Exploring Regulatory Change Management

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Regulatory Change Management

    The Regulatory Change Management application provides a systematic approach for organizations to integrate with third-party regulatory intelligence providers, ensuring they stay updated on regulatory changes. It streamlines the assessment and implementation of risk and compliance changes related to these regulations.

    Show full answer Show less

    Key Features

    • Integration Component: Allows consumption of regulatory alerts from external partners into your ServiceNow instance.
    • Application Framework Component: Offers structured workflows for analyzing and processing regulatory alerts.
    • Regulatory Taxonomy Management: Create and map an internal regulatory taxonomy with external standards to ensure consistency.
    • Triage and Assess Impact: Analyze alerts to determine relevance and assess their impact using configurable methodologies.
    • Change Management: Implement necessary changes through actionable tasks, updating GRC objects and managing citations.
    • Reporting: Utilize reports and dashboards to monitor compliance status and maintain an audit trail.

    Key Outcomes

    By utilizing the Regulatory Change Management application, organizations can effectively manage regulatory changes, ensuring compliance with minimal disruption. The structured workflows enable timely assessments and implementation of changes, improving regulatory readiness and reducing compliance risks. Furthermore, the integration with AI capabilities supports faster decision-making and enhances operational efficiency in regulatory management.

    The Regulatory Change Management application provides a framework that your organization can use to integrate with third-party regulatory intelligence providers to keep up with the regulatory changes and external regulations.

    Regulatory Change Management overview

    The Regulatory Change Management application enables you to manage your upcoming regulatory changes efficiently. The application provides the structured workflows that help your organization to assess the applicability of the regulatory changes, assess their impact, and implement risk and compliance-related changes.

    The following infographic shows the process flow of the Regulatory Change Management application.

    Figure 1. Process flow of the Regulatory Change Management application
    Regulatory Change Management process flow.

    The Regulatory Change Management application works with the following types of components:

    • Integration component: The regulatory intelligence partners typically provide the integration component. Through this integration, you can consume regulatory alerts into your instance.
    • Application framework component: The Regulatory Change Management application has an application framework component. This component provides the structured workflows that you can use to analyze and process the regulatory alerts that are received in the regulatory alerts table.
    The Regulatory Change Management application consists of the following workflow:
    1. Manage regulatory taxonomy: Create an internal regulatory taxonomy that is specific to the ServiceNow AI Platform. You can map the taxonomy with the external taxonomies that are provided by the third-party regulatory intelligence providers for standardization. The internal taxonomy contains the following design elements:
      • Content Type
      • Jurisdiction
      • Regulatory Body
      • Sector
      • Theme

      You can create and map these elements with the external taxonomy during the setup process.

    2. Integrate for regulatory intelligence: Integrate with the third-party regulatory intelligence providers and consume the alerts into your instance at regular intervals. You can monitor regulatory data in a rapidly changing environment.
    3. Triage regulatory events: Analyze the regulatory alerts and identify the regulatory events that are relevant to your organization.
    4. Assess impact: Assess the impact of regulatory events by using configurable impact assessment methodologies.
    5. Manage changes: Identify changes that should be done. These changes are implemented through the following action tasks:
      • Update the underlying GRC objects, such as the policies, processes, risks, and controls in the regulatory library.
      • Update the existing citations or import the new citations from the providers in the regulatory library.
    6. View reports and dashboards: Assess the state of the regulatory compliance by using reports and dashboards. You can maintain an audit trail of the compliance activities.

    The following diagram shows the workflow of the Regulatory Change Management application.

    Figure 2. Workflow of the Regulatory Change Management application
    Regulatory Change Management workflow. For a text description, refer to the text that precedes this diagram.

    Key product innovations

    The following infographic shows the process for making innovations for the key products of the Regulatory Change Management application.

    Figure 3. Process for innovating key products
    Infographic that shows how to make key product innovations. A text description of the process follows.
    The steps to complete the Regulatory Change Management process flow to innovate key products are:
    1. Set up the integration. Your customers can subscribe to a public RSS feed for the regulatory bodies or a subscription provider such as Thomson Reuters Regulatory Intelligence (TRRI) that is a curated intelligence provider. A subscription provider can aggregate the regulatory changes from different sources and provide the collective changes as feeds.
    2. Set up an internal taxonomy. The taxonomy elements are different classifiers that an organization can apply to its regulatory content to categorize it. You can use the taxonomy elements to create a hierarchical structure of the different classifications for setting up the regulatory content for an organization.
    3. Review a regulatory alert. A user with the sn_grc_reg_change.manager role (RCM manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM user). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.

      A user with sn_grc_reg_change.user and sn_grc_comp_genai.reg_change_ai_user roles can generate AI-powered recommendations for a regulatory alert for the impacted citations, control objectives, and controls.

    4. Assess the impact. The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same coordinator or to a new coordinator.
    5. Devise an action plan. The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for the different teams that must complete the identified action items. The coordinator then creates the action tasks that are associated with the regulatory change task. After the action plan is created, it’s sent to the RCM manager for an approval. The manager reviews the action plan and confirms if more action tasks must be created or if some of the action tasks aren’t necessary.
    6. Complete the action tasks and send them for review to a user with the sn_grc_reg_change.manager role (RCM manager). If the action plan is rejected, the coordinator goes through the action plan, updates the actual tasks, and sends the action plan back for an approval. The compliance manager can see all compliance-based action tasks and the risk manager can see all risk-based action tasks. After the tasks are assigned to the risk and compliance users, the action tasks are tracked until they’re completed. A due date is marked and tracked for the action tasks. When the tasks are completed, the regulatory alert and the parent regulatory change tasks are closed and the change process flow is completed.

    A day in the life of a regulatory change manager

    A user with the sn_grc_reg_change.manager role (RCM manager) monitors, manages, decides, and verifies the regulatory changes on a daily basis.

    The following infographic depicts a typical day for a regulatory change management.

    Figure 4. Typical day of a regulatory change manager
    A user with the regulatory change manage role passes through various phases on a daily-basis.