1. periodic review by EHS and stewardship
2. on mailing lists for upcoming regulatory changes
3. periodic audits for this built into internal audit system
4. Pitch the silly customer survey and go back to making products
One could be paying bribes, right and left, violating anti-corruption laws and permits would still be there.
This question, which I believe is coming from the IATF 16949:2016 document, is another nonsensical request. Lawyers gone wild pretending that, by asking your supply chain about their regulatory compliance efforts, would minimize their (the customer) liability exposure.
There is NO WAY an organization can answer this question truthfully. But we can all pretend.
Try this line of thought: where does the buck stops when it comes to regulatory compliance? The right answer is: the organization leadership. So, have THEM answering this question.
A legal register is a good place to start.
Ultimately mainstream standards, such as 9001, 14001 and 27001 require an organisation to demonstrate that they meet legislative and regulatory requirements. (ISO27001 has a specific requirement for a legal register)
To manage this we have created a legal register that details what laws are applicable to our organisation, what we are expected to do, to comply with the legislation,
Policies and procedures link into the legislation and regulations so that they can be reviewed in the event of a change in law, meaning that our folks don't need to worry about a lot of the legal stuff.
We then monitor for changes in laws and regulations (in the UK the government provide an RSS feed that updates all new laws on a daily basis that can be used o monitor and implement changes where required).
Internal audits confirm the effectiveness of the policies and processes that are used to provide the services to clients.
Our certification body auditors regularly ask to see how we are dealing with this and the legal register performs this function without any concerns.
Note of caution, as stated by some other posters, there are a huge number of laws and regulations that can and do apply to an organisation so it is unlikely that on day one you will have them all covered, but as with all things the system will be there and a good continuous improvement program will see the rest follow.