FinComp

fortiss analyzes and develops research-driven approaches for establishing and assuring compliance of digital platforms in the financial domain. Using modeling and redesign of compliance-relevant measures in a multinational company, the aim is to provide a method with a toolchain for enabling compliance-by-design and compliance-in-runtime.

Project description

Compliance for digital platforms involves navigating regulations and legal standards, resulting in a costly process that requires ongoing effort due to inherent uncertainties. The perspectives of various professionals (e.g., compliance officers, security engineers, auditors) are needed to co-design software and processes to meet legal, business and many other requirements. Audits help assess compliance, but offer only a temporary snapshot that cannot handle changes.

The Financial Compliance (FinComp) project by fortiss aims to ensure compliance both by design and in runtime. It focuses on modeling organizational systems and processes, and integrating knowledge to assist in redesigning activities. Partnering with a multinational financial firm in Europe, fortiss is testing developing the research-driven model-based approach using empirical data from IT security and financial scenarios (e.g., end-of-year audits).

Research contribution

In this project, fortiss contributes with three main results:

a method for modeling and remodeling the compliance-relevant world of the organization from qualitative and quantitative data;
a toolchain for establishing a single point of compliance truth across different facets, building audit trails, and enabling dynamic assurance of software assets;
a set of ontologies for representing the relevant classes and instances of the organizational environment, and providing human- and machine-comprehensible rules.

Project duration

01.01.2023. – 31.12.2025

Your contact

Tomas Bueno Momcilovic

+49 89 3603522 266
momcilovic@fortiss.org

Publications

2024 Towards Assuring EU AI Act Compliance and Adversarial Robustness of LLMs Tomas Bueno Momčilović, Beat Buesser, Giulio Zizzo, Mark Purcell and Dian Balta In AI Act Workshop, 19th International Conference on Wirtschaftsinformatik, September 2024, Würzburg, Germany, Details URL BIB
2024 Emergent Needs in Assuring Security-Relevant Compliance of Information Systems Tomas Bueno Momčilović and Dian Balta In EICC 2024: European Interdisciplinary Cybersecurity Conference, pages 46–49, Xanthi, Greece, Association for Computing Machinery. Details DOI BIB
2024 Challenges of Assuring Compliance of Information Systems in Finance Tomas Bueno Momčilović and Dian Balta In Software Quality as a Foundation for Security. SWQD 2024, volume 505 of Lecture Notes in Business Information Processing, pages 135–152, Springer. Details DOI BIB

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo