MICKAI
Article · 1 July 2026

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review

BNPL providers and neobanks can run affordability and fraud models on-prem, with a signed, tamper-evident decision record per applicant that holds up when the FCA pulls a file.

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review
Author
Micky Irons
Published
1 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The moment a file gets pulled

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 1

Every BNPL provider and neobank operating in the UK knows the moment that decides the audit. A supervisor requests a specific applicant. Not a cohort, not a dashboard, one person. They want to see why that customer was approved for credit, what data the affordability model used, what the fraud engine flagged and how it resolved that flag, who signed off, and whether the decision was consistent with the policy in force that day. Under FCA Consumer Duty, the answer has to show a good outcome was reasonably foreseeable. Under SM&CR, a named senior manager owns that answer personally.

The problem is not that the models are wrong. The problem is that most affordability and fraud stacks cannot reconstruct a single decision with cryptographic certainty months after the fact. Logs get rotated. Feature values drift. The model version in the git tag does not always match what actually scored the applicant. When the record is a best-effort reconstruction, the file review becomes an argument rather than a demonstration.

Mickai is built to end that argument. It is a sovereign AI operating system: AI that a regulated lender owns and runs inside its own walls, on-prem and air-gapped, where every material action is written to a tamper-evident, post-quantum-signed audit record. We call that record the OAR. For a BNPL or neobank affordability decision, the OAR is the file the supervisor asked for, already assembled, already signed, already provably unaltered.

What a signed decision record actually contains

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 2

An affordability or fraud decision inside Mickai does not just return an outcome. It emits a structured record bound to that specific applicant and that specific moment. The OAR captures the model identity and version hash, the exact feature inputs, the policy thresholds applied, the fraud signals raised and how they were resolved, any human override and the identity behind it, and the final determination. That whole record is signed with ML-DSA-65, a post-quantum signature scheme, so it stays verifiable even against a future adversary with a quantum computer. The signing identity is hardware-bound, so a record cannot be forged by copying a key onto another machine.

The practical effect for a Head of Model Risk is that reconstruction stops being a project. When the FCA, an internal auditor, or an Ombudsman complaint asks about applicant X, you retrieve one signed record and verify the signature. If it verifies, it is exactly what the model did. If a single byte changed, verification fails and everyone knows. Under SS1/23 model risk management expectations, that is the difference between asserting model governance and evidencing it.

Affordability, fraud, and the on-prem line

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 3

Affordability data is some of the most sensitive a lender holds: income, bank transaction detail, dependants, existing obligations. Running that through a public-cloud AI service means moving special-category and financial data across a boundary you do not control, into a model you cannot inspect, under terms that may expose it to foreign legal process such as the CLOUD Act. For a growing slice of regulated firms that is now a governance red line rather than a preference.

Mickai runs the whole stack where the data already lives. Nemesis, our fraud and AML Studio, and Tyche, our underwriting Studio, score inside your perimeter using air-gapped retrieval, so the model reasons over your policy documents and your data without either leaving the building. Plutus handles the finance logic and Nomos maps decisions to the compliance regime. There is no egress to audit, no third-party sub-processor to chase, no data-residency exception to write. The affordability engine and the fraud engine sit on the same substrate, sign the same style of record, and give your MLRO and DPO one consistent evidence trail instead of two disconnected ones.

The architecture your CRO can sign under

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 4

Underneath the Studios is a deliberate design. Fifty specialised brains operate under a single deterministic arbiter, so the same inputs and the same policy produce the same decision every time. That determinism is what lets a CRO stand behind a model in front of a board. Where a decision must be unwound, compensating rollback reverses the action and records the reversal rather than silently overwriting history. High-authority actions can require a voice-biometric quorum, so no single operator can push a sensitive change alone.

This matters for operational resilience obligations under the PRA and FCA and for DORA readiness. An air-gapped, hardware-bound system with no cloud dependency has a smaller attack surface and no third-party outage that can take your credit decisioning offline. The Board and its non-executive directors get a straight answer to the resilience question: the system runs even if the internet does not.

Why the timing matters

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 5

Mickai is built and LIVE, and we are building to scale from a UK base with Birmingham manufacturing secured. The estate behind it is 104 filed UK patent applications with roughly 2,340 claims, inventor Micky Irons, held by Mickai LTD. Filed, not granted, which gives priority and a prior-art position while the category forms. As a dated third-party momentum signal, Micky Irons was ranked number four on Crunchbase as verified in June 2026, with the company placed in the top one to two percent globally.

I want to be clear about the posture. Mickai is an ally to the wider AI ecosystem, not a challenger trying to unseat anyone. The thesis is that regulated firms need to own and run their AI, and that the same substrate serves two buyers: the operator who deploys it and the strategic buyer who would want to own a category defined around sovereign, provable AI decisioning.

For consumer credit and digital banking leaders

Sovereign AI for BNPL and Neobanks: Affordability Decisions That Survive an FCA File Review, illustration 6

Mickai is a live system, and early design partnership in a live system is worth more when the category is still forming. If you run affordability or fraud at a BNPL provider or neobank and you want decisions that survive a file review by construction rather than by scramble, I would welcome the conversation.

Micky Irons, founder and CEO of Mickai. Contact: micky@mickai.co.uk

Frequently asked questions

How does Mickai help a BNPL or neobank pass an FCA file review?

When a supervisor requests a specific applicant, Mickai retrieves one signed decision record for that person. It contains the model version, the exact inputs, the policy thresholds applied, fraud signals and their resolution, any human override, and the outcome, all signed with a post-quantum scheme. If the signature verifies, it is provably what the model did on that day, which turns reconstruction into a single verification step aligned with Consumer Duty and SS1/23 expectations.

Does affordability data leave the building?

No. Mickai runs on-prem and air-gapped. Affordability and fraud models score inside your perimeter using air-gapped retrieval, so special-category and financial data never crosses a boundary you do not control and is never exposed to a third-party sub-processor or to foreign legal process such as the CLOUD Act.

What makes the audit record tamper-evident?

Each record is signed with ML-DSA-65, a post-quantum signature scheme, and the signing identity is hardware-bound. If any byte of the record changes, verification fails. Because the key is tied to the machine, a record cannot be forged by copying it elsewhere, so the OAR stands as evidence rather than assertion.

How does this support SM&CR and a Head of Model Risk?

A named senior manager can point to a deterministic arbiter that produces the same decision from the same inputs and policy, plus a per-applicant signed record and compensating rollback for any reversal. That moves model governance from a claim into evidence a CRO or Head of Model Risk can stand behind in front of a board.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-ai-for-bnpl-and-neobanks-affordability-at-the-model-risk-line. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles