Banks, long committed to keeping customer data private and their own code proprietary, are now opening up to fintechs and third-party developers in new ways.
Open-source projects are underway at Deutsche Bank, which made code from its Autobahn commercial banking software publicly available this fall, and at JPMorgan Chase, whose Quorum blockchain software is available in the open-source software repository GitHub.
As financial institutions experiment with new technologies, more are expected to adopt open-source software in place of commercial applications. Some may even explore open-source development themselves, as it offers access to a wider pool of developers who can not only work out bugs at no charge but write programs that will benefit bank customers.
The adoption of openness in all its forms is increasingly seen as a necessity in a digital world.
A global study by Accenture found that 99 of 100 payments executives at major banks said their bank intends to make large investments in open banking initiatives by 2020. Of those at North American banks, 63% believe that a move toward open banking is essential to compete with fintech startups and large technology firms, while 52% of all the executives surveyed said they would be forced to adopt open banking practices to keep up with other big banks, as a wave of digital transformation overtakes the industry as a whole.
Perhaps surprisingly, financial institutions are “viewing this opening up of the walls as an opportunity rather than a threat,” said Brett Goode, a managing director in the financial services practice at Accenture.
But something even more radical lies ahead.
This embrace of openness can — and, some experts say, should — go beyond peripheral tools and apps, to banks using open-source software for their core banking systems one day.
Tech providers can show the way, at least in part. While banks are still leery of open-source software, the tech industry has been relying on it for years. Open-source projects like Linux have succeeded by harnessing the creativity of lots of individuals across the globe.
“With Linux, people started writing code because they wanted to; they were not even paid to do this. It’s like a bunch of artists collecting outside a wall and starting to paint the wall because they want to show off their skills,” said Suresh Ramamurthi, chairman and chief technology officer of the tech-forward CBW Bank in Weir, Kan.
Linux continued to evolve through crowdsourcing, with others pointing out and resolving bugs in the code as they used the software. Instead of a single company having to pour money into research and development, followed by quality assurance, “you got the best of everything with open source,” Ramamurthi said. “You got the best guys who were motivated to write for the sake of writing, other guys who were using it for the sake of using it, and testing it in every possible crazy scenario that you can think of — and out comes a platform that you, as a large enterprise, can use.”
A gateway drug
Open APIs may be a gateway drug for banks to delve into open source. CBW Bank has a marketplace, YLabs.io, where developers can go to build banking apps using CBW’s APIs. More than 250 developers, including some from the largest U.S. banks, are using it, said Ramamurthi, who is an ex-Google engineer.
The next step, he said, will be the bank letting people publish their apps and algorithms in the marketplace for others to use. Some of those may be open source. “That allows us to bring open source into the bank” without taking undue risk, Ramamurthi said. “That’s the power of the sandbox.”
Other banks might find their own ways to ease into open source. They can’t rush the transition, especially when it comes to replacing their core systems, because “core systems are big, complex beasts with many facets,” said Robert Sears, global head of product for new digital businesses at BBVA Compass.
Still, some elements that “you might think of as ‘core’ ” can be handled using open-source software, said Sears. He cited message processing (via Apache Kafka), data analysis (via TensorFlow) and even the many databases that surround the transaction-processing core.
Julien Courbe, a financial services advisory leader at PwC, said he knows of fintechs that have developed core systems based on open-source technology, though he declined to share specific names. “We haven’t seen these systems being widely deployed yet,” said Courbe. “However, these could be in the future very good deposit systems or core systems for a mobile-only bank.”
Even if traditional banks choose not to undertake the Herculean task of restructuring their systems, insiders say that in the next few years open source will become more prevalent in areas like mobile app development. “The open-source phenomenon allows you to reach vast numbers of people at zero entry cost with great products,” Ramamurthi said. “Banks have to start thinking about how banking itself can be open-sourced.”
The advantages of open source
The chief advantages of open-source software are standardization and security, said Markus Geiss, the former technology chief of Mifos, an open-source software project aimed at financial inclusion.
The most successful open-source projects are those that manage to attract a huge community of developers, and that means over time the software stands a good chance of becoming an industry standard, as Linux has.
Having so many eyes on the code — not only those of active developers but of outside parties as well — means that flaws are spotted and fixed. Transparency begets security.
“Everybody can take a look at the code and see what’s happening. So there’s some built-in trust already there,” Geiss said.
Quote'When data systems are open to public review, there’s a higher bar of quality than what we’ve seen with closed systems,' said Waters. 'Closed systems tend to have significant attacks that go unnoticed for years.'
Alex Waters, a former bitcoin quality assurance engineer who has consulted for banks, said the enhanced scrutiny could help financial firms thwart cybercriminals. “Banks are the most targeted industry sector for hacking and phishing — more so than nation-states,” he said. “Generally speaking, open source will prove more secure for their banking activity.”
Though that is a controversial idea today, technology companies such as Facebook and Reddit “have open-sourced large portions of their applications, and it has helped a great deal with their security,” said Waters. “When data systems are open to public review, there’s a higher bar of quality than what we’ve seen with closed systems. Closed systems tend to have significant attacks that go unnoticed for years, and that’s a problem.”
Open source also could solve the need banks have for faster, more agile systems. “Modern banking products need high uptime and low response time, both of which can be directly addressed using open source,” said Sears.
Used in the right places, open-source software can be developed more quickly and with better features and reliability than commercial software, he said.
Ramamurthi pointed out that Linux is already being used as an operating system by some banks, having been smuggled in under the guise of a trusted application from a vendor like Red Hat. “There’s already open-source software in banking, only banks don’t know it,” he said.
‘A new solution’
Out of the 20 or so banking conferences Waters has attended in the past three years, he said he can’t remember open source ever being a topic. But even if most banks have yet to acknowledge the value of this approach to software development, the open-source community has already begun to penetrate the banking industry.
Fineract is an open-source core banking system being developed at the Apache Software Foundation. Originally focused on microfinance when it was started at the Grameen Foundation 10 years ago, Fineract has since evolved to offer checking, savings, lending and a general-ledger component, as well as income reporting functions and Know Your Customer tools.
Having graduated from the Apache incubator in April 2017, Fineract is in use at about 100 financial institutions across 37 countries, its software serving the needs of more than 7 million people. The list includes banks, such as BTPN Syariah, a sharia-compliant subsidiary of BTPN, a retail bank in Indonesia.
“My end goal is Deutsche Bank is using it,” joked Geiss, a member of Fineract’s project management committee.
Geiss joined Fineract in 2014 as a volunteer. He was attracted to it because, he said, there are 2 billion unbanked adults in the world who need basic financial services. “My real goal for Fineract is to get all of those 2 billion people banked,” he said.
None of the Fineract adopters are in the United States, and Geiss said that a large retail bank in the West today would not be able to use Fineract as it is, largely due to regulations. In less developed countries, which lack infrastructure, financial regulations are less daunting, he said. In Indonesia, Fineract is working with regulators to shape the law and the software.
Regulation also presents a barrier to open source in general. Swapping out a core system for open-source software would make U.S. regulators queasy, said Ramamurthi. “By definition, the deck is stacked against open-source core banking,” he said.
Geiss agreed, but perhaps because he lives overseas, he’s more optimistic about how the future might play out. “In five years, some of the big banks will use an open-source core banking system,” he predicted.
The main reason is that they feel “trapped” by their current core systems, unable to add features as quickly as they would like, he said. “They’ve now reached a point where this is not working anymore. They need a new solution.”
Mandate to change
Despite technical and regulatory obstacles and the financial industry’s traditional commitment to proprietary systems, banks that don’t embrace open source could be left behind.
Challenges are coming from unexpected directions. Proponents of bitcoin, which runs on open-source code, are “trying to open-source and decentralize banking,” Ramamurthi said.
In this new landscape, vendors that supply core banking systems might find it difficult to adopt a more open-source approach themselves. For open-source projects to work, they have to motivate people to write code, and coders want to work on the latest, most exciting technology, not put “a bunch of Band-Aids on something from 1990,” Ramamurthi said.
Asked how vendors will respond to the rise of open-source core banking, Geiss said, “Right now I don’t see any response. Seems a little bit like they’re simply ignoring it.”
He theorized that open source could put vendors out of business in the next decade. But pressed on the point, he said vendors also might enhance open-source core systems, build in specific functions, just as Red Hat has done with its enterprise Linux operating system, and thus offer technical support and system maintenance to big banks.
Falk Rieker, global head of SAP’s international banking unit, said he expects open source to evolve the way cloud technology did, with adoption by banks increasing over time.
But he said a hybrid approach, where open source complements enterprise standard software, is likeliest to emerge.
Asked whether major tech vendors would ever make their code open source, Rieker said, “Why not?”