Compliance monitoring at process execution time is of crucial importance and it complements the design-time checking with techniques to detect violations that are hard or even infeasible to address at the earlier stages of the process lifecycle. For example, time span constraints between tasks can only be checked at runtime, as time-related information is usually not available during prior phases. In this demonstration, we present, BP-MaaS, a runtime business process compliance-monitoring framework which adopts a rich and wide set of compliance patterns for the abstract speci cation of monitoring requirements, spanning the four structural facets of BPs; i.e. control ow, data, employed resources and Copyright c 2015 for this paper by its authors. Copying permitted for private and academic purposes timing constraints [ 1 ], [ 2 ]. The monitoring evaluation approach is based on the notion of anti-patterns [ 1 ], a novel evaluation technique that operates by continuously monitoring process execution events and looking for sequences of events or lack of events that may indicate that a violation has occurred or possible to occur in the future. These violation scenarios are denoted as anti-patterns. The main features/functionalities provided by BP-MaaS are: { a graphical compliance requirements builder that implements the compliance patterns in an intuitive and user-freindly manner, and enables process designers to build pattern-based expressions in a drag-and-drop fashion { a mapping scheme that automatically maps graphical pattern-based expressions, stored as XML, into the underlying formalisms of the complex event processing backend engine { a novel monitoring evaluation approach based on the notion of anti-patterns { a monitoring dashboard, which provides updated information about violations in process instances, the rule/pattern that has been violated and contextual information of the sequence of events that yields to the violation to facilitate its prevention/resolution

As a proof-of-concept of one possible realization of the anti-patterns monitoring approach, we have implemented BP-MaaS by using Complex Event Processing (CEP) technology [ 3 ], and applied the approach on two large-scale case studies in the banking domain. The rst case study is borrowed from the EUfunded project COMPAS, which has been provided by COMPAS industrial partners, and addresses the loan approval business scenario. While the second case study is concerned with anti-money laundering, which has been developed in the Governance, Risk and Compliance Technology Centre (GRCTC) as a part of a large-scale project which is funded by the Irish government. The evaluation study [ 1, 2 ] has revealed that our approach is su ciently expressive to capture a wide range of real-life compliance requirements with full support of 70% of the requirements being considered [ 1 ]. 2

COMPAS: http://www.compas-ict.eu PriceWaterHouseCoopers the Netherlands (http://www.pwc.nl/) and Thales Service France (https://www.thalesgroup.com/) GRCTC: http://www.grctc.com/ Fig. 2 illustrates the set of compliance patterns which are supported by the BP-MaaS framework. For a detailed description of the compliance patterns, we refer the reader to [ 1 ]. The visual editor component has been implemented as a plugin on top of the Oryx editor. The lower-most layer of Fig. 3 represents a screenshot of the visual rule editor representing the typical segregation of duties compliance constraint [ 1 ] which mandates that two activities cannot be performed by the same roles or actors in order to minimize the possibility of fraud.

Statement Manager. This module is responsible for automatically compiling the visually modelled compliance rule into a set of statements/queries based on the de ned mapping scheme. For BP-MaaS, we are considering Event Processing Language (EPL) queries of the ESPER framework [ 5 ]. In this context, streams replace tables as the source of data with events replacing rows as the basic unit of data. Listing 1 shows an example of automatically generated EPL statement for the absence anti-pattern. The absence pattern requires that a speci c activity not to be executed within a speci c scope of the process execution [ 1 ]. Generated EPL queries are sent to the compliance monitoring component.

INSERT into RuleViolationEvent ( processID , Message , RuleID , RuleType ) SELECT s . ProcessID , ' Event f Antecedent g(fTaskNameg) occurred l e s s than fMinOccursg within f ScopeStart g(f s t g) and fScopeEnd g(f se g) in the p r o c e s s i n s t a n c e ' , ' fRuleIDg ' , ' f RulePattern g ' FROM PATTERN [ every ( s = f ScopeStart g( cast ( s . Task , s t r i n g )= ' f s t g ' ) >(e = fScopeEnd g( cast ( e . Task , s t r i n g )= ' f se g ' , ProcessID=s . ProcessID ) ) ) ] as scope WHERE fMinOccursg>( select count ( ) fromf Antecedent g . win : k e e p a l l ( ) as T WHERE cast (T. Task , s t r i n g )= ' fTaskNameg ' and (T. TimeStamp between scope . s . TimeStamp and scope . e . TimeStamp ) ) Listing 1 . EPL statement to detect below-min-occurrences absence antipattern https://code.google.com/p/oryx-editor/ http://esper.codehaus.org/esper-4.2.0/doc/reference/en/html/epl_ clauses.html

Atomic

Patterns Order Patterns With Absence Time Span Alert Time Span isBefore

Antecendent 0..1 Consequent

Composite Patterns Occurrence

Patterns

Sequence isNext

Precedence isOneToOne

Response isOneToOne

Absence

Existence Multiplicity

Resource Patterns

PerformedBy SegOrfeDguattyion

Binding OfDuty Business Process Editor and Execution Engine. Provides the end users with a user-friendly modelling environment where the users can model their business process using the standard BPMN 2.0 language. We employ the open source BPM platform Activiti as a realization of this component where the user can model and enact business processes. We also did an extension of the Activiti engine to allow emitting process execution events to our compliance monitoring engine.

Compliance Monitoring Engine. The open source complex event processing platform ESPER is responsible for continuously evaluating the generated statements from the 'Statement Manager` over the stream of events, which is received from the BP execution engine. The engine triggers the execution of the compliance actions for any detected violations of the compliance rules. Compliance recovery actions are de ned as meta-data for each de ned rule. Our choice of Esper is mainly because it provides an environment for developing applications that can process large volumes of incoming messages or events, regardless of whether the incoming messages are historical or real-time in nature. It also supports ltering and analyzing of events in various ways, and responds to conditions of interest. In addition, ESPER shows acceptable performance as it is able to handle about 120; 000 events per second [ 4,5 ] making it scalable to handle process execution environments with numerous process instances.

Monitoring Dashboard. The dashboard is a user-friendly interface that enables the end-user to monitor the stream of events and manipulate (e.g., adding, removing, activating, deactivating) the set of registered compliance rules in addition to being able to receive the noti cations about the detected non-compliance instances. Fig. 3 shows screenshots of the developed dashboard, which has been implemented using Microsoft C# .Net technology. http://activiti.org/

In our demo, we are presenting the implementation of the BP-Maas System. In particular, we are showing the scenario where we model a compliance rule using the graphical rule editor (Fig. 3). Then, the modeled rule is registered to the compliance monitoring component. This is followed by showing how the dashboard is updated with information about the newly registered rule. The loan approval BP from the EU COMPAS project is used for monitoring its execution steps. When the execution events start to arrive at the monitoring component and a violation scenario is detected, we show how the dashboard is updated with information about the instance(s) violating a speci c rule.

This work was supported by King Abdulaziz City for Science and Technology (KACST) project 11-INF1991-03.

Video demonstration of BP-MaaS is available on https://www.youtube.com/watch?v=wRdZKsOi5x4