FinComp

Compliance for digital platforms involves navigating regulations and legal standards, resulting in a costly process that requires ongoing effort due to inherent uncertainties. The perspectives of various professionals (e.g., compliance officers, security engineers, auditors) are needed to co-design software and processes to meet legal, business and many other requirements. Audits help assess compliance, but offer only a temporary snapshot that cannot handle changes.

The Financial Compliance (FinComp) project by fortiss aims to ensure compliance both by design and in runtime. It focuses on modeling organizational systems and processes, and integrating knowledge to assist in redesigning activities. Partnering with a multinational financial firm in Europe, fortiss is testing developing the research-driven model-based approach using empirical data from IT security and financial scenarios (e.g., end-of-year audits).

In this project, fortiss contributes with three main results:

• a method for modeling and remodeling the compliance-relevant world of the organization from qualitative and quantitative data;
• a toolchain for establishing a single point of compliance truth across different facets, building audit trails, and enabling dynamic assurance of software assets;
• a set of ontologies for representing the relevant classes and instances of the organizational environment, and providing human- and machine-comprehensible rules.

01.01.2023. – 31.12.2025