Currently, the BV API signature check is configured in a separate profile in the engine pom.xml. It'd seem more consistent to move this to tck-runner module instead, as the signature check really is a part of the TCK.
More importantly, the compatibility check should also be set to “strictcheck”, to prevent any changes in the validated API. Currently, e.g. an added annotation or method in the new BV API version would not be discovered. This can be achieved like so: