Exploring Regulatory Change Management
Summarize
Summary of Exploring Regulatory Change Management
The Regulatory Change Management application in ServiceNow offers a structured framework to help organizations efficiently track, assess, and respond to regulatory changes. By integrating with third-party regulatory intelligence providers, the application enables continuous consumption of regulatory alerts, supporting your organization in staying compliant with evolving external regulations.
Show less
This solution streamlines the regulatory change lifecycle—from receiving alerts to assessing their impact and implementing necessary compliance and risk-related updates—through defined workflows and automation.
Key Features
- Integration with Regulatory Intelligence Providers: Connect to external sources such as RSS feeds or subscription services like Thomson Reuters Regulatory Intelligence to automatically ingest regulatory alerts into your ServiceNow instance.
- Internal Regulatory Taxonomy Management: Create and map a customized taxonomy aligned with your organization’s needs and external regulatory classifications, including content type, jurisdiction, regulatory body, sector, and theme. This standardizes regulatory data for better categorization and analysis.
- Regulatory Alert Triage and Impact Assessment: Assign regulatory alerts to appropriate users for review and determine their relevance to your organization. Utilize configurable methodologies and a Smart Assessment Engine to evaluate the impact of regulatory changes efficiently, involving subject matter experts as needed.
- Change Management Workflow: Develop action plans to address applicable regulatory changes, assign tasks to relevant teams, and track progress with approvals from compliance managers. Tasks may include updating policies, processes, risks, controls, and citations within the Governance, Risk, and Compliance (GRC) framework.
- Compliance Monitoring and Reporting: Use dashboards and reports within the Compliance Workspace to monitor regulatory compliance status, maintain audit trails, and ensure accountability for regulatory change activities.
- Collaboration and Communication: Leverage built-in collaboration tools such as Discuss and Next Experience Chat to facilitate teamwork and communication around regulatory change management cases.
- Compliance Workspace Integration: Access the Regulatory Change Management application directly within the Compliance Workspace, providing a centralized, task-centric interface for managing regulatory events, source documents, and compliance workflows with real-time visibility.
Typical User Workflow
A regulatory change manager (sngrcregchange.manager role) reviews incoming alerts, delegates reviews to coordinators or users (sngrcregchange.user role), and oversees the impact assessment process. Impact assessments performed by subject matter experts guide whether a regulatory change requires action. Coordinators then devise and assign action plans, which are reviewed and approved by managers. All tasks are tracked with due dates until completion, ensuring regulatory compliance is maintained and documented.
Practical Benefits for ServiceNow Customers
- Stay current with regulatory changes by automating the intake of alerts from trusted external sources.
- Standardize regulatory content using customizable taxonomies to improve analysis and response accuracy.
- Enhance collaboration and accountability through role-based assignments, approvals, and unified communication tools.
- Streamline compliance workflows to reduce manual effort, improve impact assessment quality, and maintain an auditable trail of regulatory activities.
- Gain comprehensive visibility into regulatory change status and compliance readiness via integrated dashboards in Compliance Workspace.
The Regulatory Change Management application provides a framework that your organization can use to integrate with third-party regulatory intelligence providers to keep up with the regulatory changes and external regulations.
Regulatory Change Management overview
The Regulatory Change Management application enables you to manage your upcoming regulatory changes efficiently. The application provides the structured workflows that help your organization to assess the applicability of the regulatory changes, assess their impact, and implement risk and compliance-related changes.
The following infographic shows the process flow of the Regulatory Change Management application.
The Regulatory Change Management application works with the following types of components:
- Integration component: The regulatory intelligence partners typically provide the integration component. Through this integration, you can consume regulatory alerts into your instance.
- Application framework component: The Regulatory Change Management application has an application framework component. This component provides the structured workflows that you can use to analyze and process the regulatory alerts that are received in the regulatory alerts table.
- Manage regulatory taxonomy: Create an internal regulatory taxonomy that is specific to the ServiceNow AI Platform. You can map the taxonomy with the external taxonomies that are provided by the third-party regulatory intelligence providers for standardization. The internal taxonomy contains the following
design elements:
- Content Type
- Jurisdiction
- Regulatory Body
- Sector
- Theme
You can create and map these elements with the external taxonomy during the setup process.
- Integrate for regulatory intelligence: Integrate with the third-party regulatory intelligence providers and consume the alerts into your instance at regular intervals. You can monitor regulatory data in a rapidly changing environment.
- Triage regulatory events: Analyze the regulatory alerts and identify the regulatory events that are relevant to your organization.
- Assess impact: Assess the impact of regulatory events by using configurable impact assessment methodologies.
- Manage changes: Identify changes that should be done. These changes are implemented through the following action tasks:
- Update the underlying GRC objects, such as the policies, processes, risks, and controls in the regulatory library.
- Update the existing citations or import the new citations from the providers in the regulatory library.
- View reports and dashboards: Assess the state of the regulatory compliance by using reports and dashboards. You can maintain an audit trail of the compliance activities.
The following diagram shows the workflow of the Regulatory Change Management application.
Key product innovations
The following infographic shows the process for making innovations for the key products of the Regulatory Change Management application.
- Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or a subscription provider such as Thomson Reuters Regulatory Intelligence (TRRI) that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
- Set up an internal taxonomy. The taxonomy elements are different classifiers that an organization can apply to its regulatory content to categorize it. You can use the taxonomy elements to create a hierarchical structure of the different classifications for setting up the regulatory content for an organization.
- Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.
- Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same coordinator or to a new coordinator.
- Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that must complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks must be created or if some of the action tasks aren’t necessary.
- Complete the action tasks and send them for review to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they’re completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.
A day in the life of a regulatory change manager
A user with the sn_grc_reg_change.manager role (RCM manager) monitors, manages, decides, and verifies the regulatory changes on a daily basis.
The following infographic depicts a typical day for a regulatory change management.