Rule based business process compliance

Assuring compliance of business processes with legal and internal regulations is crucial for financial institutions, as non-compliance may lead to severe financial and juridical penalties. To ensure business process compliance, process models have been established as a widely accepted basis for the design, documentation and control of the implementation of business process rules. Accordingly, in this paper, we introduce a semi-automatic business process compliance checking approach based on process models and related models. It relies on graph-based pattern matching, which makes it possible in contrast to existing approaches to define and check any possible type of business rule in any possible type of business process model or even other type of model. The approach is embedded in a design science research methodology.

Lecture Notes in Computer Science, 2011

Driven by recent trends, effective compliance control has become a crucial success factor for companies nowadays. In this context, compliance monitoring is considered an important building block to support business process compliance. Key to the practical application of a monitoring framework will be its ability to reveal and pinpoint violations of imposed compliance rules that occur during process execution. In this context, we propose a compliance monitoring framework that tackles three major challenges. As a compliance rule can become activated multiple times within a process execution, monitoring only its overall enforcement can be insufficient to assess and deal with compliance violations. Therefore, our approach enables to monitor each activation of a compliance rule individually. In case of violations, we are able to derive the particular root cause, which is helpful to apply specific remedy strategies. Even if a rule activation is not yet violated, the framework can provide assistance in proactively enforcing compliance by deriving measures to render the rule activation satisfied.

Knowledge and Information Systems, 2018

Literature on business process compliance (BPC) has predominantly focused on the alignment of the regulatory rules with the design, verification and validation of business processes. Previously surveys on BPC have been conducted with specific context in mind; however, the literature on BPC management research is largely sparse and does not accumulate a detailed understanding on existing literature and related issues faced by the domain. This survey provides a holistic view of the literature on existing BPC management approaches, and categories them based on different compliance management strategies in the context of formulated research questions. A systematic literature approach is used where search terms pertaining keywords were used to identify literature related to the research questions from scholarly databases. From initially 183 papers, we selected 79 papers related to the themes of this survey published between 2000-2015. The survey results reveal that mostly compliance management approaches center around three distinct categories namely: design-time (28%), run-time (32%) and auditing (10%). Also, organisational and internal control based compliance management frameworks (21%) and hybrid approaches make (9%) of the surveyed approaches. Furthermore, open research challenges and gaps are identified and discussed with respect to the compliance problem.

Software & Systems Modeling, 2014

DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the "Taverne" license above, please follow below link for the End User Agreement:

Information Systems, 2015

In recent years, monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as major concern in literature and practice. Monitoring not only refers to continuously observing possible compliance violations, but also includes the ability to provide fine-grained feedback and to predict possible compliance violations in the future. The body of literature on business process compliance is large and approaches specifically addressing process monitoring are hard to identify. Moreover, proper means for the systematic comparison of these approaches are missing. Hence, it is unclear which approaches are suitable for particular scenarios. The goal of this paper is to define a framework for Compliance Monitoring Functionalities (CMF) that enables the systematic comparison of existing and new approaches for monitoring compliance rules over business processes during runtime. To define the scope of the framework, at first, related areas are identified and discussed. The CMFs are harvested based on a systematic literature review and five selected case studies. The appropriateness of the selection of CMFs is demonstrated in two ways: (a) a systematic comparison with pattern-based compliance approaches and (b) a classification of existing compliance monitoring approaches using the CMFs. Moreover, the application of the CMFs is showcased using three existing tools that are applied to two realistic data sets. Overall, the CMF framework provides a powerful means to position existing and future compliance monitoring approaches.

2011

The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided.

The concept business process compliance refers to the degree of conformance between the business processes of an organization and the regulations and rules that govern it. This paper intends to be a starting point for people interested in business process compliance who have no knowledge about how to address compliance checking. We introduce the four most relevant points to be considered before facing the problem and present some hints for those points in the form of a state of the art based on the literature about business process compliance checking. We also state possible future work in the context of business process compliance derived from this study.

2012

Business process compliance tries to ensure the business processes used in an organization are designed and executed according to the rules that govern the company. However, the nature of rules (expressed in natural language) and the large amount of elements that can be involved in them make their materialization and automated checking quite difficult. That is why the existing support for compliance checking is generally restricted to specific kinds of rules (e.g. rules affecting the control flow of the process). In this paper, we introduce compliance mashups, and show how a mashup-based approach can help solve the problem of rule specification and checking at design time. Some advantages of such an approach are that: (i) any kind of rule can be specified, which implies that each user can specify a rule according to his/her interpretation of the rule; (ii) building the compliance mashup is transparent to the formalism(s) used to implement it, so different techniques can be used together; and (iv) mashup components or parts of them can be re-used. As an example we use this approach to build mashups to specify and check rules related to human resource management in business processes at design time.

GRCIS. CEUR-WS. org, 2009

Abstract. Keeping business processes compliant with regulations is of major importance for companies. Considering the huge number of mod-els each company possesses, an automation of compliance maintenance becomes essential. Therefore, many approaches focused on ...

2009

It is a typical scenario that many organisations have their business processes specified independently of their business obligations (which includes contractual obligations to business partners, as well as obligations a business has to fulfil against regulations and industry standards). This is because of the lack of guidelines and tools that facilitate derivation of processes from contracts but also because of the traditional mindset of treating contracts separately from business processes. This chapter will provide a solution to one specific problem that arises from this situation, namely the lack of mechanisms to check whether business processes are compliant with business contracts. The chapter begins by defining the space for business process compliance and the ecosystem for ensuring that process are compliant. The key point is that compliance is a relationship between two sets of specifications: the specifications for executing a business process and the specifications regulating a business. The central part of the chapter focuses on a logic based formalism for describing both the semantics of normative specifications and the semantics of compliance checking procedures.