Assessing the Compliance of Business Process Models with Regulatory Documents

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12400)


Implementing regulatory documents is a recurring, mostly manual and time-consuming task for companies. To establish and ensure regulatory compliance, constraints need to be extracted from the documents and integrated into process models capturing existing operational practices. Since regulatory documents and processes are subject to frequent change, the constant comparison between both is mandatory. Additionally, new regulations must be integrated and checked against existing process models. To address these challenges, we provide an approach that uses natural language processing to automatically support compliance assessment between regulatory documents and process model repositories. The outcome is a pairwise matching between parts of a regulatory document and process models from a repository. This matching can be used to either determine the coverage of regulations by a process model or to guide compliance assessment by ranking models based on their fitness and cost. The approach is implemented and applied in two real-world case studies: one from the energy domain and the other based on the General Data Protection Regulation.


Compliance assessment Regulatory documents Business process models Natural language processing 


  1. 1.
    van der Aa, H., Di Ciccio, C., Leopold, H., Reijers, H.A.: Extracting declarative process models from natural language. In: Giorgini, P., Weber, B. (eds.) CAiSE 2019. LNCS, vol. 11483, pp. 365–382. Springer, Cham (2019). Scholar
  2. 2.
    Van der Aa, H., Leopold, H., Reijers, H.A.: Comparing textual descriptions to process models-the automatic detection of inconsistencies. Inf. Syst. 64, 447–460 (2017)CrossRefGoogle Scholar
  3. 3.
    Van der Aa, H., Leopold, H., Reijers, H.A.: Checking process compliance against natural language specifications using behavioral spaces. Inf. Syst. 78, 83–95 (2018)CrossRefGoogle Scholar
  4. 4.
    Agostinelli, S., Maggi, F.M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: Cappiello, C., Ruiz, M. (eds.) Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, vol. 350. Springer, Cham (2019).
  5. 5.
    Bajwa, I.S., Lee, M.G., Bordbar, B.: SBVR business rules generation from natural language specification. In: AAAI Spring Symposium, pp. 2–8 (2011)Google Scholar
  6. 6.
    Böhmer, K., et al.: Application and testing of business processes in the energy domain. Big Data Management Systems in Business and Industrial Applications (2017)Google Scholar
  7. 7.
    Dragoni, M., Villata, S., Rizzi, W., Governatori, G.: Combining NLP approaches for rule extraction from legal documents. In: MIREL (2016)Google Scholar
  8. 8.
    Friedrich, F., Mendling, J., Puhlmann, F.: Process model generation from natural language text. In: Mouratidis, H., Rolland, C. (eds.) CAiSE 2011. LNCS, vol. 6741, pp. 482–496. Springer, Heidelberg (2011). Scholar
  9. 9.
    Ghose, A., Koliadis, G., Chueng, A.: Process discovery from model and text artefacts. In: Services, pp. 167–174 (2007)Google Scholar
  10. 10.
    Hashmi, M., Governatori, G.: Norms modeling constructs of business process compliance management frameworks: a conceptual evaluation. Artif. Intell. Law 26(3), 251–305 (2017). Scholar
  11. 11.
    Hashmi, M., Governatori, G., Lam, H.-P., Wynn, M.T.: Are we done with business process compliance: state of the art and challenges ahead. Knowl. Inf. Syst. 57(1), 79–133 (2018). Scholar
  12. 12.
    Honnibal, M., Montani, I.: spaCy 2: natural language understanding with Bloom embeddings, convolutional neural networks and incremental parsing (2017)Google Scholar
  13. 13.
    Kharbili, M.E., Medeiros, A.K.A.D., Stein, S., van der Aalst, W.M.: Business process compliance checking: current state and future challenges. In: MobIS (2008)Google Scholar
  14. 14.
    Meth, H., Brhel, M., Maedche, A.: The state of the art in automated requirements elicitation. Inf. Softw. Technol. 55(10), 1695–1709 (2013) CrossRefGoogle Scholar
  15. 15.
    Omg, O., Parida, R., Mahapatra, S.: Business process model and notation (BPMN) version 2.0. Object Manag. Group 1 (2011)Google Scholar
  16. 16.
    Rinderle-Ma, S., Kabicher-Fuchs, S.: An indexing technique for compliance checking and maintenance in large process and rule repositories. EMISAJ 11, 1–24 (2016) Google Scholar
  17. 17.
    Sànchez-Ferreres, J., van der Aa, H., Carmona, J., Padró, L.: Aligning textual and model-based process descriptions. Data Knowl. Eng. 118, 25–40 (2018)CrossRefGoogle Scholar
  18. 18.
    Schröder, G., Thiele, M., Lehner, W.: Setting goals and choosing metrics for recommender system evaluations. In: UCERSTI2 (2011)Google Scholar
  19. 19.
    Selway, M., Grossmann, G., Mayer, W., Stumptner, M.: Formalising natural language specifications using a cognitive linguistic/configuration based approach. Inf. Syst. 54, 191–208 (2015)CrossRefGoogle Scholar
  20. 20.
    Sinha, A., Paradkar, A.: Use cases to process specifications in business process modeling notation. In: Web Services, pp. 473–480 (2010)Google Scholar
  21. 21.
    Winter, K., Rinderle-Ma, S.: Deriving and combining mixed graphs from regulatory documents based on constraint relations. In: Giorgini, P., Weber, B. (eds.) CAiSE 2019. LNCS, vol. 11483, pp. 430–445. Springer, Cham (2019). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Faculty of Computer ScienceUniversity of ViennaViennaAustria
  2. 2.Data and Web Science GroupUniversity of MannheimMannheimGermany
  3. 3.Department of Computer ScienceHumboldt-Universität zu BerlinBerlinGermany

Personalised recommendations