AI Governance Framework - Standard Project Contribution and Onboarding

[lucaborella89]

Please note that only FINOS members can propose new Standards projects. If you're interested in membership, see https://www.finos.org/membership-benefits#become-a-member.

Business Problem

The financial services industry faces substantial challenges in safely and responsibly adopting artificial intelligence (AI), particularly generative AI. This includes managing unique risks around model bias, transparency, explainability, and data privacy, as well as meeting rigorous regulatory requirements. Currently, FSIs lack a dedicated governance framework to consistently identify, assess, and control these AI-specific risks, making it difficult to align with regulatory standards and industry best practices.

Proposed Solution

The AI Governance Framework (AIGF) is an open, machine-readable standard that provides a comprehensive risk-based governance model for AI in financial services. At the moment, the framework includes specifications for 14 key risks and 16 controls, tailored to generative AI. Inspired by NIST AI Risk Management Framework, AIGF enables FSIs to implement governance policies that align with regulatory and ethical requirements, supporting safe AI deployment across the industry.

Tentative Roadmap

Short-term (0-6 months):

• Establish an AIGF-specific GitHub repository for community contributions
• Launch AIGF Version V1 with foundational risk-control mappings and integration with CCC
• Begin development of a machine-readable version to support Governance as Code (GaC) integration

Medium-term (6-12 months):

• Expand the use case coverage
• Expand the machine-readable framework to integrate with automated compliance tools
• Engage with regulators to explore incorporating compliance requirements.

Success: Widespread adoption of AIGF as a core AI governance standard by FSIs, with active community input driving its ongoing evolution.

Scope

The scope of AIGF includes defining risk assessment, governance controls, and compliance processes specifically for generative AI in financial services. The framework will prioritize clear risk definitions, categorized controls, and architecture integrations to support practical deployment.

Current State

The AIGF V0 documentation, along with related materials, is available via the AI Readiness SIG repository. If accepted, AIGF will be moved to a dedicated repository to facilitate ongoing development.

Existing Materials

https://air-governance-framework.finos.org/

Development Team

Maintainers

• Colin Eberhardt - Scott Logic @ColinEberhardt (https://github.com/ColinEberhardt) Lead Maintainer
• Vicente Herrera Garcia - ControlPlane @vicenteherrera (https://github.com/vicenteherrera) TBC
• Alvin Shih - Morgan Stanley - @alvin-c-shih (https://github.com/alvin-c-shih)
• Chamindra de Silva - Citi @chamindra (https://github.com/chamindra)
• Asad Ateeque – NatWest @aateeque (https://github.com/aateeque)

Potential contributors

Below the list all of the individuals that have expressed interest in this project by requesting access to the Governance Framework when it was a private repository:
Arnau Oller - TradeHeader @arnauoller
Victor - Independent @victorjunlu
JohnMark - FannieMae - @johnmark
Gerardo Lisboa - ESPO - @gvlx
Andrew Martin - ControlPlane - @sublimino
Frederick F. Kautz IV - Testifysec - @fkautz
eltonjude- - @eltonjude
Rohan Deshpande - Goldman Sachs - @appwiz
jamesheward - Scott Logic - @jamesheward
mcoimbat - Morgan Stanley - @mcoimbat
Mehak Mehta - Morgan Stanley - @mehakmehta21
pmehta1 - Morgan Stanley - @pmehta1
Damien Burks - Citi - @damienjburks
Yasir Alibrahem @YasirAlibrahem
Eddie Knight - Sonatype - @eddie-knight
Kevin Alwell - GitHub - @alwell-kevin
Peter Smulovics - Morgan Stanley - @psmulovics
Ray Meredith - GitHub - @RaydioAM
gibsonlam - BMO - @gibsonlam
bshravancmu @bshravancmu
torinvdb - ControlPlane - @torinvdb
Lori Lorusso - Percona - @LoriLorusso
Yan - Microsoft - @yt-ms
Daniele Casal - Lloyds - @d-casal
jamesoche @jamesoche
Jared Lambert - Microsoft - @jared-lambert
gkocak-scottlogic - Scott Logic - @gkocak-scottlogic

Target Contributors

The project seeks contributors with expertise in AI governance, risk management, and regulatory compliance in financial services. Ideal participants include CISOs, AI compliance officers, risk management leads, and legal experts in digital compliance within FSIs.

Infrastructure needs

Describe the FINOS infrastructure you will need for this project, in addition to a GitHub repository. The FINOS team will connect with you before setting up any of this infrastructure

• Recurring meetings
• Mailing list
• A project on the Legend Studio shared instance
• Other (please explain):

What's next?

Upon submission of this project proposal, the FINOS team will get in touch with you to discuss next steps.

---

Contribution process (v. 1.0, last updated on May 26, 2021)

Below is the list of tasks that FINOS Team and the contribution author go through in order to complete the FINOS contribution process.
Please do not edit these contents at contribution time!

FINOS Contrib POC

• Identify and Assign FINOS Contrib POC

Kick-off meeting

• Set up kick-off meeting with project leads to cover
  • FINOS overview (if necessary)
  • FINOS Maintainers cheatsheet
  • Discuss project proposal

Proposal (Lead Maintainer)

• Lead maintainer to send out announcement to [email protected] using this template:

  Dear FINOS Community, 
  
  We would like to propose a new FINOS project. Please review the proposal details at (_TODO: add link to the GitHub issue proposal_).
  
  If you're interested in participating, please :+1: the GitHub issue proposal and drop a comment with your name, org and email
  
  Thanks a lot,
  

Identify project meta (Lead: FINOS Contrib POC, Support: FINOS Marketing)

• Project Name
  • Standard Name
  • Assess current trademark status
  • Define new project name (if applicable)
  • Design new project logo (if applicable)
  • Trademark new project name and logo (if applicable)
• Category and sub-category (for FINOS Landscape)
• Existing code or new Github repository
• Existing code releases (and which artifact repositories are used)
• Team composition: lead maintainer and other maintainers
• Meetings (existing/yes/no)
• Meeting minutes, agenda, attendance tracking (existing/yes/no)
• Continuous Integration (existing/yes/no)
• Documentation website (existing/yes/no)
• Define project slug

Maintainers, contributors and CLAs (Lead: FINOS Contrib POC, Support: FINOS infra)

• For each maintainer identified in the previous step, collect: the following info:
  • Fullname
  • GitHub username
  • Corporate email address
• Identify other existing contributors (assuming there's a contribution history (eg Git history)
• Maintainers to determine if participants will be required to execute a Community Specification License Agreement (CSLA) or submit a Pull Request to accept the license terms.
• (optional) Check if maintainers, editors, and other participants are covered by a FINOS CSLA

Project Communication Channel(s)

• Ask maintainers which communications channels they'd like to use
• Asynchronous
  • GitHub Issues (public)
  • GitHub Discussions (public)
  • GitHub Team Discussions (public and private FINOS CLAs Required)
  • Google Groups or Groups.io
• Synchronous
  • FINOS Slack Channel (general public Slack / leadership private Slack)
• Create the identified communication channels during infra set up
• Link communication channels linked front and center in the project README.md

Approval (Lead: FINOS Infra)

• Assign issue to Executive Director (@mindthegab) to trigger voting
  (optional). If additional socialization is required, the Executive Director may bring standards projects to the FINOS Governing Board
• FINOS accepts the contribution/new standard project (and the contribution process can move forward)

Assets transfer (optional - Lead: FINOS Infra)

• Check GitHub repository transfer requirements:
  • finos-admin has Admin to all repositories to transfer
  • finos-admin ia allowed to transfer repositories out of the org
  • if the repository is owned by a user (and not an org), the user must be able to transfer the repository to finos-admin
• Transfer all code assets as GitHub repositories under github.com/finos
• Invite GitHub usernames to GitHub FINOS Org
• Create <project-name>-maintainers GitHub team and invite users
• Configure finos-admins and finos-staff team permissions

Infra setup (Lead: FINOS Infra)

• Update release coordinates and code namespace to include finos (best effort)
• Update project badge
• Update project README
• Aggregate mailing lists to [email protected]
• Enable meeting attendance tracking (optional)
• (optional) Onboard into legend.finos.org/studio

Metadata update (Lead: FINOS Infra)

• Add project to metadata
• Add identities, orgs and affiliations to metadata
• Add logo to FINOS landscape
• Add maintainers emails to [email protected] list
• Add maintainers GitHub usernames to the project-maintainers Team
• Onboard project on LF systems (SFDC, Insights, EasyCLA, Groups.io)

Mailing list (optional)

• Create mailing-list
• Enable Hubspot Sync for all project mailing lists created
• Update marketing lists
  • Add new list to the included "Email List" part of the filter
  • Add new list to the excluded "Email" part of the filter

Announcement (Lead: FINOS Contrib POC)

• Work with FINOS marketing to send out announcement to [email protected] , checkout announcement template at the Contribution page.
• Notify FINOS Contrib POC and FINOS marketing manager once the announcement has been sent out (FINOS infra)

Marketing collateral and Social (Lead: FINOS Marketing)

• Update FINOS marketing collaterals to update numbers and include the new project
• Post on FINOS social media
• Post on LF social media
• Email brief announcement to [email protected] (Optional depending applicability of contribution)

Onboarding and training (Lead: FINOS Infra)

• FINOS Standards Project Governance
• FINOS Standards Project Lifecycle

Press Release (OPTIONAL - Lead: FINOS Marketing)

• Identify quotes for press release
• Draft press release
• Send embargoed press release to reporters

[mindthegab]

@eddie-knight @finos/toc Is there anything blocking @TheJuanAndOnly99 and the FINOS team from creating the infrastructure for this project? It's an already advanced ongoing activity in FINOS with wide support and contribution, albeit started under a SIG, so I assume this is just a formality.

Can we get a thumbs up and proceed?