The US-based foundation of open innovation in financial services FINOS has announced the formation of an open standard project
The US-based foundation of open innovation in financial services FINOS has announced the formation of an open standard project. According to the official release, the new project is built upon a method devised by FINOS Platinum Member Citi and aims to describe consistent controls for compliant public cloud deployments in the financial services sector.
The development of this new project comes to address a specific pain point in the industry. Despite the rapid adoption of cloud solutions, the global regulatory landscape continues to be fragmented. Through the new project, FINOS seeks to formulate a unified set of cybersecurity, resiliency, and compliance controls for widely used services across the major cloud service providers (CSPs).
By imposing a taxonomy of common services and threats, FINOS’ project further aims to alleviate the systemic risk of cloud concentration, which is an issue previously outlined in reports from institutions like the U.S. Department of the Treasury, the UK HMT, the European Council, and the Monetary Authority of Singapore. This open standard is reportedly anticipated to build upon current endeavours akin to NIST’s OSCAL, the MITRE ATT&CK framework, and FINOS’ own Compliant Financial Infrastructure project.
Its goal is to build taxonomies on common cloud services, common threat techniques and associated mitigations, logical control descriptions, as well as cloud service-specific data flow diagrams to gain insights into typical attack vectors within the service. A detailed overview of the project The new Citi-initiated project was approved in July 2023 by the foundation’s Governing Board and currently has more than 20 participants among FINOS members, including Bank of Montreal (BMO), Citi, Goldman Sachs, Morgan Stanley, Royal Bank of Canada (RBC), London Stock Exchange Group (LSEG), Natwest Group, or Google Cloud. Moreover, among the leading vendors that also joined the project are GitHub, Red Hat, Symphony, Adaptive, Container Solutions, ControlPlane, GitLab, and Scott Logic.
As per the official release, the project is set to commence its formation stage in August 2023 and will subsequently become accessible via the Community Specification License later in 2023. Other companies that want to join it can still do so. Even more to this point, the project actively extends an invitation for participation to financial institutions worldwide, CSPs, fintech and technology vendors, industry associations, and regulators, aiming to encompass a diverse representation of all stakeholders engaged in the shared responsibility model.
Citi, the member that devised the method as the basis of the new project, is a banking partner for institutions that necessitate cross-border services, as well as a provider of wealth management and a personal bank in the US market. The Fintech Open Source Foundation (FINOS) is an independent nonprofit organisation dedicated to fostering open innovation during the current era of technological transformation within the financial services sector. .
Jul 28, 2023 12:24
Original link