently too late. It's usually an annual review, if I recall the process, and indeed some of them go way beyond the annual review stage anyway. Sometimes I dragged mine out to two years. So obviously that wouldn't be an effective way to do this.

My second question is, is there a thought process of actually closing the banks down again sometime in early January to assess and rejig the system for those flaws that possibly had occurred?

Mr. Kelly Shaughnessy: Maybe, Madam Chair, I'll take the small business point first.

Most certainly, if I left you with the impression that we're only going to raise this with small businesses during the review process, I was incorrect. All the material you see before you—and I can assure you there's going to be a tonne more material of a similar and more detailed nature—is going out on a very regular basis. It is not being done solely through the review process, especially with the small businesses, because there are so many of them. I think each bank deals with over 100,000 small businesses.

It is the awareness that's so vitally important. During the review process, each bank will have developed questionnaires and will have those and do have those in the hands of their account managers. The account manager will be determining the preparedness of that client, but the awareness campaign and the urging of the client to take action will be occurring almost on a daily basis.

Mr. Alex Shepherd: But wouldn't it be more rational for, say, the branch manager to take his portfolio out and see, of the client base, who he thinks is going to be the biggest problem, and address them today rather than waiting for them to come and say their loan is up for renewal?

Mr. Kelly Shaughnessy: Well, that gets also to what I was talking about: the opportunity we see. I suspect that all banks—and I know the CIBC—will be launching products and services to assist their small business clients to deal with this problem, and it will be done on a very proactive basis.

The Chair: Thank you.

Mr. Thompson, do you wish to add to that?

Mr. John Thompson: Thank you. I will add to that to deal with the specific question that was asked of me.

One of the critical issues that we have to contribute to as regulators, specifically here in terms of banking, is the confidence Canadians have that the banking system works and will continue to work. I would jump to the conclusion that if we announced that the banking system was going to be closed on January 1, 2000, that would have exactly the opposite effect to causing confidence. That would cause people to think they should not be dealing with the bank on January 1 and therefore we've closed the system.

• 1100

I would say we have to do exactly the opposite. We have to assure people and do everything we can possibly do to make sure the banking system is open on January 1, and in fact make sure it works. If it's going to work on a single day, make sure it works on that one.

Mr. Alex Shepherd: I know they're talking about doing this with the New York Stock Exchange, etc., and I know the debate that's going on. But the thought process is, yes, it opens on January 1, but January 2 you go down again and say, “What happened?” Then you go in and fix it. I understand your point.

Mr. John Thompson: I think the issue for confidence in a stock exchange is very different from confidence in a banking system. If you lose confidence in the stock exchange and beginning a week or two from now it's up and running again, your confidence is re-established. If you lose confidence in the banking system, you might as well shut your borders.

The Chair: Thank you, Mr. Shepherd.

I want to follow up briefly on a couple of comments in reference to Mr. Shepherd's question. The packages you're looking at and what the banks are looking at doing.... I know you don't want to divulge confidences and it's a competitive industry, but when the banks talk about these packages are you talking about perhaps increasing authorization limits in order to compensate or to help clients deal with the year 2000 problem?

With regard to that question, I have a second question for Mr. Thompson. Would OSFI consider those practices to be prudent within the guidelines?

Mr. Kelly Shaughnessy: Obviously part of any package we would have in mind would be a loan package. In determining whether or not we can grant a loan to a client, we would have to use prudent risk management criteria. That which would be attractive to the client could be terms and conditions and things of that nature, but once again we would have to retain our normal risk management criteria.

The Chair: Mr. Thompson, is there any flexibility within the risk management prudence factor that OSFI would look at?

Mr. John Thompson: As long as the banks handled it the way it's been described, we would feel that was quite a prudent approach. If we found that, in the other extreme, banks abandoned their risk assessment criteria in order to blindly lend money to allow people to prepare for this, we would find that imprudent and we would encourage them to remedy their behaviour.

The Chair: Thank you.

I really appreciate the groups coming before us today.

With regard to recommendations 7 and 9 and your involvement in public campaigns, I'm not sure how many of the committee members remember, but back when the CBA and the banks were before us in the fall there was a one-page, two-sided year 2000 brief that was prepared. I will get the package of information. I know you're out there doing your job, making the public aware, and we appreciate that.

I know, Mr. Thompson, you're doing your job through OSFI as well.

I'm a bit concerned with recommendation 3. I'm concerned because in your comments, Mr. Beasley, you mentioned that you thought it should be done on an individual basis. Recommendation 3 talks about whether it should be a prerequisite, or whether the government perhaps should step in and require it to be a prerequisite for loans. Is there something we should be doing as a government? You thought it should be on an individual basis. The task force suggested perhaps it should be more than that. We know that one of the CEOs from one of the banks sat on the task force. He wasn't opposed to it being more than that.

I'm just not sure. Is the CBA coordinated in this position? Has there been discussion since the report came out about whether the person who was on the committee—Mr. Cleghorn—didn't see it as a yes or a no?

Mr. Gerry Beasley: Yes, certainly there have been discussions. As recently as yesterday afternoon the CBA committee I chair spoke of the issue. The consensus, I would say, is essentially that it is a case-by-case approach. We would not recommend that the government mandate a particular condition around the granting of credit.

I can only repeat myself, which I must, that this is one of the many criteria we must assess in terms of businesses' creditworthiness. Despite all the importance we have given it today, it is only one item and not to the exclusion of other more core business competencies as well, all of which must go into the credit-making decision.

• 1105

So we are not explicitly supportive of a definitive “thou shalt have this by this date, everyone”. Certainly if I were to go into the wording of the recommendation, there are all sorts of definitional issues, but that's not the point with us, in any event.

As far as Mr. Cleghorn's participation on the task force, I know he was quoted afterwards as saying that from his perspective a great deal of flexibility will be required by lenders in dealing with their clients. I think that does speak to the industry position.

The Chair: Thank you.

I have one other question, and I don't know if this goes to competitiveness with regard to sharing of information. Are your systems compatible? Do you share year 2000 fixes? I'm just wondering if anyone has shared that information with the government.

Mr. Frank Riddell: The systems are not really compatible. The processes for fixing them are and that's more what we share. Each system has to be dealt with individually. We will test together, but the changing of the systems has to be dealt with on a one-by-one basis.

There is no silver bullet for this. It's people time. There are some automated tools that help the conversion process and some of the banks use the same tools, but basically TD's mortgage system and CIBC's mortgage system have to be dealt with independently and the fixes have to be made independently.

Most of the banks talk to each other through interfaces such as the CPA, Interac, Visa. We share these systems. We have to build our individual pieces of these systems; in other words, our feeds to these systems and what we receive. Somebody doing a Visa transaction in Hong Kong would go into a merchant, would deal with a Hong Kong bank, it would be transmitted to Visa International, on to Visa Canada, and on to the individual institution. We have to test all these pieces through the chain, but there is no one solution. Each institution in that chain has to fix their piece.

Does that answer your question?

The Chair: I appreciate that. I think that partly answers my question. In the hypothetical example I'll give you, I hope you'll share with the government if you have the hidden silver bullet with regard to the age factor. It comes up over and over again as one of the examples facing systems: when 00 subtracts 35 it won't get 65; it will get negative 35.

That's a big factor, especially for the government, because of all the age payments that are based on 65. I know, for example, that several of the banks have situations where when you turn 65 they kick out a letter saying you're 65, you no longer qualify for mortgage insurance, or you do qualify for special services because you're 65.

That being said, you may have found that magic silver bullet. If you have, I hope you're sharing it with the government so they can fix their HRD problems.

Mr. Frank Riddell: Date of birth is basically one field where we have said you must expand. That's not a year 2000 problem; that's a today problem. If somebody was born in 96, we need to know if they're 1 or 101. Most of our systems that use date of birth in fact hold 4 digits.

The Chair: So that has to be expanded for anyone who is not using a four-digit system.

Mr. Frank Riddell: I believe so. Yes.

The Chair: When you say you're not compatible, if a company brings on another company or merges, is that going to create a problem in the year 2000 or is that something we can't even focus on at all?

Mr. Frank Riddell: Merging of systems?

The Chair: If you own a number of companies or if banks are in different industries, if there's any merger of systems is that something that we should be concerned about?

Mr. Frank Riddell: Merging of systems needs to be very carefully thought out at this point in time. If we try to merge systems, it has to be taken into the year 2000 plan. I would strongly recommend against it right now.

• 1110

The Chair: Are there any final comments that anyone would like to leave with the committee? Mr. Beasley.

Mr. Gerry Beasley: Madam Chairman, I would first like to thank everyone for the discussion and for your attention.

There's one particular point I would like to emphasize, if I might. We talked, relative to various industry associations that have appeared before you, about the importance of confidence in their capability, the importance of confidence in the banking system. Certain of the members were so kind as to favour us with some compliments in terms of the confidence they feel about what the industry is doing. To the degree that you will share those expressions of confidence, I believe it's critical. The entire Canadian community—and in fact the entire world community—must at the end of the day have this high level of confidence in our banking system. I believe they do today, I believe they should, and I believe it's right for them to continue to do so.

That would be my concluding message, aside from thanking you very much.

The Chair: Mr. Thompson, do you have anything to add?

Mr. John Thompson: I don't think I want to add anything, Madam Chair.

The Chair: We appreciate you coming before us. To let you know what we're doing as a committee, we will continue to meet with a variety of industry representatives. We have taken the message—I believe Mr. Shaughnessy mentioned it, or maybe it was Mr. Weseluck—to our householders. We are looking at that aspect and at what we can do as a committee to recommend to our colleagues through the householder process...which does reach every Canadian. Hopefully that will assist in getting the message out and raising the awareness.

Your presentation today has been excellent, and we appreciate all the comments and the questions that were answered. We look forward to meeting with you again in the future.

Mr. Mark Weseluck: If there is any further information required, please let us know.

The Chair: Thank you very much, Mr. Weseluck.

The meeting is adjourned.