Scaling Open Source Readiness in Banking: Strategy & OSPO Best Practices | FINOS New York
Wed Feb 04 2026
🔑 Scaling Open Source Readiness in Financial Institutions | OSFF New York
🚀 Explore insights from #OSFFNYC – the premier event for open source in financial services.🌐 More about FINOS: https://www.finos.org/ LinkedIn: FINOS Foundation🚀 Explore insights from #OSFFNewYork by FINOS – the leading open source in finance conference.📚 OSR Body of Knowledge: https://osr.finos.org/ 🌐 More about FINOS: https://www.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this high-level panel, Peter Smulovics (Morgan Stanley), Brittany Istenes (Fannie Mae), and Elspeth Minty (RBC Capital Markets), moderated by Rob Moffat (FINOS), share the "battle-tested" blueprints for taking open source from a developer-led hobby to an enterprise-grade strategic asset.🏛️ The Infrastructure of Readiness"Open Source Readiness" (OSR) is the foundational ability of a firm to consume and contribute to open source while managing regulatory, legal, and security risks. The panelists outline the evolution of a firm's maturity:The OSPO as a Catalyst: How an Open Source Program Office acts as the "connective tissue" between Legal, Risk, Cyber, and Engineering.Maturity Modeling: Moving from passive Usage (SCA scanning) to active Contribution and eventually Strategic Leadership in the ecosystem.The "Security Sandwich": Balancing the speed of open source adoption with the rigorous supply chain security standards required by regulators.⚙️ Scaling Contribution: The Morgan Stanley & RBC PlaybooksThe leaders discuss how they’ve automated the "toil" out of open source contribution to empower thousands of developers:Frictionless Approval: Using tools like GitProxy and automated CLA (Contributor License Agreement) management to shorten the distance from "Idea" to "Pull Request."InnerSource as a Stepping Stone: Brittany Istenes explains how InnerSource (applying open-source patterns internally) builds the "muscle memory" needed for external contribution in a safe environment.Policy-as-Code: Leveraging frameworks like CALM (Common Architectural Language Model) to embed compliance and architectural standards directly into the development lifecycle.🛡️ Navigating the Regulatory LandscapeIn 2026, regulatory scrutiny of open source has intensified. The panel addresses how they meet these evolving standards:The OSR Body of Knowledge (BoK): Utilizing the FINOS-curated BoK to standardize "what good looks like" for auditors.Cyber Resilience Act (CRA) & Liability: Preparing for new global laws that hold software producers—including financial institutions—accountable for the security of their released code.SBOMs & Transparency: Transitioning from "knowing what we use" to "proving how we secure it" through high-fidelity Software Bills of Materials (SBOMs).The takeaway: Scaling open source readiness is no longer a technical choice; it is a business imperative for resilience and talent. By operationalizing OSPOs and contributing back to common standards, financial institutions can reduce redundant development costs, attract top-tier talent, and proactively satisfy the most demanding global regulators.#FINOS #OSFF #OpenSourceReadiness #OSPO #InnerSource #MorganStanley #RBC #FannieMae #FinTech #RegTech #SBOM #cyberresilience
More
🔑 Scaling Open Source Readiness in Financial Institutions | OSFF New York 🚀 Explore insights from #OSFFNYC – the premier event for open source in financial services.🌐 More about FINOS: https://www.finos.org/ LinkedIn: FINOS Foundation🚀 Explore insights from #OSFFNewYork by FINOS – the leading open source in finance conference.📚 OSR Body of Knowledge: https://osr.finos.org/ 🌐 More about FINOS: https://www.finos.org/ 📧 Join our newsletter: https://www.finos.org/sign-up 📥 Download the State of Open Source in Financial Services report: https://www.finos.org/state-of-open-source-in-financial-services 🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts 🗣️ Attend the next Open Source in Finance Forum: https://hubs.ly/Q03z9D9D0 LinkedIn: https://www.linkedin.com/company/finosfoundationIn this high-level panel, Peter Smulovics (Morgan Stanley), Brittany Istenes (Fannie Mae), and Elspeth Minty (RBC Capital Markets), moderated by Rob Moffat (FINOS), share the "battle-tested" blueprints for taking open source from a developer-led hobby to an enterprise-grade strategic asset.🏛️ The Infrastructure of Readiness"Open Source Readiness" (OSR) is the foundational ability of a firm to consume and contribute to open source while managing regulatory, legal, and security risks. The panelists outline the evolution of a firm's maturity:The OSPO as a Catalyst: How an Open Source Program Office acts as the "connective tissue" between Legal, Risk, Cyber, and Engineering.Maturity Modeling: Moving from passive Usage (SCA scanning) to active Contribution and eventually Strategic Leadership in the ecosystem.The "Security Sandwich": Balancing the speed of open source adoption with the rigorous supply chain security standards required by regulators.⚙️ Scaling Contribution: The Morgan Stanley & RBC PlaybooksThe leaders discuss how they’ve automated the "toil" out of open source contribution to empower thousands of developers:Frictionless Approval: Using tools like GitProxy and automated CLA (Contributor License Agreement) management to shorten the distance from "Idea" to "Pull Request."InnerSource as a Stepping Stone: Brittany Istenes explains how InnerSource (applying open-source patterns internally) builds the "muscle memory" needed for external contribution in a safe environment.Policy-as-Code: Leveraging frameworks like CALM (Common Architectural Language Model) to embed compliance and architectural standards directly into the development lifecycle.🛡️ Navigating the Regulatory LandscapeIn 2026, regulatory scrutiny of open source has intensified. The panel addresses how they meet these evolving standards:The OSR Body of Knowledge (BoK): Utilizing the FINOS-curated BoK to standardize "what good looks like" for auditors.Cyber Resilience Act (CRA) & Liability: Preparing for new global laws that hold software producers—including financial institutions—accountable for the security of their released code.SBOMs & Transparency: Transitioning from "knowing what we use" to "proving how we secure it" through high-fidelity Software Bills of Materials (SBOMs).The takeaway: Scaling open source readiness is no longer a technical choice; it is a business imperative for resilience and talent. By operationalizing OSPOs and contributing back to common standards, financial institutions can reduce redundant development costs, attract top-tier talent, and proactively satisfy the most demanding global regulators.#FINOS #OSFF #OpenSourceReadiness #OSPO #InnerSource #MorganStanley #RBC #FannieMae #FinTech #RegTech #SBOM #cyberresilience