AL 97-10
Subject:   Year 2000 Business Risk

TO:  Chief Executive Officers of National Banks, Federal Branches
and Data-Processing Centers, Department and Division Heads, and
Examining Personnel

This advisory is to alert you to the recent release of FFIEC
"Safety and Soundness Guidelines Concerning Year 2000 Business
Risk" (attached).  These guidelines supplement the FFIEC
Interagency Statement and examination procedures, "Year 2000
Project Management Awareness," issued in May 1997.  The safety
and soundness guidelines provide additional information about the
expectations of regulators for bank senior management and boards
of directors in overseeing and managing their year 2000 projects.

Year 2000 problems present corporate-wide challenges for
financial institutions.  The FFIEC safety and soundness guidance
underscores the responsibility of  bank senior managers and
boards of directors to actively manage efforts to correct year
2000 problems. They must devote sufficient resources to ensure
that the remediation efforts are given top priority, and that the
project receives the quality personnel and timely support it
requires.  Senior bank managers must provide board members with
status reports, at least quarterly, on the year 2000 compliance
efforts of both in-house teams and outside vendors.

Banks also need to properly manage their vendor relationships. 
The FFIEC guidance clarifies  vendor management issues discussed
in the May FFIEC Interagency Statement and explains that formal
certification to financial institutions from vendors that their
products and services are year 2000 compliant may not be
sufficient to prevent potential problems.  Accordingly, the FFIEC
guidance says banks do not need to obtain formal certification of
year 2000 compliance from their vendors.  Rather, banks need to
have good communication channels with their vendors, and conduct
their own due diligence inquiries concerning their vendors' year
2000 readiness.  Banks also should implement their own internal
testing or verification processes for vendor products and
services to ensure that the banks' different computer systems
function properly together.

In addition, management should ensure that year 2000 contingency
plans are developed for all mission-critical applications and
systems.  Time frames for year 2000 contingency plans should be
consistent with those outlined in the FFIEC Interagency
Statement.  By December 31, 1998, all programming changes should
be completed and testing should be well underway for mission-critical
systems.  Also, when OCC examiners conduct quarterly
reviews of year 2000 compliance activities, they will review each
bank's contingency plans to ensure that they include alternative
solutions and reasonable trigger dates for implementing those
solutions, if necessary.

For further information on year 2000 issues, contact the Bank
Technology unit at
(202) 874-2340.



                                      
James D. Kamihachi
Senior Deputy Comptroller
Economics and Policy Analysis
Date: December 19, 1997

Attachment