Forty Years of Industry Leadership: DST Systems
Working with a service provider, fund complexes can maximize value for customers.
August 17, 2009
DST Systems, Inc. this year celebrates 40 years of providing market-leading solutions to the mutual fund industry. In recognition of this milestone, Money Management Executive asked DST's senior leadership to identify ways investment management companies can maximize the value they deliver to their stakeholders by leveraging the strengths and resources of a service provider.
This special three-part series looks at how service providers support investment management companies as they seek to manage expenses, improve efficiencies, mitigate risks, distribute their products and help ensure shareholder satisfaction.
Part 1 of the series, about managing expenses and efficiencies, is available at www.dstsystems.com, or in the June 29 issue of Money Management Executive. Part 2 of this series focuses on mitigating risks related to security, privacy, operations and regulation.
Managing Risks, Adding Value
Regardless of economic conditions, investment management firms are keenly aware of risks facing their organizations. They are concerned not only with their investment risk strategies, but with their ability to manage operational risks involving security, privacy and regulatory issues. While firms typically have deep risk-management expertise, many find that by working closely with a third-party service provider, they can demonstrate an even stronger risk assessment and management process.
"Firms looking to outsource technology or services should understand how their service provider can help them mitigate risk," said Steve Hooley, president and chief operating officer of DST Systems.
"DST's ability to support risk management begins with a strong corporate culture of risk awareness," Hooley said. "We have the scale to devote technology, people and processes to helping clients mitigate risk. We have robust systems designed to monitor and help protect against threats to critical information. And we deliver standardized processes and automated functions to help reduce the risk of human error. Our clients leverage these strengths in their risk management programs."
Privacy, Security and Operational Risk Mitigation
Shareholders have a fundamental expectation that their personal privacy will be protected and that the electronic environment in which their trades are processed is stable and secure.
"Safeguarding privacy, security and stability should be central to a service provider's offering," said Mark Prasifka, DST's chief information officer.
Prasifka said that DST reviews both external and internal threats to information security and privacy. External threats to shareholder information can include outsider attempts to break into data storage environments, intercept data transmissions or infiltrate e-commerce or Internet applications. Managing external threats is critical, and some of the main strategies include firewalls, use of encrypted communications lines, as well as public key/private key encryption of files to be transmitted.
"The online environment should undergo an extra level of scrutiny," said Prasifka. "All customer-facing applications within DST are SSL [secure socket layer] encrypted, and regularly assessed for adherence to security standards and baselines. We also use intrusion detection technology to monitor for extraordinary activity on our network."
Another important security measure is safeguarding portable or remote access to shareholder information. Prasifka noted that DST policy prohibits shareholder information from being physically stored on laptops or other unsecured portable media. He said that remote access should be protected using "strong" or multi-factor authentication, rather than a simple user name and password.
Additionally, it is vital to look at internal risks, such as those that may be introduced within the processing environment. Prasifka said that DST's TA2000® recordkeeping platform features internal controls designed to limit access to protected information.
DST defines which individuals have access to shareholder information, as well as specific approval processes for extending additional access. DST's automated business process management tool, AWD®, can mask Social Security and credit card numbers, so that processors have access only to the information they need to do their work. DST also provides clients with audit trails that show who within their shops has access, so they can determine whether user access designations are still appropriate.
Managing Disaster Recovery
The potential impact of a natural disaster, terrorism or human error on shareholder information has driven investment management companies of all sizes to focus greater attention on disaster recovery.
"We view disaster recovery as part of our core transfer agency operations," said Ed Eiskina, vice president with responsibility for DST's Winchester Data Center.
To this end, DST has invested in redundant, synchronized recovery facilities in which all critical applications and systems are matched one-to-one with its primary centers. DST utilizes mirroring technologies for its mainframe and open systems platforms, coupled with connectivity through high-capacity, private networks. Because DST owns both data centers, the Winchester Data center in Kansas City Mo., and a recovery data center in St. Louis, Mo., there is no contention for resources. In the event of an incident, DST has recovery time objectives to restart production at full capacity within four hours.