Year 2000 program offices in companies are looking for legal assistance. If you are the corporate counsel who has been assigned to assist your company's Y2K efforts, then this article is written for you. Your brethren in law firms who give you Year 2000 assistance and counsel may also find this article useful.
As the designated "Y2K Counsel," you may initially be unsure how to proceed. While Y2K program offices often suggest that legal assistance is critical, what specifically should be done is not always self-evident. Further, you also know that non-lawyers don't always identify what is appropriate for lawyers to do, and they certainly don't identify all the actions you should consider taking. Below is a list of practical actions that you should consider in your role as Y2K counsel. Some of the actions are not purely legal in nature, but then your job isn't purely legal either, is it?
In all the work you do as Y2K counsel, keep in mind that a Y2K legal plan should aim to achieve four basic objectives:
- Prevent loss of life/personal injury.
- Preserve the Enterprise Revenue Run rate.
- Limit legal exposure.
- Retain something of value from the process.
The potential for injury or loss of life may affect the order in which you assess systems and the level with which you test systems. It also may affect what assurances you need to obtain from third-party vendors. While this goal may not always be applicable, retain it as a part of your mental checklist whenever you address an aspect of the Year 2000 problem. Corporate survival is also high on your list, and maintaining a revenue stream is usually the most critical element.
Good results on the first two goals goes a long way toward fulfilling the third goal: limiting legal exposure. If no one gets hurt and your company's revenues are not affected, then the risk of tort or shareholder litigation will be small. Therefore, while it is important to assist in shifting Year 2000 risks to third parties, anything you can do to avoid the Year 2000 problem altogether is of even greater importance.
Finally, be on the lookout for actions that will benefit your company beyond 2000. For example, you may want to add Year 2000 assurances to your company's standard form purchase order. If your company does not have a standard purchase order, now may be a good time to develop one. Since the Year 2000 program office may spearhead the first comprehensive inventory of computers in your company's history, ask how that inventory can be updated, and therefore its usefulness preserved, for future use.
Move Down Y2K Awareness Cycle
Probably your most critical role is to shape public opinion in your company. You may have noticed that you are asked to give business advice all the time. This is because you are smart, well trained, and you think through issues — in short, your opinion is considered valuable. You have the ability to influence opinion in your company.
The most significant reason why companies have not reacted appropriately to the Year 2000 problem is lack of awareness. The problem is largely technical in nature, and the avoidance of understanding technical things is a national pastime. Think of how often a discussion of computers results in someone saying "I don't understand computers" or "I can't even program my VCR," and you can begin to grasp why mental avoidance of the Year 2000 problem is so popular. Also, examined at its most superficial level, the Year 2000 problem seems easy to fix — just add two more digits. People are in denial about the Year 2000 problem because they don't understand it and don't see why it should be a problem.
This is where you come in. As a corporate counsel, people value your judgment. As a member of the Year 2000 team, you have access to the people who understand the problem. Learn enough about the problem to convey the reality and immediacy of the problem to others.
The Y2K Awareness Cycle
Awareness of the Year 2000 Problem entails a series of stages:
- It's just an IT problem.
- It's only an enterprise problem.
- We live in a global village.
- Contingency/Disaster planning.
You should identify specific Year 2000 problems from sources that you consider reliable, and disseminate those problems within your company. For example, many companies have become motivated when they learned of a failure that has already occurred. IT professionals are often hesitant to publicize these failures for fear of their jobs. Key management personnel should be made aware of these failures. People who believe this is just an IT problem are often motivated when they learn of irrefutable problems with voice mail systems, phone systems, or building security systems. Similarly, reports of the difficulties of key suppliers may motivate management to look at this problem in a broader context. Awareness of how these problems are broader than a single enterprise may hit home when you relay to senior management specific Government Accounting Office readiness reports of the U.S. air traffic control system.
To be credible, it is important that the information you communicate be specific and from a reliable source. Therefore, spend time with those personnel who are actually in the trenches. Understand the problems they are facing, let them tell you war stories, and communicate those difficulties to other change agents in your enterprise.
Document and Validate Y2K Processes
Your company is probably following a predictable process in addressing the Year 2000 problem. The process is briefly described below.
- Inventory. As soon as a company decides to investigate its systems, it discovers that there is no list of the systems.
- Strategy/Assessment. As the inventory is being prepared, next comes the realization that there isn't enough time to look at everything. In looking at the various systems, a project team develops a strategy for the assessment process.
- Renovation/Replacement. The existing system is either modified or replaced.
- Testing. This is a complicated and time consuming process.
- Implementation. Once tested, the system is put into production.
At each of these stages, choices are being made as to the most appropriate way to proceed. If Year 2000-related losses occur and litigation commences, these choices will be second guessed. Part of your role is to question and document why choices were made and why they are the right choices for your company. If, for example, your company wants to identify what software is running on PCs so that the important software can be tested, how will this be done? Is this process likely to generate a complete list? How do you know? Are others using the same methodology? Is the methodology being recommended by an experienced, well-respected third-party consultant or someone within your company who has experience in these areas? If you were required to prove that you developed a good process, what documents would you use?
Asking these questions and documenting the process serves two functions. By focusing on the validity of the process, you will help prevent the problem. Second, it reduces your company's legal exposure by making the job of second guessing more difficult.
Stop the Bleeding
You need to help prevent your company from continuing to buy into this problem. You should implement procedures that identify whether a product or service will be affected by the Year 2000 problem before the contract is signed, and then contractually allocate the risk of the problem. This can be done in at least three ways.
Remember, prevention is better than having someone to blame. Normally, when you get involved in the contracting process, the decision to buy has already been made. Lawyers typically are asked to document the relationship and allocate risk, not decide what to buy. Therefore, make sure that Year 2000 issues are addressed as a part of the decision to purchase, not just at the contract phase. Get your company's purchasing department involved.
Consider in-service training to the purchasing department on the nature of this problem. Provide the purchasing department with language that they can put in Requests for Proposal that makes the proposed vendor demonstrate, not just promise, that they do not have a problem, or at least that they are addressing the problem.
Here are some examples of things you can request that vendors demonstrate in connection with the purchasing process. If the product or service contains no hardware, software, or embedded devices (i.e., it can't have a Year 2000 problem itself), then find out whether the vendor will be adversely affected. Ask the vendor (1) whether it has a written plan for addressing the Year 2000 problem, (2) who is involved in the process (if only IT is involved in the process, then you may worry that enterprise and global issues are not being adequately addressed; if upper management is not involved, then you may need to worry about budgets), (3) how many and what projects have actually been commenced, (4) what the status of these projects are, (5) whether completion dates have been set, and (6) whether the dates are still realistic. If the product or service itself may have a Year 2000 problem, you may ask for descriptions of test methodologies and specific results of tests. Obviously, if a vendor can show what functionality is having problems, then you can have some comfort that the system has been tested.
Add Further Assurances to the Agreement
Give some thought to building into contracts the right to get additional information and action after the contract is executed. For example, try getting the vendor to agree to participate in additional Year 2000 tests of its systems, upon request. You may want copies of test methodologies and test results to be made available upon request. You may also want to require the vendor to notify your company in the event the vendor becomes aware of or receives notice of a date-related problem with its products or services. The vendor should probably be under an obligation to take additional actions in the event a problem is discovered, which may include developing a written plan of action and the delivery of status reports, in addition to just fixing the problem.
Warranties fall into two categories. The first category is a specific representation as to specific facts. For example, a specific warranty could be that the software uses a specified windowing scheme to resolve two-digit year inputs by assuming all years exist between 1930 and 2029. Because of the many ways that two-digit year inputs are handled, such a warranty must be tailored to the specific product. These kinds of warranties can be quite useful not only for the purposes of allocating risk but also in determining whether the vendor has really looked at the problem.
The other form of warranty is a general warranty that the product is "Year 2000 Compliant." This form of warranty will help allocate the risk to the supplier in a broad way.
General warranties may be less likely to help with your first two goals of preventing personal injury and protecting your enterprise. The utility of this kind of warranty is limited for three reasons. First, most agreements involving technology contain caps on liability, often limited to the amounts paid under the contract. A personal injury or loss of revenue will often result in losses that are considerably higher than the contract limit. Second, most technology agreements provide that indirect and consequential damages (including lost profits) are not recoverable. While one can assert failure of essential purpose or similar theories to argue that these contractual limitations are void, many of these limitations of remedy and caps on liability will be enforceable. Third, even if you can avoid the limitations, few technology companies can economically withstand a wide-scale problem with its customer base. Therefore, unless your company is in the front of the line with a judgment or is only one of a few customers affected by the problem, a warranty may not serve to fully compensate your company for a loss attributable to personal injury or lost profits. While warranties are useful and you should try to get them, for many companies warranties should not be the first line of defense. This, in turn, places additional pressure on trying to make sure that the Year 2000 problem is avoided.
Use the Business Judgment Rule
Board of Director action on Year 2000 matters is very important. You want to make sure that you understand the existing case law on the business judgment rule in your state and the way in which courts are distinguishing, for purposes of the business judgment rule, between cases involving a board's active decision and those in which the board failed to exercise proper oversight. As part of this inquiry, consider recommending to the board that it not only receive status reports from time to time, but that the board make an active decision about the frequency and content of information to be provided to the board. In addition, the board should probably be made aware of and asked to approve the processes that have been put in place to address the Y2K issue.
Governments are behind. If your company is big enough to have a corporate counsel like you, then your company probably has more political clout than Joe Citizen. Your company should be pressing to ensure that government officials be aware of the problem and do the right thing.
Often, the focus of an existing supplier compliance strategy is on sending letters to suppliers and getting responses. Unfortunately, letter campaigns have often been abysmal failures, plagued with low response rates and inaccurate responses.
Create Multi-Phased Approach
Since letter campaigns have not been successful, they perhaps should not be at the cornerstone of a Y2K supplier project. Like any Y2K project, the first phase is to compile an inventory of suppliers. Remember that suppliers are not necessarily those entities who are paid by your company. Examine the chain of production that enables your company to purchase a product or service.
Once you have a list of suppliers, determine which ones are the most important. Metrics to consider include the nature of the product or service being provided, the consequences of not receiving the product or service, the length of time before its loss will produce problems, the complexity of the chain of production, and whether there are alternative sources of supply.
Consider visiting key suppliers. Ask if members of your Year 2000 team can join their team. Meet jointly to discuss common problems and solutions. Phone conversations with key members of a supplier's Year 2000 team may be useful in determining whether you are dealing with a supplier who has a chance of making it.
Help With Corporate Resolve
You will get better response rates if your company actually refuses to do business with a supplier who does not provide appropriate assurances. One problem is that such a policy will be resisted by your own people. If the managers resist replacing recalcitrant suppliers, ask them to develop and begin implementing a credible plan for dealing with the loss of that supplier in January, 2000.
This is an area where the need to shift risk, that has been ingrained in us since law school, may get in the way of doing the right thing. People who are truly aware of the Year 2000 problem are normally the ones who will not give Year 2000 warranties. However, the companies that are truly aware of this problem are the ones with which your company wants to do business. A policy of shifting the Year 2000 risk from your company to a supplier may result in your company only dealing with blissfully unaware suppliers.
Instead of shifting the risk, consider insisting on information that discloses to your Year 2000 project team the supplier's level of Year 2000 awareness and the supplier's progress. These kinds of "process" and "progress" questions, especially when they ask for specific facts, may be more palatable for your supplier to answer. Your legal counterpart at the supplier may be more comfortable letting the supplier answer whether it has a written Year 2000 action plan than stating that the supplier is "compliant."
Involve Risk Management
Insurance policies are being changed to exclude the risks of the Year 2000 problem. Your company's risk management department and your insurance agents need to be aware of and on the lookout for this phenomenon.
Don't Forget your Customers
If key customers have Year 2000 problems that prevent them from buying your company's products, your company's internal Y2K efforts may be of no use. Consider ways to partner with them to solve their problem. Joint meetings, joint supplier chain initiatives, and shared intranet World Wide Web sites are examples of ways to partner to reduce this problem.
No attempt has been made in this article to list all the actions corporate counsel should take related to the Year 2000 problem. Also, different companies will have different approaches to the problem. Hopefully, this article will help corporate counsel who have been assigned to work on the Year 2000 problem be more proactive and assist in reducing the risk of the Year 2000 problem to their companies.