Editor's note: An altered, longer version of this article will be published later this month on the Bain & Co. website.

How can banks better manage one of the costliest and most troublesome activities – complying with regulations? Increasingly, banks may benefit from working with "regtech" firms.

Consumer financial services products are being transformed by the fintech revolution, but automation, data innovation and other technological efficiencies can also benefit banks' efforts to comply with a growing regulatory burden and improve their internal governance controls.

Given the high stakes, however, banks should gain a better understanding of their regtech options and make a careful assessment of which high-priority objectives they are trying to accomplish in partnering with a regtech firm. They will need to bring regulators into the conversation before committing to such a partnership. And they must ensure that combining third-party technology and services with their internal processes does not create more system complexity.

Bain & Co. has identified more than 80 emerging regtechs. The rise of these firms should be welcome. Banks have been reducing their cost base for several years now. Many of the efficiency gains, however, have been offset by resources required to meet expanded regulatory requirements and to settle fines. We estimate that governance, risk and compliance (GRC) costs account for 15% to 20% of the total "run the bank" cost base of most major banks. GRC demand drives roughly 40% of costs for "change the bank" projects underway.

Banks have struggled to devise a robust and efficient approach to compliance by using their own legacy systems and GRC organization. Typically, the required data resides in different bank systems and is hard to extract in the appropriate structure or level of quality because that requires modern technology. For example, implementing online customer onboarding (which triggers know-your-customer regulations) through legacy systems can take two years at a cost of more than $10 million at some major banks, versus three months at $300,000 if handled through a regtech specialist.

Borrowing a biological metaphor, regtechs can provide brains, guts and backbone to improve GRC processes in a number of ways.

The regtechs' "brains" advantage stems from their expertise in extracting and structuring data, mixing it with unstructured sources and devising algorithms to derive insights. These firms extract and integrate data from banks' proprietary systems, third-party data providers and public sources. They design algorithms to crunch the data in automated, scalable ways. And they use machine learning to continuously improve the quality, precision and reliability of the insights that emerge.

Regtechs also provide the "guts," or processes for smart, standard-setting governance and control. By pursuing straigh-through processing and looking for ways to automate and simplify processes, they can reduce costs and pick up the pace of GRC.One way that regtechs can provide the "backbone" is through use of the cloud to provide solutions remotely and to manage and back up data. Banks pay only for the data they use, making it easy to add or remove service features. Another way is through standardized interface layers that allow data to flow in real time and help integrate third-party data network partners and solution providers.

Regtechs are providing tools to manage areas ranging from consumer protection to market conduct. The most advanced solutions provided by regtechs deal with know-your-customer efforts. For KYC, firms such as Clarient Entity Hub, Fenergo and kyc.com identify clients and counterparties during onboarding and recurring interactions. These vendors use highly standardized data structures, harness the bank's proprietary client data and match it against public information such as credit and criminal databases, commercial registers and social media in order to score clients with an advanced rule engine and ultimately file the client profile.

Emerging KYC utilities address inefficiency by splitting costs among many institutions and profiling a single customer once on behalf of all banks. At the same time, their approach could improve the customer experience. Bain's interviews with corporate customers reveal widespread frustration with banks' unclear KYC-related requirements, limited reuse of existing data, piecemeal requests for documentation and weeks-long delays for access after customers have requested an account. Half to three-quarters of onboarding requests never reach the final stage of account opening, our research found, which wastes time and effort and causes occasional embarrassment with customers.

Banks' partnership with regtechs will be significantly shaped by regulators, in the form of GRC standards and approval of proposed solutions. In parallel with their discussions with regulators, banks should also assess the following:

  • The cost of regulatory compliance over the next three to five years.
  • The level of functionality, complexity and efficiency of current technology, systems and data as the new requirements kick in.
  • Which regtechs could add value to the bank's technology and capabilities to close identified gaps or provide the best solutions.
  • And the best options for deploying regtech solutions, whether through a proprietary, hosted or cloud-based single-vendor solution or a partnership or joint venture.

Matthias Memminger is a partner with Bain & Co.'s financial services practice. Mike Baxter leads the practice in the Americas. Edmund Lin is the global leader of the practice. They are based, respectively, in Frankfurt, New York and Singapore.