Yeah. Hi everyone. This is Han Pu from University of Central Missouri. Today I'll talk about building regulatory compliance systems by design not as an afterthought. We will explore how architectural patterns like event sourcing by temporal data graph lineage CQRS, APAC and adaptive learning can turn compliance into an enabler and instead of a burden let's go to our. Topic the regulatory pressure landscape the regulatory pressure landscape is evolving rapidly global institutions face risking complexity in areas like a ML data, privacy and risk management. Traditional compliance methods often come in late creating bottleneck and always with penalties. We will look. At why this reactive mindset is unsustainable. Okay. So if you look at the numbers say each all escalating market growth in rec tech, billions of dollars in penalties and huge manual overload, the cost of doing compliance is reactively massive instead of patching systems after every new rule. We need to architect them to participate, to anticipate regulation from like day one. So for that. The compliance by design is what we introduced. So as the name sets it all it flips the mindset rather than vaulting on controls later over. Compliance is basically it's like a design, structural design principle. When compliance is built into our architecture, like security scalability, performance, reduce risk, improve agility, and regular trust. In simple words. It's not a checklist anymore it's a design strategy. Coming to the next one let's see, what are the patterns? So these are the three fun, foundational and fundamental patterns. One is even sourcing by temporal data and graph metadata. So even sourcing is this is for like immutable audit trails bitemporal data. This is for like time accuracy and graph metadata is for traceability. Together all these three fundamental patterns they make the systems naturally compliant, transparent, consistent, and audible. Next event let's look into this like one by one. One is event sourcing. Event sourcing means every change is captured as an event never over return. It's like keeping a diary instead of editing yesterday's entry. Technically it's an append only lock with playable history and cryptographic integrity. For regulators, that means this is like full traceability and non reputation, so the data is ever lost or. Ever hidden. There is no concept of that. So in this case, no data is lost at all. So let's go to the Bitemporal data models. Bitemporal modeling tracks two timelines. One is transaction timeline. The other one is valid time. So what is transaction time? So transaction time is nothing. But when it happened in real life what is valid time? Valid time is nothing. But when the system learned about it, this dual view allows reconstruction of. Reality at any point, even after corrections. It's vital for audit accuracy and regulatory trust. Let's go to our third pattern, which is graph based lineage. Compliance depends on knowing where data came from and how it changed. Graph based lineage uses notes and edges to map data flow across microservices and systems. You can visually trace a report number all the way to its data source. This ensures transparency for auditors and easy impact analysis for engineers. Next is CQRS. CQRS is command query Responsibility Segregation. So this one separates right and read parts, the common side. Validates transactions enforces compliance rules while the query site is optimized for audits monitoring and reporting. So this separation improves scalability performance. It is reg it is basically ideal for regulatory systems that need both accuracy and speed. A c. So a is attribute based access control goes beyond u user roles. It considers user attributes, data sensitivity, and context in real time. For example, an analyst in Europe can access Europe data under GDPR. While a contractor see MA data AB AAC policies are declarative and fully auditable making compliance dynamic and policy driving. Yes. Yep. Next adaptive, exceptional handling and reinforce hand learning. So compliance exceptions happen, but what if systems could learn from them? So this approach, this using reinforcement learning, we can detect exceptions pick optimal responses execute and improve over the time. The system evolves reducing recurring complex issues and adopting to new regulations intelligently. That is what adaptive Exception says. Coming to the next one, we talk about the architecture. So here is a view of implementation of effort across all the components, which we discussed so far. So even sourcing and CQRS requires significant work while AAC and bitemporal models are lighter lifts. This helps. To prioritize a phased adoption, like start small, prove the value scale gradually. Next, let's talk about the business value proposition. So the payoff is substantial. From reactive compliance to proactive assurance, from manual overhead to automated reporting from risk management to competitive differentiation. So embedding compliance, boost efficiency, trust and agility. Next let's talk about its implementation. This is a roadmap, a practical roadmap. First one is you assess all the gaps, map and map all the current obligations. Second one is design phase, where design around the core patterns. Third one is pilot implementation. You, we basically just pilot one domain to validate the results. Scale and optimize. So this is like wide and optimize this approach reduces risk while building the internal capability. So what are the key takeaways? Let's discuss. So to summarize. Compliance is not a burden. It's a structural principle. Architectural patterns like event sourcing bipolar bitemporal models, graph lineage, CQRS. Apac adoptive RL makes compliance seamless. By designing with regulation in mind. We turn complex into co into a competitive advantage. Yeah. Thank you for joining me. I hope this gave you some practical insights on building systems that are compliant by design, but not by ch but not by chance. Feel free to connect on LinkedIn or please reach out after this session. I would love to continue the discussion. Thank you.