Towards Supporting Business Process Compliance Checking with Compliance Pattern Catalogues - A Financial Industry Case Study
AbstractBusiness process compliance checking serves to discover legal or self-regulatory violations in business processes using process models. This way, companies can react to new regulations and avoid violations quickly, hence prevent negative monetary or even legal consequences. In the business process compliance management literature, we find an abundance of approaches supporting business process compliance checking. Although many of these approaches show promise to support business process compliance checking by providing model checking-like methodologies, hardly any of them provide a common list of relevant compliance rules or violations that should be checked for. With this paper, we aim at making a step towards comprehensive catalogues of compliance rules that can be used as input for business process compliance checking approaches. In particular, we analyse two legal documents providing a set of compliance rules for service processes in financial industries. We derive compliance patterns from them and apply them to a large business process model coming from a German IT service provider for banks, using a graph pattern-based compliance checking approach. As a result, we show that deriving business process compliance rules from legal texts leads to meaningful patterns matching several subsections of common process models of financial services. Hence, we can expect catalogues of such patterns to be promising for supporting business process analysts in compliance checking.
Authors who publish with this journal agree to the following terms: Authors retain copyright and grant the journal 'Enterprise Modelling and Information Systems Architectures - International Journal of Conceptual Modeling' and the Gesellschaft für Informatik e.V. (GI) the permission of first publication, and the non-exclusive, irrevocable and non-time limited publication permission for the submitted work including the permissions to store, copy, distribute and reproduce their work in printed and electronic form for the duration of the legal copyright. This includes the right of translation. Authors grant the journal 'Enterprise Modelling and Information Systems Architectures - International Journal of Conceptual Modeling' and the Gesellschaft für Informatik e.V. (GI) the permission to license their work under a Creative Commons BY-SA 4.0 license that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book) given an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access). The submitting corresponding author on behalf of all co-authors asserts that she/he is entitled to the granting of the above mentioned permissions for the submitted work.