Open-Source in Banking: Rob Moffat from FINOS Talks Barriers, Benefits, and Pushing the Battleship to Adoption
The financial sector is at an inflexion point. Financial services and banks have long been consumers of open source. Now, they're starting to dip their toes into the contribution side of open source as well.
We spoke to Rob Moffat, a Technical Architect for FINOS, who shared his thoughts on the ways banks are changing their adoption of open source. FINOS is a software foundation that’s part of the Linux Foundation. They’re championing the use and adoption of open source in finance.
This article summarises Rob’s thoughts. The full interview is available on the Craft of Open Source Podcast here.
The Barriers to Open Source for Banks
It's like pushing a battleship, but over time you can see things starting to change. Every year, more and more companies join FINOS and more and more teams are pushing forwards with open-source.
The financial sector is synonymous with long cycles and slower adoption of new tech, though. Some firms are further along the path, but there’s a long way to go before open source is ingrained in the culture of financial services.
The culture of financial services
An attitude shift has to happen before change can pick up pace.
At the moment, a lot of people are using things like FDC3 behind firewalls and aren’t able to contribute back. They're not even able to engage with GitHub issues. Policies and restrictions block people from being able to embrace open source in their work.
We want to get to that point where everyone's allowed to contribute. There's a long path ahead before most teams can make contributions and truly adopt open source.
Different team outlooks
There are so many different concerns and opinions within each bank. Sometimes an entire group will be set against open source. Other times, one individual might be dead against it in some ways and for it in others.
For example, a security expert might enjoy contributing to open source, yet also see it as risky for introducing another potential way to lose control of data.
Compliance and risk-aversion
These elements of financial services don't lend themselves to open-source contributions in banking.
Banks have so many different regulations. The policies are well-meaning—and people are trying to adhere to those policies—but almost by accident, they’re stopping open-source contributions.
Why are Banks Adopting Open Source?
In the face of these barriers, teams are still moving forward slowly with open source. Here are some of the reasons why:
Risk mitigation
Risk-aversion can be a blocker for open source, but it’s also pushing people to support open source now. Banks are looking at the dependencies they have, identifying the vulnerable dependencies, and finding out which are maintained by one guy in Nebraska versus those that are part of the Apache Foundation or the Linux Foundation. This lets them analyze whether there is a threat to them through those particular dependencies.
This then becomes an argument for open source. If you can make people at the board level aware of the risks, you can start to say: “We have a dependency risk issue here. These are some of the threats that we have to figure out. We should be investing in open source and we should be adding maintainers to these projects to keep track of these things.”
It makes sense to have developers in the bank to help maintain the code and keep it up to date. This way, the code is there in the future when they need it rather than it getting abandoned. Then they won’t be flailing around, looking for something to replace it, and reworking all of their systems.
Technical debt
Engineers can't fork an entire code base every time you want to change something in open-source code. This can seem like a way to mitigate risk and keep control of your codebase, but then you have to maintain all the forks. Every time the upstream changes, you have to update the versions and you're in a massive maintenance hell.
Strategy
Major companies like Google are adopting open source as a strategic investment. If someone comes along with a vital open-source piece of software and changes the banking industry and you don’t have a way for your teams to do open-source, you can’t get on the ship and help steer. You're stuck as a passenger.
This is a strategically compromised position. It’s beneficial to start adopting and contributing to open source now.
Staffing and hiring
If teams find a critical open-source project that they want to use, they will naturally want to hire someone to come into the company to handle the project for them. If the company isn’t set up to allow open source, that new staff member won’t be able to engage with the project they write. They’ll either leave or the project's going to die.
Again, this is a strategically compromised position. Banking execs have to start allowing their teams to contribute.
The Paths to Open Source for Banks
Unlocking open source mainly happens in one of two ways:
- Trial projects - The organisation will grant a board-level agreement for a project. Teams can use open source on it and run a risk analysis. Instead of doing it entirely in-house or going to a third party and getting a proprietary solution, they try open source and see how that works and take it from there.
- Tackling policies and regulations head-on - This means working with all of the organisation’s policies to understand them and try to chart a way through them to allow for open source.
The latter is the gold standard. Hopefully, we can reach a point where open source is built into the regulatory framework of organisations and people are allowed to contribute in certain areas.
Every project is not going to become an open-source project, and it doesn’t have to, but there are ways to run risk analysis and still allow teams to contribute to the projects they need to. For example, there is a future where a bank engineer can say: “it would be better to collaborate with peers on this monitoring tool than to build our own.”
FINOS
FINOS is set up to help financial teams embrace open source. Many banks have huge barriers to change, and FINOS can come in as an outside agent and try to instigate change to show people a better way of working.
They have memberships (with different levels), as well as events, training, and software.
For example, FINOS runs Open Source Readiness, which gets people together every couple of weeks. These are people who work on championing open source within their organizations and are trying to unlock the value of it for their organizations. FINOS helps document the path to change for an organization, provides a way for teams to collaborate with other open-source users, and advises on how to open organisations up to open source.
For more information on FINOS, check out the FINOS.org website and GitHub. They love chatting open source and are always open to messages.
Rob Moffat
.webp)