Compliance Hypergraph

A hypergraph-based regulatory obligation modeling system for broker-dealers, combining SEC, FINRA, and BSA/AML requirements into queryable obligation structures.

Why Hypergraphs for Compliance?

Traditional compliance systems store regulations and controls in flat tables or simple graphs. This loses critical information:

• Multi-way relationships: "SEC 15c3-1 + FINRA 4110 + SOX 404 together create a daily capital monitoring obligation" can't be expressed as pairwise edges
• Composition: Higher-order obligations derive from lower-order ones, creating a reasoning chain
• Impact analysis: When a regulation changes, you need to trace through composed obligations to find all affected controls

This implementation uses SurrealDB to model obligations as hyperedges connecting multiple citations and concepts.

Data Model

┌─────────────────────────────────────────────────────────────────────────┐
│                           HYPERGRAPH STRUCTURE                          │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│   CITATIONS (Order 1 - Primitive Facts)                                 │
│   ┌──────────────┐  ┌──────────────┐  ┌──────────────┐                 │
│   │ SEC 15c3-1   │  │ FINRA 4110   │  │ BSA SAR      │                 │
│   │ Net Capital  │  │ Early Warning│  │ Reporting    │                 │
│   └──────┬───────┘  └──────┬───────┘  └──────┬───────┘                 │
│          │                 │                 │                          │
│          └────────┬────────┘                 │                          │
│                   │                          │                          │
│   OBLIGATIONS (Order 2 - Composed Hyperedges)│                          │
│   ┌───────────────▼──────────────┐   ┌──────▼───────────────┐          │
│   │ Capital Monitoring           │   │ Transaction          │          │
│   │ Obligation                   │   │ Surveillance         │          │
│   │ ─────────────────────────    │   │ Obligation           │          │
│   │ Citations: [15c3-1, 4110]    │   │ ────────────────     │          │
│   │ Concepts: [Net Capital,      │   │ Citations: [SAR,     │          │
│   │           Customer Funds]    │   │            AML Prog] │          │
│   └───────────────┬──────────────┘   └──────┬───────────────┘          │
│                   │                         │                           │
│                   └───────────┬─────────────┘                           │
│                               │                                         │
│   OBLIGATIONS (Order 3 - Higher Composition)                            │
│   ┌───────────────────────────▼──────────────────────────┐             │
│   │ Financial Responsibility Program                      │             │
│   │ ──────────────────────────────────────────────────    │             │
│   │ Parent Obligations: [Capital Monitoring, ...]         │             │
│   │ Concepts: [Net Capital, Margin, Customer Funds]       │             │
│   └───────────────────────────┬──────────────────────────┘             │
│                               │                                         │
│   CONTROLS (Implementation)   │                                         │
│   ┌───────────────────────────▼──────────────────────────┐             │
│   │ CTRL-FIN-001: Daily Net Capital Computation          │             │
│   │ System: NetCap Module | Owner: Treasury              │             │
│   └──────────────────────────────────────────────────────┘             │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘

Quick Start

# 1. Start SurrealDB
docker-compose up -d

# 2. Initialize schema and data
chmod +x setup.sh
./setup.sh

# 3. Install JS dependencies (optional, for programmatic access)
npm install

# 4. Open Surrealist to run queries
# Go to https://surrealist.app
# Connect to: http://localhost:8000
# Namespace: compliance
# Database: broker_dealer
# Auth: root / root

Key Queries

Impact Analysis

-- What's affected if SEC 15c3-1 changes?
LET $direct = (
  SELECT id, title FROM obligation
  WHERE citations[*].rule_id CONTAINS 'SEC Rule 15c3-1'
);

LET $indirect = (
  SELECT id, title FROM obligation
  WHERE parent_obligations[*].id INSIDE $direct[*].id
);

LET $controls = (
  SELECT control_id, system FROM control
  WHERE obligations[*].id INSIDE array::concat($direct[*].id, $indirect[*].id)
);

RETURN { direct: $direct, indirect: $indirect, controls: $controls };

Cross-Framework Obligations

-- Find obligations spanning SEC + FINRA + BSA
SELECT title, order, citations.*.framework.name AS frameworks
FROM obligation
WHERE array::len(array::distinct(citations[*].framework)) > 1
FETCH citations.framework;

Hypergraph Traversal

-- Find connected obligations through shared concepts
LET $start = obligation:capital_monitoring;
LET $concepts = (SELECT concepts FROM $start)[0].concepts;

SELECT id, title, 'shared_concept' AS connection
FROM obligation
WHERE id != $start AND concepts ANYINSIDE $concepts;

Regulatory Coverage

SEC (Securities Exchange Act)

• Rule 15c3-1: Net Capital Requirements
• Rule 15c3-3: Customer Protection
• Rule 17a-4: Records Retention
• Regulation SHO: Short Sales
• Regulation T: Margin Credit

FINRA

• Rule 4110: Capital Compliance
• Rule 3110: Supervision
• Rule 4370: Business Continuity
• Rule 2111: Suitability
• Rule 4512: Customer Account Information

BSA/AML

• 31 CFR 1023.210: AML Program
• 31 CFR 1023.320: SAR Requirements
• 31 CFR 1010.311: CTR Requirements
• 31 CFR 1023.220: CIP Requirements
• OFAC Sanctions Requirements

Composed Obligations (Order 2)

Obligation	Frameworks	Key Concepts
Capital Monitoring	SEC, FINRA	Net Capital, Customer Funds
Customer Due Diligence	BSA, FINRA	Customer Onboarding, Sanctions
Transaction Surveillance	BSA, FINRA	Monitoring, Supervision
Margin/Short Compliance	SEC	Margin, Short Selling
Records Retention	SEC, FINRA, BSA	Recordkeeping

Higher-Order Obligations (Order 3)

Obligation	Composes	Purpose
Customer Lifecycle	CDD + Surveillance + Records	End-to-end customer compliance
Financial Responsibility	Capital + Margin	Integrated financial controls
AML Program Integrated	CDD + Surveillance + Currency	Unified AML framework

Files

├── schema.surql        # Database schema
├── seed-data.surql     # Frameworks, citations, concepts
├── obligations.surql   # Composed obligations and controls
├── queries.surql       # Example queries for analysis
├── client.js           # JavaScript client library
├── docker-compose.yml  # SurrealDB container
├── setup.sh            # Initialization script
└── package.json        # Node dependencies

Extending

Add a New Regulation

CREATE citation:new_rule SET
  rule_id = 'New Rule 123',
  title = 'New Requirement',
  text = 'Description of the requirement...',
  framework = framework:sec,
  topics = ['relevant', 'topics'];

Compose a New Obligation

CREATE obligation:new_obligation SET
  title = 'New Composed Obligation',
  description = 'How multiple rules combine...',
  citations = [citation:rule1, citation:rule2],
  concepts = [concept:concept1, concept:concept2],
  order = 2,
  obligation_type = 'control',
  frequency = 'daily',
  responsible_party = 'Compliance';

Create Higher-Order Obligation

CREATE obligation:higher_order SET
  title = 'Program-Level Obligation',
  description = 'Integrates multiple obligations...',
  citations = [...],  -- All underlying citations
  concepts = [...],
  parent_obligations = [obligation:ob1, obligation:ob2],
  order = 3,
  ...;

Use Cases

1. Regulatory Examination Prep: Pull all obligations and controls for a topic
2. Change Impact Analysis: Trace regulation changes through the obligation graph
3. Control Gap Analysis: Find obligations without control coverage
4. Cross-Framework Mapping: See how SEC, FINRA, and BSA interact
5. Audit Provenance: Trace any control back to its regulatory basis