Open source

It is no secret that technology and its impact on companies’ business models is shaking up the general market. Technology disruption isn’t limited to media, retail, or transport (to name a few industries), but this disruption is widespread, also impacting financial services. The general theme is that technology enabled companies can execute quicker, cheaper and with greater precision.

Financial Risk Measurement is an important area in banking that is finding itself at a crossroad. In a recent blog we discussed the ever increasing volume of compliance challenges faced by banks. Making the case for strategic transformation enabled by technology (and business model) change.  

The argument is that banks aspiring to cut costs and simplify the compliance ask should be investing in a single, coherent, high performance ecosystem. In other words, they should be investing in technology.

This however introduces an even more complex question: Do I upgrade the proprietary systems that I am currently using by purchasing a new technology stack from a preferred vendor? Or do I change my wider technology strategy and make use of the different Open-Source tools available?

Proprietary vs Open-Source Software

Traditionally banks use proprietary software, licenced through vendors such as SAS, FICO, or Moody’s to develop, maintain and execute their Credit Risk Models. However, in recent years Open-Source software has become more ubiquitous. This prevalence is supported by the fact that major technology companies such as Netflix, Amazon and Facebook run and maintain their services on platforms developed with Open-Source technology; where these companies are strong advocates of the Open-Source movement. On the financial services side, not surprisingly, many of the new FinTech banks such as Starling Bank also run and maintain their solutions on largely Open-Source platforms.

However, it is rare that any platform will be completely Open-Source or Proprietary, and in reality most platforms fall into some hybrid category, where the strengths of Open-Source are combined with commercial support packages. Therefore, we can define the following three categories of solutions, which can be used to support the technology change agenda:


Setting your Credit Risk technology change agenda

The principle question being asked by a lot of banks who are reassessing their current risk infrastructure is: how do I migrate to a fully open-source platform and cut the significant costs incurred from proprietary software vendors? In reality, however, this question is much more complex. Such a strategic change in the underlying technology platform directly impacts the operating model affecting key areas such as people, process and strategy. The resulting impact results in a larger set of questions, with important considerations that should be conveyed as part of the decision. We outline some of these questions below.

How will this change impact my business?

The key driver of the strategic change programme is to initiate business change in order to realise certain benefits, with consideration given to:

  • Operating Model Change: What is the expected (or required) change in the operating model to support the new platform and realise the benefits? How will my required skill base change?
  • Application Simplification: How many applications do I expect in the end to end solution if I change to an Open-Source strategy and will this increase complexity?
  • Supply Change/ Vendor Integration: How easily will the different applications or vendors in my target solution integrate with one another?

How will I deliver this technology change?

One of the biggest problems that we see with risk technology change programmes is failure to execute on the delivery of the programme. This is often as a result of not taking the following considerations into account:

  • Resource Requirements: What is the availability of the resources required to configure and maintain the solution?
  • Delivery Risk: What is the risk of not delivering the end to end solution on time and in line with business requirements?
  • Time to Market: What is the time required for successful delivery of the end to end solution in line with business requirements?

How much will this change cost?

Naturally the most important consideration here is what the total cost of ownership of the new solution is estimated to be. There are however important considerations that weigh into this question, such as:

  • Headcount Cost/Average Cost per FTE: What is the cost associated with the increase/decrease in headcount required to support the solution?
  • Maintenance Cost: What is the cost associated with maintaining the solution on a day to day basis?
  • Integration Cost: What is the increase/decrease in cost associated with integrating multiple applications/vendors?
  • Licence Cost: What is the cost of licencing the end to end solution?
  • Configuration Cost: What is the cost associated with configuring the solution in line with business requirements?
  • Process/BAU Cost: What is the total cost of obtaining and running the end to end process within the new solution?

We have only touched on some of the key points above, where getting the above assumptions incorrect can vastly change the cost of a programme and therefore the total cost of ownership. Therefore it should be noted that there are also more specific questions with regards to the functional and non-functional requirements of the solution, as well as the available support, and required governance and regulatory structure that will need to be considered as part of the change initiative. Hence, the question isn’t necessarily: how do I migrate to a fully Open-Source platform? But rather: Should I migrate to a fully Open-Source platform, or are there better suited alternatives to address my specific business needs such as a hybrid approach?

How we can help you

Deloitte has unparalleled technical knowledge, breadth and depth of experience in the area of Risk Modelling, Risk and Capital System Implementation, Operating Model Change and Open-Source Software Development. We are uniquely placed to work together with clients who are interested in better understanding the costs and benefits of a strategic change in their current risk operating model. Drawing on our deep technical expertise in both modelling and infrastructure configuration we can offer you a seamless and cost efficient service that meets the needs of your business. It’s what we do that makes the difference.

Additional reading



Damian Hales - Partner, Risk Advisory

Damian is a Partner, within the Risk and Regulation practise and has over 21 years’ experience in the financial sector and specialises in Credit Risk Management across the full credit lifecycle (from origination to collections and recoveries), IFRS 9, Capital management and Programme Management. Damian leads Deloitte’s Credit Risk and Impairment Transformation offerings, sits on Deloitte’s IFRS 9 Steering Group and is a regular speaker at conferences on these topics.

Email | LinkedIn


Alan Tua - Associate Director, Risk Advisory

Alan Tua is an Associate Director in the Risk Advisory practice in London and leads the Artificial Intelligence team within Risk Advisory, focusing on the application of machine learning to risk management and process optimisation. The team is also shaping a view of what enterprise risks are introduced when an organisation uses AI. Alan has extensive project experience across a range of industries managing data driven analyses as well as AI solution design and build. These have included both the integration of off-the-shelf machine learning components as well as leading in-house development.



Edward Venter - Manager, Risk Advisory

Edward Venter is a Manager in Deloitte’s Financial Risk Measurement team within Risk Advisory, specialising in the development and application of credit risk modelling to support financial institutions on capital allocation, loan impairment modelling and financial risk management. Edward also supports credit risk transformation initiatives, considering how the improved use of technology can deliver improved and more consistent solutions, and how managed services can be used to remove processing pain points around the execution of models.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.