Practices, Challenges, and Opportunities When Inferring Requirements From Regulations in the FinTech Sector - An Industrial Study
Parisa Elahidoost, Daniel Mendez, Michael Unterkalmsteiner, Jannik Fischbach, Christian Feiler, Jonathan Streit
TL;DR
The study addresses the challenge of deriving software requirements from regulatory artifacts in FinTech by conducting a four-case industrial analysis at itestra in banking and insurance domains. Using a five-step, mixed-methods approach encompassing interviews, artifact mapping, and collaborative validation, it identifies concrete engineering practices, key challenges, and areas where tool support can improve efficiency, accuracy, and compliance. The findings highlight interpretation difficulties, communication gaps, and dynamic regulatory changes, while pointing to practical tooling opportunities such as document comparison, automated test case generation, and traceability, with NLP and LLM-based interpretations identified as promising future directions. This work provides problem-driven insights to guide practice and future research, aiming to improve regulatory compliance in software engineering within FinTech and similar regulated sectors.
Abstract
[Context and motivation]: Understanding and interpreting regulatory norms and inferring software requirements from them is a critical step towards regulatory compliance, a matter of significant importance in various industrial sectors. [Question/ problem]: However, interpreting regulations still largely depends on individual legal expertise and experience within the respective domain, with little to no systematic methodologies and supportive tools to guide this practice. In fact, research in this area is too often detached from practitioners' experiences, rendering the proposed solutions not transferable to industrial practice. As we argue, one reason is that we still lack a profound understanding of industry- and domain-specific practices and challenges. [Principal ideas/ results]: We aim to close this gap and provide such an investigation at the example of the banking and insurance domain. We conduct an industrial multi-case study as part of a long-term academia-industry collaboration with a medium-sized software development and renovation company. We explore contemporary industrial practices and challenges when inferring requirements from regulations to support more problem-driven research. Our study investigates the complexities of requirement engineering in regulatory contexts, pinpointing various issues and discussing them in detail. We highlight the gathered insights and the practical challenges encountered and suggest avenues for future research. [Contribution]: Our contribution is a comprehensive case study focused on the FinTech domain, offering a detailed understanding of the specific needs within this sector. We have identified key practices for managing regulatory requirements in software development, and have pinpointed several challenges. We conclude by offering a set of recommendations for future problem-driven research directions.