Exploring Regulatory Change Management

  • Release version: Yokohama
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Regulatory Change Management

    The Regulatory Change Management (RCM) application helps organizations efficiently manage regulatory changes by integrating with third-party regulatory intelligence providers. It offers structured workflows to assess the applicability and impact of regulatory alerts, and to implement necessary risk and compliance changes. This enables organizations to maintain regulatory compliance proactively in a rapidly changing regulatory environment.

    Show full answer Show less

    Key Features

    • Integration with Regulatory Intelligence Providers: Consumes regulatory alerts through integrations with providers such as Thomson Reuters Regulatory Intelligence (TRRI) or public RSS feeds.
    • Internal Regulatory Taxonomy: Allows creation of a customized taxonomy mapped to external taxonomies, organizing regulatory content by content type, jurisdiction, regulatory body, sector, and theme.
    • Regulatory Alert Triage and Impact Assessment: Users with defined roles review alerts, assign tasks, and perform configurable impact assessments to determine relevance and necessary actions.
    • Action Planning and Task Management: Coordinators devise action plans, create tasks for risk and compliance teams, and track task progress with due dates until completion.
    • Reporting and Dashboards: Provides audit trails and compliance status reports to monitor regulatory change management activities effectively.
    • Smart Assessment Engine: Enables enhanced impact assessments directly on regulatory alerts, supporting collaboration among multiple stakeholders.
    • Next Experience Collaboration Tools: Supports discussion and chat collaboration, including virtual agent assistance, to improve teamwork on regulatory cases.
    • Compliance Workspace Integration: Available within Compliance Workspace for a consolidated view of regulatory activities and streamlined workflow management.
    • Now Assist for Integrated Risk Management: Leverages generative AI and agentic workflows to automate analysis, summarization, and impact assessment, enabling faster and more accurate compliance actions.

    How It Works in Practice

    Regulatory change managers monitor and manage alerts daily, reviewing and assigning them to appropriate users. Subject matter experts assess impacts, and coordinators develop and manage action plans. Compliance and risk teams execute tasks tracked through the system until all changes are implemented and closed. The centralized task interface in Compliance Workspace ensures accountability and timely responses.

    Benefits for ServiceNow Customers

    • Streamlines regulatory change monitoring and response processes, reducing manual effort.
    • Facilitates integration with trusted regulatory data sources for up-to-date intelligence.
    • Improves compliance readiness through structured workflows and impact assessments.
    • Enhances collaboration across risk, compliance, and business teams with dedicated roles and communication tools.
    • Provides visibility into regulatory compliance status via dashboards and reports.
    • Incorporates AI-powered insights to accelerate decision-making and action planning.

    The Regulatory Change Management application provides a framework that your organization can use to integrate with third-party regulatory intelligence providers to keep up with the regulatory changes and external regulations.

    Regulatory Change Management overview

    The Regulatory Change Management application enables you to manage your upcoming regulatory changes efficiently. The application provides the structured workflows that help your organization to assess the applicability of the regulatory changes, assess their impact, and implement risk and compliance-related changes.

    The following infographic shows the process flow of the Regulatory Change Management application.

    Figure 1. Process flow of the Regulatory Change Management application
    Regulatory Change Management process flow.

    The Regulatory Change Management application works with the following types of components:

    • Integration component: The regulatory intelligence partners typically provide the integration component. Through this integration, you can consume regulatory alerts into your instance.
    • Application framework component: The Regulatory Change Management application has an application framework component. This component provides the structured workflows that you can use to analyze and process the regulatory alerts that are received in the regulatory alerts table.
    The Regulatory Change Management application consists of the following workflow:
    1. Manage regulatory taxonomy: Create an internal regulatory taxonomy that is specific to the ServiceNow AI Platform. You can map the taxonomy with the external taxonomies that are provided by the third-party regulatory intelligence providers for standardization. The internal taxonomy contains the following design elements:
      • Content Type
      • Jurisdiction
      • Regulatory Body
      • Sector
      • Theme

      You can create and map these elements with the external taxonomy during the setup process.

    2. Integrate for regulatory intelligence: Integrate with the third-party regulatory intelligence providers and consume the alerts into your instance at regular intervals. You can monitor regulatory data in a rapidly changing environment.
    3. Triage regulatory events: Analyze the regulatory alerts and identify the regulatory events that are relevant to your organization.
    4. Assess impact: Assess the impact of regulatory events by using configurable impact assessment methodologies.
    5. Manage changes: Identify changes that should be done. These changes are implemented through the following action tasks:
      • Update the underlying GRC objects, such as the policies, processes, risks, and controls in the regulatory library.
      • Update the existing citations or import the new citations from the providers in the regulatory library.
    6. View reports and dashboards: Assess the state of the regulatory compliance by using reports and dashboards. You can maintain an audit trail of the compliance activities.

    The following diagram shows the workflow of the Regulatory Change Management application.

    Figure 2. Workflow of the Regulatory Change Management application
    Regulatory Change Management workflow. For a text description, refer to the text that precedes this diagram.

    Key product innovations

    The following infographic shows the process for making innovations for the key products of the Regulatory Change Management application.

    Figure 3. Process for innovating key products
    Infographic that shows how to make key product innovations. A text description of the process follows.
    The steps to complete the Regulatory Change Management process flow to innovate key products are:
    1. Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or a subscription provider such as Thomson Reuters Regulatory Intelligence (TRRI) that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
    2. Set up an internal taxonomy. The taxonomy elements are different classifiers that an organization can apply to its regulatory content to categorize it. You can use the taxonomy elements to create a hierarchical structure of the different classifications for setting up the regulatory content for an organization.
    3. Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.

      A user with sn_grc_reg_change.user and sn_grc_comp_genai.reg_change_ai_user roles can generate AI-powered recommendations for a regulatory alert for the impacted citations, control objectives, and controls.

    4. Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same coordinator or to a new coordinator.
    5. Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that must complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks must be created or if some of the action tasks aren’t necessary.
    6. Complete the action tasks and send them for review to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they’re completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.

    A day in the life of a regulatory change manager

    A user with the sn_grc_reg_change.manager role (RCM manager) monitors, manages, decides, and verifies the regulatory changes on a daily basis.

    The following infographic depicts a typical day for a regulatory change management.

    Figure 4. Typical day of a regulatory change manager
    A user with the regulatory change manage role passes through various phases on a daily-basis.