BMO, Citi, Microsoft, Morgan Stanley, RBC, Google Cloud, Red Hat, AWS and others join forces to set secure, standardized AI controls for financial services
NEW YORK CITY, NY / ACCESS Newswire / June 24, 2025 / The Fintech Open Source Foundation (FINOS), part of the Linux Foundation, today announced the launch and cross-industry support behind its Common Controls for AI Services initiative - a collaborative effort to define standardized open source technology-neutral controls for safe and compliant AI adoption in the financial industry.
Global financial institutions - including BMO, Citi, Morgan Stanley, RBC, are working with major cloud and technology providers, including Microsoft, Google Cloud and Amazon Web Services (AWS). These efforts are supported by consultants and vendors like Red Hat, Sonatype, ControlPlane, Scott Logic and Tetrate, working collaboratively to develop baseline AI controls tailored to the complex regulatory and operational requirements of the financial sector. With broad industry support from other leading firms, such as Goldman Sachs, the initiative is expected to gain pace quickly and build on the strong foundations laid out by the FINOS AI Governance Framework and FINOS Common Cloud Controls projects.
"This is a pivotal moment for AI in financial services," said Gabriele Columbro, Executive Director of FINOS. "Open Source provides a unique model to allow financial institutions and third-party vendors to shift left their collaboration on security requirements, drastically reducing friction in enforcing security and evidencing compliance, while global regulators can transparently observe and map regulations to industry-wide machine-readable standards".
"As AI becomes increasingly integrated into financial services, establishing common, open standards defined in collaboration with our customers is essential to ensuring trust, security, and regulatory compliance as part of the shared responsibility model," said Allison Nachtigal, Vice President, Azure, Chief Product Officer, Microsoft. "We have supported Common Cloud Controls since its inception because of its incredible potential to harmonize financial institutions' requirements for cloud, and so we welcome this new strategic initiative to similarly enable responsible, scalable AI adoption in the industry".
"Having played a key role in establishing the AI Readiness programme, we are extremely proud to see FINOS take this major step forward towards establishing a shared approach to AI governance. By collaborating across our industry on a common controls framework, we make everyone stronger," said Ian Micallef, MD, Developer Enablement, Citi.
"We believe that open source standardized controls is the most efficient way for financial institutions to grapple with AI adoption safely and compliantly, which is why we champion the Common Controls for AI Services to foster secure innovation across the industry," said David Stone, Director, Financial Services, Office of the CISO, Google Cloud.
This global collaboration reflects growing recognition across the financial ecosystem that proprietary or fragmented approaches are insufficient to address the shared challenges posed by AI adoption in regulated markets. The Common Controls for AI Services initiative offers a unified framework to drive consistency, transparency, and trust.
Setting the Standard for Secure AI in Finance
The Common Controls for AI Services initiative builds upon the success of the FINOS Common Cloud Controls (CCC) project, originally contributed by Citi, extending its framework to specifically address AI services according to the guidelines of the FINOS AI Governance Framework.
The project will deliver:
Technology-neutral baseline standards for AI usage across cloud and hybrid environments;
Peer-reviewed governance frameworks aligned with evolving global regulations;
Real-time validation mechanisms ("Regulation-as-Code") to improve operational transparency and regulatory readiness.
By focusing on collaboration across institutions, cloud platforms, and AI vendors, the initiative aims to deliver practical, scalable controls that can be broadly adopted across the financial services ecosystem.
"At BMO, we know it's never been more important for financial institutions to embrace collaborative solutions that allow us to harness the full potential of AI in a safe, secure and innovative way," shared Kristin Milchanowski, Chief Artificial Intelligence and Data Officer, BMO. "From cloud to AI, FINOS continues to foster cross-functional collaboration that helps BMO and our peers unlock the value of emerging technologies, both for the institutions that adopt them and the clients we serve," added Kim Prado, CIO, U.S Capital Markets, Investment & Corporate Banking and Office of the COO, BMO, and Governing Board Member, FINOS.
"At RBC, we view open source not just as a technology choice, but as a strategic enabler. The FINOS Common Cloud Controls (CCC) project reflects the vision through its transparent, community-driven approach to cloud security and compliance. By contributing to Common Cloud Controls (CCC), we are helping to shape the future of industry standards," said Maxime Coquerel, Principal Cloud Security Architect at RBC. "This accelerates our cloud transformation and reinforces our commitment to collaboration, accountability, and innovation across the financial sector".
Broad Industry Engagement - and an Open Invitation to Join
The Common Controls for AI Services initiative is already drawing engagement from a broad cross-section of the financial and technology sectors - and remains open for wider participation from financial institutions, cloud providers, AI vendors, consultancies, and regulators.
Besides financial institutions, contributors include:
AI Infrastructure and Cloud Service Providers: Microsoft, which recently joined the FINOS Governing Board as a Platinum Member, Google Cloud, Red Hat and Amazon Web Services (AWS), collaborating to align operational and security standards with cloud and AI native architectures.
System integrators & Consultants: Sonatype, ControlPlane and Scott Logic, contributing regulatory and technical expertise to ensure the controls are practical, scalable, and fit for financial services.
"Shared, open standards for AI governance are essential to ensuring that AI contributes to the overall stability of the financial system," said Dr. Richard Harmon, Vice President and Global Head of Financial Services, Red Hat.
"Shared, open standards for AI governance are essential to securing the future of financial services," said Andrew Martin, CEO at ControlPlane. "As we see rapid adoption of agents and models, a trusted suite of infrastructure templates from FINOS CCC and AI Governance Framework gives FSIs a solid, stable baseline to build out next-generation systems".
"We're delighted to support this initiative," said Colin Eberhardt, CTO of Scott Logic. "Our consultants have been deeply involved in developing the FINOS Common Cloud Controls to give the financial services industry a standard for cloud implementation. With AI typically being deployed on the cloud, it was critical for the security of such a highly-regulated industry that we adapted CCC accordingly. In my role leading the AI Governance Framework, I wanted to make sure that this was a key focus".
This growing collaboration ensures the Common Controls for AI Services will be:
Cloud-agnostic, supporting multi-cloud and hybrid deployments;
Implementation-ready, reducing duplication across firms;
Regulatory-aware, aligned with emerging global compliance requirements.
This initiative represents a critical next step in building trusted, open infrastructure for AI in finance. FINOS and its members invite the industry to contribute to shaping a more secure, scalable, and collaborative AI future.
There are several ways to get involved with this initiative. Explore the introductory materials for the Common Cloud Controls and participate in the next CCC All-Hands Meeting to learn more and contribute to the project. For those interested in AI governance, you can dive into the governance framework here or attend the upcoming AI Governance Framework Working Session.
About FINOS Common Cloud Controls (CCC) and AI Governance Framework (AIGF)
Originally contributed by Citi to FINOS in 2023, the FINOS Common Cloud Controls (CCC) project established the industry's first open, technology-neutral framework for secure cloud deployments tailored to financial services. CCC enables institutions to adopt cloud services consistently and securely across multiple providers, jurisdictions, and regulatory environments. It currently features released controls for VPC, RDMS, Object Storage and several release candidates. Get in touch with the FINOS team to learn more and get involved.
Launched by FINOS in 2024, the FINOS AI Governance Framework is being developed by financial institutions for financial institutions and provides a comprehensive collection of risks and mitigations that support the onboarding, development and deployment of Generative AI solutions in financial services. It currently features a catalogue of 22 threats across operational, security and regulatory. Get in touch with the FINOS team to learn more and get involved.
About FINOS
FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source software, standards, and collaborative development practices in financial services. As part of the Linux Foundation, FINOS provides a regulatory-compliant platform for developers from competing organizations to collaborate on innovative projects that transform business operations. With over 100 members spanning major financial institutions, fintechs, and technology consultancies, FINOS is at the forefront of driving open source innovation in finance. Get involved and join FINOS as a Member. To stay up to date on FINOS news, events, podcasts, blogs, and more, sign up here.
Learn more at www.finos.org.
Media Contact:
Patrick Doherty
patrick.doherty@finos.org
+1 (206) 245-8574
SOURCE: FINOS / The Linux Foundation
View the original press release on ACCESS Newswire
