Banks compiling year 2000 "leper list"greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Are changes in loan granting policies on the way?
-- Linkmeister (email@example.com), July 12, 1999
Banks compiling year 2000 'leper list'
Banks are determining which major customers' and vendors' computers are Y2K-compliant. That makes privacy advocates nervous.
By JEFF HARRINGTON
) St. Petersburg Times, published July 11, 1999
Bankers across America have been diligently making special, secretive lists and checking them twice. But the naughty companies they identify could end up with more than just coal in their stocking.
At the prodding of federal regulators, banks have quietly rated companies they do business with -- both major customers and vendors -- in search of lurking Y2K problems. The reasoning: If a business has problems when its computers cannot read the year 2000, the trickle-down effect could hurt the bank.
Banks are not the only businesses compiling lists of problematic companies, sometimes called "leper lists." Federal Express, for instance, has used a system of so-called green, yellow or red lights to assess the Y2K status of suppliers, vendors and airports.
But companies may feel more obliged to share proprietary information with a bank, which may control their line of credit or mortgage. And that leads to privacy concerns: Will the banks be tempted to share such information with others?
Federal regulators say the inquiries are necessary. They are satisfied that most banks are ready for 2000, but they don't know if major borrowers could default on a loan or go bankrupt because of a Y2K problem.
And critics do not begrudge banks their right to protect their assets. Finding out about the status of customers is crucial, says Ken Thomas, a Miami consultant: "It takes two to tango."
Still, banks have a history of sharing confidential information with others, and that makes privacy advocates nervous.
The banking industry has been criticized in recent months for selling customer information to third-party marketers or using it internally to target customers for insurance or brokerage services. In fact, Congress is considering legislation that would give consumers the right to prevent banks from sharing financial information with the banks' insurance and securities affiliates.
If names on leper lists are leaked -- or even shared internally -- there is the potential for damaged reputations and lost business. And if a company is unfairly maligned in public as having a Y2K problem, the bank might get sued.
"This issue has not been talked about. But as soon as you have one slip-up in terms of disclosure, it will become much bigger," said Kazim Isfahani, an analyst tracking Y2K issues for the Giga Information Group in Cambridge, Mass.
"Speaking for our bank, we would not release any information about a customer if we saw something that we felt needed to be corrected," Johnson said
He is less clear on policies for sharing customer and vendor Y2K information between a bank's departments. That typically depends on the original privacy agreements between the bank and its customers, he said.
Michael Benardo, a Y2K examinations specialist for the Federal Deposit Insurance Corp., said banks cannot divulge any information from regulatory findings. But if a bank uncovers Y2K concerns while doing research, what the bank does with the information is up to the bank.
The two biggest banks operating in Florida, NationsBank (part of Bank of America) and First Union, have come under fire for sharing customer information with their subsidiaries to sell insurance and stocks.
Bank of America spokeswoman Julie Davis said any Y2K information about customers is used as part of a credit review to decide about loans and lines of credit. But the information does not go any further.
"We'd have no reason to share that information with our brokerage arm," she said. "We would not call up our brokerage folks and say, "Don't sell stock to this company because we're concerned about their Y2K (status).' "
First Union declined to talk about which employees have access to the Y2K data. Officials also would not discuss how the bank handles Y2K information-gathering from customers and vendors.
Larry McPherson, chief financial officer of Tropical Sportswear International, was putting together a new line of credit with his banks last year when he came across an unusual request. Tropical's consortium of lenders, led by Fleet Financial, wanted the Tampa apparelmaker to commit that its vendors were Y2K-compliant
"That was taking it one step further than we were able to commit, so we took it out," he said. "They didn't like it . . . but they didn't have a choice."
At the time, Tropical Sportswear was convinced its internal operations would be ready for 2000, "but we were not going to commit ourselves to something we can't control," McPherson said.
Softwaremaker Information Technology Inc. also thinks Y2K inquiries are bordering on overkill.
Information Technology, a Lincoln, Neb., company, is the biggest in- house vendor of financial software in the country. About 3,600 community banks and other financial institutions rely on its software for everything from processing loans to banking by phone.
Even the company's oldest software was Y2K-compliant when it was designed in the 1970s, said Jon Michelsen, an assistant vice president. Since 1987, the company has continually tested for year 2000 problems and has yet to find any, he said. Also, banks that use the software have conducted their own tests.
Still, Michelsen said, regulators insisted on coming to Nebraska to conduct their own audit just to make sure.
"My own thought was, "Has the government gone that far with their own system and are they holding financial institutions to a higher degree of security than themselves?' " he said.
But despite all the attention, regulators have been purposely vague in telling banks how to conduct their investigations of outside vendors and customers. It was left to the banks to decide which customers to target with Y2K requests and what questions to ask.
For some banks, that meant a one-page questionnaire shipped only to the biggest borrowers and vendors. For others, it meant a detailed, multipage questionnaire to many customers followed up by site visits and demands for other documentation.
"'You won't find any uniform regulating going on. That would be a little bit too organized and a little bit smacking of Big Brother," said Johnson of the bankers association. "What (regulators) are telling people is, "We're counting on you, banker, to determine where you have credit exposure.' "
The board of directors at the Bank of Tampa, for instance, decided to look at all major suppliers and customers with at least $500,000 in deposits or at least $200,000 in loans.
That represented more than 80 percent of the bank's loan portfolio. So far, it has not decided to call any loans, preferring to work out any problems.
Compared with some of the inquiries by its banking brethren, the Bank of Tampa's single-page questionnaire to customers was a relatively painless exercise for most customers.
"People seem to be very willing to share with you what they've done to be compliant," bank president Gerry Divers said. "In the rare case where they're not, that leads us to believe that maybe they're behind."
Still, all the scrutiny does not translate to certainty. Bank executives say there are no "money-back guarantees" that there will not be a hitch with the computers of their suppliers or customers, let alone their own.
Even though banks may demand that their customers check their own systems for Y2K glitches, there is a limit to how much information can be verified. And because banks do not have the time or manpower to check out customer systems themselves, to a certain extent they have to rely on their customers' word.
"I guess someone can tell you they're year 2000 compliant," Divers said, "but how do you really know till the time comes?"
-- Linkmeister (firstname.lastname@example.org), July 12, 1999.
It would be nice if the FDIC let us know which banks are Y2k-compliant.
-- Openness Is A (Two@Way.Street), July 14, 1999.