Accounting regulations for financial institutions are a set of rules and standards that govern how these institutions record, report, and interpret financial data.
These regulations, often enacted by regulatory bodies such as the Financial Accounting Standards Board (FASB) in the United States or the International Accounting Standards Board (IASB) globally, aim to ensure transparency, accuracy, and consistency in financial reporting, ultimately contributing to the stability of the financial system.
Intersection With Open Source
Anything that developers write has a cost associated with it, which is charged to a cost center within an organisation. Under accountancy laws these costs are amortised with respect to the assets they create. Giving away software as open source breaks this model and needs to be accounted for correctly.
Open source, while free still has an IP value and therefore in some jurisdictions will be taxed. If open source code is being contributed by a parent organisation and then consumed by a subsidiary, this might cause tax issues. By donating code to a non-profit foundation like the Linux Foundation you can fix this tax issue since a neutral 3rd party has governance. This is then viewed as charitable donation.
- Product Owners will need to accept the accounting write-down on the value of their software if they want to distribute it for free as open source.
Sarbanes Oxley (SOX)
The Sarbanes–Oxley Act (SOX) of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. It codified the system of "Internal Controls over Financial Reporting" that requires publicly-traded corporations to define operational risk and control activities, notably IT General Controls, that includes the Software Development Lifecycle.
SOX was enacted in response to accounting scandals involving companies such as Enron, WorldCom, and Tyco. The act established new or expanded requirements for public companies and accounting firms, with the goal of improving corporate governance, financial reporting, and accountability.
While not all financial institutions are public companies, the concept of IT controls has been incorporated into FDIC examinations and auditing requirements for internal and external auditors.
Example: In 2013, JPMorgan Chase was fined $200 million by regulatory authorities for its failure to maintain effective internal controls over financial reporting. The bank had made several risky trades that resulted in significant losses, which highlighted weaknesses in its internal control processes.