Regulatory compliance of business processes

Abstract

Organizations, be it public or private, have to ensure that their operations are complying with various governmental regulations, otherwise they may suffer from law suits and financial losses, or they may even not be allowed to operate (e.g., in case of repeated violations). Therefore, organizations need to have a clear understanding of all the relevant regulations and verify that their business processes are designed and performed in a desired way. However, regulations can be fairly complex in terms of the conditions, targets, and scopes they refer to. Moreover, when considering a set of regulations, the possibility of interrelationships between them brings added complexity to compliance checking. Thus, ensuring regulatory compliance is not only labor and time consuming but also complex. In this paper, we propose a consistency and compliance checker framework (CCCF) that considers sets of interrelated regulations and aims at providing automated supports for organizations to analyze and verify their regulatory compliance. More specifically, CCCF takes legal regulations and business processes as inputs and provides the results of whether the regulations are consistent, whether the business processes are compliant with the regulations, and which business operations need to be adjusted in case of non-compliance. To validate our approach, we use a case study of customs declaration in international trade .

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2

Notes

  1. 1.

    The AEO is a European-wide customs initiative that aims to secure the supply chain while at the same time reducing the administrative burden for actors through the use of self-regulation.

References

  1. Allweyer T (2010) BPMN 2.0: introduction to the standard for business process modeling. Books on Demand GmbH, Norderstedt

    Google Scholar 

  2. Andrighetto G, Governatori G, Noriega P, van der Torre L (2012) Normative multi-agent systems. Schloss Dagstuhl, Wadern

    Google Scholar 

  3. Awad A, Goré R, Hou Z, Thomson J, Weidlich M (2012) An iterative approach to synthesize business process templates from compliance rules. Inf Syst 37(8):714–736

    Article  Google Scholar 

  4. Binder Dijker Otte Co (2011) The consequences of non-compliance in global business. Tech Rep, Binder Dijker Otte & Co, United Kingdom

    Google Scholar 

  5. Boella G, Janssen M, Hulstijn J, Humphreys L, van der Torre L (2013) Managing legal interpretation in regulatory compliance. In: International conference on artificial intelligence and law, pp 23–32

  6. D’prile D, Giordano L, Gliozzi V, Martelli A, Pozzato GL, Dupré DT (2010) Verifying business process compliance by reasoning about actions. In: International workshop on computational logic in multi-agent systems XI, pp 99–116

  7. EI Kharbili M, Alves de Medeiros AK, Stein S, van der Aalst WMP (2008) Business process compliance checking: current state and future challenges. In: Modellierung Betrieblicher Informationssysteme, pp 107–113

  8. European Commission (2013a) Authorised economic operator. http://ec.europa.eu/taxation_customs/customs/policy_issues/customs_security/aeo/

  9. European Commission (2013b) The community customs code, implementing provisions and guidelines. http://ec.europa.eu/taxation_customs/customs/procedural_aspects/general/community_code/

  10. European Commission (2013c) Customs declaration. http://ec.europa.eu/taxation_customs/customs/procedural_aspects/general/declaration/index_en.htm

  11. Governatori G, Milosevic Z (2006) A formal analysis of a business contract language. Int J Coop Inf Syst 15(4):659–685

    Article  Google Scholar 

  12. Governatori G, Rotolo A (2010) Norm compliance in business process modeling. In: The 4th international web rule symposium, pp 194–209

  13. Jensen K (1997) Coloured petri nets: basic concepts, analysis methods and practical uses. Springer, Berlin

    Google Scholar 

  14. Jensen K, Kristensen LM, Wells L (2007) Coloured petri nets and cpn tools for modelling and validation of concurrent systems. Int J Softw Tools Technol Transf 9(3-4):213–254

    Article  Google Scholar 

  15. Jiang J, Aldewereld H, Dignum V, Tan YH (2013a) Norm contextualization. In: Coordination, organizations, institutions, and norms in agent systems VIII, pp 141–157

  16. Jiang J, Dignum V, Aldwereld H, Dignum F, Tan YH (2013b) Norm compliance checking. In: International conference on autonomous agents and multiagent systems, pp 1121–1122

  17. Keller G, Nüttgens M, Scheer AW (1992) Semantische Prozeßmodellierung auf der Grundlage Ereignisgesteuerter Prozeßketten (EPK). Tech. rep., Universität des Saarlandes, Germany

  18. Lau GT (2004) A comparative analysis framework for semi-structured documents, with applications to government regulations. PhD thesis

  19. Lohmann N (2013) Compliance by design for artifact-centric business processes. Inf Syst 38(4):606–618

    Article  Google Scholar 

  20. Meyer J-JCh, Wieringa R (eds) (1993) Deontic logic in computer science: normative system specification. Wiley, London

    Google Scholar 

  21. Mohamed EKA, Lashine SH (2003) Accounting knowledge and skills and the challenges of a global business environment. Manag Fin 29(7):3–16

    Google Scholar 

  22. Ramezani E, Fahland D, van der Aalst WMP (2012) Where did I misbehave? diagnostic information in compliance checking. In: International conference on business process management, pp 262–278

  23. Sadiq SW, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. In: International conference on business process management, pp 149–164

  24. van der Aalst WMP (2011) Process mining: discovery, conformance and enhancement of business processes. Springer, Berlin

    Google Scholar 

  25. van der Aalst WMP, ter Hostede AHM (2004) YAWL: yet another workflow language. Inf Syst 30(4):245–275

    Article  Google Scholar 

  26. van der Aalst WMP, van Hee KM, van der Werf JM, Kumar A, Verdonk M (2011) Conceptual model for online auditing. Decis Support Syst 50(3):636–647

    Article  Google Scholar 

  27. van der Aalst WMP, Adriansyah A, van Dongen BF (2012) Replaying history on process models for conformance checking and performance analysis. Data Min Knowl Discov 2(2):182–192

    Article  Google Scholar 

  28. Weske M (2007) Business process management: concepts, languages, architecture. Springer, Berlin

    Google Scholar 

  29. zur Muehlen M, Indulska M, Kamp G (2007) Business process and business rule modeling languages for compliance management: a representational analysis. In: International conference on conceptual modeling, pp 127–132

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Jie Jiang.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Jiang, J., Aldewereld, H., Dignum, V. et al. Regulatory compliance of business processes. AI & Soc 30, 393–402 (2015). https://doi.org/10.1007/s00146-014-0536-9

Download citation

Keywords

  • Regulatory compliance
  • Business processes
  • Normative structure