FINOS Open Source in Finance Podcast

FINOS
  • 5.0 (5)
  • Technology
  • Updated Weekly

The FINOS Open Source in Finance Podcast celebrates open source projects and interesting topics at the cross section of financial services and open source. So far, our industry experts have discussed practical applications of and their real-world experiences with a range of open source projects including desktop interoperability, low code platforms, synthetic data, and data modeling. They’ve also discussed best practices for inner source, common myths about open source and why commercial companies choose to introduce open source offerings. Tune in to hear what comes next.

  1. 2d ago

    FINOS FDC3 & Common Cloud Controls - Rob Moffat, FINOS

    Rob Moffat (Chief Architect at FINOS) maps out the intersection of workspace interoperability, open-source AI deployment, and multi-cloud security frameworks. He compares MCP (Model Context Protocol) with FDC3, tracks the rollout of the Common Cloud Controls (CCC) live validator tool, and reveals how open-source standards prevent multi-vendor lock-in at the desktop and infrastructure layers.🇬🇧 Join us in London! Dive into FDC3 Con and CCC working sessions on June 23-24, ahead of OSFF London on June 25, 2026: https://hubs.ly/Q041YV9Z0 (Use Code: 26YTOSFFLN20C)🕒 Timestamps:0:00 AI Integration Realities: MCP vs. FDC3 Context Paradigms0:41 Podcast Intro, Key Dates, and Global Showcase Streaming1:25 Shout-Out to Our Key Sponsors and Foundation Supporters2:50 The Evolution of FDC3: Moving Past the 2.0 Era into Context Sharing4:15 Why Request-Response Frameworks Fail at Complex Desktop Interop5:40 Empowering AI Agents with the FDC3 Semantic Context Matrix7:22 Introducing FDC3 Con: What to Expect at the Dedicated London Workshop8:50 Common Cloud Controls (CCC): Standardizing the Infrastructure Defense Layer10:35 The Hyperscaler Drift: Translating Security Requirements Natively12:15 Unveiling the CCC Live Validator: Testing Configurations via Code14:40 Breaking Down Multi-Vendor Lock-In from the Desktop to the Cloud16:15 Getting Involved: How to Contribute to Open Banking Workspaces18:10 Logistics and Free Pass Perks: Food, Networking, and Community Benefits📊 The Problem: Fragmented API Protocols and Multi-Cloud Configuration DriftFinancial technology stacks are heavily fractured at both ends of the architecture. On the desktop, the emergence of Model Context Protocol (MCP) handles basic request-response data queries but misses the rich, stateful orchestration layer needed to tie legacy banking applications together. Meanwhile, at the infrastructure layer, cloud security teams are forced to manually translate uniform security constraints into completely distinct vendor syntaxes, creating systemic compliance drift and massive platform team overhead.🏗️ The Solution: Unified Context Surfaces and Open Compliance ValidatorsRob Moffat details how open-source abstractions are resolving fragmentation at every level of the financial enterprise:FDC3 as the Agent Interface: Providing an operational workspace framework that allows AI agents to read, interact with, and seamlessly drive multi-application workflows natively without massive API custom coding.Common Cloud Controls Taxonomy: Building a vendor-agnostic catalog that translates core compliance mandates into predictable, repeatable infrastructure configurations.The CCC Live Validator: Rolling out code-driven validation tools that automatically check native cloud environments against the master CCC schema to detect configuration drift instantly.⚙️ Why This Matters for Financial EngineeringSecuring the Desktop Supply Chain: Ensuring that as banks add AI assistance to trade execution or client onboarding screens, those tools use pre-vetted semantic security context lines.Neutral Governance Pipelines: Bypassing proprietary SaaS cloud-security products in favor of open, community-maintained validation infrastructure that scales natively across AWS, Azure, and Google Cloud.🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/sign-up🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcastsLinkedIn: https://www.linkedin.com/company/finosfoundation#FINOS #OSFFLondon #FDC3 #CommonCloudControls #MCP #CloudSecurity #Interoperability #FinTechArchitecture #MultiCloud

    21 min

  2. 3d ago

    Governing the Pipeline: Fusing CALM with Open SDLC | Karl Moll, FINOS

    Karl Moll (Technical Project Advocate at FINOS) sits down with Grizz Griswold to discuss how CALM (Common Architecture Language Model) is acting as the structural glue connecting compliance projects across the banking ecosystem. He breaks down the momentum behind the Open SDLC Controls Framework and how these tools together build a secure, governable pipeline for unpredictable AI deployments.🇬🇧 Join us in London! Attend our free technical pre-forum workshops on June 23-24, right before OSFF London on June 25, 2026: https://hubs.ly/Q041YV9Z0 (Use Code: 26YTOSFFLN20C)🕒 Timestamps:0:00 CALM as the Glue for Governable Pipelines0:35 Podcast Intro, Forum Dates, and Venue Logistics0:55 Thank You to Our Sponsors: VMware by Broadcom & Global Partners2:20 Who is Karl Moll? The Role of a FINOS Project Advocate3:50 The June 23-24 Workshops: Free Technical Hands-On Sessions4:40 Deep Dive into CALM: Machine-Readable Enterprise Architecture6:30 Why Standard Architecture Specs Speed Up Bank Delivery8:55 Introducing Open SDLC: Codifying Software Development Controls10:45 The Duplication Pain: Why Banks Waste Millions on Custom Compliance12:55 Connecting CALM and Open SDLC into a Single Delivery Vector14:10 Shifting Left on Governance: Validating Architecture via CI/CD Pipelines15:30 Managing Opaque and Mission-Critical Financial AI Deployments17:45 Project Maturity Lifecycles: Launching vs. Firm-Wide Implementation19:50 Wrap-Up: How to Join the Free Open Workshops in London📊 The Problem: The High Cost of Isolated Governance SilosGlobal banks burn an astronomical amount of capital independently drafting manual, text-heavy architectural guidelines and software compliance controls. Because these definitions are trapped in static text files or slide decks, there is a total disconnect between enterprise architects, security teams, and developers. When dealing with highly complex, non-deterministic AI workloads, this manual verification bottleneck stops innovative features from making it to production safely.🏗️ The Solution: The Interconnected, Machine-Readable Delivery PipelineKarl Moll explains how FINOS is uniting distinct open-source projects to create an automated pipeline that validates itself:CALM as the Common Language: Moving architecture out of static diagrams and into a structured, machine-readable syntax that software pipelines can evaluate instantly.Open SDLC as the Rulebook: Standardizing the compliance taxonomy across institutions to prevent banks from reinventing software risk controls from scratch.Shifting Architecture Left: Merging CALM blueprints directly into Open SDLC validation engines so architecture patterns are automatically verified and audited during the standard git commit loop.⚙️ Why This Matters for Financial EngineeringCritical Momentum Windows: Catching these projects at an ideal evolutionary step—where CALM is actively being deployed to monitor core systems and Open SDLC is launching its V1 specification.Free Foundational Training: Bypassing vendor-locked educational programs to get engineers hands-on with neutral, industry-wide compliance infrastructure before the main conference.🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/sign-up🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcastsLinkedIn: https://www.linkedin.com/company/finosfoundation#FINOS #OSFFLondon #CALM #OpenSDLC #ArchitectureAsCode #DevSecOps #ComplianceAutomation #FinancialEngineering #EnterpriseArchitecture

    33 min

  3. Jun 10

    Bounding AI Autonomy: OSFF London 2026 Preview

    Grizz Griswold (Executive Producer of Global Programs & Content at FINOS) kicks off Season 6 of the Open Source in Finance Podcast with an absolute masterclass preview of OSFF London 2026. Discover how the global financial industry is shifting its focus from basic LLM experimentation to production-grade agentic safety, deterministic workflows, and cross-hyperscaler cloud controls.🎟️ FINOS Members: Claim your FREE pass before the benefit window closes! Email: osff@finos.org 🔥 Non-Members: Save 20% off your registration pass using code OSFFLondonLF20.🕒 Timestamps:0:00 Season Six Kickoff & Global Event Roadmap0:50 Member Ticket PSA: Claiming Your Corporate Benefits2:15 Thank You to Our Sponsors: VMware by Broadcom & Core Contributors3:50 The Week at a Glance: Workshops, Leadership Summits, and Wembley Stadium4:45 June 23 Workshops: Tokenized Assets, Architecture-as-Code (CALM), and FDC3 Con6:30 June 24 Workshops: AI Governance (AIGF), Five Spot HPC, and Common Cloud Controls (CCC)8:22 Closed Session: Open Source AI in Finance Leadership Summit11:30 Keynote Reveal 1: Greg Kroah-Hartman (Linux Foundation Fellow)13:02 Keynote Reveal 2: Craig Kitchen (Fidelity Investments) & Greig Callen (NatWest)14:10 Keynote Reveal 3: Michael Hsu (Former US acting Comptroller of the Currency)15:15 AI Track Highlights: Old-School Vulnerabilities vs. Bounded Autonomy18:38 Fluxnova & Platform Automation: 35 Terabyte Database Migrations19:55 Cultivating Culture: Patent Silos (TD Bank) & GitProxy (Citi)21:35 Interoperability, CDM, and Desktop Connective Tissue22:45 Final Discount Code, Show Notes, and Podcast Wrap-Up📊 The Problem: The Chaos of "Autonomy Creep" and PDF Regulation As generative AI hits production, financial institutions face an operational nightmare called "autonomy creep," where AI agents independently spawn and orchestrate other agents in highly regulated environments. Compounding this risk is the legacy bottleneck of traditional compliance: dense, ambiguous PDF regulation manuals and slow, manual architectural review boards where innovative engineering designs go to die.🏗️ The Solution: Executable Standards & Bounded Autonomy The OSFF London 2026 lineup showcases how global banking giants are building code-driven leashes to securely lock down probabilistic tech:* Deterministic Guardrails (Fluxnova): Leveraging deterministic workflow engines to act as a complete visibility and audit traceability loop around fluid LLMs. * Executable Regulations (CDM & CCC): Transitioning regulators away from text manuals toward shared, machine-readable software definitions that automate compliance validation. * Automated Architecture Frameworks (CALM): Embedding security policies straight into code so compliance checks happen instantly within developer pipelines. ⚙️ Why This Matters for Financial Engineering* Eliminating Legal Friction: Architecture like Citi's GitProxy enables enterprise developers to seamlessly contribute back to open communities without triggering manual legal silos. * Sovereign Cloud Orchestration: Utilizing the Common Cloud Controls (CCC) live validator tools to map granular security controls across multiple hyperscalers natively, preventing vendor lock-in. The takeaway: If you are building, governing, or regulating financial technology in the UK or Europe, this isn't an optional event—this is where actual production standards are being forged. Join us in London from June 23rd to 25th!🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/sign-up🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcastsLinkedIn: https://www.linkedin.com/company/finosfoundation#FINOS #OSFFLondon #OpenSource #FinTech #AIGovernance #Fluxnova #CommonCloudControls #GitProxy #HighPerformanceComputing #BankingInnovation

    25 min

  4. Feb 23

    Open Source AI in Finance | What's Happening in Toronto

    OSFF Toronto 2026 Preview: FINOS Ecosystem, AI, HPC, Fluxnova, CALM, CDM & Open Data CommonsIn this episode of the Open Source in Finance Podcast, host Grizz Griswold delivers an essential preview of the upcoming inaugural OSFF Toronto. Grizz breaks down why Toronto's unique position as a top-tier global financial hub—home to Canada's "Big Five" banks and a world-class AI research community—makes it the perfect environment for the next evolution of open-source collaboration. The episode explores the shift from Canadian institutions being open-source consumers to becoming active leaders in projects like FDC3 and Common Cloud Controls, providing a roadmap for what to expect when the forum debuts in the "6ix."🇨🇦 Join us in Toronto!Catch the latest on open source innovation in the Canadian financial hub on April 14, 2026.🎟️ Register Now: https://events.linuxfoundation.org/open-source-finance-forum-toronto/ (seating is very limited)🌐 More about FINOS: https://www.finos.org/LinkedIn: https://www.linkedin.com/company/finosfoundation📈 Why Toronto? Why Now?The podcast highlights Toronto as a powerhouse in the global financial landscape, boasting a unique concentration of major banks, fintech innovators, and world-class academic institutions.The "Big Five" Hub: With Canada's major banks headquartered in Toronto, the city is a natural focal point for standardizing open source practices in a highly regulated environment.Academic Excellence: The proximity to the University of Toronto and the Vector Institute makes it a prime location for the intersection of Open Source and AI.Community Growth: The FINOS community in Canada has reached a critical mass, necessitating a dedicated forum to address region-specific regulatory and technical challenges.🏗️ Key Themes for OSFF TorontoDov and Peter outline the strategic pillars that will define the Toronto forum:AI & Data Sovereignty: How Canadian institutions are leveraging open source AI while navigating strict data residency and privacy requirements.OSPO Maturity: A look at how the "Open Source Program Office" is evolving within Canadian banks to move from simple consumption to active contribution.Regulatory Interop: Aligning open standards with Canadian regulatory frameworks to reduce the "compliance tax" on new technology.⚙️ What to Expect at the EventLeadership Tracks: Deep dives for CTOs and legal teams on the business value of open source.Technical Workshops: Hands-on sessions for engineers building with FDC3, CDM, and Common Cloud Controls.Unrivaled Networking: Connecting the Canadian "Big Five" with global technology partners to solve shared industry challenges.The takeaway:OSFF Toronto is more than just a conference; it’s a milestone for the Canadian financial ecosystem. By bringing together the country’s top banks and tech leaders, FINOS is fostering a culture of "collaborative competition" that will define the future of finance in North America. See you in Toronto on May 14!#FINOS #OSFFToronto #OpenSourceInFinance #FinTech #CanadaTech #BankingInnovation #OpenSource #SoftwareSupplyChain #AI

    19 min

  5. Feb 4

    Scaling Open Source Readiness in Banking: Strategy & OSPO Best Practices | FINOS New York

    🔑 Scaling Open Source Readiness in Financial Institutions | OSFF New York 🚀 Explore insights from #OSFFNYC – the premier event for open source in financial services.🌐 More about FINOS: https://www.finos.org/ LinkedIn: FINOS Foundation🚀 Explore insights from #OSFFNewYork by FINOS – the leading open source in finance conference.📚 OSR Body of Knowledge: https://osr.finos.org/ 🌐 More about FINOS: https://www.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this high-level panel, Peter Smulovics (Morgan Stanley), Brittany Istenes (Fannie Mae), and Elspeth Minty (RBC Capital Markets), moderated by Rob Moffat (FINOS), share the "battle-tested" blueprints for taking open source from a developer-led hobby to an enterprise-grade strategic asset.🏛️ The Infrastructure of Readiness"Open Source Readiness" (OSR) is the foundational ability of a firm to consume and contribute to open source while managing regulatory, legal, and security risks. The panelists outline the evolution of a firm's maturity:The OSPO as a Catalyst: How an Open Source Program Office acts as the "connective tissue" between Legal, Risk, Cyber, and Engineering.Maturity Modeling: Moving from passive Usage (SCA scanning) to active Contribution and eventually Strategic Leadership in the ecosystem.The "Security Sandwich": Balancing the speed of open source adoption with the rigorous supply chain security standards required by regulators.⚙️ Scaling Contribution: The Morgan Stanley & RBC PlaybooksThe leaders discuss how they’ve automated the "toil" out of open source contribution to empower thousands of developers:Frictionless Approval: Using tools like GitProxy and automated CLA (Contributor License Agreement) management to shorten the distance from "Idea" to "Pull Request."InnerSource as a Stepping Stone: Brittany Istenes explains how InnerSource (applying open-source patterns internally) builds the "muscle memory" needed for external contribution in a safe environment.Policy-as-Code: Leveraging frameworks like CALM (Common Architectural Language Model) to embed compliance and architectural standards directly into the development lifecycle.🛡️ Navigating the Regulatory LandscapeIn 2026, regulatory scrutiny of open source has intensified. The panel addresses how they meet these evolving standards:The OSR Body of Knowledge (BoK): Utilizing the FINOS-curated BoK to standardize "what good looks like" for auditors.Cyber Resilience Act (CRA) & Liability: Preparing for new global laws that hold software producers—including financial institutions—accountable for the security of their released code.SBOMs & Transparency: Transitioning from "knowing what we use" to "proving how we secure it" through high-fidelity Software Bills of Materials (SBOMs).The takeaway: Scaling open source readiness is no longer a technical choice; it is a business imperative for resilience and talent. By operationalizing OSPOs and contributing back to common standards, financial institutions can reduce redundant development costs, attract top-tier talent, and proactively satisfy the most demanding global regulators.#FINOS #OSFF #OpenSourceReadiness #OSPO #InnerSource #MorganStanley #RBC #FannieMae #FinTech #RegTech #SBOM #cyberresilience

    29 min

  6. Jan 9

    Cloud & AI in Banking: Navigating Residency, Risks, and Automation | Microsoft & Red Hat

    🔑 Cloud, AI, and Automation: Navigating the New Regulatory Frontier | Open Source in Finance Podcast🚀 Explore insights from the #FINOS community – the center of open source innovation in financial services.🌐 More about FINOS: https://www.finos.org/ 🤖 Explore the FINOS AI Governance Framework: https://air-governance-framework.finos.org/ ☁️ Learn about Common Cloud Controls (CCC): https://ccc.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this episode, Grizz Griswold (FINOS) sits down with Allison Nachtigal (VP, Azure Chief Product Officer, Microsoft) and Aric Rosenbaum (Chief Technologist, Red Hat) to discuss the complexities of deploying cloud and AI in the most highly regulated industry in the world.🏛️ Why Cloud is Different for BanksThe panelists establish that for financial services, the cloud isn't just a technology shift—it's a massive compliance and "headline risk" challenge.Shared Responsibility: Moving to the cloud requires banks to demonstrate compliance for third-party infrastructure they do not directly control.Sovereignty & Residency: Meeting strict data residency requirements (e.g., keeping data within Swiss or EU borders) remains a primary enabler—and hurdle—for global Azure and Red Hat deployments.The "Toil" of Compliance: Implementation is often slowed by manual verification. Allison and Aric highlight the need for Common Cloud Controls (CCC) to standardize what "good" looks like across providers.🤖 The "Order of Magnitude" Complexity of AIWhile machine learning has existed for decades, LLMs introduce a fundamental conflict for auditors: Non-determinism.The Deterministic Gap: Banks require "same input, same output." LLMs, by nature, are unpredictable.Synthetic Data: Because private data cannot always leave specific regions for model training, banks are increasingly relying on synthetic data to bridge the gap.AI Governance: Aric and Allison discuss the FINOS AI Governance Framework (AIGF) as a way to crowdsource risks and automate mitigations, ensuring AI isn't just an "experiment" but a production-ready tool.⚙️ Automation as the Compliance EngineTo stay off the headlines, security must be reproducible 100% of the time.Ansible for Security: Aric emphasizes using tools like Ansible to automate security playbooks. This ensures that as Red Hat or Microsoft releases new versions, the controls remain intact across on-prem and multi-cloud environments.Crowdsourced Risks: By collaborating through FINOS, competitors like Microsoft and Red Hat work with banks to define a common set of controls, reducing the regulatory burden for everyone.🔮 Looking Ahead to 2026What does the next year hold for the industry?Efficiency Shift: Moving from "insane" energy-hungry models to smaller, high-efficiency models and autonomous agents.Quantum Uplift: A massive focus on post-quantum cryptography will likely "slow down" some migrations to ensure security foundations are rebuilt for the quantum era.Agentic Modernization: The convergence of digital assets, AI agents, and cloud will drive the next multi-year wave of modernization.The takeaway: Cloud and AI are no longer optional for financial services, but their success depends on "trust through automation." By leveraging open standards like the FINOS Common Cloud Controls and AI Governance Framework, institutions can move away from manual "toil" and build safe, non-deterministic systems that satisfy both auditors and customers.#FINOS #OpenSource #CloudSecurity #Azure #RedHat #AI #AIGovernance #FinTech #Ansible #DigitalSovereignty #QuantumComputing #Podcast

    33 min

  7. 10/12/2025

    Turn CCC into Real Checks: Multi-Cloud Security with Prowler + AI (OSFF NY Preview)

    🚀 Get a sneak peek of how FINOS Common Cloud Controls (CCC) can move from policy docs to practical enforcement—through automation and open source.In this clip:Toni de la Fuente, Founder & CEO, ProwlerToni shares his journey from maintaining open source in his spare time to helping the community align cloud security with real frameworks like CCC. He previews the upcoming OSFF workshop, where he and Pedro Martín will show how to translate CCC requirements into automated checks across AWS, Azure, and GCP, and how AI can help teams generate and test custom controls quickly. The session will also cover lessons learned: data modeling, compatibility challenges, and how to keep automation simple enough to adopt without adding more complexity.🎟️ See Toni’s full workshop with Pedro Martín at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceInFinance #CCC #CloudSecurity #AI #ComplianceAutomation #MultiCloud #DevSecOps

    22 min

  8. 10/08/2025

    OpenBB’s Open Data Platform: Local-First AI Data Pipelines (OSFF NY Preview)

    🚀 Get a sneak peek of Ihsan Saracgil’s OSFF NY session on how OpenBB’s Open Data Platform (ODP) lets teams connect private, proprietary, and public financial data to AI—securely, locally, and on your terms.In this clip:Ihsan Saracgil, CPO, OpenBBTired of waiting on scarce engineering cycles for every integration? Ihsan shows how ODP gives data engineers a Python-native, local-first way to register extensions, wrap external sources as APIs, and serve them to downstream tools (copilots, notebooks, dashboards) with full control of credentials, execution, and access. He also breaks down why Model Context Protocol (MCP) is a game-changer: wire up tools to your AI copilot fast—so tasks that once required custom plumbing (even “send me that result via email”) become quick, safe, and auditable. With a lightweight GUI (Tauri) and standardized FastAPI/OpenAPI specs, ODP helps teams unify messy data pipelines without leaking business logic to third-party platforms.🎟️ See Ihsan’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenBB #OpenSourceInFinance #FinancialData #AI #Copilots #MCP #DataEngineering #LocalFirst

    22 min
See All (143)

Ratings & Reviews

5
out of 5
5 Ratings

About

The FINOS Open Source in Finance Podcast celebrates open source projects and interesting topics at the cross section of financial services and open source. So far, our industry experts have discussed practical applications of and their real-world experiences with a range of open source projects including desktop interoperability, low code platforms, synthetic data, and data modeling. They’ve also discussed best practices for inner source, common myths about open source and why commercial companies choose to introduce open source offerings. Tune in to hear what comes next.

Information