The systems the networks read from.
Every network is grounded in the bank's own systems, connected over MCP and on premise APIs. Reads are brokered through existing agreements and access controls; nothing is copied out of the perimeter. 7 sources are connected today.
Core banking (read replica)
Read-only replica of the account, position and transaction ledger. Used for affordability checks and incident-impact scoping — never written to.
GRC / ICT risk register
The bank's third-party and ICT-risk register. Feeds vendor criticality, concentration counts and outsourcing scope into the compliance networks.
Sanctions & PEP lists
On premise mirror of EU/OFAC sanctions and PEP feeds. Screened during KYC without any query leaving the perimeter.
Credit bureau (SCHUFA)
Gated bureau connector for score and negative-marker retrieval, brokered through the bank's existing agreement.
Document & policy store
Internal policies, outsourcing contracts, exit plans and prior audit working papers. The evidence layer behind every citation.
Regulatory corpus
Versioned full text of DORA, MaRisk, BAIT, EBA guidelines, CRR and IFRS 9. Every citation resolves to an exact paragraph here.
Incident & ITSM log
Operational incident timeline from the ITSM tool. Source for severity classification and regulator-notification windows.
BaFin reporting portal
Outbound connector for filing DORA major-incident reports. Human sign-off required before anything is submitted.
Any internal system with an MCP server or an on premise API can be added. New sources become available to the Builder immediately — no data leaves the bank.
Read-bound, access-controlled, on premise.
Connectors are read-only by default; the one outbound path (the BaFin filing) requires human sign-off. All traffic stays inside the bank's network, and every read an agent makes is written to the audit log against the run that requested it.