Banks are increasingly turning to open source projects. Here’s why.
In October, Deutsche Bank made a surprising decision, making more than 150,000 lines of code from its Autobahn commercial banking software publicly available in the hopes that others would write compatible programs for its clients.
It was an astonishing first foray into so-called open source development, but it’s not the only prominent bank to take the plunge. JPMorgan Chase’s Quorum blockchain software is available in the open source software repository GitHub and other institutions are following suit.
To draw on the wisdom of peers
Two years ago, when JPMorgan Chase was looking at blockchain software offerings, it concluded that none of them met the bank’s business requirements. Chase did not want anonymous participants and visible transactions, like the bitcoin blockchain, but confidential transactions and information. And it needed to meet a slew of regulatory and security needs.
“This is where the industry is incentivized to get involved in building platforms collaboratively, because we understand our own business requirements,” said Amber Baldet, who leads JPMorgan Chase’s Blockchain Center of Excellence and spoke at the Open Source Strategy Forum last week, which was hosted by the Symphony Software Foundation. The people who understand a bank’s day-to-day business problems work in the financial services industry, she said.
Baldet’s team chose the open source Ethereum project and applied it to its own version of the software called Quorum, intended for enterprises with needs similar to the bank. It’s still open source and has been used by companies like Pfizer and Genentech for their own purposes.
To access a developer pool beyond employees
When Baldet first pitched JPMorgan Chase executives on having an open source project on GitHub, “they were really enamored of this idea of free labor,” she said. “The more developers you can get to contribute, the more free resources you have.”
But more important is the type of people who are drawn to open source projects, she said.
“When you're talking about something like blockchain, you might get people who don't necessarily want to work full time in a bank,” Baldet said. “You might get people who want to burn the bank infrastructure to the ground. They happen to be the best subject-matter experts on how to build a blockchain right now.”
Jim Jagielski, senior director and senior distinguished engineer in the Tech Fellows Program at Capital One and co-founder of the Apache Foundation, agreed that open source involvement can help attract top developer talent.
“Really good talent is expensive and hard to find, especially in banks,” he said. “Engineers worth their salt don't want to work for a stodgy old bank where they don't even have access to GitHub. They want to work for a cool place, like Apple, Netflix, or Lyft.”
To create less buggy software
The weakest points of most software programs are the flaws or bugs that can be exploited by hackers and cybercriminals. Recent case in point: the —$300 million worth of Ether locked in Parity digital wallets because a coder was able to poke around in Parity’s digital wallet and kill a smart contract, thus freezing all wallets that smart contract governed. The Equifax breach is another example: a weakness in an open source software package called Apache Struts allowed hackers to steal millions of sets of consumer data. (A patch was available for the Apache software, but Equifax didn’t apply it.)
Some bankers see promise in an open source community’s ability to fix bugs.
“We want to get to open source as quickly as possible, to start to unlock tools you can use to test software you’re developing in open source — things that won't save us a dime from a human perspective but will make our software better,” said John Stecher, managing director, group head of open innovation and Rise at Barclays. (Rise is the fintech co-working space Barclays runs in seven cities.) “If we pick up developers on the outside world that start to contribute bug fixes, we then benefit from the economies of scale of doing open source development.”
This can be a tough sell inside a firm due to legal and regulatory constraints, he acknowledged.
“It's a long process, it takes time, but there is a big payout at the end because you slowly start to get higher-quality software at the end of the day,” Stecher said.
To not duplicate work being done elsewhere
All banks have software utilities, like Outlook plugins, that do the same thing, Stecher said.
Barclays would like to start putting such programs that don’t provide competitive advantage in open source.
“It's not going to be a wholesale dump of intellectual property out there,” he said. “But partnering with a few banks and collaborating on an Outlook plugin.”
Deutsche Bank is putting its commercial banking software into the public domain so that trading applications from different providers can use it as a shared foundation and work with each other. The code will also be integrated into the Symphony collaboration platform.
“I think Deutsche did an awesome job taking Autobahn and putting a big chunk of that into the open source community,” Stecher said. “We're going to be slower doing that but we want to get there.”
To implement best practices
Capital One does what it calls “innersourcing” — running internal projects as if they were open source projects.
“Successful open source projects have a secret sauce: the way they inspire collaboration, the way they force consensus building, the way they're able to create software projects and products that are incredibly useful, incredibly reliable, with reduced risk and high security,” Jagielski said. “That's something we want to bring in-house. We want to gain some of those advantages.”
In open source projects, there is no well-defined road map, no core team of people who have ultimate control of everything, Jagielski said.
“Most of the developers are geographically diverse, they’re not in the same time zones, there are no face to face meetings — all these things, when you look at historical traditional ways of developing software, may not seem viable,” he said. But many successful projects, including Hadoop and Spark, came of such methods.
For one thing, innovation comes from engaged developers, Jagielski said.
“It's good to be salaried, but if you can provide a mechanism for really good software developers to work on other things that pique their interest, you're going to gain the benefit of that,” he said. “That's how innersource works because that's how open source works: people are personally invested in the software projects.”
One core value of innersourcing and open source that Capital One is trying to deploy is meritocracy: that a person’s value to a team is not based on who they are or their position in company but what they provide to the team itself.
“That provides incentive for team members to do more and outside team members to contribute back,” Jagielski said.
Projects sometimes have what he calls “a benevolent dictator for life — a person responsible for focusing and herding the cats.” For instance, if a discussion in Slack is going all over the place, the benevolent dictator would be responsible for getting people back on point.
“It's not anarchy, you want to provide some structure,” Jagielski said. “But they try to make it as minimal as possible, as low friction as possible.”
Editor at Large Penny Crosman welcomes feedback at firstname.lastname@example.org.