DESC:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE AFTER PROVISIONAL SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:
SYSTEM AND METHOD FOR LEGAL RISK MANAGEMENT

Applicant:
Legasis Private Limited
Having address as:
12A/09, 13TH FLOOR, PARINEE CRESENZO,
G BLOCK, BKC, BANDRA EAST, Mumbai - 400051,
MAHARASHTRA, India

The following specification particularly describes the invention and the manner in which it is to be performed.

CROSS REFERENCE TO RELATED APPLICATION AND PRIORITY
[001] The present invention claims priority from Indian patent application 202321067666 filed on date 09th October 2023. The application was post-dated and now the priority date of the application is 28th October 2023.
TECHNICAL FIELD
[001] The present subject matter generally relates to a system and method for assessing risk, particularly risks associated with compliance with various laws, regulations, standards, and codes of conduct. More specifically, it pertains to a system and method for legal risk management within an organization, aimed at monitoring the status of compliance obligations.
BACKGROUND
[002] In recent years, organizations have faced heightened regulatory scrutiny and increased legal liability for non-compliance with legal obligations. Businesses, corporate entities, organizations, enterprises, and individuals are either (a) responsible and liable for compliance requirements arising from statutory, regulatory, and other legal standards, norms, benchmarks, and similar obligations (collectively referred to as "Compliance Requirements"); or (b) voluntarily commit to additional standards or practices (referred to as "Compliance Commitments"). Together, these Compliance Requirements and Compliance Commitments are termed "Compliance Obligations." Organizations today face significant challenges due to growing transparency, interconnectedness, operational complexity, and the demands of digital reporting.
[003] This environment has increased the demand within organizations and among compliance professionals for computer-implemented systems to manage compliance and assess risks associated with non-compliance. Organizations continue to seek systems capable of capturing granular levels of detail and performing complex operations to provide high-quality analytical results.
OBJECTS OF THE INVENTION
[004] The primary objective of the present disclosure is to provide a system for assessing risks, particularly those associated with compliance with various laws, regulations, standards, and codes of conduct.
[005] Another objective of the present disclosure is to enable legal risk management within an organization by monitoring the status of compliance obligations.
[006] Yet another objective of the present disclosure is to provide a risk-based dashboard for monitoring an organization’s compliance obligations
SUMMARY
[007] Before the present system and method are described, it is to be understood that this application is not limited to the particular device, machine or an apparatus, and methodologies described, as there can be multiple possible embodiments that are not expressly illustrated in the present disclosures. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present application. This summary is provided to introduce aspects related to a system for legal risk management by monitoring the status of compliance obligations, and the aspects are further elaborated below in the detailed description. This summary is not intended to identify essential features of the proposed subject matter nor is it intended for use in determining or limiting the scope of the proposed subject matter.
[008] The present subject matter described herein, in general, relates to a system and method for assessing risk, such as risk associated with compliance with various laws, regulations, standards and code of conduct.
[009] The present subject matter describes the system and the method for legal risk management within an organization by monitoring the status of compliance obligations.
[0010] The present subject matter describes risk-based classification to assess impact to business continuity, brand or Key Management Personnel (KMP).
[0011] The present subject matter describes system generated risk-based dashboard for monitoring the status of compliance obligations for an organization. In one embodiment the system dashboard maybe referred to as ‘Risk-o-meter’.
[0012] In one implementation, a system for legal risk management is illustrated. The system may comprise a mobile/ web interface for receiving a query from a user. The query may comprise one or more of a legal tasks. The system may further comprise a business logic layer for categorizing the data associated with the legal risks associated with the query. The system may further comprise a database for storing legal solutions, risk matrix and impact. The system may search the database to extract relevant data related to the user’s query. The system may further generate a response for the query based on the relevant data extracted from the database, thereby providing assistance for risk management.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The foregoing summary, as well as the following detailed description of embodiments, is better understood when read in conjunction with the appended drawing. For the purpose of illustrating the disclosure, there is shown in the present document example constructions of the disclosure, however, the disclosure is not limited to the specific methods and apparatus disclosed in the document and the drawing:
[0014] The detailed description is described with reference to the accompanying figure. In the figure, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawing to refer like features and components.
[0015] Figure 1 illustrates an architecture of a system for providing legal risk management.
[0016] Figure 2 illustrates a flowchart for a method (200) to facilitate legal risk management.
[0017] The figure depicts various embodiments of the present disclosure for purposes of illustration only. One skilled in the art will readily recognize from the following discussion that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the disclosure described herein.
DETAILED DESCRIPTION
[0018] Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words "comprising", “having”, and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present disclosure, the exemplary, systems and methods are now described. The disclosed embodiments are merely exemplary of the disclosure, which may be embodied in various forms.
[0019] Referring now to Figure 1, the architecture of a system for providing legal risk management is illustrated in accordance with an embodiment of the present subject matter.
[0020] In one embodiment, as shown in Figure 1, the system may include at least one processor, an input/output (I/O) interface, memory, and a database (not shown), configured within a distributed networking environment. The processor can consist of one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuits, or other devices that process signals based on operational instructions. Among other capabilities, the processor can fetch and execute computer-readable instructions stored in memory.
[0021] The I/O interface may include various software and hardware interfaces, such as a web interface, a graphical user interface, and others. Referred to as the user interface (102), the I/O interface allows the system to interact with the user directly or via a user device. Furthermore, the I/O interface enables communication with other computing devices, including web servers and external data servers (not shown). It supports multiple types of communication across a wide range of network protocols, including wired networks (e.g., LAN, cable) and wireless networks (e.g., WLAN, cellular, or satellite). The I/O interface may include one or more ports to connect various devices or servers.
[0022] The memory may include any computer-readable medium known in the art, such as volatile memory (e.g., SRAM and DRAM) and/or non-volatile memory (e.g., ROM, erasable programmable ROM, flash memory, hard disks, optical disks, and magnetic tapes). The memory may contain modules and data.
[0023] The modules may include routines, programs, objects, components, data structures, and similar elements that perform specific tasks, functions, or implement particular abstract data types. Other modules may include programs or coded instructions that support applications and system functions.
[0024] The data, among other purposes, serve as a repository for information processed, received, and generated by the modules. This data may include a repository of information generated by the execution of one or more modules. The data may be transmitted using the HyperText Transfer Protocol Secure (HTTPS) protocol and protected using a Secure Sockets Layer (SSL) certificate, establishing an encrypted connection to prevent unauthorized access. Additionally, authentication is provided by mechanisms such as Active Directory (AD), Lightweight Directory Access Protocol (LDAP), or Single Sign-On (SSO) using Secure Assertion Markup Language (SAML 2.0), as specified by the client.
[0025] In one implementation, a user may access the system via the I/O interface. The user may need to register through the interface to use the system and can subsequently access the interface to retrieve information, input data, or configure the system. The system may include a mobile or web interface.
[0026] In one embodiment, the system is composed of multiple technology building blocks, such as Java, Spring, React JS, SQL Server, AWS (Amazon Web Services), an NLP (Natural Language Processing) engine, and an AI/ML (Artificial Intelligence/Machine Learning) engine.
[0027] In one embodiment, the system is developed using Java technologies and AWS for client interface and deployment.
[0028] In another implementation, the system for legal risk management includes a user interface (102) that receives queries from users. The query may relate to one or more legal tasks. The system further comprises a business logic layer for categorizing data associated with the legal risks tied to the query. A database within the system stores legal solutions, a risk matrix, and impact metrics. The system can search the database to extract relevant information related to the user’s query and generate a response based on the data retrieved, thereby aiding in risk management.
[0029] In one embodiment, the system includes a risk-based dashboard, termed the "Risk-o-meter," for real-time monitoring of compliance obligations. The Risk-o-meter assigns risk ratings at the obligation level, considering factors such as compliance, non-compliance, and delayed compliance (whether curable or incurable) required by the organization. The Risk-o-meter’s indicator reflects these ratings based on compliance status and associated risks.
[0030] In an embodiment, the system defines five levels of risk, with an initial interval set at 20. The maximum score may be set at 100, while the minimum score is set at 20.
[0031] For delayed reporting, the system may assign a 10-point interval when compliance is met on time, as this represents a lower risk. However, delays in reporting may impair internal tracking and real-time dashboard updates. Thus, the minimum score is set at 10, and the maximum score at 50—half the upper risk scores.
[0032] The following table more specifically shows the logic for the Risk-o-meter dashboard. In an embodiment, N may be the number of ratifications allowed by the regulators.
Status Complied Delayed Reported Delayed Compliance (DC) Not Complied (NC) SCN (Show Cause Notice) Received
Ratification Loop Without Ratification With Ratification
Probability of NC Occurrence DC >N times* DC <=N times** DC >N times DC <=N times
Super Critical 0 50 100 50 100
50
100 100
Critical 0 40 80 40 80 40 100 100
High 0 30 60 30 60 30 100 100
Medium 0 20 40 20 40 20 100 100
Low 0 10 20 10 20 10 100 100

[0033] In one embodiment, a weighted average may be used to aggregate compliance obligation status at various levels, including function, unit, entity, or organization-wide.
[0034] In another embodiment, legal compliance may be mapped to an attribute that captures the impact of each instance of non-compliance, allowing for the movement of legal tasks from one risk category to a higher level with each occurrence of non-compliance. This attribute mapping is referred to as the Dynamic Risk module.
[0035] In an exemplary embodiment, legal tasks with only a pecuniary fine as the legal consequence may not be categorized under the Dynamic Risk category. Legal tasks with critical impacts are dynamic in nature and, after the first default, escalate to the next risk category, labeled as "super critical."
[0036] The initial levels of risk categorization are illustrated in the table below:
[0037] In an embodiment, the first level of risk categorization is shown in below table.
Impact Details of impact criteria Risk Type
Low Fine from Rs. 500/- to Rs. 5000/- Pecuniary
Medium Fine from Rs. 5001/- to Rs 50000/- Pecuniary
High Fine imposed above Rs. 50000/- Pecuniary
Critical Where the penalty prescribed in Law is:
(a) imprisonment with or without fine or
(b) cancellation of certificate / license / permission or
(c) Closure of business or
(d) materially adverse consequence of non-compliance Pecuniary & Prosecution & Cancellation of Registration
Super Critical Where the penalty prescribed in law is:
Existence of two or more consequence referred in Critical category Pecuniary & Prosecution & Cancellation of Registration

[0038] In another exemplary embodiment, the risk category may change if the organization receives a show cause notice. In an alternative embodiment, legal tasks with monthly or ongoing frequencies that are non-compliant over a certain number of instances may be considered within a specific time frame (e.g., a financial year or calendar year), as per legal requirements.
[0039] The system connects users with various legal experts based on the categorization of their requests. In one embodiment, legal experts may provide consultation, suggestions, or advice on a legal solution tailored to the user’s query or request type.
[0040] The dashboard can display the status of legal compliance at the obligation level, reflecting the weighted average compliance status of the tasks associated with each obligation. Similarly, the Risk-o-meter may show the risk status based on the weighted average of risks linked to the tasks under each compliance obligation.
[0041] In one embodiment, legal tasks may be classified as compoundable or non-compoundable according to the law. If an organization can pay a fine in place of prosecution, those tasks may be labeled as compoundable. Users can log compounding details for these offenses, which will be reflected on the Risk-o-meter. Once compounded, such legal tasks will display as Severe Risk.
[0042] In another embodiment, Show Cause and Whistleblower modules may be integrated with the Risk-o-meter, highlighting the risk impact of tasks/obligations for which a show cause notice has been issued or wrongdoing reported by a whistleblower.
[0043] The system continuously monitors government websites and gazette notifications to capture updates to the law, automating real-time notifications. Users assess these updates and make necessary changes to the task database accordingly.
[0044] In another embodiment, the system includes a whistleblower module for tracking show cause notices at the entity or unit level. Users can add notice details to the system, assign action items arising from these notices, and track progress. The dashboard visualizes the status of each show cause notice as Open, Pending, or Closed. Multiple options are available to categorize the status of show cause notices, and the system can generate a Show Cause Notice Graph to display them accordingly.
[0045] The dashboard may also depict compliance status at the obligation level. Compliance tasks derived from laws are grouped under compliance obligations, with their status reflecting the weighted average of task compliance associated with each obligation. The Risk-o-meter displays risk status based on the weighted average of risks associated with tasks tagged to each compliance obligation.
[0046] In one embodiment, the highest risk level may be scored as 100, while the lowest is scored at 20. The risk graph represents the legal obligation status for each risk type, based on a weighted average of underlying compliance statuses.
[0047] The Risk-o-meter enables real-time risk assessment, based on the compliance status data. The compliance status may be updated and reviewed by a performer and a reviewer, as indicated by time/date stamps. Generally, delayed or non-compliance for a task classified as low risk may aggregate with other low-risk tasks in the dashboard without detailing financial or operational impacts on the organization. The dynamic nature of the risk assessment system allows it to escalate risk levels, such as Super Critical or Critical, when tasks face continuous delay or non-compliance, potentially resulting in additional fees, penalties, prosecution, or business suspension.
[0048] For instance, when tasks are completed within internal or statutory deadlines, the system reflects a high compliance standard, indicating low risk for the organization. Consistent timely compliance demonstrates robust governance, reducing the need for senior management oversight over processes, controls, systems, and personnel.
[0049] Conversely, delays in task compliance or failure to meet internal/statutory deadlines may signal a lack of commitment among responsible personnel or highlight ineffective systems, controls, and processes.
[0050] Without monitoring and addressing compliance delays, organizations may incur higher penalties, face prosecution, or suffer regulatory, governance, and reputational risks affecting the company, its directors, or key management personnel.
[0051] The Risk-o-meter, therefore, supports effective oversight, enabling senior management to review compliance obligations, assess emerging risks in real time, and take appropriate mitigation measure
[0052] Figure 2 illustrates a flowchart for a method (200) to facilitate legal risk management, as per an embodiment. The steps in method 200 are not restrictive, allowing for any combination of steps or alternative methods. The method may be implemented through hardware, software, firmware, or any combination thereof. Here, for clarity, the following embodiments describe method 200 as implemented within system 100.
[0053] At block 202, the system receives a query from the user via the user interface (102), where the query includes at least one legal risk associated with at least one legal task.
[0054] At block 204, the business logic layer categorizes data related to the legal risks posed by the query.
[0055] At block 206, the system extracts relevant data from the database in response to the query.
[0056] At block 208, the system generates a response to provide risk management assistance based on the data extracted.
[0057] At block 210, a dashboard monitors the compliance obligation status associated with the legal risk, as displayed through the Risk-o-meter.
,CLAIMS:
1. A system (100) for legal risk management, the system (100) comprising:
a user interface (102) configured to receive a query from a user, wherein the query includes at least one legal risk associated with at least one legal task;
a storage device (104) configured to store a plurality of instructions and a database of legal solutions, risk matrix, and impact of a legal risk;
a processing circuitry (106) coupled with the storage device (104) configured to:
receive a query through the user interface (102);
categorize a data associated with the legal risks of the query through a business logic layer;
extract the relevant data associated with the query from the database;
generate a response for the query, wherein the response configured to provide an assistance for risk management; and
monitor, by a dashboard, the status of a compliance obligation associated with the legal risk through the risk-o-meter that displays the weighted average of compliance statuses of tasks associated with the legal obligations.

2. The system (100) as claimed in claim 1, wherein the system includes a Dynamic Risk module that maps legal compliance to an attribute, capturing the impact of each instance of non-compliance and allowing movement of legal tasks between risk categories based on compliance status.

3. The system (100) as claimed in claim 1, wherein the query comprises a compoundable legal query and a non-compoundable legal query according to the provisions of Law.

4. The system (100) as claimed in claim 1, wherein the risk categories include at least Low, Medium, High, Critical, and Super Critical, defined by specific criteria related to pecuniary fines and non-compliance consequences, including imprisonment, cancellation of licenses, or business closure.

5. The system (100) as claimed in claim 1, wherein further comprising
a Whistleblower module for tracking show cause notices at the entity or unit level, wherein users can input details of the notices, assign actions arising from the notices, and track their progress.

6. The system (100) as claimed in claim 1, comprises a communication unit configured to facilitate communication between a user and a plurality of legal experts based on the categorization of the user request, and wherein the plurality of legal experts configured to provide legal advice, consultation, and suggestion according to the user request.

7. The system (100) as claimed in claim 1, further highest level of risk associated with the risk indicator is scored in the range of 90 to 100 and the lowest level of risk associated with the risk indicator is scored in the range of 10 to 20.

8. The system (100) as claimed in claim 1, wherein the categorization of tasks is dynamic and adapts in real time to delays or continuous non-compliance, escalating risk levels as needed.

9. The system (100) as claimed in claim 1, wherein the Risk-o-meter generates alerts for tasks categorized as Super Critical or Critical, indicating potential financial, operational, or reputational impacts on the organization.

10. A method (200) for facilitating legal risk management, the method comprising:
receiving the query from the user via the user interface (102), wherein the query includes at least one legal risk associated with at least one legal task;
categorizing the data associated with the legal risks of the query through a business logic layer;
extracting the relevant data associated with the query from the database;
generating the response for the query, wherein the response is configured to provide an assistance for risk management; and
monitoring, by a dashboard, the status of the compliance obligation associated with the legal risk through the risk-o-meter.