Reviewing Uses of Regulatory Compliance Monitoring

TL;DR

This paper systematically reviews how organizations monitor regulatory compliance in business processes, highlighting techniques used, their applications, and identifying manual steps and research gaps.

Contribution

It provides a comprehensive overview of compliance monitoring techniques, comparing their approaches, and identifying areas for future research and practical improvement.

Findings

Various compliance monitoring steps are performed manually

Different techniques are used for regulatory compliance monitoring

The review highlights research gaps and practical challenges

Abstract

Organizations need to manage numerous business processes for delivering their services and products to customers. One important consideration thereby lies in the adherence to regulations such as laws, guidelines, or industry standards. In order to monitor adherence of their business processes to regulations -- in other words, their regulatory compliance -- organizations make use of various techniques that draw on process execution data of IT systems that support these processes. Previous research has investigated conformance checking, an operation of process mining, for the domains in which it is applied, its operationalization of regulations, the techniques being used, and the presentation of results produced. However, other techniques for regulatory compliance monitoring, which we summarize as compliance checking techniques, have not yet been investigated regarding these aspects in a structural manner. To this end, this work presents a systematic literature review on uses of regulatory compliance monitoring of business processes, thereby offering insights into the various techniques being used, their application and the results they generate. We highlight commonalities and differences between the approaches and find that various steps are performed manually; we also provide further impulses for research on compliance monitoring and its use in practice.