Sovereign AIP · On-prem · Open-weight Llama · A design-partner proposal for BFSI

The investigation engine that reasons over your world, not text about it.

Praheri is a sovereign financial-crime platform built on a typed ontology — a living digital twin of accounts, transactions, claims and companies. A local Llama traverses it to expose fraud rings, drafts the regulatory report, and proposes governed actions a human approves — every step audited, nothing leaving the building. We're looking for one design partner to harden it on real workflows — and we think that's Jio Financial Services.

The console runs on-prem — by design, it never leaves your machine. Run it locally →

Zero external egress 6 sectors · 1 engine Copilot, not autopilot
6Ontologies
18Object types
18Link types
0Lines of engine code per vertical
The problem

An Indian bank cannot legally send this data to a frontier API.

RBI data-localization makes the cloud copilot a non-starter — and a black-box API can't be audited, fine-tuned, or trusted with a freeze decision. Praheri is the alternative: the entire intelligence layer runs on-prem on open-weight Llama, over a typed model of the institution's own world, with a human in the loop on every consequential action.


The foundation — the Ontology

Not a database. A digital twin of the organization.

Borrowing Palantir's framing: the ontology is a semantic layer — the nouns and how they relate — and a kinetic layer — how decisions are written back as governed actions. Your data stops being rows in a table and becomes a live, connected map of reality that both analysts and AI can reason over.

Semantic ·
Objects

Typed objects with properties

Every real-world entity becomes a typed object — an Account, a Transaction, a Claim, a Company — carrying its own properties. An object type is the table; an object is the row.

typeidproperties{}
Semantic ·
Links

Typed links between objects

Relationships are first-class and typed — sent →, serviced_by →, owns →. The links are the structure, so tracing a ring six hops out is a native graph traversal, not a recursive SQL nightmare.

linked_ids[]directedtraversable
Kinetic ·
Actions

Governed actions write decisions back

The model never mutates data directly. It proposes an action — freeze an account, file an STR, escalate a KYC review — which routes to a human approver and, on approval, is applied and audited. This is the closed loop: read the world → decide → act → the record updates.

proposehuman approvesaudit log

The differentiator — OAG

RAG retrieves text about your world. OAG retrieves the world itself.

Ontology-Augmented Generation feeds the model structured, typed, linked objects — not prose that mentions them. So the model reasons over ground-truth structure, and every claim it makes cites a real object ID. The fraud ring isn't described; it's traversed.

RAG · text retrieval

The model reads paragraphs and guesses

Ten fuzzy case notes are retrieved as prose. The model re-parses English to infer who connects to whom — and may invent a link that was never written, or miss one that was.

"Account 4471 received several transfers in March; the holder shares an address with a customer flagged last year…" → can't say it's 5 accounts / 12 txns → links are inferred, unverifiable
OAG · ontology retrieval

The model traverses real structure

The same ring is retrieved as typed objects with their actual links. The model follows the edges, sees the cycle, and names every node by ID. The structure is the evidence.

{ type:"Account", id:"ACC-4471", properties:{ risk: 0.91 }, linked_ids:["TXN-99","TXN-102"] } → 5 Account · 12 Transaction links → near-circular flow, cited by ID

The wedge — why BFSI, why now

Financial crime is a graph problem, at the exact moment sovereign LLMs became viable.

We chose Banking, Financial Services & Insurance deliberately — it is where the pain, the regulation, and the data-shape all point at the same architecture. Three forces just converged:

01 · THE CRIME

Fraud lives in the links

Laundering, staged-claim rings and shell ownership are, by definition, patterns of connection — not properties of any single row. A relationship-native ontology is the correct data model for the problem; flat tables and text chunks are not.

02 · THE MANDATE

Regulation forbids the easy answer

RBI data-localization and the DPDP Act make a frontier-cloud copilot a non-starter for this data. BFSI can't send customer transactions to a US API — so the only compliant path is on-prem, open-weight, auditable. That constraint is our moat.

03 · THE UNLOCK

Open weights are finally good enough

Llama-class models can now classify a typology and draft a filing-grade narrative on a single on-prem box. The capability that used to require a frontier API now runs inside the building — for the first time, sovereign and capable are no longer a trade-off.


The honest division of labour

We didn't replace ML with an LLM. We use each for what it's actually best at.

Classic graph algorithms and rules engines are better than any LLM at finding a ring — so that's exactly what does the detection here, in deterministic Python. The Llama earns its place on the two jobs traditional ML structurally cannot do. This is why the recommendation is trustworthy and the platform generalizes.

Deterministic engine · does the finding

Graph + rules detect the ring

Ring traversal, structuring / circular-flow / shared-device detection and the risk floor are pure code — reproducible, auditable, no hallucination. A fired signal is a confirmed typology the model may escalate but can never downgrade to CLEAR.

traverse_ring() → the network compute_signals() → the typology deterministic floor → never un-flags → this is what ML/graph is great at → so the LLM never does the detecting
Llama · does what ML can't

Synthesis + generalization

1 · It writes the report a human can sign. Graph algorithms output a diagram and a risk score. But the compliance officer has to file an actual written report — plain English that names each account and transaction and explains, in words, why it's suspicious. Writing that report, grounded in the bank's own rules, is exactly what an LLM is good at and a graph model can't do. (A filing-grade STR for FIU-IND, citing real object IDs.)

2 · One brain works for every department. A traditional fraud model must be custom-built and re-trained for each area — one for banking, a separate one for insurance, another for lending — each needing its own data and its own team. The same Llama handles all of them by just swapping the settings file. No retraining, no new team per sector. (Zero per-domain feature engineering or labelled training set.)

"Accounts ACC-MULE-0106 each received sub-₹50k deposits then funnelled to ACC-BENEF-STRUCT — structuring under [policy §]. Recommend FILE." → a document a human can sign → same engine, any ontology, 0 new code

Why Praheri

Sovereign by architecture. Governed by design.

01

Sovereign & open-weight

The whole stack runs on-prem on open-weight Llama. Compliance by construction, not by promise.

  • Your data never leaves the building
  • RBI localization is the architecture, not a setting
  • No per-token tax, no vendor lock-in
  • Auditable, fine-tunable weights
02

Copilot, not autopilot

The model proposes; a human approves; everything is audited. No mutation without a governed action.

  • High-stakes actions need a human signature
  • Freezes & filings route to an approval queue
  • Append-only audit: actor, time, model
  • Defensible in front of a regulator
03

One engine, six sectors

Swap the ontology cartridge and a new sector lights up — zero engine code changed.

  • The investigation loop is universal
  • Only the nouns change per vertical
  • Six verticals, one codebase
  • Build once, monetize six times
Triage Traverse Detect Decide Govern Audit

This pipeline is unchanged across all verticals.


The cartridges — Phase 1 with JFS, then the platform

Two sectors map onto Jio's group today. The rest is your roadmap.

Each sector is a configuration — typed objects, the signals to detect, the governed actions a human approves. The engine never changes. AML and Insurance are where we'd start with JFS — they sit directly on Jio Payments Bank, Jio Finance and Jio Insurance Broking. The other four prove the same engine already reaches across the group.

◆ Phase 1 — live today, mapped to JFS
🛡️ AML — Anti-Money-LaunderingJio Payments Bank · Jio Finance (NBFC) · UPI · RBI / FIU-IND · STR filing +
For JFS: Jio Payments Bank + UPI + Jio Finance move retail money at Reliance scale — which is precisely where mule networks and structuring hide. Banks generate thousands of transaction-monitoring alerts a day; analysts drown in false positives while real laundering hides in the noise. Praheri traverses from the flagged account across its transaction links to counterparties, customers and shared devices to expose the surrounding network — then drafts a Suspicious Transaction Report grounded in object IDs, ready for FIU-IND.
JFS entity
Jio Payments Bank · Jio Finance · UPI
Objects traversed
Account · Transaction · Device · Counterparty
Detects
Structuring / smurfing, layering, funnel accounts, circular mule flows
Governed action
request_account_freeze · file_str → MLRO approves
🚑 Insurance — Claims-Fraud SIUJio Insurance Broking · Allianz Jio Reinsurance · IRDAI · DPDP Act 2023 +
For JFS: Jio Insurance Broking and the Allianz Jio reinsurance JV put the group squarely in claims risk — where organized fraud is the margin killer. A single claim looks legitimate in isolation; organized fraud only shows up in the links between claims. Praheri traverses from a suspicious claim to its policyholder, repair garage, claimant and policy, surfacing entities that recur across supposedly unrelated claims. The signal is shared-node density: one workshop or person at the centre of many "accidents."
JFS entity
Jio Insurance Broking · Allianz Jio Reinsurance
Objects traversed
Claim · Garage · Claimant · Policy
Detects
Staged-accident rings, garage/provider collusion, identity reuse
Governed action
refer_to_siu — hold payout pending review
◇ The platform reach — same engine, JFS's expansion roadmap
🏦 Lending — Early-Warning SignalsMaps to Jio Finance (NBFC) · RBI EWS · Digital Lending 2022 +
As Jio Finance scales its loan book, stress is visible months before an account is classified NPA — but the signals sit scattered across systems. Praheri traverses from a borrower to its loans, directors, related parties and repayment history to assemble a live risk picture — catching distress spreading through a shared-control network before it surfaces in the books.
Objects traversed
Borrower · Loan · Director · Inflow
Detects
EMI-bounce stress, common-director contagion, circular related-party lending
Governed action
margin_call · downgrade_rating (SMA)
📈 Wealth — Suitability & Mis-sellingMaps to JioBlackRock (AMC) · SEBI IA Regs · SCORES +
With JioBlackRock bringing asset management to the group, suitability risk follows. Advisors face incentives to push high-commission products onto clients they don't fit, exposing the firm to SEBI action and restitution. Praheri traverses from a client to their suitability profile, sales, products and advisor, comparing what was sold against the client's documented risk appetite — and flagging advisors who breach repeatedly across a book.
Objects traversed
Client · SuitabilityProfile · Sale · Product · Adviser
Detects
Suitability breach, churning, advisor-level mis-selling clusters
Governed action
flag_misselling → compliance approves
🏢 Corporate — UBO / OwnershipGroup-wide KYC · RBI CDD/EDD · FATF Rec 24 +
Every JFS entity onboarding a corporate customer must know the real human Ultimate Beneficial Owner — but ownership is deliberately obscured through layered holdings across jurisdictions. Praheri traverses the company-owns-company graph through multiple layers to compute effective control and resolve the true UBO — the signal is the shape of the ownership graph itself.
Objects traversed
Company · UBO via owns → shareholding
Detects
Circular / cross-holdings, shell layers, <25% threshold evasion
Governed action
escalate_kyc_review (Enhanced Due Diligence)
📦 Procurement — Maverick SpendThe non-financial proof · Reliance group internal controls +
The proof the platform isn't AML-shaped plumbing: the same engine runs a completely non-financial ontology. Enterprises lose margin and invite collusion when employees buy off-contract or split orders to dodge approval limits. Praheri traverses from a requisition to its vendor, budget and contract, checking spend against policy and the Delegation-of-Authority matrix — the exact same engine, a completely different ontology, relevant to any Reliance-group entity.
Objects traversed
Requisition · Vendor · Budget
Detects
Maverick spend, budget / DoA breach, invoice-splitting, vendor collusion
Governed action
approve_purchase_order — over-budget → same MLRO gate

The proposal — design partner

Why Jio Financial Services, and how we'd build it together.

JFS is the rare institution whose group spans every sector this engine already runs — payments, lending, insurance, asset management — under one roof, at Reliance scale, greenfield enough to build compliance-native rather than retrofit it. We're not selling a finished product; we're proposing a design partnership to harden Phase 1 on your real AML and insurance workflows.

Your
offering

Jio Payments Bank · Jio Finance · UPI

Retail money movement at Reliance scale is the natural home of mule networks and structuring. → Praheri AML: expose the ring, draft the STR for FIU-IND, propose the freeze — human-approved, audited.

Your
offering

Jio Insurance Broking · Allianz Jio Reinsurance

Claims exposure is where organized fraud erodes the loss ratio. → Praheri Insurance SIU: surface staged-accident and garage-collusion rings across otherwise-unrelated claims before payout.

Your
roadmap

JioBlackRock · group KYC · Reliance procurement

As the group expands, the same engine extends to wealth suitability, corporate UBO resolution and procurement controls — zero engine code per sector. One platform, the whole JFS surface.

VALUE

What JFS gets

  • Fewer false positives, faster analyst throughput
  • Filing-grade STRs drafted, not hand-written
  • Insurance fraud caught before payout
  • One platform across the whole group, not six tools
  • Compliance-native from day one — no retrofit
USP

Why only this works

  • Sovereign: on-prem, open-weight — RBI/DPDP-compliant by architecture
  • OAG over a typed ontology — reasons on structure, cites real IDs
  • Copilot, not autopilot — human approves every action, all audited
  • Reusable engine — 0 lines of engine code per new sector
DELIVERABLES

What we ship together

  • AML + Insurance cartridges on JFS's own ontology
  • Connectors to JFS transaction & claims systems
  • MLRO / SIU approval + audit workflow, JFS roles
  • On-prem deployment, zero-egress verified
  • A co-defined success metric per sector
How you adopt it — a staged partnership
Stage 0
2–4 wks

Sandbox pilot — AML, your data shape

Deploy on-prem against a masked slice of Jio Payments Bank transactions. Prove the ring-to-STR loop on real workflow shape. Success metric agreed up front. No data leaves JFS.

Stage 1
1 quarter

Design-partner hardening — AML + Insurance

Iterate the two Phase-1 cartridges on live JFS ontology and MLRO/SIU feedback. Wire the real approval + audit workflow. This is where we co-build — your analysts shape the product.

Stage 2
roadmap

Platform rollout — group-wide

Extend the same engine to Jio Finance lending EWS, JioBlackRock suitability, group UBO and procurement — each a config cartridge, not a new build. One sovereign intelligence layer for all of JFS.


See it run

Pick an alert. Watch the ring light up.

The live console runs the full loop: triage an alert, traverse the ontology, expose the fraud ring, draft the report, propose a freeze, approve it as the MLRO, and read the audit trail — all on-prem, with no network egress.

Sovereign by design — the console can't be hosted on a public cloud without breaking the premise. It runs on your own machine, with no network egress.

Run it yourself

Five commands. Your machine. Zero egress.

The console is open source and runs entirely on-prem on open-weight Llama via Ollama. Clone it, point it at a local model, and the full investigation loop runs with no network calls.

terminal
# 1 · clone the repo
git clone https://github.com/surajsrivastava94/praheri-sovereign-aip.git
cd praheri-sovereign-aip

# 2 · python env + dependencies (Python 3.11+)
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt

# 3 · pull the open-weight models, then serve them locally
ollama pull llama3.1:8b
ollama pull nomic-embed-text
ollama serve

# 4 · generate the synthetic bank + planted fraud rings
python -m praheri.generate
python -m praheri.generate_verticals

# 5 · launch the console  →  http://localhost:8501
streamlit run app/streamlit_app.py
No GPU required for the 8B demo model · synthetic data only · nothing leaves your box. Need a hand? Email me →