Nemesis: Real-Time AML and Sanctions Screening That Never Leaves the Bank
Mickai's Nemesis Studio runs fraud, AML, and sanctions screening on-prem so transaction data and watchlist hits stay inside regulated walls, with every alert written to a tamper-evident, post-quantum-signed audit record.
The screening problem nobody wants to name
Every bank, payments firm, and regulated lender runs anti-money-laundering and sanctions screening. The compliance team knows the real tension that sits underneath it. The most capable detection models live in public clouds, and the data they need to be effective is the data you are least allowed to send anywhere.
A single transaction screen touches account holders, counterparties, beneficial owners, payment narratives, and a live hit against sanctions and politically-exposed-persons lists. That is special-category and financial data of the most sensitive kind. Push it to a third-party model endpoint and you have created a cross-border data transfer, a CLOUD Act exposure, and a supervisory question you do not want to answer in a PRA review.
So firms compromise. They run thin rules-based filters they can host themselves, accept the false-positive flood, and keep the smarter models at arm's length. Detection quality suffers and the alert backlog grows. This is the gap Nemesis was built to close.
What Nemesis is
Nemesis is the fraud and AML Studio inside Mickai, the sovereign AI operating system. Mickai is AI that regulated businesses own and run inside their own walls, on-prem and air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record we call the OAR. It is built and live, not a concept.
Nemesis brings real-time transaction monitoring, sanctions and watchlist screening, entity resolution, and behavioural anomaly detection into the bank's own environment. The models run on the bank's hardware. The transaction stream never leaves the perimeter. The watchlist hits, the fuzzy-match scores, the network links, and the analyst decisions all stay inside the regulated boundary where they belong.
This is the core of the sovereign-AI thesis. You do not have to choose between modern detection and data control. Nemesis gives you both because the intelligence comes to the data, not the other way around.
How it works inside the wall
A payment or onboarding event enters Nemesis through the bank's own infrastructure. Nemesis resolves the entities involved, deduplicates against known parties, and runs them against sanctions, PEP, and adverse-media lists held locally. It scores the transaction for behavioural anomalies, looks for structuring and layering patterns across the account network, and ranks the alert by genuine risk rather than raw keyword collision.
Because the matching, scoring, and model inference all happen on-prem, there is no external call to log, no data-residency exception to file, and no foreign-jurisdiction reach over your customer data. For an air-gapped deployment the watchlists are mirrored inside and refreshed through a controlled channel, so even the act of screening leaves no outbound trace.
Every step produces an entry in the OAR. When a transaction is held, when a hit is escalated, when an analyst clears or files, the action is written to a record that is tamper-evident and post-quantum-signed. That matters for AML because your obligation is not only to detect. It is to prove, months or years later, exactly what you knew, when you knew it, and what you did. Nemesis turns that proof from a reconstruction exercise into a byproduct of the work itself.
Why this is a regulatory wedge, not a feature
The firms that need this most are the ones that legally cannot send data to public-cloud AI. In the UK that is roughly 0.85 million businesses, about 15 percent of the economy. Across the EU it is closer to 5 million. The drivers are concrete: PRA SS2/21 on model risk, UK GDPR special-category handling, the EU AI Act's high-risk classification for credit and fraud decisioning, NIS Regulations, and the long arm of the US CLOUD Act over any data touching American providers.
The wider sovereign-AI market reflects this pull, growing from around USD 40 billion in 2025 toward an estimated USD 148 billion by 2032. Nemesis sits precisely where regulation and capability collide. It is not a nicer screening dashboard. It is the posture that lets a supervised institution adopt modern detection without breaching the rules it operates under.
Where Nemesis fits in the wider system
Mickai is delivered as Greek-named Studio modules that share the same sovereign substrate and the same OAR. Nemesis handles fraud and AML. Nomos handles compliance, Astraea legal, Tyche underwriting, Plutus finance, and Aletheia audit, alongside Trust Agent, the AMT, Vinis voice, and OAR-as-a-Service. A firm can run Nemesis on its own or stand it next to the others so a sanctions hit, a credit decision, and a compliance position all write to one auditable spine.
The intellectual property behind this is substantial. Mickai LTD holds 104 filed UK patent applications, around 2,340 claims, with myself as inventor. These are filed, not granted. The point is to establish priority and a prior-art moat around how sovereign, audited AI actually works.
As a dated, third-party momentum signal, in June 2026 I was ranked number four on Crunchbase by CB Rank for people, verified live, with the Mickai company profile in the top one to two percent globally. I cite it once, as an external read on traction at that point in time rather than a permanent claim. We are a UK company, with Birmingham manufacturing secured, and we are building to scale.
Mickai is an ally to your existing stack
Nemesis does not ask you to rip out your core banking platform or your case-management tooling. It is designed to sit alongside what regulated firms already run, taking on the AI-heavy detection and audit work that public-cloud models cannot safely do for you. This is a dual-buyer thesis. The compliance and risk function gets better detection with a cleaner audit trail. The technology and security function gets a system that never widens the data perimeter. Mickai is positioned as an ally to regulated institutions and the platforms they depend on, not a replacement for everything they have.
The opportunity to get involved
Nemesis is live and the broader Mickai system is built. A pre-seed window is open to selected partners as Mickai scales. This is an invitation to get involved early in a sovereign-AI platform with a real patent position and a clear regulatory wedge. If you run compliance, risk, or technology inside a regulated firm, or you invest where regulation creates durable demand, I would like to talk.
Reach me directly at micky@mickai.co.uk.
By Micky Irons, founder and CEO of Mickai.
FAQ
Does transaction data ever leave the bank when using Nemesis? No. Nemesis runs on the bank's own hardware, on-prem or fully air-gapped. Transaction streams, watchlist hits, match scores, and analyst decisions stay inside the regulated perimeter. There is no external model call to log and no cross-border transfer to declare.
How does Nemesis help with AML audit and supervisory requirements? Every screening action, escalation, and analyst decision is written to the OAR, a tamper-evident, post-quantum-signed audit record. When a supervisor asks what you knew and when, the proof is already captured as a byproduct of the work rather than reconstructed after the fact.
Which regulations make on-prem screening necessary? Drivers include PRA SS2/21 model-risk expectations, UK GDPR special-category handling, the EU AI Act high-risk classification for fraud and credit decisioning, NIS Regulations, and the US CLOUD Act's reach over data touching American cloud providers.
Can Nemesis run alongside our existing systems? Yes. Nemesis is built to sit beside your core banking and case-management tooling, taking on the AI detection and audit workload without widening your data perimeter or requiring a rip-and-replace.
Frequently asked questions
Does transaction data ever leave the bank when using Nemesis?
No. Nemesis runs on the bank's own hardware, on-prem or fully air-gapped. Transaction streams, watchlist hits, match scores, and analyst decisions stay inside the regulated perimeter. There is no external model call to log and no cross-border transfer to declare.
How does Nemesis help with AML audit and supervisory requirements?
Every screening action, escalation, and analyst decision is written to the OAR, a tamper-evident, post-quantum-signed audit record. When a supervisor asks what you knew and when, the proof is already captured as a byproduct of the work rather than reconstructed after the fact.
Which regulations make on-prem screening necessary?
Drivers include PRA SS2/21 model-risk expectations, UK GDPR special-category handling, the EU AI Act high-risk classification for fraud and credit decisioning, NIS Regulations, and the US CLOUD Act's reach over data touching American cloud providers.
Can Nemesis run alongside our existing systems?
Yes. Nemesis is built to sit beside your core banking and case-management tooling, taking on the AI detection and audit workload without widening your data perimeter or requiring a rip-and-replace.






