Though we may be many miles apart, alot of us probably do our banking at the same institutions. This might be a good thread where we could share information we found out about our various banks in the Carolinas or the banking system in general.

My computer expertise is limited, so I find it hard to ask pertinent questions, let alone understand the answers or follow-up with the next logical question when making inquiries at a banks and utility office.

Our local bank, Blue Ridge, was acquired by First Commercial Bank (FCB). They are located in VA, WV and NC.Their web page is located at:

First Commercial Bank

The email address is E-MAIL

They state they began risk assessment in fourth quarter 1997; their mainframe is an IBM AS400; they acquired an additional AS400 and ran simulated tests w/actual core application software (CBS Feserv) with no problems on all dates that may cause problems, including leap year.

Systems they found non-compliant in house include payroll, several PCs and OS and some telephone equipment. These are being replaced.

The Document Source Information dates this posting March 18-19, 1999. As of that time their y2k budget was $150,000; $47,000 of this had been spent to date on replacement and testing, and $30,000 on administrative costs. (I am just asking, but how much did the additional AS400 cost? This budget seems awfully low to me?)

Part of their plan includes evaluation of vendor and customer readiness. They say inquires are "encouraging" and "indicate that most of our customers and vendors are aware of and working to eliminate the y2k issues they may face."

Quick notes from the FAQ page:

Tested by vendors where the ATMs, Telephone banking system and PC banking. ATMs certified ready by vendor. (No statement of results on other systems.

Direct deposit and automatic loan payment operations where tested by Federal Reserve and FCB. No statement made of results.

Backup power, a battery system already in place, and a second standby diesel operated generator. (Didn't state whether this was at main office or all branches.)

Personal precautions suggested: keep records of transactions, i.e. receipts and balance checking account monthly.

FCB seem to be relying on vendors for testing and certification. If that is so, defining the vendor readiness and progress as "encouraging" would not seem like very good business sense to me. However, that would account for what seems like an incredibly small budget for a bank with 31 facilities. ($77,000.00 spent, only $47,000 on actual remediation?)

I also wonder about the side by side simulation testing of the AS400. Not understanding the specifics of this type of testing, I wonder what it would prove?

Perhaps someone with more expertise can answer these questions, or suggest some good questions that we should ask our local banks.

-- Lilly (homesteader145@yahoo.com), April 27, 1999

Answers

Lilly,

I agree that the amount spent and budgeted does seem low. And the fact that they just began in the 4Q of 1997 seems late from what I've read about the time needed to finish. Do they say "mission critical" systems? That is a phrase that worries me too. I bank with BB&T and they seem to be merging and growing ever larger. How can they get their own stuff done and get these mergers done too is beyond me. I know they are not done yet. I was on the phone with them (in a business capacity not as a customer) and the woman said she had just gotten a new computer and was having trouble with it. She said all was supposed to be done by June to meet the mandate. Then she realized what she was saying and changed the subject. On the customer side I've found the tellers to be less than knowledgeable about the whole y2k issue. (Huh wha?) My March statement had a flyer in it saying that if you have an error in your account and don't notify them within 30 days of the statement date then that's too bad. It used to be 6 months. Odd timing for the change if not y2k related. I have always balanced my statement anyway but it really caught may attention. There was a lot of new rules in that brochure. Many people don't ever read that stuff. They may be in for a shock.

-- mb (mdbutler@coastalnet.com), May 02, 1999.

mb:

I hope someone with more expertises will answer some of our questions. I did examine the budget amounts between First Commercial Bank and BB&T. The only way I could think to do this was by taking the number of branches and dividing it by the projected budget/monies actually spent. Very unscientific, but FCB has 31 branches, and has spent $77,000, or $2,484 per branch; BB&T has 581 branches, and has spent, as of Dec. 31, 1998, $19.4 million, or $33,391 per branch. Bigger always seems to cost more to get things done, but FCB still seems awfully low. FCB defined mission critical as what they rely on most heavily for daily operations. They also used the terms core and peripheral systems?

BB&T definitely has an elaborate web site, and has devoted alot of time and effort into developing a very comprehensive Y2k plan. BB&T Web Site Perhaps BB&T's budget is so large, so as to include the y2k work needed to be done for the companies they are merging with and/or acquiring? BB&t's multi-page presentation of their Year 2000 Project offers two reminders on each page at the site:

"This information is provided to help our clients, vendors, and business partners gain a better understanding of the Year 2000 issue. No specific warranty or representation is made with respect to BB&T's Year 2000 Readiness. This information does not alter or expand any contractual obligations and is subject to change at any time."

"Federal Deposit Insurance Corporation ("FDIC") The Year 2000 date change does not affect your deposit insurance coverage. Your deposits at a FDIC-insured bank, such as BB&T, will continue to be protected up to $100,000 against loss due to the failure of the institution."

For more information about FDIC deposit insurance coverage, visit their website at FDIC

Another point BB&T summarized was their statement relating to Third Parties:

"Third Parties

The only risk largely within BB&T's control is preparing its own internal operations for the Year 2000. As with all financial institutions, BB&T relies on the systems of third parties such as vendors, suppliers, customers, other financial institutions, governmental agencies, capital market counterparties, and utility and telecommunication providers. The Year 2000 Readiness of the systems used by these third parties is beyond BB&T's control. However, as part of our Year 2000 Readiness Program, risk assessments have been completed on our mission-critical third parties, and appropriate measures to minimize risk to the extent possible are being undertaken with those vendors that have been determined to represent high levels of risk to BB&T. Of those that responded, management has determined that approximately 5% represent a high risk to BB&T. For these third parties, appropriate contingency plans have been developed and are constantly being monitored and revised accordingly."

--5% at high risk may be acceptable to the untrained eye if 100% of the vendors had responded, but makes one wonder about those that did not and how significant they may be?

Now here is a company whos third party statement gave me pause. I was trying to think of some other NC banks that I might take a look at their statements to help get balance between the other two banks I had read something about. First Citizens I chose at random. They state they began their Y2k work in the summer of 1996. The hired Keane, Inc, an information systems consulting firm to "impliment its Year 2000 readiness strategy." And I admittedly didn't read their statements as closely as the other two banks, but remediation seems to be well under control within their own systems. However, what caught my eye was the bluntness of their statement in relation to third party preparedness:

"Each day, First Citizens receives and sends data to a multitude of computer systems managed by unaffiliated entities around the country. Examples are the Internal Revenue Service, the Social Security Administration, credit reporting agencies and the Federal Reserve System. It is possible that if the computer systems of these outside organizations are not fully Year 2000 ready, First Citizens could receive corrupted data. While First Citizens has identified this contingency and plans to review such data for readiness and, to the extent feasible, build "bridges" to allow proper interpretation of such data, we cannot make any guarantees about the potential impact such corrupted data may have on individual customers."

Mercy! I certainly appreciate their straightforwardness, I really do. Doesn't make me feel too good about the status of these "vague" and, "apparently beyond accountability" third party vendors and suppliers; especially when three of the four they cited fall under the heading of the Federal Government, but at least it is in language I can understand!

I would suppose that statements such as these are necessary "legally speaking" about any claims a business would make, y2k related or not, especially when dealing with situations beyond their control. But it certainly demonstrates the point that ALL of the finanacial systems must be y2k ready and able to interact with other systems equally ready. So can one bad apple spoil the whole banking world? I guess if it was your apple that was bad, you would consider the whole bunch spoiled!

Please consider that I am only posting my thoughts and opinions here. I have no banking experience beyond (attempting) to balance my own checkbook. Anyone reading my thoughts ought to visit their own banking sites and read other reports also, question their own bank, draw their own conclusions and prepare accordingly. Especially when, as I have, only bits and pieces of a full report is presented. *(There you see, I have made my own disclaimer:-)*

But, mb, do you consider bank runs to be the biggest threat to the banking industry as a whole?

-- Lilly (homesteader145@yahoo.com), May 03, 1999.

Lilly,

I don't know that bank runs are the biggest threat. It certainly is a potentally serious problem. The corrupt data seems to be as big, probably a larger problem. Since banking is global and overseas banks are said to be further behind, the corrupt data looks like a real possibilty.

As far as other NC banks, I've read that Wachovia says it is finished with remediation and testing. I can't remember exactly where I read that, I read so much stuff these days. Seems like it was a link from one of the DC Weather Reports. Have you read these? From Cory Hamasaki? Fascinating reading. I went back and read/skimmed them from the beginning, Jan 1997. You can see/read his alarm over the y2k situation growing as time goes on. I'm glad I don't live in DeeCee.

mb

-- mb (mdbutler@coastalnet.com), May 09, 1999.

Last I can recall, Wachovia was the only bank listed on the Securities Exchange Commission, SEC, list as having completed internal remediation and testing. Dec. 31, 1998 was the deadline for banks internal remediation,as set forth by federal mandate. Last I remember the testing phase deadline for June30 is in conflict with the telecommunications 6/30 deadline. How can banks test their electronic transactions if telecommunication haven't been validated. I asked one Y2K project mgr and he responded with an innovative approach, cable! They are doing their testing on cable. Isn't AT &T acquiring Medio One, or comcast? Something I missed it lately. But anyway cable may be the saving grace here. But of course we need the electricity to make it all happen.

I saw the CSPAN replay of conference with Greenspan as keynote speaker, presentor to some group, can't recall now, but he commented Thursday May 6, during the QA session when asked about Y2K that his greatest concern is what damage can be done by the fear of the public. It will be real difficult to try to personally evaluate what these companies are doing. I tried to do it, for almost a year, and have gotten burnt out. Spending hours reading reports, and only to find they falsified the info. We should spend more time putting contingency plans together in case everything doesn't work out. But I found it hard to get people to understand what can posssibly be done to prepare for the worst without being a doomsdayer. It can be done. CMc

-- Carolyn McCullough (c6d2e6mh@coatalnet.com), May 11, 1999.