SR 11-7 · PCI DSS 4.0 · SOX ICFR · FedRAMP-aligned

Finance reference architecture.

For banks, payments processors, broker-dealers, and capital markets. Compile bridge runs inside the customer VPC, primary account data never leaves the cardholder zone, every model run produces a receipt the model-risk team can hand to internal audit.

01Trust boundary

+==========================================================================+ | CUSTOMER VPC (cardholder data environment · CMK · FIPS 140-3 module) | | | | +-----------------+ +------------------------+ +-------------+ | | | Card / KYC docs | ---> | kolm compile bridge | ---> | .kolm | | | | (PAN, SSN, AML) | | (LoRA + verifiers) | | artifact | | | +-----------------+ +------------------------+ +-------------+ | | ^ | | | | | | PCI redactor | | | | v v | | +-----------------+ +------------------------+ +-------------+ | | | Audit log | <--- | PAN / SSN scrubber | | Inference | | | | (HMAC chain) | | + AML pattern guard | | on-prem | | | +-----------------+ +------------------------+ +-------------+ | | ^ | | +==========|=====================================================|===========+ | receipts + model-risk evidence (no PAN, no PII) | v v +==========================================================================+ | KOLM.AI · receipts + compliance pkg + public registry metadata | +==========================================================================+ Legend: ---> data flow <--- audit echo ==== trust boundary

Crosses the boundary

Receipts + model card.

Artifact SHA, K-score, run timestamps. No PAN, no SSN, no AML pattern hits. Receipts are payload-free.

Stays inside

Cardholder data + KYC docs.

FIPS 140-3 module in the CDE. Bridge reads, redacts, distills. The bridge cannot make outbound calls except receipt heartbeat.

Model-risk evidence

Receipt chain ≈ SR 11-7 trail.

Every model run signs into a chain. Inputs: artifact + K + verifier results. Internal audit re-checks offline with kolm inspect.

02Mapped to the frameworks the model-risk team owns

Standard	What it requires	How kolm meets it
SR 11-7 (Fed) · OCC 2011-12	Model inventory, conceptual soundness, ongoing monitoring, outcome analysis	Model card per .kolm + held-out eval suite + signed K-score + receipt chain for outcomes
PCI DSS 4.0 Req 3, 4	Protect stored account data + cryptography in transit	PAN never leaves CDE. Bridge runs inside. CMK encrypts seeds at rest.
PCI DSS 4.0 Req 10	Log + retain auditable record of access	HMAC receipt chain, 90-day default retention, exportable via `/v1/account/compliance-package`
SOX ICFR (Section 404)	Reasonable assurance over financial controls that use models	Same-bytes `kolm inspect` path means auditors don't trust kolm.ai — they trust the chain on the machine they brought.
NIST AI RMF (Govern, Map, Measure, Manage)	Documented risk tiering and evidence per system	K-score as a measurable; gate is the manage function; receipts are the evidence; /compliance/nist-ai-rmf
EU AI Act (high-risk)	Technical documentation + post-market monitoring	Spec · manifest · receipts — mapped in /compliance

03Day-zero deploy in a bank

Vendor onboarding (asynchronously, no sales call)InfoSec questionnaire: paste our /security, /subprocessors, /soc2 URLs into their procurement portal. SOC 2 Type I attestation in scope Q3 2026.
Sign the MSA + DPA (self-serve)E-sign at /upgrade?plan=enterprise. Optional PCI addendum for processor scope.
Deploy the bridge inside the CDETerraform module deploys behind the CDE perimeter. Egress controlled at the SG layer. Heartbeat to kolm.ai is HTTPS, payload-free.
Wire FIPS-validated KMSHSM-backed CMK (AWS CloudHSM or Azure Key Vault HSM tier). Every receipt signs with the customer key.
Run the KYC document classifier (45 min)Seed JSONL: 200 anonymised onboarding packets. Compile produces kyc-classifier.kolm at K≥0.92 with stable PAN/SSN placeholders.
Internal-audit walkthroughHand the chain to internal audit. kolm inspect on their laptop re-checks every run from the last 90 days. No call to kolm.ai required.

04Failure modes internal audit will ask about

What if…	What happens
Bridge attempts to exfiltrate a PAN	Egress harness drops it, ring-3 records bytes-out > 0, the run refuses to sign — flagged on the SLA dashboard.
Model drift between revisions	K-score recomputes at compile; a drop below gate refuses the artifact. Internal audit sees the K-score series in the compliance package.
Insider swaps the artifact	Receipt artifact SHA no longer matches bytes. `kolm inspect` fails closed (exit 5 CHECKSUM_FAIL).
Regulator asks for a model card	Compliance package contains: manifest, recipes, eval pass-rate, K decomposition, last 90 days of run-record hashes.
Vendor (us) is compromised	Receipts already signed with the customer CMK. We hold no signing key. A breach at kolm.ai cannot tamper with the chain.

05Vertical templates that ship today

KYC / AML

Document classifier

Onboarding docs → risk tier + missing-field flags. PAN/SSN auto-redacted.

Transactions

Anomaly explainer

Suspicious transaction → structured rationale + regulator-friendly narrative.

Disclosures

10-K / 10-Q reviewer

Diff against prior period, flag boilerplate vs material change for the disclosure committee.

More recipes: /cookbook · full vertical page: /finance