Regulatory process flow and tasks

  • Release version: Washingtondc
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulatory Process Flow and Tasks

    The Regulatory Change Management process flow helps organizations manage and comply with regulatory changes through defined user roles and structured tasks. Regulatory alerts are obtained from external providers, including RSS feeds and services like Thomson Reuters Regulatory Intelligence (TRRI), ensuring timely updates on applicable regulatory changes.

    Show full answer Show less

    Key Features

    • User Roles: Different roles facilitate the workflow, including RCM Administrator, RCM Manager, RCM User, Business User, and Risk or Compliance Manager, each with specific responsibilities in the regulatory process.
    • Integration Setup: Customers can subscribe to regulatory bodies' public RSS feeds or curated intelligence from subscription providers to aggregate changes.
    • Internal Taxonomy: Organizations can create a structured taxonomy to categorize regulatory content effectively.
    • Impact Assessment: RCM Users and SMEs assess the impact of regulatory changes and determine the necessary actions.
    • Action Plan Development: Coordinators devise a compliant action plan and create tasks for relevant teams, subject to RCM Manager approval.

    Key Outcomes

    By following this process, organizations can effectively manage regulatory changes, ensure compliance, and maintain accountability throughout the workflow. The completion of action tasks, tracked with due dates, leads to the closure of regulatory alerts and tasks, signifying the end of the change process flow.

    The Regulatory Change Management process flow includes the tasks that different users can perform to help your organization manage and comply with regulatory changes.

    Regulatory alerts are sourced from the external providers that provide the data as regulatory alerts. The alert may be received as Really Simple Syndication (RSS) feeds or from an external provider such as the Thomson Reuters Regulatory Intelligence (TRRI). The Regulatory Change Management application receives the new regulatory changes that are applicable to an organization.

    The Regulatory Change Management application has the following user roles:

    • RCM administrator: A user who has the sn_grc_reg_change.admin role.
    • RCM Manager: A user who has the sn_grc_reg_change.manager role.
    • RCM User or coordinator: A user who has the sn_grc_reg_change.use role. This user ensures that the regulatory changes are assigned to the correct teams and that the changes are completed in time.
    • Business user role: A user who has the sn_grc.business_user role.
    • Risk or Compliance manager: A user who has the sn_risk.manager or sn_compliance.manager role. This user would perform the changes as part of the Regulatory Change Management application.
    For more information about the roles, see User roles in Regulatory Change Management.

    Regulatory Change Management process flow

    The following infographic shows the Regulatory Change Management process flow.

    Figure 1. Regulatory Change Management process flow and tasks performed by different users
    Regulatory process flow and tasks. For a text description, refer to the steps that follow.

    The steps to complete the Regulatory Change Management process flow are:

    1. Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or they can subscribe to a subscription provider such as TRRI that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
    2. Set up an internal taxonomy. The taxonomy elements are the different classifiers that an organization can apply to its regulatory content to categorize it. You can use taxonomy elements to create a hierarchical structure of different classifications for setting up the regulatory content for an organization.
    3. Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.
    4. Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same or a new coordinator.
    5. Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that need to complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks need to be created or if some of the action tasks aren’t necessary.
    6. Complete the action tasks. The compliance analyst sends the actions for approval to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all the risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they are completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.