Regulatory process flow and tasks

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulatory process flow and tasks

    The Regulatory Change Management (RCM) process flow in ServiceNow helps organizations effectively manage and comply with regulatory changes by coordinating tasks among various user roles. Regulatory alerts originate from external sources such as RSS feeds or providers like Thomson Reuters Regulatory Intelligence (TRRI). The RCM application processes these alerts and enables structured handling through defined roles and workflow steps.

    Show full answer Show less

    Key Features

    • User Roles: The application defines specific roles including RCM Administrator, RCM Manager, RCM User (Coordinator), Business User (Subject Matter Expert), and Risk or Compliance Managers. Each role has distinct responsibilities to ensure timely review, assessment, and action on regulatory changes.
    • Integration Setup: Organizations can subscribe to public RSS feeds or curated subscription providers to receive aggregated regulatory alerts.
    • Internal Taxonomy: Allows categorization and hierarchical classification of regulatory content to tailor the management process to organizational needs.
    • Regulatory Alert Review: Alerts are reviewed by RCM Managers and assigned to Coordinators for further assessment and impact evaluation by subject matter experts.
    • Impact Assessment: Business users assess the effect of regulatory changes and provide impact scoring to determine applicability and next steps.
    • Action Plan Creation and Approval: Coordinators devise compliance action plans and tasks, which are reviewed and approved by RCM Managers to ensure completeness and accuracy.
    • Task Completion and Tracking: Compliance and risk managers execute and monitor action tasks with due dates, ensuring all regulatory requirements are met before closing the case.
    • Smart Assessment Engine: Facilitates impact assessments directly at the alert level with collaborative input from multiple stakeholders, improving decision-making efficiency.

    Practical Outcomes for ServiceNow Customers

    • Streamlines the management of regulatory changes by automating alerts intake and task assignment.
    • Ensures compliance through structured workflows that assign responsibilities clearly among roles.
    • Enhances visibility and tracking of regulatory impact assessments and mitigation actions.
    • Improves collaboration across compliance, risk, and business teams with integrated assessment tools.
    • Supports audit readiness by documenting the entire regulatory change lifecycle from alert to closure.

    The Regulatory Change Management process flow includes the tasks that different users can perform to help your organization manage and comply with regulatory changes.

    Regulatory alerts are sourced from the external providers that provide the data as regulatory alerts. The alert may be received as Really Simple Syndication (RSS) feeds or from an external provider such as the Thomson Reuters Regulatory Intelligence (TRRI). The Regulatory Change Management application receives the new regulatory changes that are applicable to an organization.

    The Regulatory Change Management application has the following user roles:

    • RCM administrator: A user who has the sn_grc_reg_change.admin role.
    • RCM Manager: A user who has the sn_grc_reg_change.manager role.
    • RCM User or coordinator: A user who has the sn_grc_reg_change.use role. This user ensures that the regulatory changes are assigned to the correct teams and that the changes are completed in time.
    • Business user role: A user who has the sn_grc.business_user role.
    • Risk or Compliance manager: A user who has the sn_risk.manager or sn_compliance.manager role. This user would perform the changes as part of the Regulatory Change Management application.
    For more information about the roles, see User roles in Regulatory Change Management.

    The following infographic shows the Regulatory Change Management process flow.

    Figure 1. Regulatory Change Management process flow and tasks performed by different users
    Illustration of the RCM flow and tasks. For a description of the entire workflow, refer to the steps that follow.

    Regulatory Change Management process flow

    The steps to complete the Regulatory Change Management process flow are:

    1. Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or they can subscribe to a subscription provider such as TRRI that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
    2. Set up an internal taxonomy. The taxonomy elements are the different classifiers that an organization can apply to its regulatory content to categorize it. You can use taxonomy elements to create a hierarchical structure of different classifications for setting up the regulatory content for an organization.
    3. Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.
    4. Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same or a new coordinator.
    5. Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that need to complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks need to be created or if some of the action tasks aren’t necessary.
    6. Complete the action tasks. The compliance analyst sends the actions for approval to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all the risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they are completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.