The Federal Reserve Bank of San Francisco
Home Careers Fed Links Subscriptions
Banking Information

District Circular Letters

November 30, 1999

FFIEC ISSUES Y2K-RELATED
OVERSIGHT PLAN FOR SERVICE
PROVIDERS AND SOFTWARE VENDERS;
AND ADVISORY ON INFORMATION
SECURITY PRECAUTIONS

To State Member Banks,
Bank Holding Companies
and Others Concerned
in the Twelfth Federal Reserve District

Year 2000-Related Oversight of Service Provider and Software Vendor Organizations (4218)

The Federal Financial Institutions Examination Council (FFIEC) has issued a letter outlining the scope of FFIEC agency oversight of service providers and software vendors for the fourth quarter and during the century date change rollover period. During the fourth quarter, through a combination of on-site visits and telephone contacts, the FFIEC agencies will review the efforts of service providers and software vendors to address business contingency planning and event management planning. The agency will also address any deficiencies noted during previous Y2K agency assessments. During the rollover period, FFIEC agency examiners will be on-site at selected service providers and software vendors. The agencies will also gather information on the remaining organizations throughout the same period. The letter instructs the organizations to contact their FFIEC examining agency for further information.

FFIEC Issues Advisory on Information Security Precautions Related to the Century Date Change (4219)

The FFIEC has also issued an advisory entitled "Information Security Precautions During the Century Rollover Period." The statement encourages financial institutions to review their information security procedures and internal controls in light of the potential for malicious and fraudulent activity during the century date change period. The advisory notes that an effective information security framework is key to maintaining the confidentiality, integrity, and availability of an institution's information resources. The advisory provides financial institutions with information to consider in order to strengthen their security programs to avoid vulnerabilities that may occur in conjunction with the century date change.

Copies

Copies of these notices are available from our Corporate Services Department. To request copies by fax, please call (415) 974-3333, and specify, for the FFEIC oversight plan for service providers and software venders, document number 4218, and for the advisory on information security precautions, document number 4219.

Additional Information

For additional information regarding these matters, please contact our Banking Supervision and Regulation Department, at (415) 974-2940.

FEDERAL RESERVE BANK OF SAN FRANCISCO