MICKAI
Worked example · Worked example, global banking

HSBC

This is an illustrative blueprint, built only from public information, for how a global bank of HSBC's scale could run the Mickai sovereign stack on its own infrastructure. It walks the Finance vertical pack across the bank: anti-money-laundering and transaction monitoring at scale, model-risk-registered underwriting and analytics, and board-level reporting, with every piece of transaction and customer data staying inside the bank's own perimeter. No firm named here is a Mickai customer. The point is to show the shape of a deployment, where the studios sit, and which regulatory obligations the architecture is designed to ease, not to claim any engagement.

Illustrative analysis · public information only

This page is an illustrative analysis built only from public information. HSBC is not a Mickai customer and has no relationship, engagement, trial, or endorsement with Mickai. Nothing here implies that HSBC uses, has trialled, or has engaged the Mickai SIOS. It is a sector blueprint showing how a global bank of this scale could deploy the sovereign stack.

HSBC is publicly reported as one of the world's largest banks, with revenue in the tens of billions of US dollars, a workforce of around 220,000 people, and operations spanning roughly 60 countries and territories. These are approximate, published figures used here for sizing the illustration only. Treat them as indicative rather than exact, and defer to HSBC's own filings for precise numbers.

The sovereign advantages

Five advantages hold across every sector, and they are architectural, not promotional. The third-party cloud-exposure vector is removed; your own physical, insider, and compliance controls remain yours.

Zero-trust data privacy

The data never leaves your hardware, so no third party and no cloud-provider employee ever sees it. What happens in the server room stays in the server room.

No vendor lock-in or outage exposure

You own the compute and the capability, so the system runs independent of the internet and of any cloud vendor's pricing, terms, or availability.

Data residency by default

The data never crosses a geographical or digital border because it never leaves the building, which removes the cross-border-transfer and third-party-processing friction of UK GDPR, Schrems II, and the sector rules. You keep your own obligations.

Proprietary advantage stays private

Fine-tune and run retrieval on your deepest archives to build a hyper-customised co-pilot, with no risk of your proprietary edge training a public model or leaking.

Predictable total cost of ownership

After the hardware and licence, queries cost essentially electricity. A capital asset you own and depreciate, instead of volatile per-token cloud bills.

The zero-espionage trust vault

There is no third-party cloud path, so no competitor and no vendor insider can scrape, intercept, or subpoena your prompts or your fine-tuned weights from the internet. The trust vault is closed by architecture.

Immunity to regulatory drift

You own the software snapshot on your own hardware, so a change to a cloud vendor's terms, a model deprecation, or an outage cannot reach you. The system stays predictable and auditable on-premise as the rules evolve.

The regulatory wedge

The specific rules that bar mainstream cloud AI from this sector's regulated data. Each one demands a named, auditable perimeter the operator controls, which a shared multi-tenant cloud cannot give.

US Federal Reserve SR 11-7 and OCC guidance on model risk management, where every AML, underwriting, and analytics model needs documented validation, ongoing monitoring, and an auditable inventory
NYDFS Part 500 cybersecurity requirements for institutions operating in New York State, including access controls, audit trails, and third-party risk management
EU Digital Operational Resilience Act (DORA), which tightens oversight of ICT and third-party technology dependencies for financial entities
UK FCA SYSC systems-and-controls rules and PRA prudential expectations on governance, model use, and operational resilience
UK GDPR and equivalent data-protection regimes governing customer personal data across the bank's European footprint, including limits on cross-border transfer and third-party processing
The lead studios

The enterprise studios that lead in this sector, drawn from the eighteen that sit on the one sovereign substrate. Each runs on hardware the organisation owns, under one set of operator-held keys, writing to one Open Audit Record.

Nemesis

Fraud and Anomaly Detection

Runs AML and transaction-monitoring workloads at bank scale, scoring payment flows and surfacing suspicious patterns and anomalies for investigation, with the underlying transaction and customer data never leaving the bank's own perimeter.

Tyche

Underwriting and Actuarial

Hosts credit and underwriting analytics as model-risk-registered assets, so each model carries its validation evidence, version history, and monitoring trail in line with SR 11-7 and OCC expectations.

Nomos

Compliance and Regulator Mode

Provides a regulator-facing mode that maps controls and evidence to SR 11-7, NYDFS Part 500, DORA, and FCA SYSC obligations. The bank keeps its own regulatory obligations, while the friction of assembling and presenting evidence is reduced.

Aletheia

Audit

Maintains immutable, queryable audit trails across model decisions, data access, and analyst actions, giving internal audit and examiners a single defensible record without exporting data to an external platform.

Pythia

Executive BI

Rolls AML, model-risk, and underwriting metrics into board-level and divisional reporting, so risk, compliance, and executive committees see the same governed numbers drawn from data that stays in-house.

See all eighteen on the sovereign services catalogue.

The illustration of scale

At this scale the surface is enormous: billions of transactions to monitor across roughly 60 jurisdictions, a large estate of credit and analytics models each carrying its own validation and monitoring burden, and a compliance function answering to several regulators at once. The illustrative opportunity is to consolidate AML, model-risk-registered underwriting, audit, and executive reporting onto one sovereign substrate the bank runs itself, rather than spreading sensitive transaction and customer data across multiple external vendors and cloud regions. This is a qualitative picture of scale, not a quantified forecast.

The outcome

Money won, money saved, risk removed, on hardware you own.

A buyer evaluating the Finance pack would see AML and transaction monitoring, underwriting analytics, audit, compliance evidence, and executive BI running as connected studios on infrastructure the bank controls. Transaction and customer data stays inside the bank's own perimeter rather than being exported to an external platform. The architecture removes the third-party cloud-exposure vector and eases the cross-border-transfer and third-party-processing friction, while physical, insider, and regulatory controls remain the bank's own. Models stay registered and auditable to support SR 11-7, OCC, NYDFS Part 500, DORA, and FCA SYSC work, and the whole stack runs independent of the public internet and cloud vendors.

Lawful B2B engagement

Map the sovereign stack to your organisation estate.

Briefings are for organisations weighing a sovereign, on-premises deployment. Tell us about your estate and we will walk the pack, the regulatory crosswalk, and the deployment that fits your estate.

Note: This page is an illustrative analysis built only from public information. HSBC is not a Mickai customer and has no relationship, engagement, trial, or endorsement with Mickai. Nothing here implies that HSBC uses, has trialled, or has engaged the Mickai SIOS. It is a sector blueprint showing how a global bank of this scale could deploy the sovereign stack.

Other sectors
Retail with customer-data depth
Retail
Law firms and legal-ops
Legal
Banking, insurance, and financial services
Finance
NHS Trusts and private healthcare
Health
Defence and government
Public Sector
Generational discretion and an uncompromised deal edge, on hardware you own.
VCs and Family Offices
Multi-generational wealth, processed entirely inside your own walls.
Private Banking and Wealth
The ledger never leaves the firm.
Accounting, Tax and Audit
Price the risk without surrendering the risk profile.
Insurance and Actuarial
Sovereign discovery infrastructure for assets too valuable to leave the building.
Pharma, Biotech and Pre-patent IP
Quality auditing of device and calibration data that never leaves the building.
Medical Devices
Bunker-grade AI for work that can never touch the public cloud.
Defence, Aerospace and Dual-Use
Off-grid intelligence for the systems a nation cannot afford to lose.
Critical Infrastructure, Maritime and Energy
Your process is your moat. Keep it inside the factory walls.
Heavy Industry, Manufacturing and Semiconductors
Network intelligence that never leaves the core
Telecommunications
Sovereign research intelligence that keeps the IP, and the dual-use risk, on campus.
Academic and University Research
Sift the whole talent pool without the raw records ever leaving your building.
Executive Search and HR
Athlete telemetry and tactics that never leave the training ground.
Elite Sport and Performance
The client black book that never leaves the room.
Luxury, Private Aviation and VIP Concierge
Clienteling and collections held in the house, not the cloud.
Luxury Fashion
Tag every frame on premises, so no pixel ever leaves the studio.
Commercial Photography and Media Houses
Sovereign deal intelligence for the agencies that hold the industry's secrets.
Talent and Literary Agencies
Your catalogue, indexed and searchable, with no master ever leaving the building.
Music Studios and Labels
Source protection that never leaves the newsroom.
Press and Investigative Journalism
The IP lifecycle stays under lock and key, from script to final pixel.
Film, TV and VFX
Safeguarding intelligence that never leaves the trust.
Multi-Academy Trusts (Primary and Secondary)
Where the question paper never leaves the vault until test day.
Examination and Testing Boards
Special-needs records that never leave the setting
SEN and Alternative Provision
Ship native AI for schools without inheriting the data-processing-agreement fight.
EdTech and LMS Vendors