Finding a regulatory change management solution can be tricky, as there are several vendors who claim to automate processes with AI. However, it’s very important to separate facts from fluff. We recently spoke with a large U.S. bank who was frustrated with their vendor’s capabilities. They were assured the solution was robust and powered by AI – only to discover that the “automation” was in fact relying on people who were manually processing regulatory documents, causing them to fall short on delivering their promises during the sales process.
The fact is, most regulatory intelligence vendors use repurposed horizon scanning tools to power their change management features. And, because horizon scanning tools rely on regulatory documents, they’re unable to deliver true change management automation. Instead, they simply identify new or updated regulatory documents containing regulatory changes and drop them on the customer’s “doorstep” – period. The hard part of regulatory change management is left to the customer to figure out manually.
What good is a change management tool if you still have to do most of the work?
AscentAI believes proper change management requires the ability to automatically extract and operationalize the granular obligations embedded in regulatory text, which enables you to:
- Identify and catalog all obligations and their supporting information as a data object, versioned over time, that build on each other and enable you to “look back” at previous versions
- Automatically determine if an obligation change is relevant to your business, eliminating the need to manually assess applicability – a huge time saver, as unrelated “noise” is filtered out
- View side-by-side, highlighted comparisons (redlines) of old vs. new text to see the exact changes
- Access automated summaries of each regulatory change for fast understanding of what’s new
- Connect downstream policies and controls within a GRC to obligations, with automatic alerts to notify users when an updated obligation changes
- Access change logs to provide defensible proof of compliance during audits and exams
Website product descriptions for regulatory change management vendors make impressive promises about delivering “obligations.” However, beware when they don’t explain how they do so. Omission of “how” is a warning that many aspects of change management may remain manual, time-consuming, and most importantly, the customer’s responsibility!
BJ Sanford, a US-based bank regulatory lawyer who previously oversaw the regulatory obligation data practice for IBM, acknowledges AscentAI as “the only product in this category that approached managing [regulatory] data the way we [as subject matter experts] thought about it.”
Sandford continues, “In the past couple of years with the new generation of AI, companies that entered this space would start with the easiest business problem, which was regulatory change monitoring technologically [horizon scanning]. The problem is that by itself, there’s no way to make those [horizon scanning] regulatory change feeds useful by applying taxonomies or using AI to classify them.”
It’s all about the obligation
The regulatory obligation defines what your organization must do to remain compliant. Vendors in the regulatory intelligence space claim to deliver “obligations,” but many just deliver the documents that have obligations buried within them—and it’s up to you to extract them and assess them for applicability.
If a vendor’s regulatory data strategy is document-based, the customer must manually identify the obligations within the document text, and then gauge their applicability to the organization, and the impact on downstream policies and controls. Again, what good is a change management tool if you still have to do most of the work? “AscentAI swam against the [main]stream from the beginning,” says Sanford, “by starting with the problem of the regulatory obligations inventory.”
AscentAI’s data strategy is NOT document-based; it is obligation-based
With AscentAI, your onboarding process involves a forensic examination of your business and current obligations against applicable regulations, creating a rock-solid obligations register composed of obligation data objects. It’s a single, enterprise-wide source of regulatory truth.
Any new rule or rule change is automatically analyzed by our AI in the context of your bespoke obligations register, providing you with automatic applicability assessment capabilities. No more reading, no more analysis, no more wasted effort, no more spreadsheets. AscentAI does all the heavy lifting for you, providing fully processed and enriched obligation information specific to your business that’s ready for action.
For competitors using a document-based approach, each regulatory change is a discreet, singular event, meaning that all the vetting that occurred in the previous version must be repeated again and again. That wastes your time and your money. And it is not “change management automation.” Repurposed horizon scanning tools cannot automatically deliver fully processed, actionable information. AscentAI can.
“Once you have the regulatory obligations problem solved,” observes Sanford, “then providing a valuable regulatory change management feed and regulatory tracking is much easier, and it becomes much more valuable to the customer.”
The Cost of Believing the Hype
Before you make the significant investment in a horizon-scanning based regulatory change management solution with assumptions of game-changing automation, ask a few questions:
- Do you help us define our Regulatory Map and Obligations Inventory? Or is that up to us to figure out?
- Does your change management solution automatically do the following:
- Extract relevant obligations from any new rule—automatically
- Determine if a rule change is relevant in context of your obligations inventory.
- Provide side-by-side, highlighted comparisons of old vs. new text
- Deliver automated summaries of each regulatory change
- Alert designated owners that an obligation update impacts their area of responsibility
- Identify policies and controls within a GRC impacted by obligation updates and alerting owners
- Compile change logs to provide defensible proof of compliance during audits and exams
Regulatory change management is a challenge half measures cannot solve. Don’t be fooled by overpromises and under-delivery. Ensure your investment in a regulatory intelligence solution automates the full regulatory lifecycle, from monitoring regulators and capturing updates, to identifying and isolating your specific obligations, to seamless integration with your GRC.
Want to learn more?
- Access our 1 page regulatory change management self-assessment to see how you rate
- Check out our eBook “The AscentAI Difference” to dig deeper into our obligations-based approach
- Contact Us to answer any questions or set up a conversation
