BMO, Citi, Microsoft, Morgan Stanley, RBC, Google Cloud, Red Hat, AWS and others join forces to set secure, standardized AI controls for financial services.
BMO, Citi, Microsoft, Morgan Stanley, RBC, Google Cloud, Red Hat, AWS 以及其他夥伴聯手，為金融服務業打造安全、標準化的 AI 規範。

New York, NY — [June 24th, 2025] — The Fintech Open Source Foundation (FINOS), part of the Linux Foundation, today announced the launch and cross-industry support behind its Common Controls for AI Services initiative — a collaborative effort to define standardized open source technology-neutral controls for safe and compliant AI adoption in the financial industry.
紐約州紐約市 — [2025 年 6 月 24 日] — Fintech Open Source Foundation (FINOS)，Linux Foundation 的一員，今天宣布其 Common Controls for AI Services 計畫正式啟動並獲得跨產業的支持。這項計畫是一個合作努力，旨在定義技術中立的標準化開源規範，讓金融業能安全且合規地導入 AI。

Global financial institutions — including BMO, Citi, Morgan Stanley, RBC,  are working with major cloud and technology providers, including Microsoft, Google Cloud and Amazon Web Services (AWS). These efforts are supported by consultants and vendors like Red Hat, Sonatype, ControlPlane, Scott Logic and Tetrate, working collaboratively to develop baseline AI controls tailored to the complex regulatory and operational requirements of the financial sector. With broad industry support from other leading firms, such as Goldman Sachs, the initiative is expected to gain pace quickly and build on the strong foundations laid out by the FINOS AI Governance Framework and FINOS Common Cloud Controls projects.
包括 BMO, Citi, Morgan Stanley, RBC 在內的全球金融機構，正與 Microsoft, Google Cloud 和 Amazon Web Services (AWS) 等主要雲端及技術供應商合作。Red Hat, Sonatype, ControlPlane, Scott Logic 和 Tetrate 等顧問公司與供應商也提供支援，一同開發針對金融業複雜監管和營運要求的 AI 基線規範。在 Goldman Sachs 等其他領先企業的廣泛產業支持下，這項計畫預計將快速推進，並以 FINOS AI Governance Framework 和 FINOS Common Cloud Controls 計畫所奠定的堅實基礎為依歸。

“As AI becomes increasingly integrated into financial services, establishing common, open standards defined in collaboration with our customers is essential to ensuring trust, security, and regulatory compliance as part of the shared responsibility model,” said Allison Nachtigal, Vice President, Azure, Chief Product Officer, Microsoft. “We have supported Common Cloud Controls since its inception because of its incredible potential to harmonize financial institutions’ requirements for cloud, and so we welcome this new strategic initiative to similarly enable responsible, scalable AI adoption in the industry”. 
Microsoft 的 Azure 副總裁暨首席產品官 Allison Nachtigal 表示：「隨著 AI 越來越深入金融服務，與客戶合作定義通用、開放的標準，對於確保信任、安全和法規遵循至關重要，這是我們共同責任模式的一部分。我們從 Common Cloud Controls 成立之初就一直支持它，因為它在協調金融機構對雲端的要求方面有著驚人的潛力，因此我們歡迎這項新的策略性計畫，它也能以類似的方式促進產業負責任且具擴充性的 AI 導入。」

“Having played a key role in establishing the AI Readiness programme, we are extremely proud to see FINOS take this major step forward towards establishing a shared approach to AI governance. By collaborating across our industry on a common controls framework, we make everyone stronger,” said Ian Micallef, MD, Developer Enablement, Citi.
Citi 的開發人員賦能部門 MD Ian Micallef 表示：「我們在建立 AI Readiness 計畫方面扮演了關鍵角色，看到 FINOS 在建立 AI 治理的共同方法上邁出了重要一步，我們感到非常自豪。透過在共同規範框架上跨產業合作，我們讓所有人更強大。」

“We believe that open source standardized controls is the most efficient way for financial institutions to grapple with AI adoption safely and compliantly, which is why we champion the Common Controls for AI Services to foster secure innovation across the industry,” said David Stone, Director, Financial Services, Office of the CISO, Google Cloud. 
Google Cloud 的金融服務暨 CISO 辦公室總監 David Stone 表示：「我們相信開源的標準化規範是金融機構安全合規地導入 AI 最有效的方式，這也是我們推動 Common Controls for AI Services 的原因，旨在促進整個產業的安全創新。」

This global collaboration reflects growing recognition across the financial ecosystem that proprietary or fragmented approaches are insufficient to address the shared challenges posed by AI adoption in regulated markets. The Common Controls for AI Services initiative offers a unified framework to drive consistency, transparency, and trust.'
這項全球合作反映出金融生態系日益認可，專有或分散的方式已不足以應對受監管市場中 AI 導入帶來的共同挑戰。Common Controls for AI Services 計畫提供一個統一的框架，來促進一致性、透明度和信任。

Setting the Standard for Secure AI in Finance
為金融業的安全 AI 設定標準

The Common Controls for AI Services initiative builds upon the success of the FINOS Common Cloud Controls (CCC) project, originally contributed by Citi, extending its framework to specifically address AI services according to the guidelines of the FINOS AI Governance Framework. 
這個叫做 Common Controls for AI Services 的計畫，是奠基在之前成功的 FINOS Common Cloud Controls (CCC) 計畫上的，CCC 計畫最初是 Citi 貢獻的，而新的計畫則是把這個框架擴大，特別針對 AI 服務，而且還會遵循 FINOS AI Governance Framework 的指引。

The project will deliver:
這個計畫預計會產出：

• Technology-neutral baseline standards for AI usage across cloud and hybrid environments;
  適用於雲端和混合環境、而且跟特定技術無關的 AI 使用基礎標準；
  
  
• Peer-reviewed governance frameworks aligned with evolving global regulations;
  跟不斷變化的全球法規同步、而且經過同儕審查的管理框架；
  
  
• Real-time validation mechanisms ("Regulation-as-Code") to improve operational transparency and regulatory readiness.
  還有即時的驗證機制（也就是所謂的 "Regulation-as-Code"），用來提升營運透明度，讓我們更容易符合法規。

By focusing on collaboration across institutions, cloud platforms, and AI vendors, the initiative aims to deliver practical, scalable controls that can be broadly adopted across the financial services ecosystem.
這個計畫就是希望透過跟各家機構、雲端平台還有 AI 廠商的合作，能做出實用、可擴充的控管措施，讓整個金融服務業都能廣泛採用。

"At BMO, we know it’s never been more important for financial institutions to embrace collaborative solutions that allow us to harness the full potential of AI in a safe, secure and innovative way," shared Kristin Milchanowski, Chief Artificial Intelligence and Data Officer, BMO. "From cloud to AI, FINOS continues to foster cross-functional collaboration that helps BMO and our peers unlock the value of emerging technologies, both for the institutions that adopt them and the clients we serve," added Kim Prado, CIO, U.S Capital Markets, Investment & Corporate Banking and Office of the COO, BMO, and Governing Board Member, FINOS.
BMO 的人工智慧與數據長 Kristin Milchanowski 分享說：「在 BMO，我們深知，對金融機構來說，擁抱合作解決方案，安全、可靠且創新地發揮 AI 的全部潛力，從來沒有像現在這樣重要。」她又補充道：「從雲端到 AI，FINOS 持續推動跨領域合作，幫助 BMO 和我們的同行釋放新興技術的價值，無論是對於採用這些技術的機構，還是對於我們服務的客戶，都非常有益。」

“At RBC, we view open source not just as a technology choice, but as a strategic enabler. The FINOS Common Cloud Controls (CCC) project reflects the vision through its transparent, community-driven approach to cloud security and compliance. By contributing to Common Cloud Controls (CCC), we are helping to shape the future of industry standards,” said Maxime Coquerel, Principal Cloud Security Architect at RBC. “This accelerates our cloud transformation and reinforces our commitment to collaboration, accountability, and innovation across the financial sector”.
RBC 的首席雲端安全架構師 Maxime Coquerel 說：「在 RBC，我們看 open source 不只是個技術選項，它根本就是個策略推手。你看 FINOS Common Cloud Controls (CCC) 這個專案，完全體現了這點，他們用透明、大家一起參與的方式來搞雲端安全和合規性。我們參與 Common Cloud Controls (CCC) 的貢獻，就是幫忙規劃未來產業的標準啦。」他補充道：「這加速了我們雲端轉型的速度，也讓金融業更強調合作、責任感和創新。」

Broad Industry Engagement — and an Open Invitation to Join
大家都很踴躍參與喔——也歡迎你們一起加入！

The Common Controls for AI Services initiative is already drawing engagement from a broad cross-section of the financial and technology sectors — and remains open for wider participation from financial institutions, cloud providers, AI vendors, consultancies, and regulators.
「Common Controls for AI Services」這個專案，已經吸引了金融界和科技界各路好手來參與，而且它還是開放的喔，歡迎更多金融機構、雲端服務商、AI 廠商、顧問公司和監管單位一起加入！

Besides financial institutions, contributors include:
除了金融機構，其他貢獻者還有：

• AI Infrastructure and Cloud Service Providers: Microsoft, which recently joined the FINOS Governing Board as a Platinum Member, Google Cloud, Red Hat and Amazon Web Services (AWS), collaborating to align operational and security standards with cloud and AI native architectures.
  像是 Microsoft (他們最近才以白金會員加入 FINOS 董事會)、Google Cloud、Red Hat 和 Amazon Web Services (AWS) 這些 AI 基礎設施和雲端服務提供商，他們都在一起努力，要讓營運和安全標準跟雲端、AI 原生架構更契合。
  
  
• System integrators & Consultants: Sonatype, ControlPlane and Scott Logic, contributing regulatory and technical expertise to ensure the controls are practical, scalable, and fit for financial services.
  系統整合商跟顧問群：像是 Sonatype、ControlPlane 和 Scott Logic 等公司都來幫忙，他們貢獻了超多法規跟技術上的專業知識，確保這些管控措施實際可行、容易擴充，而且絕對適合金融服務業用！

"Shared, open standards for AI governance are essential to ensuring that AI contributes to the overall stability of the financial system," said Dr. Richard Harmon, Vice President and Global Head of Financial Services, Red Hat.
Red Hat 的全球金融服務副總裁 Richard Harmon 博士說，AI 治理要有共同的開放標準，對於確保 AI 能讓金融系統更穩定來說，真的超重要。

“Shared, open standards for AI governance are essential to securing the future of financial services,” said Andrew Martin, CEO at ControlPlane. "As we see rapid adoption of agents and models, a trusted suite of infrastructure templates from FINOS CCC and AI Governance Framework gives FSIs a solid, stable baseline to build out next-generation systems".

"We're delighted to support this initiative," said Colin Eberhardt, CTO of Scott Logic. "Our consultants have been deeply involved in developing the FINOS Common Cloud Controls to give the financial services industry a standard for cloud implementation. With AI typically being deployed on the cloud, it was critical for the security of such a highly-regulated industry that we adapted CCC accordingly. In my role leading the AI Governance Framework, I wanted to make sure that this was a key focus”.

This growing collaboration ensures the Common Controls for AI Services will be:

• Cloud-agnostic, supporting multi-cloud and hybrid deployments;
• Implementation-ready, reducing duplication across firms;
• Regulatory-aware, aligned with emerging global compliance requirements.

This initiative represents a critical next step in building trusted, open infrastructure for AI in finance. FINOS and its members invite the industry to contribute to shaping a more secure, scalable, and collaborative AI future.

There are several ways to get involved with this initiative. Explore the introductory materials for the Common Cloud Controls and participate in the next CCC All-Hands Meeting to learn more and contribute to the project. For those interested in AI governance, you can dive into the governance framework here or attend the upcoming AI Governance Framework Working Session.

About FINOS Common Cloud Controls (CCC) and AI Governance Framework (AIGF)

Originally contributed by Citi to FINOS in 2023, the FINOS Common Cloud Controls (CCC) project established the industry's first open, technology-neutral framework for secure cloud deployments tailored to financial services. CCC enables institutions to adopt cloud services consistently and securely across multiple providers, jurisdictions, and regulatory environments. It currently features released controls for VPC, RDMS, Object Storage and several release candidates. Get in touch with the FINOS team to learn more and get involved.

Launched by FINOS in 2024, the FINOS AI Governance Framework is being developed by financial institutions for financial institutions and provides a comprehensive collection of risks and mitigations that support the onboarding, development and deployment of Generative AI solutions in financial services. It currently features a catalogue of 22 threats across operational, security and regulatory. Get in touch with the FINOS team to learn more and get involved.

About FINOS

FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source software, standards, and collaborative development practices in financial services. As part of the Linux Foundation, FINOS provides a regulatory-compliant platform for developers from competing organizations to collaborate on innovative projects that transform business operations. With over 100 members spanning major financial institutions, fintechs, and technology consultancies, FINOS is at the forefront of driving open source innovation in finance. Get involved and join FINOS as a Member. To stay up to date on FINOS news, events, podcasts, blogs, and more, sign up here.

Media Contact:

Patrick Doherty

FINOS

patrick.doherty@finos.org

+1 (206) 245 8574