Abstract
Following the crisis in 2008, the financial industry has faced growing numbers of laws and regulations globally. The number and complexity of these regulations are creating significant issues for governance, risk, and compliance management in almost all industrial sectors. This emergent business need calls for a structured and formal framework for managing business process compliance, which is sustainable throughout the complete business process lifecycle. A preventive focus is essential such that compliance is considered from the early stages of business process design, thus enforcing compliance by design. This chapter introduces the Compliance Request Language (CRL), which is at the heart of a formal design-time compliance verification, analysis, and management framework and addresses the “Check Compliance” use case. Following a model-driven engineering approach, CRL is a graphical domain-specific language that is formally grounded and enables the abstract pattern-based specification of compliance requirements to alleviate the complexities of formal/mathematical languages. An integrated tool-suite has been developed as an instantiation artifact, and the various validation activities have been conducted to ensure the validity, efficacy, and applicability of the proposed language and framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Compas project, deliverable 2.1, state-of-the-art in the field of compliance languages (2008)
Alur, R., Henzinger, T.A.: Real-time logics: complexity and expressiveness. Inf. Comput. 104(1), 35–77 (1993). https://doi.org/10.1006/inco.1993.1025
Armoni, R., Fix, L., Flaisher, A., Gerth, R., Ginsburg, B., Kanza, T., Landver, A., Mador-Haim, S., Singerman, E., Tiemeyer, A., Vardi, M.Y., Zbar, Y.: The forspec temporal logic: a new temporal property-specification language. In: Katoen, J., Stevens, P. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, 8th International Conference, TACAS 2002, Held as Part of the Joint European Conference on Theory and Practice of Software, ETAPS 2002, Grenoble, April 8–12, 2002, Proceedings. Lecture Notes in Computer Science, vol. 2280, pp. 296–211. Springer, New York (2002). https://doi.org/10.1007/3-540-46002-0_21
COSO: Internal control – integrated framework. the committee of sponsoring organizations of the treadway commission (1994)
Dettmer, H.: Goldratt’s theory of constraints: A systems approach to continuous improvement (1997)
Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: Ardis, M.A., Atlee, J.M. (eds.) Proceedings of the Second Workshop on Formal Methods in Software Practice, March 4–5, 1998, Clearwater Beach, FL, pp. 7–15. ACM, New York (1998). https://doi.org/10.1145/298595.298598
Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Boehm, B.W. , Garlan, D., Kramer, J. (eds.) Proceedings of the 1999 International Conference on Software Engineering, ICSE’ 99, Los Angeles, CA, May 16–22, 1999, pp. 411–420. ACM Press, New York (1999). https://doi.org/10.1145/302405.302672
Elgammal, A.: Towards a comprehensive framework for business process compliance. Ph.D. thesis, Information Management Department, Tilburg University (2012)
Elgammal, A., Butler, T.: Towards a framework for semantically-enabled compliance management in financial services. In: Toumani, F., Pernici, B., Grigori, D., Benslimane, D., Mendling, J., Hadj-Alouane, N.B., Blake, M.B., Perrin, O., Saleh, I., Bhiri, S. (eds.) Service-Oriented Computing - ICSOC 2014 Workshops - WESOA; SeMaPS, RMSOC, KASA, ISC, FOR-MOVES, CCSA and Satellite Events, Paris, France, November 3–6, 2014, Revised Selected Papers. Lecture Notes in Computer Science, vol. 8954, pp. 171–184. Springer, New York (2014). https://doi.org/10.1007/978-3-319-22885-3_15
Elgammal, A., Sebahi, S., Turetken, O., Hacid, M.S., Papazoglou, M., van den Heuvel, W.: Business process compliance management : an integrated proactive approach (2014)
Elgammal, A., Turetken, O.: Lifecycle business process compliance management: a semantically-enabled framework. In: 2015 International Conference on Cloud Computing (ICCC). IEEE, New York (2015). https://doi.org/10.1109/cloudcomp.2015.7149646
Elgammal, A., Türetken, O., van den Heuvel, W.: Using patterns for the analysis and resolution of compliance violations. Int. J. Cooperative Inf. Syst. 21(1), 31–54 (2012). https://doi.org/10.1142/S0218843012400023
Elgammal, A., Turetken, O., Heuvel, W., Papazoglou, M.: On the formal specification of business contracts and regulatory compliance. In: BMC Health Services Research (2010)
Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: On the formal specification of regulatory compliance: A comparative analysis. In: Maximilien, E.M., Rossi, G., Yuan, S., Ludwig, H., Fantinato, M. (eds.) Service-Oriented Computing - ICSOC 2010 International Workshops, PAASC, WESOA, SEE, and SOC-LOG, San Francisco, CA, December 7–10, 2010, Revised Selected Papers. Lecture Notes in Computer Science, vol. 6568, pp. 27–38 (2010). https://doi.org/10.1007/978-3-642-19394-1_4
Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: Maglio, P.P., Weske, M., Yang, J., Fantinato, M. (eds.) Service-Oriented Computing - 8th International Conference, ICSOC 2010, San Francisco, CA, December 7–10, 2010. Proceedings. Lecture Notes in Computer Science, vol. 6470, pp. 17–31 (2010). https://doi.org/10.1007/978-3-642-17358-5_2
Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: Formalizing and appling compliance patterns for business process compliance. Software Syst. Model. 15(1), 119–146 (2016). https://doi.org/10.1007/s10270-014-0395-3
Francescomarino, C.D., Ghidini, C., Rospocher, M., Serafini, L., Tonella, P.: Reasoning on semantically annotated processes. In: Bouguettaya, A., Krüger, I., Margaria, T. (eds.) Service-Oriented Computing - ICSOC 2008, 6th International Conference, Sydney, December 1–5, 2008. Proceedings. Lecture Notes in Computer Science, vol. 5364, pp. 132–146 (2008). https://doi.org/10.1007/978-3-540-89652-4_13
Fu, X., Bultan, T., Su, J.: Analysis of interacting BPEL Web services. In: Feldman, S.I., Uretsky, M., Najork, M., Wills, C.E. (eds.) Proceedings of the 13th International Conference on World Wide Web, WWW 2004, New York, NY, May 17–20, 2004, pp. 621–630. ACM, New York (2004). https://doi.org/10.1145/988672.988756
Fu, X., Bultan, T., Su, J.: WSAT: A tool for formal analysis of Web services. In: Alur, R., Peled, D.A. (eds.) Computer Aided Verification, 16th International Conference, CAV 2004, Boston, MA, July 13–17, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3114, pp. 510–514. Springer, New York (2004). https://doi.org/10.1007/978-3-540-27813-9_48
Garshol, L.M.: BNF and EBNF: What are they and how do they work? (2008). http://www.garshol.priv.no/download/text/bnf.html. Accessed on 8 Nov 2020
Gaševic, D., Djuric, D., Devedžic, V.: Model driven engineering. In: Model Driven Engineering and Ontology Development, pp. 125–155. Springer, Berlin, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00282-3_4
Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: Eder, J., Dustdar, S. (eds.) Business Process Management Workshops, BPM 2006 International Workshops, BPD, BPI, ENEI, GPWW, DPM, semantics4ws, Vienna, September 4–7, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4103, pp. 5–14. Springer, New York (2006). https://doi.org/10.1007/11837862_2
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quart. 28(1), 75–105 (2004). http://misq.org/design-science-in-information-systems-research.html
Holzmann, G.J.: The model checker SPIN. IEEE Trans. Software Eng. 23(5), 279–295 (1997). https://doi.org/10.1109/32.588521
Karsai, G., Krahn, H., Pinkernell, C., Rumpe, B., Schindler, M., Völkel, S.: Design guidelines for domain specific languages. CoRR abs/1409.2378 (2014). http://arxiv.org/abs/1409.2378
Krötzsch, M., Simancik, F., Horrocks, I.: A description logic primer. CoRR abs/1201.4089 (2012). http://arxiv.org/abs/1201.4089
Ly, L.T., Rinderle-Ma, S., Göser, K., Dadam, P.: On enabling integrated process compliance with semantic constraints in process management systems - requirements, challenges, solutions. Inf. Syst. Front. 14(2), 195–219 (2012). https://doi.org/10.1007/s10796-009-9185-9
Nitzsche, J., Wutke, D., van Lessen, T.: An ontology for executable business processes. In: Hepp, M., Hinkelmann, K., Karagiannis, D., Klein, R., Stojanovic, N. (eds.) Proceedings of the Workshop on Semantic Business Process and Product Lifecycle Management SBPM 2007, held in conjunction with the 3rd European Semantic Web Conference (ESWC 2007), Innsbruck, June 7, 2007, CEUR Workshop Proceedings, vol. 251. CEUR-WS.org (2007). http://ceur-ws.org/Vol-251/paper8.pdf
OASIS: Business process execution language (bpel) (2007)
OMG: Business Process Model and Notation (BPMN), Version 2.0 (2011)
Papazoglou, M.P., van den Heuvel, W.: Business process development life cycle methodology. Commun. ACM 50(10), 79–85 (2007). https://doi.org/10.1145/1290958.1290966
Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, Providence, Rhode Island, 31 October–1 November 1977, pp. 46–57. IEEE Computer Society (1977). https://doi.org/10.1109/SFCS.1977.32
Polyvyanyy, A., Ouyang, C., Barros, A., van der Aalst, W.M.P.: Process querying: enabling business intelligence through query-based process analytics. Dec. Support Syst. 100, 41–56 (2017). https://doi.org/10.1016/j.dss.2017.04.011
Reuter, P.: Chasing Dirty Money: The Fight Against Money Laundering. Recording for the Blind & Dyslexic (2005)
Sadiq, S.W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) Business Process Management, 5th International Conference, BPM 2007, Brisbane, September 24–28, 2007, Proceedings. Lecture Notes in Computer Science, vol. 4714, pp. 149–164. Springer, New York (2007). https://doi.org/10.1007/978-3-540-75183-0_12
Sebahi, S., Hacid, M.: Business process monitoring with BPath. In: Meersman, R., Dillon, T.S., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2010 - Confederated International Conferences: CoopIS, IS, DOA and ODBASE, Hersonissos, Crete, Greece, October 25–29, 2010, Proceedings, Part I. Lecture Notes in Computer Science, vol. 6426, pp. 446–453. Springer, New York (2010). https://doi.org/10.1007/978-3-642-16934-2_33
Türetken, O., Elgammal, A., van den Heuvel, W., Papazoglou, M.P.: Enforcing compliance on business processes through the use of patterns. In: Tuunainen, V.K., Rossi, M., Nandhakumar, J. (eds.) 19th European Conference on Information Systems, ECIS 2011, Helsinki, June 9–11, 2011, p. 5 (2011). http://aisel.aisnet.org/ecis2011/5
Türetken, O., Elgammal, A., van den Heuvel, W., Papazoglou, M.P.: Capturing compliance requirements: A pattern-based approach. IEEE Software 29(3), 28–36 (2012). https://doi.org/10.1109/MS.2012.45
W. W. W. C. (W3C): OWL Web ontology language overview (2011)
Yu, J., Manh, T.P., Han, J., Jin, Y., Han, Y., Wang, J.: Pattern based property specification and verification for service composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) Web Information Systems - WISE 2006, 7th International Conference on Web Information Systems Engineering, Wuhan, October 23–26, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4255, pp. 156–168. Springer, New York (2006). https://doi.org/10.1007/11912873_18
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Elgammal, A., Turetken, O. (2022). CRL and the Design-Time Compliance Management Framework. In: Polyvyanyy, A. (eds) Process Querying Methods. Springer, Cham. https://doi.org/10.1007/978-3-030-92875-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-92875-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92874-2
Online ISBN: 978-3-030-92875-9
eBook Packages: Computer ScienceComputer Science (R0)