Business Process Regulatory Compliance (BehAPI)
July 8 @ 08:00 - July 12 @ 17:00
Regulatory compliance describes the level of alignment between business processes and legislations, and it represents a complex process where regulations have to be instantiated in terms of a business process, and later check for correctness: the business process should provide evidence that actors fulfilling necessary conditions will eventually be granted with the rights they are entitled to. This is important for governmental case work, that are tightly governed by law. Legislations are far from being digitalised, and to provide a better support for ensuring regulatory compliance of case management processes we need formalisations of the law that can be mechanised and used for determining the legal and the required activities to be carried out at a particular point in a given process. This calls for a logic that can distinguish between what is possible, i.e. legal and may happen, and what is required, i.e. legal and must happen. Which legal constraints are relevant at a particular time for a particular process often varies a lot depending on the case. This calls for a logic in which rules can be dynamically included and excluded, and where adaptation of regulations can be made in an effortless way.
Moreover, case management processes often contain activities and rules that are not described in detail by the law, but still relevant for the effective support of the process. Consequently, we need tools and methods for the formalisation of regulations and processes by different kinds of users and from two different kind of sources: Legal texts formalised by legal experts, and descriptions of practice formalised by process experts.
In this tutorial we will present how the declarative Dynamic Condition Response (DCR) graphs process notation and associated tools have been developed for the formalisation and mechanisation of adaptive case management processes and meets exactly these requirements. Essentially, DCR graphs is a. A (declarative) process language that defines the causal relations between activities, with emphasis in what may happen (conditions) vs. what must be done (responses). It is dynamic, as these relations might change depending on the execution of certain events. b. It is a graphical language that users with no background in formal methods can use, and c. It is a business process execution engine. We will present how DCR graphs have been used in the formalisation of legally-compliant business processes in Danish Municipalities. In particular, we will demonstrate how the recently developed highlighter tool can be used to faciliate model creation and provide traceability between process models and textual descriptions of law and regulations. Rather than describing the process and later inspecting its alignment with law, our approach forms part of the family of Compliance-by-Design (CbD) process development methodologies. The methodology involves the generation of formal models from the legal text, and the refinement of such models into the activities that conform a business process. The advantage of such approach is that there is no further need for testing whether one execution of the process will violate a legal requirement.