=Paper=
{{Paper
|id=None
|storemode=property
|title=Interpreting Regulations with SBVR
|pdfUrl=https://ceur-ws.org/Vol-1004/paper6.pdf
|volume=Vol-1004
|dblpUrl=https://dblp.org/rec/conf/ruleml/Abi-LahoudBCH13
}}
==Interpreting Regulations with SBVR ==
https://ceur-ws.org/Vol-1004/paper6.pdf
Interpreting Regulations with SBVR
Elie Abi-Lahoud1, Tom Butler1, Donald Chapin2, John Hall3
1
University College Cork
e.abilahoud@ucc.ie, tbutler@afis.ucc.ie
2
Business Semantics Ltd
donald.chapin@businesssemantics.com
3
Model Systems
john.hall@modelsystems.co.uk
Abstract. The wide and complex spectrum of regulations, especially in the
financial services industry, calls for machine assistance in making sense of, and
in consuming, regulatory text. This paper describes an approach to interpreting
regulations with SBVR. The purpose is to clarify ambiguity in regulations by
developing a shared vocabulary and shared guidance based on the regulatory
text. The on-going work presented in this paper is part of the Governance, Risk
and Compliance Technology Centre’s (Ireland) current research activities that
include the development of policy advice on compliance with US Anti-Money
Laundering (AML) regulations for companies that are governed by these
regulations. The approach is based on the navigation of US public databases –
Federal Register, Code of Federal Regulations and US Code – to identify
subsets of AML regulation relevant to companies based outside the USA.
These subsets are imported into an SBVR toolset, where they are analysed and,
if necessary, interpreted by the legal and financial experts on the team. A
standardized vocabulary for AML is being developed in SBVR, together with
advice on regulatory intent and formal expression of rules with which regulated
companies must comply.
Keywords: case study, compliance, human language, regulation, SBVR.
1 Introduction
1.1 Overview
The work described here is a proof of concept undertaken by Ireland’s Governance, Risk and
Compliance Technology Centre (GRCTC) - an application of the Semantics of Business
Vocabulary and Business Rules (SBVR) [11]. It consists of:
• Analysis of US regulations that are relevant to companies based in Ireland;
• Interpretation of the regulation source text and editing it into more formal
representations using SBVR tools;
• Development of policies and rules for enforcement of the regulations, and advice to
regulated companies on compliance.
The concept definitions developed in SBVR will eventually become part of two OWL2
ontologies being developed by GRCTC for the financial industry.
1.2 GRCTC
The GRCTC is an industry led, collaborative programme of research and innovation into
Governance, Risk and Compliance (GRC) of the financial services industry. It has a
consortium of academic partners and an industry steering consortium. Membership is open to
companies and research providers with an office in Ireland and an interest in developing
competence, outputs and technologies related to GRC in the financial services industry.
The programme is led by a multidisciplinary team of computer scientists and legal and
financial subject matter experts (SMEs) at University College Cork. Its mission is to research
�and develop industry-ready GRC solutions for the financial services industry to help industry
stakeholders commercialise related GRC technologies.
1.3 Context
A major strand of GRCTC’s activity is development of the Financial Industry Regulatory
Ontology (FIRO) and the Financial Industry Governance Risk and Compliance Ontology
(FIGO). FIRO will enable efficient access to the wide and complex spectrum of financial
industry regulations, relying on formal semantics and regulatory rules. FIGO will provide
formal semantics, a GRC knowledge base, and data models to inform and integrate GRC
practices and data in the financial industry.
GRCTC has been invited by the Finance Domain Task Force of the Object Management
Group (OMG) to submit FIRO for progression to an international standard.
1.4 SBVR
In 2013, GRCTC adopted the OMG’s SBVR as its basis for FIRO and FIGO. SBVR is a
vocabulary – more precisely, an ISO terminological dictionary – for defining business
concepts and rules, represented in simplified natural language. It is based on ISO terminology
standards and practice.
SBVR is business-oriented. It was developed for definition of things in a business (rather than
the data that would represent them in information systems) and policies and rules that
constrain the relationships between them and govern the activities in which they play roles.
An SBVR terminological dictionary + rulebook (“business vocabulary + rules”) comprises:
• Noun concepts, which correspond to things in a business
• Verb concepts, which correspond to relationships between defined things
• Definitional rules, which constrain these relationships
• Behavioral rules, which govern business activities in which defined things play roles
SBVR contains the noun concepts, verb concepts and definitional rules needed to define the
noun concepts, verb concepts, definitional rules and behavioral rules for a specific business or
business domain, such as Anti-Money-Laundering. SBVR is itself defined in SBVR, and any
domain-specific terminological dictionary + rulebook is an extension of SBVR.
SBVR itself does not include behavioral rules. SBVR is a terminological dictionary that
defines what SBVR is, including what behavioural rules are and how to specify them. But
behavioral rules govern business activities and SBVR contains no business activities. The
rules that govern how SBVR should be used are a matter for tool developers, methodologists,
trainers and quality auditors.
Behavioral rules are typically defined for operational business activities. For GRCTC’s work
they are the rules that govern what regulated companies must do in order to comply with the
AML regulations.
A terminological dictionary + rulebook defined with SBVR should be complete and
consistent:
• Each noun concept must be explicitly defined, or adopted from an authoritative
source, or acknowledged as ‘implicitly understood’ (the everyday natural language
meaning of the term used).
• Only recognized noun concepts may play roles in verb concepts
• Rules may be built only from defined verb concepts and a defined set of structure
elements (obligation, necessity, if … then, that, at least…).
SBVR does not have a normative syntax; any syntax that has adequate expressive power is
acceptable. SBVR is specified in SBVR Structured English (SE), a simplified version of
natural English, and SBVR SE is probably the most widely used syntax for domain-specific
SBVR models. The conceptual model is separated from the external representation, and any
(suitable simplified) natural language may be used.
�SBVR definitions and rules are intended for people in the business. They can be transformed
to machine-readable ontologies, or to data models and rules for information systems that
would support a business defined using SBVR.
1.5 Proof of Concept (PoC)
The GRCTC is developing a number of proofs of concept for FIRO and FIGO. One is the
work described here. This focuses on the application of US Anti-Money-Laundering (AML)
regulations. Some financial companies based in Ireland, including Irish companies that trade
in the USA and Irish subsidiaries of US companies, are governed by a subset of these
regulations. The scope of this PoC, however, is broader because the US Anti-Money-
Laundering regulations apply to all Financial Services companies, in Europe or elsewhere,
doing business in the US.
The purpose of the proof of concept is to demonstrate the capture of relevant US AML
regulations and the formalisation of their vocabulary and rules as a basis for guidance on
compliance. The results are:
• The relevant subsets of US AML regulations
• Interpretation of regulatory intent
• Behavioral rules with which industry partners must comply, and the vocabulary that
defines their meaning, expressed in SBVR SE
• AML content for FIRO and FIGO
1.6 Related Work
The basis of the approach used by GRCTC originated in OntoRule [http://ontorule-project.eu],
an EU Framework 7 project that ran from 2009 – 2011. The OntoRule case study for
interpretation of regulation was undertaken by Laboratoire d'Informatique de Paris Nord
(LIPN) and Audi AG, using a subset of EU regulations for car safety systems (seatbelts,
airbags, brakes). The approach for the case study used SBVR constructs as patterns for
analysis of regulation source text, using LIPN’s Terminae software; it is described in [12].
LIPN has continued to develop the approach, as described in [9], [10] and [11].
2 The US Regulatory Framework
The approach taken for the proof of concept is enabled by the framework of US law and
regulation.
US laws are created by Congress and most are codified in the United States Code (USC) [2].
Congress delegates authority for rules and regulations to departments and executive agencies,
such as the US Treasury Department, which publish enforceable regulations that implement
the laws. The division of authority is summarised in Figure 1.
Congress passes Laws Executive Agencies Issue Rules/Regulations
Publish in Slip Law/Statutes at Large: Publish in Federal Register (FR): codified in Code of
codified in US Code (USC) Federal Regulations (CFR)
Power is determined by Constitution Power is delegated by Congress
Courts review for: Courts review for:
• Constitutionality • constitutionality & limits of delegated authority
• arbitrary and capricious actions
• Administrative Procedure Act requirements
Congress acts collectively to represent the Agencies must seek and consider public comment on
will of the people benefits of rules vs. burdens and costs
Set broad social and economic goals and Prescribe specific legal requirements to meet goals
legal requirements
Figure 1: US Regulatory Authority
�Regulations (‘rule’ and ‘regulation’ are synonyms in the US regulatory domain) are published
in the Federal Register (FR) [3], a daily journal that includes all proposed and final rules.
The Code of Federal Regulations (CFR) [4] is the codification of the final rules published in
FR, showing the aggregated effect of related rules. Rules published in FR are defined as
changes to be made to CFR.
Entries in CFR refer to laws in USC for authorizations and definitions. The relationship
between FR, CFR and USC is illustrated in Figure 2.
Codified in
US Code
Laws
(USC)
Regulatory agency writes rules Refers to
Published in
Codified in Code of Federal
Federal Register
Regulations
(FR)
(CFR)
Figure 2: US Regulatory Framework
There is a statutory obligation to publish rules in FR, first as proposed rules, open for public
discussion, and then as final rules, which define explicit changes to CFR. Final rule
documents include the public discussion and responses from the regulatory agency, which is
helpful for SMEs in understanding the intent of the rules.
The Code of Federal Regulations is organized as:
• 50 Titles, each naming a broad subject area for regulation (e.g. 12: Banks and
Banking)
• Chapter: the rules of a single agency
• Part: rules on a single program or function
• Section: one provision of program/function rules
Sections are composed of paragraphs, numbered to up to 6 levels of subparagraph. A rule
published in FR is normally within the remit of a single agency, and usually specifies CFR
changes as addition, deletion or replacement of individually-identified paragraphs or
subparagraphs.
3 Proof of Concept
3.1 Scope
The base document for the proof of concept was the FR final rule (76 FR 45403) “Bank
Secrecy Act Regulations - Definitions and Other Regulations Related to Prepaid Access” [5],
an 18-page document from the Financial Crimes Enforcement Network of the Treasury
Department. Its scope is illustrated in Figure 3.
Like many FR rules, the direct scope was fairly narrow; it changed only 5 sections of 31 CFR
Chapter X (namely, §1010.100, §1022.210, §1022.320, §1022.380, §1022.420). The open-
ended aspect was the dependence on definitions in USC and other sections of CFR, which
were needed for full understanding of the business impact of the changes.
The solution adopted was to introduce ‘stubs’, determined by the SMEs who were interpreting
regulatory text. If a reference is encountered to a concept that would be familiar to people
working in the domain (e.g. “investment company as defined in section 3 of the Investment
Company Act of 1940 (15 U.S.C. 80a–3)”), an SME can declare it as a ‘stub’ and no further
referencing will be followed. Over time, this truncation will be corrected. When the scope of
�the work extends into areas that affect the concept, the stub will be replaced by the full
definition, together with any further referencing needed.
USA PATRIOT Codified in USC Titles
Act 5, 7, 12, 15, 18,
of 2001 22, 25, 26, 31
Rules written by Treasury
Published in Uses definitions from
31 CFR
parts
Codified in 31 CFR
76 FR 45403
Parts 1010 &
(July 29, 2011)
1022
Figure 3: Scope of Proof of Concept
3.2 Selection of Regulatory Content
The regulations are presented in CFR. Two approaches were considered for selection of
relevant subsets:
• Analysing the full content of 31 CFR X. This at first seemed the simpler approach,
but would require consideration of over 100,000 words of source text, before
following references to USC.
• Starting with the FR rule and following its changes through 31 CFR X. This resulted
in a text of less than 26,000 words (equivalent to a little over 38 pages of 10-point
type), including 28 references to USC, 16 to parts of 31 CFR X not directly changed
by the rule, and 6 stubs.
The second approach was adopted. It provided a more ‘digestible’ text size for SMEs, and
focused on the regulatory intent of the published rule. Also, it provides an approach that can
be used directly with new rules as they are published.
3.3 Analysis and Formalization
The sections of 31 CFR 1022 amended by 76 FR 45403 use terms defined in section
§1010.100 “General Definitions”. Before capturing in SBVR the interpretation of sections
amended by 76 FR 45403, the SMEs captured, in SBVR SE, the definitions of §1010.100.
These definitions are reused, in their SBVR format, while interpreting 76 FR 45403. The
SMEs were able to capture in SBVR SE the definitions of 66 terms/concepts directly from
section §1010.100. They also identified another set of 180 external terms/concepts. Those
terms are not directly defined in §1010.100. Domain practitioners implicitly understand more
than half, while the rest could be defined using business dictionaries or standardised industry
vocabularies. In this proof-of-concept, terms defined in the Financial Industry Business
Ontology1 (FIBO [6]) were identified.
Having the “general definitions” in SBVR, the next step is to capture the interpretations of the
four sections of 31 CFR X amended by 76 FR 45403. The task was assigned to a team of four
SMEs. A straightforward division of labour could be done by attributing a section to each
SME. However, a quick read of the amended sections reveals overlaps between them. To
minimise having two or more SMEs modelling the same ‘Things’ (i.e. defining the same
SBVR elements for the same Thing - noun concepts, verb concepts, etc.), a theme-based
1
FIBO is an Industry standard being developed by the Enterprise Data Management Council and the
Object Management Group. As a common language, it bridges the language gap between business and
technology. As a machine-readable knowledge model, it facilitates the development of semantic
applications for the financial industry.
�division of labour was adopted. First, the content of each section is broken down into themes
or categories. For example, §1022.380 Registration of money service business could be
broken down in three themes or categories as follows:
1. Agency related provisions: 1022.380 (a) (3) and (4) (d)(1)(2) (E) (F) (G)(H)(ii)
2. Registration related provisions: (a)(1)(b)(1)(i)-(iii) (a)(2)(3)(4)(c)
3. Compliance related provisions: (e) (f)
Second, the identified themes are cross-referenced between sections and consolidated under
theme headers. The result is eleven consolidated themes, which are then regrouped in four
work streams, one for each SME. Appendix B details the division of labour aiming to attribute
a (cross-sections) theme to each SME.
Each SME starts interpreting the rules assigned to him/her following the protocol described in
Figure 4. The aim is to identify modified verb concepts, supporting verb concepts and noun
concepts.
1- Read the text
2- Identify modalities (Obligations, prohibitions, etc.)
3- For each modality
a. Add the relevant modality keyword
b. Identify the English verb on which the modality is applied
c. Stylise this verb using the SBVR verb style
d. Identify the noun concepts (general, individual, etc.) or the
verbal phrase(s) playing the roles in this verb
e. If the verb roles are played by noun concepts, complete the
SBVR modified verb concept by stylising the identified the
noun concepts
i. Add all the stylised noun concepts the
noun_concepts_list
f. If the verb roles are played by verbal phrases, stylise each
verbal phrase by identifying English verbs, SBVR noun
concepts and keywords
i. Add each verbal phrase to the
supporting_verb_concepts_list
4- For each noun concept in noun_concepts_list
i. Start enriching by identifying the characteristic of
each noun concept (if any)
ii. Identify other definition elements
Figure 4: SBVR-based Rule Interpretation Protocol
To illustrate the previously described protocol, take for example, §1022.210 (d)(iv):
“iv) Money services business […] must establish procedures to verify the identity of a
person who obtains prepaid access under a prepaid program and […]”
The first part of this rule expresses the obligation to “establish procedures to verify […]”. The
obligation is on the verb “establish”. It will be stylised in the SBVR verb style (blue italic in
SBVR SE). The first role is played by “Money services business” which is a general noun
concept in SBVR (styled as green underlined in SBVR SE). According to Figure 5, Money
services business is stylised as a noun concept and added to the noun concepts list to be
further defined. The second role is played by “procedures to verify […]”. Procedures is styled
as a noun concept, “to verify” as a verb, “the” as a keyword (styled orange in SBVR SE), etc.
Below is a suggested formalisation of the rule based on the protocol described in Figure 5:
It is obligatory that each money services business establishes procedures to verify the
identity of the person obtaining prepaid access under a prepaid programme.
The modified verb concept is ‘money services business establishes procedures’. One
supporting verb concept is ‘person obtaining prepaid access under a prepaid programme’.
Note each of the noun concepts are added to the noun concepts list and defined in a later phase
(if the definition is not given by the current section or the general definitions section).
Appendix C describes a more detailed example of SBVR interpretation of § 1022.210 (a).
�4 Implementation and Future Work
Two software tools assist the SMEs in their SBVR interpretation along with a rich text editor
(MS Word in this case). First, Confluence by Atlassian is a shared wiki with commenting
functionalities that serves as a collaborative editing platform. Second, Designs for
Management™ by Business Semantics is an SBVR editing suite that validates SBVR
interpretations and generates machine-readable vocabularies and rules in the XML Metadata
Interchange format based on the SBVR metamodel.
4.1 Phase 1: Collaborative Interpretation
The first phase consists of collaborative interpretation of the regulatory text limited in scope
as described in section 3.1. An MS-Word template is used to capture the interpretations
following the protocol described in Figure 4, whereas a classic collaborative wiki is mainly
used to capture definitions of noun concepts. Its commenting functionalities allow the SMEs
to interact on a given concept definition and discuss potential semantic precisions. They could
vote on a definition or on a revision leaving an audit trail of the Vocabulary development.
Appendix D illustrates how the SMEs used this wiki in the context of this proof of concept.
This phase resulted in identifying more than 300 noun concepts. Those concepts were (i)
defined within the scoped regulation or (ii) commonly understood or (iii) defined by SMEs
using domain authoritative sources. It also resulted in formalizing around 200 behavioral rules
based on 76 FR 45403. This number along with the number of definitional rules is expected to
evolve after the completion of phase 2 described hereafter.
4.2 Phase 2: Validation and Generation of a Machine-readable Vocabulary
Having a candidate vocabulary and a set of candidate behavioral rules, the second phase
consists of validating and presenting them in a machine-readable format using Designs for
Management™ (DesignsForManagement.com). The latter is an SBVR-based software suite. It
is used to ensure that the SBVR regulatory business vocabulary, and the regulatory guidance
rules content are complete, consistent and compliant with the SBVR standard.
Designs for Management provides three ways to capture SBVR content:
1. Import from MS Word documents that use an SBVR SE template. This capability
was used by the Object Management Group to import the SBVR and Date-Time
Vocabulary standards as well as the SBVR EU-Rent Example.
2. Convert text in existing documents into SBVR terms and definitions with a right
mouse menu option in the module: Smart Documentation™ editor.
3. Add new SBVR business vocabulary and business policy & rule entries using a
forms interface that is supported by an AutoComplete function that inserts defined
terms; definitions can be viewed by moving the mouse over the terms.
Once SBVR interpretations are entered in Designs for Management™, it validates them
against the SBVR specification using several techniques. SBVR Terminological Dictionaries
and Rulebooks, whether validated on under construction, can be displayed, printed and saved
in HTML, MS Word and PDF formats. Moreover, SBVR model content can be exchanged in
conformance with clause 2 of the SBVR specification [11] in the XML Metadata Interchange
format. Appendix E, further describes the software architecture of Designs for Management™
and briefly presents its major modules, namely, Smart Glossary™, Smart Documentation™
and Clear Guidance™.
On-going work currently consists of importing the templates populated in phase 1 into
Designs for Management™. This import/validation exercise helped identifying
inconsistencies and/or omissions to be addressed by the SMEs. At the time of writing this
paper, the curation and the consolidation of the vocabulary and the rules from phase 1 is not
complete. However, a demonstration of a consistent SBVR vocabulary and rulebook for the
EU Rent example 1.2 from the SBVR specification is publicly available in Designs for
Management™ (at DesignsForManagement.com).
�4.3 Future work
Part of the GRCTC research roadmap (cf. section 1) consists of creating a set of ontologies
and data models for the financial industry using the developed SBVR vocabularies and rules
as a starting point.
Currently, there is limited support for automated transformation. The SBVR-based
vocabularies in the work done by LIPN, described above, were transformed to OWL
ontologies, but this was done with LIPN’s own software rather than SBVR-specific tools.
In general, transformation from SBVR to machine-readable ontologies involves manual
intervention by SMEs. The process is well understood, but the transformation requires
business decisions about business content that is not easily represented in formal information
structures such as logical data models (other than as carried-forward text, perhaps styled in
SBVR SE). Chapin and Hall [2] present a tutorial on transformations from an SBVR
terminological dictionary to one or more logical data models. Tool support is currently
experimental.
The OMG’s Date-Time Vocabulary, developed as a foundation vocabulary to extend SBVR,
has been transformed to an OWL2 Ontology [7]. Aspects of SBVR that have no OWL
equivalents are carried forward as OWL annotations. This approach is one option raised in [8],
which suggests several possibilities for separating SBVR content that is not easily represented
in OWL.
There is less experience in transforming rules. SBVR has two kinds of rules: definitional
(alethic) and behavioral (deontic). Definitional rules are the basis of constraints on
associations in data models and ontologies and are addressed in the work referenced above.
Behavioral rules govern or support activities. In SBVR they are declarative – they define
states the business must be in (e.g. “a customer’s debt must not exceed his credit limit”). They
can be directly supported in relational database systems by stored procedures and data base
triggers, but many rules-based applications use production rules, which are procedural (e.g. “if
the price of a new order would take the customer’s debt over his credit limit, then reject the
order”). There is a fairly simple tutorial for transforming SBVR behavioral rules into
production rules compliant with the OMG’s Production Rule Representation (PRR) standard,
referencing the data model derived from the corresponding SBVR terminological dictionary.
Future work will, therefore, consist of leveraging the techniques previously mentioned to
transform the SBVR interpretations to machine-readable ontologies, data models and rules.
5 Conclusions
This paper described a proof-of-concept on interpreting regulations using Semantics of
Business Vocabulary and Business Rules (SBVR). This work was carried out as part of the
research program of the Governance, Risk and Compliance Technology Centre in Ireland
(GRCTC). After a brief description of the research context and the US Regulatory
Framework, the proof of concept was detailed. First, the approach taken to limit to scope of
interpretation within a regulatory document is described. Second, the division of labour
between Subject Matter Experts (SMEs) is discussed. Third, the SBVR-based rule
interpretation protocol was described and illustrative examples were provided. Finally, the
software tools assisting the SMEs in their SBVR interpretation were presented.
The described approach is a step towards rendering the wide and complex spectrum of
regulations more accessible. It tackles uncertainty and imprecision in regulations by
combining Subject Matter Expertise and SBVR precision in representing domain knowledge.
The produced vocabulary and guidance rules allow several practitioners to share their
respective views on, and understanding of, the regulatory requirements while broadening their
perception of the regulations. Capturing regulations in SBVR could also play a role in
providing the regulators with national/ international view on the way the regulated perceive
the regulations. However, the impact of the produced vocabulary and guidance rules is subject
to their accessibility in terms of size and coherence. A large vocabulary including a high
�number of fine grained and redundant concepts is likely more precise than a smaller, less
expressive one, but might be less accessible in terms of complexity (harder navigation due to
its size, contains more definitions, etc.). We believe that seeking an appropriate trade-off
between accessibility and expressiveness is the key to a successful adoption of an SBVR
based vocabulary and guidance rules.
Acknowledgements
This work was supported by Enterprise Ireland and the Irish Development Authority (IDA)
under the Government of Ireland Technology Centre Programme. The authors would like to
acknowledge the major role played the Subject Matter Experts, Leona O’Brien, John
Lombard, Patrick O’Sullivan and Peter O’Sullivan, in building the described proof of concept,
and thank them for their contribution.
References
1 Bennett, Mike 2011. “Semantics standardization for financial industry integration,” in
Collaboration Technologies and Systems (CTS), IEEE, 23-27 May 2011, pp. 439-445, doi:
10.1109/CTS.2011.5928722.
2 Chapin Donald and Hall John: From SBVR to Logical Data Models. Data Management &
Information Quality Europe Conference, London, Nov 3-6, 2008
3 Code of Federal Regulations
(http://www.gpo.gov/fdsys/browse/collectionCfr.action?selectedYearFrom=-1&go=Go)
4 Date Time Vocabulary Specification V1.0, Object Management Group
(http://www.omg.org/spec/DTV/1.0/Beta3)
5 Federal Register (https://www.federalregister.gov)
6 Federal Register Final Rule “Bank Secrecy Act Regulations - Definitions and Other
Regulations Related to Prepaid Access” (http://www.gpo.gov/fdsys/pkg/FR-2011-07-
29/pdf/2011-19116.pdf)
7 Karpovic Jaroslav, Nemuraite Lina and Stankeviciene Milda: Requirements for Semantic
Business Vocabularies and Rules for Transforming Them into Consistent OWL2
Ontologies. In proc. 18th International Conference, ICIST 2012. Springer Berlin
Heidelberg, 2012.
8 Kendall Elisa and Linehan Mark: Mapping SBVR to OWL2. IBM Research Paper 2013.
(http://domino.research.ibm.com/library/cyberdig.nsf/papers/A9777F4EDB2552AE85257
B34004C4EB3)
9 Lévy François, Guissé Abdoulaye, Nazarenko Adeline, Omrane Nouha, Szulman Sylvie:
An Environment for the Joint Management of Written Policies and Business Rules. ICTAI
(2) 2010: 142-149
10 Lévy François and Nazarenko Adeline - Formalization of Natural Language Regulations
through SBVR Structured English RuleML 2013
11 Nazarenko Adeline, Guissé Abdoulaye, Lévy François, Omrane Nouha and Szulman
Sylvie: Integrating Written Policies in Business Rule Management Systems. RuleML
Europe 2011: 99-113
12 Omrane Nouha, Nazarenko Adeline, Rosina Peter, Szulman Sylvie and Westphal
Christoph: Lexicalized Ontology for a Business Rules Management Platform: An
Automotive Use Case; RuleML America 2011; 179-192
13 Semantics of Business Vocabulary and Business Rules
(http://www.omg.org/spec/SBVR/1.1)
14 United States Code (http://uscode.house.gov)
�Appendix A - Glossary of Abbreviations
Acronym or Term Meaning or Definition
AML Anti-Money-Laundering
CFR Code of Federal Regulations
FIBO Financial Industry Business Ontology
FIGO Financial Industry GRC Ontology
FIRO Financial Industry Regulatory Ontology
FR Federal Register
GRC Governance, Risk and Compliance
GRCTC Governance, Risk and Compliance Technology Centre
ISO International Organization for Standardization
OMG Object Management Group
OWL Ontology Web Language
OWL2 Ontology Web Language 2
RDF Resource Description Framework
SBVR Semantics of Business Vocabulary and Business Rules
SBVR SE SBVR Structured English
SME Subject Matter Expert
USC United States Code
Appendix B - Attributing cross-sections themes to SMEs from 76
FR 45403
Part One – each section broken down into different categories
§1022.380 Registration of money service business could be broken down in three themes or
categories as follows:
1. Agency related provisions: 1022.380 (a) (3) and (4) (d)(1)(2) (E) (F) (G)(H)(ii)
2. Registration related provisions: (a)(1)(b)(1)(i)-(iii) (a)(2)(3)(4)(c)
3. Compliance related provisions: (e) (f)
§1022.210-Anti money laundering program for money service businesses could be broken
down in five themes or categories as follows:
1. Definition related provision-1022.210 (a)
2. Required Standards for AML MSB programs-(b), (c), (d), (1)(i)(A)-(D), (d) (ii),
second part of (iii) and (2)(i)-(ii), ( e).
3. Identity related provisions-(d)(iv)
4. Educational\Training related provisions-(2)(iii), (3)
5. Compliance date related provisions-(4)
§1022.320 Reports by money services businesses of suspicious transactions could be broken
down in five themes or categories as follows:
1. Reporting and Identification related provisions-§1022.320 (a)(2)(i)-(iv), (a) (3)-(4).
2. Filing related provisions- (b)(2)-(3)
3. Retention of Records related provisions-(c )
4. Confidentiality/Disclosure of SARs related provisions-(d)(1)(i)-(ii) (A) (1)-(2),
(B)(2), (e).
5. Other areas in this provision-(a)(1), (f) and (g)
§1022.420 Additional records to be maintained by providers and sellers of prepaid appears to
be a self-contained provision
�Part Two - Cross-referencing and consolidating break down of provisions
between sections
1. Agency provisions
- §1022.380 (a) (3) and (4) (d)(1)(2)(i)- (ii)
2. Identity and Reporting related provisions
- §1022.210 (d)(1)(iv)
- §1022.320 (a)(2)(i)-(iv), (a) (3)-(4)
3. Compliance related provisions
- §1022.380 (e), (f), 1022.320 (f)
- §1022.210 (d)(4)
4. Registration related provisions
- §1022.380 (a)(1), (b)(1)(i)-(iii), (b)(2)(3)(4), (c)
5. Definition related provision
- §1022.210 (a)
6. Required Standards for AML MSB programs
- §1022.210 (b), (c), (d) (1)(i)-(ii), second part of (iii) and (d)(2)(i)-(ii), (e)
7. Educational\Training related provisions
- §1022.210 (d)(2)(iii), (3)
8. Filing related provisions
- §1022.320 (b)(1)-(3)
9. Retention of Records related provisions
- §1022.320(c ), 1022.420
10. Confidentiality/Disclosure of SARs related provisions
- §1022.320 (d)(1)(i)-(ii) (A) (1)-(2), (B)(2), (e).
11. Other areas in this provision
- §1022.320 (a)(1), and (g).
- §1022.380 (a)(2)
Part Three - Regrouping themes and allocating to four SMEs
SME 1: 1) Agency Provisions, 2) Identity and Reporting related provisions and 3)
Compliance related provisions.
SME 2: 4) Registration related provisions, 5) Definition related provision and 6) Required
Standards for AML MSB programs.
SME 3: 7) Educational\Training related provisions, 8) Filing related provisions and 9)
Retention of Records related provisions.
SME 4: 10) Confidentiality/Disclosure of SARs related provisions and 11) Other areas in this
provision.
Appendix C - An Example of SBVR Interpretation of §1022.210
(a)
§ 1022.210 Anti-money laundering programs for money services
businesses.
(a) Each money services business, as defined by § 1010.100(ff) of this chapter,
shall develop, implement, and maintain an effective anti-money laundering program.
An effective anti-money laundering program is one that is reasonably designed to
prevent the money services business from being used to facilitate money
laundering and the financing of terrorist activities.
Business Rules
It is obligatory that each money services business develops an anti-money laundering
programme
�It is obligatory that each money services business implements an anti-money laundering
programme
It is obligatory that each money services business maintains an anti-money laundering
programme
It is obligatory that each anti-money laundering programme is effective
It is obligatory that each anti-money laundering programme prevents money services business
being used to facilitate money laundering and terrorist activities
Verb Concepts
Modified verb concepts
anti-money laundering programme is developed by money services business
anti-money laundering programme is implemented by money services business
anti-money laundering programme is maintained by money services business
anti-money laundering programme is effective
Necessity: Each anti-money laundering programme is reasonably designed
anti-money laundering programme prevents money laundering and terrorist activities
Supporting verb concepts
money services business is defined by 1010.100(ff)
anti-money laundering programme prevents money laundering and terrorist activities
Noun concepts
anti-money laundering programme
money services business
money laundering and terrorist activities
Appendix D - Using Confluence for Collaboration
This screenshot presents the wiki editing interface. Here the definition of monetary
instruments is displayed along with a necessity identifying what should not be considered as a
monetary instrument. The left frame presents a tree list of vocabulary entries with several
search capabilities.
�This screenshot illustrates an example of interaction between SMEs working on detailing the
definition of Bank in the context of 31 CFR X.
Appendix E - Using Designs for Management to Capture and
Validate SME Interpretations
The Designs for Management™ software suite is hosted as a MS Windows Azure cloud
service and uses an Azure-hosted SQL Server database. On the user’s computer, it runs
entirely within an Internet Browser and requires nothing additional to be installed on the
user’s computer. The four major browsers, Internet Explorer, Firefox, Chrome and Safari, are
supported in all the environments for which they are available. This software suite is
developed as a Visual Studio .Net Web Forms application, supplemented with Telerik cross-
browser components and the Kendo UI HTML5/CSS3 JavaScript framework. It uses .Net
Framework Forms Authentication for user authentication and authorization.
Smart Glossary™
This is a screenshot of Smart Glossary™. It is used to capture SBVR vocabulary elements.
The terms identifying business concepts, their definitions, characteristics (if any) and other
related elements are entered manually in the right frame. Smart Glossary™ provides the SME
�creating vocabulary entries with a list of SBVR predefined keywords and autocomplete
functionalities taking into account previously entered vocabulary elements. The left frame
displays an hierarchy of concepts in the vocabulary being edited.
Smart Documentation™
This is a screenshot of Smart Documentation™. This module allows the SME to upload a
regulatory text and start constructing the vocabulary by highlighting SBVR elements (general
noun concepts, individual noun concepts, etc.) in the original text. Further refinement of the
vocabulary entries identified in Smart Documentation™ could be done in Smart Glossary™.
This functionality was not used in the described proof of concept since the SMEs drafted their
vocabularies in an MS Word template that was later imported into Designs for Management.
Clear Guidance ™
This is a screenshot of Clear Guidance™. The interface of this module resembles to Smart
Glossary™. The left frame displays a list of operational rules (captured from the regulation in
this case). The right frame allows the SME to build or edit the rule using built in SBVR
keywords and elements from the previously created vocabulary.
Seeing the Semantic Connections
A Meaning and Representation Explorer displays all or a selected part of the SBVR content
and enables the browsing from any SBVR entry following the chain of semantic relations to
anywhere in the SBVR content. The ability to choose at every point which kind of semantic
relation(s) to browse next is available. In every context the full display of the entry, any styled
term, other designation or verb concept wording can be seen
�