Modeling and Checking Business Process Compliance Rules in the Financial Sector

Assuring compliance of business processes with legal and internal regulations is crucial for financial institutions, as non-compliance may lead to severe financial and juridical penalties. To ensure business process compliance, process models have been established as a widely accepted basis for the design, documentation and control of the implementation of business process rules. Accordingly, in this paper, we introduce a semi-automatic business process compliance checking approach based on process models and related models. It relies on graph-based pattern matching, which makes it possible in contrast to existing approaches to define and check any possible type of business rule in any possible type of business process model or even other type of model. The approach is embedded in a design science research methodology

IUPC: Identification and Unification of Process Constraints

Business Process Compliance (BPC) has gained significant momentum in research and practice during the last years. Although many approaches address BPC, they mostly assume the existence of some kind of unified base of process constraints and focus on their verification over the business processes. However, it remains unclear how such an inte- grated process constraint base can be built up, even though this con- stitutes the essential prerequisite for all further compliance checks. In addition, the heterogeneity of process constraints has been neglected so far. Without identification and separation of process constraints from domain rules as well as unification of process constraints, the success- ful IT support of BPC will not be possible. In this technical report we introduce a unified representation framework that enables the identifica- tion of process constraints from domain rules and their later unification within a process constraint base. Separating process constraints from domain rules can lead to significant reduction of compliance checking effort. Unification enables consistency checks and optimizations as well as maintenance and evolution of the constraint base on the other side.Comment: 13 pages, 4 figures, technical repor

Supporting Business Process Compliance in Financial Institutions – A Model-Driven Approach

Recently, several approaches have been developed to check process models for compliance with laws and regulations. In this paper a contribution is made with respect to reducing the com-plexity of compliance checking by partially automating business process compliance (BPC) checking. We present a model check-ing approach that is able to check process models for BPC. In particular, we apply a generic pattern matching approach to the Semantic Business Process Modeling Language (SBPML) allow-ing for extended model checking not being restricted to predeces-sor-successor relationships. Finally, we apply the BPC checking approach to the example of a credit approval process from a real-world bank scenario using a demonstrator modeling software

A formal verification framework and associated tools for enterprise modeling : application to UEML

The aim of this paper is to propose and apply a verification and validation approach to Enterprise Modeling that enables the user to improve the relevance and correctness, the suitability and coherence of a model by using properties specification and formal proof of properties

The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

Cloud service localisation

The essence of cloud computing is the provision of software and hardware services to a range of users in dierent locations. The aim of cloud service localisation is to facilitate the internationalisation and localisation of cloud services by allowing their adaption to dierent locales. We address the lingual localisation by providing service-level language translation techniques to adopt services to dierent languages and regulatory localisation by providing standards-based mappings to achieve regulatory compliance with regionally varying laws, standards and regulations. The aim is to support and enforce the explicit modelling of aspects particularly relevant to localisation and runtime support consisting of tools and middleware services to automating the deployment based on models of locales, driven by the two localisation dimensions. We focus here on an ontology-based conceptual information model that integrates locale specication in a coherent way

Towards a Contingency Theory based Model of the Influence of Regulation on MIS

In modern societies and in particular since the financial crisis legal requirements and regulations get more and more attention. The massive amount of regulations also affects management information systems (MIS) with an impact on both, the system level as well as the organizational level. To consider all these regulations is a challenging task for organizations which handle regulative complexity in different ways. Until now, the influence of the degree of regulation on the organization of MIS received only little attention in IS research. This paper introduces a theoretical model and research design that enables investigating the influence of regulation on the organization and success of MIS. The presented model is based on the contingency theory

Detecting Compliance with Business Rules in Ontology-Based Process Modeling

Extending business processes with semantic annotations has gained recent attention. This comprises relating process elements to ontology elements in order to create a shared conceptual and terminological understanding. In business process modeling, processes may have to adhere to a multitude of rules. A common way to detect compliance automatedly is studying the artifact of the process model itself. However, if an ontology exists as an additional artifact, it may prove beneficial to exploit this structure for compliance detection, as it provides a rich specification of the business process. We therefore propose an approach that models a rules-layer ontop of an ontology. Said rules-layer is implemented by a logic program and can be used to reason about the compliance of an underlying ontology. Our approach allows ad-hoc access to external ontologies, other than similar approaches that are reliant on a redundant logical representation of process model elements

An Approach to Transform Public Administration into SOA-based Organizations

Nowadays, Service-Oriented Architectures (SOA) is widely spread in private organizations. However, when transferring this knowledge to Public Administration, it is realized that it has not been transformed in terms of its legal nature into organizations capable to operate under the SOA paradigm. This fact prevents public administration bodies from offering the efficient services they have been provided by different boards of governments. A high-level framework to perform this transformation is proposed. Taking it as starting point, an instance of a SOA Target Meta-Model can be obtained by means of an iterative and incremental process based on the analysis of imperatives and focused on the particular business context of each local public administration. This paper briefly presents a practical experience consisting in applying this process to a Spanish regional public administration.Junta de Andalucía TIC-578