Abstract
Legal compliance is an important part of certifying the correct behaviour of a business process. To be compliant, organizations might hard-wire regulations into processes, limiting the discretion that workers have when choosing what activities should be executed in a case. Worse, hard-wired compliant processes are difficult to change when laws change, and this occurs very often. This paper proposes a model-driven approach to process compliance and combines a) reference models from laws, and b) business process models. Both reference and process models are expressed in a declarative process language, The Dynamic Condition Response (DCR) graphs. They are subject to testing and verification, allowing law practitioners to check consistency against the intent of the law. Compliance checking is a combination of alignments between events in laws and events in a process model. In this way, a reference model can be used to check different process variants. Moreover, changes in the reference model due to law changes do not necessarily invalidate existing processes, allowing their reuse and adaptation. We exemplify the framework via the alignment of laws and business rules and a real contract change management process, Finally, we show how compliance checking for declarative processes is decidable, and provide a polynomial time approximation that contrasts NP complexity algorithms used in compliance checking for imperative business processes. All-together, this paper presents technical and methodological steps that are being used by legal practitioners in municipal governments in their efforts towards digitalization of work practices in the public sector.
Chapter PDF
Similar content being viewed by others
Keywords
References
Aalst, van der, W.: Process mining: discovery, conformance and enhancement of business processes. Springer, Germany (2011). https://doi.org/10.1007/978-3-642-19345-3
Agafitei, S.: Usability and understandability studies of business process notations within the construction industry. Master’s thesis, IT University of Copenhagen (August 2019)
Andaloussi, A.A., Buch-Lorentsen, J., López, H.A., Slaats, T., Weber, B.: Exploring the modeling of declarative processes using a hybrid approach. In: Laender, A.H.F., Pernici, B., Lim, E.P. (eds.) Intl. Conference on Conceptual Modelling (ER). Lecture Notes in Computer Science, vol. 11788. Springer (4 2019)
Awad, A., Weidlich, M., Weske, M.: Visually specifying compliance rules and explaining their violations for business processes. Journal of Visual Languages & Computing 22(1), 30–55 (Feb 2011)
Basin, D.A., Debois, S., Hildebrandt, T.T.: In the nick of time: Proactive prevention of obligation violations. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27 - July 1, 2016. pp. 120–134. IEEE Computer Society (2016). https://doi.org/10.1109/CSF.2016.16
Carbone, M., Hildebrandt, T.T., Perrone, G., Wasowski, A.: Refinement for transition systems with responses. In: Bauer, S.S., Raclet, J. (eds.) Proceedings Fourth Workshop on Foundations of Interface Technologies, FIT 2012, Tallinn, Estonia, 25th March 2012. EPTCS, vol. 87, pp. 48–55 (2012). https://doi.org/10.4204/EPTCS.87.5
Council of European Union: Regulation (eu) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. https://publications.europa.eu/s/llVw (May 2016)
Danish Parliament (Folketinget): Act on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the data protection act). https://www.datatilsynet.dk/media/6894/danish-data-protection-act.pdf (May 2018)
Debois, S., Hildebrandt, T., Slaats, T.: Concurrency and asynchrony in declarative workflows. In: Business Process Management (BPM). LNCS, vol. 9253. Springer, Cham (2016)
Debois, S., Hildebrandt, T.T., Slaats, T.: Safety, liveness and run-time refinement for modular process-aware information systems with dynamic sub processes. In: Bjørner, N., de Boer, F.S. (eds.) FM. LNCS, vol. 9109, pp. 143–160. Springer (2015). https://doi.org/10.1007/978-3-319-19249-9_10
Debois, S., Hildebrandt, T.T., Slaats, T.: Replication, refinement & reachability: complexity in dynamic condition-response graphs. Acta Informatica pp. 1–32 (2017). https://doi.org/10.1007/s00236-017-0303-8
Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A., et al.: Fundamentals of business process management, vol. 1. Springer (2013)
Governatori, G.: The regorous approach to process compliance. In: Proceedings of the 2015 IEEE 19th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, EDOCW 2015. pp. 33–40 (2015)
Governatori, G., Sadiq, S.: The journey to business process compliance. Handbook of Research on Business Process Modeling pp. 426–454 (2009). https://doi.org/10.4018/978-1-60566-288-6.ch020
Governatori, G.: Representing business contracts in ruleml. International Journal of Cooperative Information Systems 14(02n03), 181–216 (2005)
Governatori, G.: Thou shalt is not you will. In: Proceedings of the 15th International Conference on Artificial Intelligence and Law. pp. 63–68. ICAIL ’15, ACM, New York, NY, USA (2015). https://doi.org/10.1145/2746090.2746105
Governatori, G., Rotolo, A.: How do agents comply with norms? In: Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology-Volume 03. pp. 488–491. IEEE Computer Society (2009)
Governatori, G., Rotolo, A.: Norm Compliance in Business Process Modeling. In: Semantic Web Rules. pp. 194–209. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg (Oct 2010). https://doi.org/10.1007/978-3-642-16289-3_17
Hashmi, M., Governatori, G., Lam, H.P., Wynn, M.T.: Are we done with business process compliance: state of the art and challenges ahead. Knowledge and Information Systems pp. 1–55 (2018)
Hashmi, M., Governatori, G., Wynn, M.T.: Normative requirements for business process compliance. In: Australian Symposium on Service Research and Innovation. pp. 100–116. Springer (2013)
Hashmi, M., Governatori, G., Wynn, M.T.: Normative requirements for regulatory compliance: An abstract formal framework. Information Systems Frontiers 18(3), 429–455 (2016).
Hildebrandt, T.T., Mukkamala, R.R.: Declarative event-based workflow as distributed dynamic condition response graphs. In: PLACES. vol. 69, pp. 59–73 (2010)
Hildebrandt, T.T., Mukkamala, R.R., Slaats, T.: Nested dynamic condition response graphs. In: FSEN. LNCS, vol. 7141, pp. 343–350. Springer (2011)
Hildebrandt, T.T., Mukkamala, R.R., Slaats, T., Zanitti, F.: Contracts for cross-organizational workflows as timed dynamic condition response graphs. Journal of Logic and Algebraic Programming 82(5-7), 164–185 (2013)
Hildebrandt, T.T., Slaats, T., López, H.A., Debois, S., Carbone, M.: Declarative choreographies and liveness. In: Formal Techniques for Distributed Objects, Components, and Systems, FORTE. LNCS, Springer, Accepted for Publication (February 2019)
Knuplesch, D., Reichert, M.: A visual language for modeling multiple perspectives of business process compliance rules. Software & Systems Modeling 16(3), 715–736 (2017)
Legal Information Institute, Cornell Law School: Stare decisis. https://www.law.cornell.edu/wex/stare_decisis (May 2019)
López, H.A.: Foundations of Communication-Centred Programming. Ph.D. thesis, IT University of Copenhagen (2012)
López, H.A., Debois, S., Hildebrandt, T.T., Marquard, M.: The process highlighter: From texts to declarative processes and back. In: BPM (Dissertation/Demos/Industry). CEUR Workshop Proceedings, vol. 2196, pp. 66–70. CEUR-WS.org (2018)
López, H.A., Marquard, M., Muttenhaler, L., Strømsted, R.: Assisted declarative process creation from natural language descriptions. In: Franke, U., Kornyshova, E., Lê, L.S. (eds.) 23rd IEEE International Enterprise Distributed Object Computing (EDOC). vol. 2325–6605, pp. 96–99. IEEE (10 2019)
Ly, L.T., Rinderle-Ma, S., Göser, K., Dadam, P.: On enabling integrated process compliance with semantic constraints in process management systems. Information Systems Frontiers 14(2), 195–219 (Apr 2012). https://doi.org/10.1007/s10796-009-9185-9
Mukkamala, R.R., Hildebrandt, T.T., Slaats, T.: Towards trustworthy adaptive case management with dynamic condition response graphs. In: EDOC. pp. 127–136. IEEE Computer Society (2013)
Nekrasaite, V., Parli, A.T., Back, C.O., Slaats, T.: Discovering responsibilities with dynamic condition response graphs. In: Conference on Advanced Information Systems Engineering (CAiSE) (2019)
Object Management Group UML Technical Committee: Unified Modeling Language, version 2.5.1 (2017), http://www.omg.org/spec/UML/2.5.1/
OMG: Business Process Model and Notation (BPMN), Version 2.0 (January 2011), http://www.omg.org/spec/BPMN/2.0
Ottensooser, A., Fekete, A., Reijers, H.A., Mendling, J., Menictas, C.: Making sense of business process descriptions: An experimental comparison of graphical and textual notations. Journal of Systems and Software 85(3), 596–606 (2012). https://doi.org/10.1016/j.jss.2011.09.023, novel approaches in the design and implementation of systems/software architecture
Pesic, M., van der Aalst, W.: A Declarative Approach for Flexible Business Processes Management. Lecture Notes in Computer Science 4103, 169 (2006)
Pesic, M., Schonenberg, H., Aalst, W.M.P.v.d.: DECLARE: Full Support for Loosely-Structured Processes. In: EDOC. pp. 287–287 (Oct 2007). https://doi.org/10.1109/EDOC.2007.14
Ramezani, E., Fahland, D., Aalst, W.M.P.v.d.: Where Did I Misbehave? Diagnostic Information in Compliance Checking. In: Business Process Management. pp. 262–278. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg (Sep 2012). https://doi.org/10.1007/978-3-642-32885-5_21
Regione Liguria: Legge regionale n.16 del 6 giugno 2008 e successive modifiche (2008), https://www.regione.liguria.it/components/com_publiccompetitions/includes/download.php?id=9145:legge-regionale-n-16-del-6-giugno-2008-e-successive-modifiche.pdf
Schleicher, D., Anstett, T., Leymann, F., Schumm, D.: Compliant Business Process Design Using Refinement Layers. In: On the Move to Meaningful Internet Systems: OTM 2010. pp. 114–131. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg (Oct 2010). https://doi.org/10.1007/978-3-642-16934-2_11
Slaats, T., Debois, S., Hildebrandt, T.T.: Open to change: A theory for iterative test-driven modelling. In: BPM. Lecture Notes in Computer Science, vol. 11080, pp. 31–47. Springer (2018)
Strømsted, R., López, H.A., Debois, S., Marquard, M.: Dynamic evaluation forms using declarative modeling. In: BPM (Dissertation/Demos/Industry). CEUR Workshop Proceedings, vol. 2196, pp. 172–179. CEUR-WS.org (2018)
The Danish Ministry of Social Affairs and the Interior: Consolidation Act on Social Services (Sep 2015), http://english.sm.dk/media/14900/consolidation-act-on-social-services.pdf, Executive Order no. 1053 of 8 September 2015; File no. 2015-4958
Tosatto, S.C., Governatori, G., van Beest, N.: Checking regulatory compliance: Will we live to see it? In: International Conference on Business Process Management. pp. 119–138. Springer (2019)
Zugal, S., Pinggera, J., Weber, B.: Creating declarative process models using test driven modeling suite. In: International Conference on Advanced Information Systems Engineering. pp. 16–32. Springer (2011)
Acknowledgments
Thanks to Nicklas Healy from Syddjurs Kommune, and Paolo Gangemi from MAPS Group for their evaluations on the compliance framework. This work has been financially supported by the Innovation Fund Denmark project EcoKnow.org (7050-00034A), and the European Union Marie Sklodowska-Curie grant agreement BehAPI No.778233.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2020 The Author(s)
About this paper
Cite this paper
López, H.A., Debois, S., Slaats, T., Hildebrandt, T.T. (2020). Business Process Compliance Using Reference Models of Law. In: Wehrheim, H., Cabot, J. (eds) Fundamental Approaches to Software Engineering. FASE 2020. Lecture Notes in Computer Science(), vol 12076. Springer, Cham. https://doi.org/10.1007/978-3-030-45234-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-45234-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45233-9
Online ISBN: 978-3-030-45234-6
eBook Packages: Computer ScienceComputer Science (R0)
