By Andrew M. Roman, Esq.
The Year 2000 problem, sometimes referred to as “Y2K” or the “Millennium Bug,” is steadily becoming the business world’s most talked about issue. And if any of the dire predictions made by some commentators come true, it will be the most important challenge for businesses to overcome during the next year and a half.
For a complicated problem, it has simple origins. Early information technology (IT) programs utilized only two digits to record the year for date-sensitive data and assumed that the missing two digits were “19.” For reasons that may be debated for years, this convention persisted in the IT industry long after improvements in computer memory made it unnecessary. As a result, many mainframes, servers, personal computers, microprocessors and embedded systems may be programmed to interpret the date entry “1/1/00” as January 1, 1900.
If you are like most Americans, you are now thinking, So what? That is a good question. No one knows the true extent of the problem, or what its full implications will be. But many computer programs depend on date-sensitive data. It is used for a multitude of purposes, from calculating payment due dates to controlling automated operations. Additionally, vast numbers of embedded chips in products ranging from answering machines to nuclear equipment could have the same problem. Even more unfortunate, the Year 2000 challenge is not limited just to older products. Some IT users have reportedly found that software sold as recently as 1997 has Year 2000 problems.
Year 2000 doomsayers have announced predictions ranging from massive business failures to worldwide political instability. Even calmer heads are expecting considerable disruption to business as usual. The Gartner Group, an IT consulting firm, estimates that 30 percent of companies worldwide will experience a critical software failure because of the problem, despite spending $300 billion to $600 billion in efforts to fix it. And a Montana research firm, Triaxsys Research LLC, recently reported that 45 percent of the 250 largest American corporations disclosed in their SEC filings that they may suffer adverse material impacts from Year 2000 computer problems, suggesting that the common wisdom, that corporate America has the problem under control, may be wrong.
Whichever view is right, one thing is practically certain: As we approach the critical date, the dynamics of the marketplace will push those businesses that are prepared to confront the Year 2000 challenge to the top of their market segments, and the laggards to the bottom. For example, manufacturers whose Year 2000 preparations are well advanced will be unwilling to do business with suppliers that cannot demonstrate an equal level of preparation. Likewise, financial institutions will be unwilling to extend credit to businesses whose ability to repay the loan may be in doubt because of Year 2000 uncertainties.
By now it should be apparent that senior management in every organization, and anyone holding a position as a fiduciary, needs to make sure that the interests they represent are adequately protected from adverse Year 2000 consequences. What, then, should be done to prepare for this event, if it has not already been done? Here is a brief summary:
Assign responsibility within your organization for addressing these problems. Treat this as the serious business continuation issue that it is and select the employees accordingly, making sure to cover all mission critical areas. If possible, include legal counsel on this task force. Many legal issues will come up, and you may want the advice of counsel. Additionally, communications with counsel are frequently protected by the attorney-client privilege.
Establish a timetable for resolving the issues and implementing the solutions. Include firm deadlines for all key milestones, and leave at least six months in 1999 as a grace period, in case of complications. Do not overlook embedded systems.
Find out from your vendors if the IT products they supplied are Year 2000 compliant. The Information Technology Association of America (ITAA), based in Arlington, Virginia, has developed a Year 2000 Product Questionnaire to help IT users obtain the fundamental information they need to address their Year 2000 issues. The questionnaire, which can be obtained from ITAA’s website at www.itaa.org/questmain1.htm, includes a Year 2000 compliance definition developed by ITAA’s Year 2000 Legal Advisory Group. While the ITAA Questionnaire does not address every Year 2000 issue, the use of this standard format should minimize response time and increase the likelihood that users will obtain information needed to address their issues.
Develop or acquire the solutions needed to make your mission-critical operations Year 2000 compliant as soon as possible. Expect that as the date approaches, competition for the services of IT professionals and consultants will intensify, making them more expensive and less available.
Determine if you have any affirmative obligations to disclose the status of your Year 2000 preparations and the possible effects on your business of Year 2000 complications. Public operating companies, investment advisors and investment companies should refer to the SEC’s Revised Staff Legal Bulletin No. 5, dated January 12, 1998, for guidance on Year 2000 disclosures. This may be accessed from the SEC’s website at www.sec.gov/rules/othern/slbcf5.htm. Other businesses may find these same guidelines useful in considering their own disclosure obligations in the context, for example, of loan applications, insurance applications, and reports to investors. Manufacturers of products with Year 2000 problems may have an obligation to issue warnings or recall notices.
Take special care in responding to Year 2000 inquiries from others. They may arrive in the form of questionnaires, demands for “certifications,” or guarantees buried in form contracts. Consider establishing a procedure so that all responses are coordinated or approved by a central authority in the company. You must strike the proper balance between assuming unnecessary obligations and refusing legitimate requests for assurances. For example, under the Uniform Commercial Code, if reasonable grounds for insecurity arise after a contract is signed, indicating that the seller’s ability to deliver the goods under the contract is uncertain, the buyer is justified in demanding adequate assurances of performance, and if the seller ignores the demand, he has repudiated the contract. This entitles the buyer to obtain the goods elsewhere and sue the seller for damages for nonperformance.
Learn whether the third parties who are critical to your business—suppliers, service providers and in some cases even major customers—are prepared to meet the Year 2000 challenge. Ask your suppliers and service providers for an assurance in writing, but as with any written commitment, also assess their ability to make good on it.
Determine now if you have any claims against others for your Year 2000 remediation costs or liabilities. In Pennsylvania, the statute of limitations for breach of contract or warranty claims is four years from the date the cause of action accrued. In many cases, this may require legal action within four years of the date of the delivery of the noncompliant IT product or the performance of the faulty IT service. You may need to act promptly to preserve your rights, either by entering into a tolling agreement, or by filing a protective lawsuit.
If you have or anticipate that you will have Year 2000 costs and liabilities, investigate whether your insurance policies provide coverage and comply with any notice obligations under the policies. Standard & Poor’s expects Year 2000 insurance claims to rival those previously encountered by the insurance industry for the environmental and asbestos problems of the past several years. Also, before your policy renewal dates, find out if your current insurers plan to attach Year 2000 exclusions and explore all alternatives. The Insurance Services Office, the trade organization that develops standard policy wordings, has already obtained approval from insurance regulators in a majority of the states, including Pennsylvania, for a broadly worded computer failure exclusion for commercial and general liability policies which excludes liabilities arising directly or indirectly from Year 2000 problems. Because of relatively soft market conditions, however, it remains to be seen whether Year 2000 exclusions will be used uniformly, or can be negotiated away. In addition, some insurers are offering special policies to cover Year 2000 losses.
Generate and preserve contemporaneous records of your response activities. Whatever happens, you will want to be able to prove that you acted prudently, accurately disclosed all material facts, and took all of the steps reasonably appropriate to avoid Year 2000 problems from occurring. While this may not insulate you from liability, it will certainly minimize your exposure.
Properly managed, your organization can survive the Year 2000 challenge. But time waits for no one, and there is no time to waste.
Andrew M. Roman, Esq., is director and vice president of technology in the Pittsburgh law firm of Cohen & Grigsby, P.C.