FINOS AI Governance Framework v1.0 — Turning Drafts into Deployable Guardrails

Written by Luca Borella | 6/23/25 7:25 AM

Just nine months ago we unveiled the draft AI Governance Framework (AIGF) on stage at OSFF New York, inviting the industry to stress-test and extend the first open-source control set for GenAI in finance (see announcement here). Since then, the Community has work-shopped, debated and iterated through dozens of pull-requests and in-person sessions — from the SEC’s AI Roundtable in Washington (SEC Blogpost) to May’s practitioner workshop in New York (NYC Workshop Blogpost).

Today, the day before OSFF London, we graduate those efforts into AIGF v1.0 — a production-ready playbook that any financial-services institution can plug into its existing three-lines-of-defence model.

Why v1.0 matters

Neutral home for AI standards. AIGF v1.0 anchors FINOS as the definitive, vendor-agnostic platform where FSIs, regulators and vendors co-create the guardrails that make AI safe, compliant and interoperable.
Risk and cost reduction at scale. By mutualising 18 top-level risk categories and 17 implementable controls aligned to NIST RMF, OWASP and EU AI Act mapping, firms avoid duplicating months of policy writing and audit effort.
Accelerated innovation. Shared controls free up engineering time to focus on differentiated use-cases — from smarter KYC to AI-powered regulatory reporting — while satisfying supervisory expectations out-of-the-box.

What’s new in v1.0

Theme	Highlights
Expanded risk catalogue	Added model concentration, supply-chain poisoning, synthetic data leakage etc.
Unified control taxonomy	Harmonised with Common Controls for AI Services (CC4AI) so CSPs can “attest once, inherit everywhere.”
Reg-tech ready	Traceability matrix to EU AI Act articles and updated U.S. prudential guidance; JSON export for automated evidence collection.
Operational playbooks	Step-by-step run-books for red teaming, prompt-injection testing and continuous monitoring, contributed by member banks.

(Full changelog lives in the GitHub commits history)

Who benefits — and how

Financial Institutions: Slash compliance spend, de-risk deployment and win time-to-market advantage.
Regulators: Gain a transparent, community-maintained reference that maps real threats to concrete controls.
Cloud & Tech Vendors: Leverage a single, open standard to prove control equivalence across multiple FSIs.
Media & Analysts: Cover a first-of-its-kind collaboration uniting Wall Street, Big-Tech and regulators around open AI guardrails.

Beyond the Framework — AI SDF & CC4AI

AIGF v1.0 is the keystone of a broader FINOS AI portfolio that also includes:

CC4AI: extending the successful Common Cloud Controls model to AI workloads.
AI Supplemental Directed Fund (AI SDF): a proposed capital pool to co-fund pre-competitive, open-source AI components (think standardised evaluation and benchmarking metrics or supervisory-reporting bots).
Responsible AI Working Group: beyond compliance, to ensure AI is used ethically, accountably and sustainably by FSIs. (Download draft white paper here)

Together, these initiatives mutualise effort, cut costs “by an order of magnitude” and ensure the industry can react quickly to the next breakthrough — or the next regulatory deadline.

The road ahead

With v1.0, the community now shares a common language for AI risk. The next challenge is scale: integrating these controls deep into DevSecOps pipelines and cloud service offerings so that “responsible AI” becomes the default, not the exception.

If your organisation wants to lead rather than follow, now is the moment to step in. Review the framework, raise an issue, sponsor the AISDF — and help build the open, trusted AI ecosystem our industry needs.

Together, we can turn AI uncertainty into shared opportunity.

Call to Action

Join the conversation tomorrow at OSFF London
Pilot the controls: Try v1.0 against a live GenAI proof-of-concept and share feedback via GitHub issues.
Contribute new controls: Open a PR or join the weekly AIGF meetings.
Support the AISDF: Contact me (luca.borella@finos.org) to pledge seed funding and shape the 2025-26 project roadmap.
Spread the word: Speak at OSFF NYC, publish a case study, or brief your regulators using the v1.0 traceability pack.

Interested in the FINOS AI Initiative? Click the link below to see how to get involved

Author: Luca Borella, Program Manager, AI Strategic Initiative

Interested in FINOS open source projects? Click the link below to see how to get involved in the FINOS Community.

FINOS Good First Issues - Looking for a place to contribute? Take a look at good first issues across FINOS projects and get your feet wet in the FINOS community.

State of Open Source in Financial Services Report 2024 - Learn about what is really happening around open source in FSI.

This Week at FINOS Blog - See what is happening at FINOS each week.

FINOS Landscape - See our landscape of FINOS open source and open standard projects.

Community Calendar - Scroll through the calendar to find a meeting to join.

FINOS Slack Channels - The FINOS Slack provides our Community another public channel to discuss work in FINOS and open source in finance more generally.

Project Status Dashboard - See a live snapshot of our community contributors and activity.

Events - Check out our upcoming events or email marketing@finos.org if you'd like to partner with us or have an event idea.

FINOS Open Source in Finance Podcasts - Listen and subscribe to the first open source in fintech and banking podcasts for deeper dives on our virtual "meetup" and other topics.

View full post