Guidelines and Circulars: Guidance Note on Y2K External Testing and System Considerations for Y2K Contingency Planning

Our Ref. : B9/39C

14 May 1999

The Chief Executive
All authorized institutions

Dear Sir/Madam,

Guidance Note on Y2K External Testing and
System Considerations for Y2K Contingency Planning

Further to my letter of 8 April 1999, I am writing to provide specific suggestions to you on Y2K testing with external parties ("external testing") and some system considerations for the Y2K contingency planning process of your institution. This is the second of a series of guidance notes on specific areas of Y2K contingency planning.

External Testing

As indicated in my letter in October 1998, upon achieving Y2K compliance, Authorized Institutions ("AIs") are in a position to conduct external testing to validate the interactions of their systems with those of external parties with which they interface. As a matter of fact, service providers of many shared financial systems have provided external testing opportunities for AIs that are participants in the shared systems(1). Although the service providers have essentially required all relevant AIs to participate in the external testing, I would take this opportunity to urge institutions to pay particular attention to validate their system interfaces if any with the S.W.I.F.T. system, given the financial industry's heavy reliance on the system. Apart from shared financial systems, AIs are also expected to conduct external testing whenever necessary with their business counterparties (e.g., correspondent or agent banks, custodians, customers, outsourcing service providers) and, where appropriate, head office/parent bank and subsidiaries.

Given the diminishing time and resources available, it is important that AIs focus on testing that is likely to deliver the greatest benefits against the costs incurred. International experience suggests that a sound internal testing programme remains the most effective type of testing in identifying system problems. In general, an institution should proceed with external testing only if the relevant internal testing programme has been properly completed. AIs should prioritise the importance of external testing with different parties and seek efficient ways to accomplish the testing process, for example, through selection of counterparties to conduct bilateral testing, testing the connectivity and processing capability with key service providers first, and proxy testing(2).

To a certain extent the external testing schedule of your institution will depend on the agreements with or arrangements of the external parties. However, the HKMA expects your institution to complete your critical external testing as early as possible taking into account the "change freeze" policy of your institution (see below). The main purpose of this is to allow your institution sufficient time to rectify any system problems unveiled in the external testing. International experiences gathered after the introduction of Euro suggest that many of the problems encountered during the Euro conversion could have been avoided through more thorough testing. You are therefore encouraged to conduct as much testing as time permits. You are also expected to inform the HKMA if you cannot complete all the external testing for mission critical systems and significant dependencies by end-June 1999.

System Considerations in Y2K Contingency Planning

Enhancement of system capacity

As the century date change draws closer, it is possible that customer demand for AIs' services (e.g., account inquiry, balance updating, statement printing, cash withdrawal) will be significantly higher than usual. This may put pressure on the computer systems of AIs, especially on the customer deposit system, ATM system, phone banking system and other retail banking systems. If such stress on system capacity causes system failure of an institution near the turn of the century, it could undermine public confidence on the Y2K preparedness of the institution. Furthermore, it should be noted that even if the system capacity limitation only temporarily affects the availability of the institution's services, inappropriately worded messages given by the system concerned to customers can cause undue concerns over the Y2K readiness of the institution.

It is therefore important for your institution to ensure that its systems can cope with the potential increased demand for services towards the end of this year. It should also be noted that certain contingency measures such as those involving manual procedures may require certain computer reports and printouts. This may pose additional requirements on system capacity. In this regard, I notice that some institutions have already planned to upgrade the processing capacity of their systems. The HKMA considers that it would be good practice for your institution to review the need to upgrade the capacity of its systems. In addition, your institution should identify and monitor early warning indicators that might point to potential problems ahead. Indicators may include unusual frequency of system breakdown, output errors and significant increase in transaction volume. It will be advisable to consider when your institution should take steps to limit transaction volume(3) to be processed by its systems during the transition to 2000. Your institution should also review the appropriateness of the wordings of the system messages that will be given to customers in the event that its systems are temporarily out of service due to capacity problems.

Apart from system resources, your institution should make arrangements in advance to ensure the availability of key decision makers, necessary staffing resources and vendor support(4) during Y2K critical periods to cope with any possible problems with its systems.

Early implementation of tested systems

Your institution should also adopt an early implementation policy, if it has not done so already, to put tested/compliant systems into production use by end-June if possible and certainly not later than end-September 1999. This can help identify any unresolved problems with the systems at an early stage through interaction with counterparties and customers during normal day-to-day operations. Your institution should also put in place adequate control procedures to ensure that system changes introduced to the implemented systems should be made with extreme care and properly tested before they are put into production.

"Change freeze" policy

Another measure that your institution should take is to adopt a "change freeze" policy, under which a stringent change management process should be in place to prioritise and minimise operational changes (including major relocation and new outsourcing initiatives) as well as hardware and software changes during the second half of 1999 and early 2000. This can help minimise the chances of introducing new system errors. Moreover, this can help avoid diverting resources from the Y2K project and contingency planning.

In general, during the period from the last quarter of 1999 up to the first two months of 2000, system changes in your institution should be kept to a minimum and confined to those required to rectify system problems or to meet essential but unforeseen needs. Nevertheless, your institution should continue to take measures and if necessary enhance its system security during the "change freeze" period to safeguard its systems against any possible threats to system security and integrity (e.g., unauthorized access to computer systems, computer virus).

Computer virus

Institutions should be aware that many computer problems around the critical Y2K dates are likely to be interpreted as Y2K related, including those caused by computer virus. The possibility of attack by purposely created Y2K virus should not be ruled out. This could be created by both pranksters or disgruntled employees. The recent incident of widespread attack on computers around the world by the CIH virus suggests that it is important for AIs to maintain sufficient system security to safeguard against attack by computer virus. While the fact that the Hong Kong banking sector was not significantly affected by the CIH virus may suggest that good precautionary measures are already in place, AIs need to remain vigilant on this.

Outsourced operations

Some institutions may have outsourced their operations, for instance to other regional offices or external service providers. Such institutions are expected to ensure that all relevant guidance given by the HKMA including the suggestions in this circular will be appropriately implemented in respect of the outsourced operations. Institutions should also make sure that their contingency plans are able to address the possibility of disruptions to the outsourced operations arising from the Y2K problem.

If you have any questions on the above, please contact Mr. Brian Lee at 2878-1651 or Miss Florence To at 2878-1197.

Yours faithfully,

(D T R Carse)
Deputy Chief Executive

c.c. Chairman, HKAB
Chairman, DTCA
Secretary for Financial Services (Attention: Miss Vivian Lau)

For instance, the Hong Kong Interbank Clearing Limited organised two rounds of external tests in August 1998, April 1999 and a further round will be conducted in August 1999, whereas other external test opportunities have been offered by S.W.I.F.T., JETCO, EPSCO, credit card companies, etc. As far as the securities and futures industry is concerned, the relevant exchanges and clearing houses completed two rounds of street-wide tests in January and March 1999 respectively.
Proxy testing is testing conducted by a third party as an alternative to testing by an institution itself. Proxy testing may be appropriate when it is not practical for every user of a service to conduct tests with other user of the service. It may be useful in setting priorities, especially for institutions with limited resources and time to complete external testing, e.g. if some users of the service concerned have successfully tested with the service providers, other users might consider testing the service at a later date in order to focus on higher priorities.
For instance, your institution may consider rescheduling interest-posting transactions to be performed near year end to some other periods. Your institution may also consider exploring with large corporate customers the feasibility for the latter to pay the December payroll well before the end of 1999.
For instance, your institution may wish to request relevant vendors to keep sufficient spare parts in Hong Kong such that normal failures can be rectified quickly during Y2K critical periods.