finos
AI Governance Framework - Standard Project Contribution and Onboarding
Please note that only FINOS members can propose new Standards projects. If you're interested in membership, see https://www.finos.org/membership-benefits#become-a-member.
Business Problem
The financial services industry faces substantial challenges in safely and responsibly adopting artificial intelligence (AI), particularly generative AI. This includes managing unique risks around model bias, transparency, explainability, and data privacy, as well as meeting rigorous regulatory requirements. Currently, FSIs lack a dedicated governance framework to consistently identify, assess, and control these AI-specific risks, making it difficult to align with regulatory standards and industry best practices.
Proposed Solution
The AI Governance Framework (AIGF) is an open, machine-readable standard that provides a comprehensive risk-based governance model for AI in financial services. At the moment, the framework includes specifications for 14 key risks and 16 controls, tailored to generative AI. Inspired by NIST AI Risk Management Framework, AIGF enables FSIs to implement governance policies that align with regulatory and ethical requirements, supporting safe AI deployment across the industry.
Tentative Roadmap
Short-term (0-6 months):
- Establish an AIGF-specific GitHub repository for community contributions
- Launch AIGF Version V1 with foundational risk-control mappings and integration with CCC
- Begin development of a machine-readable version to support Governance as Code (GaC) integration
Medium-term (6-12 months):
- Expand the use case coverage
- Expand the machine-readable framework to integrate with automated compliance tools
- Engage with regulators to explore incorporating compliance requirements.
Success: Widespread adoption of AIGF as a core AI governance standard by FSIs, with active community input driving its ongoing evolution.
Scope
The scope of AIGF includes defining risk assessment, governance controls, and compliance processes specifically for generative AI in financial services. The framework will prioritize clear risk definitions, categorized controls, and architecture integrations to support practical deployment.
Current State
The AIGF V0 documentation, along with related materials, is available via the AI Readiness SIG repository. If accepted, AIGF will be moved to a dedicated repository to facilitate ongoing development.
Existing Materials
https://air-governance-framework.finos.org/
Development Team
Maintainers
- Colin Eberhardt - Scott Logic @ColinEberhardt (https://github.com/ColinEberhardt) Lead Maintainer
- Vicente Herrera Garcia - ControlPlane @vicenteherrera (https://github.com/vicenteherrera) TBC
- Alvin Shih - Morgan Stanley - @alvin-c-shih (https://github.com/alvin-c-shih)
- Chamindra de Silva - Citi @chamindra (https://github.com/chamindra)
- Asad Ateeque – NatWest @aateeque (https://github.com/aateeque)
Potential contributors
Below the list all of the individuals that have expressed interest in this project by requesting access to the Governance Framework when it was a private repository: Arnau Oller - TradeHeader @arnauoller Victor - Independent @victorjunlu JohnMark - FannieMae - @johnmark Gerardo Lisboa - ESPO - @gvlx Andrew Martin - ControlPlane - @sublimino Frederick F. Kautz IV - Testifysec - @fkautz eltonjude- - @eltonjude Rohan Deshpande - Goldman Sachs - @appwiz jamesheward - Scott Logic - @jamesheward mcoimbat - Morgan Stanley - @mcoimbat Mehak Mehta - Morgan Stanley - @mehakmehta21 pmehta1 - Morgan Stanley - @pmehta1 Damien Burks - Citi - @damienjburks Yasir Alibrahem @YasirAlibrahem Eddie Knight - Sonatype - @eddie-knight Kevin Alwell - GitHub - @alwell-kevin Peter Smulovics - Morgan Stanley - @psmulovics Ray Meredith - GitHub - @RaydioAM gibsonlam - BMO - @gibsonlam bshravancmu @bshravancmu torinvdb - ControlPlane - @torinvdb Lori Lorusso - Percona - @LoriLorusso Yan - Microsoft - @yt-ms Daniele Casal - Lloyds - @d-casal jamesoche @jamesoche Jared Lambert - Microsoft - @jared-lambert gkocak-scottlogic - Scott Logic - @gkocak-scottlogic
Target Contributors
The project seeks contributors with expertise in AI governance, risk management, and regulatory compliance in financial services. Ideal participants include CISOs, AI compliance officers, risk management leads, and legal experts in digital compliance within FSIs.
Infrastructure needs
Describe the FINOS infrastructure you will need for this project, in addition to a GitHub repository. The FINOS team will connect with you before setting up any of this infrastructure
- [X] Recurring meetings
- [X] Mailing list
- [ ] A project on the Legend Studio shared instance
- [ ] Other (please explain):
What's next?
Upon submission of this project proposal, the FINOS team will get in touch with you to discuss next steps.
Contribution process (v. 1.0, last updated on May 26, 2021)
Below is the list of tasks that FINOS Team and the contribution author go through in order to complete the FINOS contribution process. Please do not edit these contents at contribution time!
FINOS Contrib POC
- [ ] Identify and Assign FINOS Contrib POC
Kick-off meeting
- [ ] Set up kick-off meeting with project leads to cover
- [ ] FINOS overview (if necessary)
- [ ] FINOS Maintainers cheatsheet
- [ ] Discuss project proposal
Proposal (Lead Maintainer)
-
[ ] Lead maintainer to send out announcement to [email protected] using this template:
Dear FINOS Community, We would like to propose a new FINOS project. Please review the proposal details at (_TODO: add link to the GitHub issue proposal_). If you're interested in participating, please :+1: the GitHub issue proposal and drop a comment with your name, org and email Thanks a lot,
Identify project meta (Lead: FINOS Contrib POC, Support: FINOS Marketing)
- [ ] Project Name
- [ ] Standard Name
- [ ] Assess current trademark status
- [ ] Define new project name (if applicable)
- [ ] Design new project logo (if applicable)
- [ ] Trademark new project name and logo (if applicable)
- [ ] Category and sub-category (for FINOS Landscape)
- [ ] Existing code or new Github repository
- [ ] Existing code releases (and which artifact repositories are used)
- [ ] Team composition: lead maintainer and other maintainers
- [ ] Meetings (existing/yes/no)
- [ ] Meeting minutes, agenda, attendance tracking (existing/yes/no)
- [ ] Continuous Integration (existing/yes/no)
- [ ] Documentation website (existing/yes/no)
- [ ] Define project slug
Maintainers, contributors and CLAs (Lead: FINOS Contrib POC, Support: FINOS infra)
- [ ] For each maintainer identified in the previous step, collect: the following info:
- Fullname
- GitHub username
- Corporate email address
- [ ] Identify other existing contributors (assuming there's a contribution history (eg Git history)
- [ ] Maintainers to determine if participants will be required to execute a Community Specification License Agreement (CSLA) or submit a Pull Request to accept the license terms.
- [ ] (optional) Check if maintainers, editors, and other participants are covered by a FINOS CSLA
Project Communication Channel(s)
- [ ] Ask maintainers which communications channels they'd like to use
- Asynchronous
- [ ] GitHub Issues (public)
- [ ] GitHub Discussions (public)
- [ ] GitHub Team Discussions (public and private FINOS CLAs Required)
- [ ] Google Groups or Groups.io
- Synchronous
- [ ] FINOS Slack Channel (general public Slack / leadership private Slack)
- [ ] Create the identified communication channels during infra set up
- [ ] Link communication channels linked front and center in the project README.md
Approval (Lead: FINOS Infra)
- [ ] Assign issue to Executive Director (@mindthegab) to trigger voting (optional). If additional socialization is required, the Executive Director may bring standards projects to the FINOS Governing Board
- [ ] FINOS accepts the contribution/new standard project (and the contribution process can move forward)
Assets transfer (optional - Lead: FINOS Infra)
- [ ] Check GitHub repository transfer requirements:
- [ ] finos-admin has
Adminto all repositories to transfer - [ ] finos-admin ia allowed to transfer repositories out of the org
- [ ] if the repository is owned by a user (and not an org), the user must be able to transfer the repository to finos-admin
- [ ] finos-admin has
- [ ] Transfer all code assets as GitHub repositories under github.com/finos
- [ ] Invite GitHub usernames to GitHub FINOS Org
- [ ] Create
<project-name>-maintainersGitHub team and invite users - [ ] Configure
finos-adminsandfinos-staffteam permissions
Infra setup (Lead: FINOS Infra)
- [ ] Update release coordinates and code namespace to include
finos(best effort) - [ ] Update project badge
- [ ] Update project README
- [ ] Aggregate mailing lists to [email protected]
- [ ] Enable meeting attendance tracking (optional)
- [ ] (optional) Onboard into legend.finos.org/studio
Metadata update (Lead: FINOS Infra)
- [ ] Add project to metadata
- [ ] Add identities, orgs and affiliations to metadata
- [ ] Add logo to FINOS landscape
- [ ] Add maintainers emails to [email protected] list
- [ ] Add maintainers GitHub usernames to the project-maintainers Team
- [ ] Onboard project on LF systems (SFDC, Insights, EasyCLA, Groups.io)
Mailing list (optional)
- [ ] Create mailing-list
- [ ] Enable Hubspot Sync for all project mailing lists created
- [ ] Update marketing lists
- Add new list to the included "Email List" part of the filter
- Add new list to the excluded "Email" part of the filter
Announcement (Lead: FINOS Contrib POC)
- [ ] Work with FINOS marketing to send out announcement to [email protected] , checkout announcement template at the Contribution page.
- [ ] Notify FINOS Contrib POC and FINOS marketing manager once the announcement has been sent out (FINOS infra)
Marketing collateral and Social (Lead: FINOS Marketing)
- [ ] Update FINOS marketing collaterals to update numbers and include the new project
- [ ] Post on FINOS social media
- [ ] Post on LF social media
- [ ] Email brief announcement to [email protected] (Optional depending applicability of contribution)
Onboarding and training (Lead: FINOS Infra)
- [ ] FINOS Standards Project Governance
- [ ] FINOS Standards Project Lifecycle
Press Release (OPTIONAL - Lead: FINOS Marketing)
- [ ] Identify quotes for press release
- [ ] Draft press release
- [ ] Send embargoed press release to reporters
@eddie-knight @finos/toc Is there anything blocking @TheJuanAndOnly99 and the FINOS team from creating the infrastructure for this project? It's an already advanced ongoing activity in FINOS with wide support and contribution, albeit started under a SIG, so I assume this is just a formality.
Can we get a thumbs up and proceed?
Hey @lucaborella89 — Could we get a maintainer presentation scheduled for an upcoming TOC meeting?
Hey @eddie-knight , tagging @ColinEberhardt, @alvin-c-shih, @chamindra, @aateeque, the next TOC meeting is on Wednesday 19th 5pm London time.
Hey @lucaborella89, apologies— the next availability for a project presentation is March 5th.
We've got a presentation from Madhu on the agenda for tomorrow's TOC meeting — looking forward to digging into this more then!
As additional information, the role of the TOC on standards projects is to support and advise, while the responsibility for contribution approval lays with the FINOS Governing Board.
@eddie-knight after internal conversations, this project will be considered a "documentation only" project as opposed to a "standard project" (in fact if controls are - hopefully 🤞 - then implemented in CCC that would be the formal standard).
So we will take it from here to get this repo (in fact the board has already been extensively briefed on this project which was born out of FINOS) as no formal vote is required at this stage.
@lucaborella89 @TheJuanAndOnly99 please post updates and make sure this gets the proper announcement once onboarding is complete.
Infra onboarding is complete. @lucaborella89 can you please work with marketing to send out the proper announcements.
Congratulations @lucaborella89 @ColinEberhardt @vicenteherrera @alvin-c-shih @chamindra @aateeque + team, thank you for your contributions to FINOS.
Contribution announcement can be found at https://groups.google.com/u/1/a/finos.org/g/announce/c/iAETxMk5W98.