regulatory-change-management

Decomposes a discrete piece of net-new regulatory rule text into atomic obligations. Input is a named regulator-issued instrument: a Federal Register final rule or adopting release, a CFR codified section, an OCC bulletin, an FRB SR letter, an FDIC FIL, a CFPB circular or bulletin, an NCUA letter to credit unions, an NYDFS industry letter, an EU regulation or implementing technical standard, an FCA handbook chapter, a NAIC model law, a FinCEN advisory, or a published consent order whose remediation requirements the firm should also satisfy. Output is the atomic obligation list as a draft register: each row pinned to a paragraph or subsection, naming the action verb, the party obligated, the condition, the deadline, the exception, and the related obligations. Firm-agnostic and portable across firms; firm-side mapping happens in the next step. Best for: - A new final rule or adopting release has just published in the Federal Register and the firm needs the atomic obligation list before the regulatory-change committee meets. - A supervisory letter, FIL, OCC bulletin, CFPB circular, or NYDFS industry letter has landed and the obligation deltas need extracting against the prior cycle. - A published consent order describes remediation steps the firm should treat as obligations even though the firm is not the named defendant. - An EU regulation or technical standard has entered into force and the firm needs the article-by-article obligation list before the implementation committee scopes work. Not the right tool when: - The source is a firm policy, vendor contract, exam-request list, board minute, or any document other than a regulator-issued rule or guidance instrument; use `risk-compliance-core/obligation-mapping` (it consumes any source and overlays firm context). - The output needed is firm-specific control objectives, named control owners, evidence systems-of-record, and policy mapping; that is `risk-compliance-core/obligation-mapping`. This skill stops at the regulator-side obligation; the next skill in the chain overlays firm context. - Firm impact has not been scoped yet and the question is whether the rule applies at all; run `regulatory-impact-assessment` first. - The question is the delta between the firm's existing policy text and the new rule; run `policy-diff` after this skill produces the obligation list. - The work is sequencing remediation milestones across functions; run `implementation-plan` after this skill.

Drafts the engagement playbook a regulatory affairs lead, head of compliance, head of legal, or CRO chief of staff runs during a live regulator engagement. Generic across regulator type and product line. Captures the scope confirmation in writing, the named single-point-of-contact map by topic, the document-handling and privilege posture, the request-list mapping, the interview-prep posture, the supervisory-history that the engagement inherits (open MRA, MRIA, consent-order milestones, self-identified issues), the anticipated reviewer questions tied to current supervisory priorities, the exit-meeting and supervisory-letter response posture, and the post-exam follow-up. The substantive readiness sprint sits in sector-specific exam-readiness skills; this is the engagement-side scaffolding that runs during the exam window. Best for: - An exam window has opened (any regulator, any product line) and the regulatory affairs lead needs the engagement playbook before fieldwork begins. - A supervisory-letter response or consent-order milestone is in flight and the response posture needs a written engagement record. - A targeted, limited-scope, horizontal, or for-cause review where the generic engagement shape is the operative scaffolding and a sector-specific readiness package is too heavy. - A pre-exam mock or self-assessment exercise where the deliverable should look like the real engagement playbook. Not the right tool when: - The engagement is a full-scope OCC, FRB, or FDIC bank examination at an institution carrying the Heightened Standards. Use `sector-plugins/banking-risk-compliance/banking-supervision-readiness` for the substantive readiness sprint; that skill carries OCC, FRB, and FDIC supervisory framework, capital, liquidity, BSA/AML examination-manual, fair-lending, and CRA scaffolding. The generic exam-brief can still run as a sub-package for an engagement-side slice. - The engagement is an SEC investment-adviser or asset-manager exam. Use `sector-plugins/capital-markets-asset-management-compliance/adviser-exam-readiness`; that skill carries IAA Rule 206(4)-7, custody rule, marketing rule, books-and-records, and Form ADV scaffolding. The generic exam-brief can still cover, for example, a cyber-only slice within a broader adviser exam. - The job is to extract obligations from a published rule (use `rule-to-obligation-extraction`) or to sequence remediation milestones (use `implementation-plan`). - The job is impact assessment of a proposed rule, not engagement with a regulator on an existing rule (use `regulatory-impact-assessment`).

Sequences a regulatory remediation into the workplan a regulatory-change PMO, head of compliance, transformation lead, or business sponsor runs to a mandatory compliance date. Takes an obligation list (from rule-to-obligation-extraction), a policy diff (from policy-diff), and any control-gap output, and produces workstreams, milestones with dependencies, owners by role, evidence-based acceptance criteria, governance cadence (working group, steering, executive, board), implementation risks, resource asks, regulator-readiness checkpoints, and the BAU handoff. Sized for a regulatory-change committee or PMO and structured for tracking against a mandatory compliance date or supervisory-letter deadline. Generic across regulator type and trigger; sector and cross-cutting overlays load from the scope. Best for: - A new final rule has effective dates approaching and the firm needs a sequenced, owner-assigned plan with governance cadence and evidence criteria. - A supervisory letter, MRA, MRIA, or consent order requires a remediation plan with named workstreams, milestones, owners, monitor or independent-consultant integration, and reporting cadence. - A regulatory-change programme needs a refresh after a transition-period change, a regulator FAQ update, or a litigation-driven shift in the effective date. - A self-identified issue or audit finding warrants a programme-level plan with second-line oversight rather than an issue-management ticket. Not the right tool when: - Obligations have not been extracted yet. Use `rule-to-obligation-extraction` first; this skill takes its output as input. - Policy gaps have not been identified. Use `policy-diff` to surface the gaps; combine with control-gap output from compliance-testing where available. - The artifact is for an active examination engagement. Use `exam-brief` for the engagement-side scaffolding; this skill chains downstream from exam-brief when an MRA, MRIA, or supervisory letter is issued. - The objective is to assess whether the firm should comply at all. That is a legal determination and is out of scope for the second line. - The trigger is a single low-risk issue suited to the routine issue-management lifecycle (use `risk-compliance-core/skills/issue-writeup`); this skill is for programme-level remediation.

Compares two versions of a firm policy (or a proposed policy edit against the current approved version) and produces a section-by-section change log with materiality flags, downstream impact, approver routing, and effective date. One row per change. Each row carries the diff (added, removed, reworded, restructured), the section path, the substantive delta, the materiality call, and the downstream consequences (training refresh, control revision, system change, communication, attestation re-up). Used by policy owners during the annual review cycle, by compliance running a redline against an MRA-driven amendment, and by change-management standing up the rollout package after the policy committee approves. Best for: - Annual or scheduled policy review where the second line needs the version-over-version delta before recertification. - Proposed policy amendment where compliance, legal, or the policy owner needs the change log and downstream impacts before the policy committee meets. - Post-MRA or post-issue policy revision where the firm needs to show the regulator exactly what moved between the prior approved version and the remediated version. - Pre-approval review of a draft policy against the live approved version where the question is what changed, what it touches, and who needs to know. Not the right tool when: - The work is comparing a single policy version against external regulatory obligations (use `risk-compliance-core/policy-gap-review`; that skill is policy vs obligation, this skill is policy version A vs version B). - The work is parsing a new rule into atomic obligations before any policy work begins (use `regulatory-change-management/rule-to-obligation-extraction`). - The work is sequencing remediation across business units after the policy is approved (use `regulatory-change-management/implementation-plan`). - The trigger is drafting a new policy from scratch (route to the policy owner; this skill diffs, it does not draft).

Drafts a second-line impact assessment for a published rule, supervisory letter, FIL, circular, bulletin, industry letter, adopting release, advisory, supervisory speech, or enforcement theme. Carries two lenses in one artifact: an implementation lens (in-scope determination, obligation domains hit, policy and control impact, reporting and disclosure impact, technology and data impact, third-party impact, customer impact, cost-to-comply read, effective-date posture, transition relief) and a regulatory-strategy lens (firm position, regulator-engagement posture, comment-period posture if any, public consultation posture, peer-and-industry alignment, escalation triggers). Audience is regulatory affairs, head of compliance, head of legal, CRO chief of staff, and the head of business affected. Drafts only; attestation external. Best for: - A new final rule, supervisory letter, FIL, circular, bulletin, or industry letter has been published and the regulatory-change function needs a firm-impact and strategic-posture read before the issue is logged in the inventory. - A proposed rule is in comment period and the firm needs an impact read to support a comment-letter decision and the workplan that runs if the rule finalises. - A supervisory priorities letter, regulator speech, or interagency statement has shifted examiner posture and the firm needs to assess where current state may not hold up. - An enforcement action or consent order names a peer institution and the firm needs a fast read on whether the same theme applies and what the strategy posture should be. Not the right tool when: - The rule text has already been parsed and the next step is decomposing the rule into discrete obligations (use rule-to-obligation-extraction). - Firm policy text is already drafted and the question is whether it covers the rule (use policy-diff). - Gaps are already documented and the next step is sequencing the remediation (use implementation-plan). - The engagement is a live exam window and the artifact needed is the engagement playbook (use exam-brief).