Banner Image


Promoting Regulatory Compliance through Software Architecture

February 2, 2018

Regulations are put in place for the well-being of citizens. Compliance, therefore, needs to be a way to ensure that state of well-being. According to Kohlberg, the pre-conventional morality stage of human beings is characterized by obedience or suppression of one’s desires only because of fear of punishment or for self-interest, whereas the conventional morality stage involves rote adherence to laws or social conventions to maintain order. However, the final post-conventional stage – also called the stage of principled morality – involves viewing laws as a means to an end, and puts values such as human dignity and fairness as guiding principles for complying with the essence of the law. So, how do we build systems that incorporate these values?

Well, we believe that compliance should be anchored in such a way that software systems, by design, incorporate these guiding principles, so that laws are followed in spirit and not just in letter. Our goal is to transform the regulatory compliance landscape by creating software systems that promote and enable increasingly self-regulated and compliant behavior among citizens. Automating different aspects of compliance will also go a long way in spreading compliance culture.

Given below is an architecture framework (5 Is) that we would like to put forward in our endeavor to promote compliance in citizens.

Here, the purpose of the intelligence layer is to collect relevant regulation and organizational data and store it in a central repository for future analysis. Newly-introduced regulations or changes in an existing regulation (for example, a new law of the land, addition of a new clause, or change in its definition or applicability) are a case in point. This layer ensures that new regulations and changes in existing regulations are detected in a timely manner and are taken into account while designing policies, processes, and systems.

The interpretation layer automates the deciphering of complex legalese in terms of its implications for software engineering. Since regulations are ambiguous, organizations that must adhere to them often fail to prevent breaches that happen in real life. If potential breaches are arrested by way of disambiguation of the text, we may be able to build systems that inherently value and enable human dignity and fairness.

The machinery in this layer employs proprietary models for making sense of regulations. We have employed ‘word embedding’ to learn semantic information of the domain vocabulary and recurrent neural networks (RNNs) to capture additional relevant information.

The impact layer is designed to assess the repercussions a new regulation – or a change in an existing regulation – may have on organizational policies, processes, and systems. Tracing regulations back to organizational artifacts helps the system stay committed to bridging the gap between the intended purpose of a regulation and the organization’s functioning.

The purpose of the implementation layer is to incorporate the identified business constraints from regulation texts with respect to impacted entities. The implementation may take on forms that problems at hand deem suitable. For example, to comply with regulations regarding sexual harassment of women employees, we could deploy an app that enables them to identify a circle of trust and pushes this visualization onto the dashboards of devices used by supervisors, family members, and vehicle drivers. This kind of data-based visualization can help in creating a deterrent (due to the anticipated fear of group action).

The purpose of the integration layer is to consolidate the data collected by the intelligence layer, generate reports for creating awareness about regulatory compliance among employees and, of course, prove compliance to stakeholders (including regulators).

From a software design perspective, the architecture is designed to enable building of software systems that appeal to the ethics, emotions, and logic of human beings. It will also help enhance their sensitivities about the consequences of undesired behavior, thereby promoting compliance in spirit.

In what form do you foresee such compliance systems being used in your industry? Do share your views in the comments section.

Dr. Smita Ghaisas is a Principal Scientist and the Head of a Research and Innovation program on Regulatory Compliance at Tata Consultancy Services Ltd., India. Her current research interests include disambiguation and interpretation of complex texts such as regulations by employing deep learning techniques, coupled with learning theory-based experiments in crowdsourcing of interpretation tasks. As the leader of the Research and Innovation program on Regulatory Compliance, Smita has evolved an approach anchored in theoretical constructs from Behavioral Science. With her team, she has evolved a solution to semi-automate regulatory compliance using a 5I architecture.