Regulatory alerts

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulatory alerts

    Regulatory alerts aggregate various regulatory events and documents sourced from multiple regulatory intelligence providers, helping you stay informed about ongoing regulatory changes. These alerts are managed within the ServiceNow Regulatory Change Management application, which transforms, maps, and presents the information in regulatory alert tables. Each alert record contains metadata to assist stakeholders in translating regulatory changes, formulating action plans, and ensuring compliance.

    Show full answer Show less

    Types of Alerts and Associated Tasks

    • Regulatory Event Alerts: Provide updates, news, and insights on regulatory changes. These alerts originate from RSS feeds and represent general or upcoming regulatory changes.
    • Source Document Alerts: Indicate specific changes to citations within authority documents. These alerts are available when integrated with third-party providers (e.g., Thomson Reuters) and focus on precise document updates.

    Each alert type triggers distinct regulatory tasks when marked applicable by users with appropriate roles:

    • Regulatory Change Task: For regulatory event alerts, used to evaluate changes and update GRC objects such as policies, controls, and risk statements.
    • Source Document Import Task: For source document alerts, used to update or insert citations into the regulatory library.

    Alert Management and User Roles

    Alerts can be assigned or unassigned. Assigned alerts have a coordinator and are assigned to users with roles such as sngrcregchange.manager, sngrcregchange.user, or sngrcregchange.admin. Unassigned alerts can be acted upon with options including update, mark applicable, defer, initiate impact assessment, or cancel.

    When an unassigned alert is marked applicable, the relevant regulatory task is created automatically. Alerts marked not applicable are closed with comments.

    Role-based access controls:

    • Users with sngrcregchange.admin or sngrcregchange.manager roles can access all alerts.
    • Users with sngrcregchange.user can view only alerts assigned to them.

    Alert states include New, Deferred, Impact Assessment, In Progress, and Closed.

    Maintenance and Automation

    The application offers automated table cleaners to remove alerts marked not applicable and processed registry file records at user-specified intervals. Only administrators can configure and execute cleanup activities.

    Performing Actions and Enhancements

    • You can assign alerts, initiate impact assessments, and mark alerts as applicable directly within the application.
    • AI capabilities enable adding AI-recommended citations to regulatory alerts through the GRC: Predictive Intelligence application.
    • Activating the Governance, Risk, and Compliance Predictive Intelligence plugin allows machine learning to recommend correct citations automatically, enhancing accuracy and efficiency.
    • Both regulatory event and source document alerts can be reviewed, managed, and assigned to appropriate users to streamline compliance workflows.

    Regulatory alerts are an aggregation of different regulatory events and documents that are sourced from multiple regulatory intelligence providers. Similar to web feeds, a regulatory alert is a record of these regulatory changes. Such changes are frequently updated, and the alerts help you stay informed about the regulatory landscape.

    The Regulatory Change Management application transforms and maps the alerts. The application provides the information in regulatory alert tables.

    The Regulatory Change Management life cycle starts with the regulatory alert record. Each regulatory alert record contains metadata that helps stakeholders to translate the changes, create an action plan, and implement actions to comply with the regulatory changes.

    With the Regulatory Change Management application, you can use the regulatory alerts to inform the users about regulatory updates.

    Types of alerts and associated regulatory tasks

    Different types of alerts are displayed under the Regulatory Alerts module in the Regulatory Change Management application.

    You can use the following types of regulatory alerts:
    • Regulatory event alerts: Signify alerts, provide updates to news, and provide insights on regulatory changes. Alerts are by default regulatory event alerts. All RSS feeds result in a regulatory alert record.
    • Source document alerts: Signify changes to the citations. Citations are like various sections of an authority document. ServiceNow® GRC offers the Network Frontiers Unified Compliance Framework (UCF) integration. The integration creates authority documents after the import, and it creates corresponding citations under each authority document. When an existing citation is updated or a new citation is inserted, it signifies a change in the source document. Source document alerts are only available when integrating with a third-party regulatory intelligence provider; for example, Thomson Reuters.

    The difference between a regulatory event alert and a source document alert is scope. Regulatory event alerts signify general alerts for general changes and for upcoming regulatory changes. In contrast, source document alerts signify changes that are specific to the citations. When an existing citation is updated or a new citation is inserted, it signifies a change in the source document.

    The different types of alerts each involve a separate set of regulatory tasks. These tasks are created whenever a user with the sn_grc_reg_change.user or sn_grc_reg_change.admin role takes an alert and then marks it as applicable. These tasks are the following:
    • Regulatory change task: This task is created for regulatory event alerts. The task is used to evaluate the changes and to update the GRC objects, such as policies, controls, and risk statements in the library.
    • Source document import task: This task is created for source document alerts. The task is used to update an existing citation or to insert a new citation that is received from the provider into the regulatory library.

    Alerts and user roles

    Alerts can have different states. The main property of an alert is whether it’s assigned or unassigned. For assigned alerts, the Coordinator field has a value. An alert can be assigned either to a user with the sn_grc_reg_change.manager role or the sn_grc_reg_change.user or sn_grc_reg_change.admin role. In contrast, an unassigned alert isn’t assigned to anyone.

    You can do various actions on unassigned alerts. These actions are the following:
    • Update
    • Applicable
    • Defer
    • Initiate Impact Assessment
    • Not Applicable
    • Cancel Regulatory Alert
    • Delete

    When an unassigned regulatory event alert is marked as applicable, a regulatory change task is created. When an unassigned source document alert is marked as applicable, a source document import task is created.

    When an unassigned alert is marked as not applicable with due comments, its state is updated as Closed in the regulatory alert form.

    Assigned alerts can have different states. These states are the following:
    • New
    • Deferred
    • Impact Assessment
    • In Progress
    • Closed

    In terms of user roles, all alerts can be accessed by users with either the sn_grc_reg_change.admin role or the sn_grc_reg_change.manager role. Users with the sn_grc_reg_change.user role can view assigned alerts that are assigned to them, but they can’t view unassigned alerts or alerts that are assigned to other people.

    Table cleaners for regulatory alerts

    The alert records that are marked as not applicable must be cleaned at regular intervals. The Regulatory Change Management application provides table cleaners for cleaning the alert records automatically. Users specify the time and frequency for the cleanup activity. Only users with the sn_grc_reg_change.admin role can perform cleanup activities.

    Similarly, registry file records that have been processed can be cleaned at specified time intervals.