FinComp

FinComp

Assuring compliance of digital platforms in finance

FinComp

fortiss analyzes and develops research-driven approaches for establishing and assuring compliance of digital platforms in the financial domain. Using modeling and redesign of compliance-relevant measures in a multinational company, the aim is to provide a method with a toolchain for enabling compliance-by-design and compliance-in-runtime.

Project description

Compliance for digital platforms involves navigating regulations and legal standards, resulting in a costly process that requires ongoing effort due to inherent uncertainties. The perspectives of various professionals (e.g., compliance officers, security engineers, auditors) are needed to co-design software and processes to meet legal, business and many other requirements. Audits help assess compliance, but offer only a temporary snapshot that cannot handle changes.

The Financial Compliance (FinComp) project by fortiss aims to ensure compliance both by design and in runtime. It focuses on modeling organizational systems and processes, and integrating knowledge to assist in redesigning activities. Partnering with a multinational financial firm in Europe, fortiss is testing developing the research-driven model-based approach using empirical data from IT security and financial scenarios (e.g., end-of-year audits).

Research contribution

In this project, fortiss contributes with three main results:

  • a method for modeling and remodeling the compliance-relevant world of the organization from qualitative and quantitative data;
  • a toolchain for establishing a single point of compliance truth across different facets, building audit trails, and enabling dynamic assurance of software assets;
  • a set of ontologies for representing the relevant classes and instances of the organizational environment, and providing human- and machine-comprehensible rules.

Project duration

01.01.2023. – 31.12.2025

 Tomas Bueno Momcilovic

Your contact

Tomas Bueno Momcilovic

+49 89 3603522 266
momcilovic@fortiss.org

Publications

  • 2024 Towards Assuring EU AI Act Compliance and Adversarial Robustness of LLMs Tomas Bueno Momčilović , Beat Buesser , Giulio Zizzo , Mark Purcell and Dian Balta In AI Act Workshop, 19th International Conference on Wirtschaftsinformatik, September 2024, Würzburg, Germany, 2024. Details URL BIB
  • 2024 Emergent Needs in Assuring Security-Relevant Compliance of Information Systems Tomas Bueno Momčilović and Dian Balta In EICC 2024: European Interdisciplinary Cybersecurity Conference, pages 46–49, Xanthi, Greece, 2024. Association for Computing Machinery. Details DOI BIB
  • 2024 Challenges of Assuring Compliance of Information Systems in Finance Tomas Bueno Momčilović and Dian Balta In Software Quality as a Foundation for Security. SWQD 2024, volume 505 of Lecture Notes in Business Information Processing, pages 135–152, 2024. Springer. Details DOI BIB