MICKAI
Article · 1 July 2026

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data

Remittance and FX firms carry sanctions exposure across every corridor they serve, yet the transaction data that proves compliance is the last thing they can afford to hand to a public-cloud AI vendor. Mickai runs the monitoring inside their own walls.

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data
Author
Micky Irons
Published
1 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The corridor is the crown jewel

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 1

A money-remittance or FX business lives or dies by its corridors. The routing between a sender in one jurisdiction and a beneficiary in another, the pricing, the volumes by hour and by counterparty, the pattern of who pays whom and how often: that is the entire commercial and compliance surface of the firm. It is also, uncomfortably, the exact dataset a modern AML programme needs to feed into a model to catch structuring, smurfing, sanctions evasion and layering in real time.

Here is the tension the sector has learned to live with. To monitor transactions well with AI, you need to expose transaction data to the AI. To expose transaction data to a public-cloud AI vendor is to place your corridor intelligence, your customers' payment behaviour and your sanctions-screening logic on infrastructure you do not control, under a legal regime (the US CLOUD Act, among others) that can compel disclosure without your knowledge. For a business whose entire value is the corridor, that is not a trade-off. It is a non-starter.

Mickai removes the tension rather than splitting the difference. Mickai is a sovereign AI operating system: AI that a regulated business owns and runs inside its own walls, on-prem or air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record. The corridor data never leaves. The monitoring still happens. This is built and it is LIVE.

What PSD2, sanctions and the FCA actually demand

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 2

Remittance and FX firms sit under a dense, overlapping set of obligations. PSD2 governs strong customer authentication and the security of payment data. OFSI and the wider sanctions regime demand continuous screening against fast-moving lists, with the burden falling on the firm to prove it screened, when, and against what. FCA Consumer Duty asks firms to evidence good outcomes for customers, including vulnerable ones exposed to remittance fraud. Operational resilience rules from the FCA and PRA, and DORA on the EU side, require that critical functions keep running and that third-party dependencies do not become single points of failure. The MLRO signs a personal attestation under SM&CR that the AML framework is adequate.

Every one of those regimes shares a hidden assumption: that you can produce, on demand, a defensible record of what your systems decided and why. A public-cloud model that reasons over your data in a datacentre you cannot inspect, using weights you cannot audit, under logging you do not own, cannot give the MLRO or the Board that record. Sovereign architecture can, because the reasoning and the evidence sit on the same hardware the firm controls.

Air-gapped monitoring that still learns

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 3

The common objection is that on-prem AI must be static and stale while the cloud gets to learn from everyone. Mickai is built the other way. The Nemesis Studio, the fraud and AML subsystem, runs air-gapped retrieval-augmented generation against the firm's own transaction history, sanctions lists and typology library, so the model reasons over current, firm-specific context without any of that context leaving the perimeter. Lists and typologies update through controlled ingestion, not through a pipe to a vendor's shared brain.

Underneath, fifty specialised brains operate under a deterministic arbiter rather than a single opaque model. When a corridor flow trips a structuring pattern, the decision path is reproducible: the same inputs produce the same output, and every step is logged. For an AML function that has to explain a suspicious-activity report to a regulator, deterministic and reproducible is worth more than clever and unaccountable.

The audit record a regulator can rely on

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 4

The heart of the system is the Operator Action Record. Every action Mickai takes is written to a tamper-evident log, signed with ML-DSA-65, a post-quantum signature scheme, and bound to hardware-anchored identity so the record cannot be forged, backdated or repudiated. If a corridor is later found to have carried sanctioned flows, the firm can show precisely what the monitoring saw, what it flagged, what a human did next, and that none of it was altered after the fact.

For the buyers who carry personal liability, this changes the conversation. The MLRO gets an evidence trail built to survive an FCA thematic review. The Head of Internal Audit gets a record that cannot be quietly edited. The General Counsel gets signatures that hold because they are cryptographic, not procedural. The Board and its non-executive directors get assurance that the firm's most sensitive data underpinned its compliance without ever being exposed. And where an automated action needs unwinding, compensating rollback reverses it cleanly, with the reversal itself recorded.

Why this is a category, not a feature

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 5

Mickai is not positioned against the frontier labs. It is an ally to any regulated firm that wants the benefits of AI without surrendering the sovereignty its licence obligations demand. The wedge is large and structural: roughly 0.85 million UK businesses and around five million across the EU are effectively barred from putting regulated data into public-cloud AI. The sovereign AI market is projected to grow from about USD 40 billion in 2025 to USD 148 billion by 2032. Remittance and FX sit squarely inside that barred population, and they feel the pain earliest because their corridor data is both their crown jewel and their compliance obligation.

The intellectual-property position is deliberate. Mickai LTD holds 104 filed UK patent applications spanning roughly 2,340 claims, with Micky Irons as inventor. Filed, not granted, which establishes priority and a prior-art moat across the sovereign-AI architecture. As a dated third-party signal, Micky Irons was ranked #4 on Crunchbase in June 2026, with the Mickai company in the global top one to two percent. The firm is a UK company with Birmingham manufacturing secured, and it is building to scale.

Owning AML intelligence rather than renting it

Sovereign AI for Remittance and FX Firms: Cross-Border AML Without Exposing Corridor Data, illustration 6

Remittance and FX operators face a choice that is becoming harder to defer: keep AML monitoring shallow enough to run on data you are willing to expose, or run it deep on data you cannot expose and accept the sovereignty problem that creates. Mickai dissolves that choice. The corridor stays inside the firm, the monitoring runs at full depth, and the evidence trail holds up to a regulator. For a firm whose corridors are its business and that has concluded public-cloud AI is a risk it cannot underwrite, that is the architecture the mandate has been waiting for.

Micky Irons, founder and CEO of Mickai. Reach me directly at micky@mickai.co.uk.

Frequently asked questions

Can a remittance firm run AI transaction monitoring without sending corridor data to the cloud?

Yes. Mickai runs on-prem or air-gapped inside the firm's own perimeter. The Nemesis fraud and AML subsystem reasons over the firm's transaction history, sanctions lists and typologies using air-gapped retrieval, so nothing about corridors, counterparties or pricing leaves the building while monitoring still runs in real time.

How does sovereign AML monitoring support PSD2 and FCA obligations?

Every action is written to a tamper-evident Operator Action Record, signed with the ML-DSA-65 post-quantum scheme and bound to hardware-anchored identity. That gives the MLRO, Internal Audit and the Board a reproducible, non-repudiable evidence trail of what was screened, when and against what, which is the record PSD2 security duties, OFSI sanctions screening, FCA Consumer Duty and operational resilience rules all assume a firm can produce on demand.

Does on-prem AI mean the model is stale compared to the cloud?

No. Mickai updates sanctions lists and typologies through controlled ingestion and reasons over them with air-gapped retrieval, so the monitoring reflects current, firm-specific context. Fifty specialised brains run under a deterministic arbiter, meaning the same inputs produce the same, logged output rather than an opaque one-off answer.

How is Mickai different from using a frontier AI lab?

Mickai is an ally to the frontier labs, not a competitor to them. It exists for regulated firms that cannot place special-category or corridor data on infrastructure they do not control. The reasoning, the data and the audit evidence all sit on hardware the firm owns, which is what licence obligations under sanctions, PSD2 and the CLOUD Act exposure actually require.

What proof exists that Mickai is real and not a concept?

Mickai is built and LIVE. Mickai LTD holds 104 filed UK patent applications across roughly 2,340 claims with Micky Irons as inventor, establishing priority and a prior-art moat. As a dated third-party signal, Micky Irons was ranked #4 on Crunchbase in June 2026. The company is UK-based with Birmingham manufacturing secured and is building to scale.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/sovereign-ai-for-remittance-and-fx-firms-cross-border-aml-on-prem. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles