Open Source in Finance Forum London 2026

Financial services organizations are rapidly exploring agentic AI to automate complex workflows. However, the dynamic and distributed nature of such systems introduces new governance and security challenges. In this session, we present a practical demonstration of an MCP (Model Context Protocol) server built on top of the FINOS AI Governance Framework (AIGF) — showing how open-source risk catalogues and governance controls can be enforced and operationalised in live agentic workflows.

Multi-agent systems in regulated environments introduce a new class of operational risk: not whether agents can act, but how far their authority extends and what stops them from exceeding it. Autonomy creep is a hard problem, especially when agents can spawn and orchestrate other agents. This session presents the Autonomy Levels (A0–A4) defined in the AIGF Multi-Agent Reference Architecture (also merged into the AIGF taxonomy) and a pragmatic, cloud native way to enforce those guardrails from low to high autonomy. The approach targets real-world stacks built on Kubernetes and Flux CD, using a simple control model: agents propose, humans approve (where required), Flux reconciles, and the cluster enforces policy where admission control can make autonomy policies enforceable at runtime by consulting external sources of truth, e.g. an agent registry / entitlement list (is this agent allowed to run?). Unregistered agents, and unapproved “spawn-a-new-agent” attempts are rejected before they land. A service mesh policy layer limits A2A communication, and coordination stays within approved boundaries. Stack logs are consumed in real-time to understand policy-violating actions.

The financial industry has long struggled to bridge the gap between standardized XBRL data and the nuanced reasoning needed for deep analysis. Traditional retrieval methods often treat complex disclosures as flat text, losing critical semantic relationships between line items, footnotes, and temporal periods.

This session introduces Graph-Grounded Agentic Retrieval. Using open-source tools like docling and docling-graph, we transform raw XBRL filings into hierarchical knowledge graphs that mirror the inherent structure of financial reporting. We also offer a data-driven demonstration of why graph-based approaches are superior for AI agents. Finally, as part of the FINOS AI Evaluation and Benchmarking stream, we use a rigorous framework to map the "reasoning trajectory" of agents navigating these graphs. Benchmarking against datasets like FinDER and FinAgentBench, we provide empirical evidence that grounding agents in document structure significantly reduces hallucinations and increases factual consistency over standard RAG.

The audience will leave with a blueprint for a verifiable, high-precision retrieval architecture for regulated financial content.

With the implementation of DORA and evolving PRA expectations in EU and UK, the "black box" approach to cloud security is no longer an option. Regulators want transparency, and firms want agility. The FINOS Common Cloud Controls (CCC) project is the bridge between these two worlds.

Join Rob Moffat (FINOS) and Sonali Mendis (project maintainer) as they showcase how CCC has transitioned from theory to "Regulation-as-Code" through the latest Core Catalog and AI control releases. They will demonstrate how this open-source collaboration is building the definitive, machine-readable blueprint for 2026 regulatory resilience and cross-cloud consistency.

This talk is ideal for leaders and individual contributors working in compliance, security, or cloud infrastructure.

In highly regulated environments like financial services, a production issue isn't just downtime. It's potential regulatory exposure, audit liability, and cascading business disruption. Current root cause analysis and remediation workflows are often slow, manual, and introduce unnecessary stress: an on-call engineer gets paged at 2am, spends hours correlating across observability tools, drafts a fix under pressure, and hopes it passes review before the SLA clock runs out.

This session introduces a paradigm shift. By pairing an AI SRE agent with GitHub Copilot, we create a pipeline that moves from on-call alert to a tested, compliant PR in minutes, not hours. You'll see live how the SRE agent receives an alert, correlates data, and produces an RCA with supporting evidence. Using the RCA as context, we drive a targeted fix, run it through security scanning and test pipelines, and open a fully documented PR all through agentic orchestration. Attendees will leave with an architectural pattern for wiring together AI agents via MCP—and a clear picture of how agentic incident response can be the foundation of a process that is faster, more auditable, and built for regulated environments.

It all started in 2022 with a chatbot named ChatGPT. Who knew the impact it would have on the industry just a few years later?

We have been on a roller-coaster ride. In 2022 we pair programmed with GitHub Copilot. In 2023 we talked with our AI, gaining codebase-level assistance through tools like Cursor. In 2024, foundation model capability increased significantly, and alongside proprietary tools we saw a surge of powerful open source models and frameworks, pushing reasoning models towards fully autonomous "AI engineers". Last year, we vibe coded, marvelled at Claude Code, and realised that software engineering will never be the same again.

2026 is going to be the year of agentic coding. The year AI eats software. So what now?

In this talk, I will take a look at the reality on the ground. The gap between these incredible tools and the challenges faced in brownfield projects with messy data, poor tests, and slow SDLCs.

We will explore how to make the most of today’s tools, when to pair program with AI, when to delegate to an agent, and how to create an effective "agentic loop".

Finally, we will take a step back and ask what this all means for us in the long term.

Building quantitative analytics often requires rapid prototyping and frequent iteration. In practice, models are developed in isolated environments using inconsistent tools, creating inefficiencies, governance risks, and performance limitations that lead to costly rewrites when scaling to production. This session describes how we adopted a platform-engineering approach to model development and execution, enabling high delivery velocity without sacrificing architectural control.

Rather than treating each model as a standalone implementation, we built a standardised model execution platform with semantic data access, reusable runtime services, and specification-based model definitions. The platform supports scenario analysis, back-testing, and interchangeable data sets, with performance, reproducibility, and governance built in by design.

The talk shows how re-engineering the model lifecycle around a shared platform removed repeated rewrites and enforced consistent architecture across teams. Specifications are executable and runtime behaviour is standardised. Testing, performance, and data provisioning are built into the core, enabling scale and keeping engineering discipline.