First of all let me thank all those present today for taking time off from your busy schedule to attend this second series of Year 2000 Awareness Programmes to be organised by the SC. Last year, when we first organised this Awareness Programme, we were disappointed with the level of interest that was shown by our regulatees. We hope that your presence today is an indication of your organisation's awareness of the Year 2000 problem and your personal commitment as CEOs of your organisation to address this issue at the highest level.
The new millennium promises a tidal wave of changes to the financial services sector, not just in Malaysia, but also to the global economy. Technology is seen as a major driving factor in determining the pace of these changes. In the last decade or so, the financial services sector has been greatly influenced by technological advancements. For example, technology has paved the way for advanced proprietary trading systems, for electronic funds transfer, and for faster and more secure settlement of transactions.
Therefore, it is ironic that technology itself will also give rise to the biggest challenge of the new millennium the business community worldwide will ever face: overcoming the Year 2000 problem.
What is the Year 2000 problem?
I am sure all of you have heard about the Year 2000 problem, be it from the letters sent to you by the Commission on the matter, or from the newspapers and magazines. More importantly, I hope you would have been kept informed by your management of the nature and extent of the problem within your organisation and the efforts that are being undertaken to address the problem. Most importantly, I hope that you are aggressively addressing the problem. If you have not done anything at this point, then it is probably too late to avoid any fallout, but if you are resting comfortably in the belief that it is not your problem, I urge you to reconsider. Like death, the dawn of the next millennium is a certainty. The deadline for addressing this issue is real and is immovable. Those of you whose organisation is not taking urgent and concrete measures, risk not only disruption of application systems, but also of business services. You can also lose the market share of your business as it is no longer a secret that foreign counterparts may choose to cease dealings with businesses or organisations that are not seen to be seriously addressing the problem.
The key issue with the Year 2000 problem, also known as the Y2K problem or millennium bug, is that most computer systems use two digits to represent the year rather than the full four digits. These computer systems are not programmed to recognise "00" as the next year after the year 1999. The problem may result in any number of errors, ranging from miscalculations to computer stoppages and malfunctions. The problem will affect different organisations in different ways, depending on the extent computers are used within the organisation and how each computer programme uses the date format. For organisations that rely heavily on technology, the Year 2000 problem could cause major business disruption that must certainly be avoided.
The Year 2000 problem has the potential to significantly affect the performance of companies and of the securities and futures markets, creating commercial uncertainty, increasing business costs and disrupting the development of the economy. It may lead to losses on the part of investors due to the collapse of those organisations which are not Year 2000 compliant or unexpected losses by those whose costs associated with Year 2000 compliance is significant, but nevertheless survive.
Year 2000 creates major potential risks across all businesses and all organisations. The threat of disruption is extremely real within the financial services sector where entire trading, payment and clearing systems may be affected with wide ranging legal and structural implications.
The millennium bug is not merely a technical problem that can be left to your technical personnel to handle. The problem might have been caused by programmers looking for "short cuts" in writing computer programmes, but it is a problem so huge in its potential implications that it cannot be left to your IT Manager. Neither are there short cuts to solving this problem. Due to its major business, customer and legal consequences, it must be treated as a serious business issue for companies and investors. It is in fact a business problem, with a technical solution. Therefore you, as CEO, and your Senior Management team must take responsibility of the problem and must ensure that it is addressed in a timely and professional manner.
What is the Commission Doing?
No other industry relies so much on computer systems as the financial services sector. For example, trading, clearing and settlement of securities, access to market information, portfolio management and bank loans are all driven by computer systems and these systems are interconnected. Timely, accurate information and information exchange is at the core of the very existence of the financial services sector. Therefore, the Year 2000 problem puts us at risk of facing a huge market disruption, unless we all put in our effort to ensure the necessary actions are carried out to make all critical systems ready for the new millennium. I am not only referring to the trading, clearing and settlement systems run by the Exchanges and Clearing Houses, but also your accounting systems, risk management systems, investment management systems, etc. As the CEO of your company, you must be aware that the problem lies in any computer systems, be it hardware, software, or embedded control systems that your company may have. Therefore, you must ensure that your company takes on a broad perspective in terms of your Year 2000 compliance strategy. Not only must you ensure the readiness of your own systems, but also any other external system that interfaces with your systems.
The Commission's first approach to this issue is to raise awareness of the problem. It is up to each of us to ensure our organisations have a means to:
- determine where there may be a problem, i.e. the inventory and assessment stage;
- prepare an action plan for either altering or replacing the system with something new;
- implement the action plan, i.e. the renovation stage; and
- test each system and its various interfaces, i.e. the testing stage.
The Commission has planned and executed several programmes for companies and institutions under its jurisdiction. Efforts to ensure the capital markets will not be affected by the problem such as sending letters and holding talks to create awareness among the industry participants are already underway. The Commission has reiterated in its correspondence with its constituents that though it may seem there is still plenty of time before the new millennium, the problem must be addressed now as the extent of work would differ from one company to another, depending on how each computer system uses the date format. In addition, various and extensive testing will need to be conducted to guarantee systems in place, and its interfaces, will be in working order on January 1st, 2000. I would like to stress that the most crucial process in remedying the Year 2000 problem is testing. Testing covers not only the systems themselves but most importantly testing with other systems. Because these systems may be internal or external to an organisation the complexity of testing compounds.
Last year, the Commission conducted a survey to assess the state of readiness of the Malaysian capital market. We sent questionnaires to all our constituents and received a 70 percent response. From our analysis we have found that in general, awareness is high. The level of awareness and stage of implementation of measures to address the problem varies from one organisation to another depending on the extent information technology is used within the organisation and whether or not there exists an internal IT department to advise Senior Management of the problem. Organisations without internal IT departments seem to be relying entirely on their IT vendors, which is not a very diligent thing to do. However, the Commission was pleased to find out that about 80 percent of the respondents have completed their impact assessment and have put in place internal policies to deal with the problem.
The Commission has firm plans to require all licensed intermediaries to disclose to the Commission, the efforts and actions they have taken to ensure their systems are Year 2000 compliant. For this purpose we will provide a reporting template to ensure the relevant information is provided and reports are standardised.
As for the Unit Trust Companies, we have asked that each and every one of the companies submit to us a detailed action plan and quarterly progress report. The deadline given for the submission of the action plan and first progress report was end of February 1998. As of middle of March, we have only received replies from seven (7) unit trust companies, which translates into only a 20 percent response rate. Although all seven have reported satisfactory progress, the Commission is concerned over the remaining 80 percent that have yet to respond. Therefore, once again, I urge you to take the matter seriously. The responsibility for the readiness of your company to face the new millennium lies on your shoulders.
The Commission is continuing its efforts in ensuring industry preparedness for the Year 2000. However, there is only so much the Commission can do. At the end of the day, it is your leadership and your commitment in addressing the problem within your organisation that will determine whether your organisation can ride the tidal wave or be drowned by it.
Future Plans
The Commission will carry on with its awareness programmes throughout 1998 and 1999 to further stress on the urgency of the matter and the implications of being Year 2000 non-compliant. We also plan to raise the matter as an issue for discussion at our 1998 Annual Dialogue to determine further activities that need to be carried out to ensure readiness of the capital market.
Besides these, we will be monitoring the progress of the Market Institutions, monitor the outcomes of the mock runs, monitor disclosure made by the licensed intermediaries and possibly obtain third party certification of readiness for mission critical market systems.
It is interesting to note the approach other regulators around the world are taking to address the situation. In Australia, the Australian Stock Exchange has made it a requirement for all listed companies to disclose their exposure to the Year 2000 problem by June 30th, 1998 or face suspension of trading. The details that they are required to disclose include their plans to reduce potential exposure, status of Year 2000 activities, contingency plans and estimated costs. In the United States, the Securities Exchange Commission has issued a legal bulletin board reminding public companies, investment advisers, and investment companies to consider their disclosure obligations relating to anticipated costs, problems and uncertainties associated with the Year 2000 issue.
Conclusion
I would like to conclude by stressing that the Year 2000 Problem cannot simply be ignored or taken for granted as the effect of non-compliance is so enormous that it can cause businesses to fail and markets to collapse due to dependence on network-based commerce and communication. However, the impact can be minimised by becoming aware of the problem, identifying internal and external risk, assessing the impact on your organisations, remedying the problems identified and conducting internal and external testing. If you have not started, it may be too late to escape totally from the impact of the problem. But if you act now, the impact will be lessened.
Thank you.
