As business policies and environments change constantly, there is a need for service-oriented systems to be compliant, yet adaptive. The solution proposed in this paper is based on a clear architectural separation of policy specification, enforcement strategy and realization. Policy compliance is worked out as a rule transformation process mediating between the business policy language SBVR and Condition-Action (CA) rules. The solution supports adaptation caused by business policy evolution as well as adaptation caused by service evolution. In addition, the paper describes a novel truly service-oriented way of implementing compliance management and enforcement of business policies drawing on Adaptive Service Oriented Architecture (ASOA).