During the summer and fall of 1998, a nervous clamor was beginning to build as the potential consequences of the year 2000 computer bug were debated.
At the time, corporate disclosure of Y2K-related issues was under attack. In the US, the Securities and Exchange Commission issued a stinging rebuke to companies following the dismal results of a disclosure study conducted by its Year 2000 Task Force. Pressure also increased in the UK, where the Accounting Standards Board and its Urgent Issues Task Force called for comprehensive Y2K disclosure, a message echoed in December by the European Commission.
By the beginning of 1999, private organizations in Europe and the US, as well as the SEC, were reporting improved Y2K disclosure. Few companies were ignoring the problem wholesale in their reporting, and most were beginning to address Y2K issues relating to their businesses, operations, and relationships with customers, suppliers and other constituents. Companies were also beginning to provide timetables for carrying out plans, noting present and projected costs, and mentioning contingency plans.
Dormant regulators
So where does Y2K disclosure stand today? At the SEC, there’s been significant activity surrounding the Y2K status and disclosure practices of broker-dealers, transfer agents, and investment advisors. The SEC’s third report on ‘the readiness of the US securities industry and public companies to meet the information processing challenges of the Year 2000’, issued to congress in July, calls attention to several studies showing improved preparation in the financial services industry. Public companies receive notably less scrutiny, though.
The report does mention specific studies of corporate Y2K disclosure, and even notes that in April, the SEC wrote to the CFOs of those companies whose Year 2000 disclosure could, in the SEC’s opinion, be improved. However, while the SEC says it will continue to monitor the situation, public companies have not faced the same fines and censures that have been very publicly levied against broker dealers, transfer agents, and investment advisors.
Compared to the SEC, European regulators are even more lax when it comes to Y2K disclosure, offering merely ‘best practice’ guidelines. Since a March 1998 publication – abstract 20 – calling for greater Y2K disclosure, the ASB’s Urgent Issuance Task Force has been silent on the issue. The London Stock Exchange did issue a March 1999 ‘guidance note’, which mentions abstract 20 and reiterates that listed companies must make disclosures of Y2K issues in annual reports and accounts, but this is also a ‘best practice’ policy.
As Carol Page, assistant secretary of the LSE’s financial reporting review panel, explains, the problem is that authority to regulate disclosure has not been clearly defined. ‘The UITF abstract 20 doesn’t specify where disclosure is to be made, so it doesn’t fall under our supervision. If it’s not required to be put in any specific area, then it’s hard to say whose jurisdiction it falls under.’
Few changes
Although regulatory agencies have backed off from checking compliance, most companies have not diminished their own reporting. According to Mary Thurber, IR director at Cisco Systems, there have been no real changes in the company’s disclosure policies since February. ‘If you look at our SEC reports, we’re continuing to follow the regulations.’
Ian Bates, group control manager, responsible for coordinating all Year 2000 work at the UK’s Royal Sun Alliance, agrees that his company has changed little in terms of what information it is disclosing with regard to Y2K. ‘The majority of our communication is via a two-page statement that is basically the same as that which we’ve been disclosing since the latter half of 1998,’ he says.
Both Thurber and Bates say the level of investor interest has remained low. ‘If anything, it is getting quieter,’ says Bates. ‘There’s still a steady trickle, but not hundreds of inquiries coming in.’
Michael Mayo, an analyst who follows banking stocks for Credit Suisse First Boston, cut earnings estimates on four banks in May, citing Y2K risk as a concern behind the downgrade. But he says his analysis was slightly influenced by the companies’ disclosure.
‘Y2K disclosure is only one input into our overall analysis. Quality wise, the disclosure is mixed, with the majority of the information being fairly boilerplate. But it’s our job as analysts to go beyond it,’ says Mayo.
Overall, financial institutions are considered the best prepared for the impact of the Y2K bug, and Mayo concedes that banks in general are doing a very good job. ‘The question is, if you are the most prepared, does that still protect you from potential earnings problems? Most of the banks say We’ve done the best we can to look after our third parties, but there’s only so much we can do.’
What’s missing?
In addition to the status of third parties, companies are leaving out other critical elements when it comes to Year 2000 disclosure, according to private watchdog groups. Cutter Consortium, a US-based consulting firm specializing on Y2K, and Company Reporting, a monthly financial journal based in Edinburgh, each noted in February that while the number of companies disclosing Y2K information was improving, most glossed over or ignored critical information.
Graeme Farmer, assistant editor at Company Reporting, says that the magazine’s most recent survey shows results have leveled off, though he notes that some of the upbeat rhetoric has dissipated. ‘It’s far more common now for companies to put a rider at the bottom of their reports, saying that they can’t guarantee they will be unaffected by Y2K-related problems. But this is still not common practice,’ he says.
Sheila Green, senior analyst at Cutter Consortium, believes companies are choosing not to disclose as much as they should, a situation worsened in the absence of regulatory pressure. ‘There are a number of things they leave out, such as the costs of contingency planning and the costs of litigation,’ she says.
Part of the problem, admits Green, is that companies don’t know what the costs of contingency planning or litigation will be. But there’s little incentive for them to determine the costs. ‘If companies aren’t in good shape, they have to know that the costs could be substantial. But those are the ones unlikely to disclose that information since no-one wants to disclose negative information,’ she says.
Dr Edward Yardeni, chief economist at Deutsche Bank in New York, has been collecting the Y2K disclosure statements from the 10Ks and 10Qs of S&P 500 corporations since 1998. Yardeni agrees that pressure to improve Y2K reporting has eased, particularly at the SEC, which he says has lost interest to such a degree that he’s received Y2K-related calls from people directed to him by the SEC.
As for what is being left out of disclosure, Yardeni points to a poll of IT professionals he conducted with CIO magazine and ISACA, a global information technology auditors association. ‘The results show that the 900 respondents, most of whom were from large companies, were very confident in their progress. But when I asked if they were waiting for any mission critical programs from third party vendors, a third of them said yes,’ he says.
Too little, too late
Given the relaxed attitude of regulators and the dwindling time that remains before the New Year, it seems unlikely any meaningful change in disclosure will occur. Perhaps diluting the issue further is the recent legislation passed by the US Congress that includes a cap on punitive damages for some suits filed against companies whose products or services suffer a Y2K malfunction. The bill also discourages class-action lawsuits, and provides for a cooling-off period during which companies can fix problems before a suit can go forward.
Improvement of disclosure seems even less likely in Europe, where individual governments and the EU have shown little interest in liability matters, choosing to just promote voluntary corporate transparency on Y2K. So while disclosure of the issue lags behind the US, there’s even less protection from litigation.
Will there be consequences for those companies whose disclosure falls far short of reality? ‘We’ll find out,’ says Yardeni. ‘The lawyers will do what they’re going to do. If there are major problems, and it’s clear companies didn’t give the full story, the lawyers are going to go after them.’
