Accept or dismiss recommendations for regulatory alert impacted controls

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read

    • Accept AI-generated recommendations in Regulatory Change Management to mark specific business areas as impacted so that you can help compliance practitioners capture and address the relevant regulatory alert for controls. You can also dismiss recommendations to filter out irrelevant or unnecessary information.

    Before you begin

    Important:
    This Now Assist skill is turned on by default. The skill will be automatically available to appropriate role users for the application. For more information, see Now Assist skills, agents, and agentic workflows on by default.

    Role required: To view your assigned regulatory alerts, you need the sn_grc_reg_change.user and sn_grc_comp_genai.reg_change_ai_user roles.

    Important:
    Be sure to check AI-generated recommendations for accuracy. If no information is available, the generated recommendations display "No recommendations available," "None," "No records to display," and so on.

    To learn about the related roles and regulatory alerts for a recommendation, see Types of alerts, user roles, and states of regulatory alerts.

    About this task

    The Recommendation Framework enables dynamic, AI-driven control recommendations by evaluating regulatory alert content against configurable control associations. This enhances impact analysis and improves compliance accuracy. When a regulatory alert is issued, the system generates relevant control suggestions. After reviewing each recommendation, compliance analysts can accept applicable controls to mark the corresponding business areas as impacted. For example, a regulatory alert related to Digital Operational Resilience Act (DORA) can prompt recommendations for controls such as Vendor Onboarding Procedures and Incident Response Protocols. After a compliance analyst reviews and accepts these controls, they can mark the relevant business areas as impacted and take steps to help ensure regulatory compliance while managing regulatory tasks.

    You can view the related activity for each recommendation by selecting the summary icon to open the Feedback trail side-panel.

    Procedure

    1. Navigate to one of the following locations:
      • Workspaces > Compliance Workspace, select the list icon and then navigate to Regulatory alerts.
      • Workspaces > Compliance Workspace select the Regulatory Change Management dashboard icon and then in the Activity overview, Tracking, or Trends section, select any segment or value in an Alerts related widget to open the list of regulatory alerts with that state.
    2. Select the regulatory alert that you want and review the recommendations by selecting the Recommendations tab.
      Note:
      If recommendations haven’t already been generated, you can generate recommendations for a regulatory alert in any state except Closed or Cancelled by completing one of the following.
      • On the Overview tab, select Recommend.
      • On the Recommendations tab, select Show recommendations.
      For more information, see Generate recommendations for regulatory alert impacted citations, control objectives, controls, and policies.
    3. Review potential impact areas by selecting the Controls tab in the Recommended areas of the impact section.
      The recommended controls only include controls that are part of the existing inventory.

      Details of the recommended control.

      Note:
      The Suggest business operations affected by regulatory alert recommendation context provides the recommendations that you see here. For more information, see Recommendation contexts and templates.

      If recommendations are available, you can scroll through the generated list of control recommendation cards and review the information about each control, such as its name and compliance status.

    4. Select the control recommendation card that you want and review the following sections:
      Field Description
      Name Name of the control.
      Status Status of the control: If it’s Compliant, Non Compliant, or Not Applicable.
      Function Operational role of the control. For example, Standard control or Common control.
      Owner Owner of the control.
      Entity Entity associated with the control.
      Category Domain or grouping to which the control belongs to.
      Type Type of control.

      Specifies whether the control is Manual, Automated, or Continuous.
      Description Description and summary of the control.
      Additional Information Additional information related to the control.
      Evaluate affected associations for controls
      Risks Related risks that can be associated with the control.
      For each risk, the following information is provided if available.
      • Name of the risk
      • Entity that the risk is associated with
      • Risk statement from which the risk is inherited
      • Risk statement

      For full descriptions of these fields, see Create a control objective, Create a policy, Create a control, and Create a risk manually.

    5. To associate risks with your recommendation, navigate to the Risks tab and select the check box for each risk record you want to include as part of the impacted areas.
      Each selected risk will be added as an impacted area after you accept the recommendation.
      Note:
      The control you’re reviewing may not have any risks associated with it. Risks must be mapped to controls in the inventory for them to appear.

      Details of the affected associations for controls.

    6. Optional: View the record for a control, refresh your recommendations, or review related activity for each recommendation.
      OptionDescription
      Select the details icon . View the record for a control.
      Select the refresh icon . Refresh the recommendations to reflect the latest data.
      Select the summary icon (). Open the Feedback trail side-panel to review the related activity for the recommendation.
    7. Accept or dismiss the recommendations and their associations.
      • Select Accept and then Confirm to accept a recommendation as an impacted area.
      • Select Dismiss and then Confirm to avoid a recommendation from being shown again.

      Before you act on a recommendation, you see a summary of the impact areas and associations that you’re accepting or dismissing.

      If you accept the recommendation, it’s marked as an impacted area and is added to the list of impacts. If you dismiss the recommendation, it’s marked as dismissed and isn't shown again for that specific regulatory alert.

    What to do next

    If you accepted any recommendations, confirm the creation of an impacted area by navigating to the Impacted areas tab. If you dismissed all recommendations or must add more impacted areas, you can manually add impacted areas. For more information, see Add impacted areas manually to a regulatory alert.