 |
Home | Previous Page | |
|
||
 |
|
|
|
||
 |
|
|
|
|
|||||||||||||||
|
|
|||||||||||||||
|
|
Report to the Congress on the
|
| Total Number of Mission Critical Systems: | 53 |
| Total Number of Mission Critical Systems Currently Compliant: | 14 |
| Total Number of Mission Critical Systems To Be Eliminated, Replaced or Rewritten: | 1 |
| Total Number of Mission Critical Systems Still Requiring Remediation: | 38 |
The SEC's EDGAR (Electronic Data Gathering, Analysis and Retrieval) system is among those systems that are currently compliant and therefore presents no problems or issues to the filing community or to internal or external users of EDGAR data.
Since much of the remediation work on SEC internal systems will be completed by third party vendors, OIT is finalizing a request for proposals (RFP). OIT's timeline calls for all work to be completed by December 1998.
With respect to its regulated entities, the SEC will continue its examinations and inspections programs to ensure that securities markets participants continue to address the Year 2000 problem vigorously. The staff will work closely with the SROs and follow the progress and findings of their membership inspection programs as well. Finally, the SEC will continue to work with and follow the progress of the SIA as it prepares for and coordinates its members through its street-wide testing program.
With respect to the issue of corporate and investment company disclosure, the SEC intends to monitor the adequacy of disclosure relating to Year 2000 activity as a part of its normal, ongoing review program to determine on an ongoing basis whether or not the current requirements are sufficient and are being complied with.
This staff report has been prepared in response to a request from Congressman John Dingell made to Securities and Exchange Commission (SEC) Chairman Arthur Levitt dated December 6, 1996. This is the first of three annual reports to the Congress. The report addresses the issue of the extent to which the SEC, the securities industry and public reporting companies are prepared to meet the challenges posed to all users of computerized information systems by the approaching millennium change.
The actions the SEC has taken, and will continue to take, in response to the problems presented by the Year 2000 issue are authorized by and must conform to the statutes under which the agency was established and operates.
The SEC was established under the Securities Exchange Act of 1934 as an independent, nonpartisan, quasijudicial regulatory agency charged with administering federal securities laws. The purpose of these laws is to protect investors in securities markets that operate fairly and to ensure that investors have access to disclosure of all material information concerning publicly traded securities. The Commission also regulates firms engaged in the purchase or sale of securities, people who provide investment advice, and investment companies. The Commission derives its authorities from and enforces the following laws:
Securities Act of 1933: The Securities Act of 1933 requires that investors receive financial and other information concerning securities being offered for public sale.
Securities Exchange Act of 1934: This Act requires that investors have access to current financial and other information regarding securities, particularly those that trade publicly on exchanges or over-the-counter. Rules concerning the operation of the markets and participants, including proxy solicitations by companies and shareholders, tender offers and buying securities on credit (margin), are also part of this Act.
Investment Company Act of 1940: Activities of companies, including mutual funds, engaged primarily in investing, reinvesting, and trading in securities, and whose own securities are offered to the investing public, are subject to certain statutory prohibitions and to Commission regulation under this Act. Public offerings of investment company securities must be registered under the Securities Act of 1933.
Investment Adviser Act of 1940: This law contains provisions similar to those in the Securities Exchange Act governing the conduct of securities brokers and dealers and requires that persons or firms compensated for advising others about securities investment must register with the Commission and conform to statutory standards designed to protect investors.
Public Utility Holding Company Act of 1935: Interstate holding companies engaged, through subsidiaries, in the electric utility business or in retail distribution of natural or manufactured gas are subject to regulation under this Act.
Trust Indenture Act of 1939: This Act applies to debt securities, including debentures and notes, offered for public sale. Even though such securities may be registered under the Securities Act, they may not be offered for sale to the public unless a formal agreement between the issuer of the bonds and the bondholder, known as a trust indenture, conforms to the statutory standards of this act.
The SEC, pursuant to these statutes and through its implementing rules, oversees and regulates the U.S. securities industry and capital markets. As a small agency of less than 2800 staff, the SEC accomplishes its regulatory objectives and responsibilities, to a large extent, through a public-private partnership. The Commission sets standards for market structure and the obligations of securities firms, while much of the direct, day-to-day regulation of securities market participants is done by the firms themselves and by industry self-regulatory organizations under SEC oversight. This system of shared regulation between the SEC and industry allows the SEC to help ensure that our capital markets (in which more than $10 trillion is now invested) continue to operate in the open, honest and efficient manner American investors have come to expect and rely upon.
With over 58 million shareholders of record participating in markets experiencing nearly 200 billion shares being traded annually, it is critical that the computer systems upon which our securities market participants rely be prepared to deal with the challenges presented by the change in millennium.
In response to the request to report to the Congress on the progress being made by the securities industry to prepare for the Year 2000, the SEC established a Task Force comprised of representatives of six SEC divisions and offices: the Divisions of Corporation Finance, Investment Management and Market Regulation; and the Offices of The Executive Director, Compliance Inspections and Examinations, and The Chief Accountant. The Office of Information Technology, which chairs the Task Force and is responsible for SEC internal systems, is a part of the Office of the Executive Director. The work of the Task Force and the findings of the report are organized along the lines of the regulatory or operational responsibilities of each participating office or division. The representatives of each office not only helped guide the work of the Task Force as a group, but also assumed the burden of preparing sections of the report which pertain specifically to the work and responsibilities of their particular office.
The approach of the Task Force to gathering information and fact finding was to (1) take full advantage of existing information inside the agency, and (2) to work with and interview industry groups and market participants with broad or unique perspectives to offer. In all, the Task Force dealt with the following six external organizations, each of which was helpful in developing an assessment of industry readiness.
| Organization | Date | Comments |
| National Association of Securities Dealers (NASD) | March 19 | Discussion concentrated on how NASD was progressing with their internal systems, and the approach they were taking with respect to inspecting member firms. |
| Investment Company Institute (ICI) | March 26 | Discussion dealt with ICI's membership and their readiness for Year 2000. ICI offered to share with the SEC the results of a survey they were preparing. These results are included as a part of this report. |
| DST Systems, Inc. | April 8 | DST Systems is a large information processor that provides extensive service to the mutual fund industry. They do the processing for some 43 million investor accounts which is between 33 and 40 percent of all mutual fund investor accounts. (Portfolio and investor account processing is highly concentrated in the mutual fund industry and is a positive element in ensuring Year 2000 readiness. DST, itself began preparing for the Year 2000 in 1989 and is presently well positioned to avoid processing problems.) |
| KPMG Peat Marwick | April 18 | The discussions with the representative from KPMG were helpful in providing a view of the Year 2000 problem as seen from the perspective of outside consultants. |
| Securities Industry Association (SIA) | April 24 | The SIA provided the SEC Task Force with extensive information on the role they are playing in coordinating Year 2000 testing among the exchanges, clearing corporations, depositories, broker-dealers, industry service bureaus and others. |
| New York Stock Exchange | May 6 | Discussions with NYSE centered on their approach to dealing with member firm inspection and the manner in which they planned to use internal NYSE surveillance staff to monitor progress. |
The Division of Market Regulation has performed a review of the exchanges, Nasdaq, and clearing organizations (SROs) regarding their progress in preparing for the Year 2000. The areas reviewed included: 1) planning; 2) impact and risk analysis; 3) configuration management; 4) data conversion; 5) testing and debugging; and 6) contingency planning. Overall, the Division found that most SROs are making adequate progress toward preparing their computer systems for the Year 2000. All the SROs are aware of the Year 2000 problem, and have begun planning how they will address it. A few SROs, however, need to give this problem a greater priority. The Division plans to conduct on-going surveys of all SROs, to ensure that they remain on schedule. The Division has incorporated Year 2000 issues into its routine reviews of SRO automated systems, and will continue to monitor SRO progress towards correcting Year 2000 problems.
Described below are the areas of Year 2000 conversion that the Division is monitoring at the SROs.
The first step in addressing the Year 2000 computer problem is to establish a full time Year 2000 Project Team. The team should consist of a project leader and technical members. To complement the team's efforts, a Steering Committee should also be established to gain executive level support and sponsorship.
The next step in planning is to develop and implement a project plan noting objectives, work steps, and estimated time frames to complete the work steps. This plan should be approved by the Board of Directors with a separate budget dedicated to Year 2000 efforts.
The purpose of the Impact Analysis is to gather and analyze the systems information in order to determine the size and scope of the problem. This phase will result in a list of systems and interfaces which require modifying software, the extent of the required modifications, and a detailed inventory of all programs and hardware. A risk analysis is needed at this stage to facilitate setting priorities. In the risk analysis, each entity should identify the mission critical systems and focus its attention on such systems. "Mission critical" systems are those systems that, if they are inoperable for any length of time or generate erroneous data, would cause great disruption to the organization.
Configuration Management exists to ensure that changes in computer systems take place in an identifiable and controlled environment, and that they do not adversely affect existing systems. A good configuration management system is crucial to the success of any action taken to correct Year 2000 problems. New software code must be identified and controlled during conversion. Once an application reaches compliance, the configuration management system functions as the gatekeeper to prevent programmers from implementing noncompliant changes. Without strong configuration management controls, these changes may go unnoticed until the supposedly compliant application fails in production.
Data conversion software tools consist of two separate products: file conversion and source conversion. File and source conversion do not interact with one another, but may be used together logically in the Year 2000 solution. File conversion software automates and simplifies the conversion of any file that can be produced in a sequential format. Source conversion software eliminates the manual effort required to locate date lines of code that are candidates for change. The source conversion tools automate the analysis required of source code to locate date definitions and trace their usage. The software should be able to identify potential date processing problems areas, and have report capabilities that also support general maintenance functions.
Testing will account for 45-50% of SROs' effort to correct the Year 2000 problem. The financial community is currently working on a definition for "street-wide-testing". Although street-wide testing is ultimately required for all applications, many preliminary tests can be conducted through a test environment that simulates a "live" scenario.
Although most SROs have made adequate progress in developing testing plans, there are certain areas where more progress is needed. For example, testing Year 2000 modified software will require a separate, dedicated test environment on which conditions prior, during, and after the change of century can be simulated, including the leap year condition in the year 2000. In addition to testing for application, systems and utility software compliance, the SROs need adequate capacity to accommodate the needed testing and affects of Year 2000 on its various systems.
Finally, regression tests will need to be performed to identify unpredicted changes to other portions of the systems, i.e., testing that systems not only handle the Year 2000 dates correctly, but that they also correctly perform all the other functions they were designed to accomplish. Regression testing needs to retest even unchanged parts or programs of the system.
Contingency plans must be made and implemented if it appears as if the rollover process will be delayed, or outside vendors won't adequately address the problem, or otherwise can't deliver the fixes. The SROs need to provide for adequate protections as part of contingency plans to ensure the success of critical systems if interfaces fail or unexpected problems are experienced with operating systems and infrastructure software. Rollover must be done in a non-production environment to ensure that historical files are not corrupted.
The SROs generally appear to be on track with the Year 2000 conversion process. Almost all have a special Year 2000 Project Team and most have dedicated budgets for the Year 2000 effort. Most SROs have also already performed the impact and risk analysis studies. A substantial majority have completed a plan for data conversion and have planned for, or have established, some form of configuration management. The Division has spoken to the few SROs that trail the others in these areas regarding the need for them to hasten their progress. The Division is monitoring the SROs' plans for testing, debugging, and contingency planning. Although these activities are not part of the initial phase of the Year 2000 conversion, the Division wants to ensure that the SROs are developing adequate testing and contingency plans.
The Office of Compliance Inspections and Examinations (OCIE) is responsible for conducting the SEC's program of compliance inspections and examinations of regulated entities, as authorized by the Securities Exchange Act of 1934, the Investment Company Act of 1940 and the Investment Advisers Act of 1940. Regulated entities include broker-dealers, transfer agents, investment companies, investment advisers, and SROs.
The Commission's program has consisted of three inter-related actions. First, Commissioners and staff have taken steps to focus industry attention on the issue. Second, OCIE and the SEC's Year 2000 Task Force have worked with SROs to foster remedial action by the SROs' member firms. Finally, OCIE has developed and utilized an examination module for heightening registrants' awareness of the problem.
A crucial component of the Commission's program has been to focus the securities industry's attention on this issue. Commissioners and staff began this effort last year.
In 1996, Commissioner Steven M. H. Wallman began to warn the securities industry that the Year 2000 problem has "staggering" implications. For example, in a speech given to the Center for the Study of Equity Markets, Commissioner Wallman warned that:
Simple tasks often taken for granted, such as sorting dates, calculating interest earned, and recording accurate trade and settlement dates may be seriously jeopardized. And of course, if the simple things cannot be done right, the complex things become impossible.
1
In addition, in 1996, Lori Richards, Director of OCIE, sent letters to the Securities Industry Association (SIA) and the Investment Company Institute (ICI), informing them that the Year 2000 presents a "critical data management problem," and that "[u]nless corrective steps are taken now, computational errors and system failures can be expected." Ms. Richards also indicated that it is "imperative that the securities and investment industries take action to protect their systems from these problems." Copies of the letters are attached as Exhibits 1 and 2. Both organizations communicated the substance of Ms. Richards' letters to their members.
In recent months, the Year 2000 problem has received extensive additional publicity through press coverage and advertising by vendors offering market-based solutions. Through all of these sources, the securities industry has received ample notice of the problem.
The second component of the Commission's program has been to work with SROs to foster remedial action by their members. While the Division of Market Regulation has program responsibility for the progress of SROs in preparing for the Year 2000, 2 OCIE and the Task Force have worked with SROs regarding their oversight of member firm preparations. Specifically, the Task Force met with representatives of the New York Stock Exchange (NYSE) and the National Association of Securities Dealers (NASD). SROs play an important role in addressing the Year 2000 problem, because they are generally in much more frequent contact with their individual members than is the SEC.
The NYSE told the Task Force that it has used its examination program to educate its members about the problem. During examinations, NYSE examiners have notified members of the problem and informally inquired as to the members' remedial actions.
In addition, in Information Memorandum Number 97-30, (May 22, 1997), the NYSE informed its members that it expects each to have a designated senior official with responsibility for a Year 2000 project. The Exchange also expects its members to identify the magnitude of the problem within their organizations, establish realistic and aggressive time frames for completing necessary program revisions, and, "[r]ealistically," have a target completion date of December 1998, with 1999 available for system testing and adjustments. A copy of Information Memorandum No. 97-30 is attached as Exhibit 3.
As part of its Information Memorandum, the NYSE also requested its members to complete a questionnaire describing each firm's Year 2000 project. The Exchange indicated that it would use the information to assess the impact of the problem on its member organizations, and also to provide a basis for its surveillance staff to monitor each organization's progress to a timely completion.
The NASD informed the Task Force that it has also used its examination program to educate members about the Year 2000 problem. In June 1996, Educational Circular Number 96-16 was issued to District Directors, informing them of the problem, and instructing them to have examiners ask members what steps they were taking to prepare for the Year 2000. The purpose of this inquiry was to "raise members' awareness about this issue." Educational Circular Number 96-16 is attached as Exhibit 4.
In addition, in Notice to Members Number 97-16 (March 1997), the NASD informed its members that "[c]omputer failures related to [Year 2000] problems generally will be considered neither a defense to violations of a firm's regulatory or compliance responsibilities nor a mitigation of sanctions for such violations." Thus, NASD members are on notice that they will be held accountable for failing to take corrective action before the Year 2000. A copy of the Notice to Members is attached as Exhibit 5.
Finally, the NASD has informed OCIE that it is in the final stages of developing an examination module regarding Year 2000 issues. It expects to begin using this module during examinations of member firms in the near future.
The final component of the SEC's program has been to utilize its examination authority to heighten industry awareness of the problem. Since the third quarter of 1996, SEC examinations of broker-dealers that hold or receive customer funds or securities ("clearing" firms), transfer agents, investment advisers and investment companies have included a Year 2000 module.
The Year 2000 module provides examiners with a brief statement of the problem, which can be given or read to registrants, and a series of questions. The statement generally reiterates Ms. Richards' letters to the SIA and ICI and is intended to inform registrants of the problem and of the need to take corrective steps. The questions are intended to obtain enough information to track the general status of industry developments, without creating unnecessarily burdensome reporting requirements. Finally, the statement and questions together are designed to put registrants on specific notice of the problem, and to emphasize its seriousness.
Using the Year 2000 module, examiners have gathered information in response to the following questions:
3a. Industry Awareness of the Problem
OCIE staff found a very high level of awareness concerning the Year 2000 problem. In the overwhelming majority of examinations, registrants indicated that they were aware of the problem. In addition, the staff determined that the few firms who were unaware of the problem tended to be relatively small in size, did not use legacy software, or indicated that they would begin planning an appropriate response after the examination.
Clearing broker-dealers
Of the 44 clearing broker-dealers examined pursuant to the Year 2000 module, all (100%) indicated that they were aware of the problem.
Transfer agents
Of the 29 transfer agents examined pursuant to the module, 28 (96.5%) indicated that they were aware of the problem. Only one relatively small firm (3.5%) indicated that it was not.
Investment advisers and investment companies
Of the 371 investment advisers and investment companies examined pursuant to the module, 354 (95%) indicated that they were aware of the problem. Only seventeen (5%) indicated that they were not. Negative responses were received from fifteen investment advisers and two investment companies.
One of the fifteen investment advisers giving negative responses has ceased operations.
Ten of the fifteen investment advisers are relatively small and may not be regulated by the Commission after July 8, 1997. The Investment Advisers Supervision Coordination Act
3
limits the Commission's registration and examination responsibilities to advisers with more than $25 million in assets, with certain exceptions and exemptions not applicable here. Four of the advisers giving negative responses provide no management services. Two act as solicitors, one as an estate planner, and one as a financial planner and non-discretionary market timer. Six other advisers had less than $25 million in assets under management. In fact, the largest of these advisers managed only $13 million.
Four of the advisers giving negative responses may remain subject to Commission oversight, with assets under management of $24.5, $44, $412 and $910 million. None, however, use legacy software.
Two investment companies indicated that they were not aware of the problem. Both had relatively small portfolios. One has approximately $19 million in assets under management, and the other $92 million. Neither firm uses legacy software. In addition, before the examinations were completed, both funds indicated that they planned to take corrective action.
In sum, OCIE's examination findings suggest that the industry is generally aware of the problem.
3b. Industry Corrective Actions
OCIE staff also found high levels of activity in response to the problem. Of the 44 clearing broker-dealers examined pursuant to the Year 2000 module, 43 (97%) indicated that they were already taking remedial steps or that such steps were planned. Of the 371 investment advisers and investment companies so examined, 314 (85%) gave similar responses. Finally, of the 29 transfer agents so examined, 27 (93%) gave similar responses. Thus, with all three types of firms, the majority of registrants indicated that they were either taking or planning corrective action.
The Commission's examinations are not designed to test the efficacy of registrants' corrective actions or plans. In fact, Commission staff do not purport to pass judgment on the various approaches to the problem being developed by registrants, consultants and vendors. The examination staff is not equipped to make such judgments, and attempting to do so could chill development of the creative market-based solutions that are now being made available. However, as in any market-based system, some solutions can be expected to work better than others, and some may not work at all. Thus, high levels of industry awareness, and the active response apparently underway, do not guarantee that the problem will be universally solved.
3c. Legacy Software
The final question on OCIE's Year 2000 module asked if the registrant uses legacy software which is no longer supported or marketed. Such systems are especially problematic because of the difficulty involved in correcting Year 2000 problems is heightened when the vendor no longer provides on-going support. Responses indicate very little use of such software. Of the examined firms, 92% of the clearing broker-dealers, 96.5% of the transfer agents, and 91% of the investment advisers and investment companies responded that they did not use such software. Finally, the firms using such software generally indicated that they were taking or planning to take action to address the problem.
The Codification of Statements on Auditing Standards ("Codification"), issued by the American Institute of Certified Public Accountants, contains procedures that an auditor must carry out in the normal course of an examination of a company's financial statements. Included in these procedures are several steps which should alert the auditor to the Year 2000 problem.
The section of the Codification4 entitled "Consideration of Internal Control in a Financial Statement Audit" requires that the auditor obtain a sufficient understanding of each of the elements of an internal control structure in order to plan the procedures necessary to carry out an audit.5 In obtaining this understanding the auditor should consider the complexity and sophistication of an entity's operations and systems, including whether the method of controlling data processing is highly dependent on computerized controls.
6 The auditor may then perform tests of controls of the computer program during the audit period to obtain evidence that the controls operated consistently during the period.7
The Codification further states that "The auditor's understanding of the internal control structure may sometimes raise doubts about the auditability of an entity's financial statements."8In addition, the Codification further provides:9
"During the course of an audit, the auditor may become aware of matters relating to the internal control structure that may be of interest to the audit committee.10
The matters that this section requires for reporting to the audit committee are referred to as reportable conditions. Specifically, these are matters coming to the auditor's attention that, in his judgment, should be communicated to the audit committee because they represent significant deficiencies in the design or operation of the internal control structure, which could adversely affect the organization's ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements."
The Codification does not specifically address the Year 2000 problem, nor would application of the sections of the Codification cited above necessarily have required identification of the lack of preparation for the Year 2000 as a reportable condition at the conclusion of calendar year audits for 1996. However, auditing firms generally are aware that issuers must begin assessment and remediation of their financial reporting systems now in order to be prepared for the Year 2000. For example, the American Institute of Certified Public Accountants ("AICPA") included an article (see Exhibit 6) addressing the problem on page 15 of its October 1996 issue of the Journal of Accountancy. As indicated in the attached article, Thomas Ray, AICPA Audit and Attest Standards Director, indicated that the AICPA plans to develop additional guidance for practitioners.
Further, we have been informed by an international audit firm that as a matter of policy, the firm required a warning about the Year 2000 problem in management letters that were issued to their clients at the conclusion of the 1996 audit. The firm indicated that it is essential that the seriousness of the problem be communicated to audit committees, or those who have responsibility for oversight of the financial reporting process if there is no audit committee. The staff believes other firms are taking a similar approach.
It should also be noted that one outside representative has informed the staff that at least some insurance companies are investigating entities they insure for Year 2000 preparedness before underwriting officers and directors liability insurance. This is another event occurring in the normal course of business operations that conveys the seriousness of the problem to the highest levels of a company.
In addition to auditing registrants' financial statements, auditing firms often provide a variety of nonaudit services to those registrants and others. One service that many firms are offering is assistance in identifying and correcting the Year 2000 problem. In certain situations, however, providing this service to an SEC registrant might impair a firm's independence with respect to the audit of a registrant's financial statements.
The independence of accountants who audit the financial statements included in filings with the Commission is crucial to the credibility of financial reporting and, in turn, the capital formation process. Enhanced public confidence in the reliability of issuers' financial statements provided by the performance of independent audits encourages investment in public companies. This sense of confidence depends on reasonable investors perceiving auditors as independent professionals who have neither mutual nor conflicting interests with their clients and who exercise objective and impartial judgment on all issues brought to their attention.
The Federal securities laws recognize the importance of independent audits by requiring, or permitting the Commission to require, that financial statements filed with the Commission by public companies, investment companies, broker/dealers, public utilities, investment advisers, and others, be certified (or audited) by independent public accountants,11 and by granting the Commission the authority to define the term "independent."12
Although specific guidance regarding Year 2000 is not set forth in the Commission's independence regulations, the independence issues can be addressed using existing guidance applicable to auditing firms providing other nonaudit services. The staff generally does not object to an auditor's provision of nonaudit services to SEC audit clients unless provision of services results in one of the following conflicts for the auditor:
There are several accounting pronouncements that either relate directly to the Year 2000 problem, or that would require consideration by the auditor. The issue of how to properly reflect the costs of modifying computer software for Year 2000 projects in the financial statements resulted in one pronouncement issued in July 1996.
13 This issue was decided by the Emerging Issues Task Force (EITF), a group established in 1984 to assist the Financial Accounting Standards Board (FASB) in the early identification of emerging issues affecting financial reporting and of problems in implementing authoritative pronouncements. The EITF concluded that costs incurred in this regard should be charged to expense as incurred. Costs that are expensed in any given year may require disclosure separately in the company's income statement depending on the materiality of the amounts.
The FASB literature also includes Financial Accounting Standard (FAS) No. 5, Accounting for Contingencies. The standard defines a contingency as an existing condition, situation, or set of circumstances involving uncertainty as to possible gain or loss contingency. When a loss contingency exists, the loss may range from probable to reasonably possible to remote. An accrual is required if the loss is probable and can be reasonably estimated. If the contingency is not probable, or cannot be estimated, disclosure should be made when there is at least a reasonable possibility that a loss or additional loss may have been incurred. The disclosure should indicate the nature of the contingency and should give an estimate of the possible loss or range of loss or state that such an estimate cannot be made.
It would appear that a pending failure of an entity's computer system in the year 2000 would constitute a contingency that would require consideration by entities and their auditors that would fall under the accounting and disclosure requirements of FAS 5.
The disclosure provisions of the rules and forms applicable to public companies are intended to provide information that will enable the investing public to make informed investment or voting decisions. The Division of Corporation Finance has considered whether the rules, as they currently stand, are adequate with respect to companies whose filings are processed by that Division. The Division believes that the rules are adequate, and has given guidance to companies about the extent to which Year 2000 compliance issues should be disclosed in their public filings.
When Year 2000 issues are material to investors, they must be addressed in filings with the Commission, principally, as discussed below, in "Management's Discussion and Analysis of Financial Condition and Results of Operations," which appears in companies' annual reports and quarterly reports filed with the Commission, as well as in many registration statements.
The Division of Corporation Finance has provided the following advice to issuers in its publicly disseminated Current Issues Outline:
Questions have been asked about the nature of disclosure that should be made by public companies regarding the Year 2000 problem. Companies may be undertaking major research and development projects in order to address this problem. To the extent the problem is not successfully addressed, material adverse consequences could follow, depending on the extent of the problem and the nature of the industry and the computer software. Companies should review on an ongoing basis the need for disclosures concerning projected expenditures and uncertainties associated with Year 2000 consequences, particularly in connection with their forthcoming reports or registration statements to be filed with the Commission.
Consideration should be given to whether either the costs of addressing the problem or the consequences of incomplete or untimely resolution of the problem represent a known material event or uncertainty that would affect future financial results, or cause reported financial information not to be necessarily indicative of future operating results or future financial condition. As such, appropriate disclosure should be made in "Management's Discussion and Analysis of Financial Condition and Results of Operations" (Item 303 of Regulation S-K and S-B) in the company's reports on Form 10-K (10-KSB) and 10-Q (10-QSB).
Companies also should consider other disclosure requirements, such as "Description of Business" (Item 303 of Regulation S-K and S-B) and rules requiring disclosure of any additional material information, beyond information specifically required to be disclosed, that is necessary to make the required statements not misleading (Securities Act Rule 408 and Exchange Act Rule 12b-20).
The Commission's Division of Investment Management has concluded that current laws and regulations are sufficient to require investment advisers and, in turn, the investment companies they advise, to make appropriate disclosure to clients and shareholders in the event operational or financial obstacles are presented by the Year 2000 problem.
Section 34(b) under the Investment Company Act of 1940 provides in part that it is unlawful for investment companies to omit from registration statements and other public filings "any fact necessary in order to prevent the statements made therein, in light of the circumstances under which they were made, from being materially misleading." Open-end investment companies (mutual funds) are required by Item 5(b) of Form N-1A to disclose the investment adviser's experience and a brief description of the services an adviser provides. In response to this item, investment companies may need to disclose the effect that the Year 2000 problem would have on the adviser's ability to provide the services described in the registration statement.14 Disclosure about the Year 2000 problem would be necessary if it would be materially misleading to shareholders to omit the information from public filings.
In addition, Rule 206(4)-4(a) under the Investment Advisers Act makes it a fraudulent, deceptive, or manipulative practice for an investment adviser to fail to disclose all material facts with respect to "[a] financial condition of the adviser that is reasonably likely to impair the ability of the adviser to meet contractual commitments to clients, if the adviser has discretionary authority (express or implied) over such client's funds or securities. . . ." As with the Section 34(b) analysis, the pivotal determination under Rule 206(4)-4(a) is whether the Year 2000 problem presents a material threat to an investment adviser's ability to satisfy its obligations under advisery agreements with investment companies. If so, disclosure of the problem to the fund board and/or shareholders may be warranted.
Similarly, case law also supports the requirement to make disclosure of material facts even in the absence of specific rules targeting the type of material information in question. Therefore it is necessary, under current law, for investment advisers and investment companies alike to disclose the impact of the Year 2000 problem: (1) if there is a reasonable likelihood that the adviser will not become Year 2000 compliant in time and (2) if there is a substantial likelihood that the Year 2000 problem would affect the adviser's ability to fulfill its contractual obligation to the investment company.
The SEC's information processing environment, like that of many organizations, is a mixture of both new and legacy systems, applications and databases that vary greatly in size, complexity and technical architecture. Responsibility for developing and maintaining the majority of the SEC's information processing capability is centralized within the Office of Information Technology (OIT).
SEC information systems and databases, in addition to central processing capability also rely upon a number of interfaces and connections to other organizations and their systems. The SEC receives large volumes of market information daily from the Securities Industry Automation Corporation (SIAC). SEC staff rely upon and share information on brokers, dealers and registered representatives through the NASD's CRD (Central Registration Depository) system. The agency's electronic filing system, EDGAR (Electronic Data Gathering Analysis and Retrieval), accepts filings from as many as 30,000 different entities located across the country, maintains a remote, 60 gigabyte, full-text-searchable database and disseminates real-time filing information to the entire securities industry around the world through the EDGAR dissemination subsystem.
In addition to the SEC's centrally developed and maintained systems, there are approximately 300 individual or single office applications located throughout SEC headquarters, district and regional offices. These are small PC or network-based systems written in Lotus, Excel, FoxPro, dBASE, Clipper, and Microsoft Access. All systems, regardless of location are a part of the Year 2000 project.
OIT initiated its Year 2000 effort by establishing a Project Team in May 1996. The Project Team consists of a project manager and the equivalent of eleven technical staff assigned from all affected areas within OIT. The team has been tasked with ensuring that all SEC centralized and distributed computer systems within SEC headquarters, regional and district offices reach Year 2000 compliance by the end of 1998. For SEC systems, the Year 2000 effort is the highest priority project within the Office of Information Technology.
The Project Team is working simultaneously on both the 300, distributed systems and on the centrally-administered systems. Initial assessments of the 300 indicate the majority can be made Year 2000 compliant generally by upgrading the off-the-shelf software in which the application was created. The schedule pertaining to these systems is as follows:
Completion Target
With respect to the SEC's central systems, the agency's largest system, EDGAR (approximately 2.8 million lines of code) is currently Year 2000 compliant. EDGAR, therefore, will present no negative impacts to the filing community, SEC staff users or external users of SEC filing information. The remainder of the inventory (88 systems) has been divided into two categories: mission-critical and non-mission-critical systems. Fifty two applications have been designated as mission critical. Six of this group have been determined to be Year 2000 compliant now, and 38 systems will require further examination and possible remediation. OIT intends to outsource the majority of the detailed examination and remediation work. The schedule for remediating the SEC central systems is as follows:
Completion Target
With respect to its regulated entities, the SEC staff will continue its examinations and inspections programs to ensure that securities markets participants continue to address the Year 2000 problem vigorously. The agency will work closely with the SROs and follow the progress and findings of their membership inspection programs as well. Finally, the SEC staff will continue to work with and follow the progress of the SIA as it prepares for and coordinates its members through its street-wide testing program.
With respect to the issue of corporate and investment company disclosure, the SEC intends to monitor the adequacy of disclosure relating to Year 2000 activity as a part of its normal, ongoing review program to determine on an ongoing basis whether or not the current requirements are sufficient and are being complied with.
The SEC staff, as requested, will report to the Congress on the first of June 1998 and 1999 on the general status of preparedness of the securities industry and on SEC internal progress to successfully address the issues and problems presented by the Year 2000.
The exhibits that were attached to the paper report should be available from the Office of Public Affairs during the week of June 30, 1997. Contact them at (202) 942-0020.
1Technology And Our Markets: Time To Decimalize; remarks of SEC Commissioner Steven M. H. Wallman before the Center for the Study of Equity Markets, page 5.
2See supra, discussion of "Self-Regulatory Organizations." 3 Title III of the National Securities Markets Improvement Act of 1996, Pub. L. No. 104-290, 110 Stat. 3416 (1996), codified at 15 U.S.C. 80b-3a. July 8, 1997 is the Act's effective date. See Pub. L. No. 105-8, 111 Stat. 15 (1997).
4 AU Section 319. 5 Section 13(b)(2) of the Securities Exchange Act of 1934, adopted as part of the Foreign Corrupt Practices Act, requires Commission registrants to (1) make and keep books, records and accounts, which, in reasonable detail, accurately and fairly reflect the transactions of the registrant, and (2) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurance that, among other things, transactions are recorded as necessary to permit the preparation of financial statements in conformity with generally accepted accounting principles. Failure to correct Year 2000 problems may result in noncompliance with these provisions. 6 AU Section 319.23. 7 AU Section 319.71. 8 AU Section 319.22. 9 AU Section 325.02. 11 For example, items 25 and 26 of Schedule A to the Securities Act of 1933 (the "1933 Act"), 15 U.S.C. 77aa(25) and (26), and §17(e) of the Securities Exchange Act of 1934 (the "Exchange Act"), 15 U.S.C. 78q, expressly require that financial statements be audited by independent public or certified accountants. Sections 12(b)(1)(J) and (K) and 13(a)(2) of the Exchange Act, 15 U.S.C. 78l and 78m, §§5(b)(H) and (I), 10(a)(1)(G), and 14 of the Public Utility Holding Company Act of 1935, 15 U.S.C. 79e(b), 79j, and 79n, §§8(b)(5) and 30(e) of the Investment Company Act of 1940, 15 U.S.C. 80a-8 and 80a-29, and §203(c)(1)(D) of the Investment Advisers Act of 1940, 15 U.S.C. 80b-3(c)(1), authorize the Commission to require the filing of financial statements that have been audited by independent accountants. Accordingly, the Commission has required that certain financial statements be audited by independent accountants. See, e.g., Article 3 of Regulation S-X, 17 CFR §210.3-01 et seq.
12 Section 19(a) of the 1933 Act, 15 U.S.C. 77s(a), §3(b) of the Exchange Act, 15 U.S.C. 78c(b), §20(a) of the Public Utility Holding Company Act of 1935, 15 U.S.C. 79t(a), and §38(a) of the Investment Company Act of 1940, 15 U.S.C. 80a-37(a), grant the Commission the authority to define accounting, technical, and trade terms used in each Act. 14 Other items on Form N-1A may require disclosure of the Year 2000 problem as well. For instance, Item 4(c) calls for the disclosure of the principal risk factors associated with investing with the registrant. While this item usually relates to the risks associated with an adviser's investment practices, a discussion of the problems a fund may encounter from an adviser's inability to become Year 2000 compliant may be appropriate. Finally, disclosure of any pending legal proceedings against the fund, the adviser, or the principal underwriter relating to the Year 2000 problem would be required under Item 9.
http://www.sec.gov/news/studies/yr2000.htm1. Focusing the Industry's Attention on the Issue
2. Working with SROs
3. Examinations
SEC examiners have used the Year 2000 module in 44 examinations of clearing broker-dealers; 29 examinations of transfer agents; and 371 examinations of investment advisers and investment companies. These firms were not selected as a sample of the industry. The module was simply used during examinations conducted for other reasons. Hence, inferences from these responses to conditions in the industry as a whole should be made with caution. Nonetheless, with that qualification in mind, these examination results provide some insight into prevailing conditions.
Auditing, Independence and Accounting Considerations
1. Auditing
2. Independence
Based on the aforementioned guidance, an auditor's independence may be impaired by the provision of non-audit services by the auditor. Consequently, an independence issue may arise if the auditor of the registrant's financial statements designs or modifies programs to correct the Year 2000 problem.
3. Accounting Considerations
Disclosure by Public Companies
Disclosure by Investment Companies and Investment Advisers
The SEC's Internal Systems
Percent Completed
Percent Completed
VII. SEC Continuing Actions
VIII. Subsequent Reports to the Congress
Exhibits
Footnotes
Home | Previous Page
Modified:07/19/1999