WO2004003811A1 - Risk management customer registry - Google Patents

Risk management customer registry Download PDF

Info

Publication number
WO2004003811A1
WO2004003811A1 PCT/US2003/019242 US0319242W WO2004003811A1 WO 2004003811 A1 WO2004003811 A1 WO 2004003811A1 US 0319242 W US0319242 W US 0319242W WO 2004003811 A1 WO2004003811 A1 WO 2004003811A1
Authority
WO
WIPO (PCT)
Prior art keywords
customer
certification
financial institution
risk
information
Prior art date
Application number
PCT/US2003/019242
Other languages
French (fr)
Inventor
David Lawrence
Original Assignee
Goldman, Sachs & Co.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Goldman, Sachs & Co. filed Critical Goldman, Sachs & Co.
Priority to AU2003251558A priority Critical patent/AU2003251558A1/en
Publication of WO2004003811A1 publication Critical patent/WO2004003811A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • This invention relates generally to a method and system for facilitating the identification, investigation, assessment and management of legal, regulatory, financial and reputational risks, hi particular, the present invention relates to a computerized system and method for banks and non-bank financial institutions to comply with know your customer requirements associated with a financial transaction initiated by a primary bank on behalf of a customer.
  • Government regulations authorize a broad regime of record-keeping and regulatory reporting obligations on covered financial institutions as a tool for the federal government to use to fight drug trafficking, money laundering, and other crimes.
  • Bank and non-bank financial institutions including: investment banks; merchant banks; securities firms, any insured bank (as defined in section 3(h) of the Federal Deposit Insurance Act (12 U.S.C.
  • KYC obligations may be particularly difficult to meet in a situation where a financial institution that will take an action on behalf of a customer of an intermediary financial institution.
  • Situations can arise, for example, where an intermediary financial institution may wish to provide a service or product to a customer of intermediary financial institution but not be able to provide the service themselves.
  • the action can include, for example, a request to open an account, execute a financial transaction or take some other action.
  • the intermediary financial institution may approach a Primary Financial Institution and request that the Primary Financial Institution provide the necessary service.
  • the Primary Financial Institution may have a working relationship with the intermediary financial institution, but not have any knowledge of the ultimate customer. Taking an action on behalf of an unknown customer can result in an increase in Risk for the Primary Financial Institution.
  • What is needed is a method and system to minimize Risks associated with conducting transaction on behalf of a customer of an intermediary financial institution, coordinate and administer a certification that can receive and present information about a customer to any financial institution that will act on behalf of the customer.
  • Compiled certification information should be situated in a known resource from which it can be conveyed to a compliance department or government entity and also be able to demonstrate to regulators that a Financial Institution has met standards relating to risk containment.
  • the present invention provides methods and systems for managing Risk associated with a financial account initiated by an Intermediary institution.
  • a computerized system can coordinate and administer a certification that can receive and present information about a customer to a financial institution requested to act on behalf of the customer.
  • Compiled certification information should be situated in a known resource from which it can be conveyed to a compliance department or government entity and also be able to demonstrate to regulators that a Financial Institution has met standards relating to risk containment.
  • Risk related information descriptive of a customer of the Intermediary can be registered with a neutral entity and organized into a certification associated with the customer.
  • An instruction can be received to convey the certification associated with the customer to a Primary Financial Institution after which the certification can be conveyed to the Primary Financial Institution.
  • Embodiments can include various ways to convey the certification, such as, for example, providing an indicator identifying the customer to the Primary Financial Institution and a network address at which the certification associated with the customer can be accessed. Access to the certification identified with the customer identification can also be authorized for the particular Primary Financial Institution.
  • embodiments can include performing a risk management clearinghouse search related to the customer and conveying the results of the risk management clearinghouse search to the Primary Financial Institution, such as, for example, with the conveyance of the certification.
  • the action relating to a financial account initiated by an Intermediary can include, for example: opening a financial account; transferring funds, investing funds or other type of transaction.
  • embodiments can include ascertaining the completeness of the certification, such as by the neutral entity.
  • embodiments can also include, keeping the name of the customer anonymous to the Primary Financial Institution. If it is appropriate, embodiments can include receiving updated information relating to the certification and transmitting the updated information to a Primary Financial Institution that had previously received a certification relating to the customer.
  • conveying the information descriptive of a customer can include storing the certification on a resource accessible via a particular network address and associating the certification with an identifier unique to the customer. The identifier and the network address can be transmitted to the Primary Financial Institution such that the Primary Financial Institution can access the resource and identify an appropriate certification.
  • an Intermediary Financial Institution information descriptive of a customer can be registered with a neutral entity, such as a risk management clearinghouse.
  • a neutral entity such as a risk management clearinghouse.
  • the Intermediary can also issue an instruction to a neutral entity with information descriptive of a customer to convey the information to the Primary Financial Institution.
  • inventions of the present invention can include a computerized system, executable software, or a data signal implementing the inventive methods of the present invention.
  • the computer server can be accessed via a network access device, such as a computer.
  • the data signal can be operative with a computing device, and computer code can be embodied on a computer readable medium.
  • Fig. 1 illustrates a block diagram that can embody the present invention.
  • Fig. 2 illustrates a network of computer systems that can embody an Intermediary Registry.
  • Fig. 3 illustrates a flow of exemplary steps, from the perspective of an Intermediary, which can be executed while implementing the present invention.
  • Fig. 4 illustrates a flow of exemplary steps, from the perspective of a risk management clearinghouse, which can be executed by a user while implementing the present invention.
  • Fig. 5 illustrates a flow of exemplary steps, from the perspective of updating information, which can be executed by a user while implementmg the present invention.
  • Fig. 6 illustrates a flow of exemplary steps relating to a certification available via a network resource, the steps can be executed by a user while implementing the present invention.
  • Fig. 7 illustrates a flow of exemplary steps relating to accessing a certification on a network resource that can be executed by a user while implementing the present invention.
  • Fig. 8 illustrates an exemplary graphical user interface that can implement various aspects of the present invention.
  • Fig. 9 illustrates an exemplary data structure that can be utilized to implement certain aspects of the present invention.
  • the present invention includes methods and systems for facilitating the transfer of information relating to risk management and KYC obligations.
  • the present invention includes methods and systems for conveying information descriptive of a customer whose relationship with a Primary Financial Institution results from interaction with an Intermediary entity.
  • an Intermediary can include any Financial Institution or other entity that requests that a Primary Financial Institution provide a service or product on behalf of a customer of the Intermediary.
  • a Primary Financial Institution can include any Financial Institution approached by the Intermediary to provide such product or service.
  • Financial Institution refers to any person, entity, company, co ⁇ oration or statutory "person" in the business of providing Financial Transactions.
  • a Financial Institution can collectively and individually include: Bank and non-bank financial institutions, including: investment banks; merchant banks; commercial banks; securities firms, including broker dealers securities and commodities trading firms; asset management companies, other hedge fund s, mutual funds, credit rating funds, securities exchanges and bourses, institutional and individual investors, law firms, accounting firms, auditing firms, any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Act of 1956, and other entities subject to legal and regulatory compliance obligations with respect to money laundering, fraud, corruption, terrorism, organized crime, regulatory and suspicious activity reporting, sanctions, embargoes and other regulatory risks and associated obligations.
  • Financial Transaction refers to any action that anticipates a transfer of money from a first set of one or more Transaction Participants to a second set of one or more Transaction Participants.
  • Examples of Financial Transactions can include: investment and merchant banking, public and private financing, commodities and a securities trading, commercial and consumer lending, asset management, rating of co ⁇ orations and securities, public and private equity investment, public and private fixed income investment, listing to companies on a securities exchange and bourse, employee screening, auditing of co ⁇ orate or other entities, legal opinions relating to a co ⁇ orate or other entity, or other business related transactions; a transaction involving any transfer of funds and: an insurance company, a credit card issuer, a trading exchange, a government regulator, a law enforcement agency, an investment and/or merchant bank, public and private financing, commodities and securities trading, commercial and consumer lending, asset management, a rating of co ⁇ orations and securities, public and private equity investments, public and private fixed income investments, the listing of companies on securities exchanges and bourses; and employee screening.
  • Intermediary
  • Informational Artifact refers to a media item that contains information that can be inte ⁇ reted into a humanly ascertainable form.
  • Examples of Informational Artifacts include: a document, a news article, a news feed portion, a video segment, a newscast, a report, an agency listing, a list, a government publication, other identifiable publication, a sound byte, a sound recording, or other media item.
  • Primary Financial Institution refers to a Financial Institution executing a Financial Transaction.
  • Risks associated with a financial transaction can include factors associated with security risk, financial risk, legal risk, regulatory risk and reputational risk.
  • a Security Risk refers to breach of a safety measure that may result in unauthorized access to a facility; unauthorized access to data; physical harm, including threat of immediate risk of harm to a person or goods.
  • Financial Risk refers to factors indicative of monetary costs that the Risk Bearing Institution or a Transaction Participant may be exposed to as a result of a particular Financial Transaction. Monetary costs can be related to fines, forfeitures, costs to defend an adverse position, lost revenue, or other related potential sources of expense.
  • Regulatory Risk refers to factors that may cause the Risk Bearing Institution or Transaction Participant to be in violation of rules put forth by a government entity or regulatory agency.
  • Reputational risk relates to harm that a Risk Bearing Institution or Transaction Participant may suffer regarding its professional standing in an industry or the public eye.
  • a Risk Bearing Institution and Transaction Participant can suffer from being associated with a situation that may be inte ⁇ reted as contrary to an image of diligence, honesty and forthrightness.
  • Risks may be related to the duty to disclose material information, to report and possibly prevent: fraud, money laundering, foreign corrupt practices, bribery, embargoes and sanctions. Timely access to relevant data on which to base a regulatory or reputational Risk related action can be critical to conducting business and comply with regulatory requirements such as those set forth by the Patriot Act in the United States .
  • RMC Risk Management Clearinghouse
  • RMC refers to computerized systems and methods for managing Risks and associating information and/or informational artifacts useful for quantifying Risk with a Risk subject, as more fully described in the related patent applications: 10/074,584 entitled “Risk Management Clearinghouse” filed February 12, 2002, and U.S. Patent Application No. 10/021,124 entitled “Risk Management Clearinghouse” filed October 30, 2001.
  • Risk Quotient refers to a quantitative value of an amount of Risk, a Risk Quotient can be based upon a weighted algorithm applied to the Risk criteria and informational artifacts.
  • Subscriber refers to any person or entity authorized to access an
  • Transaction Participant refers to a person who will partake in a Financial transaction.
  • a neutral entity such as a risk management clearinghouse (RMC) 106
  • RMC risk management clearinghouse
  • a neutral entity can act as a registry of information relating to a customer of an Intermediary 101-102 by receiving and maintaining certification information 105, such as, for example an Informational Artifact, that is descriptive of a customer 103-104 and related to the management of Risks.
  • a neutral entity can be any entity that is not under the control of either the Intermediary or the Primary Financial Institution.
  • a neutral entity may, for example, be under a contractual obligation to an Intermediary or Primary Financial Institution, but will generally be able to operate independently and not be under obligation to act upon managerial instruction initiated by either the Intermediary or the Primary Financial Institution.
  • An RMC 106 or other neutral entity can register information by receiving the information and associating the information with an identifier of a customer. Association of information can be according to any available technique, such as a relational or hierarchical database, key fields, indexing or other methods.
  • One or more certifications 109 containing predefined fields of information descriptive of a customer 103-104 can be made available to a Primary Financial Institution 107 or other subscriber 108 who wishes to act responsive to needs or requests of the customer 103-104.
  • a certification 109 can be useful to manage risk by fulfilling KYC obligations, such as those set forth by the Financial Action Task Force (FATF), the USA PATRIOT Act or other authority or obligation.
  • FATF Financial Action Task Force
  • USA PATRIOT Act or other authority or obligation.
  • an Intermediary may request that a Primary Financial Institution open an account and/or execute a financial transaction on behalf of a customer of the Intermediary.
  • a financial account can be an account for investing, trading, transferring, receiving or otherwise handling finances.
  • the Intermediary 101-102 can arrange for pertinent information, such as, for example, in the form of certificate information 105, to be put on record with an RMC 106, and authorize the RMC 106 to transmit, or otherwise release to the Primary Financial Institution the certificate information 105.
  • the release of the information 105 can take the form of a predefined certification 109 containing information useful to ascertaining a level of Risk that may be associated with performing a transaction for the customer, such as, for example, information routinely requested during an account opening procedure, or other more general information.
  • a predefined certification 109, or other release of information 105 can include information relating to any risk variable, such as, for example: data that can cause a risk level to change; identification of who is a beneficiary to a transaction; a sovereign state involved; a geographic area involved; citizenship of the customer; a shell bank involved; a correspondent account involved; a political figure or a person close to a political figure; a history of fraud, embargoes, sanctions, or other compromising situation; or other information.
  • Some embodiments can include a database with data fields to hold information included in the certification 109.
  • the database fields can include datum which identify a home and business address for the customer; an employer of the customer; a means of identification, such as a passport, driver's license, birth certificate, or other official document, as well as data gleaned form such a document, such as a numeric identifier; a history of criminal convictions or investigations; a date of birth; a place of birth; parents names and citizenship; alternate names the customer has ever been known by, any association with specific organizations listed; any family members associated with specific organizations; or other information.
  • a means of identification such as a passport, driver's license, birth certificate, or other official document, as well as data gleaned form such a document, such as a numeric identifier; a history of criminal convictions or investigations; a date of birth; a place of birth; parents names and citizenship; alternate names the customer has ever been known by, any association with specific organizations listed; any family members associated with specific organizations; or other information.
  • Some embodiments can include a document image of certification 109, such as for example, a .pdf file created with Adobe Acrobat, or other image.
  • images can be desirable because the image can convey a document as submitted and diminish any probability of information being compromised.
  • Other risk variable information relating to the customer can include whether the customer 103-104 is listed on, or otherwise associated with an entity listed on, a formalized list generated by an authority, such as, for example: a list generated by the Office of Foreign Assets Control (OF AC) including their sanction and embargo list, a list generated by the U.S. Commerce Department, a list of international "kingpins" generated by the U.S. White House, foreign Counte ⁇ art list, U.S. regulatory actions or other information source such as a foreign government, U.S. adverse business- related media reports, U.S. state regulatory enforcement actions, international regulatory enforcement actions, international adverse business-related media reports, a list of politically connected individuals or politically identified persons, a list of military leaders, a list of U.S.
  • an authority such as, for example: a list generated by the Office of Foreign Assets Control (OF AC) including their sanction and embargo list, a list generated by the U.S. Commerce Department, a list of international "kingpins" generated by the U
  • Court records or other references relating to fraud, bankruptcy, professional reprimand or a rescission of a right to practice, suspension from professional ranks, disbarment, prison records or other source of suspect behavior can also be an important source of information.
  • FATF Financial Action Task Force
  • Court records or other references relating to fraud, bankruptcy, professional reprimand or a rescission of a right to practice, suspension from professional ranks, disbarment, prison records or other source of suspect behavior can also be an important source of information.
  • Of additional interest can be information indicative that a customer is not a high risk, such as, a list of co ⁇ orations domiciled in a G-7 country, or a list of entities traded on a major exchange.
  • a RMC search can include a search of the risk variable information and sources listed above and any other information source related to Risks that can be made available to a data search. Results of a risk management clearinghouse search can be included with other information gathered that relates to a customer.
  • Some embodiments can include a predefined certification 109.
  • the predefined certification 109 can include predetermined or standardized fields of information. Standards can be useful in that all parties in setting industry norms and accepted practices.
  • a RMC 106 or other neutral entity can perform a check to ascertain that all agreed upon information has been included in the customer certificate information 105 received and a certification 109 generated is complete.
  • Still other embodiments can allow the veracity and completeness of certificate information 105 to be left to efforts of the source of the information and not to the RMC 106, wherein the RMC 106 acts as a gatherer and compiler of information.
  • Another variation can include supplying information and/or informational artifacts which are supportive of the veracity of information supplied in a certification 109.
  • Still additional embodiments can allow the RMC 106 to guarantee or otherwise vouch for accuracy of information supplied.
  • Some embodiments can also include a certification 109 with an indication that a customer 103-104 has been researched by a RMC 106 according to predetermined procedures involving specified queries of predetermined risk variable sources, such as those listed above.
  • Variations can include information identifying a customer, or allow the name of a customer 103-104 to remain anonymous to the Primary Financial Institution 107 or other subscriber 108, wherein the subscriber 107-108 will only receive answers to specific questions relating to the customer 103-104 or an indication that a query of risk variables associated with the customer 103-104 has not returned any results representative of a high risk.
  • a customer 103-104 may be identified by a customer ID number or other identifier that may not be significant outside of the relationship between the Intermediary 101-102 and the subscriber 107- 108.
  • Predetermined procedures that result in a risk management certificate can include a search of risk variables, such as those listed above, which relate to a customer 103-104.
  • results from a risk variable search can be forwarded to the subscriber financial institution 107-108 and/or the Intermediary 101- 102 involved.
  • Results can include, for example, informational data, Informational ⁇ Artifacts, a summary of the contents of Informational Artifacts, images, or other data.
  • Embodiments can also include a statement or other indication from the RMC 106 indicating that a search has been conducted, the terms of the search and an indication of the results of the search.
  • the indication of the results of the search can include for example, a quantitative value, such as a Risk Quotient, which is indicative of an amount of Risk that is associated with a particular Financial Transaction, Transaction Participant or other risk subject.
  • Embodiments can also allow the indication of the results to include a subjective rating of an amount of risk and/or an objective statement describing the search results.
  • a subscriber rating can include, for example, a risk quotient or other scaled rating of risk.
  • An objective statement can include, for example, listed terms that were searched and an indication that no negative material was returned from the search. Essentially, the objective statement can be packaged as an indication that the RMC 106 has not discovered any reason, from a risk management standpoint, not to proceed with a transaction involving the customer 103-104.
  • Terms that are searched can include, sources of information for risk variable related information such as government lists and the like, such as those listed above. Terms can also include phrases, words, relationships and other criteria utilized in a query and any data scrubbing variations that may have been utilized. An Intermediary 101-103 can also agree that it will notify an RMC 106 and/or any subscribers 107-108 of any change in facts or circumstances previously certified or contained in certification information 105.
  • a RMC 106 can perform an alert service that will periodically or continuously, search on terms related to a customer 103-104, or a risk variable related to a customer 103-104, and notify an interested party, such as, for example, a subscriber 107-108 or an Intermediary 101- 102 of any newly discovered information relating to the customer 103-104.
  • a Primary Financial Institution 107 that is on record with an RMC 106 as being interested in a customer can receive delivery of information relating to a customer via an electronic document, remotely printed document, facsimile, or hardcopy generated and physically delivered or other means.
  • a RMC 106 can also be utilized to notify appropriate parties of administrative obligations such as, for example, notice of a change in facts contained in a certification 109.
  • Risk management procedures can establish that reporting information required to generate a certification 109 is voluntary for a customer 103-104; however failure to provide information necessary to complete a certification 109 may preclude the establishment or continuation of intermediary accounts with the subscriber institution 107 or dealings with another subscriber 108.
  • other subscribers 108 can include, for example: a regulator; a money transfer agency; bourse; an institutional or individual investor; an auditing firm; a law firm; any institution or entity subject to legal and regulatory compliance obligations with respect to money laundering, fraud, corruption, terrorism, organized crime, regulatory and suspicious activity reporting, sanctions, embargoes and other regulatory risks and associated obligations; or other entity.
  • a financial transaction can include investment and merchant banking, public and private financing, commodities and a securities trading, commercial and consumer lending, asset management, rating of co ⁇ orations and securities, public and private equity investment, public and private fixed income investment, listing to companies on a securities exchange and bourse, employee screening, auditing of co ⁇ orate or other entities, legal opinions relating to a co ⁇ orate or other entity, or other business related transactions.
  • Embodiments can include certification information 105 that is received from an Intermediary 101-102 in any form that can accurately convey information necessary to complete a certification 105.
  • information can be input into a graphical user interface (GUI), submitted via hard copy, facsimile, scanned image, or any other form of information conveyance.
  • GUI graphical user interface
  • the RMC 106 can store the certification information 105 and convey it upon request, such as in the form of a certificate generated.
  • certification information 105 can be retrieved by a respondent Primary Financial Institution 107 or other subscriber 108 using any available mechanism for conveying information, including, but not limited to: a scanned image, database record retrieval, a text file, facsimile, hard copy, data stored on a computer readable medium, or other mechanism.
  • Information 105 relating to and included in certifications 109 can be aggregated into a searchable data storage structure. Gathering data into an aggregate data structure, such as a data warehouse, allows a RMC 106 make the data readily available for processing a risk management search associated with a transaction involving a customer 103-104. Aggregated data can also be scrubbed or otherwise enhanced to aid in performing searches.
  • data scrubbing can be utilized to implement a data warehouse comprising the aggregate data structure.
  • Various data scrubbing routines can be utilized to facilitate aggregation of risk variable related information.
  • the routines can include programs capable of correcting a specific type of mistake, such as an incomprehensible street address, or rectify a full spectrum of commonly found database flaws. Rectifying database flaws can include, for example, adjusting field alignment by picking up misplaced data and moving it to a correct field or removing inconsistencies and inaccuracies from like data.
  • scrubbing routines can be directed towards specific legal issues, such as money laundering or terrorist tracking activities.
  • a scrubbing routine can be used to facilitate various different spelling of one name.
  • spelling of names can be important when names have been translated from a foreign language into English.
  • a data scrubbing routine can facilitate risk variable searching for multiple spellings of an equivalent name or other important information.
  • Such a routine can enhance the value of the aggregate data gathered and also help correct database flaws. Scrubbing routines can improve and expand data quality more efficiently than manual mending and also allow a subscriber 107-108 to quantify best practices for regulatory pu ⁇ oses.
  • An automated RMC 106 can include a computerized RMC server 210 accessible via a distributed network 201 such as the Internet, or a private network.
  • a party interested in risk management such as, for example, an Intermediary 101-102, a Primary Financial Institution 107 or other subscriber 108 can use a computerized system or network access device 203-205 to receive, input, transmit or view information processed in the RMC server 210.
  • a protocol such as the transmission control protocol internet protocol (TCP/IP ) can be utilized to provide consistency and reliability.
  • TCP/IP transmission control protocol
  • some embodiments can include a proprietary risk management (PRM) server 211 which can access the RMC server 210 via the network 201 or via a direct link 213, such as a Tl line, digital subscriber line (DSL), or other high speed pipe.
  • the PRM server 211 can in turn be accessed by an affiliated user via a system access device 203-205 and a communications network 201, such as a local area network, or other private network, or even the Internet, if desired.
  • a communications network 201 such as a local area network, or other private network, or even the Internet, if desired.
  • any function or reference to an RMC server 210 can also include a PRM server 211, except that the PRM server 211 can also contain proprietary information that will not be shared outside of an organization except as allowed by prevailing applicable law.
  • a PRM server 211 may be utilized to calculate risk quotients or other subjective valuations which an RMC server 210 may be limited from doing by an RMC provider.
  • a system access device 203-205 utilized to access the RMC server 210 can include a processor, memory and a user input device, such as a keyboard and/or mouse, and a user output device, such as a display screen and/or printer.
  • a system access device 203-205 can communicate with the RMC server 210 to access data and programs stored at the RMC server 210.
  • a system access device 203-205 may interact with the RMC server 210 as if the RMC server 210 were a single entity in the network 200.
  • the RMC server 210 may include multiple processing and database sub-systems, such as cooperative or redundant processing and/or database servers that can be geographically dispersed throughout the network 201.
  • the RMC server 210 can include one or more databases 212 storing data relating to risk management, and in particular to certification of a customer 103- 104 presented by an Intermediary 101-102.
  • the RMC server 210 may interact with and/or gather data from an operator of a system access device 203-205 or other source.
  • client software may include a generic hypertext markup language (HTML) browser, such as Netscape Navigator or Microsoft Internet Explorer, (a "WEB browser").
  • the client software may also be a proprietary browser, and/or other host access sof ware.
  • an executable program such as a JavaTM program
  • Other implementations include proprietary software installed from a computer readable medium, such as a CD ROM.
  • the invention may therefore be implemented in digital electronic circuitry, computer hardware, firmware, software, or in combinations of the above.
  • Apparatus of the invention may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a programmable processor; and method steps of the invention may be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on input data and generating output.
  • customer certification information relating to a customer 103-104 can be received 310 and the customer certification information 105 registered 311 with an RMC 106.
  • Embodiments can also include a customer 103-104 or other entity providing the information directly to the RMC 106.
  • the Intermediary 101-102 can initiate a transaction 312 with a Primary Financial Institution 107 or other subscriber 108 and cause the registered information to be conveyed to the Primary Financial Institution 107.
  • the conveyance of the information can be accomplished by any convenient means of communication.
  • Embodiments include electronic transmission of a customer identifier 313 or other indication descriptive of the customer, to the Primary Financial Institution 107.
  • the Intermediary 101-102 can authorize access 314 to a certification 109 by a subscriber 107-108.
  • the Intermediary 101-102 can also update any customer information 315 and initiate another transaction 312.
  • Embodiments can also include an Intermediary 101-102 causing the information to be transmitted to the Primary Financial Institution 107 or other entity 108.
  • the Intermediary can cause the information to be sent via any available method of communication, such as, an electronic message, a facsimile, a voice message, a batch feed, hardcopy instruction, or other communication.
  • the RMC 106 can receive customer certification information 410 and also receive a request to convey a particular certification 411, from a requestor, such as a request from a Primary Financial Institution 107.
  • a requestor such as a request from a Primary Financial Institution 107.
  • the RMC 106 can request authorization to convey the certification 412 from a party designated to grant such authorization. For example, authorization may be granted to a person employed by the Intermediary 101-102.
  • the RMC 106 may receive a denial of required authorization 414, in which case the RMC 106 will transmit a denial 415 for the request for a certification 109.
  • the RMC 106 may receive an approval for the request for authorization 414 and subsequently transmit the certification 109 to the requestor 416.
  • Some embodiments allow conveyance of a certification with out an authorization step.
  • Authorization can be in essence waived or implied by supplying the certification information 105 to the neutral entity, such as the RMC 106.
  • a request for a certification 109 can be archived, along with a related response 417.
  • the RMC 106 can also be utilized to generate one or more reports relating to a request for certification and associated action resultant to the request 418.
  • a RMC 106 can receive updated information related to certification 510, such as a change in risk variable information, or other data change. Received updates can be docketed 511 to facilitate in processing. Any information included in the updates can be inco ⁇ orated into a data source 212 associated with generating the certifications 109. A list of recipients who should receive the updates can also be compiled 512. Recipients can include, for example, Primary Financial Institutions 107 or other subscribers 108 that have received a previous certification relating to the customer 103-104 involved. Updates can be transmitted or otherwise conveyed to the members included on the list of recipients 513. Referring now to Fig.
  • embodiments can include a certification 109 stored on an electronic storage device that can be made accessible to a Primary Financial Institution 107, or other party, that needs to access the certification.
  • the Primary Financial Institution 107 receives a description of a customer, such as, for example, a customer ID number and a network address at which the certification can be accessed 610.
  • the Primary Financial Institution 107 can retrieve a certification associated with the customer ID.
  • a network address can include an internet protocol address, a uniform resource locator, a peer to peer designation, or any other mechanism which allows for the identification of a resource and communication with the resource.
  • the RMC 106 can receive a request from a subscriber 107-108 to convey a particular certification 611 and respond by requesting authorization from an associated Intermediary 101-102 to convey a network address of a resource containing the certification 612. If the authorization is denied 613, the RMC can transmit a denial of the request for the certification 615. If the RMC 106 receives authorization to convey the certification information 614, the RMC 106 can transmit or otherwise convey the peer address 616 of a resource containing the certification and from which the certification information can be gathered.
  • a subscriber such as a respondent Financial Institution 107 or other entity 108, can request certification information 710 from the RMC 106 and receive a peer address 711 of a resource that contains the certification and is available via a network 201 from which the information can be received.
  • a subscriber 107-108 can access a resource located at the network address conveyed by the RMC 106 and receive the certification information 713.
  • Embodiments can also include transmitting, or otherwise providing a password or other security mechanism which can be used to further control access to a certification 109.
  • a portion of a display 800 can display information that relates to an Intermediary 801, such as an initiating bank, or other Financial Institution. Another portion of the display can include a description of a subscriber 802. A portion can also contain information descriptive of a particular requested transaction 803 such as, for example, an amount of money involved in the transaction, a time frame for the transaction to be consummated, or other details. A certification 109 or some subset of certification information 105 can be displayed in still another portion of the display 804. Information displayed can include, for example, predetermined fields of information related to a certificate, as discussed in more detail above, or an open narrative, as appropriate. Referring now to Fig.
  • the database 900 can include a field containing data descriptive of an Intermediary 901 as well as a field containing data descriptive of a subscriber 902. Another field can hold descriptive of a related certification 903. A number of embodiments of the present invention have been described.
  • hard copy documents can be gathered and scanned into the RMC 106 such that the scanned image can be forwarded to a subscriber as appropriate.
  • Other embodiments can include certification data that will expire and be locked after a set period of time has elapsed, such as, for example a period for which the data will remain current.
  • Locked data can include for example, data that is encrypted, subject to a password, or otherwise made inaccessible. Accordingly, other embodiments are within the scope of the following claims.

Abstract

Methods and systems are provided for managing Risk associated with a financial account initiated by an intermediary institution. Risk related information descriptive of a customer (103) of the intermediary (101) can be registered with a neutral entity and a certification (109) can be generated that is associated with the customer and includes the registered information. An instruction can be received to convey the certification associated with the customer to a Primary Financial Institution (107) after which the certification can be conveyed to the Primary Financial Institution.

Description

RISK MANAGEMENT CUSTOMER REGISTRY
CROSS REFERENCE TO RELATED APPLICATIONS This application claims the benefit of the filing date of U.S. Provisional applications no. 60/392,989 entitled "Risk Management Customer Registry", filed July 1, 2002. This application is a continuation-in-part of a prior application entitled "Risk Management Clearinghouse", filed February 12, 2002, and bearing the Serial No. 10/074,584 which is a continuation-in-part of a prior application also entitled "Risk Management Clearinghouse" filed October 30, 2001, and bearing the Serial No. 10/021,124, which is also a continuation-in-part of a prior application entitled
"Automated Global Risk Management" filed March 20, 2001, and bearing the Serial No. 09/812,627, all of which are relied upon and incoφorated by reference.
BACKGROUND
This invention relates generally to a method and system for facilitating the identification, investigation, assessment and management of legal, regulatory, financial and reputational risks, hi particular, the present invention relates to a computerized system and method for banks and non-bank financial institutions to comply with know your customer requirements associated with a financial transaction initiated by a primary bank on behalf of a customer. As money-laundering and related concerns have become increasingly important public policy concerns, regulators have attempted to address these issues by imposing increasing formal and informal obligations upon financial institutions. Government regulations authorize a broad regime of record-keeping and regulatory reporting obligations on covered financial institutions as a tool for the federal government to use to fight drug trafficking, money laundering, and other crimes.
Such a body of regulation is designed chiefly to assist law enforcement authorities in detecting when criminals are using banks and other financial institution as an intermediary for, or to hide the transfer of funds derived from, criminal activity. Bank and non-bank financial institutions, including: investment banks; merchant banks; securities firms, any insured bank (as defined in section 3(h) of the Federal Deposit Insurance Act (12 U.S.C. 1813(h)); a commercial bank or trust company; a private banker; credit union; thrift institution; broker dealers; securities and commodities trading firms; asset management companies, hedge funds, mutual funds, credit rating funds, securities exchanges and bourses, institutional and individual investors, law firms, accounting firms, auditing firms, or any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Act of 1956; may be subject to legal and regulatory obligations to "know your customer" (KYC).
KYC obligations may be particularly difficult to meet in a situation where a financial institution that will take an action on behalf of a customer of an intermediary financial institution. Situations can arise, for example, where an intermediary financial institution may wish to provide a service or product to a customer of intermediary financial institution but not be able to provide the service themselves. The action can include, for example, a request to open an account, execute a financial transaction or take some other action. The intermediary financial institution may approach a Primary Financial Institution and request that the Primary Financial Institution provide the necessary service. The Primary Financial Institution may have a working relationship with the intermediary financial institution, but not have any knowledge of the ultimate customer. Taking an action on behalf of an unknown customer can result in an increase in Risk for the Primary Financial Institution.
What is needed is a method and system to minimize Risks associated with conducting transaction on behalf of a customer of an intermediary financial institution, coordinate and administer a certification that can receive and present information about a customer to any financial institution that will act on behalf of the customer. Compiled certification information should be situated in a known resource from which it can be conveyed to a compliance department or government entity and also be able to demonstrate to regulators that a Financial Institution has met standards relating to risk containment.
SUMMARY
Accordingly, the present invention provides methods and systems for managing Risk associated with a financial account initiated by an Intermediary institution. A computerized system can coordinate and administer a certification that can receive and present information about a customer to a financial institution requested to act on behalf of the customer. Compiled certification information should be situated in a known resource from which it can be conveyed to a compliance department or government entity and also be able to demonstrate to regulators that a Financial Institution has met standards relating to risk containment.
Risk related information descriptive of a customer of the Intermediary can be registered with a neutral entity and organized into a certification associated with the customer. An instruction can be received to convey the certification associated with the customer to a Primary Financial Institution after which the certification can be conveyed to the Primary Financial Institution.
Embodiments can include various ways to convey the certification, such as, for example, providing an indicator identifying the customer to the Primary Financial Institution and a network address at which the certification associated with the customer can be accessed. Access to the certification identified with the customer identification can also be authorized for the particular Primary Financial Institution. In another aspect, embodiments can include performing a risk management clearinghouse search related to the customer and conveying the results of the risk management clearinghouse search to the Primary Financial Institution, such as, for example, with the conveyance of the certification.
The action relating to a financial account initiated by an Intermediary can include, for example: opening a financial account; transferring funds, investing funds or other type of transaction.
Once the certification is generated, embodiments can include ascertaining the completeness of the certification, such as by the neutral entity. In another aspect, embodiments can also include, keeping the name of the customer anonymous to the Primary Financial Institution. If it is appropriate, embodiments can include receiving updated information relating to the certification and transmitting the updated information to a Primary Financial Institution that had previously received a certification relating to the customer. hi still another aspect, conveying the information descriptive of a customer can include storing the certification on a resource accessible via a particular network address and associating the certification with an identifier unique to the customer. The identifier and the network address can be transmitted to the Primary Financial Institution such that the Primary Financial Institution can access the resource and identify an appropriate certification. From the perspective of an Intermediary Financial Institution, information descriptive of a customer can be registered with a neutral entity, such as a risk management clearinghouse. When an Intermediary initiates a transaction with a Primary Financial Institution, the Intermediary can also issue an instruction to a neutral entity with information descriptive of a customer to convey the information to the Primary Financial Institution.
Other embodiments of the present invention can include a computerized system, executable software, or a data signal implementing the inventive methods of the present invention. The computer server can be accessed via a network access device, such as a computer. Similarly, the data signal can be operative with a computing device, and computer code can be embodied on a computer readable medium.
Various features and embodiments are further described in the following figures, drawings and claims.
DESCRIPTION OF THE DRAWINGS
Fig. 1 illustrates a block diagram that can embody the present invention.
Fig. 2 illustrates a network of computer systems that can embody an Intermediary Registry.
Fig. 3 illustrates a flow of exemplary steps, from the perspective of an Intermediary, which can be executed while implementing the present invention.
Fig. 4 illustrates a flow of exemplary steps, from the perspective of a risk management clearinghouse, which can be executed by a user while implementing the present invention.
Fig. 5 illustrates a flow of exemplary steps, from the perspective of updating information, which can be executed by a user while implementmg the present invention.
Fig. 6 illustrates a flow of exemplary steps relating to a certification available via a network resource, the steps can be executed by a user while implementing the present invention. Fig. 7 illustrates a flow of exemplary steps relating to accessing a certification on a network resource that can be executed by a user while implementing the present invention. Fig. 8 illustrates an exemplary graphical user interface that can implement various aspects of the present invention.
Fig. 9 illustrates an exemplary data structure that can be utilized to implement certain aspects of the present invention.
DETAILED DESCRIPTION
The present invention includes methods and systems for facilitating the transfer of information relating to risk management and KYC obligations. In particular, the present invention includes methods and systems for conveying information descriptive of a customer whose relationship with a Primary Financial Institution results from interaction with an Intermediary entity., an Intermediary can include any Financial Institution or other entity that requests that a Primary Financial Institution provide a service or product on behalf of a customer of the Intermediary. A Primary Financial Institution can include any Financial Institution approached by the Intermediary to provide such product or service.
Definitions
For the purposes of this application, the following definitions can apply:
Financial Institution: Financial Institution refers to any person, entity, company, coφoration or statutory "person" in the business of providing Financial Transactions. As such, as used herein, a Financial Institution can collectively and individually include: Bank and non-bank financial institutions, including: investment banks; merchant banks; commercial banks; securities firms, including broker dealers securities and commodities trading firms; asset management companies, other hedge fund s, mutual funds, credit rating funds, securities exchanges and bourses, institutional and individual investors, law firms, accounting firms, auditing firms, any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Act of 1956, and other entities subject to legal and regulatory compliance obligations with respect to money laundering, fraud, corruption, terrorism, organized crime, regulatory and suspicious activity reporting, sanctions, embargoes and other regulatory risks and associated obligations. Financial Transaction: a Financial transaction refers to any action that anticipates a transfer of money from a first set of one or more Transaction Participants to a second set of one or more Transaction Participants. Examples of Financial Transactions can include: investment and merchant banking, public and private financing, commodities and a securities trading, commercial and consumer lending, asset management, rating of coφorations and securities, public and private equity investment, public and private fixed income investment, listing to companies on a securities exchange and bourse, employee screening, auditing of coφorate or other entities, legal opinions relating to a coφorate or other entity, or other business related transactions; a transaction involving any transfer of funds and: an insurance company, a credit card issuer, a trading exchange, a government regulator, a law enforcement agency, an investment and/or merchant bank, public and private financing, commodities and securities trading, commercial and consumer lending, asset management, a rating of coφorations and securities, public and private equity investments, public and private fixed income investments, the listing of companies on securities exchanges and bourses; and employee screening. Intermediary: Intermediary refers to a Financial Institution or other entity that requests that a Primary Financial Institution provide a service or product, or execute a Financial Transaction on behalf of a customer of the Intermediary.
Informational Artifact: Informational Artifact refers to a media item that contains information that can be inteφreted into a humanly ascertainable form. Examples of Informational Artifacts include: a document, a news article, a news feed portion, a video segment, a newscast, a report, an agency listing, a list, a government publication, other identifiable publication, a sound byte, a sound recording, or other media item.
Primary Financial Institution: Primary Financial Institution refers to a Financial Institution executing a Financial Transaction.
Risks: Risks associated with a financial transaction can include factors associated with security risk, financial risk, legal risk, regulatory risk and reputational risk. A Security Risk refers to breach of a safety measure that may result in unauthorized access to a facility; unauthorized access to data; physical harm, including threat of immediate risk of harm to a person or goods. Financial Risk refers to factors indicative of monetary costs that the Risk Bearing Institution or a Transaction Participant may be exposed to as a result of a particular Financial Transaction. Monetary costs can be related to fines, forfeitures, costs to defend an adverse position, lost revenue, or other related potential sources of expense. Regulatory Risk refers to factors that may cause the Risk Bearing Institution or Transaction Participant to be in violation of rules put forth by a government entity or regulatory agency. Reputational risk relates to harm that a Risk Bearing Institution or Transaction Participant may suffer regarding its professional standing in an industry or the public eye. A Risk Bearing Institution and Transaction Participant can suffer from being associated with a situation that may be inteφreted as contrary to an image of diligence, honesty and forthrightness.
Risks may be related to the duty to disclose material information, to report and possibly prevent: fraud, money laundering, foreign corrupt practices, bribery, embargoes and sanctions. Timely access to relevant data on which to base a regulatory or reputational Risk related action can be critical to conducting business and comply with regulatory requirements such as those set forth by the Patriot Act in the United States .
Risk Management Clearinghouse (RMC): RMC refers to computerized systems and methods for managing Risks and associating information and/or informational artifacts useful for quantifying Risk with a Risk subject, as more fully described in the related patent applications: 10/074,584 entitled "Risk Management Clearinghouse" filed February 12, 2002, and U.S. Patent Application No. 10/021,124 entitled "Risk Management Clearinghouse" filed October 30, 2001.
Risk Quotient: Risk Quotient refers to a quantitative value of an amount of Risk, a Risk Quotient can be based upon a weighted algorithm applied to the Risk criteria and informational artifacts.
Subscriber: Subscriber refers to any person or entity authorized to access an
RMC system 106.
Transaction Participant: Transaction Participant refers to a person who will partake in a Financial transaction.
Elements Referring now to Fig. 1, a block diagram with elements included in some embodiments of the present invention is illustrated. A neutral entity, such as a risk management clearinghouse (RMC) 106, can act as a registry of information relating to a customer of an Intermediary 101-102 by receiving and maintaining certification information 105, such as, for example an Informational Artifact, that is descriptive of a customer 103-104 and related to the management of Risks. A neutral entity can be any entity that is not under the control of either the Intermediary or the Primary Financial Institution. A neutral entity may, for example, be under a contractual obligation to an Intermediary or Primary Financial Institution, but will generally be able to operate independently and not be under obligation to act upon managerial instruction initiated by either the Intermediary or the Primary Financial Institution. An RMC 106 or other neutral entity can register information by receiving the information and associating the information with an identifier of a customer. Association of information can be according to any available technique, such as a relational or hierarchical database, key fields, indexing or other methods.
One or more certifications 109 containing predefined fields of information descriptive of a customer 103-104 can be made available to a Primary Financial Institution 107 or other subscriber 108 who wishes to act responsive to needs or requests of the customer 103-104. In particular, a certification 109 can be useful to manage risk by fulfilling KYC obligations, such as those set forth by the Financial Action Task Force (FATF), the USA PATRIOT Act or other authority or obligation.
For example, an Intermediary may request that a Primary Financial Institution open an account and/or execute a financial transaction on behalf of a customer of the Intermediary. A financial account can be an account for investing, trading, transferring, receiving or otherwise handling finances. The Primary Financial
Institution may not be able to meet or interview the customer, or take other actions involving the customer according to normal due diligence procedures. However, the Intermediary 101-102 can arrange for pertinent information, such as, for example, in the form of certificate information 105, to be put on record with an RMC 106, and authorize the RMC 106 to transmit, or otherwise release to the Primary Financial Institution the certificate information 105. In some embodiments, the release of the information 105 can take the form of a predefined certification 109 containing information useful to ascertaining a level of Risk that may be associated with performing a transaction for the customer, such as, for example, information routinely requested during an account opening procedure, or other more general information.
A predefined certification 109, or other release of information 105 can include information relating to any risk variable, such as, for example: data that can cause a risk level to change; identification of who is a beneficiary to a transaction; a sovereign state involved; a geographic area involved; citizenship of the customer; a shell bank involved; a correspondent account involved; a political figure or a person close to a political figure; a history of fraud, embargoes, sanctions, or other compromising situation; or other information. Some embodiments can include a database with data fields to hold information included in the certification 109. For example, the database fields can include datum which identify a home and business address for the customer; an employer of the customer; a means of identification, such as a passport, driver's license, birth certificate, or other official document, as well as data gleaned form such a document, such as a numeric identifier; a history of criminal convictions or investigations; a date of birth; a place of birth; parents names and citizenship; alternate names the customer has ever been known by, any association with specific organizations listed; any family members associated with specific organizations; or other information.
Some embodiments can include a document image of certification 109, such as for example, a .pdf file created with Adobe Acrobat, or other image. In some embodiments, images can be desirable because the image can convey a document as submitted and diminish any probability of information being compromised.
Other risk variable information relating to the customer can include whether the customer 103-104 is listed on, or otherwise associated with an entity listed on, a formalized list generated by an authority, such as, for example: a list generated by the Office of Foreign Assets Control (OF AC) including their sanction and embargo list, a list generated by the U.S. Commerce Department, a list of international "kingpins" generated by the U.S. White House, foreign Counteφart list, U.S. regulatory actions or other information source such as a foreign government, U.S. adverse business- related media reports, U.S. state regulatory enforcement actions, international regulatory enforcement actions, international adverse business-related media reports, a list of politically connected individuals or politically identified persons, a list of military leaders, a list of U.S. and international organized crime members and affiliates, a list put forth by the Financial Action Task Force (FATF), a list of recognized high risk countries, or other source of high risk variables. Court records or other references relating to fraud, bankruptcy, professional reprimand or a rescission of a right to practice, suspension from professional ranks, disbarment, prison records or other source of suspect behavior can also be an important source of information. Of additional interest can be information indicative that a customer is not a high risk, such as, a list of coφorations domiciled in a G-7 country, or a list of entities traded on a major exchange.
A RMC search can include a search of the risk variable information and sources listed above and any other information source related to Risks that can be made available to a data search. Results of a risk management clearinghouse search can be included with other information gathered that relates to a customer. Some embodiments can include a predefined certification 109. The predefined certification 109 can include predetermined or standardized fields of information. Standards can be useful in that all parties in setting industry norms and accepted practices.
In another aspect, in some embodiments, a RMC 106 or other neutral entity can perform a check to ascertain that all agreed upon information has been included in the customer certificate information 105 received and a certification 109 generated is complete. Still other embodiments can allow the veracity and completeness of certificate information 105 to be left to efforts of the source of the information and not to the RMC 106, wherein the RMC 106 acts as a gatherer and compiler of information. Another variation can include supplying information and/or informational artifacts which are supportive of the veracity of information supplied in a certification 109. Still additional embodiments can allow the RMC 106 to guarantee or otherwise vouch for accuracy of information supplied.
Some embodiments can also include a certification 109 with an indication that a customer 103-104 has been researched by a RMC 106 according to predetermined procedures involving specified queries of predetermined risk variable sources, such as those listed above. Variations can include information identifying a customer, or allow the name of a customer 103-104 to remain anonymous to the Primary Financial Institution 107 or other subscriber 108, wherein the subscriber 107-108 will only receive answers to specific questions relating to the customer 103-104 or an indication that a query of risk variables associated with the customer 103-104 has not returned any results representative of a high risk. In such cases, a customer 103-104 may be identified by a customer ID number or other identifier that may not be significant outside of the relationship between the Intermediary 101-102 and the subscriber 107- 108.
Predetermined procedures that result in a risk management certificate can include a search of risk variables, such as those listed above, which relate to a customer 103-104. In some embodiments, results from a risk variable search can be forwarded to the subscriber financial institution 107-108 and/or the Intermediary 101- 102 involved. Results can include, for example, informational data, Informational ^Artifacts, a summary of the contents of Informational Artifacts, images, or other data. Embodiments can also include a statement or other indication from the RMC 106 indicating that a search has been conducted, the terms of the search and an indication of the results of the search. The indication of the results of the search can include for example, a quantitative value, such as a Risk Quotient, which is indicative of an amount of Risk that is associated with a particular Financial Transaction, Transaction Participant or other risk subject.
Embodiments can also allow the indication of the results to include a subjective rating of an amount of risk and/or an objective statement describing the search results. A subscriber rating can include, for example, a risk quotient or other scaled rating of risk. An objective statement can include, for example, listed terms that were searched and an indication that no negative material was returned from the search. Essentially, the objective statement can be packaged as an indication that the RMC 106 has not discovered any reason, from a risk management standpoint, not to proceed with a transaction involving the customer 103-104.
Terms that are searched can include, sources of information for risk variable related information such as government lists and the like, such as those listed above. Terms can also include phrases, words, relationships and other criteria utilized in a query and any data scrubbing variations that may have been utilized. An Intermediary 101-103 can also agree that it will notify an RMC 106 and/or any subscribers 107-108 of any change in facts or circumstances previously certified or contained in certification information 105. Similarly, a RMC 106 can perform an alert service that will periodically or continuously, search on terms related to a customer 103-104, or a risk variable related to a customer 103-104, and notify an interested party, such as, for example, a subscriber 107-108 or an Intermediary 101- 102 of any newly discovered information relating to the customer 103-104.
A Primary Financial Institution 107 that is on record with an RMC 106 as being interested in a customer can receive delivery of information relating to a customer via an electronic document, remotely printed document, facsimile, or hardcopy generated and physically delivered or other means. A RMC 106 can also be utilized to notify appropriate parties of administrative obligations such as, for example, notice of a change in facts contained in a certification 109. Risk management procedures can establish that reporting information required to generate a certification 109 is voluntary for a customer 103-104; however failure to provide information necessary to complete a certification 109 may preclude the establishment or continuation of intermediary accounts with the subscriber institution 107 or dealings with another subscriber 108. In addition to a Primary Financial Institution 107, other subscribers 108 can include, for example: a regulator; a money transfer agency; bourse; an institutional or individual investor; an auditing firm; a law firm; any institution or entity subject to legal and regulatory compliance obligations with respect to money laundering, fraud, corruption, terrorism, organized crime, regulatory and suspicious activity reporting, sanctions, embargoes and other regulatory risks and associated obligations; or other entity.
Similarly, a financial transaction can include investment and merchant banking, public and private financing, commodities and a securities trading, commercial and consumer lending, asset management, rating of coφorations and securities, public and private equity investment, public and private fixed income investment, listing to companies on a securities exchange and bourse, employee screening, auditing of coφorate or other entities, legal opinions relating to a coφorate or other entity, or other business related transactions.
Embodiments can include certification information 105 that is received from an Intermediary 101-102 in any form that can accurately convey information necessary to complete a certification 105. For example, information can be input into a graphical user interface (GUI), submitted via hard copy, facsimile, scanned image, or any other form of information conveyance. The RMC 106 can store the certification information 105 and convey it upon request, such as in the form of a certificate generated.
Similarly, certification information 105 can be retrieved by a respondent Primary Financial Institution 107 or other subscriber 108 using any available mechanism for conveying information, including, but not limited to: a scanned image, database record retrieval, a text file, facsimile, hard copy, data stored on a computer readable medium, or other mechanism.
Information 105 relating to and included in certifications 109 can be aggregated into a searchable data storage structure. Gathering data into an aggregate data structure, such as a data warehouse, allows a RMC 106 make the data readily available for processing a risk management search associated with a transaction involving a customer 103-104. Aggregated data can also be scrubbed or otherwise enhanced to aid in performing searches.
In some embodiments involving the enhancement of data, data scrubbing can be utilized to implement a data warehouse comprising the aggregate data structure. Various data scrubbing routines can be utilized to facilitate aggregation of risk variable related information. The routines can include programs capable of correcting a specific type of mistake, such as an incomprehensible street address, or rectify a full spectrum of commonly found database flaws. Rectifying database flaws can include, for example, adjusting field alignment by picking up misplaced data and moving it to a correct field or removing inconsistencies and inaccuracies from like data.
Other scrubbing routines can be directed towards specific legal issues, such as money laundering or terrorist tracking activities. For example, a scrubbing routine can be used to facilitate various different spelling of one name. In particular, spelling of names can be important when names have been translated from a foreign language into English. A data scrubbing routine can facilitate risk variable searching for multiple spellings of an equivalent name or other important information. Such a routine can enhance the value of the aggregate data gathered and also help correct database flaws. Scrubbing routines can improve and expand data quality more efficiently than manual mending and also allow a subscriber 107-108 to quantify best practices for regulatory puφoses.
Referring now to Fig. 2, a network diagram illustrating some embodiments of the present invention is shown 200. An automated RMC 106 can include a computerized RMC server 210 accessible via a distributed network 201 such as the Internet, or a private network. A party interested in risk management, such as, for example, an Intermediary 101-102, a Primary Financial Institution 107 or other subscriber 108 can use a computerized system or network access device 203-205 to receive, input, transmit or view information processed in the RMC server 210. A protocol, such as the transmission control protocol internet protocol (TCP/IP ) can be utilized to provide consistency and reliability.
In addition, some embodiments can include a proprietary risk management (PRM) server 211 which can access the RMC server 210 via the network 201 or via a direct link 213, such as a Tl line, digital subscriber line (DSL), or other high speed pipe. The PRM server 211 can in turn be accessed by an affiliated user via a system access device 203-205 and a communications network 201, such as a local area network, or other private network, or even the Internet, if desired. For the pmposes of this application, any function or reference to an RMC server 210 can also include a PRM server 211, except that the PRM server 211 can also contain proprietary information that will not be shared outside of an organization except as allowed by prevailing applicable law. In addition, in some embodiments, a PRM server 211 may be utilized to calculate risk quotients or other subjective valuations which an RMC server 210 may be limited from doing by an RMC provider. A system access device 203-205 utilized to access the RMC server 210 can include a processor, memory and a user input device, such as a keyboard and/or mouse, and a user output device, such as a display screen and/or printer. A system access device 203-205 can communicate with the RMC server 210 to access data and programs stored at the RMC server 210. A system access device 203-205 may interact with the RMC server 210 as if the RMC server 210 were a single entity in the network 200. However, the RMC server 210 may include multiple processing and database sub-systems, such as cooperative or redundant processing and/or database servers that can be geographically dispersed throughout the network 201.
The RMC server 210 can include one or more databases 212 storing data relating to risk management, and in particular to certification of a customer 103- 104 presented by an Intermediary 101-102. The RMC server 210 may interact with and/or gather data from an operator of a system access device 203-205 or other source. Typically a user will access a RMC server 210 using client software executed at a system access device 203-205. The client software may include a generic hypertext markup language (HTML) browser, such as Netscape Navigator or Microsoft Internet Explorer, (a "WEB browser"). The client software may also be a proprietary browser, and/or other host access sof ware. In some cases, an executable program, such as a Java™ program, may be downloaded from the RMC server 210 to the system access device 203-205 and executed at the system access device 203-205 as part of RMC risk management software. Other implementations include proprietary software installed from a computer readable medium, such as a CD ROM. The invention may therefore be implemented in digital electronic circuitry, computer hardware, firmware, software, or in combinations of the above. Apparatus of the invention may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a programmable processor; and method steps of the invention may be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on input data and generating output.
Referring now to Fig. 3, steps that can be performed while practicing the present invention are illustrated. From the perspective of an Intermediary 101-102, customer certification information relating to a customer 103-104 can be received 310 and the customer certification information 105 registered 311 with an RMC 106. Embodiments can also include a customer 103-104 or other entity providing the information directly to the RMC 106.
The Intermediary 101-102 can initiate a transaction 312 with a Primary Financial Institution 107 or other subscriber 108 and cause the registered information to be conveyed to the Primary Financial Institution 107. The conveyance of the information can be accomplished by any convenient means of communication. Embodiments include electronic transmission of a customer identifier 313 or other indication descriptive of the customer, to the Primary Financial Institution 107. In addition, the Intermediary 101-102 can authorize access 314 to a certification 109 by a subscriber 107-108. The Intermediary 101-102 can also update any customer information 315 and initiate another transaction 312.
Embodiments can also include an Intermediary 101-102 causing the information to be transmitted to the Primary Financial Institution 107 or other entity 108. The Intermediary can cause the information to be sent via any available method of communication, such as, an electronic message, a facsimile, a voice message, a batch feed, hardcopy instruction, or other communication.
Referring now to Fig. A, from the perspective of an RMC 106, the RMC 106 can receive customer certification information 410 and also receive a request to convey a particular certification 411, from a requestor, such as a request from a Primary Financial Institution 107. hi turn, the RMC 106 can request authorization to convey the certification 412 from a party designated to grant such authorization. For example, authorization may be granted to a person employed by the Intermediary 101-102.
In response to the request for authorization to convey a certification 412, the RMC 106 may receive a denial of required authorization 414, in which case the RMC 106 will transmit a denial 415 for the request for a certification 109. Alternatively, the RMC 106 may receive an approval for the request for authorization 414 and subsequently transmit the certification 109 to the requestor 416.
Some embodiments allow conveyance of a certification with out an authorization step. Authorization can be in essence waived or implied by supplying the certification information 105 to the neutral entity, such as the RMC 106.
A request for a certification 109 can be archived, along with a related response 417. The RMC 106 can also be utilized to generate one or more reports relating to a request for certification and associated action resultant to the request 418.
Referring now to Fig. 5, steps relating to updating certification information which can be implemented in various embodiments of the present invention are illustrated. A RMC 106 can receive updated information related to certification 510, such as a change in risk variable information, or other data change. Received updates can be docketed 511 to facilitate in processing. Any information included in the updates can be incoφorated into a data source 212 associated with generating the certifications 109. A list of recipients who should receive the updates can also be compiled 512. Recipients can include, for example, Primary Financial Institutions 107 or other subscribers 108 that have received a previous certification relating to the customer 103-104 involved. Updates can be transmitted or otherwise conveyed to the members included on the list of recipients 513. Referring now to Fig. 6, embodiments can include a certification 109 stored on an electronic storage device that can be made accessible to a Primary Financial Institution 107, or other party, that needs to access the certification. The Primary Financial Institution 107 receives a description of a customer, such as, for example, a customer ID number and a network address at which the certification can be accessed 610. The Primary Financial Institution 107 can retrieve a certification associated with the customer ID. A network address can include an internet protocol address, a uniform resource locator, a peer to peer designation, or any other mechanism which allows for the identification of a resource and communication with the resource. The RMC 106 can receive a request from a subscriber 107-108 to convey a particular certification 611 and respond by requesting authorization from an associated Intermediary 101-102 to convey a network address of a resource containing the certification 612. If the authorization is denied 613, the RMC can transmit a denial of the request for the certification 615. If the RMC 106 receives authorization to convey the certification information 614, the RMC 106 can transmit or otherwise convey the peer address 616 of a resource containing the certification and from which the certification information can be gathered.
Accordingly, as illustrated in Fig. 7, a subscriber, such as a respondent Financial Institution 107 or other entity 108, can request certification information 710 from the RMC 106 and receive a peer address 711 of a resource that contains the certification and is available via a network 201 from which the information can be received. A subscriber 107-108 can access a resource located at the network address conveyed by the RMC 106 and receive the certification information 713. Embodiments can also include transmitting, or otherwise providing a password or other security mechanism which can be used to further control access to a certification 109.
Referring now to Fig. 8, an exemplary GUI 800 that can be utilized while practicing the present invention is illustrated. A portion of a display 800 can display information that relates to an Intermediary 801, such as an initiating bank, or other Financial Institution. Another portion of the display can include a description of a subscriber 802. A portion can also contain information descriptive of a particular requested transaction 803 such as, for example, an amount of money involved in the transaction, a time frame for the transaction to be consummated, or other details. A certification 109 or some subset of certification information 105 can be displayed in still another portion of the display 804. Information displayed can include, for example, predetermined fields of information related to a certificate, as discussed in more detail above, or an open narrative, as appropriate. Referring now to Fig. 9, a portion of a design of a database that can be utilized while implementing the present invention is illustrated. The database 900 can include a field containing data descriptive of an Intermediary 901 as well as a field containing data descriptive of a subscriber 902. Another field can hold descriptive of a related certification 903. A number of embodiments of the present invention have been described.
Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. For example, hard copy documents can be gathered and scanned into the RMC 106 such that the scanned image can be forwarded to a subscriber as appropriate. Other embodiments can include certification data that will expire and be locked after a set period of time has elapsed, such as, for example a period for which the data will remain current. Locked data can include for example, data that is encrypted, subject to a password, or otherwise made inaccessible. Accordingly, other embodiments are within the scope of the following claims.

Claims

CLAIMS What is claimed is:
1. A method for managing risk associated with a financial transaction, the method comprising: registering risk related information descriptive of a customer of a intermediary financial institution; generating a certification comprising the risk related information and associating the certification with the customer; receiving an instruction to convey the certification associated with the customer to a primary financial institution; and causing the certification to be conveyed to the Primary Financial Institution.
2. The method of claim 1 wherein conveying the certification descriptive of a customer comprises the steps of: providing an indicator identifying the customer to the primary financial institution; transmitting a network address at which a certification can be accessed according to the indicator identifying the customer; and authorizing access to the certification.
3. The method of claim 1 wherein the certification is transmitted prior to the primary financial institution opening an account to the benefit of the customer of the intermediary financial institution.
4. The method of claim 1 additionally comprising the steps of: performing a risk management clearinghouse search related to the customer; and conveying the results of the risk management clearinghouse search to the Primary Financial Institution.
5. The method of claim 1 wherein the certification is transmitted prior to execution of a financial transaction by the primary financial institution, wherein the financial transaction is associated with the customer.
6. The method of claim 1 additionally comprising the step of ascertaining the completeness of the certification information conveyed.
7. The method of claim 1 wherein a name of the customer is kept anonymous to the Primary Financial Institution.
8. The method of claim 1 additionally comprising the steps of receiving updated information relating to the certification and transmitting the updated information to a Primary Financial Institution that had previously received a certification relating to the customer.
9. The method of claim 1 wherein conveying the information descriptive of a customer comprises the steps of: storing the certification on a resource accessible via a particular network address; associating the certification with an identifier unique to the customer; and transmitting the identifier and the network address to the Primary Financial Institution.
10. A method for managing risk associated with a financial transaction initiated by an intermediary financial institution, the method comprising: registering information descriptive of a customer with a neutral entity; initiating a transaction with a primary financial institution; and issuing an instruction to the neutral entity to convey the registered information descriptive of a customer to the primary financial institution.
11. The method of claim 10 additionally comprising the steps of: transmitting an indication of a customer identity to the Primary Financial Institution; and authorizing access to a certification compiled by the neutral entity, wherein the certification comprises the information descriptive of the customer.
12. The method for claim 10 additionally comprising the steps of: transmitting an update to information descriptive of the customer to the neutral entity; and transmitting to the neutral entity an instruction to convey the updated information to one or more Primary Financial Institutions to which a certification associated with the customer has been transmitted.
13. The method of claim 12 additionally comprising the step of: transmitting an indication to one or more primary financial institutions regarding the existence of updated information.
14. The method of claim 11 additionally comprising the step of providing to the neutral entity a statement guaranteeing the veracity of the registered information.
15. A system for managing risk associated with a financial transaction initiated by an intermediary financial institution, the system comprising: a computer server accessible with a system access device via a communications network; and executable software stored on the server and executable on demand, the software operative with the server to cause the server to: register risk related information descriptive of a customer of the intermediary; generate a certificate comprising the risk related information and associating the certificate with the customer; receive an instruction to convey certification associated with the customer to a primary financial institution; and cause the registered information descriptive of a customer to be conveyed to the primary financial institution.
16. A system for managing risk associated with a financial account initiated by an intermediary, the system comprising: a computer server accessible with a system access device via a communications network; and executable software stored on the server and executable on demand, the software operative with the server to cause the server to: register information descriptive of a customer with a neutral entity; initiate a transaction related to a financial account with a primary financial institution; and issue an instruction to convey the information descriptive of a customer which is registered with the neutral entity to be conveyed to the primary financial institution.
17. Computer executable program code residing on a computer-readable medium, the program code comprising instructions for causing the computer to: receive risk related information descriptive of a customer of the intermediary; scrub the risk related information descriptive of a customer of the intermediary; perform a risk clearinghouse search related to the customer of the intermediary; organize the risk related information into a certification associated with the customer; receive an instruction to convey certification associated with the customer to a primary financial institution; and cause the registered information descriptive of a customer and results of the risk clearinghouse search to be conveyed to the primary financial institution.
18. A computer data signal embodied in a digital data stream comprising data relating to a financial account, wherein the computer data signal is generated by a method comprising the steps of: registering information descriptive of a customer with a neutral entity; receiving an instruction to convey the information descriptive of a customer to a primary financial institution; and causing the registered information descriptive of a customer to be conveyed to the primary financial institution.
19. The computer data signal of claim 18 wherein the data signal is additionally generated by the steps: receiving an update to registered information; and transmitting the update to previous recipients of the registered information.
20. The computer data signal of claim 18 wherein the registered information comprises a risk management search of anti-tenorist related publications.
21. A method of conducting a financial transaction, the method comprising: transmitting the data descriptive of a particular financial transaction participant to a computer system accessible via a communications network, wherein the computer server is operative with executable software to: receive into the computer system the data descriptive of the particular financial transaction participant; generate a certification comprising at least some of the data descriptive of the particular financial transaction participant; receive into a computer system data descriptive of informational artifacts with content related to at least one of: reputational risk, regulatory risk and legal risk; determine if one or more informational artifacts with content related to at least one of: reputational risk, regulatory risk and legal risk, reference the transaction participant; transmit the certification; and if any informational artifacts reference the transaction participant then transmit data descriptive of the content of one or more informational artifacts which reference the transaction participant; receiving the certification; receiving any data descriptive of the content of informational artifacts which reference the transaction participant and was transmitted by the computer server; and determining a course of action related to the financial transaction based upon at least one of: the certification and the data descriptive of the content of the informational artifact referencing the transaction participant.
22. The method of claim 21 wherein the course of action comprises proceeding with the financial fransaction.
23. The method of claim 21 wherein the course of action comprises refusing to proceed with the financial transaction.
PCT/US2003/019242 2002-07-01 2003-06-18 Risk management customer registry WO2004003811A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003251558A AU2003251558A1 (en) 2002-07-01 2003-06-18 Risk management customer registry

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US39298902P 2002-07-01 2002-07-01
US60/392,989 2002-07-01

Publications (1)

Publication Number Publication Date
WO2004003811A1 true WO2004003811A1 (en) 2004-01-08

Family

ID=30000957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/019242 WO2004003811A1 (en) 2002-07-01 2003-06-18 Risk management customer registry

Country Status (2)

Country Link
AU (1) AU2003251558A1 (en)
WO (1) WO2004003811A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7945500B2 (en) 2007-04-09 2011-05-17 Pricelock, Inc. System and method for providing an insurance premium for price protection
US7945501B2 (en) 2007-04-09 2011-05-17 Pricelock, Inc. System and method for constraining depletion amount in a defined time frame
US8019694B2 (en) 2007-02-12 2011-09-13 Pricelock, Inc. System and method for estimating forward retail commodity price within a geographic boundary
US20110270872A1 (en) * 2010-04-30 2011-11-03 Bank Of America Corporation International Cross Border Data Movement
US8156022B2 (en) 2007-02-12 2012-04-10 Pricelock, Inc. Method and system for providing price protection for commodity purchasing through price protection contracts
US8160952B1 (en) 2008-02-12 2012-04-17 Pricelock, Inc. Method and system for providing price protection related to the purchase of a commodity
US8256148B2 (en) 2006-09-04 2012-09-04 Miller Uk Limited Coupler

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5446885A (en) * 1992-05-15 1995-08-29 International Business Machines Corporation Event driven management information system with rule-based applications structure stored in a relational database
US5884289A (en) * 1995-06-16 1999-03-16 Card Alert Services, Inc. Debit card fraud detection and control system
US6088686A (en) * 1995-12-12 2000-07-11 Citibank, N.A. System and method to performing on-line credit reviews and approvals

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5446885A (en) * 1992-05-15 1995-08-29 International Business Machines Corporation Event driven management information system with rule-based applications structure stored in a relational database
US5884289A (en) * 1995-06-16 1999-03-16 Card Alert Services, Inc. Debit card fraud detection and control system
US6088686A (en) * 1995-12-12 2000-07-11 Citibank, N.A. System and method to performing on-line credit reviews and approvals

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8256148B2 (en) 2006-09-04 2012-09-04 Miller Uk Limited Coupler
US8019694B2 (en) 2007-02-12 2011-09-13 Pricelock, Inc. System and method for estimating forward retail commodity price within a geographic boundary
US8156022B2 (en) 2007-02-12 2012-04-10 Pricelock, Inc. Method and system for providing price protection for commodity purchasing through price protection contracts
US8538795B2 (en) 2007-02-12 2013-09-17 Pricelock, Inc. System and method of determining a retail commodity price within a geographic boundary
US7945500B2 (en) 2007-04-09 2011-05-17 Pricelock, Inc. System and method for providing an insurance premium for price protection
US7945501B2 (en) 2007-04-09 2011-05-17 Pricelock, Inc. System and method for constraining depletion amount in a defined time frame
US8065218B2 (en) 2007-04-09 2011-11-22 Pricelock, Inc. System and method for providing an insurance premium for price protection
US8086517B2 (en) 2007-04-09 2011-12-27 Pricelock, Inc. System and method for constraining depletion amount in a defined time frame
US8160952B1 (en) 2008-02-12 2012-04-17 Pricelock, Inc. Method and system for providing price protection related to the purchase of a commodity
US20110270872A1 (en) * 2010-04-30 2011-11-03 Bank Of America Corporation International Cross Border Data Movement
US8473324B2 (en) 2010-04-30 2013-06-25 Bank Of America Corporation Assessment of risk associated with international cross border data movement
US8983918B2 (en) * 2010-04-30 2015-03-17 Bank Of America Corporation International cross border data movement

Also Published As

Publication number Publication date
AU2003251558A1 (en) 2004-01-19

Similar Documents

Publication Publication Date Title
US7904361B2 (en) Risk management customer registry
US8266051B2 (en) Biometric risk management
US8311933B2 (en) Hedge fund risk management
US7958027B2 (en) Systems and methods for managing risk associated with a geo-political area
US8209246B2 (en) Proprietary risk management clearinghouse
US20020138417A1 (en) Risk management clearinghouse
US7548883B2 (en) Construction industry risk management clearinghouse
US20110131125A1 (en) Correspondent Bank Registry
US20040006532A1 (en) Network access risk management
US8843411B2 (en) Gaming industry risk management clearinghouse
US20030233319A1 (en) Electronic fund transfer participant risk management clearing
US20040143446A1 (en) Long term care risk management clearinghouse
US20110131136A1 (en) Risk Management Customer Registry
US8285615B2 (en) Construction industry risk management clearinghouse
CA2478898A1 (en) Network access risk management
WO2004003811A1 (en) Risk management customer registry
WO2004001538A2 (en) Hedge fund risk management
WO2004001544A2 (en) Biometric risk management
WO2006110121A1 (en) Construction industry risk management clearinghouse
WO2003038547A2 (en) Risk management clearinghouse
WO2003104944A2 (en) Systems and methods for managing risk associated with a geo-political area
WO2004001537A2 (en) Proprietary risk management clearinghouse
WO2004021102A2 (en) Gaming industry risk management clearinghouse
WO2003104938A2 (en) Electronic fund transfer participant risk management clearing
EP1376439A1 (en) Correspondent bank registry

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP