Private AI infrastructure for a regulated financial institution.
Self-hosted large language models deployed inside the bank's own network. No customer data leaves the environment. Full regulatory governance from day one.
Key Outcomes
70% Cost Reduction
AI operating costs cut by 70% compared to third-party API calls across all business lines
Zero Data Leakage
All inference runs inside the bank's private VPC. No customer data touches external services
4 Business Lines
Fraud, credit risk, compliance, and customer intelligence all running on one platform within 3 months
FCA-Compliant AI
Every prompt, response, and model version logged with immutable audit trail
"Most consultancies told us to plug in OpenAI. Stratus built us a private AI platform that keeps our data inside our walls and gives our regulators exactly what they need."
Chief Technology Officer, UK Financial Institution~6mo
Engagement length
4 lines
Business lines onboarded in first quarter
FCA/PRA
Compliance frameworks
100%
Infrastructure as Code
Live
In production across fraud, credit, compliance, and customer teams
Executive Summary
One platform. Four business lines. Zero data leaving the building.
A UK financial institution wanted to deploy AI across fraud detection, credit risk assessment, regulatory reporting, and customer intelligence. But every option on the market had the same problem. Third-party AI services like OpenAI require customer data to leave the bank's network. Regulators will not accept that. The cost of API calls was already running into six figures monthly with no visibility into usage. And the FCA requires full explainability and audit trails for any AI involved in financial decisions. Off-the-shelf tools could not provide this. The bank needed its own private AI platform, purpose-built for a regulated environment.
| Capability | Before (Third-Party AI APIs) | After (Private AI Platform) |
|---|---|---|
| Data Residency | Customer data sent to external AI providers. No control over where it is processed | All inference inside the bank's private VPC. Zero data leaves the network boundary. |
| Cost Visibility | Six-figure monthly API spend. No breakdown by team or use case. No cost controls | Token-level usage tracking per team. FinOps dashboards. Automated chargeback per business line. |
| Model Governance | Black-box AI. No visibility into model behaviour. No audit trail for regulators | Every prompt and response logged. Model versioning, bias testing, and drift detection automated. |
| Scalability | Rate-limited by third-party provider. Latency spikes during peak periods | Private GPU fleet with auto-scaling. Consistent sub-200ms inference latency. |
| Regulatory Compliance | No FCA-compliant governance. No explainability. No model cards | Full model governance framework. FCA-ready audit trail. Explainability built into every response. |
Strategic Architecture Overview
Private AI Platform Architecture
Business applications connect to a centralised model gateway. The gateway routes requests to the optimal model based on task complexity. All inference runs on private GPU instances inside the bank's VPC.
Intelligent Routing
Simple tasks go to small, fast models. Complex analysis goes to larger models. Cost is optimised automatically without any team needing to think about it.
Fine-Tuned Models
Models are trained on the bank's own data. Transaction patterns, internal policies, regulatory documents. The AI speaks the bank's language.
Full Governance
Every request logged. Every model versioned. Every decision traceable. Built for the FCA, not retrofitted for them.
flowchart TB
subgraph VPC["Bank's Private VPC"]
subgraph Apps["Business Applications"]
FD["Fraud\nDetection"]
CR["Credit\nRisk"]
CO["Compliance"]
CI["Customer\nIntel"]
end
FD --> GW["Model Gateway\n(Central Router)"]
CR --> GW
CO --> GW
CI --> GW
subgraph GPU["Private GPU Fleet"]
SM["Small Model\n(Mistral 7B)\nFast Tasks"]
LM["Large Model\n(Llama 70B)\nComplex Tasks"]
FT["Fine-Tuned Models\nBank-Specific"]
end
GW --> SM
GW --> LM
GW --> FT
subgraph GOV["Governance Layer"]
AL["Audit\nLogger"]
MR["Model\nRegistry"]
DM["Drift\nMonitor"]
end
GW --> AL
GW --> MR
GW --> DM
end
style VPC fill:#0B0C10,stroke:#7c3aed,color:#fff
style Apps fill:#1a1a2e,stroke:#7c3aed,color:#fff
style GPU fill:#1a1a2e,stroke:#7c3aed,color:#fff
style GOV fill:#1a1a2e,stroke:#7c3aed,color:#fff
style FD fill:#6b21a8,stroke:#7c3aed,color:#fff
style CR fill:#6b21a8,stroke:#7c3aed,color:#fff
style CO fill:#6b21a8,stroke:#7c3aed,color:#fff
style CI fill:#6b21a8,stroke:#7c3aed,color:#fff
style GW fill:#4c1d95,stroke:#7c3aed,color:#fff
style SM fill:#1a1a2e,stroke:#7c3aed,color:#fff
style LM fill:#1a1a2e,stroke:#7c3aed,color:#fff
style FT fill:#6b21a8,stroke:#7c3aed,color:#fff
style AL fill:#1a1a2e,stroke:#7c3aed,color:#fff
style MR fill:#1a1a2e,stroke:#7c3aed,color:#fff
style DM fill:#1a1a2e,stroke:#7c3aed,color:#fff
← Scroll to explore diagram →
Architecture Overview
The Private AI Architecture Stack
Every component earns its place by solving a specific infrastructure, cost, or governance challenge. Nothing generic. Nothing unnecessary.
Infrastructure Layer
The Private GPU Platform
- Amazon EC2 GPU Instances (p4d/g5) Dedicated GPU compute for model inference. Auto-scaling fleet that scales up during business hours and scales down overnight. No shared tenancy.
- Amazon SageMaker Endpoints Model serving with A/B testing and canary deployments. New model versions rolled out gradually with automatic rollback if accuracy drops.
- Amazon VPC + PrivateLink Complete network isolation. All traffic stays inside the bank's VPC. No internet egress. Private endpoints for every service.
Intelligence Layer
The Model Operations Platform
- Model Gateway (ECS Fargate) Centralised routing layer. Analyses each request and sends it to the best model for the job. Tracks token usage and cost per request.
- Fine-Tuning Pipeline (SageMaker) Automated retraining on the bank's own data. Models improve continuously as new transaction patterns and regulatory guidance emerge.
- Governance Dashboard (OpenSearch + S3) Real-time visibility into model performance, cost per business line, prompt/response logs, and regulatory compliance status.
Use Cases in Production
What the AI actually does, every day
Six capabilities running on one platform. Each one replaces a manual process, reduces risk, or surfaces intelligence that was previously invisible to the business.
01
Transaction Monitoring
Input Real-time transaction feeds from core banking, card payments, and digital channels
Process The AI scores every transaction against learned customer behaviour. It understands what normal looks like for each account. Unusual amounts, unfamiliar locations, odd timing, and rapid sequences of transfers are all flagged instantly
Output A risk score for every transaction. High-risk alerts routed to compliance analysts with full context and recommended next steps
02
Credit Risk Assessment
Input Bank statements, payslips, company accounts, credit bureau data, and customer transaction history
Process The AI extracts key financial data from unstructured documents automatically. It builds a comprehensive risk profile in minutes, not days. Inconsistencies, red flags, and patterns that human reviewers might miss across hundreds of pages are surfaced immediately
Output A credit risk score with full rationale. Document extraction summary. A clear recommendation to approve, decline, or escalate for enhanced review
03
Regulatory Document Analysis
Input FCA publications, PSD2 requirements, MiFID guidance, internal policy documents, and compliance circulars
Process The AI reads and interprets dense regulatory text, then produces clear summaries. It identifies sections relevant to the bank and cross-references new guidance against existing internal policies to highlight gaps or conflicts automatically
Output Plain-English regulatory summaries. Gap analysis reports highlighting policy conflicts. Prioritised action items for the compliance team. Weeks of manual reading reduced to minutes
04
Customer Intelligence
Input Customer complaints, support emails, call transcripts, satisfaction surveys, and social media mentions
Process The AI analyses sentiment across every customer interaction. It categorises issues, spots recurring patterns, and detects emerging service problems before they become widespread. It also identifies customers at risk of leaving based on changes in communication tone and complaint frequency
Output A real-time customer health dashboard. Early warning alerts when service quality drops. Retention risk scoring by customer segment so the bank can act before it loses accounts
05
Network Analysis for Money Laundering
Input Transaction history across all accounts, entity relationships, beneficial ownership data, and external watchlists
Process The AI maps hidden relationships between accounts, entities, and transactions to uncover layered money laundering networks. A single account might appear clean when viewed alone. But the AI reveals that it connects to dozens of other accounts, all receiving funds from the same source within a short window. Traditional systems examine one transaction at a time. This examines the entire web of connections at once
Output Network visualisation maps showing hidden connections. Risk-scored entity clusters. Relationship alerts with full transaction trails. Evidence packs ready for SAR filing and regulatory submission
06
Predictive Model Drift Detection
Input Live model predictions, historical accuracy baselines, analyst feedback, and real-world outcome data
Process The AI monitors its own accuracy continuously. Financial crime patterns shift constantly as criminals adapt their methods. The platform tracks whether each model's predictions still match real-world outcomes. When accuracy drops below the defined threshold, retraining is triggered automatically on fresh data. No human needs to spot the degradation. The system corrects itself before performance suffers
Output Model health dashboards showing live accuracy metrics. Automated retraining triggers when drift is detected. Alerts for the governance team. A full audit trail of every model version, every performance change, and every retraining event
Operating Model
From scattered API calls to one governed platform
Four business lines now access AI through a single gateway. Every request is routed, every token is tracked, and every model is versioned for regulatory traceability.
What changed operationally
- AI as a Governed Internal Service Four business lines access AI through one central gateway. No team runs their own models. No shadow AI. No ungoverned experiments. One platform, fully controlled.
- Cost Under Control Token-level tracking per team and use case. Monthly FinOps reports. AI spend dropped 70% compared to external API calls.
- Continuous Improvement Models retrained weekly on new data. Performance monitored for drift. The platform gets smarter without manual intervention.
Deliverables
- Private GPU infrastructure on EC2 with auto-scaling and spot instance optimisation
- Model gateway with intelligent routing, token tracking, and cost allocation
- Fine-tuning pipeline for bank-specific model training on internal data
- Governance framework with audit logging, model cards, bias testing, and drift detection
- FinOps dashboard with per-team cost visibility and chargeback reporting
- Onboarding playbook for new business lines to connect in under one week
Regulatory Compliance
Built for the regulator, not retrofitted
The FCA expects institutions using AI in financial decisions to demonstrate explainability, fairness, and accountability. The PRA requires operational resilience of critical AI systems. This platform was designed to satisfy both from the ground up.
Regulatory Controls
- FCA Explainability Requirements Every AI-assisted decision includes a human-readable explanation. Credit decisions, fraud alerts, and compliance flags all come with clear rationale.
- PRA Operational Resilience Private GPU fleet with multi-AZ deployment. No single point of failure. If one GPU instance fails, traffic routes automatically to healthy instances.
- Model Risk Management Full model lifecycle governance. Version control, performance baselines, bias testing, and automated drift detection. Model cards maintained for every model in production.
Outcome
- FCA audit-ready from day one. Full prompt/response logs, model versioning, and decision traceability available on demand.
- Zero data sovereignty incidents. No customer data has left the bank's network boundary since go-live.
- 70% cost reduction. Consolidated four separate AI vendor contracts into one internal platform with full cost visibility.
Private AI for Regulated Institutions
Ready to Own Your
AI Infrastructure?
Third-party AI APIs create data sovereignty risk and uncontrolled costs. We build private AI platforms that keep your data inside your walls and give your regulators exactly what they need.