The FINOS AI Governance Framework (AIGF)
The FINOS AI Governance Framework (AIGF) is an open-source AI governance framework developed through the Fintech Open Source Foundation by leading financial institutions and AI infrastructure experts. It defines risks across 25 categories and maps them to global regulatory frameworks including the EU AI Act, DORA, NIST AI RMF, ISO 42001, OWASP, and MITRE ATLAS.
Version 2.0, released in late 2025, added a dedicated agentic AI risk catalogue with six new risk categories specific to autonomous architectures — making AIGF the first industry framework to formally address agentic AI threats.
What AIGF Covers
The AIGF provides a comprehensive taxonomy of risks, controls, and mitigations for AI deployed in regulated industries:
- 25 risk categories spanning model risk, data risk, operational risk, and security risk
- Agentic AI risk catalogue (v2.0) — six new categories for autonomous systems
- Mappings to the EU AI Act, DORA, NIST AI RMF, ISO 42001, OWASP, and MITRE ATLAS
- Reference control patterns — open source, vendor-neutral
- Maintained by practitioners at major financial institutions
Why AIGF Matters
Most AI governance frameworks are either vendor-driven (limited to one product), regulator-driven (focused on one jurisdiction), or consultant-driven (bespoke per engagement). AIGF is institution-driven — built by and for the organizations that operate AI at regulatory scale — and therefore maps naturally to procurement and operating standards.
Codified risks become procurement requirements. Institutions contributing to v2.0 are beginning to require AIGF alignment as a condition of deployment.
How Reign Maps to AIGF
Reign, iTmethods' enterprise AI governance platform, maps to all 25 AIGF risk categories including the six new agentic risks in v2.0. The AI Gateway enforces policy at the moment of tool invocation and agent action; the Evidence Engine produces regulator-grade compliance artifacts as a byproduct of operation.