AI-powered insider trading risk assessment system, its control method, and program
An AI-driven system integrates employee and financial transaction data to enhance insider trading prevention by accurately linking different identifiers, improving detection and compliance through real-time alerts and recommendations.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- NOMURA RESEARCH INSTITUTE
- Filing Date
- 2025-06-09
- Publication Date
- 2026-07-09
AI Technical Summary
Existing systems struggle to accurately predict and prevent insider trading by capturing complex information relationships and temporal continuity, and lack a mechanism to link employee and financial transaction data managed with different identifiers, leading to inefficiencies in compliance and operational management.
An AI-powered system integrates employee and financial transaction data using large-scale language models and ID linking, analyzing temporal relationships and scoring risks to provide real-time alerts and recommendations to prevent insider trading.
Enhances the accuracy and objectivity of insider trading detection, improves operational efficiency, and strengthens compliance systems by providing early warnings and actionable insights.
Smart Images

Figure 0007887063000001 
Figure 0007887063000002 
Figure 0007887063000003
Abstract
Description
Technical Field
[0001] The present invention relates to a system for preventing insider trading by employees within a company, its control method, and a program. In particular, it relates to a technology that integrally analyzes the actions of employees, accessible information, and external information by utilizing artificial intelligence (AI) to determine the risk of insider trading.
Background Art
[0002] Although there are regulations regarding stock trading in listed companies, insider trading still occurs, and the formality of governance has become an issue. In the conventional management system, it is difficult to predict the timing and content of insider information, and there has been a problem that it is difficult to construct and operate a continuous and strict management system. Also, although there is an internal application process, there has been a recognized issue that it is difficult to grasp the actual situation.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] Prior literature 1 discloses a technology that diagnoses whether a stock trade may constitute insider trading based on the content of emails and other communications sent and received by traders, in light of industry trends they may have been aware of at the time of the trade. However, such technology had limitations in capturing the more complex information relationships and temporal continuity unique to insider trading and objectively and quantitatively assessing the risk. Furthermore, it was difficult to clearly analyze the direct link between access to individual non-public material information and related financial instrument transactions, not just broad information such as industry trends. In addition, since employee information managed by operating companies and financial instrument transaction information managed by financial institutions are usually managed with different identifiers (IDs), no specific mechanism for accurately linking and analyzing this information had been considered.
[0005] This invention has been made in view of the problems of the prior art and prior literature described above, and aims to further enhance the effectiveness of preventing insider trading by companies by utilizing artificial intelligence (AI), particularly technology for extracting and analyzing relationships between data and large-scale language models (LLM), and by introducing a system that links different management IDs for business companies and financial institutions in a user-driven manner, thereby enabling earlier, more accurate, and objective detection of the risk of insider trading by employees within a company. Furthermore, it aims to further strengthen the compliance system within companies, improve operational efficiency, and enhance the effectiveness of preventing insider trading by warning employees of the risk in real time when they attempt to trade financial instruments, and by issuing recommendations to stop trading or notifying relevant parties as necessary. [Means for solving the problem]
[0006] To solve the above problems, an insider trading risk determination system according to one aspect of the present invention is a system that determines the risk of insider trading based on the actions and related information of an employee at a business company and financial instrument trading information of the employee held by a financial institution, comprising: business company data acquisition means for acquiring business company data, which includes at least employee information, corporate event information, and information access logs by the employee, associated with an employee ID managed by the business company; financial behavior data acquisition means for acquiring financial behavior data, which includes at least the financial instrument trading history of the employee, associated with a user ID managed by the financial institution; data integration means for integrating the business company data and the financial behavior data, associating them with the employee based on a pre-established linking relationship between the employee ID and the user ID; first related information processing means for extracting first related information, which includes the date and time of occurrence of a corporate event that the employee may have been involved in and the date and time of the employee's access to information related to the corporate event, based on the integrated data; and The system includes: a second related information processing means for extracting financial instruments traded by the employee and second related information including the date and time of the transaction; a time axis pattern matching means for analyzing the temporal relationship between the first related information and the second related information, and the relationship between the corporate event and the financial instrument, based on the first related information extracted by the first related information processing means and the second related information extracted by the second related information processing means, and matching it with a pre-stored insider trading risk pattern; a risk scoring means for calculating a risk score that quantitatively indicates the risk of insider trading by the employee based on a plurality of evaluation elements including at least the matching result, the importance of the corporate event information, the disclosure status of the corporate event information, the degree of employee involvement, and the trading volume of the financial instrument; a large-scale language model processing means for generating information on insider trading risk based on the risk score and the matching result; and when the employee attempts to execute a financial instrument transaction through a financial instrument trading application, based on the generated information on insider trading risk.The system includes a transaction risk response instruction means that instructs the financial instrument trading application to take appropriate action according to the risks of the financial instrument trading.
[0007] Preferably, the relationship between the employee ID and the user ID referenced by the data integration means is established when the employee manually registers the employee ID managed by the business company and the user ID managed by the financial institution.
[0008] Preferably, the transaction risk response instruction means instructs the financial instrument trading application to display an alert, recommend suspending the execution of the financial instrument transaction, or notify the business company regarding the financial instrument transaction if the risk score exceeds a predetermined threshold. [Effects of the Invention]
[0009] According to this invention, by integrating diverse internal and external information, and particularly by extracting and analyzing the correlation and temporal continuity between employee behavior and financial transactions, it becomes possible to detect insider trading risks with higher accuracy and earlier. Furthermore, by accurately linking information managed with different IDs at business companies and financial institutions through user-initiated linking, the reliability of the analysis is improved. In addition, by quantitatively scoring risks, clearly explaining the rationale using a large-scale language model, and providing real-time warnings and response instructions based on risk information when employees attempt to conduct financial product transactions, the objectivity and efficiency of monitoring operations are improved, the effectiveness of preventing insider trading is significantly enhanced, and a major contribution to strengthening a company's compliance system can be greatly increased. [Brief explanation of the drawing]
[0010] [Figure 1] This is a functional block diagram of an insider trading risk assessment system according to one embodiment of the present invention. [Figure 2] This is an example of a sequence diagram for managing transaction risks related to one embodiment of the present invention. [Figure 3]This is a block diagram showing an example of a computer hardware configuration for implementing an insider trading risk assessment system related to one embodiment of the present invention. [Modes for carrying out the invention]
[0011] (1. System Overview) An insider trading risk assessment system according to one embodiment of the invention (hereinafter referred to as "this system") aims to detect insider trading risks early and with high accuracy by comprehensively analyzing employee behavior and accessible information within a business company (hereinafter referred to as "business company data") and information on the financial instrument transactions of said employees held by a financial institution (hereinafter referred to as "financial behavior data"), and utilizing artificial intelligence (AI), particularly technologies for extracting and analyzing relationships between data (for example, graph RAG (Retrieval Augmented Generation) technology and relationship analysis technology utilizing relational databases) and large-scale language models (LLM). This system contributes to strengthening corporate compliance systems and improving operational efficiency.
[0012] (2. System Configuration) Figure 1 is a functional block diagram of this system. This system mainly consists of a data input unit 100, an ID linkage information management unit 150, a data processing and analysis unit 200, an output unit 300, and a transaction risk response instruction unit 400. These are implemented by one or more computers.
[0013] (2.0. Prerequisites for ID linking) In this system, in order to analyze business company data and financial behavior data in association with individual employees, it is necessary to link employee IDs managed by business companies (hereinafter simply referred to as "employee IDs") with user IDs managed by financial institutions (hereinafter simply referred to as "user IDs"). This is because business company data is managed using employee IDs as the key, and financial behavior data is managed using user IDs as the key. This ID linking is initiated by the employee themselves. Specifically, employees use a dedicated application (for example, a smartphone app or web application; hereinafter referred to as the "linking app") that can communicate with an IT platform service (hereinafter referred to as the "workplace platform") provided or recommended by their business company that enables the linking of employee IDs and user IDs. On the interface of this linking app, employees manually enter and register their business company employee ID and the user ID of the financial institution they use for financial product transactions. The linking app securely stores the entered IDs linked together in the ID linking information management unit 150. The ID Linkage Information Management Unit 150 manages this linkage information and provides it in response to requests from the Data Processing and Analysis Unit 200, specifically the Data Integration and Preprocessing Unit 210, which will be described later. This manual registration and linking by the user ensures reliable ID linkage based on the user's consent.
[0014] (2.1. Data input section 100) The data input unit 100 collects various data necessary for insider trading risk assessment and imports it into the system. Specifically, it includes a business company data acquisition unit 110, a financial behavior data acquisition unit 120, and an external / common knowledge acquisition unit 130.
[0015] The business company data acquisition unit 110 acquires data held by business companies that is associated with employee IDs. This business company data acquisition unit 110 includes, for example, an employee information DB access unit 111, a corporate event information DB access unit 112, and an information access log collection unit 113.
[0016] The Employee Information DB Access Section 111 retrieves information from a database that stores attribute information and personnel information such as employees' names, departments, job titles, project participation histories, job authorities, training attendance histories, contact information, and family compositions, using the employee ID as the key.
[0017] The Corporate Event Information DB Access Section 112 retrieves information from a database that stores information on financial results announcement schedules, the consideration and progress of M&A (mergers and acquisitions), new product and new technology development information, conclusion of important contracts, revisions of earnings forecasts, and other important facts that may affect stock prices (including the dates and times of these information). These information may include material non-public information that could be the subject of insider trading.
[0018] The Information Access Log Collection Section 113 collects access logs (including access dates and times) to various information systems by employees, associating them with the employee ID. For example, it collects send and receive logs of email systems (e.g., Microsoft Outlook), business chat systems (e.g., Mattermost, Slack), video conferencing systems (e.g., Zoom, Microsoft Teams), meeting records, access and editing histories of electronic files on the company's file server and cloud storage (e.g., documents containing confidential information, presentation materials), and business card exchange information from the business card management system. These logs are important clues for identifying when and what information employees have accessed.
[0019] The Financial Behavior Data Acquisition Section 120 acquires data on the financial behavior of employees associated with the user ID from partner financial institutions, etc. This Financial Behavior Data Acquisition Section 120 includes, for example, the Financial Product Transaction History DB Access Section 121 and the Insider Registration Information DB Access Section 122.
[0020] The Financial Product Transaction History DB Access Unit 121 retrieves information from a database that stores transaction histories of financial products such as stocks, bonds, and investment trusts, including transaction dates and times, stock names, quantities, prices, and order types, etc., by employees (or their registered related persons, such as spouses and cohabiting family members, etc.), using the user ID as a key.
[0021] The Insider Registration Information DB Access Unit 122 retrieves information on stocks for which an employee is registered as an insider of the company, in association with the user ID.
[0022] The External / Common Knowledge Acquisition Unit 130 acquires external information and common knowledge useful for risk determination. This External / Common Knowledge Acquisition Unit 130 includes, for example, the Corporate Disclosure Information DB Access Unit 131 and the Compliance Knowledge Base Access Unit 132.
[0023] The Corporate Disclosure Information DB Access Unit 131 retrieves information from a database that stores information that is generally publicly available, such as the company's IR (Investor Relations) information, press releases, timely disclosure information, etc. These information are used to determine whether the information accessed by employees has already been publicly disclosed.
[0024] The Compliance Knowledge Base Access Unit 132 retrieves information from a knowledge base that stores laws and regulations regarding insider trading restrictions, past insider trading cases, typical risk patterns, guidelines of the Financial Services Agency, etc., and internal compliance regulations, etc., as structured data or unstructured data. This knowledge base is used for matching risk patterns and presenting the basis for determination.
[0025] (2.2. Data Processing and Analysis Unit 200) The data processing and analysis unit 200 is the core of this system, processing and analyzing data taken in from the data input unit 100 to determine insider trading risk. Specifically, it comprises a data integration and preprocessing unit 210, a related information processing unit 220, an information matching and pattern analysis unit 230, a risk scoring unit 240, and a large-scale language model (LLM) processing unit 250.
[0026] The data integration and preprocessing unit 210 integrates business company data and financial behavior data collected from each part of the data input unit 100, by referring to the linking information between employee IDs and user IDs obtained from the ID linkage information management unit 150, and associating it with individual employees. This allows business company data and financial behavior data related to a specific employee to be handled in a unified manner. Subsequently, the integrated data in various formats is matched and normalized, and formatted into an analyzable format. In particular, for text data (e.g., email bodies, chat content, meeting minutes, document file contents, etc.), an Embedding model 211 (e.g., a multilingual pre-trained model such as Embed Multilingual) is used to convert it into a high-dimensional vector representation (distributed representation) that reflects the semantic content of the text. This vectorization makes it possible to search and compare semantically similar texts.
[0027] The related information processing unit 220 extracts information necessary to analyze the relevance of insider trading using data that has been integrated and preprocessed for each employee by the data integration and preprocessing unit 210. This related information processing unit 220 includes a first related information processing unit 221 and a second related information processing unit 222.
[0028] The first related information processing unit 221 extracts first related information based on the integrated data, including the date and time of a corporate event in which an employee may have been involved, and the date and time of the employee's access to information related to that corporate event. For example, from employee information, corporate event information, and information access logs, it extracts information in chronological order, such as when a specific employee accessed confidential information (e.g., meeting materials, emails) related to an undisclosed corporate event (e.g., a planned new product announcement, an M&A consideration) that could affect stock prices, under circumstances where the employee could recognize the date and time of the event (or planned announcement), the event was to occur. This extracted first related information may be stored in a database (e.g., a relational database or a graph database) for later analysis.
[0029] The second related information processing unit 222 extracts second related information, including the financial instruments traded by employees and the date and time of those transactions, based on the integrated data. For example, it extracts information from the financial instrument transaction history such as which securities a particular employee traded, when, and in what quantity. This extracted second related information may be stored in a database for later analysis. This extracted related information enables efficient analysis of complex relationships and temporal continuity between entities.
[0030] The information matching and pattern analysis unit 230 analyzes signs of insider trading using the first related information extracted by the first related information processing unit 221, the second related information extracted by the second related information processing unit 222, and various knowledge acquired from the external / common knowledge acquisition unit 130. This information matching and pattern analysis unit 230 includes an internal information primary determination unit 231, a public information matching unit 232, an internal information secondary determination unit 233, and a time axis / pattern matching unit 234.
[0031] The internal information primary determination unit 231 refers to the first related information and extracts undisclosed important information (potential internal information) that may be related to corporate events from the information accessed by the employee. For example, it can target information containing specific keywords (e.g., "M&A," "earnings revision," "new technology") or information with restricted access permissions.
[0032] The public information matching unit 232 compares public information such as corporate IR information and press releases obtained from the corporate public information DB access unit 131 with potential internal information extracted by the internal information primary determination unit 231 to determine whether the information has already been made public. This matching process uses methods such as text similarity calculation and date comparison.
[0033] The internal information secondary determination unit 233 excludes information that has already been determined to be public based on the results of the public information matching unit 232, and identifies material information that is highly likely to be truly undisclosed. This identified information is treated as information that may fall under the category of "undisclosed material facts" under insider trading regulations. The disclosure status of this information (e.g., completely undisclosed, partially reported but unconfirmed, etc.) becomes one of the important evaluation factors in subsequent risk scoring.
[0034] The time axis / pattern matching unit 234 analyzes the temporal relationship between the first and second related information and the relationship between the corporate event and the financial product, based on the first related information extracted by the first related information processing unit 221 (e.g., the date and time of occurrence of a corporate event and the date and time of information access) and the second related information extracted by the second related information processing unit 222 (e.g., the date and time of trading of a financial product), and compares it with a pre-stored insider trading risk pattern. For example, it evaluates whether the information access date and time is before the financial product trading date and time and whether the time difference is within a predetermined range, or whether a transaction was conducted immediately before the scheduled date and time of public announcement of the corporate event. It also evaluates the relationship between the content of the information accessed by the employee (type and importance of the corporate event) and the securities of the financial product traded (e.g., company stock, affiliate stock, customer stock, etc.). Furthermore, it compares these observed employee behavior patterns and information relationships with typical insider trading risk patterns and past insider trading cases obtained from the compliance knowledge base access unit 132.
[0035] The risk scoring unit 240 calculates the risk of insider trading by an employee as a quantitative score (risk score) based on the analysis results of the information matching and pattern analysis unit 230. The evaluation factors considered in calculating this risk score include, but are not limited to, the following: (a) Importance of the information: A predefined importance level according to the nature of the accessed corporate event information (e.g., M&A information, unreleased financial results, important information on new technologies, etc.). (b) Disclosure status of the information: The degree of disclosure of the information based on the matching results by the public information matching unit 232. (c) Degree of employee involvement: The probability and influence of access to the information, determined from the employee's position, role in the project, and whether or not they have legitimate access rights to the information. (d) Temporal proximity: The time difference between the date and time of information access and the date and time of the financial instrument transaction. The smaller this difference, and the earlier the information access occurs before the transaction, the higher the risk may be considered. (e) Scale and frequency of the transaction: The quantity and amount of the financial instruments traded. Transactions that are unusually large compared to an employee's normal trading patterns, or concentrated transactions at specific times, may be considered high-risk. (f) Pattern similarity: Similarity to past insider trading cases accumulated in compliance knowledge or to defined high-risk trading patterns.
[0036] These evaluation elements (a) through (f) (or subsets thereof or other related elements) can be weighted in advance based on expert insights and historical data analysis, and their sum (weighted sum) can be calculated as a risk score. Alternatively, a machine learning model (e.g., a classification or regression model using logistic regression, support vector machines, gradient boosting trees, or neural networks) can be pre-trained using these evaluation elements as input features, and this pre-trained model can be used to calculate the risk score as a predicted value. In addition to LLM and Embedding models, other AI models specialized for specific tasks may also be used.
[0037] The Large-Scale Language Model (LLM) processing unit 250 generates information on insider trading risk in a human-readable format based on the calculated risk score and the information that forms the basis of the determination. This LLM processing unit 250 includes a context generation unit 251 and an LLM 252 (e.g., Command R+).
[0038] The context generation unit 251 further organizes and formats the risk score calculated by the risk scoring unit 240 and the information on which it is based, using the relevance information extracted by the first relevance information processing unit 221 and the second relevance information processing unit 222. This not only extracts keywords, but also generates structured information (for example, "The undisclosed information X accessed by employee A concerns an M&A deal of the parent company of trading stock Y, and the period from the access date to the transaction date is Z days") as a context (prompt) suitable for input to LLM, based on the extracted relevance information. This process is based on the RAG concept and searches and utilizes external knowledge (in this case, extracted relevance information) to enable LLM to generate more accurate and well-founded information.
[0039] Based on the rich context provided by the context generation unit 251, LLM252 generates detailed natural language explanations of insider trading risks, warning messages for monitors (e.g., specific points to check, reasons for recommending further investigation), draft cautionary statements for employees, or recommended countermeasures (e.g., recommendations for temporary trading suspension, conducting interviews by the compliance department). By utilizing LLM, it becomes possible to not only present risk scores but also to clearly communicate the background and potential problems.
[0040] (2.3. Output section 300) The output unit 300 has the function of presenting the judgment results and analysis information from the data processing and analysis unit 200 to the user (for example, a company's compliance officer, the employee in question, or their supervisor). This output unit 300 includes a notification and alert unit 310 and a report and dashboard display unit 320. This output unit is primarily intended for use by compliance officers and others after an incident occurs or for periodic monitoring.
[0041] The notification and alert unit 310 sends warning notifications and alerts to relevant parties (mainly compliance officers and supervisors) via email, chat messages, or push notifications on a dedicated application when the risk score calculated by the risk scoring unit 240 exceeds a predetermined threshold. The notification content can include an overview of the risk generated by LLM252 and recommended actions.
[0042] The report / dashboard display unit 320 visually displays risk assessment results, risk scores, specific information that formed the basis of the assessment (e.g., logs of relevant information access, transaction history, a visualized portion of extracted relevant information), and detailed explanations and recommended countermeasures generated by LLM252, in a report format or on an interactive web-based dashboard. Through the dashboard, users can drill down to view details of the risk and explore related information.
[0043] (2.4. Transaction Risk Response Instruction Unit 400) The Transaction Risk Response Instruction Unit 400 has the function of evaluating insider trading risk in real time when an employee attempts to execute a financial instrument transaction (e.g., a buy or sell order for stocks) via a financial instrument trading application (e.g., a smartphone app or web trading platform provided by a securities company; hereinafter referred to as the trading app), and instructing the trading app to take appropriate action based on the results. When an employee enters a trading order on the trading app, the trading app sends transaction information such as the trader (user ID), trading instrument, transaction type, and quantity to the Transaction Risk Response Instruction Unit 400 before executing the transaction, and requests a risk assessment. The Transaction Risk Response Instruction Unit 400 transmits the received transaction information to the Information Matching and Pattern Analysis Unit 230 in a format that can be extracted by the Second Related Information Processing Unit 222. The Information Matching and Pattern Analysis Unit 230 transmits the analysis results, which include the temporal relationship between the first related information extracted by the First Related Information Processing Unit 221 and the second related information extracted from the received transaction information, to the Risk Scoring Unit 240. Based on the received analysis results, the Risk Scoring Unit 240 calculates the risk of insider trading by an employee as a quantitative score (risk score) and transmits the calculated risk score and the information on the basis for the determination to the LLM Processing Unit 250 (or transmits the risk score to the Transaction Risk Response Instruction Unit 400). Based on the received risk score and the information on the basis for the determination, the LLM Processing Unit 250 generates the latest insider trading risk information (risk score, risk basis, explanation by LLM, etc.) regarding the employee and the traded securities and transmits it to the Transaction Risk Response Instruction Unit 400. Based on the insider trading risk information (or risk score) received from the LLM Processing Unit 250 (or Risk Scoring Unit 240), the Transaction Risk Response Instruction Unit 400 determines the insider trading risk of the transaction. Based on the determination result, the Transaction Risk Response Instruction Unit 400 instructs the trading application to take the following actions: (a) If the risk is low: Allow the execution of the transaction. (b) If the risk is moderate: A warning message will appear on the trading app screen (e.g., "This trade may be suspected of being insider trading. Please review the details.")(c) If the risk is high: A strong warning message (e.g., "This trade cannot be executed because it carries a very high risk of insider trading.") is displayed on the trading app screen, and the user is instructed to temporarily suspend or prohibit the execution of the trade. At the same time, the notification and alert unit 310 is coordinated to immediately notify the compliance officer or supervisor of the business company that the employee has attempted a high-risk trade. (d) Post-trade notification: Regardless of the degree of risk, or if a trade is executed in which a certain level of risk is detected, the system can also instruct the compliance officer of the business company to retrospectively notify them of the details of the trade (date and time, security, quantity, etc.) and related risk information.
[0044] The operation of this transaction risk response instruction unit 400 is expected to have the effect of preventing employees from unintentionally engaging in transactions that may constitute insider trading, immediately before the transaction is executed.
[0045] (3. Example of a processing flow) Next, an example of the processing flow for insider trading risk determination in this system, as shown in Figure 1, will be explained. (Step S1) Through the linked application, employees register their employee ID and the financial institution's user ID, and the linked information is stored in the ID Linkage Information Management Unit 150. (Step S2) The business company data acquisition unit 110 of the data input unit 100 acquires business company data such as employee information, corporate event information, and information access logs from various DBs and systems within the business company. (Step S3) The financial behavior data acquisition unit 120 of the data input unit 100 acquires financial behavior data such as financial product transaction history and insider registration information from the partner financial institution's DB. (Step S4) The external / common knowledge acquisition unit 130 of the data input unit 100 acquires relevant information from the corporate public information DB and compliance knowledge base. (Step S5) The data integration and preprocessing unit 210 of the data processing and analysis unit 200 integrates the various data acquired in steps S2 to S4 for each employee and performs preprocessing (including embedding) based on the information from the ID linkage information management unit 150. (Step S6) The first related information processing unit 221 of the related information processing unit 220 extracts first related information (corporate event occurrence date and time, information access date and time, etc.) based on business company data. (Step S7) The second related information processing unit 222 of the related information processing unit 220 extracts second related information (financial instrument transaction date and time, etc.) based on financial behavior data. (Step S8) The information matching and pattern analysis unit 230 uses the extracted first and second related information, public information, and compliance knowledge to perform information matching (internal information primary determination, public information matching, internal information secondary determination) and time axis / pattern matching. (Step S9) The risk scoring unit 240 calculates an insider trading risk score based on the matching results from step S8 and various evaluation elements. (Step S10) The context generation unit 251 of the LLM processing unit 250 extracts relevant information from the risk score and extracted relevant information and generates a context for LLM. (Step S11) The LLM 252 of the LLM processing unit 250 generates an explanation of insider trading risk and recommended countermeasures based on the generated context.(Step S12) The notification / alert unit 310 and report / dashboard display unit 320 of the output unit 300 notify or display the risk score, LLM generation content, and related information to users, mainly compliance officers and supervisors. (Step S13) (Risk response during transactions) When an employee attempts to execute a financial instrument transaction using the trading application, the trading application requests a risk assessment from the risk response instruction unit 400. The risk response instruction unit 400 transmits the transaction information received from the trading application to the information matching / pattern analysis unit 230, and in response, evaluates the risk of the transaction based on the latest risk information obtained from the LLM processing unit 250 (or risk scoring unit 240), and instructs the trading application to take action such as displaying an alert, recommending that the transaction be stopped, or notifying the business company, depending on the result.
[0046] Figure 2 shows an example of a sequence diagram for transaction risk response according to one embodiment of the present invention. (S201) An employee (user) operates a financial instrument trading application (trading app) and inputs a financial instrument transaction (e.g., a stock buy / sell order). (S202) The trading app sends the transaction order information to the transaction risk response instruction unit 400 in the insider trading risk determination system and requests a risk assessment. This includes information such as the user ID, the trading security, and the trading volume. (S203) The transaction risk response instruction unit 400 obtains the latest insider trading risk information (risk score, supporting information, etc.) (or risk score) related to the user ID and the trading security from the data processing and analysis unit 200 (LLM processing unit 250 (or risk scoring unit 240)). (S204) The transaction risk response instruction unit 400 determines the insider trading risk of the transaction based on the obtained insider trading risk information (or risk score). (S205) The transaction risk response instruction unit 400 returns the judgment result (risk level) to the transaction application. (S206) The transaction application displays an alert to the employee, prompts them to cancel the transaction, or executes the transaction, depending on the received risk level. (S207) If the risk is determined to be high, or if a transaction that meets the specified conditions is performed, the transaction risk response instruction unit 400 notifies the compliance officer of the business company, etc. (for example, via the notification / alert unit 310 of the output unit 300).
[0047] (4. Multi-tenant architecture) This system is intended to be provided as a service to multiple business companies (tenants) and can adopt a multi-tenant architecture. In this case, data processing components such as the data input unit 100, data integration / preprocessing unit 210, and related information processing unit 220 process data logically or physically separated for each tenant. This prevents data from being accessed or mixed with data from one business company by another, ensuring data confidentiality and independence. Furthermore, it is desirable that the insider trading risk patterns referenced by the information matching / pattern analysis unit 230, the weighting of evaluation elements in the risk scoring unit 240, and the notification conditions and recipients of the notification / alert unit 310 be customizable for each tenant to match their business content, internal regulations, and compliance policies. This enables more effective risk management tailored to the unique circumstances of each business company. The prompts and knowledge referenced by the LLM processing unit 250 can also be adjusted for each tenant.
[0048] (5. Effects of this embodiment) The insider trading risk assessment system according to this embodiment provides the following remarkable effects: (a) High-precision risk detection: By integrating diverse internal information (employee information, corporate events, information access logs), financial behavior information, and external knowledge, and by efficiently extracting and analyzing the relationship and temporal continuity between employee behavior and financial transactions, it is possible to detect signs of insider trading with higher accuracy than conventional methods. Semantic understanding of text information by the Embedding model also contributes to improved accuracy. (b) Objective and explainable judgment: The risk of insider trading is quantitatively evaluated by risk scoring, and the basis for the judgment is explained concretely in natural language that is easy for humans to understand using LLM and RAG technologies, thereby improving the objectivity and transparency of monitoring operations and supporting the judgment of those in charge. (c) Improved preventative effect through real-time intervention during transactions: At the very moment an employee is about to execute a financial product transaction, the insider trading risk information calculated by this system is used, and if the risk is high, an alert is displayed directly on the trading application or a recommendation to stop trading is issued. This makes it possible to prevent accidental insider trading by employees at the outset, significantly improving the effectiveness of insider trading prevention. (d) Streamlining and enhancing compliance operations: By detecting potential risks early and clearly presenting their importance and rationale, compliance officers can concentrate their limited resources on higher-risk cases, significantly improving the efficiency of investigations and responses. In addition, pre-transaction checks and immediate notification to business companies as needed reduce the burden of post-incident responses and support more proactive compliance activities. (e) Improved scalability and flexibility: By building as a cloud-based system and adopting a multi-tenant architecture, it can flexibly accommodate deployment to large companies with many employees and to multiple group companies. The customizability of risk patterns and evaluation criteria also enables adaptation to diverse industries and corporate cultures. (f) Increased added value through integration with work platform: By linking IDs through applications on work platform that employees use on a daily basis, employee convenience is enhanced and the barrier to system implementation is lowered.Furthermore, the platform can be expected to facilitate the development of ancillary services, such as providing information and distributing educational content to improve compliance awareness.
[0049] (6. Other variations) The present invention is not limited to the embodiments described above, and various modifications are possible without departing from its spirit. For example, instead of using a machine learning model, the risk scoring unit 240 could employ a more complex combination of rule-based judgment logic. Furthermore, the explanatory text and recommended countermeasures generated by the LLM processing unit 250 can be further customized based on the company's compliance policy and past response cases. The types of logs collected by the information access log collection unit 113 can be added or changed according to the system environment of the business company. The transaction risk response instruction unit 400 can be applied not only to linking with trading applications but also to other financial instrument transaction-related processes, such as stock purchase request applications on internal systems. Moreover, this system can be applied not only to determining insider trading risk but also to detecting information leakage risk and other compliance violation risks.
[0050] (7. Hardware Configuration) Figure 3 is a block diagram showing an example of a computer hardware configuration for realizing an insider trading risk determination system 1 (a computer system including the functional units shown in Figure 1) according to each embodiment of the present invention. The computer shown in Figure 3 includes a CPU (Central Processing Unit) 501, main memory (RAM: Random Access Memory) 502, auxiliary storage (e.g., HDD (Hard Disk Drive) or SSD (Solid State Drive)) 503, input devices (e.g., keyboard, mouse, touch panel, etc.) 504, output devices (e.g., display, printer, etc.) 505, and a communication interface (e.g., NIC (Network Interface Card)) 506. It may also include a GPU 501a (Graphics Processing Unit) (not shown). These components are interconnected via a bus 507.
[0051] The auxiliary storage device 503 stores a program (for example, a program module that implements each functional unit shown in Figure 1) that allows the computer to function as the insider trading risk determination system of the present invention. The auxiliary storage device 503 may also store various data and databases necessary for processing, such as business company data, financial behavior data, external and common knowledge, ID linkage information, extracted relevance information, risk scores, and information generated by the LLM.
[0052] When the insider trading risk assessment system processes, the program stored in the auxiliary storage device 503 is loaded into the main memory device 502, and the CPU 501 or GPU 501a executes the program on the main memory device 502, thereby realizing the processing of each functional unit shown in Figure 1 (data input unit 100, data processing / analysis unit 200, output unit 300, trading risk response instruction unit 400, etc.). The input device 504 is used, for example, for inputting operation instructions and setting values by compliance officers, or (indirectly) for inputting ID registration information by employees via a linked application. The output device 505 is used for displaying analysis results by the report / dashboard display unit 320, or for displaying alerts by the notification / alert unit 310 (for example, on the administrator's terminal screen). The communication interface 506 is used to communicate data with external databases (e.g., business company databases, financial institution databases, public information databases), employee terminals running linked applications, systems running financial product trading applications, compliance officer terminals, etc., via a network (e.g., the internet, LAN, WAN, etc.) 508.
[0053] The insider trading risk assessment system of the present invention may be implemented on a single computer, or as a distributed system in which multiple computers cooperate via a network. For example, the server that collects data, the server that performs analysis processing, the dedicated server that performs LLM processing, and the database server may each be on physically different computers. It is also possible to implement each function on a virtual machine or container using a cloud computing environment. [Explanation of Symbols]
[0054] 100 Data Entry Department 110 Business Company Data Acquisition Department 111 Employee Information DB Access Department 112 Corporate Event Information DB Access Department 113 Information Access Log Collection Department 120 Financial Behavior Data Acquisition Department 121 Financial Instrument Transaction History DB Access Department 122 Insider Registration Information DB Access Department 130 External / Common Knowledge Acquisition Department 131 Corporate Public Information DB Access Department 132 Compliance Knowledge Base Access Department 150 ID Linkage Information Management Department 200 Data Processing / Analysis Department 210 Data Integration / Preprocessing Department 211 Embedding Model 220 Related Information Processing Department 221 First Related Information Processing Department 222 Second Related Information Processing Department 230 Information Matching / Pattern Analysis Department 231 Internal Information Primary Determination Department 232 Public Information Matching Department 233 Internal Information Secondary Determination Department 234 Time Axis / Pattern Matching Department 240 Risk Scoring Department 250 Large-scale Language Model (LLM) processing unit 251 Context generation unit 252 LLM 300 Output unit 310 Notification / alert unit 320 Report / dashboard display unit 400 Trading risk response instruction unit 501 CPU 501a GPU 502 Main memory (RAM) 503 Secondary storage (HDD, SSD) 504 Input device 505 Output device 506 Communication interface 507 Bus 508 Network
Claims
1. An insider trading risk determination system that determines the risk of insider trading based on the actions and related information of an employee at a business company and financial instrument trading information of the employee held by a financial institution, comprising: business company data acquisition means for acquiring business company data which includes at least one of employee information, corporate event information, and information access logs by the employee, associated with an employee ID managed by the business company; financial behavior data acquisition means for acquiring financial behavior data which includes at least the employee's financial instrument trading history, associated with a user ID managed by the financial institution; data integration means for integrating the business company data and the financial behavior data by associating them with the employee based on a pre-established linking relationship between the employee ID and the user ID; first related information processing means for extracting first related information which includes the date and time of occurrence of a corporate event in which the employee may have been involved and the date and time of the employee's access to information related to the corporate event, based on the integrated data; and second related information processing means for extracting second related information which includes financial instruments traded by the employee and the date and time of the transaction, based on the integrated data. A time axis / pattern matching means analyzes the temporal relationship between the first and second related information and the relationship between the corporate event and the financial product based on the first related information extracted by the first related information processing means and the second related information extracted by the second related information processing means, and matches it with a pre-stored insider trading risk pattern; a risk scoring means calculates a risk score that quantitatively indicates the risk of insider trading by the employee based on the matching result, an evaluation element including at least one of the importance of the corporate event information, the disclosure status of the corporate event information, the degree of employee involvement, and the trading volume of the financial product; and a large-scale language model processing means generates information regarding insider trading risk based on the risk score and the matching result.An insider trading risk determination system comprising: a transaction risk response instruction means that, when the employee attempts to execute a financial instrument transaction via a financial instrument transaction application, instructs the financial instrument transaction application to take appropriate action based on the generated insider trading risk information; and
2. An insider trading risk determination system according to claim 1, characterized in that the linking relationship between the employee ID and the user ID referenced by the data integration means is established by the employee manually registering the employee ID managed by the business company and the user ID managed by the financial institution on an application that can communicate with the workplace platform.
3. An insider trading risk determination system according to claim 1 or 2, wherein the transaction risk response instruction means instructs the financial instrument trading application to display an alert, recommend the execution of the financial instrument trading, or notify the business company regarding the financial instrument trading when the risk score exceeds a predetermined threshold.
4. An insider trading risk determination system according to any one of claims 1 to 2, wherein the business company data acquisition means acquires at least one of the following as information access logs by the employee: email, business chat, video conference logs, and access history to electronic files; and the first related information processing means compares the potential inside information extracted from the information access logs with IR information or press releases made public by the company, and includes information determining the public status of the corporate event information in the first related information.
5. An insider trading risk determination system according to any one of claims 1 to 2, wherein the risk scoring means either assigns predetermined weights to the plurality of evaluation elements and calculates the sum of these weights as the risk score, or calculates the risk score using a pre-trained machine learning model that uses the plurality of evaluation elements as input features.
6. An insider trading risk determination system according to any one of claims 1 to 2, wherein the large-scale language model processing means extracts information that forms the basis for calculating the risk score from the first related information extracted by the first related information processing means and the second related information extracted by the second related information processing means, inputs the extracted information as context into the large-scale language model, and generates an explanation or recommended countermeasures regarding the insider trading risk.
7. An insider trading risk determination system according to any one of claims 1 to 2, comprising a multi-tenant architecture for providing the insider trading risk determination system as a service to multiple business companies, wherein the business company data acquisition means, the financial behavior data acquisition means, the data integration means, the first related information processing means, and the second related information processing means process data separately for each tenant, and the insider trading risk pattern referenced by the time axis / pattern matching means is customizable for each tenant.
8. An insider trading risk determination method for determining the risk of insider trading based on the actions and related information of an employee at a business company and financial instrument trading information of the employee held by a financial institution, comprising: a business company data acquisition step in which a computer acquires business company data including at least one of employee information, corporate event information, and information access logs by the employee, associated with an employee ID managed by the business company; a financial behavior data acquisition step in which a computer acquires financial behavior data including at least the employee's financial instrument trading history, associated with a user ID managed by the financial institution; a data integration step in which the business company data and the financial behavior data are integrated in association with the employee based on the linkage relationship between the employee ID and the user ID established by the employee manually registering on an application that can communicate with the workplace platform; and a first related information processing step in which, based on the integrated data, first related information including the date and time of occurrence of a corporate event in which the employee may have been involved and the date and time of the employee's access to information related to the corporate event. A second related information processing step extracts financial instruments traded by the employee and second related information including the date and time of the transaction, based on the integrated data; a time axis / pattern matching step analyzes the temporal relationship between the first related information and the second related information, and the relationship between the corporate event and the financial instrument, based on the first related information extracted by the first related information processing step and the second related information extracted by the second related information processing step, and matches it with a pre-stored insider trading risk pattern; a risk scoring step calculates a risk score that quantitatively indicates the risk of insider trading by the employee based on the matching result, evaluation elements including the importance of the corporate event information, the disclosure status of the corporate event information, the degree of employee involvement, and the trading volume of the financial instrument; and a large-scale language model processing step that generates information regarding insider trading risk based on the risk score and the matching result.An insider trading risk determination method characterized by performing the following steps when the employee attempts to execute a financial instrument transaction via a financial instrument transaction application: a transaction risk response instruction step which instructs the financial instrument transaction application to take appropriate action based on the generated insider trading risk information.
9. A program for causing a computer to execute the insider trading risk determination method described in claim 8.