Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Reviewing Uses of Regulatory Compliance Monitoring

Finn Klessascheck, Luise Pufahl

TL;DR

The paper tackles regulatory compliance monitoring in business processes by performing a systematic literature review that distinguishes conformance checking from compliance checking and analyzes their practical deployments, data needs, and reported results. It analyzes 58 studies (41 conformance, 17 compliance) to characterize preparation, action, and reflection phases, revealing that prescriptive models are always manually created and rarely validated, with a heavy reliance on expert knowledge and real-world data that is often not publicly accessible. The review finds that conformance checking is more common in healthcare and finance, while compliance checking spans a broader set of domains and tends to use declarative techniques with multiple process perspectives; there is a notable scarcity of automated or real-time deployments and a lack of shared datasets. Based on these findings, the paper outlines concrete research opportunities, emphasizing hybrid approaches, automated prescriptive-model derivation, broader domain applications (including sustainability), and extensible tooling to improve practical adoption and transparency.

Abstract

Organizations need to manage numerous business processes for delivering their services and products to customers. One important consideration thereby lies in the adherence to regulations such as laws, guidelines, or industry standards. In order to monitor adherence of their business processes to regulations -- in other words, their regulatory compliance -- organizations make use of various techniques that draw on process execution data of IT systems that support these processes. Previous research has investigated conformance checking, an operation of process mining, for the domains in which it is applied, its operationalization of regulations, the techniques being used, and the presentation of results produced. However, other techniques for regulatory compliance monitoring, which we summarize as compliance checking techniques, have not yet been investigated regarding these aspects in a structural manner. To this end, this work presents a systematic literature review on uses of regulatory compliance monitoring of business processes, thereby offering insights into the various techniques being used, their application and the results they generate. We highlight commonalities and differences between the approaches and find that various steps are performed manually; we also provide further impulses for research on compliance monitoring and its use in practice.

Reviewing Uses of Regulatory Compliance Monitoring

TL;DR

The paper tackles regulatory compliance monitoring in business processes by performing a systematic literature review that distinguishes conformance checking from compliance checking and analyzes their practical deployments, data needs, and reported results. It analyzes 58 studies (41 conformance, 17 compliance) to characterize preparation, action, and reflection phases, revealing that prescriptive models are always manually created and rarely validated, with a heavy reliance on expert knowledge and real-world data that is often not publicly accessible. The review finds that conformance checking is more common in healthcare and finance, while compliance checking spans a broader set of domains and tends to use declarative techniques with multiple process perspectives; there is a notable scarcity of automated or real-time deployments and a lack of shared datasets. Based on these findings, the paper outlines concrete research opportunities, emphasizing hybrid approaches, automated prescriptive-model derivation, broader domain applications (including sustainability), and extensible tooling to improve practical adoption and transparency.

Abstract

Organizations need to manage numerous business processes for delivering their services and products to customers. One important consideration thereby lies in the adherence to regulations such as laws, guidelines, or industry standards. In order to monitor adherence of their business processes to regulations -- in other words, their regulatory compliance -- organizations make use of various techniques that draw on process execution data of IT systems that support these processes. Previous research has investigated conformance checking, an operation of process mining, for the domains in which it is applied, its operationalization of regulations, the techniques being used, and the presentation of results produced. However, other techniques for regulatory compliance monitoring, which we summarize as compliance checking techniques, have not yet been investigated regarding these aspects in a structural manner. To this end, this work presents a systematic literature review on uses of regulatory compliance monitoring of business processes, thereby offering insights into the various techniques being used, their application and the results they generate. We highlight commonalities and differences between the approaches and find that various steps are performed manually; we also provide further impulses for research on compliance monitoring and its use in practice.
Paper Structure (31 sections, 11 figures, 3 tables)

This paper contains 31 sections, 11 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Compliance Monitoring
  4. Conformance Checking
  5. Compliance Checking
  6. Related Work
  7. Research Method
  8. Results
  9. Preparation
  10. Domain
  11. Goals
  12. Prescriptive Model Creation
  13. Prescriptive Model Validation
  14. Data Origin and Data Availability
  15. Action
  16. ...and 16 more sections

Figures (11)

  • Figure 1: Conceptual overview of compliance monitoring with conformance checking or compliance monitoring, adapted from klessascheckUnlocking2024lyComplianceMonitoringBusiness2015
  • Figure 2: Search process of Search A for relevant literature, adapted from klessascheckReviewingConformance2024
  • Figure 3: Search process of Search B for relevant literature, adapted from klessascheckReviewingConformance2024
  • Figure 4: Lifecycle and phases of compliance monitoring, adapted from Carmona et al.'s lifecycle of conformance checking projects carmona2018conformance, used in this study to guide data extraction and synthesis
  • Figure 5: Distribution of studies found for Search A (conformance) and Search B (compliance) per year
  • ...and 6 more figures