RCS - FINOS - Common Controls for AI Services to Launch

Royal Bank of CanadaAnnouncement

24/06/2025 10:00

For best results when printing this announcement, please click on link below:
https://newsfile.refinitiv.com/getnewsfile/v1/story?guid=urn:newsml:reuters.com:20250624:nRSX0682Oa&default-theme=true

RNS Number : 0682O  FINOS  24 June 2025

Global Financial Institutions and Technology Leaders Collaborate Under FINOS
to Launch Open Source Common Controls for AI Services

BMO, Citi, Microsoft, Morgan Stanley, RBC, Google Cloud, Red Hat, AWS and
others join forces to set secure, standardized AI controls for financial
services

NEW YORK CITY, NY / ACCESS Newswire (https://www.accessnewswire.com/)  /
June 24, 2025 / The Fintech Open Source Foundation (FINOS)
(https://pr.report/brm5) , part of the Linux Foundation, today announced the
launch and cross-industry support behind its Common Controls for AI
Services initiative - a collaborative effort to define standardized open
source technology-neutral controls for safe and compliant AI adoption in the
financial industry.

Global financial institutions - including BMO (https://pr.report/brm6)
, Citi (https://pr.report/brm7) , Morgan Stanley (https://pr.report/brm8)
, RBC (https://pr.report/brm9) , are working with major cloud and technology
providers, including Microsoft (https://pr.report/brma) , Google Cloud
(https://pr.report/brmb)  and Amazon Web Services (AWS)
(https://pr.report/brmc) . These efforts are supported by consultants and
vendors like Red Hat (https://pr.report/brmd) , Sonatype
(https://pr.report/brme) , ControlPlane (https://pr.report/brmf) , Scott
Logic (https://pr.report/brmg)  and Tetrate (https://pr.report/brmh) ,
working collaboratively to develop baseline AI controls tailored to the
complex regulatory and operational requirements of the financial sector. With
broad industry support from other leading firms, such as Goldman Sachs
(https://pr.report/brmi) , the initiative is expected to gain pace quickly and
build on the strong foundations laid out by the FINOS AI Governance Framework
(https://pr.report/brmj)  and FINOS Common Cloud Controls
(https://pr.report/brmk)  projects.

"This is a pivotal moment for AI in financial services," said Gabriele
Columbro, Executive Director of FINOS. "Open Source provides a unique model to
allow financial institutions and third-party vendors to shift left their
collaboration on security requirements, drastically reducing friction in
enforcing security and evidencing compliance, while global regulators can
transparently observe and map regulations to industry-wide machine-readable
standards".

"As AI becomes increasingly integrated into financial services, establishing
common, open standards defined in collaboration with our customers is
essential to ensuring trust, security, and regulatory compliance as part of
the shared responsibility model," said Allison Nachtigal, Vice President,
Azure, Chief Product Officer, Microsoft. "We have supported Common Cloud
Controls since its inception because of its incredible potential to harmonize
financial institutions' requirements for cloud, and so we welcome this new
strategic initiative to similarly enable responsible, scalable AI adoption in
the industry".

"Having played a key role in establishing the AI Readiness programme, we are
extremely proud to see FINOS take this major step forward towards establishing
a shared approach to AI governance. By collaborating across our industry on a
common controls framework, we make everyone stronger," said Ian Micallef, MD,
Developer Enablement, Citi.

"We believe that open source standardized controls is the most efficient way
for financial institutions to grapple with AI adoption safely and compliantly,
which is why we champion the Common Controls for AI Services to foster secure
innovation across the industry," said David Stone, Director, Financial
Services, Office of the CISO, Google Cloud.

This global collaboration reflects growing recognition across the financial
ecosystem that proprietary or fragmented approaches are insufficient to
address the shared challenges posed by AI adoption in regulated markets.
The Common Controls for AI Services initiative offers a unified framework to
drive consistency, transparency, and trust.

Setting the Standard for Secure AI in Finance

The Common Controls for AI Services initiative builds upon the success of
the FINOS Common Cloud Controls (CCC) (https://pr.report/brml)  project,
originally contributed by Citi, extending its framework to specifically
address AI services according to the guidelines of the FINOS AI Governance
Framework (https://pr.report/brmm) .

The project will deliver:

·      Technology-neutral baseline standards for AI usage across cloud
and hybrid environments;

·      Peer-reviewed governance frameworks aligned with evolving global
regulations;

·      Real-time validation mechanisms ("Regulation-as-Code") to
improve operational transparency and regulatory readiness.

By focusing on collaboration across institutions, cloud platforms, and AI
vendors, the initiative aims to deliver practical, scalable controls that can
be broadly adopted across the financial services ecosystem.

"At BMO, we know it's never been more important for financial institutions to
embrace collaborative solutions that allow us to harness the full potential of
AI in a safe, secure and innovative way," shared Kristin Milchanowski, Chief
Artificial Intelligence and Data Officer, BMO. "From cloud to AI, FINOS
continues to foster cross-functional collaboration that helps BMO and our
peers unlock the value of emerging technologies, both for the institutions
that adopt them and the clients we serve," added Kim Prado, CIO, U.S Capital
Markets, Investment & Corporate Banking and Office of the COO, BMO, and
Governing Board Member, FINOS.

"At RBC, we view open source not just as a technology choice, but as a
strategic enabler. The FINOS Common Cloud Controls (CCC) project reflects the
vision through its transparent, community-driven approach to cloud security
and compliance. By contributing to Common Cloud Controls (CCC), we are helping
to shape the future of industry standards," said Maxime Coquerel, Principal
Cloud Security Architect at RBC. "This accelerates our cloud transformation
and reinforces our commitment to collaboration, accountability, and innovation
across the financial sector".

Broad Industry Engagement - and an Open Invitation to Join

The Common Controls for AI Services initiative is already drawing engagement
from a broad cross-section of the financial and technology sectors - and
remains open for wider participation from financial institutions, cloud
providers, AI vendors, consultancies, and regulators.

Besides financial institutions, contributors include:

·      AI Infrastructure and Cloud Service Providers: Microsoft, which
recently joined the FINOS Governing Board as a Platinum Member, Google Cloud,
Red Hat and Amazon Web Services (AWS), collaborating to align operational and
security standards with cloud and AI native architectures.

·      System integrators & Consultants: Sonatype, ControlPlane and
Scott Logic, contributing regulatory and technical expertise to ensure the
controls are practical, scalable, and fit for financial services.

"Shared, open standards for AI governance are essential to ensuring that AI
contributes to the overall stability of the financial system," said Dr.
Richard Harmon, Vice President and Global Head of Financial Services, Red Hat.

"Shared, open standards for AI governance are essential to securing the future
of financial services," said Andrew Martin, CEO at ControlPlane. "As we see
rapid adoption of agents and models, a trusted suite of infrastructure
templates from FINOS CCC and AI Governance Framework gives FSIs a solid,
stable baseline to build out next-generation systems".

"We're delighted to support this initiative," said Colin Eberhardt, CTO of
Scott Logic. "Our consultants have been deeply involved in developing the
FINOS Common Cloud Controls to give the financial services industry a standard
for cloud implementation. With AI typically being deployed on the cloud, it
was critical for the security of such a highly-regulated industry that we
adapted CCC accordingly. In my role leading the AI Governance Framework, I
wanted to make sure that this was a key focus".

This growing collaboration ensures the Common Controls for AI Services will
be:

·      Cloud-agnostic, supporting multi-cloud and hybrid deployments;

·      Implementation-ready, reducing duplication across firms;

·      Regulatory-aware, aligned with emerging global compliance
requirements.

This initiative represents a critical next step in building trusted, open
infrastructure for AI in finance. FINOS and its members invite the industry to
contribute to shaping a more secure, scalable, and collaborative AI future.

There are several ways to get involved with this initiative. Explore the
introductory materials for the Common Cloud Controls (https://pr.report/brmn)
 and participate in the next CCC All-Hands Meeting (https://pr.report/brmo)
 to learn more and contribute to the project. For those interested in AI
governance, you can dive into the governance framework here
(https://pr.report/brmp)  or attend the upcoming AI Governance Framework
Working Session. (https://pr.report/brmq)

About FINOS Common Cloud Controls (CCC) and AI Governance Framework (AIGF)

Originally contributed by Citi to FINOS in 2023, the FINOS Common Cloud
Controls (CCC) project established the industry's first open,
technology-neutral framework for secure cloud deployments tailored to
financial services. CCC enables institutions to adopt cloud services
consistently and securely across multiple providers, jurisdictions, and
regulatory environments. It currently features released controls for VPC,
RDMS, Object Storage and several release candidates. Get in touch with the
FINOS team to learn more and get involved (https://pr.report/brmr) .

Launched by FINOS in 2024, the FINOS AI Governance Framework is being
developed by financial institutions for financial institutions and provides a
comprehensive collection of risks and mitigations that support the onboarding,
development and deployment of Generative AI solutions in financial services.
It currently features a catalogue of 22 threats across operational, security
and regulatory. Get in touch with the FINOS team to learn more and get
involved. (https://pr.report/brms)

About FINOS

FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to
foster the adoption of open source software, standards, and collaborative
development practices in financial services. As part of the Linux Foundation,
FINOS provides a regulatory-compliant platform for developers from competing
organizations to collaborate on innovative projects that transform business
operations. With over 100 members spanning major financial institutions,
fintechs, and technology consultancies, FINOS is at the forefront of driving
open source innovation in finance. Get involved (https://pr.report/brmt)
 and join FINOS (https://pr.report/brmu)  as a Member. To stay up to date
on FINOS news, events, podcasts, blogs, and more, sign up here
(https://pr.report/brmv) .

Learn more at www.finos.org (https://pr.report/brmw) .

Media Contact:

Patrick Doherty

patrick.doherty@finos.org

+1 (206) 245-8574

SOURCE: FINOS / The Linux Foundation

 

This information is provided by Reach, the non-regulatory press release distribution service of RNS, part of the London Stock Exchange. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact
rns@lseg.com (mailto:rns@lseg.com)
 or visit
www.rns.com (http://www.rns.com/)
.

RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our
Privacy Policy (https://www.lseg.com/privacy-and-cookie-policy)
.   END  NRADBGDLIUDDGUX