Institutions Prepare for Daylight Savings Time Change

Unless you’ve been on extended vacation since last year, you know it's coming - the change to Daylight Savings Time (DST). The changes required in financial institutions’ computer networks and software in the timing of the beginning (and end) of Daylight Savings Time has been viewed as mostly a thankless task, reminiscent of work done on Y2K.

Daylight Savings Time will be extended by four weeks in the U.S., Canada, Bermuda and the Bahamas. This came about when Congress passed the Energy Policy Act of 2005. It will begin the second Sunday of March (March 11 this year) instead of the first Sunday in April, and will be extended until the first Sunday in November (November 4 this year) instead of the last Sunday in October. Financial institutions are now applying the series of patches from vendors to ensure their networks, servers, desktops and any other systems that have time settings are adjusted to reflect this change.

The institutions and vendors polled were positive that they already are, or will be, ready for the change. “Thank goodness for Y2K and how many folks can say that? It actually helped us prepare for this change although not to the extent that Y2K did by a long shot. Yes, we are almost ready. We've tested our hotfixes, patches, etcetera, and the changes are being rolled out this week,” said Scott Coghill, M & I Support Services Corp.’s Vice President and Information Security Manager.

Similar statements were heard from Sarasota CU’s CEO Tom Randle, “Daylight Savings Time is on our radar, and we’ll be ready for it. We view it pretty much as a non-event.” Those statements are echoing across other institutions and the vendor community.

Financial institutional service providers also voiced optimism that the majority of institutions are ready for the change in DST. At Jack Henry, Dennis Gorges, the company’s Corporate Compliance Officer noted, “We’ve been making some changes and adjustments to programs and advising clients to patch their servers now. We’ve not really seen it as a material issue, recommending that they make sure patches are made to servers, and everything is tested and updated. Even here within Jack Henry’s data centers we have just completed our patches for DST.”

At Information Technology Inc. (ITI), a subsidiary of Fiserv, the view is one of “common sense,” and an exercise in due diligence, according to Jim Sizemore, ITI’s Chief Information Officer. “As the most widely used software vendor among the nation’s banks, you can well imagine that we offer hundreds of software solutions, including applications from many third parties – Microsoft, IBM, and so on.”

Sizemore said ITI (and Fiserv) see the change in daylight savings time as a calendaring event. “It’s nothing new. We have advised our customers that they need to make changes to their desktops and servers affected with the DST change. We’ve provided them links with information on how to make the changes, patching the Windows OS, and while it’s an onerous, time consuming task for banks with hundreds of desktops and servers, its something that has to be done.”

From an application and software point of view, “it’s really more of a process. It is a good exercise in common sense ‘due diligence’ and is something that banks are accustomed to, in terms of patching their environment,” said Sizemore, and he used as an example, Microsoft’s Tuesday patches.

Some of the items that would need to be tested in terms of bank operations, the timing alignment to validate transactions, time stamps need to be checked, server times, as well as any dropped transactions. “We believe most of our customers have already made the changes, or are in the process now in making the needed changes and patching their systems,” he said. Sizemore said they sent reminders to their nearly 3000 banks last month to let them know that these changes needed to take place.

The financial institutions that Metavante’s Chief Information Officer Brian Hurdis has spoken with “have been working on this issue since late 2006. The challenge for them is that many are still awaiting all changes/patches from some of their third party service providers, and in turn, are waiting to test these patches in their rollover to the new DST.”

Hurdis noted Metavante’s work on DST began in the 3rd quarter of 2006. “We’ve been setting up our systems, complete with test environments, and have run multiple tests to ensure that our systems are correct. We also had some latecomers in vendors, so we’ve also tested their changes to make sure we’ve got our processes up and running.” Metavante’s 8200 customers include financial institutions that either have a portion of, or their entire core banking products outsourced to Metavante.

“On all the core services we provide to our financial institution customers, we’re completely ready for the DST change,” Hurdis said, noting the majority of changes at financial institutions would come directly from Microsoft or other software and application vendors.

The regulatory bodies have also issued press releases on the upcoming change. Read more about what the OCC recommended: https://www.bankinfosecurity.com/articles.php?art_id=189

FDIC: http://www.fdic.gov/news/news/financial/2007/fil07017.html

NCUA: https://www.cuinfosecurity.com/regulations.php?reg_id=391

Here are several links that will be useful for those institutions that haven’t finished DST changes:

IBM: www.ibm.com/support/alerts/us/en/daylightsavingstimealert.html

Microsoft: www.microsoft.com/windows/timezone/dst2007.mspx

www.dstpatch.com – website with links to many of the primary software provider’s DST web locations.

http://www.calconnect.org/dstdocs.html - provides program implementation guidance.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network