Ahead of the curve podcast

Can Open Source Technology truly help to build the future of risk management?

Overview
More episodes

Join our host Stuart Smith, Co-Head of Business Development and Scott Sobolewski, Co-Head of Quantitative Services as they discuss the merits of using open source software.

Reviewing the incredible journey of Linux supported by Red Hat and comparing this to Open Source Risk Engine (ORE), the derivatives risk management and pricing software which is freely available and being utilised by over 150+ firms in the industry today.

Scott shares some use cases of ORE and explains the power and extendibility of the software and how it is shaping the future of risk management.

[silence] Hello, and welcome to Ahead of the Curve,the podcast from Acadia, where we take the time to getunder the skin of the risk, margin, collateral industry,and present some topical insights on where we see the futureof this hugely important industry. Today, we welcome Scott Sobieski,head of our quant services business. We're going to talk a little bitabout open source and how it's impacted the financial services industry.What is open source ? Maybe let's just go all the way back to basics,really set the tone for what we're going to talk about,what is open source? What are some of the big achievementsthat is driven in the industry, particularly in thefinancial services world? -I think even outside of finance,open source has had a huge beneficial impacton technology growth over the last several decades.Some words that come to mind when I think of generic open source software,enhanced transparency, obviously cost efficiency,as the majority of those open source tools are provided entirelyfor free, community-led development, and a common set of shared best practices.Almost an implicit set of checks and balances on that software,as it's being used by many, many different usersand being contributed back, hopefully, by that same set of users.Lastly, it may not always solve 100 percent of each individual'sspecific problem or specific use case. It often providesthe basic foundational building blocks that prevent the needto independently recreate the wheel each time somebody wants to deployor improve a new set of software. -I think when someone says open source,I think everyone intrinsically just immediately thinks Linux.It's like a knockover in the brain. You get open source Linux,that's the next thing you think about. I remember when I was at universityand doing my PhD, I had to work on Linux boxes.It was this big jump over, and oh my God, how are we going to do this?I think that's different now. The maturity of that software has changed.It's funny you bring up Linux from an Acadia perspective,our open source toolkit, the open source risk engine.We are aspiring to be the Red Hat of the financial risk community.Our version of Linux is what we call the open source risk engine.Just as with Linux, it was freely provided by Red Hat.There were Bespoke or unique implementationsor operating systems that were built on top.I often think of ORE, our open source risk engine,as the car engine, and some of these additional layersas the frame or body of the vehicle that can be customizedor tailored to individual client use cases.Stuart, from your perspective as a previous Linux user,if you want to try to draw a parallel into the financialand financial risk space, how do large banksor other software development communities deploy or use Linux?How does it add efficiencies to their internal software builds?I think that flexibility is key right around how you can use Linux.When I was a user of Linux, it all came on a CD,and you still had to install it. It was back in the olden days.Nowadays, when you look at how things are dockerized,how things are containerized, and the operating systemis embedded inside that. Now, if that was an at-costoperating system that causes huge issues of licensing,of challenges of enterprise licenses you need.The flexibility to be able to develop, deploy on cloud,and accelerate that technical journey is just fantastic.You open up all kinds of opportunities for taking it forwardwithout having to worry about, I wonder if I'm licensedto use this piece of software here or here or here.I can get started quickly because I don't need a license,and I can see if it works. If it builds, then I've got more choicesdown the line as to how I use that. -We mentioned open source softwarebeing freely available. I think I remember Red Hat was acquiredfor over $40 billion. There must have been some sortof commercial element to their sponsorship of that open source project.Could you, from your perspective, just describe how Red Hathad their commercial models centered around that open source software,in terms of how they would have provided commercial supportor enterprise support to commercial users? -I think it takes a huge amountof vision to, for a business like that, to see where the industry was going to go.They were 100 percent right. That vision that they had that peoplewould eventually need to pay them to provide that service was validand has been validated probably 10 times over.When you look at how a bank runs, banks have to have supportfor the software that they're running. You can't just runa critical infrastructure service on the backof no support contract on your end. You need people to support it yourselfor you need to have someone who can support it for you.It doesn't make sense for every bank in the worldto have a core Linux development team that can support their Linux distribution.It makes sense for that to be inside one vendorwho can provide support out to them on a relativelytraditional software basis, but give them the flexibilityto then take that into production and use thatfor critical purposes, knowing they can fall back on the support model.That's really why we're gathered here today to try to make the market awarethat, for the first time, Acadia has formalized an enterpriseand commercial support model for our open source toolkit,the open source risk engine. -We've said open source risk enginea few times. I don't think we've defined what it is.Why don't we go back to understand, what is the open source risk engine?What capabilities does it cover? What were its origins?Then we can talk about how we're going to take that forwardand enable firms to use it more. -Its origins were primarilyin the derivatives pricing and risk management space.It had evolved on top of another legacy open source risk project, QuantLib,which some listeners or viewers may be a bit more familiarwith our original founding partners that the predecessor company to Acadia,who were users of QuantLib and contributorsand extenders of QuantLib. At the time, it was just a pricing libraryfor derivatives. They needed for their internal jobfunctions a risk simulation layer to make counterpartycredit risk PFE calculations or Monte Carlo simulationsfor value at risk calculations in the market risk space,or a bump in revaluation layer for market risk sensitivities.All of that was eventually built on top of what had existedin the Legacy QuantLib open source project.Over the last 10 to 15 years, those contributionsfrom our founding partners have developed into a standalone risk and pricing projectthat we now call and support as the open source risk engine.Maybe we talked a bit about the flexibility.How does that flexibility translate into this use case?Why is the flexibility of open source impactful and meaningful to peoplewho want to use it? What does it enable them to do?It's a significant cost savings mechanism for clients who need internal risk modelsand pricing models to comply with financial regulationsfor regulatory capital or regulatory margin requirementsin the wake of the 2008/2009 financial crisis.That was all of that additional regulation and all of that additional attentionfrom the financial community in the risk management space,that was the genesis and spark that led to the developmentand continued investment, from not only Acadiaand its predecessor companies, but also our clientsover the last 10 or 15 years as users of the open source risk engine.Now we're talking about critical processes.As a bank, you have to get those processes done at 9:00 AM every day.Numbers have got to go to the regulator. Otherwise, bad things happen.Maybe there are other use cases as well though,for instance, model validation. I think that's where maybesome of the flexibility plays in that you've got that choice to take it,use it, not use it for a while, use it again.Model validation with our readers, is that a big deal?That community-led development that I spoke to earlier,just from a generic open source perspective, the open source risk enginehas been a huge benefactor of the very complex use casesand the complex consulting, and other projectswe've had with the most complex and largest banks in the world.They generally have to make the most significant investmentin that risk architecture. To the extent that they're also usersand believers in ORE, all of that complex, or the majority of that complex investmenthas made its way back into the open source realm.Even smaller to medium-sized institutions that may not havethose same complex requirements can get themselvesas far up that spectrum of complexity as they want to.That flexibility element allows as much sophisticationas not only banks, but by side hedge funds, asset managerswho want to be more precise in the way that they managetheir counterparty credit risk exposures to the dealers,or the way that they want to allocate VAR to individual desksor individual portfolios, just as banks are forced to do from an NFRTFB marketrisk regulatory perspective. That flexibility and customization,the particular use case that you're referring toin the benchmarking or model validation spaceare out-of-the-box pricing and risk models that are battle-tested,that have won, and achieved regulatory approvalsin all of the advanced regulatory jurisdictions globally.Even if a client of ours, a bank or a hedge fundthinks that they have a better solution, a more advanced modelthat gives them an edge in the market, often there is a governanceor risk management requirement that that proprietary modelor that alternative vendor model that they may be using is benchmarkedand validated against a completely separate implementation.That's really where, rather than having those validation teamsor those governance teams or audit teams recreate a parallel model from scratch,they can often find what they need inside our open source toolkit.I think when you look at what amazes me is the factthat we don't necessarily know who all of our users are,which is a strange place to be sometimes as what you thinkof as a traditional software developer. Certainly, we find new use cases.We find new users who've taken the softwareand done interesting things with it, which is inspiring,for us in terms of being able to look and see what's possibleand to be able to see how different people have usedthat in that flexible way. Then when you go onto the capital calculation or the risk calculation use casesyou talked about, I think that's for me where it changes into a critical process.Then you need that support we've talked about,the same as banks needed support for Linux through RedHat.They needed support to know if it fails or when oil prices go negativeor whatever other industry, things happen next weekthat we didn't expect to happen last week. You've got someone that you can rely on,depend on to pick up the pieces, fix the software,and push it back into production for you. Do you want to talk a little bitabout how we're trying to bring that support model to the industryand enable more use cases of ORE, and standardize that a little bit?The cool thing in terms of Acadia at its core,if you're not previously familiar with Acadia,the primary business model is as a SaaS riskand margin calculation provider to the industry.If you're not already aware, ORE is operating under the hood at Acadiafor all of the risk services that we offer to the market,in terms of sensitivity calculation or initial margin backtesting.Over the last five or six years, in the middle to last phasesof the global regulation, we've been able to prove the Aurorause case across hundreds of clients who are our SaaS clients.All of them are the majority of them have had validation requirementsand benchmarking requirements as users of Acadiaand regulated entities of Acadia. We've gotten nearly a decade of feedbackon our valuation methodologies, and our risk methodologies,and harvested all of that feedback from those hundreds of usersback into our open source risk engine. We have quite a bit of confidencethat we are in a market-leading position. We are giving away that functionalityentirely for free, to the extent that our clients and our usersrecognize the vast potential in ORE beyond just the initial margin spaceor the margin space that Acadia is most known for.That's really where our commercial support modelhas developed to support those clients with bugfixesor on-demand support based on issues or severity levels.Often having that support is critical from an IT and risk managementperspective of our clients. It could be the best pieceof software kit, and it could be entirely 100 percent free.It still will not pass IT Master because their rules, their requirements,require an on-demand support access to the creators of that software.I remember the day oil went negative, and I was involvedwith the commodity risk system at the time.I remember a few of us stood looking at each other,and it happened so fast. Oil went from a decent price to negativein a very short space of time. There are a lot of peoplewho woke up this morning without (?avail) because no one saw that coming.That's when you need that support service that can kick in software developmentexperts who can release a patch specifically for that fix quicklyfor a lot of people. -Severity one issue,likely you need response times within a matter of minutesto meet certain beginning-of-day or end-of-dayregulatory requirements on reporting. That is the exact style of support modelthat Acadia is now rolling out for the very first time to start the year.We have supported our clients commercially in the pastthrough Bespoke consulting projects. We want to make it a bit more standardizedand unified across the industry and make it very obvious,not only the analytics proposition, but the cost-benefit proposition.Now that commercial support model comes with moneyout the door from our clients to achieve that on-demandaccess to our quants and our developers. We know it's still orders of magnitudelower than what our clients have historically paidto legacy vendor systems or to armies of internal quant teamswho are developing these and maintaining these models from scratch.Do you see this as being the sum total, that's the way that the future of Acadiain our world will already be, that we will have large installed systemssupported remotely? Is that where you think the future is?Do you think there's a middle ground where we'll do more than one thingaround how we use ORE? -I think Acadia will still continueto operate primarily as a SaaS business model,where we look to identify the most prevalentand most widespread risk use cases that we can deploy very easilyfor our clients on a hosted daily managed service, where the marketdata issues and the trade management and portfoliomanagement, the reconciliation issues, that's all managed on an outsourced basis.That provides generally the most cost-efficient modelfor our clients, to the extent that clients have unique requirements,unique regulatory requirements, or maybe more advancedregulatory requirements in different aspects of risk management,that Acadia doesn't see enough consensus to build a SaaS model behind.That's really where ORE comes into play as the most cost-efficient use casefor them to deploy locally and maintain increased ownershipand extensibility around that local deployment.I, again, look at analogies across the rest of the open source world.Look at software like Kafka, like Redis, these incrediblyfast in-memory technologies. You can installand do fantastic things with them. In the majority of use cases,people buy a subscription from cloud vendorswhere they're run as a managed service. I think we agree that there will always bea big, substantial part of the user base who want that.Just please give it to me. Please deal with all the hard stuffand please run it and have it there for 9:00 AM.Then there'll be those guys who say: "I want to take this,and I want to extend, and I want to go to the moon,and I want to do some incredible things." -I know you and I are working very hardto extend our risk roadmap. Please call up Stuart.He'll leave his phone number at the end of the podcast.Ask him about our roadmap on a SaaS and hosted services basis.Inevitably, there will always be things that fall between that managed services,fall between the cracks of what's eligible to be outsourced,or where there's appetite to want to outsource in a managed service.That's really where we can help our clients determineand make it an easier cost proposition for them to determinewhat should be owned internally versus what's most efficient to outsource.That's fantastic. Scott, thank you.Thank you for coming to join us on the podcast today.I think it's been great and a great introduction to open sourceand what Acadia is trying to do to bring that into the financial services industryas well, and bring some of those lessons and capabilities with us.Our open source project is completely managed separatelyfrom our Acadia website. Opensourcerisk.org,if you want to go check it out. We have tons of documentation.We have a YouTube channel where we've authored tutorialsto make it as easy for clients to get startedinstalling, using, and understanding ORE a lot better,so opensourcerisk.org. -Thank you for listening to Aheadof the Curve. We'd love to know your thoughts.Please do get in touch. Leave comments and reach out.You can find out more about what we talked about today from acadia.inc.Until next time, thank you.