Learn the rules so you know how to break them properly∗ Matteo Baldoni∗ , Cristina Baroglio∗ , Elisa Marengo∗ , Viviana Patti∗ , and Federico Capuzzimati∗ ∗ Università degli Studi di Torino, {baldoni,baroglio,emarengo,patti,capuzzi}@di.unito.it Abstract—Commitment-based protocols are receiving increas- abstracting from operational details, allow a flexible spec- ing attention as tools for the representation of business interaction ification of business intents and relationships that involve in open MAS. As recent proposals, like 2CL, show when the real- autonomous and heterogeneous parties. This alternative is, for ity to be modeled is characterized by a high degree of regulation, traditional commitment-based protocols, which account only for instance, investigated in [1], which proposes a commitment- the constitutive specification of actions, are to be enriched with a based approach to the representation of cross-organizational regulative specification. This is the case of the measures foreseen business models by identifying a set of reusable and compos- by the Markets in Financial Instruments Directive, aimed at able patterns. Such patterns are designed so as to be employed fostering the creation of an integrated financial market within by business analysts in the development of business models the European Union. This work shows the usefulness of adopting a declarative commitment-based approach by applying it to the for desired scenarios. MiFID case study. We developed an extension of Winikoff et al.’s Recent proposals, like [5], [6], enrich commitment pro- enhanced commitment machine, that accounts of 2CL temporal tocols with temporal regulations. In particular, [5] proposes regulations. It allows the analysis of business protocols and, in a decoupled approach that separates a constitutive and a particular, of the possible violations. regulative specification [7]. A clear separation brings about many advantages, mostly as a consequence of the obtained I. I NTRODUCTION modularity: easier re-use of actions, easier customization, Business processes often involve autonomous partners with easier composition. Roughly speaking, constitutive rules, by heterogeneous software designs and implementations. In this identifying certain behaviors as foundational of a certain type context, there is the need of identifying high-level abstractions of activity, create that activity. They do so by specifying the that allow modeling them in a natural way. Moreover, in semantics of actions. Regulative rules contingently constrain many practical contexts (like banking) there is the need to a previously constituted activity. In other words, they rule the integrate in such processes specific regulations that constrain “flow of activity”, by capturing some important characteristics the interaction. In order to minimize the effort needed to of how things should be carried on in specific contexts of define proper interfaces and to minimize the altering of interaction [8]. internal implementations, Telang and Singh [1] propose that This work shows how to use the proposal in [5] to represent such abstractions should capture the contractual relationships and analyze business protocols. We implemented an extension among the partners. Existing approaches (e.g. BPEL, WS- of Winikoff et al.’s commitment machine [9] that can be CDL) rely on the specification of control and business flows, used to identify potential risks and violations of temporal imposing unnecessarily restrictive orderings of the message regulations and of commitments, to foresee the impact on the exchanges but do not supply the means for capturing the business protocols of changes in the regulations, and decide business relationships nor the business intent. This limitation about possible regimentation/enforcement policies. Moreover, is highlighted also by authors like Pesic and van der Aalst we applied this tool to a real world case study, the MiFID [2], [3], who, in particular, show the advantages of adopting directive by the European Union, which regulates the interac- a declarative rather than a procedural representation. In other tion of banks, clients, and financial intermediaries in the task words, existing approaches are characterized by high rigidity of buying/selling financial products. Such parties are charac- and are not suitable to naturally represent decisional processes terized by autonomy and heterogeneity, and it is fundamental and responsibilities, which are two key elements in the def- to define each party’s responsibilities in the interaction. inition of business activities. Rigidity is counter-productive Section II introduces the case study. Section II-A explains when tackling unexpected or exceptional situations, while the the challenges involved by it. Section III presents the formal lack in accounting of responsibilities does not support the model. Section III-A discusses violations. Section IV presents identification of causes to failures and possible violations. the MiFID model and analyses execution graphs. Conclusions One possible alternative is to rely on commitment-based end the paper. approaches [4], that are well-known in the Multi-Agent Sys- II. T HE M I FID CASE STUDY tems research area for modeling interaction. Commitments, The Markets in Financial Instruments Directive (MiFID (∗ ) Apparently attributed to Tenzin Gyatso, 14th Dalai Lama, The 18 Rules for short) is the directive number 2004/39/EC [10], issued For Living, Rule #5. by the European Commission within the Financial Services Action Plan, and represents a fundamental step in the creation trust, which must check that there are no errors or missing of an integrated and harmonized financial market within the data. In this case, the documentation is corrected and European Union. Specifically, MiFID specifies values and sent back to the intermediary, otherwise the contract is principles that all the countries will have to follow as well as stamped and sent to the client. corresponding implementative measures. One of the main con- • Withdrawal: The client can decide to cancel an order. cerns of the directive is the protection of the clients of financial Due to the high degree of regulation imposed by the direc- service agencies, thereby it introduces new regulations that tive, an intermediary can incur into many forms of violations. financial services must follow so as to guarantee the position For instance, when the mandate contract is stipulated, the of the investor. Three categories of clients are identified, with client should receive a signed copy of it. By this contract increasing knowledge about financial products. For each of the client commissions the intermediary to use some financial them, it specifies informative and protective obligations to holdings so as to achieve some investment goals. One common which the financial operator is bound. For instance, inter- violation, that occurs in this phase, is that the intermediary mediaries are expected to collect information about his/her does not give to the client copy of the documentation foreseen clients, with the help of detailed tests. Each country in the by the qualification phase. Another common violation is that European Union implements European directives in ways that often intermediaries do not ask their clients to sign the MiFID are customized to its specific structures and organization. In form for the definition of the client’s profile. The motivation Italy, the adjustment of the market regulation to the MiFID behind both these behaviors is that intermediaries believe that principles and implementative measures is up to two actors: a great amount of documents to sign will refrain clients from Consob (Commissione Nazionale per le Società e la Borsa) stipulating contracts and will even compel them to consult and Banca d’Italia. some competitor. Indeed, investors tend to be unwilling to One of the main characteristics of MiFID is a great attention study in depth the proposed products, and often prefer to have to clients. At any moment, the intermediary must guarantee the just an overall idea. A third kind of violation, with similar investor the control of the contractual relation for all aspects motivations, amounts to the proposal of a financial products ranging from the proposed financial products to the strategies that does not agree with the client’s profile, without an explicit that will be enacted to obtain the most beneficial results for the and formalized agreement with the client. client. Therefore, MiFID imposes strong constraints to invest- A. Challenges ment companies, and gives investors the tools for legally acting against those intermediaries who do not comply to them. The What happens if, despite these violations, an intermediary case study we use in this proposal concerns the regulation that buys a financial product for the client? Even though, standing applies to the offer of investment services off-site. This case to MiFID, the intermediary did not fulfill all of his/her study is already used in the literature [11] and, in particular, obligations, the sale is valid, the client results to be the owner by the ICT4LAW project (http://www.ict4law.org). This is, for of the product. This happens because MiFID does not define instance, the case when a bank promotes and sells financial sales (sales are defined by a different regulation) but dictates products with the help of external collaborators (called “tied how the interaction with the client should be carried on by agents” or intermediaries). The proposal of products and the adding a new layer of regulations on top of existing ones. So, definition of a contract must comply to a set of constraints: the violation of some constraint does not affect the sale directly but creates both a risk of sanction and an exposure risk for • Identification: the client must be identified by an identity the intermediary. This is witnessed by a sentence by the Italian card or equivalent document; Supreme Court (Cassazione civile a sezioni unite, num. 26724 • Qualification: the intermediary supplies all the foreseen and 26725 [12]) which decided that in case of violations, like documentation about his/her professional qualification the above, if the client was economically damaged he/she and the rules that he/she must stick to; can ask for a compensation and, in the most serious cases, • Profiling: the intermediary must profile the client, gather- for the cancellation of the contract between the client and ing information about the balance sheet, knowledge about the intermediary. So, if the investment turns out to be a bad financial subjects, investment aims. This phase requires investment, the client can arraign the intermediary before the the filling the MiFID form, which explicitly specifies the court. resulting category of client and which is to be signed also These observations show the importance of putting the by the client; business analyst in condition to study the possible violations, • Selection: the proposed financial products must agree in the context of a regulation, with the aim of identifying with the client’s profile. This requires that financial the risks the interaction could encounter. The evaluation of products are classified w.r.t. the different client profiles; such risks will allow the definition of operational strategies • Evaluation: the proposal is evaluated through a simula- which can, alternatively, prevent the occurrence of violations tion: if it is adequate an order is filled and signed both by (regimentation) or implement alerting mechanisms (enforce- the client and by the intermediary, otherwise the product ment) [13]. The choice depends on various factors, tied to the is discarded; nature of violations and to the context. As explained by Sergot • Verification: the documentation is sent to the investment [13], it is impossible to realize a complete regimentation that prevents all possible violations. Even when regimentation were purchase must occur only after the client was profiled) in a applicable its implementation could be expensive, also in the way that is as flexible as basic commitment protocols are. sense that it may require a long time to be realized. Last but not the least, the commitments that the interacting In particular, the MiFID case study underlines the need parties have towards the others are objectively inferable from of adopting a representation model that accommodates both their observable behavior, thanks to the social semantics of the a constitutive and a regulative specification. MiFID is de- commitment approach. signed for regulating interactions of clients, intermediaries, III. M ODULAR BUSINESS PROTOCOLS and financial trusts (regulative specification) that involve the exertion of powers, like that of sale or of profiling, which In this work we adopt a representation of the business pro- constitute the reality in which the three parties interact (con- tocol, i.e. of the specification of how the business interaction stitutive specification). Part of these powers (like profiling a should be carried out, based on commitments. In particular, we client) are defined inside the directive itself, part (like sale) adopt the approach discussed in [5], that features an explicit are recognized but pre-exist the regulation. The latter are distinction between a constitutive and a regulative specifica- particularly delicate because, since they already exist before tion. The former defines the protocol actions, while the latter the new regulation is defined, it is not possible to constrain encodes a set of temporal constraints. Both specifications are their execution, e.g., by adding preconditions of executability. defined based on commitments. Commitments are directed As the sentence by the Supreme Court that we cited shows, the from a debtor to a creditor. The notation C(x, y, r, p) denotes violation of a constraint, posed by MiFID, does not invalidate that agent x commits to an agent y to bring about consequent a sale. Depending on the kind of violation that occurred, the condition p when the antecedent condition r holds. When r ownership of the financial product will remain of the client equals true, we use the short notation C(x, y, p). The business or it will be transfered to the intermediary, but this will be partners share a social state that contains commitments and transparent to the seller, who will not be involved in the quarrel other literals that are relevant to their interaction. Every and will have no consequences (specifically he/she will not partner can affect the social state by executing actions, whose have to give money back). These observations underline the definition is given in terms of operations onto the social state, need of adopting a modular representation that accounts for see [14]. The partners’ behavior is affected by commitments, both specifications. which have a regulative nature, in that debtors should act in Another important remark is that in many practical contexts, accordance with the commitments they have taken. the MiFID case is one of them, the business relationship cap- Definition 1 (Business protocol): A business protocol P is tured by a regulation should be kept as flexible as possible, in a tuple hRo, F, A, Ci, where Ro is a set of roles, identifying order to allow the interacting parties, who are heterogeneous, the interacting parties, F is a set of literals (including commit- autonomous, and basically self-interested entities, to find the ments) that can occur in the social state, A is a set of actions, way of interacting that better suits their characteristics and and C is a set of constraints. needs. In other words, any interaction that does not violate The set of social actions A, defined on F and on Ro, forms the constraints should be allowed. Flexibility is important to the constitutive specification of the protocol, while the set allow the business partners to profit of opportunities or to make of constraints C, defined on F and on Ro too, forms the the most efficient use of their time that is possible. As an regulative specification of the protocol. We assume that facts intuitive example, let us consider the case of financial products persist in the social state, they denote observations about classification. What MiFID requires is that financial products events that occurred. are classified according to the types of client profiles. It does Constitutive specification. The constitutive specification of not say when this classification should be done. A business actions is given by defining their meaning in terms of how they process that imposes that classification must be done in the affect the social state. The specification follows the grammar evaluation phase surely respects the directive, however, it below, where the means construct amounts to a counts-as precludes the possibility to classify products in those moments relation [7]: when the intermediary is free and have them ready when a A → (Action means Operation if Cond)+ client arrives. Action → protocolAction Most of the approaches specify business processes as pro- Operation → Op(commitment) | f act | cedures, that implement a selection of some of the possible Operation ∧ Operation execution paths. Even though in this way the resulting business Op → CREATE | DELETE | RELEASE | DELEGATE | process will comply to the directive, it will also implement ASSIGN | ... further restrictions to the interaction that the directive does not Cond → literal | Cond ∧ Cond | Cond ∨ Cond | impose. Commitment-based representations, instead, offer the Cond XOR Cond degree of flexibility requested in these cases because they can capture the intent of a business relationship [1], avoiding the where protocolAction is the name of an action of the protocol; imposition of unnecessary constraints. What we additionally Cond specifies the context in which the counts-as relation need to represent in a regulation like MiFID is the capability holds; Op is one of the operations on commitments; com- to express temporal relations (e.g. that the execution of a mitment is a commitment of form C(x, y, r, p) (see [15, page Relation Type Operator Meaning executions which satisfy the constraints of interest. The work pos. A •−. B If A occurs, B must hold at least once afterwards (or in the in [5] introduces a LTL semantics for the 2CL operators, that Response formalizes the intuitive semantics that we reported in Table I. same state). It does not matter if B already held before A. neg. A •− 6 .B If A holds, B cannot hold in A. Detecting violations the same state or after. pos. A −.• B B cannot hold until A becomes The interaction of a set of parties will be compliant to a busi- true. Afterwards, it is not nec- Before ness protocol when all the commitments they have towards the essary that B becomes true. neg. A 6−.• B In case B becomes true, A others, and that are objectively inferable from their observable cannot hold beforehand. behavior, are satisfied (as usual in the social approach), and pos. A •−.• B It is the conjunction of the base the overall execution respects all the constraints. Intuitively, response and base before rela- the addition of a regulative specification by means of 2CL Cause tions: A •−. B and A −.• B. constraints restricts the set of acceptable executions. neg. A •− 6 .• B It is the conjunction of the base response and base before neg- Some approaches to commitment protocols propose an ative relations: A •− 6 . B and operational semantics that relies on commitment machines A 6−.• B. to specify and execute protocols [14], [20], [9], [21], [15], TABLE I some others, like [22], use interaction diagrams, operationally 2CL OPERATORS AND THEIR MEANING . specifying commitments as an abstract data type, and analyz- ing the commitment’s life cycle as a trajectory in a suitable space. Other approaches rely on temporal logics to give a formal semantics to commitments and to the protocols defined 49]), where x and y are roles in Ro and r and p are formulas upon them. Among these, [23] uses DLTL, while [24], [25] in disjunctive normal form of propositional literals in F ; fact adopt extensions of CTL*. Given the specification of a set is a positive or negative proposition that does not concern of social actions, all these approaches allow the inference of commitments and which contributes to the social state (they those executions, which are legal with respect to the protocol. are the conditions that are brought about); and literal can In particular, commitment machines [14] (later refined in be either a commitment or a positive or negative proposition [9]) specify the possible states of an execution, the actions (where negation means that a certain literal does not hold in that are used for doing the transitions, and the possible final the social state) states of the protocol. The meaning associated with each state Regulative specification. The regulative specification is ex- specifies which commitments are active in that state, and the pressed in 2CL [16], [5]. This language allows the designer meaning associated with each action defines how the commit- to express many kinds of constraints describing the legal ments are affected by the action, leading to a state change. evolutions of the social state. As underlined in [2], [17], [18], Intuitively, commitment machines allow the formalization of constraint-based declarative representations provide abstrac- legal executions by taking into account only the constitutive tions which allow to explicitly capture what is mandatory and specification of the social actions. what is forbidden, without the need to express the set of possi- 2CL allows the expression of temporal constraints on ble executions extensionally. For this reason, protocols remain execution paths. Since commitment machines express legal compact improving flexibility: they specify what is desired and execution paths, temporal constraints can be used to restrict undesired, leaving all that remains unconstrained. This is an this set. A natural choice for formalizing such constraints advantage with respect to procedural approaches, characterized is Linear Temporal Logic (LTL) [19]. This kind of logic by a prescriptive nature which requires the specification of allows the identification of those executions which satisfy the all the allowed evolutions. It also accommodates naturally to constraints of interest. In [5] it is possible to find a LTL the commitment-based approach, where a central issue is the semantics for the operators of 2CL. respect of the agents’ autonomy. 2CL follows the grammar: A legal execution of a commitment-based protocol, enriched by means of 2CL regulative specifications, is an execution C → (Cond op Cond)∗ that is accepted by the commitment machine built upon C, see Def. 1, is a set of constraints of the form A op B, the constitutive specification of the protocol, and that, when where A and B are formulas of literals and op is one of interpreted as a linear temporal model, satisfies the LTL the operators supplied by the language. The complete list of formulas corresponding to the regulative specification of the possible operators is fully described in [16], [5]. Table I reports protocol. Based on this characterization, it is possible to only those that are used in the case study. 2CL allows the provide mechanisms for verifying that an agent is behaving expression of temporal constraints on execution paths. Since in respectance to the protocol. When this does not happen, we commitment machines express legal execution paths, temporal can say that a violation has occurred. So, if in a commitment- constraints can be used to restrict this set. A natural choice for based protocol, made only of the constitutive specification formalizing such constraints is Linear Temporal Logic (LTL) of actions, violations are detected only when a commitment [19]. This kind of logic allows the identification of those remains unsatisfied in a final state, in our proposal, we also detect violations during the execution, violation amounting to the fact that a constraint is not respected. We implemented an extension of Winikoff et al.’s enhanced commitment machine [9] by introducing an automated ver- ification of constraints. This extended commitment machine Fig. 1. Execution graph of the pre-MiFID sale regulation. allows exploring all the possible executions of a business protocol, showing the regulative violations, i.e. both those states in which some constraint is violated and those states an investor (inv), an intermediary (the financial promoter that contain unsatisfied commitments. The implementation is f p), and a bank (bank). The action propose solution presents done in tuProlog1 and the software interprets a 2CL business a selected financial product to the investor. The proposal process specification by means of a parser written in Java. The is characterized by a risk level, and can be rejected (re- implementation is available at the URL http://www.di.unito.it/ ject proposal) or accepted (sign order). In the first case, the ∼alice/2CL. commitment of the intermediary is released. When the order The output of the commitment machine will be an annotated is signed, the investor commits to the bank to respect the and colored graph of all the possible interactions (it is a purchase contract (C(inv, bank, contract ended)). The bank reachability graph). The graph includes all the interactions that is expected to send a copy of the contract to the investor are possible, considering only the constitutive specification of by the action send contract, which creates a commitment the actions. The annotation, highlighted by graphical conven- C(bank, inv, executed order) from the bank to the investor tions, accounts for all the regulative aspects, concerning both to actually execute the order. When the bank sends copy of commitments and constraints. So the graph will include both the contract to the investor, the initial commitment of the legal states and states in which violations occur. Part of viola- intermediary is discharged. The natural end of the contract tions related to a state are, actually, just potential, depending is captured by the action end which causes the discharge of on future behavior. Tendentiously they become violations if the pending commitments of the investor and of the bank. the interaction stops in that state. As usual in commitment (a) propose solution means proposed RiskL protocols interaction can, in fact, start/end in any state. In this if ¬proposed RiskL ∧ ¬rejected proposal. (b) reject proposal means rejected proposal, case, highlighting the possible violations, therefore, amounts RELEASE (C(fp, inv, invested)) to alerting the user about a risk. More generally, the obtained if ¬accepted proposal ∧ proposed RiskL ∧ ¬rejected proposal. graph is a tool that supports the analysis of a business protocol, (c) sign order means CREATE(C(inv, bank, contract ended)), accepted proposal, order signed by helping the identification of situations where it maybe if ¬order signed ∧ proposed RiskL ∧ ¬rejected proposal. necessary to perform some regimentation or enforcement. (d) send contract means CREATE(C(bank, inv, executed order)), invested, contract sent IV. M ODELING M I FID if ¬contract sent ∧ order signed. (e) end means executed order, contract ended Let us begin this section by introducing the business pro- if contract sent ∧ ¬contract ended ∧ ¬contract abort. tocol of the sales of financial products as they used to be before the MiFID directive. The specification will include Figure 1 shows the graph of the possible executions for this just a set of constitutive rules defining the necessary actions. protocol. For reducing the complexity of the graph and make it No particular constrain is imposed to regulate the interaction. readable we added a few preconditions to avoid the depiction Afterwards, we will see how it is possible to introduce the of those paths where a same action is repeated. The same is MiFID specification, in a way that is modular w.r.t. the pre- done also with the graphs for MiFID. MiFID one. The resulting business protocol will include new Introduction of MiFID. This directive introduces new regu- constitutive rules, aimed at specifying those activities that lations that financial services must follow in their interaction were introduced by the directive (like the profiling), and a with the client, so as to protect the investor. Its applica- set of regulative rules. Such rules tie the activities of a basic tion requires the enrichment of the business protocol with sale to those foreseen by the directive. In particular, that an new, specific actions, aimed at: identifying the investor and intermediary, who committed to take care of an investment supplying the foreseen documentation (interview), profiling supplies the necessary documentation, and that this as well as the investor (profile) and assigning him/her a risk category the classification of the possible products happen before the (investor classified), classifying the financial products accord- proposal of an adequate solution. The regulative constraints ing to the possible risk levels (classif y). In the profiling will implement this connection without the need of modifying process, the intermediary commits to evaluate, with the help the specification of the sales actions. of a simulation, financial products in order to identify one Pre-MiFID sale business protocol. This business pro- that suits the client (C(f p, inv, evaluation)). Such evaluation tocol foresees an initial state containing a commitment, (fi evaluation) commits the intermediary to propose a product C(f p, inv, invested), from the intermediary to the investor with an risk level, that is adequate to the investor’s profile to find a good investment. The actions involve three parties: (C(f p, inv, proposed RiskL)). This commitment is crucial to satisfy the MiFID’s requirements. A solution that is not 1 http://www.alice.unibo.it/xwiki/bin/view/Tuprolog/ adequate can be discarded (fi discard). In this case the in- termediary’s commitments will be canceled. The withdrawal phase of MiFID is implemented by the action withdraw, which concludes a contract by aborting it and by releasing the commitment from the bank to execute the order. The selection and evaluation of a new proposal are modeled as a new interaction. (f) interview means investor identified, document supplied if ¬investor identified ∧ ¬contract abort ∧ ¬contract ended ∧ ¬rejected proposal ∧ ¬fi discarded. (g) profile means CREATE(C(fp, inv, evaluation)), investor classified if ¬investor classified ∧ investor identified ∧ ¬contract ended ∧ ¬contract abort ∧ ¬rejected proposal ∧ ¬fi discarded. (h) classify means classified if ¬classified ∧ ¬contract abort ∧ ¬contract ended ∧ ¬rejected proposal ∧ ¬fi discarded ∧ ¬proposed RiskL. (i) fi evaluation means CREATE(C(fp, inv, proposed RiskL)), evaluation if classified ∧ investor identified ∧ ¬evaluation ∧ ¬contract abort ∧ ¬contract ended ∧ ¬rejected proposal ∧ ¬fi discarded. (j) fi discard means fi discarded, CANCEL(C(fp, inv, invested)), CANCEL (C(fp, inv, proposed RiskL)) if evaluation ∧ ¬proposed RiskL ∧ ¬contract abort ∧ ¬contract ended ∧ ¬fi discarded. (k) order verification means order verified, Fig. 3. MiFID with regimented propose solution. CREATE (C(bank, inv, executed order)) if ¬order verified ∧ order signed. (l) withdraw means contract abort, RELEASE (C(bank, inv, executed order)), Finally, before the contract is sent to the client the data of the CANCEL (C(inv, bank, contract ended)) if contract sent ∧ ¬contract ended ∧ ¬contract abort. order must have been verified by the bank. Figure 2 gives an idea of the embedding of MiFID inside the sales protocol: the Adding only the specific MiFID actions, and the com- pink part corresponds to the old sales protocol, the green and mitment (produced by fi evaluation) by the intermediary to gray parts altogether correspond to the legal execution of the propose a product with a risk level that corresponds to that enriched protocol. of the investor are not enough to implement the directive. Actions (f–j) should be executed before the actual sale occurs, Analysis of the MiFID business protocol. The MiFID while (k) and (l) complete the sales process (see Section II). business protocol produces the graph in Figure 2. Each state in This could be done by modifying the action that implement a the graph represents a possible configuration of the social state. sale but this is not in the powers of the MiFID regulation, as Arrows correspond to actions and are directed. The source is we have explained. This directive, in fact, is to be composed a state where the “if” condition of the action labeling the arc with the definition of sale. In this setting, in order to analyze holds. The target is, instead, the state obtained by applying the the violations that could take place in real intermediation meaning of the executed action to the source state. States that contexts, the business protocol must show the same degree are drawn as diamonds with an incoming red arrow represent of flexibility that intermediaries and banks have when dealing the fact that a before constraint has been violated. Some states with their clients. The integration of the new directive with the are yellow, the meaning (independently from the shape) is previous regulation is, therefore, done by means of a set of that some response constraints are not fulfilled yet. White 2CL constraints, which relate facts and commitments which states (independently from the shape) mean that there are some can appear in the social state and, in particular, those pertaining active commitments (not discharged, released or canceled). MiFID and those pertaining sales. Hereafter are reported the Final acceptable states are white and are denoted by double 2CL constraints that capture the most relevant dictates of the circles. MiFID regulation: Figure 2 shows most of the possible executions of the MiFID business protocol. Among them, it is, first of all, (c1) C(f p, inv, invested) •−. investor identif ied∧ document supplied worthwhile to notice the part highlighted in pink. This part (c2) investor classif ied −.• C(f p, inv, propose riskL) corresponds to the pre-MiFID interaction but the colors show (c3) evaluation ∧ ¬f i discarded −.• proposed RiskL that in presence of the new directive, this kind of interaction (c4) order verif ied −.• contract sent is totally illegal. The other parts that are worthwhile to notice (c1) states that once the intermediary took the commitment are the ones respectively highlighted in gray and in green. The to serve the investor, he/she must have the investor identified green part corresponds again to the pre-MiFID interaction but and must supply the necessary documentation to him/her. (c2) now immersed in the additional activities foreseen by MiFID. expresses the fact that before committing to propose a solution The gray part at the beginning amounts to the identification, with a certain degree of risk, the investor must have been qualification, profiling and evaluation phases. The little gray classified. (c3) states that before proposing a financial product parts in the bottom correspond to the new MiFID activities of it is necessary to have it positively evaluated by the simulation. verification (by the bank) and withdrawal, that the client can Fig. 2. Excerpt of the execution paths of MiFID. execute. These two activities naturally find their correct place inside the sales interaction. The colors also help to highlight the modular composition of the regulations. All other paths amount to possible violations, as expected since we aggregated actions that have no mutual preconditions. The designer, by analyzing the graph, can identify the points where it could be helpful to intervene to reduce the possible violations, for instance, by applying enforcement policies or by regimenting some steps. For example, in Figure 2, one action on which it would make sense to intervene is propose solution by adding the condition ¬fi discarded ∧ evaluation, obtaining the graph in Figure 3. Of course, this choice depends on many factors Fig. 4. Sale and MiFID dependency graph. (e.g. the cost of the implementation of the prospected solution, or the time needed to update the financial services office’s software) that are out of the scope of the directive. achievement is obtained thanks to an explicit separation of the constitutive and of the regulative aspects, the regulative V. C ONCLUSION AND R ELATED W ORKS ones (represented by dashed arrows in Figure 4) playing as We have proposed a declarative approach to business pro- “zippers” that tie stratified specifications. tocol specification that extends [1] by explicitly including Telang and Singh [1] proposed the first commitment-based 2CL temporal regulations. We implemented a tuProlog ex- approach to representing business models and identified a tended commitment machine which was applied to the MiFID set of common patterns of interaction, that can be used by case study, whose output allows the analysis of the business the business analyst. Our proposal extends the one in [1] protocol and of possible violations. The protocols that we by enriching the representation of the constitutive rules with tackle are typical of contexts, like MAS, where norms are the representation of expressive regulative rules. The achieved seen as soft constraints, i.e. as standards that can be violated modularity is an added value in the modeling of business [13], [26] – as the Dalai Lama sentence in the title suggests. interactions governed by regulations that stratify along time. Indeed, in these contexts it is important to define mechanisms This is, indeed, often the case in the real world, as the for detecting possible violations and decide about possible MiFID case study witnesses. Moreover, we supply an analysis regimentations/enforcements. One of the main advantages of tool that supports the business analyst in performing task the declarative approach, that we have proposed for the repre- like: understanding the impact of new regulations on the sentation of business protocol, is that it supports a modular business model or deciding about enforcement policies or composition of such protocols, as hoped for in [27]. This regimentation. Recently, many works, like [11], [26], focused on the [7] J. Searle, The construction of social reality. New York: Free Press, problem of verifying the compliance of a business process 1995. [8] C. Cherry, “Regulative Rules and Constitutive Rules,” The Philosophical to a body of norms. This issue is related to the one we have Quarterly, vol. 23, no. 93, pp. 301–315, 1973. faced because it concerns business processes that are subject to [9] M. Winikoff, W. Liu, and J. Harland, “Enhancing Commitment Ma- regulations. However, it is different in that the business process chines,” in In Proc. of DALT 2004, ser. LNCS, vol. 3476. Springer, 2004, pp. 198–220. is rigidly modeled as a (YAWL or BPM) workflow, and the [10] “Directive 2004/39/EC of the European Parliament and of the Council verification aims at checking if this process strictly respects of 21 April 2004 on markets in financial instruments,” pp. 1–44. the norms, providing, in some cases, a yes or no answer [11] D. D’Aprile, L. Giordano, V. Gliozzi, G. Martelli, A.and Pozzato, and D. Theseider Duprè, “Verifying business process compliance by and, in some others, a degree of compliance. In contrast, our reasoning about actions,” in Proc. of the 11th international conference commitment-based approach allows a declarative definition of on Computational logic in multi-agent systems, ser. CLIMA’10. Berlin, business models that reduces the gap between the specification Heidelberg: Springer-Verlag, 2010, pp. 99–116. [12] G. Gibilaro, “Cassazione Civile Sentenza, Sez. SS.UU., 19/12/2007, of the regulation itself (normative level, what is allowed or n. 26724 e 26725. intermediazione finanziaria, nullità del contratto e forbidden) and the one of how achieving the business goals risarcimento del danno,” 2007. (business process level). The aim is to support the business [13] A. J. I. Jones and M. Sergot, On the characterization of law and computer systems: the normative systems perspective. New York, analyst in the analysis of the possible interactions and of the NY, USA: John Wiley & Sons, Inc., 1994, pp. 275–307. [Online]. possible violations, to help him/her in performing strategical Available: http://portal.acm.org/citation.cfm?id=180954.180966 decisions. [14] P. Yolum and M. P. Singh, “Commitment Machines,” in Intelligent Agents VIII, 8th International Workshop on Agent Theories, Architec- Another work that it is worthwhile to mention, even though tures, and Languages (ATAL), ser. LNCS, vol. 2333. Springer, 2001, it does not directly tackle business processes and regulations, pp. 235–247. is [28] by Sergot. This work discusses the relationship between [15] A. Chopra, “Commitment Alignment: Semantics, Patterns, and Deci- sion Procedures for Distributed Computing,” Ph.D. dissertation, North the norms that govern a single agent with those that express a Carolina State University, Raleigh, NC, 2009. designer’s view on what overall system behaviors are deemed [16] M. Baldoni, C. Baroglio, and E. Marengo, “Behavior-Oriented to be legal. Also in this case the focus is posed on a Commitment-based Protocols,” in Proc. of ECAI, ser. Frontiers in Artificial Intelligence and Applications, H. Coelho, R. Studer, and compliance of the resulting interactions with the norms. As M. Wooldridge, Eds., vol. 215. IOS Press, 2010, pp. 137–142. for the previously cited works, this proposal foresees two [17] M. Baldoni, C. Baroglio, I. Brunkhorst, N. Henze, E. Marengo, and models that are to be compared, and to this aim a colored V. Patti, “ Constraint Modeling for Curriculum Planning and Validation,” International Journal of Interactive Learning Environments, vol. 19, labeled transition system is used. The main difference w.r.t. no. 1, pp. 83–123, 2011. our proposal is that while in Sergot’s approach the focus is [18] M. Montali, Specification and Verification of Declarative Open Inter- on verifying the behavior of a single agent against a global action Models: a Logic-Based Approach, ser. LNBIP. Springer, 2010, vol. 56. model, in our case the focus is on supplying agents a tool for [19] E. A. Emerson, “Temporal and Modal Logic,” in Handbook of Theo- verifying the behavior of the others w.r.t. a global model, that retical Computer Science, J. van Leeuwen, Ed. North-Holland Pub. is based only on the observational behavior and on a shared Co./MIT Press, 1990, vol. B: Formal Models and Sematics, pp. 995– 1072. meaning of actions. It would be interesting to study how to [20] P. Yolum and M. P. Singh, “Designing and Executing Protocols using the combine the two approaches in order to supply a complete Event Calculus,” in Proceedings of the Fifth International Conference toolkit to the business analyst. on Autonomous Agents, 2001, pp. 27–28. [21] A. K. Chopra and M. P. Singh, “Contextualizing Commitment Proto- Acknowledgements: This research has partially been funded col,” in 5th International Joint Conference on Autonomous Agents and by “Regione Piemonte” through the project ICT4LAW. Multiagent Systems (AAMAS 2006). ACM, 2006, pp. 1345–1352. [22] N. Fornara and M. Colombetti, “A Commitment-Based Approach To R EFERENCES Agent Communication,” Applied Artificial Intelligence, vol. 18, no. 9- 10, pp. 853–866, 2004. [1] P. R. Telang and M. P. Singh, “Abstracting Business Modeling Patterns [23] L. Giordano, A. Martelli, and C. Schwind, “Specifying and Verifying from RosettaNet,” in Service-Oriented Computing: Agents, Semantics, Interaction Protocols in a Temporal Action Logic,” Journal of Applied and Engineering, 2010. Logic, vol. 5, no. 2, pp. 214–234, 2007. [2] M. Pesic and W. M. P. van der Aalst, “A Declarative Approach [24] M. El-Menshawy, J. Bentahar, and R. Dssouli, “Verifiable Semantic for Flexible Business Processes Management,” in Business Process Model for Agent Interactions Using Social Commitments,” in LAn- Management Workshops (BPM 2006), ser. LNCS, J. Eder and S. Dustdar, guages, methodologies and Development tools for multi-agent systemS Eds., vol. 4103. Springer, 2006, pp. 169–180. (LADS 2009), ser. LNCS, vol. 6039. Springer, 2010, pp. 128–152. [3] M. Montali, M. Pesic, W. M. P. van der Aalst, F. Chesani, P. Mello, [25] ——, “Symbolic Model Checking Commitment Protocols using Re- and S. Storari, “Declarative Specification and Verification of Service duction,” in Declarative Agent Languages and Technologies VIII, Choreographiess,” ACM Transactions on the Web (TWEB), vol. 4, no. 1, A. Omicini, S. Sardina, and W. Vasconcelos, Eds. Toronto, Canada: 2010. Springer, 2011. [4] M. P. Singh, “An Ontology for Commitments in Multiagent Systems,” [26] G. Governatori, “Law, Logic and Business Processes,” in Proc. of Artificial Intelligence and Law, vol. 7, no. 1, pp. 97–113, 1999. Requirements Engineering and Law, RELAW 2010. IEEE, 2010, pp. [5] M. Baldoni, C. Baroglio, E. Marengo, and V. Patti, “Constitutive 1–10. [Online]. Available: http://ieeexplore.ieee.org/xpls/abs\ all.jsp? and Regulative Specifications of Commitment Protocols: a Decoupled arnumber=5625356 Approach,” ACM Transactions on Intelligent Systems and Technology, [27] T. Miller and J. McGinnis, “Amongst first-class protocols,” in Proc. of Special Issue on Agent Communication, 2011, to appear. Eng. Societies in the Agents World VIII, ser. LNCS, vol. 4995. Springer, [6] E. Marengo, M. Baldoni, A. K. Chopra, C. Baroglio, V. . Patti, 2008, pp. 208–223. and M. P. Singh, “Commitments with Regulations: Reasoning about [28] M. Sergot, “Action and agency in norm-governed multi-agent systems,” Safety and Control in REGULA,” in In Proc. of the 10th International in Engineering Societies in the Agents World VIII. Springer, 2008, pp. Conference on Autonomous Agents and Multiagent Systems, AAMAS 1–54. 2011. IFAAMAS, 2011, to appear.