Year 2000 Contingency Planning

Execution of major projects seldom proceeds exactly as planned. Credit unions may need to deviate from their original Year 2000 plans, to some degree, and employ alternate means to achieve Year 2000 compliance. With a fixed, immovable date for achieving compliance, credit unions must not wait until problems arise to explore alternate solutions.

Contingency planning is a critical part of resolving the Year 2000 issue. Contingency plans should set forth alternate strategies to address all aspects of the Year 2000 project. Written contingency plans need to contain options and fully researched specific action steps that management will implement in the event that any components of the credit union's Year 2000 plan fail.

During the assessment phase, credit unions should have identified more than one option available as a solution to its Year 2000 data processing needs. One of these options, while probably not the first choice, may be a good candidate for a credit union's contingency plan, i.e., "Plan B." Simply put, the Year 2000 project team, senior management, and board should agree upon a date by which another course of action will be taken if it is not likely that the original plan is attainable. After identifying a good alternative solution, the credit union's contingency plan should be documented in enough detail to include, at a minimum, the: (1) planned date of execution, (2) estimated time to implement, and (3) estimated cost to implement.

As with the original plan, the credit union should strive to implement the new, compliant system (identified in your contingency plan) in sufficient time to adequately test the system. For example, credit unions that rely on an in-house developed system may plan to renovate their systems in order to ensure Year 2000 compliance. During its fix, a credit union may run into difficulties that may negatively impact its ability to renovate the system. In this case, there should be a predetermined date by which the credit union should decide if it can indeed make the fix. As the date approaches, the project team may have fallen behind schedule and determined that they are unable to meet critical milestones and deliverables. Therefore, it may be necessary for the team to forego the renovation option and go to Plan B. Instead of renovation, the team may have previously decided that the contingency plan is to purchase a commercial off-the-shelf (COTS) application. As part of the contingency planning process, the credit union should have already identified, reviewed, and analyzed several COTS applications, and ranked those systems in order of preference, based upon credit union operations and needs.

Similarly, the credit union may be relying on a vendor's fix. If the vendor does not provide a satisfactory response as to its date of compliance or facilitate the testing of the fix by a predetermined time frame, the credit union may also have to revert to Plan B. The contingency plan may also be to purchase a COTS package.

Knowing when to revert to Plan B will be key as the timing could affect whether the credit union is in compliance in sufficient time to ensure adequate Year 2000 processing.

Contingency plans should address the following areas:

• Year 2000 Planning. The contingency plan should be an integrated part of the comprehensive Year 2000 Plan. Contingency plans should be developed early in the Year 2000 process and be in place prior to formally adopting the Year 2000 Plan. Credit unions must not wait until it is obvious that the original components of the Year 2000 Plan will not work before developing alternative workout solutions. Alternative solutions need to be well thought out, and available for implementation, before you need to use them. Alternative solutions should be Year 2000 compliant, or one that will be compliant in sufficient time to meet the credit union's timeline. It makes little sense to introduce a non-compliant alternative which may only worsen the problem, rather than resolve the problem.
• System Planning. A contingency plan should be developed for at least every critical system. If a particular system will not meet specific and/or critical milestone dates, then credit unions should implement the contingency plan for that system. Credit unions must also recognize the interdependency of some systems on others and take that into account when developing system contingency plans. For example, if a credit union has two systems, System A and System B, where System B relies totally upon System A, and the credit union determines that System A is not going to make it, then the credit union may have to implement their contingency plans for both System A and System B.
• Trigger Dates. The contingency plan needs to include specific trigger dates. These are the dates at which a credit union will implement their contingency plan for a system which has not met scheduled deadlines. Trigger dates should be set well in advance to ensure that credit unions have enough time to implement the alternate plans. For example, if a credit union selects conversion to a new data processing system as their contingency plan, the trigger date must allow enough time for conversion of data and systems, testing of processes, and training on the new system.
• Third-Party Providers. Contingency plans need to include alternative solutions to all mission critical services provided by outside parties, including ATM systems, ACH, item processing, etc. These alternative plans may include switching providers or simply switching applications within the provider.
• Systems Compatibility. Contingency plans must consider system compatibility. Alternate systems must be compatible with whatever other systems credit unions will be using, whether it is the original or an alternative system. In other words, systems must be able to interface with each other in a Year 2000 compliant manner.
• Alternative Systems. For those credit unions with in-house systems, contingency plans need to consider whether the alternative will be another in-house system, a commercial off-the- shelf system (COTS), or a service bureau supported system.
• Liquidity. As the Year 2000 approaches, members may become concerned about the ability of their credit union to continue to provide services which could result in unplanned share outflow. Credit unions need to ensure themselves adequate liquidity in case of excessive share withdrawals. Since primary sources of liquidity could experience similar liquidity problems, credit unions need to arrange for several different sources of funding.
• Staffing Issues. Contingency plans should address staffing issues. Plans should provide for continuity of the Year 2000 project in the event that key members of the project team cease employment with the credit union. Good documentation of the Year 2000 process (all five phases) is essential to allow back-up personnel to rapidly come up to speed on the Year 2000 program.

NCUA expects credit unions to address contingency planning in their Year 2000 Plan. NCUA also expects those plans to be sufficiently detailed to ensure that the credit union achieves Year 2000 compliance. Finally, NCUA expects credit unions to implement their system contingency plans as outlined in their overall Contingency Plan. If you have any questions, please contact your examiner, NCUA regional office, or state supervisory authority, in the case of state chartered credit unions.