Abstract
Companies need to be able to demonstrate compliance with rules and regulations, especially start-ups who typically do not have the legal expertise to identify, assess and address legal risks of initial business ideas, nor do they have the resources to hire such expertise. Tools could help them identify and deal with legal risk at an early stage. Existing research in BPM focuses on compliance verification of a consolidated business model by checking the ability of a company to comply with the standards. The challenge is to apply a ‘continuous improvement’ by steering the business on values. Moreover, legal choices typically sit at the strategic level, and not only at the operational level. In this paper, we therefore propose an approach to handle legal risks as part of business model development. The approach makes use of Continuous Business Model Planning method, a value-driven modeling approach for strategic planning, and legal argumentation. The suitability and potential usefulness of the approach is illustrated by a study of the Kenyan court case Lipisha & BitPesa vs. Safaricom.
Similar content being viewed by others
Notes
See (Muthuri 2017), also at http://amsdottorato.unibo.it/8268/.
Note that, the interpretations are extracted from the conclusion of the legal argumentation to develop a final prescription. The case above did not proceed to full hearing and we can therefore only speculate the final interpretation of the court. If CBK declines to accept the interpretation in this solution, the legal risk will persist. We will proceed to adopt this solution as the best alternative because it is the most plausible and compatible with: 1) Encourage innovation, attract investment and promote ease of doing business for a positive socio-economic impact through ICT; 2) Promote technology convergence with ought to include blockchain-enabled convergence of artificial intelligence (AI), Internet of Things, autonomous robotics, and virtual reality. 3) Support emerging ecosystems which ought to include, shared ledger systems and thereby to issue the relevant guidance and adaptive regulation to the financial sector.
References
Allweyer T (2016) BPMN 2.0: introduction to the standard for business process modeling. Books on demand
Amantea IA, Arnone M, Di Leva A, Sulis E, Bianca D, Brunetti E, Marinello R (2019) Modeling and simulation of the hospital-at-home service admission process. In: Proceedings of the 9th international conference on simulation and modeling methodologies, technologies and applications, SCITEPRESS—Science and Technology Publications, Lda, Setubal, PRT, SIMULTECH 2019, pp 293–300. https://doi.org/10.5220/0007928602930300
Amantea IA, Sulis E, Boella G, Marinello R, Bianca D, Brunetti E, Bo M, Fernández-Llatas C (2020) A process mining application for the analysis of hospital-at-home admissions. In: Pape-Haugaard LB, Lovis C, Madsen IC, Weber P, Nielsen PH, Scott P (eds) Digital Personalized Health and Medicine - Proceedings of MIE 2020, medical informatics Europe, Geneva, Switzerland, April 28 - May 1, 2020, IOS Press, Studies in health technology and informatics, vol 270, pp 522–526. https://doi.org/10.3233/SHTI200215
Atkinson K, Bench-Capon T, Bollegala D (2020) Explanation in ai and law: past, present and future. Artif Intell, p 103387
Becker J, Delfmann P, Eggert M, Schwittay S (2012) Generalizability and applicability of model-based business process compliance-checking approaches—a state-of-the-art analysis and research roadmap. BuR—Business Research, 5. https://doi.org/10.1007/BF03342739
Black J (2002) Regulatory conversations. J Law Soc 29:163–196
Blank S (2013) Why the lean start-up changes everything. Harvard Bus Rev 91(5):63–72
Boella G, Governatori G, Rotolo A, van der Torre L (2010) A logical understanding of legal interpretation. KR 2010:1–1
Boella G, Di Caro L, Humphreys L, Robaldo L, Rossi P, van der Torre L (2016) Eunomos, a legal document and knowledge management system for the web to provide relevant, reliable and up-to-date information on the law. Artif Intell Law, 24
Boella G, Calafiore A, Grassi E, Rapp A, Sanasi L, Schifanella C (2019) Firstlife: combining social networking and vgi to create an urban coordination and collaboration platform. IEEE Access 7:63230–63246. https://doi.org/10.1109/ACCESS.2019.2916578
Bowen PL, Cheung MYD, Rohde FH (2007) Enhancing it governance practices: a model and case study of an organization’s efforts. Int J Account Inf Syst 8(3):191–221
Dumas M, Van der Aalst WM, Ter Hofstede AH (2005) Process-aware information systems: bridging people and software through process technology. John Wiley & Sons, New York
Dumas M, La Rosa M, Mendling J, Reijers H (2018) Fundamentals of business process management, vol 1, 2nd edn. Springer, Berlin
Dworkin R (1977) Taking rights seriously. Duckworth, London
Elgammal A, Türetken O, Heuvel WJvd, Papazoglou M (2016) Formalizing and applying compliance patterns for business process compliance. Softw Syst Model, 15(1), 119-146
Gamma E, Helm R, Johnson R, Vlissides J (1994) Design patterns: elements of reusable object-oriented software. Pearson Educ
Governatori G, Zeleznikow J, de Koker L, Poblet M, Hashmi M, Romeu PC (2020) Rules as code will let computers apply laws and regulations. but over-rigid interpretations would undermine our freedoms.https://theconversation.com/rules-as-code-will-let-computers-apply-laws-and-regulations-but-over-rigid-interpretations-would-undermine-our-freedoms-149992, the Conversation Trust (UK) Limited
Gregor S, Hevner AR (2013) Positioning and presenting design science research for maximum impact. MIS Quarterly, pp 337–355
Guarino N, Andersson B, Johannesson P, Barbara L (2016) Towards an ontology of value ascription. In: Formal ontology in information systems: proceedings of the 9th international conference (FOIS 2016), IOS Press, vol 283, p 331
Hashmi M, Governatori G, Wynn MT (2016) Normative requirements for regulatory compliance: an abstract formal framework. Inf Syst Front 18(3):429–455
Hassan S, De Filippi P (2017) the expansion of algorithmic governance: from code is law to law is code . Field Actions Sci Rep
Hayes J (2014) The theory and practice of change management. Palgrave Macmillan, London
Hevner AR, Ram S, March ST (2004) Design science in information systems research. Manag Inf Syst Q 28(1):75–105
Höhenberger S, Riehle DM, Delfmann P (2016) From legislation to potential compliance violations in business processes—simplicity matters. In: 24th European conference on information systems, ECIS 2016, Istanbul, Turkey. 12–15 June 2016, Research Paper, p 188
Ingolfo S, Jureta I, Siena A, Perini A, Susi A (2014) Nomos 3: Legal compliance of roles and requirements. In: Concept Model , vol LNCS 8824, Springer, pp 275–288
Kartseva V, Hulstijn J, Gordijn J, Tan Y (2010) Control patterns in a health-care network. Eur J Inf Syst 19:320–343
Kim S (2011) Auditing methodology on legal compliance of enterprise information systems. Int J Technol Manag 54(2/3):270–287
Kiriinya RKM (2017) Designing compliance patterns: integrating value modeling, legal interpretation and argument schemes for legal risk management. PhD thesis, Universita degli studi di Bologna
Lindgren P, Rasmussen O (2013) The business model cube. J Multi Bus Model Innov Technol 1(3):135–180
Lu R, Sadiq S, Governatori G (2008a) Compliance aware business process design. In: ter Hofstede A, Benatallah B, Paik HY (eds) Business process management workshops, Springer, Heidelberg, pp 120–131
Lu R, Sadiq S, Governatori G (2008b) Measurement of compliance distance in business processes. Inf Syst Manag 25(4):344–355
Mohun J, Roberts A (2020) Cracking the code: rulemaking for humans and machines
zur Muehlen M, Rosemann M (2005) Integrating risks in business process models. In: 16th Australasian conference on information systems, ACIS 2005, p 50
Muthuri R (2017) Designing compliance patterns: Integrating value modeling, legal interpretation and argument schemes for legal risk management. PhD thesis, Univerity of Bologna, http://amsdottorato.unibo.it/8268/, erasmus Mundus Joint International Doctoral Degree in Law, Science and Technology
Muthuri R, Boella G, Hulstijn J, Capecchi S, Humphreys L (2017) Compliance patterns: Harnessing value modeling and legal interpretation to manage regulatory conversations. In: Proceedings of the 16th edition of the international conference on articial intelligence and law, ACM, New York, NY, USA, ICAIL ’17, pp 139–148. https://doi.org/10.1145/3086512.3086526
Naylor M (2017) The impact of disruptive technology. In: Insurance transformed, Springer, pp 47–92
Neil M, Summers RS (1991) Interpreting statutes: a comparative study
OMG (2011) Business process modeling and notation bpmn. Object Management Group (OMG) Specification. http://www.omg.org/spec/BPMN/2.0/PDF
OMG (2014) Model driven architecture guide revision 2.0. Object Management Group (OMG). https://www.omg.org/cgi-bin/doc?ormsc/14-06-01
OMG (2014) Value Delivery Modeling Language (VDML). OMG Document Number: dtc/2014-04-05. http://www.omg.org/spec/VDML/1.0
Osterwalder A, Pigneur Y (2010) Business model generation: a handbook for visionaries, game changers, and challengers. John Wiley & Sons, London
Peffers K, Tuunanen T, Rothenberger MA, Chatterjee S (2007) A design science research methodology for information systems research. J Manag Inf Syst 24(3):45–77. https://doi.org/10.2753/MIS0742-1222240302
Poels G, Roelens B, de Man H, van Donge T (2018) Continuous business model planning with the value management platform. In: Proceedings of the 12th international workshop on value modeling and business ontologies, p 18
Recker J (2010) Opportunities and constraints: the current struggle with bpmn. Bus Process Manag J
Roelens B, Poels G (2015) The development and experimental evaluation of a focused business model representation. Bus Inf Syst Eng 57(1):61–71. https://doi.org/10.1007/s12599-014-0363-z
Rotolo A, Governatori G, Sartor G (2015) Deontic defeasible reasoning in legal interpretation: two options for modelling interpretive arguments. In: Proceedings of the 15th international conference on artificial intelligence and law, ACM, pp 99–108
Sulis E, Amantea IA, Fornero G (2019a) Risk-aware business process modeling: a comparison of discrete event and agent-based approaches. In: 2019 Winter simulation conference (WSC), IEEE, pp 3152–3159
Sulis E, Cena C, Fruttero R, Traina S, Feletti LC, de Cosmo P, Armando L, Ambrosini S, Amantea IA, Boella G, Marinello R, Bianca D, Brunetti E, Bo M, Bianco A, Cattel F (2019b) Monitoring patients with fragilities in the context of de-hospitalization services: an ambient assisted living healthcare framework for e-health applications. In: IEEE 23rd international symposium on consumer technologies, ISCT 2019, Ancona, Italy, June 19-21, 2019, IEEE, pp 216–219. https://doi.org/10.1109/ISCE.2019.8900989
Sulis E, Terna P, Leva AD, Boella G, Boccuzzi A (2020) Agent-oriented decision support system for business processes management with genetic algorithm optimization: an application in healthcare. J Medical Syst 44(9):157. https://doi.org/10.1007/s10916-020-01608-4
Suriadi S, Weiß B, Winkelmann A, ter Hofstede AH, Adams M, Conforti R, Fidge C, La Rosa M, Ouyang C, Rosemann M et al (2014) Current research in risk-aware business process management: overview, comparison, and gap analysis. Commun AIS 34(1):933–984
Susskind RE (2008) The end of lawyers?: rethinking the nature of legal services. Oxford University Press, Oxford
Van der Aalst W (2011) Process mining: discovery, conformance and enhancement of business processes, vol 2. Springer, Berlin
Van der Aalst WM (2013) Business process management: a comprehensive survey. ISRN Software Engineering 2013
Weske M (2012) Business process management architectures. Springer, Berlin, pp 333–371
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix: survey questionnaire
Appendix: survey questionnaire
Rights and permissions
About this article
Cite this article
Muthuri, R., Capecchi, S., Sulis, E. et al. Integrating value modeling and legal risk management: an IT case study. Inf Syst E-Bus Manage 20, 27–55 (2022). https://doi.org/10.1007/s10257-021-00543-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10257-021-00543-2