Managing Regulatory Compliance: a Business-Centred Approach

MaRCo Vision

MaRCo aims to produce a visual environment for specifying norms and business processes with an underlying formal model, and for checking regulatory compliance of business processes. MaRCo plans to achieve the following objectives in order to attain this goal:

  • Development of textual norm representation languages. This aims at representing and reasoning about regulations concerned with business processes. In particular, we are interested in three challenges in norm compliance. First, business processes incorporate complex temporal constraints and reasoning, concerned also with the dynamics of norms. Second, we want to be able to represent and reason about norms that regulate what should be known in an organization, such as awareness of exceptional circumstances in risk management, and what should not be known in an organization, such as privacy regulations. Third, business regulations not only prescribe which kind of states are permitted or forbidden, but they also regulate the documentation and explanation in business processes.
  • Development of visual language for the representation of business regulations. This language should enable the visual expression of regulations in terms of deontic concepts, such as permissions, prohibitions and obligations. The aim is to produce a language that is usable by business domain experts. The semantics of the visual language is to be expressed in the norm representation language.
  • Development of a tool for modeling norms, business processes and checking compliance. The tool has to support an environment for business process and norm modeling based on the visual language for representing norms, an existing business process modeling language and the norm representation languages. The tool should interface with an existing compliance checking tool. This implies the need for mapping our visual notation of processes and rules to the input language of the verification tool, and mapping the results of the verification tool back to a visual representation in our environment.
  • Study the complexity of the compliance problem. The aim is to study the compliance problem ay an abstract theoretical level. This is known to be a problem of substantial complexity; the aim is to understand it and suggest possible ways to improve the efficiency of compliance checking algorithms.
  • Validation of tool, and developed languages using a case study. This aims at applying the tool to a case study, which involves selecting a case study either from the literature or from industry. The case study is important in validating and refining our tool and languages.