FINOS Open Source in Finance Podcast

FINOS

The FINOS Open Source in Finance Podcast celebrates open source projects and interesting topics at the cross section of financial services and open source. So far, our industry experts have discussed practical applications of and their real-world experiences with a range of open source projects including desktop interoperability, low code platforms, synthetic data, and data modeling. They’ve also discussed best practices for inner source, common myths about open source and why commercial companies choose to introduce open source offerings. Tune in to hear what comes next.

  1. 4D AGO

    Scaling Open Source Readiness in Banking: Strategy & OSPO Best Practices | FINOS New York

    🔑 Scaling Open Source Readiness in Financial Institutions | OSFF New York 🚀 Explore insights from #OSFFNYC – the premier event for open source in financial services.🌐 More about FINOS: https://www.finos.org/ LinkedIn: FINOS Foundation🚀 Explore insights from #OSFFNewYork by FINOS – the leading open source in finance conference.📚 OSR Body of Knowledge: https://osr.finos.org/ 🌐 More about FINOS: https://www.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this high-level panel, Peter Smulovics (Morgan Stanley), Brittany Istenes (Fannie Mae), and Elspeth Minty (RBC Capital Markets), moderated by Rob Moffat (FINOS), share the "battle-tested" blueprints for taking open source from a developer-led hobby to an enterprise-grade strategic asset.🏛️ The Infrastructure of Readiness"Open Source Readiness" (OSR) is the foundational ability of a firm to consume and contribute to open source while managing regulatory, legal, and security risks. The panelists outline the evolution of a firm's maturity:The OSPO as a Catalyst: How an Open Source Program Office acts as the "connective tissue" between Legal, Risk, Cyber, and Engineering.Maturity Modeling: Moving from passive Usage (SCA scanning) to active Contribution and eventually Strategic Leadership in the ecosystem.The "Security Sandwich": Balancing the speed of open source adoption with the rigorous supply chain security standards required by regulators.⚙️ Scaling Contribution: The Morgan Stanley & RBC PlaybooksThe leaders discuss how they’ve automated the "toil" out of open source contribution to empower thousands of developers:Frictionless Approval: Using tools like GitProxy and automated CLA (Contributor License Agreement) management to shorten the distance from "Idea" to "Pull Request."InnerSource as a Stepping Stone: Brittany Istenes explains how InnerSource (applying open-source patterns internally) builds the "muscle memory" needed for external contribution in a safe environment.Policy-as-Code: Leveraging frameworks like CALM (Common Architectural Language Model) to embed compliance and architectural standards directly into the development lifecycle.🛡️ Navigating the Regulatory LandscapeIn 2026, regulatory scrutiny of open source has intensified. The panel addresses how they meet these evolving standards:The OSR Body of Knowledge (BoK): Utilizing the FINOS-curated BoK to standardize "what good looks like" for auditors.Cyber Resilience Act (CRA) & Liability: Preparing for new global laws that hold software producers—including financial institutions—accountable for the security of their released code.SBOMs & Transparency: Transitioning from "knowing what we use" to "proving how we secure it" through high-fidelity Software Bills of Materials (SBOMs).The takeaway: Scaling open source readiness is no longer a technical choice; it is a business imperative for resilience and talent. By operationalizing OSPOs and contributing back to common standards, financial institutions can reduce redundant development costs, attract top-tier talent, and proactively satisfy the most demanding global regulators.#FINOS #OSFF #OpenSourceReadiness #OSPO #InnerSource #MorganStanley #RBC #FannieMae #FinTech #RegTech #SBOM #cyberresilience

    29 min

  2. JAN 9

    Cloud & AI in Banking: Navigating Residency, Risks, and Automation | Microsoft & Red Hat

    🔑 Cloud, AI, and Automation: Navigating the New Regulatory Frontier | Open Source in Finance Podcast🚀 Explore insights from the #FINOS community – the center of open source innovation in financial services.🌐 More about FINOS: https://www.finos.org/ 🤖 Explore the FINOS AI Governance Framework: https://air-governance-framework.finos.org/ ☁️ Learn about Common Cloud Controls (CCC): https://ccc.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this episode, Grizz Griswold (FINOS) sits down with Allison Nachtigal (VP, Azure Chief Product Officer, Microsoft) and Aric Rosenbaum (Chief Technologist, Red Hat) to discuss the complexities of deploying cloud and AI in the most highly regulated industry in the world.🏛️ Why Cloud is Different for BanksThe panelists establish that for financial services, the cloud isn't just a technology shift—it's a massive compliance and "headline risk" challenge.Shared Responsibility: Moving to the cloud requires banks to demonstrate compliance for third-party infrastructure they do not directly control.Sovereignty & Residency: Meeting strict data residency requirements (e.g., keeping data within Swiss or EU borders) remains a primary enabler—and hurdle—for global Azure and Red Hat deployments.The "Toil" of Compliance: Implementation is often slowed by manual verification. Allison and Aric highlight the need for Common Cloud Controls (CCC) to standardize what "good" looks like across providers.🤖 The "Order of Magnitude" Complexity of AIWhile machine learning has existed for decades, LLMs introduce a fundamental conflict for auditors: Non-determinism.The Deterministic Gap: Banks require "same input, same output." LLMs, by nature, are unpredictable.Synthetic Data: Because private data cannot always leave specific regions for model training, banks are increasingly relying on synthetic data to bridge the gap.AI Governance: Aric and Allison discuss the FINOS AI Governance Framework (AIGF) as a way to crowdsource risks and automate mitigations, ensuring AI isn't just an "experiment" but a production-ready tool.⚙️ Automation as the Compliance EngineTo stay off the headlines, security must be reproducible 100% of the time.Ansible for Security: Aric emphasizes using tools like Ansible to automate security playbooks. This ensures that as Red Hat or Microsoft releases new versions, the controls remain intact across on-prem and multi-cloud environments.Crowdsourced Risks: By collaborating through FINOS, competitors like Microsoft and Red Hat work with banks to define a common set of controls, reducing the regulatory burden for everyone.🔮 Looking Ahead to 2026What does the next year hold for the industry?Efficiency Shift: Moving from "insane" energy-hungry models to smaller, high-efficiency models and autonomous agents.Quantum Uplift: A massive focus on post-quantum cryptography will likely "slow down" some migrations to ensure security foundations are rebuilt for the quantum era.Agentic Modernization: The convergence of digital assets, AI agents, and cloud will drive the next multi-year wave of modernization.The takeaway: Cloud and AI are no longer optional for financial services, but their success depends on "trust through automation." By leveraging open standards like the FINOS Common Cloud Controls and AI Governance Framework, institutions can move away from manual "toil" and build safe, non-deterministic systems that satisfy both auditors and customers.#FINOS #OpenSource #CloudSecurity #Azure #RedHat #AI #AIGovernance #FinTech #Ansible #DigitalSovereignty #QuantumComputing #Podcast

    33 min

  3. 10/12/2025

    Turn CCC into Real Checks: Multi-Cloud Security with Prowler + AI (OSFF NY Preview)

    🚀 Get a sneak peek of how FINOS Common Cloud Controls (CCC) can move from policy docs to practical enforcement—through automation and open source.In this clip:Toni de la Fuente, Founder & CEO, ProwlerToni shares his journey from maintaining open source in his spare time to helping the community align cloud security with real frameworks like CCC. He previews the upcoming OSFF workshop, where he and Pedro Martín will show how to translate CCC requirements into automated checks across AWS, Azure, and GCP, and how AI can help teams generate and test custom controls quickly. The session will also cover lessons learned: data modeling, compatibility challenges, and how to keep automation simple enough to adopt without adding more complexity.🎟️ See Toni’s full workshop with Pedro Martín at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceInFinance #CCC #CloudSecurity #AI #ComplianceAutomation #MultiCloud #DevSecOps

    22 min

  4. 10/08/2025

    OpenBB’s Open Data Platform: Local-First AI Data Pipelines (OSFF NY Preview)

    🚀 Get a sneak peek of Ihsan Saracgil’s OSFF NY session on how OpenBB’s Open Data Platform (ODP) lets teams connect private, proprietary, and public financial data to AI—securely, locally, and on your terms.In this clip:Ihsan Saracgil, CPO, OpenBBTired of waiting on scarce engineering cycles for every integration? Ihsan shows how ODP gives data engineers a Python-native, local-first way to register extensions, wrap external sources as APIs, and serve them to downstream tools (copilots, notebooks, dashboards) with full control of credentials, execution, and access. He also breaks down why Model Context Protocol (MCP) is a game-changer: wire up tools to your AI copilot fast—so tasks that once required custom plumbing (even “send me that result via email”) become quick, safe, and auditable. With a lightweight GUI (Tauri) and standardized FastAPI/OpenAPI specs, ODP helps teams unify messy data pipelines without leaking business logic to third-party platforms.🎟️ See Ihsan’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenBB #OpenSourceInFinance #FinancialData #AI #Copilots #MCP #DataEngineering #LocalFirst

    22 min

  5. 10/05/2025

    Communications Very Erratic (CVE): Stabilizing Vuln Data for the Industry (OSFF NY Preview)

    🚨 What happens when the backbone of vulnerability reporting wobbles? In April 2025, funding shocks to CVE/CWE—and the downstream NVD—sparked panic before a short-term lifeline appeared. The uncertainty hasn’t gone away.In this clip:Christopher “CRob” Robinson, CTO & Chief Security Architect, OpenSSF (The Linux Foundation)CRob previews his OSFF NY session on why reliable, authoritative vulnerability metadata is critical for banks, regulated enterprises, and open source maintainers—and what upstream is doing about it. He walks through the recent CVE/NVD turbulence, why downstream teams (risk, OSPOs, product owners) struggle to meet regulatory obligations without stable data, and how the open source community is collaborating to deliver consistent, high-quality vulnerability information going forward. Expect clear context, practical takeaways, and a path from fragmented signals to trustworthy feeds.🎟️ See CRob’s full talk at OSFF New York (Oct 21–22, 2025).🌐 More about FINOS: https://www.finos.org/📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNY #OpenSourceSecurity #OpenSSF #CVE #CWE #NVD #VulnerabilityManagement #Risk #Compliance #SupplyChainSecurity

    34 min

  6. 09/24/2025

    OSFF New York Day 2 Preview — AI Tracks, Security Deep Dives, and Lightning Hot Topics | Grizz Griswold

    🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference. Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0 In this episode (podcast preview):Grizz Griswold, Head of Marketing, FINOSDay 2 is built for builders and risk leaders alike—two AI tracks, a full OpenSSF security program, a Confidential Computing Consortium security track (details incoming), and a fast-moving Hot Topics lightning series. Open Source, AI-Powered Industry (developer/engineering focus): Hands-on sessions on AI-native software development, neuro-symbolic techniques, workforce augmentation with agents, adoption challenges, and integrating AI with FDC3—closing with the EAMS Dial open source enterprise gen-AI platform. Speakers from J.P. Morgan, Red Hat, S&P Global, Scott Logic, interop.io, EPAM, and more. Mutualizing Risk & Compliance in the Open (governance focus): How the industry collaborates on secure-by-design architectures, automated compliance with Common Cloud Controls (CCC) + Prowler, zero-trust blueprints, and the FINOS AI Governance Framework. Featuring ControlPlane, Prowler, Runnink, GitLab, JUXT, and more. OpenSSF: Guarding the Vaults (security focus): Raising the baseline for secure OSS in finance—securing AI in the open, defending against secrets/token/API attacks, and model signaling/validation. Contributions from IBM, Bloomberg, Sonatype, Red Hat, and OpenSSF. Confidential Computing Consortium (security track): Sister-foundation deep dives on hardware-anchored trust and protected data/compute—full agenda to be announced. Hot Topics (15-minute lightning talks): Rapid-fire innovation across open data, GenAI, FDC3, CDM-driven automation, payments flexibility, financial agents, and more—speakers from Citi, AWS, GitLab, OpenBB, Temporal, RPI, J.P. Morgan, vCluster, and others. 🎟️ P.S. There’s a hidden VIP code in the audio (free & 50% tickets). It’s not in this description—catch it in the episode! 🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter #FINOS #OSFFNewYork #OpenSourceInFinance #AIinFinance #Security #OpenSSF #ConfidentialComputing #FDC3 #CDM #AIGovernance #CommonCloudControls #ZeroTrust #Conference

    14 min

  7. 09/22/2025

    Zero Trust + Open Source: A Practical Compliance Blueprint | Rakia Finley, Copper & Vine Studio

    🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this podcast (podcast preview):Rakia Finley, Founder & Managing Partner, Copper & Vine StudioRegulatory rigor and rapid innovation don’t have to clash. Rakia shares a battle-tested approach to embedding compliance into product design using zero-trust architecture and open-source components. She explains why leaders must clarify the “why” behind regulatory change, and why developers should start from existing regulations—auditing “digital beliefs” (data quality, infra, policies) before layering AI. Expect takeaways on aligning to DORA/ISO, secure-by-design patterns, proactive threat modeling, and how inclusive governance reduces risk by reflecting the communities you serve. Plus: a teaser case study of a fintech pipeline brought into compliance without slowing delivery.🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNewYork #OpenSourceInFinance #ZeroTrust #Compliance #DORA #ISO27001 #SecureByDesign #AIGovernance #FinancialServices #CopperAndVine

    27 min

  8. 09/16/2025

    OSFF New York: Day 1 Preview — Tracks, Keynotes, and Big Announcements | Grizz Griswold

    🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this episode:Grizz Griswold, Head of Marketing, FINOSA fast, inside look at Day 1 of OSFF New York: what’s new, what’s launching, and where you’ll get the most value.Keynotes & momentum: How open source went from “nice-to-have” to core infrastructure in finance, with ROI front-and-center.The Forge (ideation): Ground-floor concepts before incubation—think Open SDLC Controls, Secure-by-Design (CALM + AI Governance + Common Cloud Controls), and an Open Data Commons.Launchpad (incubating projects): Hands-on sessions with CALM, the FINOS AI Governance Framework, Common Cloud Controls, and a brand-new project being unveiled on stage.CDM track: Real adoption stories—eligible collateral, digital bond issuance, and tokenized assets integrated into collateral management.FDC3 track: Desktop interoperability becomes mainstream—conformance, web expansion, and a preview of FDC3 2.3.Open Source Readiness: How banks scale OSPOs, govern licenses, and roll out enterprise open source programs—case studies from leading institutions.Community & networking: Seven tracks, project expos/booths, hallway track magic—meet maintainers, ask questions, try the tech.🎟️ P.S. Listen for a hidden VIP code in the audio (free & 50% tickets). It’s not in this description—catch it in the episode!🌐 More about FINOS: https://www.finos.org/📥 Download the latest State of Open Source in Financial Services: https://www.finos.org/state-of-open-source-in-financial-services📧 Join our newsletter: https://www.finos.org/newsletter#FINOS #OSFFNewYork #OpenSourceInFinance #FinancialServices #Conference #FDC3 #CDM #OpenSourceReadiness #DevOps #AIGovernance #OpenSourceCommunity

    29 min
See All (139)

Ratings & Reviews

5
out of 5
5 Ratings

About

The FINOS Open Source in Finance Podcast celebrates open source projects and interesting topics at the cross section of financial services and open source. So far, our industry experts have discussed practical applications of and their real-world experiences with a range of open source projects including desktop interoperability, low code platforms, synthetic data, and data modeling. They’ve also discussed best practices for inner source, common myths about open source and why commercial companies choose to introduce open source offerings. Tune in to hear what comes next.

Information