- Semantic Repository based on the Semantics of Business Vocabulary and business Rules (SBVR) standard
- Consists of the business and regulatory vocabularies and business and regulatory rulebooks that form the basis of the GRC common language
- A family of interlinked regulatory ontologies based on industry standards
- Captures regulatory concepts, taxonomies, and rules in formal semantics
- Enables efficient access to, and smarter consumption of financial services industry regulations
- A family of interlinked GRC ontologies based on industry standards
- Contains machine readable business and GRC vocabularies, concepts, and business controls descriptions related to given GRC business processes
- Provides software applications with the semantic backbone supporting their ability to integrate and federate siloed GRC data
- Enables efficient access and smarter analytics using NoSQL Graph Stores
A Semantic Repository for GRC
The family of GRC ontologies will be underpinned by a Semantic Repository based on the Semantics of Business Vocabulary and business Rules (SBVR) specification from OMG. Typically an SBVR repository consists of a Business Vocabulary and a Business Rulebook. The Vocabulary contains a cohesive set of interconnected concepts, not just a list of terms and definitions. The Rulebook contains business policies, operative business rules, and advices of permission that govern the business actions.
In business communications meaning can be fuzzy, ambiguous and not shared between those in the communication process. A controlled language can minimise ambiguity in business contracts, governance documentation and regulations. Likewise business jargon needs definitions that are clear, unambiguous, and universal in their meaning. Also business terms often mean different things in different business organisations, communities-of-practice and cultural and social contexts.
In the finance industry it is vital to have the meanings of financial industry terms in a repository so that different meanings of terms can be reconciled. An SBVR Vocabulary could, for example, enable the extraction of structured information from text documents—be they regulations, standards, governance policies and so on. Thus SBVR can enable the semantic integration of business documentation and, for example, business data. While SBVR provides a platform to clarify communication within and between GRC officers, business and other stakeholders, it has significant benefits for the IT function and vendors in the finance industry. A GRC SBVR rulebook could help define business rules, processes and data requirements and underpin the design of information systems that capture more effectively business meanings. This would reduce the business costs of the misinterpretation of governance policies, risk categories, compliance imperatives; it would also help reconcile data inconsistencies in data repositories and facilitate software redesign.
Financial Industry Regulatory Ontology
The Financial Industry Regulatory Ontology (FIRO) is a family of ontologies that enable efficient access to the wide and complex spectrum of regulations through formal semantics. As the semantic expression of the regulations governing financial services has not been the subject of comprehensive scientific investigation, this element of the GRC research initiative is essentially highly innovative. The financial services regulatory domain is being modelled in FIRO through an innovative approach that includes the semantic analysis of legal texts and rules by legal and financial subject matter experts (SMEs), their translation into a structured natural language, and the mapping of this regulatory natural language and rules this into machine language by ontology engineers. Regulatory ontology development is a non-trivial and challenging task. It is, in particular, a much more complex undertaking than developing ontologies for other domains, such as the Life Sciences’ biomedicine ontology. Part of this complexity stems from the fact that regulators define their policies independently of each other using different semantics for legal and business terms.
Thus, a regulatory ontology such as FIRO can help:
- Financial services companies to monitor, assess, and apply a multitude of regulations within and across regulatory domains to business processes and data
- Model the regulations to help simplify their consumption
- Make it simpler for enterprises to map GRC policies onto regulations and perform Regulatory Change Management
- Help organisations keep abreast of the ramifications of complex interacting regulatory rules and policies
- Reason over regulations to identify risks and compliance issues
- Contribute to the emergence of SMART Regulation.
In order to achieve the multiple use scenarios, we propose FIRO in two layers—conceptual and operational. This follows the EDM Council’s schema for FIBO.
Financial Industry GRC Ontology
The Financial Industry GRC Ontology (FIGO) consists of a family of ontologies that model the GRC eco-system in financial services. It also helps bridge the emerging EDMC/OMG Financial Industry Business Ontology (FIBO) and the Financial Industry Regulatory Ontology (FIRO). The proposed FIGO architecture is two layered architecture consisting of conceptual and operational layers. The conceptual layer will consist of foundational ontologies (FIGOf) that capture the semantics of, for example, the various categories of risk (e.g. Market, Credit, Insurance and Demographic and Operational Risk). The Operational layer (FIGOop) will be organisation-specific.
Both the foundational and operational layers will be expressed in the OMG Semantics of Business Vocabulary and business Rules (SBVR) as well as OLW2. The purpose of this will be to make the semantic models more accessible to both GRC professionals and software engineers alike.