Finance is one of the most regulated industries. Banks operate under overlapping layers of oversight – prudential regulation, conduct rules, data privacy law, anti-money laundering requirements – that vary by jurisdiction and evolve constantly.
For data science and AI teams, this creates a compliance burden that is not a footnote to their work but the central constraint shaping it. A model that performs well in a sandbox is not necessarily a model a bank can use. Before anything reaches production, it must also be explainable to regulators, auditable by risk teams, and defensible under scrutiny. In practice, that kills the vast majority of models before they ever see the light of day.
This challenge is not unique to finance, but finance makes it impossible to ignore. As our CSO Gaël Varoquaux wrote recently, deploying a SOTA model in a demo is straightforward. Putting one into a production workflow your organization genuinely relies on is a different problem entirely. It requires models you can audit, training data you can document, and evaluations that map to the regulatory and operational requirements of your specific context.
That kind of trust cannot be purchased or outsourced. It has to be demonstrated through concrete evidence: training data you can trace, model cards that are actually documented, and evaluation frameworks you can run against your own regulatory and operational requirements. The organizations making real progress are those investing in the tools and internal infrastructure to rigorously assess and compare models on criteria that matter to them specifically, so that a deployment decision is grounded in documented evidence rather than deference to whatever a vendor happens to be shipping next.
For banks, the stakes of getting this wrong are existential. Regulatory penalties, reputational damage, and operational failures are not hypothetical risks – they are live ones, and the compliance function exists precisely because the industry has learned, repeatedly and painfully, what happens when controls fail. At the same time, the competitive pressure to adopt AI is intensifying. The question financial institutions are grappling with is not whether to use AI, but how to use it without introducing risks they cannot measure, govern, or explain.
This week, I sat down with Gabriele Columbro, Executive Director of FINOS – the Fintech Open Source Foundation and financial services vertical of the Linux Foundation – to pick his brain about how FINOS is facilitating collaboration between the world's biggest financial institutions on developing open source software and open standards that let banks meet their compliance requirements and genuinely trust the AI models they put into production.
Marie Sacksick: For our readers who aren’t familiar with FINOS: what is it, and how did you get banks to not only recognize the value of open source, but also to invest in it and get them excited about collaborating on it?
Gabriele Columbro: FINOS is the financial services vertical of the Linux Foundation. It is a neutral, non-profit membership organization whose mission is to unite the financial services industry to collaboratively build open technologies and standards that enhance profitability, improve resilience and accelerate innovation. It’s taken some time, but by providing the right environment and support, we’ve helped financial institutions realize that actively engaging in open source is a positive-sum game. Open source is already used in nearly 90% of systems in finance, so why not make it work for them. By collaborating on the core, firms mutualize costs, enhance time-to-market, take control of their tech, and build better solutions.
Marie Sacksick: I that FINOS has been increasingly active in the AI space. Can you walk me through the AI-related programs and initiatives you’re running today, and what problems in the financial services industry they’re designed to solve?
Gabriele Columbro: Our 2030 vision is for FINOS standards to be embedded in the core workflows of the global financial system. We have a three-pronged AI strategy:
1. Harmonizing the fragmented landscape of global regulations, guidelines, and standards around AI governance into concrete, transparent machine-readable controls that financial institutions can deploy at scale. Projects like the AI Governance Framework, Calm, and Common Cloud controls are the building blocks for this vision. This allows firms to not only “mutualize” tech risk but also to seamlessly deploy controls at scale enabling AI innovation to progress without bottlenecks.
2. Building industry-wide specs for intra- and inter-firm agentic workflows, consolidating industry expertise and regulatory requirements into specs, upstream projects and commercial products that organizations can build and certify against.
3. Catalyzing community contributions from financial services with a long term vision set directly by AI leaders in the industry, which we are bringing together in a dedicated governance and funding effort: the FINOS AI Fund.
Ultimately we see open source provide a unique opportunity to shift left collaboration between financial institutions, vendors, and the open source building blocks of agentic AI to tackle regulatory uncertainty and help firms innovate faster while proving AI is safe and compliant.
Marie Sacksick: At Nvidia GTC 2026, Jensen Huang called structured data the ground truth of AI in enterprises and got his audience excited about what he called the $120B structured data opportunity. Would you say Hensen’s argument also applies to the financial services industry? And if so, in which sectors do you expect to see the biggest impacts?
Gabriele Columbro: Structured data is the bedrock of finance. And particularly in an era where agentic AI development is commoditizing software, financial institutions’ data becomes the true new competitive moat for building better and better models. Conversely, like we have seen for software, non-differentiating, aka pre-competitive, data is absolutely something we could and should collaborate on to enable fast industry innovation. That’s why at FINOS we focus on domain specific data sets, and why we are in active conversations to create an "open data commons", starting from the root of all structured data: reference data, i.e. an entity graph of companies, legal entities, people and locations. This reduces uncertainty in identifying counterparts and is something every firm spends millions to maintain for no differentiation. This "ground truth" is critical for KYC, fraud detection, and lending decisions where you need near-absolute certainty. By mapping identifiers like LEIs in one primary table, the industry eliminates manual reconciliation that costs billions. Capital markets and post-trade operations will see the biggest impact as data is effectively their business.
Marie Sacksick: We were obviously thrilled to hear Jensen say that, as the company founded by the creators of scikit-learn – the most downloaded Python library for machine learning that is used across every major industry to make predictions on structured data. Of course this includes finance, where it’s used for all sorts of tasks, from fraud detection to demand forecasting. Out of curiosity, which use cases in the financial services industry stand out to you as the ones where open source tools for ML and AI like scikit-learn create the greatest value? And which use cases would you say are ripe for disruption?
Gabriele Columbro: As you say, open source ML tools are already the workhorses for fraud detection and predictive analytics, but there is still room to improve there. Our HPC initiative, including projects like HTC-Grid and OpenGRIS, eliminates infrastructure inefficiencies so models can be deployed faster and more cost effectively, which will become increasingly important. As for disruption, I’d look at post-trade exception handling, a manual nightmare that AI-powered multi-agent pipelines are starting to automate at scale. We’re also seeing massive disruption in architecture drift and automated compliance where AI verifies that code matches the signed-off design.
Marie Sacksick: One thing we hear constantly from enterprise data science teams is that the challenges they face don’t stem from algorithms or compute – they stem from the lack of rigor and structure in their data science practice. Most models never reach production. Reproducibility remains an aspiration. Institutional knowledge walks out the door with every departing data scientist or ML engineer. And shiny, new automated tools promise magic, but often deliver opacity, technical debt, and lock-in. We’re convinced that it’s high time to tackle these challenges and build for the needs of enterprise data science teams. Is this consistent with what you’re seeing among data science and AI teams in the financial services industry?
Gabriele Columbro: In banking, the "compliance tax" is often paid in manual work that kills 90% of models before production. We’re fixing this by moving from "vibe coding" to "Governance-as-Code", industrializing the practice with machine-readable controls and deterministic pipelines. By treating both Data and Architecture as Code, we ensure institutional knowledge is captured in the repository, not just in a data scientist’s head. This rigor is the only way to turn aspirations of reproducibility into audit-ready, enterprise-grade AI.
Marie Sacksick: Finance has some of the strictest regulations in the world around governance, auditability, and explainability. Given this, in your opinion, what kind of design principles and/or features are must-have’s for open source ML and AI tools to be adopted by data science and AI teams in the financial services industry? In fact, isn't there some defiance against open source by default? How can we collectively participate in changing this mindset?
Gabriele Columbro: The answer is twofold: first and foremost, we need to continue educating the industry about open source and dispel old myths. In the FINOS community we have largely achieved this through our Open Source Readiness program, which conjugates the financial institutions risk first mentality with the best practices of open source. Based on the experience of the largest firms in the world, it’s a comprehensive knowledge base on how banks can adopt and contribute to open source. Secondly, machine-readable controls and "glass-box" auditing at runtime level are must-haves. In this industry, if you can't prove it, you can't use it. We change mindsets by building foundations together with competitors, elevating everyone's security and ROI while lowering the "compliance tax". By shifting risk management "left" and integrating compliance directly into CI/CD pipelines, we show that open source isn't a risk, it's a portfolio strategy to improve resilience and manage the supply chain. Calm is the project which is advancing this approach and rationalizing all of our tech risk efforts.
Marie Sacksick: Last but not least, if you were to advise open source developers on where to focus their efforts to genuinely move the needle for data science and AI teams in banks, what would you tell them to build first and foremost?
Gabriele Columbro: Focus on specs, not code! Specifically, we need specs that embody regulated needs for intra- and inter-firm agentic workflows using common data ontologies, common controls and evals, workflow blueprints and ultimately standardized industry “agent skills”. We’d love to get more contributors to help us build the "Governance-as-Code" pipeline across our AI Governance Framework, Calm, and Common Cloud Controls, to harmonize the fragmented landscape like regulatory mapping and evidence collection into a ready-to-use framework. If you build deterministic, spec-driven tools that satisfy regulators while accelerating velocity, you’ll be the hero of the modern bank.
As founding Executive Director, Gabriele Columbro has played a pivotal role in transforming the Fintech Open Source Foundation (FINOS) from its nascent stages into a leading force in the financial services sector, fostering significant growth and innovation through open source collaboration. Under his leadership, FINOS, now part of the Linux Foundation, has expanded to over 100 members, including major financial institutions and technology firms and became the host of open source projects now critical to the financial services ecosystem, from open industry standards to open source AI and cloud foundational technologies.
Gabriele has also been instrumental in establishing and promoting key industry events such as the Open Source in Finance Forum (OSFF), that have become central hubs for open source in finance bringing together over 2000 people every year.
Besides OSFF, Gabriele is also a frequent keynote speaker at major events like Open Source Summit, Money 2020, Finovate, and KubeCon, where he advocates on the transformative impact of open source technology in various sectors, first and foremost financial services.
Thanks to his accomplishments with FINOS, in 2022 Gabriele was tapped to take on a significant role as the General Manager of Linux Foundation Europe, aimed at enhancing the presence and impact of open source across Europe. Since launching in 2022, under his, Linux Foundation Europe has grown into a trusted, vendor-neutral home for nearly 200 members and seven collaborative projects, helping strengthen the voice of open source in key European technology, economic and geopolitical conversations, from cybersecurity to open source AI to digital sovereignty.
His extensive experience in building developer and commercial ecosystems and driving innovation is not just limited to non-profits but extends to commercial open source ventures and direct exposure Fortune 500 companies, highlighted by his previous roles at Alfresco. Gabriele is an advisor for OpenBB and Prowler and angel investor in open source startups.
Beyond his professional achievements, as a special needs parent, Gabriele advocates for disability rights and inclusion. He is an avid reggae music connoisseur, enjoys cooking strictly Italian food, and it's a vocal Napoli soccer fan, a sport he enjoys also playing in his personal time. Gabriele holds a Master's in Computer Engineering at Università of Roma Tre in Italy.