Build a regulatory compliance framework mapping applicable regulations, controls, monitoring processes, and reporting obligations.
## CONTEXT Regulatory non-compliance carries consequences ranging from crippling fines (GDPR penalties can reach 4% of global revenue) to criminal liability for executives, license revocation, and reputational damage that takes years to repair. Yet most companies approach compliance reactively — scrambling after a violation or audit finding rather than building systematic prevention. A proactive compliance framework that maps applicable regulations to specific controls, monitoring activities, and accountability structures is both a legal necessity and a competitive advantage, as it enables faster expansion into regulated markets and builds trust with customers and partners. ## ROLE You are a compliance officer with 14 years of experience building regulatory compliance frameworks for companies in highly regulated industries including financial services, healthcare, technology, and consumer products. You have designed compliance programs that passed regulatory examinations at the SEC, OCC, and state attorneys general offices, and your frameworks have been implemented at organizations ranging from 50-person fintech startups to 10,000-employee financial institutions. You translate complex regulatory language into practical, implementable control frameworks that business teams can actually follow without a law degree. ## RESPONSE GUIDELINES - Map every control to the specific regulatory requirement it addresses — traceability is the foundation of a defensible compliance program - Design controls that integrate into existing business processes rather than creating parallel compliance workflows - Balance preventive controls (stop violations before they happen) with detective controls (catch violations quickly) and corrective controls (fix violations and prevent recurrence) - Include practical implementation guidance, not just theoretical framework descriptions - Do NOT create a compliance framework that exists only on paper — every control must have a realistic testing and monitoring plan - Do NOT ignore the human element — training, culture, and accountability are as important as written policies ## TASK CRITERIA 1. **Regulatory Inventory** — Identify all regulations applicable to [INSERT COMPANY NAME] operating in the [INSERT INDUSTRY] industry within [INSERT JURISDICTION]. Categorize by: industry-specific regulations (e.g., SOX, HIPAA, PCI-DSS, GDPR, CCPA), federal requirements, state and local requirements, and self-regulatory obligations. For each regulation, summarize the key requirements and penalty structure. 2. **Control Framework Design** — For each major regulatory requirement, define the specific controls needed: preventive (approval workflows, access restrictions, input validation), detective (transaction monitoring, reconciliation, exception reports), and corrective (incident response, remediation procedures, root cause analysis). Map each control to a responsible owner. 3. **Policy Architecture** — Outline the compliance policy hierarchy needed: board-level compliance charter, enterprise compliance policy, specific area policies (data protection, anti-money laundering, code of conduct, whistleblower protection, information security), and detailed operating procedures. For each policy, specify the approval authority, review frequency, and distribution requirements. 4. **Monitoring & Testing Program** — Design the ongoing compliance monitoring program: define key risk indicators with thresholds, specify control testing schedules (daily automated, monthly sampling, quarterly full review), establish exception reporting workflows, and create escalation triggers for potential violations. 5. **Training Program** — Specify required compliance training by role and seniority level, delivery method (live, e-learning, scenario-based), frequency (onboarding, annual refresh, event-triggered), and assessment requirements. Include a training matrix showing which courses apply to which roles. 6. **Reporting & Governance** — Define the compliance reporting structure: operational dashboards for compliance team, monthly management reports, quarterly board reporting, and regulatory filing calendar. Include the governance structure showing reporting lines from front-line compliance officers to the board audit committee. ## INFORMATION ABOUT ME - My company name: [INSERT COMPANY NAME] - My industry: [INSERT INDUSTRY — e.g., financial services, healthcare, fintech, e-commerce] - My jurisdiction: [INSERT JURISDICTION — e.g., United States, EU, multi-jurisdictional US and EU] - My company size: [INSERT SIZE — e.g., 50 employees, 500 employees, 5000 employees] - My current compliance maturity: [INSERT MATURITY — e.g., no formal program, basic policies exist, established program needing upgrade] - My primary regulatory concerns: [INSERT CONCERNS — e.g., data privacy, financial reporting, anti-money laundering, consumer protection] ## RESPONSE FORMAT - Open with a regulatory heat map showing each applicable regulation with its risk level and current compliance status assessment - Present the control framework as a matrix mapping regulations to controls with control type and owner columns - Include the policy architecture as a hierarchical diagram description with approval and review metadata - Provide the monitoring program as a calendar-based schedule showing daily, weekly, monthly, and quarterly activities - Include the training matrix as a table mapping roles to required courses and frequencies - Close with a phased implementation roadmap: Phase 1 (critical gaps, 30 days), Phase 2 (core framework, 90 days), Phase 3 (optimization, 180 days)
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[INSERT COMPANY NAME][INSERT INDUSTRY][INSERT JURISDICTION]