Sovereign AI for Custodian Banks and Asset Servicing: Reconciliation and NAV Intelligence On-Prem
Custody, corporate actions and NAV oversight run on client-segregated data that cannot leave the building, so the AI that reads it must be owned, air-gapped and provable rather than rented from a shared cloud.
The problem sits inside the walls, not in the cloud
A custodian bank holds other people's assets. That single fact reshapes every technology decision. Client-asset segregation under CASS, the fiduciary duty attached to safekept securities, and the operational resilience expectations of the PRA and FCA all point the same way. The records that describe who owns what cannot be copied into a shared, multi-tenant environment for a model vendor to process. Reconciliation breaks, corporate-action elections, NAV strikes and fails management are the beating heart of asset servicing, and they run on exactly the data regulators treat as most sensitive.
Generative AI is genuinely useful against this work. It can read a SWIFT MT564 corporate-action notice and a custodian sub-ledger side by side, surface a break before it ages, explain a NAV variance in plain language, and draft the client communication. The catch is that public-cloud AI asks you to send the underlying positions somewhere you do not control. For a custodian, that is not a procurement debate. It is a segregation and confidentiality question with a regulator on the other side of it.
Mickai exists to remove the trade-off. Mickai is a sovereign AI operating system: AI that a regulated firm owns and runs inside its own walls, on-premise and air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record. You get the intelligence without the egress.
Reconciliation and fails: intelligence that never leaves the sub-ledger
Reconciliation is a matching problem drowning in exceptions. Depot-to-sub-custodian, cash-to-securities, trade-date versus settlement-date, unmatched instructions ageing toward a fail. The volume is enormous and most of it is boilerplate, but the fraction that is not boilerplate is where loss and client harm live.
Mickai runs its intelligence over the exception queue in place. Air-gapped retrieval-augmented generation lets the model reason over your reconciliation ledgers, standing settlement instructions and counterparty history without any of that data crossing a network boundary. The index sits on hardware you own. A break is triaged, clustered against similar historic breaks, and annotated with a proposed root cause and next action, and none of it leaves the estate. When a settlement is trending toward a fail, the system flags the exposure and the likely CSDR penalty before the deadline rather than after.
NAV oversight the fund board can actually trust
A NAV is a promise. When it is wrong, or right for the wrong reason, the damage runs from the fund board to the end investor. Oversight of the NAV process, whether run in-house or across an outsourced administrator, increasingly falls under model-risk and operational-resilience scrutiny, and boards want more than a green tick.
Mickai treats NAV oversight as an evidence problem. Every price challenge, tolerance breach, stale-price flag and manual override is examined by the model and written to the audit record with its reasoning attached. A NAV variance is not just detected, it is explained, ranked by materiality, and linked to the inputs that moved. The Head of Model Risk gets an artefact that maps directly onto SS1/23 expectations for model governance. The board gets an oversight narrative it can read, question and stand behind, because the trail underneath it is signed and immutable.
The architecture, in plain terms
Under the surface, Mickai runs 50 specialised brains beneath a deterministic arbiter. The arbiter is the point. Fifty models producing fluent output is a liability inside a custodian unless something decides, reproducibly, which answer is authoritative and refuses to act when confidence is low. That is what makes the behaviour auditable rather than merely impressive.
Every consequential action is signed with ML-DSA-65, a post-quantum signature scheme, so the audit record is designed to survive the arrival of quantum decryption rather than becoming forgeable the day it lands. Identity is hardware-bound, so an instruction is provably tied to the machine and operator that raised it. High-consequence steps can require voice-biometric quorum, so a corporate-action election or a manual NAV override needs more than one verified human. And when something goes wrong, compensating rollback unwinds the action along a recorded path rather than leaving an orphaned change. This is the OAR, the Operational Audit Record, and it is the difference between an AI you deploy and an AI you can defend to a regulator.
Who this is for
The Chief Risk Officer gets exception intelligence that is explainable and bounded. The Chief Compliance Officer and MLRO get corporate-action and payment flows screened against sanctions and OFSI lists without shipping client data to a third party. The Data Protection Officer gets a system where a GDPR DPIA is straightforward because the data never moves and never leaves the jurisdiction, which also settles the CLOUD Act question that a US-headquartered cloud cannot. The Head of Internal Audit gets a signed record instead of a vendor assurance letter. And under DORA and the FCA and PRA operational-resilience regime, the Board and its non-executive directors get a critical AI capability that is not a concentration risk sitting inside a hyperscaler outside their control.
Momentum and the moat
Mickai is built and LIVE, and building to scale. The defensibility is deliberate: 104 filed UK patent applications spanning roughly 2,340 claims, held by Mickai LTD, covering the sovereign architecture from the audit schema to the arbiter to hardware-bound identity. Filed, not granted, which gives a priority date and a prior-art position while examination runs.
As a dated third-party signal, in June 2026 Mickai founder Micky Irons was verified at number four on Crunchbase, with the company placing in the global top one to two percent. We read that as external validation of the category, not a finish line. The sovereign AI market is projected to move from around 40 billion dollars in 2025 to roughly 148 billion by 2032, and the roughly 850,000 UK and five million EU businesses legally barred from public-cloud AI are the reason. Custodians and asset servicers sit squarely in that barred population.
To be clear about posture: Mickai is an ally to the frontier labs, not a challenger to them. The dual-buyer thesis is that regulated firms need to own their AI, and that the same sovereign estate is exactly the kind of capability a hyperscaler would eventually want to own. Both roads run through the same patented architecture.
Working with selected partners
We are engaging a small number of selected partners, chosen for strategic fit in regulated financial infrastructure rather than for speed. This is a selection, not a scramble. If you run custody, fund services or asset servicing and the segregation problem I have described is yours, I would rather have one conversation with the right institution than ten with the wrong ones.
Reach me directly at micky@mickai.co.uk.
Micky Irons, founder and CEO of Mickai.
FAQ
Can AI process custody and NAV data without breaching client-asset segregation? Yes, if the AI runs where the data already sits. Mickai is deployed on-premise and air-gapped, so reconciliation ledgers, positions and NAV inputs are never copied to a shared cloud. The intelligence comes to the data, which keeps segregation and confidentiality intact.
How does Mickai support SS1/23 model risk and NAV oversight? Every price challenge, tolerance breach and override is examined and written to a signed, tamper-evident audit record with its reasoning attached. That gives the Head of Model Risk and the fund board an explainable, immutable evidence trail that maps onto model-governance and oversight expectations.
What makes the audit record defensible under DORA and operational resilience rules? Actions are signed with ML-DSA-65 post-quantum signatures, identity is hardware-bound, and high-consequence steps can require voice-biometric quorum. Because the capability runs inside the firm rather than a hyperscaler, it also avoids the third-party concentration risk that DORA and PRA and FCA resilience rules scrutinise.
Is Mickai available now? Yes. Mickai is built and LIVE and building to scale, with a UK company and Birmingham manufacturing secured. Selected partners in regulated financial infrastructure can engage directly.
Frequently asked questions
Can AI process custody and NAV data without breaching client-asset segregation?
Yes, if the AI runs where the data already sits. Mickai is deployed on-premise and air-gapped, so reconciliation ledgers, positions and NAV inputs are never copied to a shared cloud. The intelligence comes to the data, which keeps segregation and confidentiality intact.
How does Mickai support SS1/23 model risk and NAV oversight?
Every price challenge, tolerance breach and override is examined and written to a signed, tamper-evident audit record with its reasoning attached. That gives the Head of Model Risk and the fund board an explainable, immutable evidence trail that maps onto model-governance and oversight expectations.
What makes the audit record defensible under DORA and operational resilience rules?
Actions are signed with ML-DSA-65 post-quantum signatures, identity is hardware-bound, and high-consequence steps can require voice-biometric quorum. Because the capability runs inside the firm rather than a hyperscaler, it also avoids the third-party concentration risk that DORA and PRA and FCA resilience rules scrutinise.
Is Mickai available now?
Yes. Mickai is built and LIVE and building to scale, with a UK company and Birmingham manufacturing secured. Selected partners in regulated financial infrastructure can engage directly.






