National Association of Securites Dealers, Inc. Year 2000 Program Presentation to Global Benchmarking Council March 3-5, 1999 NASD Confidential Y2K Executive Steering Committee YEAR 2 0 0 0 YEAR Presentation Overview Program Overview and Structure 1998 Milestones and Lessons Learned 1999 Focus: Communications Business Continuity Planning NASD Regulation Membership Broker/Dealer Education Membership and Industry Preparedness Broker/Dealer Testing NASD, NASD Regulation & Nasdaq Testing Integration Testing Industry Testing March 4, 1999 Investor Education and Public Confidence Program NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 2 YEAR 2 0 0 0 YEAR NASD Year 2000 Program NASD and it’s subsidiaries formed joint Year 2000 Program in early 1996 Decentralized business line execution with centralized oversight and reporting Governance provided by Year 2000 Executive Steering Committee Senior management participation; formal policies and procedures; reporting and communications mechanisms Inventory includes more than 11 million lines of code in mainframe systems, mid-range and desk-top platforms Total estimated NASD Year 2000 costs: $36 million Ongoing reviews and audits from internal and external review organizations March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 3 YEAR 2 0 0 0 YEAR Program Scope Y2K Program Office Certification & Contingency Planning • Inventory Control and Analysis • Software/System Renovation • Computing Infrastructure • Facilities Renovation • 3rd Party Applications/Vendor Management • End User Computing • Metrics Capture & Reporting • Contingency Planning • Contingency Plan Tests Contact: Bill Sickenberger Year 2000 Testing • Integration Testing • Business Systems • Computing Infrastructure • Facilities Related Systems • Recertification of Renovated Soft/Sys. • Industry Test Execution/Coordination • External Testing • Test Scenarios • Execution and Reporting • External Contact Management • Metrics Capture & Reporting Contact: Bill Sickenberger • Policies & Procedures • Industry Best Practices • Industry Liaison • Program Success • Risk Analysis • Management/Board Reporting • Major Issue Management • Key Process Management • Program Financials • Business Contingency Planning • Staff Retention & Compensation Assessment Audit & Program Review • Participate & Respond to Audits by Internal Review, external auditors, and industry regulators • Insurance Analysis • Industry Legal & Regulatory Participation • Management & Audit Committee Reporting Contact: Bill Bone Contact: Bill Bone Communications Center • Management Reporting (Board, ESC, IAC, SEC, GAO) • Year 2000 Articles for Nasdaq, NASD & NASD Regulation publications • External publication articles • Brochures, flyers, notices, media • Library Management • Third Party & Vendor Response Letters • Y2K Web Site Content Management • Investor Education Program • Internal Awareness & Education Membership Support Services • Member Firm Awareness and Education • Member Information Collection & Disclosure • Member Analysis • District Examination Support • Joint Management of Regulatory Functions with the SEC, AMEX, NYSE • International Firm Management Contact: Lyn Kelly Contact: Martha Manco March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 4 YEAR 2 0 0 0 YEAR 1998 Milestones Remediation, Replacement & Certification NASD, NASD Regulation, Nasdaq Application Remediation: 100% Complete Total number modules remediated: 14,010 End User Computing (Mission Critical): 100% Compliant Facilities - 95 Components: 96.8% Compliant Vendor Hardware Products (64): 100% Compliant Vendor Software Packages (159): 92.5% Compliant March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 5 YEAR 2 0 0 0 YEAR 1998 Lessons Learned Remediation, Replacement & Certification Requires a fundamental strategy: Planning, Baseline Schedule, Track/Measure against the Baseline Schedule Third Party Vendors Approach early and often - vendor/product status may change Test when available Establish contingencies for mission critical - know the trigger points Work closely with vendors - help them where possible Benefits Documentation of all systems and methods Provided enterprise view of systems & interfaces March 4, 1999 Accurate inventory of all internal & external applications Cleaned house of applications taking space but not in use Opportunity for replacing/upgrading - selection of best product for replacement NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 6 YEAR 2 0 0 0 YEAR 1998 Milestones Membership Support Services Education & Awareness Activities Workshops & Seminars Conducted: 80 Year 2000 Publications to Members: 40 Call Center - Member Assistance, Information & Analysis Incoming Call Volume: Peak - 350 per day; Non-peak - 30 per day Outgoing Calls to Members: 5,594 total calls made in 1998 Member Analysis - Ready for 2000? Clearing Firms: 100% Market Makers: 100% Introducing Firms: Top 20% Member Reports Received, Processed & Filed: 11,000 March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 7 YEAR 2 0 0 0 YEAR 1998 Milestones Communications & Administration Education & Awareness Activities Workshops & Seminars Conducted: 84 Year 2000 Publications: 124 Members: 40 Investors: 20 Internal / External: 26 Reports: 38 Program Office & Membership Support Services Library Files Maintained: 30,000 Responses to Compliance Inquiries: 2,616 Letters Mailed 1998 Audits Completed: 5 March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 8 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Business Continuity Planning Program Mission To provide the program organization and processes to ensure continuity of critical business functions and services which may be lost because of failures induced by Year 2000 date-related malfunctions. This mission is in support of NASD, its subsidiaries, member firms, the SEC, and other industry participants. Scope March 4, 1999 Applies to the conduct of Year 2000 Business Continuity Planning and Operations by the NASD corporate staff and NASD companies. It includes establishing and managing relationships with government and industry entities. NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 9 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Business Continuity Plan Definition Business Continuity Planning provides solutions which will be automated, manual, or a combination of both and will not involve failed system components. Technology Disaster Recovery Plans and Business Continuity Plans are complimentary and must be fully coordinated. Technology Disaster Recovery Plans are aimed at restoring systems to their intended function in priority order. Business Continuity Plans should not assume that Disaster Recovery was successful. March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 10 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Organization & Governance Year 2000 Executive Steering Committee (ESC) Bill Bone Year 2000 Program Officer Bill Sickenberger Director, Business Continuity Planning Policy Guidance and Reporting Officers and Managers from each Company Business Continuity Planning Committee NASDAQ Business Continuity Planning Teams NASD Business Continuity Planning Teams NASDR Business Continuity Planning Teams AMEX Business Continuity Planning Teams Michelle Conner Business Continuity Planning Project Director March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 11 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Strategy SEC/SRO agreement on high-level event responses Coordination of high-level event responses with SIA Decentralized business unit planning; central Program Management oversight and reporting Separate Business Continuity plans and test plans (dress rehearsal) Plan for hierarchy of Command Center Structure Technology and support services integral to business directed planning team Each Business Unit Business Continuity Plan will include: Business Continuity Readiness kits Business Continuity Events/Scenarios Plans March 4, 1999 Ownership for planning cannot be outsourced Use worst case scenarios Employ SWAT Teams (internal/external), if applicable NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 12 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning PROCESSES Reports, Requests Strategy Year 2000 Program Office Corporate Governance Decisions Centralized Program Management and Reporting (Year 2000 Program Management Office) Decentralized planning and execution chaired by business units and co-led with Technology Services. This includes participation by Production Services and Administrative Services Business Line Continuity Planning Teams Technology Business Services Experts Rep. March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 13 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Business Continuity Management & Planning Roles & Responsibilities • Policy and Guidance • Process Management • Program Plan • Template for Business Units • Committee Coordination • Training • Industry Liaison • Consultation (internal/external) • Testing • Budget • Issues Management • Progress Reporting • Business Continuity Operations Planning • • • • • • • • • • • • • Program Office March 4, 1999 Business Continuity Planning Committees Business Continuity Planning Teams Business Continuity Planning Metrics/Reporting Mission Critical List (Applications, Services, Facilities) Risk Analysis Cost Estimation Establishment of Controls Recovery Operations Business Continuity Planning Training Test Plans Testing Company Level Command Center Each Company NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 14 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning I finished the BCP ! Aren't I finished? 7 Business Continuity Plan Document Conduct Business Continuity Operations 7 January 2000 Assure Facilities & People in Place Define Recovery Solutions 6 6 Establish Controls 5 5 Conduct BC Training Conduct Risk Analysis 4 4 Test BC Plans (dress rehearsal) Create BCP Team 3 3 Review Priorities/Complete Mission Critical List 2 Set-up Business Continuity Planning Committee Create Test Plan 2 No, you're not finished! You are just getting started! 1 1 March 4, 1999 Update BC Plan Business Continuity Plan Document NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 15 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Operations in the Year 2000 Concepts Corporate Command Center Structure Assured communication with NASD Companies, Industry, and Government Representatives from business, technology and support organizations Each company will operate a Response Center reporting to the Corporate Command Center Additional Company Subordinate Response Centers if required SWAT Teams managed at company level; current status reported to Corporate All failures and outages managed by Company Response Centers; reported to Corporate Command Center March 4, 1999 Media contacts are managed at the Corporate Command Center NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 16 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Command Center Structure President’s Council On Year 2000 Operations in Year 2000 SEC Command Center NASD Representative NASD, Nasdaq Amex, NASDR Corporate Command Center SIA Command Center Staff Business Operations Technology Regulation Logistics Media Relations Other FRB Communication Desks Nasdaq Desk Nasdaq Response Center Issuer Services Field Response Ctrs. March 4, 1999 AMEX Desk Amex Response Center Nasdaq International Response Center NASDR Desk SIPC NASDR Response Center District Response Ctrs. NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 17 YEAR 2 0 0 0 YEAR 1999 Focus - Business Continuity Planning Lessons Learned March 4, 1999 Business Continuity Planning must be top-down supported Financial and human resources must be allocated Business units must drive the planning process - technology provides support Must become a priority activity for each business unit - cannot be “oh by the way, let’s put some plans in place “ Specialized facilitation must be provided to business units - they know their business, but not necessarily how to plan for contingencies Centralized oversite for consistent approach and integrated plans Plans must be tested - dress rehearsals conducted NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 18 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness The NASD Regulation Membership Support Services Program is designed to assist members in preparing for the Year 2000 Education and Awareness Publications Education Workshops Membership Information Collection and Disclosure Membership Reports Examinations Membership Analysis Other Activities March 4, 1999 100% Clearing Firms, Market Makers & 20% Composite of Introducing Firms District Coordination and Industry Participation and Leadership NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 19 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness EDUCATION AND AWARENESS Education Workshops Best Practices - Planning Educational Topics - NTM SEC Reports Q&A Fall Securities Conference SIA Conference Spr. Securities Conference SIA Conference Fall Securities Conference Reg - Tech Symposium SIA Conference SIA Conference Publications: NTM, RCA (Monthly) and CRD (Quarterly) Mandatory Education Best Practices SEC Reports Legal, Contingency Planning, End User Q&A MEMBERSHIP INFORMATION COLLECTION AND DISCLOSURE 4 Membership Reports NASD Survey SEC BD-Y2K Report #1 Exam Module Exam Procedure Web Disclosure SEC BD-Y2K Report #2 & New Member Application Mandatory Testing Y2K Readiness Exams of Identified Firms Onsite Reviews & Interviews MEMBERSHIP ANALYSIS 100% Clearing Firms, 100% Market Makers & 20% Composite of Introducing Firms OTHER ACTIVITIES District Coordination & Industry Participation and Leadership Contingency Planning Business Scenario Define SWAT Perform Finalize Day Conduct Execute Awareness Development Teams Simulations Zero Strategies Rehearsals Strategies 1Q 1998 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1999 G:\Depts\Y2K\Common\Y2K Communications\Membership Support Services\NASDR Strategy cht-Jan.99. Updated1/28/99 March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 20 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness Year 2000 Membership Support Services 1999 Education & Awareness Program Quarter 1 Quarter 2 Upcoming requirments (Testing/BDY2K) & helpful hints on contingency planning, legal issues and end user news Investor Communication, Status of NASD Testing, Contingency Planning, Exchanges & Utilities, and Risk Management Quarter 3 Where they should be, Regulatory News, Investor/Client Focus Quarter 4 Wrap up of the year, Analysis, Legal Risk, Beyond 1/3/00 Proposed MSS- NTM Articles Mandatory Testing, Year 2000 Legal and End User Issues BDY2K Helpful Hints and Best Practices in completing forms. Possible enforcement actions and regulatory requirements March 4, 1999 Best Practices and Helpful HintsInvestor Communication for member firms State of the Industry and where you should be. Checklist and the Upcoming Certification Process Looking at categories of member Mandatory Testing and BDY2K, where is firms- common complications and the NASD Membership hurdles as the Year 2000 gets closer Internal Testing and Contingency Planning Investor Article Real time Contingency Planning Testing - Helpful Hints and Checklist A year of efforts in review- what worked and what didn't. Contingency planning windows Year 2000 - Day Zero preparations. NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 21 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness Proposed MSS- 1999 Virtual Workshops Mandatory Testing Investor Communication Best Practices Risk Management and the Broker/Dealer State of the Industry- National and Global View Contingency Planning - large firms Internal Testing Contingency Planning - The view for 1999 and firms of all sizes State of the Utiltities and other critical services Contingency Planning - small firms Peer Review of Best Practices Investor Relations Legal Review Legal Workshop State of the Utiltities and other critical services Operational Guidelines for all Firms Beyond Year 2000 BDY2K for Small firms Audit, Agreed Upon Procedures and Examinations BDY2K for Large firms Exchanges and Utililies Update Contingency Strategies for Clearing Firms Mandatory Testing Contingency Strategies for Introducing Firms Certification of Y2K Compliance MSS-On-site Education Workshops Y2K Overview Part 1:BDY2K review Y2K Overview Part 2: Contingency Planning Conference Participation/ MSS Speaking Engagements NASDR Sprig Securities Conference Fall NASDR Securities Conference SIA Conference March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 22 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness Member Analysis Ongoing Routine District Exams with Year 2000 Module If Exceptions Q1-Q4 Clearing, Mark et M ak e rs and Gov't Firm s Formal Review Cause Exams Q3-Q4 (Clearing & Carrying) Q4 1999Q1 2000 If Red continue Joint Exam Process w / SEC Enforcement Actions If Red continue Firm Business Reduction or Closing If Red When not Red When not Red Q1-Q4 Clearing, Market Makers, Government & Top 20% Introducing Firms Informal Review and Monitoring (Yellow and Green) March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 23 YEAR 2 0 0 0 YEAR 1999 Focus - Membership Readiness Mandatory Testing 1999 Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec Virtual Workshops SIA Industry Cycle Seminar Education MandatoryTesting Special Notice to Members Mandate Industry Nasdaq RTC Cycle Mandate Mandate Amex Integration Testing Nasdaq Point-to-Point Testing Nasdaq Regulation Point-to-Point Testing Industry Cycle Test Industry Cycle Testing Reporting Define Metrics Weekly Reporting Point-to-Point Testing Determine Metrics Enforcement Bi Weekly Reporting Industry Cycle Tests Point-to-Point Testing March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 24 YEAR 2 0 0 0 YEAR 1999 Focus - Testing January 1999 - April 1999 Continue preparation for industry-wide testing Perform industry-wide test Continue external testing with customers Internal re-certification May 1999 - December 1999 Internal re-certification Continue customer unit testing Market data vendor testing Quarterly Integration testing Dedicated environment System dates changed on all platforms Full regression testing Date specific for newly certified apps March 4, 1999 NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 25 YEAR 2 0 0 0 YEAR INPUT 1999 Focus - Testing TESTS QC IV +V 3rd Party Custom Applications OUTPUT Nasdaq External Test Center Recertification Certification Rockville External Test Center Members Data Vendors March 4, 1999 Integration External Mandatory Industry Cycle Certification Recertification Integration Industry Cycle OUTPUT Metrics Participants List, Report to SEC, P.O. Metrics Amex Production Metrics External Mandatory Industry Cycle Rockville Internal Y2K Test Centers Amex Y2K Test Center NSCC DTC Data Vendors Recertification Certification Data Vendors Members NSCC DTC etc. TESTS Metrics 3rd Party Custom Applications Nasdaq Y2K Internal Test Center INPUT Y2K Certification for Hardware & Utility Software Nasdaq Production Environment Metrics/ Reporting to P.O Metrics Y2K Certification for Hardware & Utility Software Rockville Production Environment Metrics Participants List Metrics/ Reporting to P.O. Metrics Y2K Certification for Hardware & Utility Software NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 26 1999 Focus - Testing YEAR 2 0 0 0 YEAR INDUSTRYWIDE TEST TRANSACTION FLOW P A R T I C I P A N T S March 4, 1999 MARKETS EQUITIES CORPORATE BONDS MUNICIPAL BONDS OPTIONS NYSE AMEX NASDAQ CBOE CSE BSE CHX PCX PHLX OPTIONS OCC TRADES EXECUTED NSCC UITs MUTUAL FUNDS TRADES CONFIRMED AND CLEARED EXERCISE EQUITY OPTIONS DTC NASD Year 2000 Program TRADES SETTLED “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 27 1999 Focus - Testing YEAR 2 0 0 0 YEAR •Orders/Executions •Merged Order Logs •Limit Order Rec. Street-Side Process Flow for Industry-Wide Testing NYSE •Orders/Executions AMEX •Merged Order Logs •Limit Order Rec. •Option Contracts •Orders/Executions NASDAQ •Trade RECAPS MEMBER FIRMS • Fixed Income, QSR, • Correspondent Clring • Index Products, OTC, • Mutual Funds NSCC Direct Submission •Equity Contracts - NYSE, Amex & OTC • Data Service • Risk Reporting • SAR Reports •Orders/Executions •Fixed Income Contracts, Corps, OCC Munis & UITs •Index Products •Settlement •Institutional Delivery •MMI Processing •Regional (RIO) & CBOE, PHLX, CHX PCX, CSE, BSE •End of Day Files Prime Broker ID •Correspondent Clearing •CNS Settlement Activity Reporting •Prime Broker ID DTC March 4, 1999 DTC NSCC/SIAC •Mutual Funds NASD Year 2000 Program “This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.” 28