Towards an Abstract Framework for Compliance

The present paper aims at providing an abstract framework to define the regulatory compliance problem. In particular we show how the framework can be used to solve the problem of deciding whether a structured process is compliant with a single regulation, which is composed of a primary obligation and a chain of compensations

Neural Symbolic Architecture for Normative Agents

In this paper we propose a neural-symbolic architecture to represent and reason with norms in multi-agent systems. On the one hand, the architecture contains a symbolic knowledge base to represent norms and on the other hand it contains a neural network to reason with norms. The interaction between the symbolic knowledge and the neural network is used to learn norms. We describe how to handle normative reasoning issues like contrary to duties, dilemmas and exceptions by using a priority-based ordering between the norms in a neural-symbolic architecture

Proving Regulatory Compliance: Business Processes, Logic, Complexity

The problem of proving regulatory compliance of a business process model is composed of two main elements. One of these elements is the business process model, which provides a formal compact description of the available executions capable of achieving a given business objective. The other element is the regulatory framework that the business process must follow, describing the compliance requirements given by the law or by a company’s own internal regulations. The problem consists of verifying whether a given business process model is compliant with the regulatory framework, which is carried out by verifying whether the executions of the model comply with the requirements of the regulatory framework. Solutions to prove the regulatory compliance of business processes have been already proposed in the past. Some solutions disregard the computational complexity aspect of the problem, while other solutions either solve a simplified version of the problem efficiently or provide approximate solutions for the general one. However, none of these solutions have formally studied the computational complexity of the problem of proving regulatory compliance. This thesis addresses that issue, showing in addition why efficient solutions of the general problem are not possible. In particular I study the computational complexity of a problem of proving regulatory compliance whose regulatory framework is defined using conditional obligations. The approach I adopt to represent the compliance requirement is semantically similar to some of the existing solutions proposed by other researchers, such as van der Aalst and many others, who adopts linear temporal logic over finite traces, or different variants of such temporal logic, to define the compliance requirements. More precisely, the approach used in the present thesis adopts propositional logic as base logic, and defines the semantics of the regulatory framework in a similar way as Process Compliance Logic introduced by Governatori and Rotolo. The study of the computational complexity of the problem is approached by dividing it in sub-classes and then combining their analysis to obtain the result for the target problem. The division is done according to three features of the regulatory framework. These features define whether the framework is composed of a single or a set of obligations, whether the obligations are conditional and whether violations can be compensated. These features can be omitted to identify simpler sub-classes of the problem. After having identified the different sub-classes of the problem, I study the computational complexity of some of these sub-classes and combine the results obtained to identify the computational complexity of the general problem tackled in the present thesis, where each of the three features identified are used to describe the compliance requirements. The results of the computational complexity analysis show that proving the existence of an execution of a business process compliant with the regulatory framework is an NP-complete problem. Differently proving that for all of the executions of a business process model, they are either compliant or not with the regulatory framework, is a coNP-complete problem. The results show that combining the two elements composing the problem of proving regulatory compliance, the process model and the regulatory framework, which are tractable when considered individually, leads to an intractable problem. In addition to the computational complexity results, the analysis provided in the thesis has also shown that tractable sub-classes of the problem, where the computational complexity is at most polynomial with respect to the size of the input, can be obtained by trivialising the expressivity of either one of the elements composing the problem. However the expressivity of these sub-classes is limited. Thus I identify a different tractable sub-class of the problem by weakening the expressivity of both elements composing the problem, but where each element is not trivialised as for the other sub-classes. Whether the sub-class identified can be considered expressive is arguable, however it represents a first step towards identifying a sub-class of the problem being both tractable and expressive, taking into account the limitation of employing propositional logic as base logic

Social Network Analysis for Judgment Aggregation

The majority of work in judgment aggregation is devoted to the study of impossibility results. However the (social) dependencies that may exist between the voters has received less attention. In this extended abstract we use the degree centrality measure from social network analysis and obtain a correspondence between the average voter rule and this measure, and show that approach can lead to more resolute outcomes in the voting process

Business Process Regulatory Compliance is Hard

Verifying whether a business process is compliant with a regulatory framework is a difficult task. In the present paper we prove the hardness of the business process regulatory compliance problem by taking into account a sub-problem of the general problem. This limited problem allows to verify only the compliance of structured processes with respect to a regulatory framework composed of a set of conditional obligations including a deadline. Experimental evidence from existing studies shows that compliance is a difficult task. In this paper, despite considering a sub-problem of the general problem, we provide some theoretical evidence of the difficulty of the task. In particular we show that the source of the complexity lies in the core language of verifying conditional obligations with a deadline. We prove that for this simplified case verifying partial compliance belongs to the class of NP-complete problems, and verifying full compliance belongs to the class of coNP-complete problems. Thus by proving the difficulty of a simplified compliance problem we prove that the general problem of verifying business process regulatory compliance is hard

Compliance in Resource-based Process Models

Execution of business processes often requires resources, the use of which is usually subject to constraints. In this paper, we study the compliance of business processes with resource usage policies. To this end, we relate the execution of a business process to its resource requirements in terms of resources consumed, produced or blocked by tasks of the business process. Policies specifying constraints on resource usage are specified in the form of obligations and the verification of whether a business process complies with a given resource usage policy is formally studied