OMG Publishes 'Management of Regulation and Compliance (MRC)' Request for Proposal
The OMG's (Object Management Group) Regulatory Compliance SIG (Special Interest Group) has produced its first major deliverable with the publication of the "Management of Regulation and Compliance (MRC)" RFP (http://www.omg.org/cgi-bin/doc?bmi/2009-9-24). Submissions for MRC will be based on the OMG's Business Motivation Model (http://www.omg.org/spec/BMM/1.0/).
- There is a large volume of regulation. It is difficult for a business, especially a small or medium business (SMB), to keep up to date with all of it.
- Regulations come from many sources, and interact. Interaction can range from overlap of scope and common requirements to direct conflicts in requirements.
- Regulations are often ambiguous. Ambiguity may be internal to a regulation, where the definitions of the terms used are not precise, or between regulations, where the same terms are taken to mean different things in different, related contexts.
The Problem Statement of this RFP (Section 6.1) is an exceptionally high-quality discussion of the management of regulation and compliance. Its eleven pages is essential reading for anyone involved with management of regulation and compliance, whether or not they have plans to respond to this RFP.
One important aspect is that regulation generally cannot be applied "as is" — it has to be interpreted with regard to what the regulated organization does and how it does it, including how it decided to respond to earlier, related regulations.
The RFP calls for a metamodel of interpreted regulation and compliance actions and a vocabulary for them, as well as an interchange specification for model content. This is to be done by extending the Business Motivation Model in two ways:
- Expanding the simple BMM concept of 'Regulation' into a model that supports the requirements of this RFP;
- Supporting a federated BMM that allows multiple organizations to interact on shared content. Examples of this (supported by use cases) include:
- A corporate model for an 'internal regulator' providing global compliance policies and guidance for their localization by operational units, such as national offices, manufacturing plants, service centers. This approach is discussed further in Appendix D of the RFP.
- An interest group negotiating interpretation and compliance action with regulators and publishing the outcomes to its members. Support for documentation of agreement with regulators (including non-repudiation) would be required.
- Regulatory concepts and vocabulary for describing, categorizing, and connecting regulations, their interpretations, and acceptable compliance actions.
- Interpreted regulation, including overrides, exceptions, and 'safe harbor' rules.
- Compliance action, of two types:
- What a regulated organization decides (or is advised) to do in order to comply with a regulation;
- What a regulated organization decides (or is advised) to do in order to correct an 'out of compliance' situation.
Both MRC metamodel vocabulary and instance model content are to be defined in a form consistent with the "Semantics of Business Vocabulary and Business Rules (SBVR)" interchange specification (http://www.omg.org/spec/SBVR/1.0/PDF/), so that vocabulary and MRC instance models can be imported from and exported to SBVR tools. The SBVR interchange specification itself is encouraged for the interchange of instance models and parts of models.
Initial Submissions against the MRC RFP are due by May 24, 2010, and adoption is currently scheduled for March 2011.
Anyone interested in participating in the development for the RFP Submission should contact John Hall (John.Hall@ModelSystems.co.uk).
# # #