article

Regulatory compliance of business processes

Authors:

Huib Aldewereld,

Virginia Dignum,

Ziv BaidaAuthors Info & Claims

AI & Society, Volume 30, Issue 3

Pages 393 - 402

https://doi.org/10.1007/s00146-014-0536-9

Published: 01 August 2015 Publication History

Abstract

Organizations, be it public or private, have to ensure that their operations are complying with various governmental regulations, otherwise they may suffer from law suits and financial losses, or they may even not be allowed to operate (e.g., in case of repeated violations). Therefore, organizations need to have a clear understanding of all the relevant regulations and verify that their business processes are designed and performed in a desired way. However, regulations can be fairly complex in terms of the conditions, targets, and scopes they refer to. Moreover, when considering a set of regulations, the possibility of interrelationships between them brings added complexity to compliance checking. Thus, ensuring regulatory compliance is not only labor and time consuming but also complex. In this paper, we propose a consistency and compliance checker framework (CCCF) that considers sets of interrelated regulations and aims at providing automated supports for organizations to analyze and verify their regulatory compliance. More specifically, CCCF takes legal regulations and business processes as inputs and provides the results of whether the regulations are consistent, whether the business processes are compliant with the regulations, and which business operations need to be adjusted in case of non-compliance. To validate our approach, we use a case study of customs declaration in international trade .

References

[1]

Allweyer T (2010) BPMN 2.0: introduction to the standard for business process modeling. Books on Demand GmbH, Norderstedt.

[2]

Andrighetto G, Governatori G, Noriega P, van der Torre L (2012) Normative multi-agent systems. Schloss Dagstuhl, Wadern.

[3]

Awad A, Goré R, Hou Z, Thomson J, Weidlich M (2012) An iterative approach to synthesize business process templates from compliance rules. Inf Syst 37(8):714-736.

Digital Library

[4]

Binder Dijker Otte Co (2011) The consequences of non-compliance in global business. Tech Rep, Binder Dijker Otte & Co, United Kingdom.

[5]

Boella G, Janssen M, Hulstijn J, Humphreys L, van der Torre L (2013) Managing legal interpretation in regulatory compliance. In: International conference on artificial intelligence and law, pp 23-32.

[6]

D'prile D, Giordano L, Gliozzi V, Martelli A, Pozzato GL, Dupré DT (2010) Verifying business process compliance by reasoning about actions. In: International workshop on computational logic in multi-agent systems XI, pp 99-116.

[7]

EI Kharbili M, Alves de Medeiros AK, Stein S, van der Aalst WMP (2008) Business process compliance checking: current state and future challenges. In: Modellierung Betrieblicher Informations-systeme, pp 107-113.

[8]

European Commission (2013a) Authorised economic operator. http://ec.europa.eu/taxation_customs/customs/policy_issues/customs_security/aeo/.

[9]

European Commission (2013b) The community customs code, implementing provisions and guidelines. http://ec.europa.eu/taxation_customs/customs/procedural_aspects/general/community_code/.

[10]

European Commission (2013c) Customs declaration. http://ec.europa.eu/taxation_customs/customs/procedural_aspects/general/declaration/index_en.htm.

[11]

Governatori G, Milosevic Z (2006) A formal analysis of a business contract language. Int J Coop Inf Syst 15(4):659-685.

[12]

Governatori G, Rotolo A (2010) Norm compliance in business process modeling. In: The 4th international web rule symposium, pp 194-209.

[13]

Jensen K (1997) Coloured petri nets: basic concepts, analysis methods and practical uses. Springer, Berlin.

[14]

Jensen K, Kristensen LM, Wells L (2007) Coloured petri nets and cpn tools for modelling and validation of concurrent systems. Int J Softw Tools Technol Transf 9(3-4):213-254.

Digital Library

[15]

Jiang J, Aldewereld H, Dignum V, Tan YH (2013a) Norm contextualization. In: Coordination, organizations, institutions, and norms in agent systems VIII, pp 141-157.

[16]

Jiang J, Dignum V, Aldwereld H, Dignum F, Tan YH (2013b) Norm compliance checking. In: International conference on autonomous agents and multiagent systems, pp 1121-1122.

[17]

Keller G, Nüttgens M, Scheer AW (1992) Semantische Prozeßmodellierung auf der Grundlage Ereignisgesteuerter Prozeßketten (EPK). Tech. rep., Universität des Saarlandes, Germany.

[18]

Lau GT (2004) A comparative analysis framework for semi-structured documents, with applications to government regulations. PhD thesis.

[19]

Lohmann N (2013) Compliance by design for artifact-centric business processes. Inf Syst 38(4):606-618.

Digital Library

[20]

Meyer J-JCh, Wieringa R (eds) (1993) Deontic logic in computer science: normative system specification. Wiley, London.

[21]

Mohamed EKA, Lashine SH (2003) Accounting knowledge and skills and the challenges of a global business environment. Manag Fin 29(7):3-16.

[22]

Ramezani E, Fahland D, van der Aalst WMP (2012) Where did I misbehave? diagnostic information in compliance checking. In: International conference on business process management, pp 262-278.

[23]

Sadiq SW, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. In: International conference on business process management, pp 149-164.

[24]

van der Aalst WMP (2011) Process mining: discovery, conformance and enhancement of business processes. Springer, Berlin.

[25]

van der Aalst WMP, ter Hostede AHM (2004) YAWL: yet another workflow language. Inf Syst 30(4):245-275.

Digital Library

[26]

van der Aalst WMP, van Hee KM, van der Werf JM, Kumar A, Verdonk M (2011) Conceptual model for online auditing. Decis Support Syst 50(3):636-647.

Digital Library

[27]

van der Aalst WMP, Adriansyah A, van Dongen BF (2012) Replaying history on process models for conformance checking and performance analysis. Data Min Knowl Discov 2(2):182-192.

Digital Library

[28]

Weske M (2007) Business process management: concepts, languages, architecture. Springer, Berlin.

[29]

zur Muehlen M, Indulska M, Kamp G (2007) Business process and business rule modeling languages for compliance management: a representational analysis. In: International conference on conceptual modeling, pp 127-132.

Cited By

Akhigbe OAmyot DRichards GLessard L(2022)GoRIM: a model-driven method for enhancing regulatory intelligenceSoftware and Systems Modeling (SoSyM)10.1007/s10270-021-00949-z21:4(1613-1641)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10270-021-00949-z
Segers LUbacht JTan YD. Rukanova B(2019)The use of a blockchain-based smart import declaration to reduce the need for manual cross-validation by customs authoritiesProceedings of the 20th Annual International Conference on Digital Government Research10.1145/3325112.3325264(196-203)Online publication date: 18-Jun-2019
https://dl.acm.org/doi/10.1145/3325112.3325264
Hashmi MGovernatori GLam HWynn M(2018)Are we done with business process complianceKnowledge and Information Systems10.1007/s10115-017-1142-157:1(79-133)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10115-017-1142-1

Recommendations

Arguing regulatory compliance of software requirements

A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the ...
Establishing regulatory compliance for software requirements
ER'11: Proceedings of the 30th international conference on Conceptual modeling

A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the ...
Business process models and simulation to enable GDPR compliance: Business process models and simulation to enable GDPR compliance
Abstract
The general data protection regulation (GDPR) provides European individuals with a regulatory framework for personal data protection and privacy. Compliance with this regulation represents an essential challenge for organisations that store, ...

Comments

Information & Contributors

Information

Published In

cover image AI & Society

AI & Society Volume 30, Issue 3

August 2015

100 pages

ISSN:0951-5666

Issue’s Table of Contents

Copyright © Copyright © 2015 Springer-Verlag London.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 August 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Akhigbe OAmyot DRichards GLessard L(2022)GoRIM: a model-driven method for enhancing regulatory intelligenceSoftware and Systems Modeling (SoSyM)10.1007/s10270-021-00949-z21:4(1613-1641)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10270-021-00949-z
Segers LUbacht JTan YD. Rukanova B(2019)The use of a blockchain-based smart import declaration to reduce the need for manual cross-validation by customs authoritiesProceedings of the 20th Annual International Conference on Digital Government Research10.1145/3325112.3325264(196-203)Online publication date: 18-Jun-2019
https://dl.acm.org/doi/10.1145/3325112.3325264
Hashmi MGovernatori GLam HWynn M(2018)Are we done with business process complianceKnowledge and Information Systems10.1007/s10115-017-1142-157:1(79-133)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10115-017-1142-1

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents