Exploring Regulatory Change Management

  • Release version: Zurich
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Regulatory Change Management

    The Regulatory Change Management (RCM) application in ServiceNow provides a structured framework to help organizations efficiently monitor, assess, and respond to regulatory changes by integrating with third-party regulatory intelligence providers. It automates the intake of regulatory alerts, supports impact assessments, and guides the implementation of necessary compliance and risk management actions through defined workflows.

    Show full answer Show less

    Key Features

    • Integration with Regulatory Intelligence Providers: Enables automated consumption of regulatory alerts via RSS feeds or subscription services such as Thomson Reuters Regulatory Intelligence, keeping your organization updated with the latest regulatory developments.
    • Regulatory Taxonomy Management: Allows creation of an internal taxonomy tailored to your organization, mapping key elements like content type, jurisdiction, regulatory body, sector, and theme to external taxonomies for standardization.
    • Structured Workflow for Regulatory Change Processing: Includes triaging alerts, assessing their impact using configurable methodologies, devising action plans, assigning tasks to compliance and risk teams, and tracking task completion until closure.
    • Role-Based Task Management: Distinct roles such as RCM manager, RCM user, coordinators, and subject matter experts facilitate collaboration, review, and approval of regulatory changes and associated tasks.
    • AI-Powered Assistance: Users with appropriate roles can generate AI-driven recommendations for impacted citations, control objectives, and controls to enhance decision-making and accelerate assessments.
    • Compliance Workspace Integration: The RCM application is accessible through the Compliance Workspace, providing a centralized, task-focused interface that offers visibility into regulatory activities, upcoming changes, and compliance statuses.
    • Impact Assessment and Smart Assessment Engine: Enables evaluation of regulatory alerts’ relevance and impact directly, promoting efficient collaboration among stakeholders using a unified assessment framework.
    • Now Assist for IRM Integration: Leverages generative AI and agentic workflows to streamline analysis, summarization, and impact assessments, empowering compliance teams to respond quickly and accurately.

    Practical Use and Benefits for ServiceNow Customers

    • Stay Current and Compliant: By integrating regulatory feeds, your organization can proactively monitor regulatory changes without manual web checks, reducing risk of non-compliance.
    • Standardize and Organize Regulatory Content: The internal taxonomy ensures that regulatory data is categorized and mapped consistently, fostering clarity and easier management across teams.
    • Efficient Regulatory Change Processing: Structured workflows and role-based task assignments streamline the lifecycle from alert review to impact assessment and implementation of changes, improving accountability and traceability.
    • Enhanced Decision Making with AI: AI-generated recommendations assist compliance teams in identifying relevant controls and citations, saving time and improving accuracy.
    • Unified Compliance Oversight: The Compliance Workspace landing page and task management provide a holistic view of regulatory activities, making it easier for managers to monitor progress and compliance status daily.
    • Audit and Reporting: Built-in reporting and dashboards enable ongoing visibility into compliance status and maintain audit trails of regulatory management activities.

    The Regulatory Change Management application provides a framework that your organization can use to integrate with third-party regulatory intelligence providers to keep up with the regulatory changes and external regulations.

    Regulatory Change Management overview

    The Regulatory Change Management application enables you to manage your upcoming regulatory changes efficiently. The application provides the structured workflows that help your organization to assess the applicability of the regulatory changes, assess their impact, and implement risk and compliance-related changes.

    The following infographic shows the process flow of the Regulatory Change Management application.

    Figure 1. Process flow of the Regulatory Change Management application
    Regulatory Change Management process flow.

    The Regulatory Change Management application works with the following types of components:

    • Integration component: The regulatory intelligence partners typically provide the integration component. Through this integration, you can consume regulatory alerts into your instance.
    • Application framework component: The Regulatory Change Management application has an application framework component. This component provides the structured workflows that you can use to analyze and process the regulatory alerts that are received in the regulatory alerts table.
    The Regulatory Change Management application consists of the following workflow:
    1. Manage regulatory taxonomy: Create an internal regulatory taxonomy that is specific to the ServiceNow AI Platform. You can map the taxonomy with the external taxonomies that are provided by the third-party regulatory intelligence providers for standardization. The internal taxonomy contains the following design elements:
      • Content Type
      • Jurisdiction
      • Regulatory Body
      • Sector
      • Theme

      You can create and map these elements with the external taxonomy during the setup process.

    2. Integrate for regulatory intelligence: Integrate with the third-party regulatory intelligence providers and consume the alerts into your instance at regular intervals. You can monitor regulatory data in a rapidly changing environment.
    3. Triage regulatory events: Analyze the regulatory alerts and identify the regulatory events that are relevant to your organization.
    4. Assess impact: Assess the impact of regulatory events by using configurable impact assessment methodologies.
    5. Manage changes: Identify changes that should be done. These changes are implemented through the following action tasks:
      • Update the underlying GRC objects, such as the policies, processes, risks, and controls in the regulatory library.
      • Update the existing citations or import the new citations from the providers in the regulatory library.
    6. View reports and dashboards: Assess the state of the regulatory compliance by using reports and dashboards. You can maintain an audit trail of the compliance activities.

    The following diagram shows the workflow of the Regulatory Change Management application.

    Figure 2. Workflow of the Regulatory Change Management application
    Regulatory Change Management workflow. For a text description, refer to the text that precedes this diagram.

    Key product innovations

    The following infographic shows the process for making innovations for the key products of the Regulatory Change Management application.

    Figure 3. Process for innovating key products
    Infographic that shows how to make key product innovations. A text description of the process follows.
    The steps to complete the Regulatory Change Management process flow to innovate key products are:
    1. Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or a subscription provider such as Thomson Reuters Regulatory Intelligence (TRRI) that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
    2. Set up an internal taxonomy. The taxonomy elements are different classifiers that an organization can apply to its regulatory content to categorize it. You can use the taxonomy elements to create a hierarchical structure of the different classifications for setting up the regulatory content for an organization.
    3. Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.

      A user with sn_grc_reg_change.user and sn_grc_comp_genai.reg_change_ai_user roles can generate AI-powered recommendations for a regulatory alert for the impacted citations, control objectives, and controls.

    4. Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same coordinator or to a new coordinator.
    5. Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that must complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks must be created or if some of the action tasks aren’t necessary.
    6. Complete the action tasks and send them for review to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they’re completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.

    A day in the life of a regulatory change manager

    A user with the sn_grc_reg_change.manager role (RCM manager) monitors, manages, decides, and verifies the regulatory changes on a daily basis.

    The following infographic depicts a typical day for a regulatory change management.

    Figure 4. Typical day of a regulatory change manager
    A user with the regulatory change manage role passes through various phases on a daily-basis.