Business process compliance sits at the interface of RegTech and business process management and is concerned with the verification of compliance constraints over process models and process instances during design time and runtime. Typically, compliance constraints are not available in structured or formalized format, but stem from a possibly vast set of regulatory documents such as the General Data Protection Regulation (GRPD). Lately, approaches for the extraction of constraints from regulatory documents have been proposed, mostly based on Natural Language Processing (NLP), but still several open questions remain, e.g., the granularity of splitting regulatory documents for constraint extraction. Regulatory documents are subject to frequent and possibly disruptive amendments and change, e.g., an average of 2000 legal acts are issued by the European Union every year. Regulatory changes might cause compliance violations, e.g., if an amendment requires to conduct an additional quality test, which is not implemented in the associated process models and instances yet. Compliance violations, in turn, can become costly for companies, e.g., in the case of GDPR violations. Despite these severe consequences, regulatory document changes have not been investigated with respect to their impact on process compliance yet. Furthermore, there is little effort to leverage computer science and technology to contextualize, process, and streamline for a more efficient digitalized compliance management. Challenges comprise i) capturing change of potentially complex regulatory documents, ii) high frequency of regulatory document change, iii) large process model repositories and a plethora of process instances, and iv) changes of process models and instances occurring in concurrency to regulatory document changes. TRPro provides a framework for regulatory document changes with definitions of their structure and formal semantics (i). For this, previous work on NLP-based constraint extraction is exploited and extended. As change semantics targets compliance impact, the set of extracted constraints reflecting regulatory compliance requirements is taken as logical abstraction layer. TRPro provides algorithms for assessing the impact of changes at regulatory document level on the associated process models and instances during design and runtime. Moreover, TRPro elaborates alignments of process models and instances in order to address compliance violations caused by regulatory document changes. Due to challenges ii) and iii), the efficiency of the impact assessment and finding the alignments is crucial, particularly at the presence of concurrent changes (iv). TRPro concepts are prototypically implemented and evaluated on real-world data sets, e.g., EUR-Lex and the GDPR. In summary, TRPro results constitute an important building block in digitalized compliance management by providing comprehensive control on the impact of regulatory document changes on process compliance.

DFG Programme Research Grants

International Connection Netherlands

Cooperation Partner Dr. Karolin Winter