Towards Supporting Business Process Compliance Checking with Compliance Pattern Catalogues - A Financial Industry Case Study

Abstract

Business process compliance checking serves to discover legal or self-regulatory violations in business processes using process models. This way, companies can react to new regulations and avoid violations quickly, hence prevent negative monetary or even legal consequences. In the business process compliance management literature, we find an abundance of approaches supporting business process compliance checking. Although many of these approaches show promise to support business process compliance checking by providing model checking-like methodologies, hardly any of them provide a common list of relevant compliance rules or violations that should be checked for. With this paper, we aim at making a step towards comprehensive catalogues of compliance rules that can be used as input for business process compliance checking approaches. In particular, we analyse two legal documents providing a set of compliance rules for service processes in financial industries. We derive compliance patterns from them and apply them to a large business process model coming from a German IT service provider for banks, using a graph pattern-based compliance checking approach. As a result, we show that deriving business process compliance rules from legal texts leads to meaningful patterns matching several subsections of common process models of financial services. Hence, we can expect catalogues of such patterns to be promising for supporting business process analysts in compliance checking.