Unified Fund Services
Monitoring Software Key to Compliance for Mutual Fund Service

---

The Setting

Unified Fund Services, Inc. is a closely held company specializing in providing the backoffice infrastructure for nearly 180 small- to mid-sized Mutual Funds.

Joseph Milton, CISSP, is Vice President and Chief Security Officer at the Indianapolis, Indiana corporation. CISSP stands for Certified Information Systems Security Professional.

“The title is sort of like the CPA of technology security,” said Milton. Clearly, it carries some weight at Unified Fund Services. After the CIO, Milton is considered the company’s senior IT person, although he is not actually part of the IT department. According to Milton, who has been in Information Technology for approximately 15 years, management chose to keep security a separate entity, giving him “independence to see IT without bias.”

The PC network at Unified Fund Services has been Windows NT-based for the last five years, but is in migration to Windows 2003. Most of the approximately 120 workstations -- 80 local and the balance remote -- run Windows 2000, and are moving to XP Pro.

The Challenge

In Milton’s opinion, today’s software programs are extremely powerful, but at the same time, vulnerable to attack.

“Programmers are a little less strict with code, there are lots of holes,” said Milton. “The situation has created some completely new areas, like my job, for example. The proliferation of email … growth of instant messaging … there are entirely new challenges from all sides.

“Everything we say and do is subject to scrutiny. We are a company with a strong compliance mindset. We have very strict policies over dissemination of information … what can and can’t be said. We also have to work with the Privacy Policies of the various Mutual Funds.”

Key industry overseers and regulatory concerns include the SEC (Securities and Exchange Commission), NASD (National Association of Securities Dealers), the GLBA (Gramm-Leach-Bliley Act), and the Sarbanes-Oxley Act.

Search for a Solution

“Largely because of the late trade and market timing accusations surrounding the mutual funds industry, the SEC became more aggressive about emails,” said Milton. “Monitoring of email became key. Compliance officers need to check EVERYTHING in an email … they look for certain keywords.

“Because our industry is so focused on security, monitoring was overdue.”

At the same time, senior management expressed the desire to maximize productivity … to do more with less.

“There were two things that prompted monitoring,” said Milton. “There’s compliance, and keeping a safe and civil business environment while making sure employees are doing what they should be doing.”

The monitoring initiative came down from the Chief Information Officer, and included the creation of Milton’s Security Officer position.

“That’s when I came across SpectorSoft,” said Milton. “Another CISSP mentioned it in a common discussion forum. I looked at SpectorSoft and a few others. Key things I considered were what can I monitor, how easily can I monitor, and how easy is it to update. Then came cost.

“From what I have seen, Spector CNE offered the most robust solution with ease of maintenance. I have 80-plus workstations and I wanted to easily update and deploy changes.

“SpectorSoft made that happen.”

Discoveries

“We had a couple of incidents prior to having Spector CNE,” said Milton. “Someone was looking at something they shouldn’t have been … another employee walked by, saw it, and complained.”

Naturally, the Human Resources department became concerned, and involved.

“With Spector CNE, it’s likely something like that won’t happen again, or we’ll have the proof we need to address it appropriately,” said Milton. “Spector CNE not only solves regulatory issues, but Human Resources issues as well.”

	“The ability to BLOCK access to web sites or to ALLOW access just to certain sites … senior management really liked this option,” said Milton. “Essentially it’s black list or white list … we chose to use a white list. In my opinion, that’s the only way to do it.”
	“Even though we did not feel we had productivity concerns, I have seen a positive change,” said Milton. “If I had to point to one thing, I would say people are making more of an effort to produce good email. There’s better grammar … more or less explanation as appropriate. It has helped us with email etiquette.”
	“Spector CNE not only monitors the web but email, applications, and the time and date of these things,” said Milton. “Plus, there’s the screenshots. If I get an email alert based on my keywords, Spector CNE’s screenshots give me the ability to get to the bottom of what might be a serious violation.”
	“We have a standard policy that we don’t allow IM (instant messaging), and thanks to Spector CNE reports, we found a few of those programs right away,” said Milton.

Similar to anti-theft systems and passenger safety devices driving down the cost of automobile insurance, Spector CNE’s impact is impressive enough to warrant special consideration by one of the company’s carriers.

“I handle the details of our cyber insurance policy, and the monitoring software is one of the topics of discussion,” said Milton. “Adding Spector CNE may be a positive for our premiums … there may be a discount coming.

“With Spector CNE, we’re deterring inappropriate activity, and that reduces risk.”

Awareness

“Some employees were unsure whether their activities could be monitored,” said Milton. “They thought webmail – like Yahoo – might go undetected. But with Spector CNE we can see it all, and we needed to make everyone aware, so we use the software’s Logon Notice.”

In addition to the Logon Notice, the company’s Acceptable Use Policy states employees are subject to PC activity monitoring. The company has had a monitoring clause in place for several years.

“A past administrator loaded the demo program of a simple web activity monitor, so the policy was amended then,” said Milton. “But until we got Spector CNE, we really weren’t able to do anything about it.”

Working With Employees

“Initially, we installed the software without notice,” said Milton. “I primarily put the program on the workstations of managers so I could get a feel for it. After that, as part of a regular meeting, I let managers know we’d be monitoring all email … all web activity … all applications run.

“There were some who felt it was a little like Big Brother watching over your shoulder. But bottom line, they understood the compliance issues.

“Better I catch something up front as it happens than finding out about it several weeks later. Even better the employees watch what they say.”

Spector CNE: The Software of Choice

“Spector CNE is very well documented, easy to learn and use,” said Milton. “I played with it for a couple of weeks, saw what I could see, then I worked on a keyword list for the alert feature. Keywords are essential to making sure email conversations with shareholders are compliant.”

Said Milton:

	“The install went very, very easily … simple. It’s always nice when you can implement something like Spector CNE before the fact, instead of scrambling around like crazy after something has happened."
	“All-in-one interface, ease of use, ease of deployment, ease of management and ease of updates … Spector CNE has it. And the ability to set up groups is really nice.”
	“I’ve passed on information about SpectorSoft to our employees. Parents have concerns over their kids at home … I understand … I have a 15-year-old daughter and a college-age son. I had to completely clean the hard drive of his machine because you can pick up lots of stuff browsing where you shouldn’t have been.”
	“Spector CNE is like a One-Stop Shop for monitoring. With it, you can monitor all key functions in one place.”

“It’s inexpensive insurance,” said Milton. “When you consider the liability and risk factor … it only takes one event … one lawsuit … to go over the cost of licensing.

“We’ve had benefits from day one.”

For more information about Unified Fund Services, Inc., please visit www.ufsonline.com.

For more information about Spector CNE, please visit www.spectorcne.com … or for more information about SpectorSoft and its other dependable, full-featured PC and Internet Activity Monitoring Software products, please visit www.spectorsoft.com.

-- -- -- -- -- --