A hypergraph-based regulatory obligation modeling system for broker-dealers, combining SEC, FINRA, and BSA/AML requirements into queryable obligation structures.
Traditional compliance systems store regulations and controls in flat tables or simple graphs. This loses critical information:
- Multi-way relationships: "SEC 15c3-1 + FINRA 4110 + SOX 404 together create a daily capital monitoring obligation" can't be expressed as pairwise edges
- Composition: Higher-order obligations derive from lower-order ones, creating a reasoning chain
- Impact analysis: When a regulation changes, you need to trace through composed obligations to find all affected controls
This implementation uses SurrealDB to model obligations as hyperedges connecting multiple citations and concepts.
┌─────────────────────────────────────────────────────────────────────────┐
│ HYPERGRAPH STRUCTURE │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ CITATIONS (Order 1 - Primitive Facts) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ SEC 15c3-1 │ │ FINRA 4110 │ │ BSA SAR │ │
│ │ Net Capital │ │ Early Warning│ │ Reporting │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ └────────┬────────┘ │ │
│ │ │ │
│ OBLIGATIONS (Order 2 - Composed Hyperedges)│ │
│ ┌───────────────▼──────────────┐ ┌──────▼───────────────┐ │
│ │ Capital Monitoring │ │ Transaction │ │
│ │ Obligation │ │ Surveillance │ │
│ │ ───────────────────────── │ │ Obligation │ │
│ │ Citations: [15c3-1, 4110] │ │ ──────────────── │ │
│ │ Concepts: [Net Capital, │ │ Citations: [SAR, │ │
│ │ Customer Funds] │ │ AML Prog] │ │
│ └───────────────┬──────────────┘ └──────┬───────────────┘ │
│ │ │ │
│ └───────────┬─────────────┘ │
│ │ │
│ OBLIGATIONS (Order 3 - Higher Composition) │
│ ┌───────────────────────────▼──────────────────────────┐ │
│ │ Financial Responsibility Program │ │
│ │ ────────────────────────────────────────────────── │ │
│ │ Parent Obligations: [Capital Monitoring, ...] │ │
│ │ Concepts: [Net Capital, Margin, Customer Funds] │ │
│ └───────────────────────────┬──────────────────────────┘ │
│ │ │
│ CONTROLS (Implementation) │ │
│ ┌───────────────────────────▼──────────────────────────┐ │
│ │ CTRL-FIN-001: Daily Net Capital Computation │ │
│ │ System: NetCap Module | Owner: Treasury │ │
│ └──────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
# 1. Start SurrealDB
docker-compose up -d
# 2. Initialize schema and data
chmod +x setup.sh
./setup.sh
# 3. Install JS dependencies (optional, for programmatic access)
npm install
# 4. Open Surrealist to run queries
# Go to https://surrealist.app
# Connect to: http://localhost:8000
# Namespace: compliance
# Database: broker_dealer
# Auth: root / root-- What's affected if SEC 15c3-1 changes?
LET $direct = (
SELECT id, title FROM obligation
WHERE citations[*].rule_id CONTAINS 'SEC Rule 15c3-1'
);
LET $indirect = (
SELECT id, title FROM obligation
WHERE parent_obligations[*].id INSIDE $direct[*].id
);
LET $controls = (
SELECT control_id, system FROM control
WHERE obligations[*].id INSIDE array::concat($direct[*].id, $indirect[*].id)
);
RETURN { direct: $direct, indirect: $indirect, controls: $controls };-- Find obligations spanning SEC + FINRA + BSA
SELECT title, order, citations.*.framework.name AS frameworks
FROM obligation
WHERE array::len(array::distinct(citations[*].framework)) > 1
FETCH citations.framework;-- Find connected obligations through shared concepts
LET $start = obligation:capital_monitoring;
LET $concepts = (SELECT concepts FROM $start)[0].concepts;
SELECT id, title, 'shared_concept' AS connection
FROM obligation
WHERE id != $start AND concepts ANYINSIDE $concepts;- Rule 15c3-1: Net Capital Requirements
- Rule 15c3-3: Customer Protection
- Rule 17a-4: Records Retention
- Regulation SHO: Short Sales
- Regulation T: Margin Credit
- Rule 4110: Capital Compliance
- Rule 3110: Supervision
- Rule 4370: Business Continuity
- Rule 2111: Suitability
- Rule 4512: Customer Account Information
- 31 CFR 1023.210: AML Program
- 31 CFR 1023.320: SAR Requirements
- 31 CFR 1010.311: CTR Requirements
- 31 CFR 1023.220: CIP Requirements
- OFAC Sanctions Requirements
| Obligation | Frameworks | Key Concepts |
|---|---|---|
| Capital Monitoring | SEC, FINRA | Net Capital, Customer Funds |
| Customer Due Diligence | BSA, FINRA | Customer Onboarding, Sanctions |
| Transaction Surveillance | BSA, FINRA | Monitoring, Supervision |
| Margin/Short Compliance | SEC | Margin, Short Selling |
| Records Retention | SEC, FINRA, BSA | Recordkeeping |
| Obligation | Composes | Purpose |
|---|---|---|
| Customer Lifecycle | CDD + Surveillance + Records | End-to-end customer compliance |
| Financial Responsibility | Capital + Margin | Integrated financial controls |
| AML Program Integrated | CDD + Surveillance + Currency | Unified AML framework |
├── schema.surql # Database schema
├── seed-data.surql # Frameworks, citations, concepts
├── obligations.surql # Composed obligations and controls
├── queries.surql # Example queries for analysis
├── client.js # JavaScript client library
├── docker-compose.yml # SurrealDB container
├── setup.sh # Initialization script
└── package.json # Node dependencies
CREATE citation:new_rule SET
rule_id = 'New Rule 123',
title = 'New Requirement',
text = 'Description of the requirement...',
framework = framework:sec,
topics = ['relevant', 'topics'];CREATE obligation:new_obligation SET
title = 'New Composed Obligation',
description = 'How multiple rules combine...',
citations = [citation:rule1, citation:rule2],
concepts = [concept:concept1, concept:concept2],
order = 2,
obligation_type = 'control',
frequency = 'daily',
responsible_party = 'Compliance';CREATE obligation:higher_order SET
title = 'Program-Level Obligation',
description = 'Integrates multiple obligations...',
citations = [...], -- All underlying citations
concepts = [...],
parent_obligations = [obligation:ob1, obligation:ob2],
order = 3,
...;- Regulatory Examination Prep: Pull all obligations and controls for a topic
- Change Impact Analysis: Trace regulation changes through the obligation graph
- Control Gap Analysis: Find obligations without control coverage
- Cross-Framework Mapping: See how SEC, FINRA, and BSA interact
- Audit Provenance: Trace any control back to its regulatory basis