US 20050027649A1
(19) United States
(12) Patent Application Publication (10) Pub. N0.: US 2005/0027649 A1
(43) Pub. Date:
Cech
(54) EVENT TYPER
Feb. 3, 2005
Publication Classi?cation
(76) Inventor: Richard Cech, New York, NY (US)
(51)
Int.(IL7 ........................... ../\63F 9/24;z\63F 13/00;
G06F 17/00; G06F 19/00;
G061I 17/60
Correspondence Address:
(52)
DOCKET ADMINISTRATOR
LOWENSTEIN SANDLER PC
65 LIVINGSTON AVENUE
67)
(22) Filed:
ABSTRACT
Amethod of categorizing risk events is presented. Aminimal
list of predetermined questions is presented to a user seeking
to “type” a risk event. The questions are probative regarding
the event, but non-intuitive compared to traditional ques
ROSELAND, NJ 07068 (US)
(21) Appl. No.:
[LS.CL .............................................................. ..705os
10/789,583
tions that elicit an event narrative. The ansWers to the
questions de?ne “attributes of the event”. The method maps
the ansWers to lists of possible event types. Each successive
ansWer generates another list of possible event types. The
lists of possible event types are then combined to yield one
Feb. 27, 2004
or more common event types for the occurrence of a risk
Related US. Application Data
event being typed. In the preferred embodiment, ?ve ques
tions have been found to be sufficient to type most, if not all,
(60)
Provisional application No. 60/450,800, ?led on Feb.
28, 2003. Provisional application No. 60/450,809,
preferably one event type that is recorded for each risk event
?led on Feb. 27, 2003.
occurrence.
event occurrences. The result is one or more event types,
QUESTIONS ARE POSEO TO
PARTY TYPING A RISK EVENT
T
EVENT TYPER RECEIVES
ANSWERS TO THE QUESTIONS
1
VENT TYPER NAPS ANSWERS TO LISTS
fatocK A
/BLOCK B
farm 0
OE POSSIBLE EVENT TYPES (ONE ANSWER
PER QUESTION. ONE LIST PER ANSWER)
1
T
FUNCTIONAL RESULT IS ONE OR MORE fstocK 0
EVENT TYPES IS ASSIGNED TO THE EVENT
ACTION IS TAKEN BASED ON
ONE OR MORE EVENT TYPINGS
fatocx E
Patent Application Publication
Feb. 3, 2005 Sheet 1 0f 10
FIG. 1
14%
_/15
\E?“
13
11
\W
FIG. 2
Q
_/23
/24
22
[21
FIG. 3
1Q
(9
32
US 2005/0027649 A1
Patent Application Publication
Feb. 3, 2005 Sheet 2 of 10
US 2005/0027649 A1
FIG. 4
QUESTIONS ARE POSED TO
PARTY TYPING A RISK EVENT
_,»BLOEK A
T
EVENT TYPER RECEIVES
ANSWERS TO THE QUESTIONS
T
EVENT TYPER NAPS ANSWERS TO LISTS ,/'BLOCK O
OF POSSIBLE EVENT TYPES TONE ANSWER
PER QUESTION. ONE LIST PER ANSWER]
I
FUNCTIONAL RESULT IS ONE OR MORE ,/-BLOCK 0
EVENT TYPES IS ASSIGNED TO THE EVENT
1
ACTION IS TAKEN BASED ON
ONE OR MORE EVENT TYPINOS
fBLOCK E
Patent Application Publication
Feb. 3, 2005 Sheet 4 0f 10
US 2005/0027649 A1
FIG. 6A
DECISION MAPPINGS OF COR "EVENT TYPER' :
OUESTION 1
EVENT TYPE:
THEFT/FRAUD (EXTERNAL)
THEF FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
UNAUTHORIZED TRADING
INFORMATION SECURITY
PERSONAL SAFETY
PERSONAL
PERSONAL
PERSONAL
EMPLOYEE
SAFETY
SAFETY
SAFETY
RELATIONS
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
NATURAL DISASTER
NATURAL DISASTER
TERRORISM! POLITICAL
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
DISCLOSURE. SUITABILITY G FIDUCIARY
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
TAX VIOLATION
ADVISORY ACTIVITIES
SPONSORSHIP & SELECTION
REGULATORY MONITORING / REPORTING
TRANSACTION PROCESSING
CLIENT ACCOUNT ERROR
SYSTEM FAILURE
VENDOR DISPUTE
IINTTIATOR:
EMPLOYEE (EXTERNAL)
J
EXTERNAL PERSON / ANYBODY
CLIENT
PARTNER CO-VENTURER
UNKNOWN
EMPLOYEE (INTERNAL)
EMPLOYEE (INTERNAL) w/CONFEDERATES
EMPLOYEE (INTERNAL)
HACKER
EMPLOYEE (INTERNAL)
EXTERNAL PERSON / ANYBODY
CLIENT
UNKNOWN
EMPLOYEE (INTERNAL)
EMPLOYEE (INTERNAL)
EMPLOYEE (INTERNAL) w/CONFEDERATES
EXTERNAL FORCE (NATURAL)
EXTERNAL FORCE (INFRASTRUCTURE)
TERRORIST/ ACTIVIST
EMPLOYEE (INTERNAL)
EMPLOYEE (INTERNAL) w/CONFEDERATES
EMPLOYEE (EXTERNAL)
EXTERNAL PERSON / ANYBODY
CLIENT
PARTNER CO-VENTURER
HACKER
EMPLOYEE (INTERNAL)
EMPLOYEE (INTERNAL)
EMPLOYEE
CLIENT
EMPLOYEE
EMPLOYEE
EMPLOYEE
EMPLOYEE
EMPLOYEE
EMPLOYEE
EMPLOYEE
(INTERNAL) w/CONFEDERATES
(EXTERNAL)
(INTERNAL)
(INTERNAL)
(INTERNAL)
(INTERNAL)
(INTERNAL)
(INTERNAL)
COMPUTER OR DATA SYSTEM
EMPLOYEE (EXTERNAL)
Patent Application Publication
Feb. 3, 2005 Sheet 5 0f 10
US 2005/0027649 A1
FIG. 68
DECISION MAPPINGS OF COR "EVENT TYPER' :
QUESTION 2
(EVENT TYPE:
THEFT/FFAUD (EXTERNAL)
THEFT/FRAUD (INTERNAL)
UNAUTHORIZED TRADING
INFORMATION SECURITY
INFORMATION SECURITY
INFORMATION SECURITY
PERSONAL SAFETY
EMPLOYEE RELATIONS
DIVERSITY! DISCRIMINATION
NATURAL DISASTER
TERRORISM! POLITICAL
TERRORISM! POLITICAL
MALICIOUS DAMAGE
DISCLOSURE. SUITABILITY C FIDUCIARY
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
TAX VIOLATION
ADVISORY ACTIVITIES
SPONSORSHIP C SELECTION
REGULATORY MONITORING I REPORTING
TRANSACTION PROCESSING
CLIENT ACCOUNT ERROR
SYSTEM FAILURE
VENDOR DISPUTE
(BENzFIT TC .V]TIATOR:
PEPSONAL BEAE I)
PERSONAL BENEFIT
PERSONAL BENEFIT
PERSONAL BENEFIT
NON-FINANCIAL PERSONAL BENEFIT! MOTIVE
BENEFIT TO ANOTHER FIRM
NO BENEFIT INTENDED! MISTAKE
BENEFIT TO FIRM
NON-FINANCIAL PERSONAL BENEFIT! MOTIVE
NO BENEFIT INTENDED! MISTAKE
PERSONAL BENEFIT
NON-FINANCIAL PERSONAL BENEFIT! MOTIVE
NON-FINANCIAL PERSONAL BENEFIT! MOTIVE
BENEFIT TO FIRM
BENEFIT TO FIRM
'
BENEFIT TO ANOTHER FIRM
BENEFIT TO FIRM
BENEFIT TO FIRM
BENEFIT TO FIRM
NO BENEFIT INTENDED! MISTAKE
NO BENEFIT INTENDED! MISTAKE
NO BENEFIT INTENDED! MISTAKE
NO BENEFIT INTENDED! MISTAKE
BENEFIT TO FIRM
Patent Application Publication
Feb. 3, 2005 Sheet 6 0f 10
US 2005/0027649 A1
F16. bL'
DECISION MAPPINGS OF COR "EVENT TYPER' :
QUESTION 3
[ET_E_NT TYPE:
THEFT/FRAUD
THEFT/FRAUD
THEFT/FRAUD
THEFT/FRAUD
THEFT/FRAUD
THEFTIFRAUD
(EXTERNAL)
(EXTERNAL)
(EXTERNAL)
(INTERNAL)
(INTERNAL)
(INTERNAL)
)IMPACTED:
UNAUTHORIZED TRADING
INFORMATION SECURITY
INFORMATION SECURITY
INFORMATION SECURITY
PERSONAL SAFETY
PERSONAL SAFETY
PERSONAL SAFETY
EMPLOYEE RELATIONS
FIRM I SHAREHOLDERS
CLIENT
ANOTHER FIRM
FIRM ! SHAREHOLDERS
CLIENT
MEMBER OF GENERAL PUBLIC I ANYBODY
FIRM ! SHAREHOLDERS
FIRM I SHAREHOLDERS
EMPLOYEE
CLIENT
EMPLOYEE
CLIENT
MEMBER OF GENERAL PUBLIC I ANYBODY
EMPLOYEE
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
EMPLOYEE
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
TERRORISM! POLITICAL
TERRORISM! POLITICAL
TERRORISM! POLITICAL
TERRORISM! POLITICAL
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
DISCLOSURE. SUITABILITY 8 FIDUCIARY
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
EMPLOYEE
TAX VIOLATION
ADVISORY ACTIVITIES
SPONSORSHIP C SELECTION
REGULATORY MONITORING ! REPORTING
REGULATORY MONITORING I REPORTING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
CLIENT ACCOUNT ERROR
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
VENDOR DISPUTE
VENDOR DISPUTE
CLIENT
'
MEMBER OF GENERAL PUBLIC I ANYBODY
FIRM / SHAREHOLDERS
CLIENT
MULTIPLE
FIRM I SHAREHOLDERS
EMPLOYEE
CLIENT
MULTIPLE
FIRM I SHAREHOLDERS
EMPLOYEE
CLIENT
MEMBER OF GENERAL PUBLIC I ANYBODY
MULTIPLE
CLIENT
FIRM I SHAREHOLDERS
EMPLOYEE
CLIENT
ANOTHER FIRM
MEMBER OF GENERAL PUBLIC I ANYBODY
REGULATORY! PUBLIC OR GOVERNMENTAL INTEREST
FIRM I SHAREHOLDERS
REGULATORY! PUBLIC OR GOVERNMENTAL INTEREST
CLIENT
FIRM ! SHAREHOLDERS
MEMBER OF GENERAL PUBLIC I ANYBODY
REGULATORY! PUBLIC OR GOVERNMENTAL INTEREST
FIRM ! SHAREHOLDERS
CLIENT
ANOTHER FIRM
CLIENT
FIRM ! SHAREHOLDERS
CLIENT
ANOTHER FIRM
FIRM ! SHAREHOLDERS
ANOTHER FIRM
4|
Patent Application Publication
Feb. 3, 2005 Sheet 7 0f 10
US 2005/0027649 A1
FIG. ED
DEBISIDN MAPPINGS 0F COR 'EvENT IYPER“ 1
(IUESTIDN 4
(EVENT Y’E:
TE EFT/FFAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
UNAUTRDRIZED TRADINB
INEDRNATIDN SEDURITY
INEDRNATIDN SECURITY
INEDRNATIDN SECURITY
PERSONAL SAFETY
ENPLDYEE RELATIDNS
ENPLDYEE RELATIDNS
DIVERSITY! DISCRIMINATION
DIYERSITY/ DISCRIMINATION
NATUHAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
TERRDRISN/ PDLITIDAL
TERRDRISN/ POLITICAL
TERRDRISN/ POLITICAL
TERRDRISN/
TERRDRISN/
TERRDRISN/
TERRDRISN/
PDLITIcAL
POLITICAL
POLITICAL
POLITICAL
TERRDRISN/ POLITICAL
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
DISCLOSURE. SUITABILITY S EIDUcIARY
INPRDPER BUSINESS PRACTICES (BY EIRN)
INPRDPER BUSINESS PRACTICES (BY EIRN)
INPRDPER BUSINESS PRAcTIcES (BY EIRN)
INPRDPER BUSINESS PRACTICES (BY EIRN)
INPRDPER BUSINESS PRACTICES (BY EIRN)
INPRDPER BUSINESS PRAcTIcES (BY EIRN)
INPRDPER BUSINESS PRACTICES (AS vIcTIN)
INPRDPER BUSINESS PRACTICES (AS vIcTIN)
INPRDPER BUSINESS PRACTICES (AS VICTIM)
IN=A:T TYPE:
)
EINANDIAL (DIRECT)
FINANCIAL (INDIRECT. TO CLIENT I 3RD PARTY)
TRADING / MARKET IMPACT
PHYSICAL INJURY
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. TO CLIENT I 3RD PARTY)
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
FINE / PENALTY
TRADING I MARKET IMPACT
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. TO CLIENT / 3RD PARTY)
HUMAN. PERSONAL. PRIVACY RIGHTS
PHYSICAL INJURY
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT, TO CLIENT I 3RD PARTY)
PHYSICAL INJURY
HUMAN. PERSONAL. PRIVACY RIGHTS
FINANCIAL (INDIRECT. T0 CLIENT I 3RD PARTY)
TRADING I MARKET IMPACT
PHYSICAL INJURY
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
FAILED RECOURSE
MULTIPLE
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. TO CLIENT I 3RD PARTY)
TRADING I MARKET IMPACT
PHYSICAL INJURY
HUMAN. PERSONAL. PRIVACY RIGHTS
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
FAILED RECOURSE
MULTIPLE
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT, TO CLIENT I 3RD PARTY)
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
FINANCIAL (INDIRECT. TO CLIENT I 3RD PARTY)
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. T0 CLIENT I 3RD PARTY)
TRADING I MARKET IMPACT
HUMAN. PERSONAL. PRIVACY RIGHTS
PHYSICAL OR INTELLECTUAL PROPERTY LOSS l DAMAGE
FINE I PENALTY
FINANCIAL (DIRECT)
TRADING I MARKET IMPACT
PHYSICAL OR INTELLECTUAL PROPERTY LOSS I DAMAGE
Patent Application Publication
Feb. 3, 2005 Sheet 8 0f 10
US 2005/0027649 A1
FIG. 6E
DECISION MAPPINGS OF COR ‘EVENT TYPER':
QUESTION 4 (PART II)
EVENT TYPE:
1 IM ACT TYPE:
)
TAX VICLATION
TAX VIOLATION
TAX VIOLATION
ADVISORY ACTIVITIES
SPONSORSHIP C SELECTION
SPONSORSHIP 8 SELECTION
FIVANCIAL (DIRECT)
FINE I PENALTY
MULTIPLE
FINANCIAL (INDIRECT, TO CLIENT / 3RD PARTY)
FINE / PENALTY
FAILED RECOURSE
REGULATORY MONITORING / REPORTING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
CLIENT ACCOUNT ERROR
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
VENDOR DISPUTE
FINE / PENALTY
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. TO
TRADING / MARKET IMPACT
FAILED RECOURSE
MULTIPLE
FINANCIAL (INDIRECT. TO
FINANCIAL (DIRECT)
FINANCIAL (INDIRECT. TO
TRADING / MARKET IMPACT
MULTIPLE
FINANCIAL (INDIRECT, TO
CLIENT I 3RD PARTY)
CLIENT / 3RD PARTY)
CLIENT / 3RD PARTY)
CLIENT / 3RD PARTY)
Patent Application Publication
Feb. 3, 2005 Sheet 9 0f 10
US 2005/0027649 A1
FIG. 6F
DECISION MAPPINGS OF COR "EVENT TYPER' :
IENT TYRE:
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (EXTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
THEFT/FRAUD (INTERNAL)
UNAUTHORIZED TRADING
UNAUTHORIZED TRADING
UNAUTHORIZED TRADING
INFORMATION SECURITY
INFORMATION SECURITY
INFORMATION SECURITY
PERSONAL SAFETY
PERSONAL SAFETY
EMPLOYEE RELATIONS
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
DIVERSITY! DISCRIMINATION
NATURAL DISASTER
NATURAL DISASTER
NATURAL DISASTER
TERRORISM! POLITICAL
TERRORISM! POLITICAL
TERRORISM! POLITICAL
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
MALICIOUS DAMAGE
DISCLOSURE. SUITABILITY 8 FIDUCIARY
DISCLOSURE. SUITABILITY 8 FIDUCIARY
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (BY FIRM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
IMPROPER BUSINESS PRACTICES (AS VICTIM)
QUESTION 5
TDU' Y TYRE
ORDINAFY CONTRACTUAL! COMMERCIAL COUNTERPARTY
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NOT SURE! NOT APPLICABLE
EMPLOYEE CONDUCTING INTERNAL, NON-FIDUCIARY TASK
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
NOT SURE! NOT APPLICABLE
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
NOT SURE! NOT APPLICABLE
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NOT SURE! NOT APPLICABLE
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NOT SURE! NOT APPLICABLE
EMPLOYER
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
CONTRACTUAL! COMMERCIAL COUNTERPARTY
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NO HOLE OR RESPONSIBILITY
NOT SURE! NOT APPLICABLE
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NOT SURE! NOT APPLICABLE
NOT SURE! NOT APPLICABLE
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
VICARIOUS RESPONSIBILITY FOR EMPLOYEE, AGENT, ETC.
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
UNDER DUTY TO DISCLOSE! OFFER SUITABLE DEALS
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
UNDER DUTY TO DISCLOSE! OFFER SUITABLE DEALS
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
NOT SURE! NOT APPLICABLE
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
NOT SURE! NOT APPLICABLE
Patent Application Publication
Feb. 3, 2005 Sheet 10 0f 10
US 2005/0027649 A1
FIG. 66,
DECISION MAPPINGS OF COR 'EVENT TYPER' :
OUESTION 5 (PART II)
LEVENT TYPE:
TAX VIOLATION
TAX VIOLATION
ADVISORY ACTIVITIES
ADVISORY ACTIVITIES
ADVISORY ACTIVITIES
SPONSORSHIP 8 SELECTION
REGULATORY MONITORING /
REGULATORY MONITORING /
REGULATORY MONITORING !
REGULATORY MONITORING /
REGULATORY MONITORING I
TRANSACTION PROCESSING
TRANSACTION PROCESSING
TRANSACTION PROCESSING
CLIENT ACCOUNT ERROR
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
SYSTEM FAILURE
VENDOR DISPUTE
VENDOR DISPUTE
[DUTY TYPE:
I
NOT SUFE! NOT APPLICABLE
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
REPORTING
REPORTING
REPORTING
REPORTING
REPORTING
EMPLOYEE CONDUCTING INTERNAL.‘ NON—FIDUCIARY TASK
UNDER DUTY TO DISCLOSE! OFFER SUITABLE DEALS
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
VICARIOUS RESPONSIBILITY FOR EMPLOYEE. AGENT. ETC
NOT SURE! NOT APPLICABLE
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
EMPLOYEE CONDUCTING INTERNAL, NON-FIDUCIARY TASK
MEMBER OF GENERAL PUBLIC! ORDINARY CITIZEN
NOT SURE! NOT APPLICABLE
NO ROLE 0R RESPONSIBILITY
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
EMPLOYEE CONDUCTING INTERNAL. NON-FIDUCIARY TASK
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
INV MANAGER! FIDUCIARY! TRUSTEE! DUTY OF CARE
ORDINARY CONTRACTUAL! COMMERCIAL COUNTERPARTY
PARTY TO SPECIFICALLY NEGOTIATED CONTRACT
Feb. 3, 2005
US 2005/0027649 A1
EVENT TYPER
is needed is a standard Way for all banks to report risk event
types, preferably using industry standard categories.
CROSS REFERENCE TO RELATED
APPLICATIONS
[0001] This application claims the bene?t of US. Provi
sional Applications Ser. No. 60/450,800 ?led Feb. 28, 2003
and Ser. No. 60/450,809 ?led Feb. 27, 2003. The 60/450,800
and 60/450,809 applications are incorporated by reference
herein.
FIELD OF THE INVENTION
[0002]
This invention relates to methods of categorizing
risk, and more particularly to a method of typing risk events
based on prede?ned factors.
[0003]
SUMMARY OF THE INVENTION
[0009] A neW method of categorizing risk events is pre
sented. A minimal list of predetermined questions is pre
sented to a user seeking to “type” a risk event. The questions
are probative regarding the event, but non-intuitive com
pared to traditional questions that elicit a narrative of an
event occurrence. The ansWers to the questions de?ne
“attributes” of the event occurrence. The method maps the
ansWer to each question to a list of possible event types.
Each successive ansWer generates another list of possible
event types. The lists of possible event types are then
combined to yield one or more common event types for the
BACKGROUND OF THE INVENTION
risk event occurrence being typed. In the preferred embodi
ment, ?ve questions have been found to be suf?cient to type
Risk events, such as operational losses, occur rou
event types, preferably one event type that is recorded for
tinely in business. Risk events are occurrences that have
actual or potential ?nancial impact on an organization,
typically impact in eXcess of a de?ned threshold. Risk events
that have adverse consequences to an organization are of
particular importance as they can cause economic loss and
loss of reputation to the organization. Examples of these
types of risk events are theft (by organization outsiders or
employees), employee errors, ?res that destroy records
and/or capital equipment, terrorism and natural disasters.
[0004] Businesses such as ?nancial organizations track
operational losses caused by occurrences of risk events, and
analyze and categorize them. Managers reporting such
losses attempt to accurately de?ne event types. Event typing
most, if not all, event occurrences. The result is one or more
each risk event occurrence. Based on the event type from
one or more event typings, an organization can take actions
including risk event minimization, compliance With risk
event reporting requirements, and establishing appropriate
reserves to protect against future possible risk events.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010]
The advantages, nature and various additional fea
tures of the invention Will appear more fully upon consid
eration of the illustrative embodiments noW to be described
in detail in connection With the accompanying draWings. In
the draWings:
can be useful for reporting the event to the appropriate part
[0011]
of the organization, for storing the event categorization for
business risk event statistics recording, and for the predic
performing the inventive method;
tion of future risk events.
[0012]
[0005] Risk event reporting is of particular importance to
banks. Banks allocate reserves as required by international
FIG. 1 shoWs suitable hardWare environments for
FIG. 2 shoWs a softWare environment suitable for
event typing;
[0013]
FIG. 3 shoWs a Venn diagram illustrating event
convention as contingencies against various types of poten
type selection;
tial risk events. The amount of these allocations is based in
part on past occurrences of risk events. Event typing of past
[0014]
risk event occurrences can also affect insurance policies
related to risks.
FIG. 4 shoWs the steps to perform event typing in
accordance With one embodiment of the invention;
[0015]
FIG. 5 shoWs a graphical user interface suitable for
event typing; and
[0006]
It is important that standardized risk event report
ing be implemented. In part, this is because some reserves
spread risk among many organizations. Standardized risk
event typing can also help to foster an environment that Will
alloW for industry Wide analysis of risk events. Industry
Wide standard risk event reporting Would likely lead to more
meaningful and successful plans to loWer the occurrence of
undesirable risk events.
[0007] The Basel Accord is an international agreement
related to international banking practices. Standardization of
[0016] FIGS. 6A-6G shoW tables of the event types as
mapped to ansWers to questions 1-5.
[0017] It is to be understood that the draWings are for the
purpose of illustrating the concepts of the invention and are
not to scale. It is also understood that all application code,
other frameWork code, database programs, and data that can
be used to implement the inventive method reside on com
puter readable media and run on one or more computer
systems including standard computer components and oper
risk event reporting is one area of interest of the Basel
ating systems as knoWn in the art. Furthermore the invention
Working group. The Institute of Finance Industry group (IIF)
of the Basel Internal Technical Working Group (ITWG) has
can be implemented on a standalone computer, a client
computer communicating With a server computer, or the
adopted industry standards for the assessment of risk events.
softWare modules necessary to implement the inventive
[0008]
method can be distributed among computers on an intranet
or on the Internet. The inventive method can be performed
The problem is that reporters of risk events Within
organizations, and betWeen different organizations, report
event types in non-standard Ways, Which makes later orga
nization Wide or industry Wide analysis more difficult. What
by softWare Written in programming languages as knoWn in
the art, including, but not limited to, object oriented lan
guages such as C++, Java or J2EE.
Feb. 3, 2005
US 2005/0027649 A1
DETAILED DESCRIPTION
[0018]
FIG. 1 shows a hardware con?guration suitable for
use as an event typer. Standalone computer 11 is associated
with non-volatile memory 12. Computer 11 can also be
of the questions. The inventors realiZed that questions
related to speci?c attributes of an event can uniquely de?ne
the event without the need for a typical full descriptive
narrative which must then be analyZed by an expert in risk
such as a hard-drive. The event typer can wholly reside on
event typing.
[0023] The preferred embodiment of the event typer uses
?ve questions to arrive at ?ve answers regarding “attributes”
of the risk event. The ?ve speci?c questions of the preferred
embodiment are merely illustrative of questions useful to
computer 11 with all of the event attributes saved to memory
illicit a minimal set of information needed to arrive at a
connected to network 13 via an intranet or the Internet 14.
Network 13 can be wired or wireless. Another computer 15
can be a server on the network 13 and/or the Internet 14.
Computer 15 is associated with non-volatile memory 16,
12 and the event typer program residing in memory 12. Or,
some of all of the event data such as event attributes may be
stored in a remote memory, such as memory 16. In another
embodiment, computer 11 can merely act as a terminal, with
the event typer program running remotely on one or more
computers connected to the network (not shown) and event
data can be saved to one or more memory storage areas on
the network (not shown).
[0019]
The program code to perform the event typer
function can be a standalone program communicating only
with its own local memory for storing and retrieving event
data. FIG. 2 shows a typical embodiment where the event
typer can be a module, or subprogram 21 of an organiZa
tion’s larger risk management computer system 20. In this
con?guration, main program 22 can call functions in one or
more sub-modules as illustrated by modules 23 and 24
(providing different functions than event typer). The event
typer can also be con?gured as a module in a national or
international reporting system program.
[0020] The inventors realiZed that very speci?c questions
small set of identifying event types. To the best of the
inventor’s knowledge, the ?ve questions of the preferred
embodiment are an example of an optimiZed set of questions
that can be used to identify industry standard event types.
[0024] The answer to each question can be mapped to a list
of possible event types for that answer. FIG. 3 shows the
mapped set of event types as a Venn diagram. Here ellipse
31 represents the list of possible event types 37 generated by
mapping the answer to question 1. Similarly, 32 represents
the mapped list from answer 2, 33 represents the mapped list
from answer 3, 34 represents the mapped list from answer 4,
and 35 represents the mapped list from answer 5. It can then
be seen that hatched intersection area 36 represents one or
more event types 37 of the event being typed. Thus, the
functional result of an event type can be arrived at by ?nding
the common event type(s) that appear in the mapped lists of
event types. In the preferred embodiment, the combination
of attribute choices and the corresponding mapped lists of
possible event types, almost always results in only one
common event type.
of an event that can achieve rapid and standardiZed event
[0025] The attributes associated with each risk event can
be conveniently recorded to a computer media for long term
or permanent storage. This is particularly useful since events
typing. The answers to the questions de?ne predetermined
can then be “re-typed” en mass at a later time should the
characteristics or “attributes” of a risk event occurrence.
standard question set or typing conventions change.
[0026] FIG. 4 shows the method steps of the inventive
about a risk event can be used to create an attribute model
These questions are different than those that are typically
used to bring out the entire narrative of a risk event.
[0021]
Risk events are typically adverse occurrences that
process. First questions are posed to a party with a need to
type a risk event (Block A). The event typer receives
have a negative ?nancial, or potential negative ?nancial
answers for identifying the nature of the initiator of the
impact on an organiZation. Examples of risk events that can
expiring option, employee disputes over compensation
event, any bene?t to the initiator, the impact caused by the
event, the nature of the impact, and the initiator’s role in the
event (Block B). The answer to each question (the attribute)
including severance packages, embeZZlement of funds, natu
ral disasters including related power losses, failure to com
is then mapped to a list of possible event types that correlate
to the attribute (Block C). Next, the lists are compared to
ply with banking regulations including resultant ?nes, loss
derive only those event types 37 that are common to all lists
affect a ?nancial organiZation are: failure to exercise an
of funds do to identity theft, unauthoriZed trading activities
(Block D) as illustrated by intersection 36 of Venn diagram
including improper trades made for personal gain, money
30 of FIG. 3. And ?nally, one or more actions are taken
based on the resultant event type, such as, but not limited to,
laundering including ?nes as a consequences of failure to
detect it, theft of trade secrets from a competitor, theft of
money from ATM machines by employees, failure to state
reporting the event, collating statistics of various event
types, planning strategies to reduce the number of adverse
material facts in offering materials for ?nancial instruments,
violations of environmental laws including resulting ?nes,
and employee misconduct including diversity and discrimi
events, or planning event contingency reserve amounts
nation issues. These are but a few examples of risk events.
resultant list of possible event types for that question can be
Some organiZations may choose to type and report risk
events above some threshold level of impact to the organi
compared with the list resulting from the previous question
Zation, for example, those occurrences of risk events that can
result in losses of over $20,000.
questions. Only the remaining common answers need then
be compared to the possible event types associated with the
next question. Using the latter method, the results are the
[0022] An important aspect of the inventive event typer is
that the attributes (the answers to the questions) are not event
(Block
[0027] Alternatively, after each successive question, the
and reduced to the event types in common between the two
same as those arrived at when all event lists are compared
types. They are rather key characteristics, that when taken as
for common elements only after answering all questions.
a whole, can be important to identifying a risk event type.
[0028] In one embodiment, the questions and their corre
sponding answers are independent of the other questions.
Another important aspect of the invention is the formulation
Feb. 3, 2005
US 2005/0027649 A1
After the answers to each question are mapped to lists of
event types (each list corresponding to one answer to each
question), the resultant event is determined by ?nding the
event types that are common to all mappings. Preferably
only one event type results from the elimination process. In
a second embodiment, there can be additional logic recog
niZing that choices to previous questions can in some cases
limit the ?eld of possible answers to successive questions.
Disallowed answers to successive questions can be disabled
or removed. For example, some of the list of possible
answers can be “grayed out” such that they are still visible
to the user, but inactive and not available for selection. Or,
the logic could cause the list of possible answers to succes
sive questions to become truncated depending on one or
more previous answers or combinations of previous
answers.
[0029]
THE FIVE QUESTIONS WITH ANSWERS OF
THE PREFERRED EMBODIMENT
[0033]
[0035] Employee (external); Client; Member of Gen
eral Public (“External Person”)/Anybody;
[0036] Computer or Data System (while operated
correctly); Hacker; Terrorist/Activist;
[0037] Partner, Co-Venturer; External Force (Natu
[0038]
[0039] Answers (choices): Personal Bene?t; Non
Financial Personal Bene?t/Motive (Including politi
cal bene?t, personal desire to in?ict malicious dam
age or deprivation of others’ personal rights, etc.);
attribute, of the event. For each question only one possible
Bene?t to Firm (To get or maintain business,
improve the terms of a transaction, avoid competi
tion, etc., even if initiator moved by hope or larger
bonus, etc.); Bene?t to Another Firm; No Bene?t
answer may be selected. Once selected, each answer can be
[0030]
ral); External Force (Infrastructure); or Don’t Know.
Question 2: What was Bene?t to Initiator? (What
was Initiator’s action directed to achieve?);
Each question prompts the user for an answer, or
mapped to a list of event types. The mapping associates the
chosen answer (or attribute) with standardiZed events cor
relating to that answer. The lists of event types that correlate
to each answer can be pre-determined by experts in the ?eld
of risk management.
Question 1: Who (What) Initiated the Event?
[0034] Answers (choices): Employee (internal);
Employee (Internal) with Confederates;
Intended/Mistake; or Don’t Know.
[0040] Question 3: Who (what) was Impacted?
[0041] Answers
(choices):
Firm/Shareholders;
Employee; Client; Another Firm; Member of Gen
FIG. 5 shows one embodiment of a user interface
50 according to the invention. The questions are displayed,
for example, as question 1 51. Pull down menus, as for
example the list of choices 52 for the answer to question 1
eral Public/Anybody; Regulatory/Public or Govern
mental Interest; Multiple; or Don’t Know.
[0042] Question 4: What was Nature of Impact? (select the
(not shown pulled down with the choices showing). In this
embodiment, after answering ?ve questions, the user selects
most speci?c that applies)
[0043] Answers (choices): Financial (direct); Finan
cial (indirect, to client/3rd Party); Trading/Market
the screen button “Find Event Type Matches”54 to ?nd the
common event type from the mapped lists of possible event
types corresponding to the answer chosen for each question.
The common event is then displayed in results window 53.
Impact; Physical Injury; Human, Personal, Privacy
Rights; Physical or Intellectual Property Loss/Dam
age; Fine/Penalty; Failed Recourse; Multiple; or
Don’t Know.
[0031] FIGS. 6A-6G show the mappings from answers
1-5 to lists of event types according to the preferred embodi
ment. Here the event typer is optionally referred to in one
embodiment as the corporate operational risk (COR) event
typer. For each question, the party seeking to type an event
is permitted to choose only one answer. For each answer
chosen, FIGS. 6A-6G show the mapping to a list of event
types that correspond to the answer for a given question. The
order in which the questions are asked and answered is
unimportant. At the completion of the questions, the result
ant event type or types are those events that are common to
all of the mappings. In other words for an event type to be
the functional result as the standardiZed event type for the
characteriZation of a particular risk event, that type must
have appeared in all of the mappings from the answers to the
?ve questions.
[0032] The inventors discovered that ?ve questions can be
sufficient to yield the correct standardiZed event types for all
risk events that have been considered to date. The ?ve
questions of the preferred embodiment provide answers that
become the attributes of the event. The ?ve questions of the
preferred embodiment are: 1) Who initiated the risk event?
[0044]
Question 5: What was the Initiator’s role/level of
responsibility/legal duty in the event? (select the most
speci?c that applies) Answers (choices): Member of General
Public/Ordinary CitiZen; Ordinary Contractual/Commercial
Counterparty; Employee Conducting Internal, Non-Fidu
ciary Task;
[0045] Employer; Party to Speci?cally Negotiated
Contract; Under Duty to Disclose/Offer Suitable
Deals; Investment Manager/Fiduciary/Trustee/Duty
of Care; Vicarious Responsibility for employee,
agent, etc; No Role or Responsibility; or Don’t
Know.
EXAMPLES
[0046] The following 14 examples illustrate answers to the
5 questions regarding exemplary risk events and the event
types selected for those scenarios by one embodiment of the
event typer. It is to be understood that these scenarios are not
intended to limit the nature of risk event scenarios that can
be typed by the event typer, but are merely illustrative of the
typing process.
[0047] For the ?rst example, the mapping process is
shown in detail. The answers to the ?ve questions are
2) What was the bene?t to the initiator? 3) Who or what was
impacted by the event? 4) What was the nature or the
mapped to possible event types using the mapping tables of
impact? 5) What was the initiator’s role or duty?
event type lists are found to yield one or more (preferably
FIG. 6. Then the common event types of the ?ve mapped
Feb. 3, 2005
US 2005/0027649 A1
one) standardized event type(s) suitable to describe that
particular occurrence of a risk event. The same principle of
In another embodiment, the user can be informed of the
proper event type as soon as only one event type has been
selection applies to the remainder of the examples and Whilst
not shoWn, can be conveniently derived from the FIG. 6
identi?ed and can be relieved of ansWering the remainder of
the questions. Of course there may situations yielding no
tables as is done in the ?rst tWo examples.
event type (null set) after all of the questions are ansWered,
and this situation too, can be informative. Anull ansWer may
Example 1
mean there is a yet unde?ned risk event, or it can mean that
cise an expiring option, the client representative became
the event presented no risk at all to the entity typing its oWn
risks.
distracted and failed to make the call. The client refused to
[0061] It should also be noted, that an important advantage
recognize the exercise When it Was ?nally made several
hours late.
of attribute models is that the attributes for each risk event
can be stored aWay inde?nitely. This can be particularly
[0048]
Although noti?ed in advance of the need to exer
[0049]
Question 1: Who (What) Initiated the Event?
[0050] =>AnsWer (A1): Employee (Internal)
[0051] A1 mapping to possible event types: Theft/Fraud
(internal); UnauthoriZed Trading; Personal Safety;
Employee Relations; Diversity/Discrimination; Malicious
Damage; Disclosure, Suitability & Fiduciary; Improper
Business Practices (by ?rm); Tax Violation; Advisory
Activities; Sponsorship & Selection; Regulatory Monitor
ing/Reporting; Transaction Processing; and Client Account
Error.
[0052] After only ansWering one question, the list of
possible event types is as listed above, and cannot yet be
further limited.
[0053]
Question 2: What Was Bene?t to Initiator? (What
Was Initiator’s action directed to achieve?)
[0054] =>AnsWer
No Bene?t Intended/Mistake
A2 mapping to possible event types: Personal
Safety; Natural Disaster; Regulatory Monitoring/
Reporting; Transaction Processing; Client Account
Error; and System Failure.
[0055] After ansWering the second question, a number of
proffered event types that resulted from the A1 mapping can
advantageous if the de?nitions of standardiZed event types
change. In the case of such a change, all of the prior events,
along With their attributes can be run through a program (a
neW set of rules or mappings) to change the events according
to the neW rules. It can thus be seen that had all of the
questions in this example not been ansWered, even Where
unnecessary under the prevailing model, later re-classi?ca
tion of prior events might be impossible.
[0062]
As event types have been narroWed to one at
question 3, it might be unnecessary to continue With this
example, but as just discussed, it can still be useful to assign
all ?ve attributes to a given risk event. Therefore We
continue the example 1 illustration With Question 4:
[0063]
Question 4: What Was Nature of Impact? (select the
most speci?c that applies)
[0064] =>AnsWer (A4): Financial (direct)
[0065]
The event types mapped to A4are: Theft/Fraud
(external); Theft/Fraud (internal); Information Security;
Employee Relations; Terrorism/Political; Malicious Dam
age; Improper Business Practices (by ?rm); Improper Busi
ness Practices (as victim); Tax Violation; Transaction Pro
cessing; and System Failure.
noW be eliminated as possible event types for this risk event
[0066] It can be seen that Transaction Processing remains
as the single selected event type for this risk event folloWing
occurrence: A1 mapping to possible event types reduced by
question 4.
the A2 mapping (all ansWers not shoWn in A2 are elimi
nated): Personal Safety, Regulatory Monitoring/Reporting,
Transaction Processing, Client Account Error.
[0056] Question 3: Who (What) Was Impacted?
[0057] =>AnsWer
Firm/Shareholders
[0058] According to FIG. 5C, A3maps to possible event
types: Theft/Fraud (external); Theft/Fraud (internal); Unau
thoriZed Trading; Information Security; Natural Disaster;
Terrorism/Political; Malicious Damage; Improper Business
[0067] Question 5: What the Initiator’s role/level of
responsibility/legal duty in the event? (select the most
speci?c that applies)
[0068] =>AnsWer
Employee Conducting Inter
nal, Non-Fiduciary task.
[0069]
The possible event types that map to A5are: Theft/
Fraud (external); Theft/Fraud (internal); UnauthoriZed Trad
ing; Information Security; Diversity/Discrimination; Terror
ism/Political; Malicious Damage; Improper Business
Practices (by ?rm); Improper Business Practices (as victim);
Sponsorship & Selection; Transaction Processing; System
Monitoring/Reporting;
failure; and Vendor Dispute.
Account Error; and System Failure.
[0059]
[0070] Again, the only surviving event type in common
With all ?ve lists is Transaction Processing. And, because
Transaction Processing exists in all ?ve lists, the null set
While the comparisons and reductions can be done
in various Ways as Will be apparent to those skilled in the art,
for illustrative purposes, the elimination process can
progress by continuing to eliminate possible event types
from the original (noW reduced) A1 list: Transaction Pro
cessing.
[0060] Here it can be seen that after ansWering only three
of the ?ve questions, the proper event type has been selected.
In one embodiment of the invention, the comparison process
is not done until after all ?ve questions have been ansWered.
Practices (by ?rm); Sponsorship & Selection; Regulatory
Transaction Processing;
Client
ansWer is avoided.
Example 2
[0071] A terminated employee ?led suit, claiming she Was
guaranteed a salary and bonus during the year. But in fact
she Was dismissed in a merger-related doWnsiZing and
offered a smaller severance package. A1: Employee (Inter
Feb. 3, 2005
US 2005/0027649 A1
(indirect, to client/3rd Party) Task; A5: Employer—Event
Type: Employee Relations.
No member of the bank pro?ted personally from the illegal
activity. A1: Employee (Internal); A2: No Bene?t Intended/
Mistake; A3: Regulatory/Public or Governmental Interest;
Example 3
A4: Fine/Penalty; A5: Employee Conducting Internal, Non
Fiduciary Task—Event Type: Regulatory, Monitoring &
nal); A2: Bene?t to Firm; A3: Employee; A4: Financial
[0072] Aretail employee used the bank’s “house account”
Reporting
system to open a checking account. He diverted tWo incom
ing Wire transfers into the account, quickly moving the
Example 10
proceeds to an offshore repository. He then boarded a plane
[0079] The bank sues a competitor for utiliZing trade
secrets provided it by an employee Who the information With
him When he left the ?rm. A1: Employee (External); A2:
Bene?t to Another Firm; A3: Firm/Shareholders; A4: Intel
and left the country. The employee’s present Whereabouts
are unknoWn. A1: Employee (Internal); A2: Personal Ben
e?t; A3: Firm/Shareholders; A4: Financial (direct); A5 :
Employee Conducting Internal, Non-Fiduciary Task—Event
Type: Theft/Fraud (Internal).
Example 4
[0073] A squirrel strayed into the main poWer grid for the
northeastern United States, electrocuting itself and causing
a six-hour poWer blackout. Money Was lost When several
partially executed trades Were later completed at different
market prices. A1: External Force (natural); A2: No Bene?t
Intended/Mistake; A3: Firm/Shareholders; A4: Trading/
Markets Impact; A5: No Role or Responsibility—Event
Type: Natural Disaster.
lectual Property Loss; A5: Ordinary Contractual/Commer
cial Counter party—Event Type: Improper Business Prac
tices (?rm as victim) Or, one could also look at this as
employee theft.
Example 11
[0080] In 2001, employees of an armored car service that
?lled ATM machines for multiple banks in the southWest
region of the US, diverted $203,000 for their oWn use. A1:
Employee (External); A2: Personal Bene?t; A3: Firm/Share
holders; A4: Financial (direct); A5: Employee Conducting
Internal, Non-Fiduciary Task—Event Type: Theft/Fraud
Example 5
[0074] Holdings in a private banking client’s managed
(external).
investment account exceeded the agreed-upon limit for
high-yield paper. Client account losses Were reimbursed. Al:
[0081] Abrokerage ?rm pays $6M to settle claims regard
ing allegations that real estate limited partnership offering
Employee (Internal); A2: Bene?t to Firm; A3: Client; A4:
Financial (indirect, to 3rd party); A5: Inv. Manager/Fidu
ciary/etc.—Event Type: Disclosure, Suitability & Fiduciary.
Example 6
Example 12
materials omitted to state material facts. A1: Employee
(Internal); A2: Bene?t to the Firm; A3: Client; A4: Financial
(indirect, to 3rd party); A5: Under Duty to Disclose/Offer
Suitable Deals—Event Type: Disclosure, Suitability & Fidu
c1ary.
[0075] A computer hacker gained access to the banks
credit card records and obtained enough information to
commit “identity theft” on several clients. Recognizing its
failure to effectively prevent access, the bank absorbed the
resulting losses. A1: Hacker; A2: Personal Bene?t; A3:
Client; A4: Financial (indirect, to 3rd party); A5: Not
Sure—Event Type: Info/Systems Security.
Example 7
[0076] A trader sold securities oWned by the bank at a
price that Was $500,000 beloW market value, to a company
in Which she had a personal interest. The company imme
Example 13
[0082] Aregional US bank agrees to pay a civil penalty to
the State of California for not dealing properly With the
testing Wastes created by the bank’s environmental consult
ant at a borroWer’s property A1: Employee (Internal) [inc.
Agents]; A2: No Bene?t Intended/Mistake; A3: Regulatory/
Public or Governmental Interest; A4: Fine/Penalty; A5 : Not
Sure/Not Applicable—Event Type: Regulatory, Monitoring
& Reporting.
Example 14
diately re-sold the securities at fair value and made $500,
000. A1: Employee (Internal); A2: Personal Bene?t; A3:
Firm/Shareholders; A4: Trading/Market Impact; A5:
[0083] A court ?nds that a ?nancial institution created a
“hostile environment” that led to sexual discrimination
Employee Conducting Internal, Non-Fiduciary Task—Event
Type: UnauthoriZed Trading.
“escort girls” to a ?rm Christmas party, referring to female
Example 8
employees as “hot totty,” etc. A1: Employee (Internal); A2:
Non-Financial Personal Bene?t/Motive; A3: Employee; A4:
Human, Personal, Privacy Rights; A5: Member of General
[0077] The bank faces NASD ?nes for taking excessive
commissions from big investors for IPO shares. A1:
Employee (Internal); A2: Bene?t to Firm; A3: Client; A4:
Financial (indirect, to 3rd party); A5 : Ordinary Contractual/
Commercial Counter party—Event Type: Improper Busi
ness Practices (by ?rm).
against the plaintiff, by making sexist comments, inviting
Public/Ordinary CitiZen—Event Type: Diversity/Discrimi
nation.
What is claimed:
1. A method of doing business subject to a risk event
comprising the steps of:
Example 9
[0078] Banking regulators impose a ?ne for failure to
providing questions to solicit ansWers that de?ne
attributes of the risk event;
detect and prevent a series of money laundering transactions.
obtaining the ansWers to the questions;
Feb. 3, 2005
US 2005/0027649 A1
inputting the answers into a computer programmed to: 1)
store the answers in the form of the attributes of the risk
event, 2) map each answer to a list of possible event
types corresponding to each answer, thereby generating
a mapped list for each answer, and 3) compare the
mapped lists to determine an event type of the risk
event; and
taking action based on the determined event type.
2. The method of claim 1 wherein the computer is
programmed to provide a user interface for providing the
questions to an event reporter, and for receiving the answers
to the questions from the event reporter, wherein each of the
questions have only one answer that can be selected from a
list of answers for the question, and wherein the selected
answer becomes an attribute assigned to the risk event being
reported.
3. The method of claim 1 wherein the computer is
programmed to store the answers in the form of attributes of
the event including, who or what initiated the event, what
was the bene?t to the initiator, who or what was impacted by
action by and employee, illegal action by the organiZation,
and failure to take a required action.
13. A computer-assisted method of categoriZing a risk
event comprising the steps of:
providing questions to solicit answers that de?ne
attributes of the risk event;
obtaining the answers to the questions;
inputting the answers into a computer programmed to: 1)
store the answers in the form of the attributes of the risk
event, 2) map each answer to a list of possible event
types, thereby generating a mapped list for each
answer, and 3) compare all of the mapped lists to
determine an event type of the risk event; and
displaying the event type.
14. A system for typing risk events comprising:
a computer programmed for event typing;
a user interface for posing questions regarding an event to
an event reporter, and for receiving responses to the
the event, the nature of the impact, and the initiator’s role in
questions from the event reporter, each of the questions
the event.
having only one answer that can be selected from a list
4. The method of claim 1 wherein the taking action
comprises taking action based on a statistical analysis of past
typed events, including the risk event.
5. The method of claim 1 wherein the taking action
comprises taking preventive steps to reduce events of the
event type.
6. The method of claim 1 wherein the step of providing
of answers for the question, wherein the selected
questions further comprises providing a question regarding
who or what initiated the event.
7. The method of claim 1 wherein the step of providing
questions further comprises providing a question regarding
what was the bene?t to the initiator.
8. The method of claim 1 wherein the step of providing
questions further comprises providing a question regarding
who or what was impacted.
9. The method of claim 1 wherein the step of providing
answer becomes an attribute assigned to the event
being reported;
a look up table to generate a list of mapped possible event
types for each answer;
wherein the programmed computer selects one or more
event types common to the lists of mapped possible
event types, and a user of the system takes an action
based on the event type presented by the system.
15. The system of claim 14 further comprising a non
volatile memory.
16. The system of claim 15 wherein the memory records
the attributes associated with the event.
17. The system of claim 15 wherein the memory records
events, attributes and statistics regarding recorded event
questions further comprises providing a question regarding
types.
the nature of the impact of the event.
10. The method of claim 1 wherein the step of providing
18. The system of claim 14 wherein the questions com
prise one or more questions regarding the event selected
questions further comprises providing a question regarding
from the group of questions consisting of: who initiated the
the initiator’s role and level of responsibility and legal duty
event, what was the bene?t to the initiator, who was
in the event.
impacted, what was the damage to the impacted party, and
what was the initiator’s role/responsibility regarding the
11. The method of claim 1 wherein the computer is
programmed to map each answer to a list of possible event
types that include one or more of the following event types:
impacted party.
theft/fraud, unauthoriZed trading, information security, per
types for each answer comprise one or more event types
19. The system of claim 14 wherein the possible event
sonal safety, employee relations, diversity/discrimination,
selected from the group of event types consisting of: theft/
natural disaster, terrorism/political, malicious damage, dis
closure suitability & ?duciary, improper business practices,
taX violation, advisory actions, sponsorship & selection,
regulatory monitoring/reporting, transaction processing, cli
fraud, unauthoriZed trading, information security, personal
safety, employee relations, diversity/discrimination, natural
disaster, terrorism/political, malicious damage, disclosure
suitability & ?duciary, improper business practices, taX
violation, advisory actions, sponsorship & selection, regu
latory monitoring/reporting, transaction processing, client
ent account error, system failure, vendor dispute, and event
type “unknown”.
12. The method of claim 1 wherein the risk event com
prises one of the events selected from the group consisting
of third party theft, employee theft, third party fraud,
employee fraud, natural disaster, physical injury, illegal
account error, system failure, vendor dispute, and event type
“unknown”.