The year 2000 computer problem presents a number of unique issues for the insurance industry with potentially severe ramifications, writes James Amberson. It has a deadline which cannot be changed; companies will either meet it or they will not.
Insurers face a variety of exposures to the year 2000, including: making sure that their own internal information technology systems are compliant, that key suppliers' systems are compliant and that insureds and their suppliers are compliant, as year 2000 related claims may be presented under various non-life insurance policies.
Many insurers who have year 2000 projects are focusing only on their own internal information technology compliance. However, their greatest financial exposure is under the policies which they write. There are already sites on the internet discussing which policies may pay for the consequences of the year 2000 problem. Lawsuits and claims are certain to follow. Therefore, insurers also need to address the non-information technology side of the year 2000 problem, that is underwriting, claims and investment.
The year 2000 problem, often referred to as "Y2K" or the "millennium problem", has its roots in the early days of computer programming. In an effort to save precious and costly computer memory, programmers used two digit abbreviations for date fields. Consequently, "1997" became simply "97". The year 2000 problem results from the inability for computers to distinguish between "00" meaning 2000 or 1900. Therefore, processes which involve dates may no longer function or may produce incorrect results.
Predictions have included the "crash" of computer systems as a result of their inability to handle the conflicting dates or negative time periods, the "shut down" of core systems, mass cancellations of policies or contracts due to perceived non- payment, mis-calculation of bills or premiums due to errors in the calculation of the time period or age of individuals or buildings, and erroneous calculations of interest payments, etc. It has been predicted that as many as 10% of companies will be driven into bankruptcy as a result of the costs of repairing their year 2000 problem or the consequences of inadequate amendment to their systems.
The multitude of computer languages used and differing styles in which dates were programmed add further complications. It is not uncommon for a company to have used dozens of different computer languages, some of which may no longer be supported.
Beyond the calculation between two dates, the two digit year field was often used for special functions, such as: "If '99' then, perform some differing, special function." These special instructions may start causing problems before the year 2000 or simultaneously.
The year 2000 problem is not simply a problem for mainframe computers. It has also been found to affect personal computers and embedded chips.
The scope of the problem
The following examples provide some perspective:
Germany: A survey by the research department of the Cologne Re's global casualty facultative department in June 1997, found that in only 21% of the 124 companies polled from the chemical, engineering and banking sectors had the board or senior management been informed on their companies' year 2000 problem. Of the surveyed companies, 65% responded that their potential losses due to the year 2000 problem could be in excess of DM1 million (about $546,448) with 36% saying that their losses could be more than DM10 million. The loss exposure estimated by this small sample was around DM850 million!
United States: Only 16% of the Fortune 500 companies have started their year 2000 conversion. (Cap Gemini America, 7 October 1997). The first claims involving the year 2000 problem have already been made. One involves a small Michigan based retailer who has made a claim due to the cash register's inability to handle credit cards with a "00" expiration date. (CMP Media Inc., 18 August 1997).
The first class action suit, seeking $50 million, was made in December 1997, as a result of a software company's failure to provide free year 2000 compliant upgrades. In January 1998, a financial information provider to Wall Street could not provide earnings estimates beyond 1999 due an internal year 2000 problem. (Bloomberg, 13 January 1998).
Directors and officers and professional indemnity
The year 2000 problem presents significant exposure to financial loss, which is likely to result in claims on policies which provide coverage for financial loss, such as directors' and officers' liability, errors and omissions, and professional indemnity.
D&O: The year 2000 problem is essentially a management problem. Directors and officers who do not address it adequately may jeopardise the long term survival of their company, thereby exposing themselves to claims from shareholders or other corporate stakeholders.
Key questions for directors and officers include:
* Have board members adequately informed themselves of the scope of their year 2000 problem and accorded appropriate resources in addressing it?
* Has the management developed and implemented a year 2000 compliance project plan?
* Is the management adequately evaluating the quality of the work and the performance schedules of outside contracted programmers?
* Has the board adequately disclosed the costs and ramifications of the year 2000 problem?
* Have directors and officers evaluated the problem in the due diligence process in a merger or acquisition to avoid an unknown, significant liability?
* Has the board documented its attention to and efforts in addressing the year 2000 problem?
On 12 January 1998, the US Securities and Exchange Commission instructed companies to: "disclose their estimated expenses and the impact they are likely to have on company operations and finances. Companies also should reveal their plans and timetable for fixing the year 2000 problem, including how these plans might affect relationships with customers and suppliers." (Bloomberg, 12 January 1998). This position also affects non-US companies who have shares traded in the US.
Although not as litigious as in America, European and Asian shareholders have become more critical of management's accountability to shareholders, as have American pension funds who are increasing their investments in non-US companies. Other stakeholders, such as by customers, employees, governmental bodies and creditors, could also foreseeably seek legal action if they suffer a financial loss due to a company's inadequate response to the year 2000 problem.
Itoba v Lep1 has demonstrated that non-American companies who have issued ADRs, may be exposed to US law and jurisdiction for shareholders' claims involving not only ADRs but also shares traded on non-American exchanges.
Some insurers have been writing multi-year D&O policies which will expire after 1 January 2000, without proactively underwriting the year 2000 exposure! Insurers should determine whether their current standard of underwriting information is adequate to assess an insured's year 2000 exposure. Issues to consider include: the relevant systems audit of all programmes, assessment, analysis and prioritisation of key processes, the plan for addressing the problem, budget, vendor evaluation, use of outside consultants and advisors, and testing/validation of their solution.
Professional indemnity: A number of professionals, such as accountants, architects, auditors, engineers, financial institutions, lawyers, and healthcare providers, may have or have had a duty, responsibility or client expectation to have considered, addressed and/or avoided the risks posed by the year 2000.
Accounting firms are involved in a number of business activities which could present professional liability exposures, for example: auditing, management information systems consulting and other consulting activities connected with making a client's computer systems year 2000 compliant, such as commenting on the tax consequences of repairing versus upgrading an information system.
The action by the SEC in the US has provided some guidance on the disclosure requirements for auditors. The United Kingdom has a bill pending which if passed will require auditors to qualify the accounts of companies who are not year 2000 compliant. Regardless of the fate of the bill, could an auditor offer an unqualified opinion on a company whose core computer systems may not work because they are not year 2000 compliant?
Legal professionals may face an exposure to claims for advice on contractual and licensing agreements for computer services and software, securities related disclosure requirements, due diligence during mergers and acquisitions, and legal requirements and liabilities related to the year 2000.
Engineers may face exposures arising from design errors associated with non-compliant products, processes or projects.
Obviously, computer related professionals, such as hardware and software developers, designers, information managers and management consultants are at risk for claims arising from programmes and systems which are not year 2000 compliant, failure to address the problem or over-sold and under- delivered solutions. Detailed contractual terms on the scope of services provided and liability may assist in limiting the exposure. However, overly restrictive contractual terms may be challenged.
General and products liability
Whether computer software is legally seen as a "product" or a "service" may be uncertain or differ between countries. This distinction may have significant ramifications on the period during which a developer of a software "product" or "service" may be sued, on the burden of proof and on the standard of liability.
There is a great deal of concern with "embedded computer chips". The use of computer chips in electronic and other products and processes is so wide spread that it is difficult to ascertain which ones contain chips whose date function programming could be affected by the year 2000 problem. Products which cause concern include medical equipment, alarm systems, fire suppression systems, valves, control, monitoring and operating systems, and switching and signalling equipment in organisations as diverse as refineries, chemical plants, hospitals and prisons. While not all products which include a two digit year will cause bodily injury, property damage or financial loss, there may be significant incidences of increased claims activity from those that do.
Exposures under other insurance products
There are additional insurance coverages in some markets which may cover claims arising from the year 2000 problem, such as products recall, financial loss extensions, banker's professional liability, trustee's liability, removal and replacement (for example, répose and dépose and Aus- und Einbaukosten), vendors' liability, warranty insurance, computer property coverage, business interruption, failure to supply, etc.
The year 2000 problem clearly presents significant exposures which should not be ignored.
(To be continued in Global Reinsurance June 1998 with a detailed coverage evaluation.)
James Amberson is a professional indemnity specialist on the European referral desk for General & Cologne Re, global casualty facultative, based in Cologne, Germany.
1. Docket No. 94-7562, 1995 US App. LEXIS 10774.
AAIS Bulletin, 29 August 1997, No. 97-331. Best's News, 30 December 1997. Bloomberg, 12 & 13 January 1998. http://www.Year 2000.com