Using Regulatory Change Management

  • Release version: Australia
  • Updated June 11, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulatory Change Management

    Regulatory Change Management (RCM) in ServiceNow enables organizations to systematically track, assess, and respond to regulatory changes that impact their business. Using the classic environment or Workspace view (from version 18.1.2 onward), RCM managers and users can manage regulatory alerts, action tasks, and related issues efficiently. The application supports setting up internal taxonomies, monitoring regulatory updates, assessing impacts, and managing remediation plans to ensure compliance.

    Show full answer Show less

    Key Features

    • Role-based Management: RCM managers (sngrcregchange.manager role) and users (sngrcregchange.user role) collaborate to capture problems, assign tasks, and monitor regulatory changes and actions.
    • Playbook Configuration: Organizations can configure an RCM playbook that includes managing user entitlements, designating a regulatory team, and setting up internal taxonomies for categorizing regulatory content.
    • Regulatory Change Monitoring: Integration with providers like Thomson Reuters Regulatory Intelligence (TRRI) and LexisNexis, plus RSS subscriptions, enables real-time tracking of regulatory updates.
    • Impact and Gap Analysis: Business users and subject matter experts assess regulatory alerts, conduct risk assessments and gap analyses, and prioritize compliance gaps based on risk and impact.
    • Action Plan Development and Management: Create detailed remediation plans with responsibilities, timelines, and resource allocations. Action plans are reviewed and approved by RCM managers, with visibility for compliance and risk managers.
    • Communication and Training: Facilitate stakeholder communication, provide resources and training to ensure employees understand and comply with new regulatory requirements.
    • Progress Monitoring and Continuous Improvement: Track the implementation of action tasks, close regulatory alerts upon completion, conduct post-implementation reviews, and update the playbook based on lessons learned and stakeholder feedback.

    Benefits for ServiceNow Customers

    • Streamlines regulatory compliance workflows by consolidating monitoring, assessment, and remediation in a single platform.
    • Enhances collaboration across legal, audit, compliance, risk, and operational teams through clearly defined roles and responsibilities.
    • Improves regulatory risk management with structured impact assessments and prioritized gap remediation.
    • Facilitates timely communication and training to mitigate compliance risks associated with regulatory changes.
    • Provides audit-ready documentation and reports, supporting transparency and accountability throughout the compliance lifecycle.
    • Enables continuous process refinement by incorporating feedback and evolving regulatory requirements into the management playbook.

    You can use the classic environment to perform all Regulatory Change Management application activities.

    As an RCM manager with the sn_grc_reg_change.manager role, you can capture any problems or exceptions that are observed during the workflow by assigning regulatory alerts or creating an action task or issue that is related to the regulatory change tasks and source document tasks. You can also monitor the regulatory change tasks and action tasks.

    You can also use a setup checklist that can help you to get your base system ready for operation.

    Starting with version 18.1.2, all the new features and enhancements are available only in the Workspace view.

    Regulatory Change Management Playbook

    Configure a Regulatory Change Management RCM playbook for your organization or business by following this process:
    1. Manage your user entitlements, include the customers and providers that read and access the regulatory content, and establish a regulatory team:
      • Designate a team of subject matter experts, legal counsel, or compliance professionals that can track regulatory changes.
      • Include the representatives from legal, audit, compliance, risk management, and operational departments.
      • Include your customers and providers. You include the customers who subscribe to a public RSS feed for the regulatory bodies or a subscription provider, such as Thomson Reuters Regulatory Intelligence (TRRI). You also include the providers, such as Thomson Reuters Regulatory Intelligence (TRRI), that aggregate the regulatory changes from different sources and provide the collective changes as feeds.
      • Set up an internal taxonomy. The taxonomy elements are different classifiers that an organization can apply to its regulatory content to categorize it. You can use taxonomy elements to create a hierarchical structure of the different classifications for setting up the regulatory content for an organization.
    2. Monitor the regulatory changes:
      • Stay informed about the new and updated regulations that could affect your organization or business.
      • Subscribe to industry newsletters, updates for the regulatory bodies, and relevant legal databases that are made publicly available and accessible via RSS.
      • Integrate with regulatory intelligence providers such as Thomson Reuters or LexisNexis, to monitor changes in real time.
    3. Assess the impact:
      • Evaluate the implications of regulatory changes on your organization or business.
      • Analyze regulatory changes:
        1. If you have the sn_grc.business_user role (Business User), review the regulatory alerts and assign them to a user with the sn_grc_reg_change.user role (RCM user) for review. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.
        2. Review the new regulations and draft new requirements, policies, or control measures.
        3. Determine the scope of the impact on your various business units including the functions, departments, and processes.
    4. Conduct an impact assessment:
      1. Perform a risk assessment or gap analysis to evaluate the potential impact on the operations, finances, and compliance of your organization or business.
      2. Assess the impact of the regulatory change and send the impact assessment score to the Regulatory Change Management application. If the alert is not applicable, close the alert. If the alert is applicable, create a new regulatory change task and assign it to the same or a new coordinator.
      3. Engage stakeholders from affected departments to gather insights.
    5. Perform a gap analysis:
      1. Identify your current state. Assess your existing inventory of policies, citations, and controls in relation to the new regulations.
      2. Identify gaps. Compare the current state with the new regulatory requirements (draft, final rules, or enforcement actions) to identify any discrepancies.
      3. Prioritize gaps. Evaluate the significance (high, medium, or low) of each gap by the potential risk and impact to your organization or business.
      4. Develop a gap remediation plan. Create a plan to address the identified gaps, and specify the actions, timelines, and responsibilities for your organization or business.
    6. Document your findings:
      1. Prepare a detailed report that outlines the regulatory changes, their implications, and recommended actions.
      2. Report the regulatory findings, compliance deviations, or non-material outcomes that are due to the regulatory change.
    7. Manage the regulatory changes and strategies:
      • Implement strategies to address the regulatory changes.
      • Develop an implementation plan:
        1. Identify the steps to take to comply with the regulatory change, devise an action plan, and create the action tasks for different teams. After the action plan is created, send it to the RCM manager for approval and to confirm that all the action tasks are sufficient or if any aren't necessary.
        2. Create a clear action plan that details the actions required to comply with the new regulations. The action plans could be legal review, business change, policy updates, control revisions, or training.
        3. Define the timelines, resources or watch list teams, and responsibilities.
    8. Communicate changes:
      1. Inform all relevant stakeholders about the regulatory changes and the planned actions.
      2. Provide the training and resources to help employees understand and adapt to the new requirements.
    9. Update your policies and procedures:
      1. Revise your existing policies, procedures, or controls to align with the new regulations.
      2. Confirm that your documentation reflects the changes and is easily accessible.
    10. Monitor your implementation plan:
      1. Track the progress against the implementation plan.
      2. Address any challenges or issues that arise during the process.
    11. Review your plan and identify ways to keep improving it:
      • Evaluate how effective the regulatory change management process is and make improvements where needed.
      • Conduct post-implementation reviews:
        1. If the action plan is rejected, assign the same coordinators to go through the action plan, update the actual tasks, and send the action plan for an approval. All compliance-based action tasks are visible to the compliance manager and risk managers can see the Risk-based action tasks. After the tasks are assigned to the risk and compliance users, track the action tasks through completion. Select a due date and track the action tasks. After the actual tasks are completed, close the regulatory alert and the parent regulatory change tasks.
        2. Assess the effectiveness of the implemented changes and compliance status.
        3. Gather feedback from your stakeholders to identify the areas for improvement.
    12. Update the playbook:
      1. Revise the playbook based on the lessons learned and evolving usage guidelines.
      2. Incorporate the feedback to enhance the monitoring and management processes.