Deutsche Bank made its first contribution to open source in October 2017. The global corporate and investment bank followed up in 2018 with the release of a project called Waltz which it describes has helping users visualise and define their technology landscape (“think of it like a structured Wiki for your architecture”).
Waltz, which is now a lively project under the auspices of fintech open source foundation FINOS, has a number of useful capabilities, including letting users see how a given application is connected to other applications in your organisation and create topologies that track the data types that they exchange. (GitHub here.)
Peter Thomas, a distinguished engineer and head of cloud DevOps engineering at the bank, told The Stack that “going back to when I first heard about Waltz, I didn’t even believe that a large bank like DB (Deutsche Bank) would entertain the fact of doing that”, adding that “I think it is [now] recognised at the very highest level that open source contributions and the mutualisation of open source contributions are of value.”
That is a recognition that has grown considerably in recent years across financial services, with Goldman Sachs for example in 2020 also donating its open sourceLegend programme to FINOS. This is used deeply in Goldman’s cloud for financial data and fosters “a common data vocabulary” for heterogeneous and unstructured datasets and which was born because (as Legend lead architect Pierre de de Belen puts it) “we’ve seen firsthand the struggle with data silos, duplication, and quality as the complexity of data accelerates dramatically”.
(As the FINOS Foundation put it of Legend: “We are seeing a cross-pollination and corporate diversity of contributors, with contributions from the likes of Canonical, SUSE, Cloudbase, and a healthy amount of individual contributors… even an integration with Morphir, the FINOS project maintained by Morgan Stanley.”)
See also: How Goldman Sachs built its cloud for financial data
Thomas was speaking after a breakfast event organised by Red Hat, after taking part in a panel discussion alongside OpenUK CEO Amanda Brock, Red Hat’s EMEA CTO for financial services Monica Sasso and Red Hat’s UK country leader Joanna Hodgson. A key theme of that discussion was the extent to which an education piece continues to be needed at the executive level around open source – where concerns about legal and security risk associated with using software that is not labelled as proprietary by Large Respected Vendor™ can linger.
(This may of course seem absurd to many of The Stack’s developer and other readers, not least given that some of the most successful organisations in the world are built heavily and sometimes nigh-exclusively on open source software, but the understanding of that has yet to percolate upwards to the executive level in many conservative and heavily regulated industries like banking and this deserves remembering… )
As Thomas emphasised: “Open source has formed the de facto standard for software engineering for many, many years. So it’s not really about the choice of saying ‘will we use open source’; it’s unavoidable that you will use open source… it is [also] an accelerant and it has introduced new ways of innovating.”
Contributing to open source projects and collaborating with other teams also adds cultural and talent retention value, he suggested: “ I [also] think that being part of an open source community gives special purpose to engineers and helps further recognise their skills. As an industry we have started to recognise that that is valuable; our senior engineers participating with other engineers in FINOS…” (Thomas spoke as Deutsche Bank continues a major platform overhaul that includes a significant migration to Google Cloud, some elements of the onboarding process are detailed in pleasantly warts-and-all detail in a blog for Hashicorp here. nb The Stack will be discussing this cloud migration in more detail with DB in the near future: Stay tuned for a follow-up article.)
See also: The Big Interview with former Monzo CTO Meri Williams
FINOS, a non-profit founded in 2018 that is part of the Linux Foundation, has drawn in some of the world’s largest banks to collaborate on shared software development in a way that would previously have been unthinkable. That doesn’t mean that every engineers’ brainchild gets an easy ride onto GitHub, Thomas notes: “We have a policy… around [open sourcing software] which is primarily around the legal position of open source; whether we regard that as strict IP… what IP are we losing by open sourcing it; that’s a decision that has to be made by senior management and the CIOs in the area where the software is being contributed” he emphasised.
“Then there are certain things we have to do mechanically around open source leakage and making sure it’s scrubbed of any DB identifiers and data about our servers or platforms. So it’s not as simple as ‘I can just push it up to GitHub’. [However] at places like FINOS … the legal/licensing side of things is standardised [removing complexity and heavy lifting]. The [Deutsche Bank] review process takes a few months but we have several pieces of software in different stages of that process at any given time” he said on March 10th.
At a recent event hosted by The Stack a series of pioneering startups lamented the challenges of getting proof-of-concepts into banks which are intrinsically risk-averse, heavily siloed and often lacking effective sandboxes and approved datasets (several CEOs suggested) for testing new technologies. Thomas said Deutsche Bank had really worked to move the needle on this: “At DB we created an organisation called ‘Breaking Wave’ which is our external entity as an incubator for innovation and these sorts of activities; it’s legally part of Deutsche Bank and regulators understand that it is, but air-gapped. We’re working with various vendors and open source [projects] where we can get them very quickly into an evaluation environment within Breaking Wave. We have agreements about what we can move from DB into Breaking Wave, with controls around data, but it gives us that sandbox environment where you can trial something pre-vendor risk management (VRM) framework.”