Regulatory Alert RBI's final ECL direction mandates forward-looking expected credit loss provisioning — effective April 1, 2027. Is your institution ready?
Platform Architecture

Secure, scalable architecture for banking intelligence

Quantara Labs is designed as a modular AI and analytics platform that integrates with existing banking systems while supporting secure deployment, enterprise governance, and progressive scalability.

Built cloud-native. Deployable on-premise. Designed to meet the data residency, security, and governance standards of regulated financial institutions.

Discuss Architecture → Request Security Overview
High-Level Architecture

Seven integrated layers. One governed platform.

The Quantara platform is structured as seven progressive layers — from raw data ingestion through to governance and reporting outputs. Each layer is independently scalable and connects seamlessly with the next.

Layer 1 — Data Source Layer
Core Banking System · Loan Origination System · Loan Management System · Collateral Management · Customer Master · GL / Finance Systems · Data Warehouse · Regulatory Reporting Systems · External Macroeconomic Datasets · Excel & CSV Uploads
Layer 2 — Data Ingestion & Validation
Secure File Upload · API-Based Ingestion · Batch Data Loads · Intelligent Field Mapping · Data Validation Rules · Data Quality Checks · Exception Reports · Reconciliation Checks · Portfolio Snapshot Versioning
Layer 3 — Data Storage Layer
Portfolio Snapshots · Customer Segments · Product Hierarchies · Risk Parameters · Scenario Assumptions · Calculation Outputs · Report History · Audit Logs · User Actions · PostgreSQL (Structured) · Object Storage (Reports & Files) · Optional Data Lake
Layer 4 — Risk Analytics Engine
ECL Calculation Engine · Stage Classification · PD / LGD / EAD Processing · Scenario Simulation · Provision Impact Calculation · Capital Sensitivity Analysis · Portfolio Heatmaps · Movement & Stage Migration Analysis
Layer 5 — AI Intelligence Layer
Quantara Risk Co-Pilot · Natural Language Querying · Executive Insight Generation · Anomaly Detection · Scenario Explanation Engine · Risk Commentary Generation · Regulatory Change Summarisation · AI Recommendation Engine · LLM Gateway with Guardrails · RAG over Policy & Regulatory Docs
Layer 6 — Application Layer
Risk Team Interface · Finance Team Interface · Treasury Interface · Compliance Interface · CXO Executive Dashboard · Admin & Configuration Panel · Model Governance Interface · Role-Based Access Control
Layer 7 — Governance & Reporting
Interactive Dashboards · Excel Exports · PDF Board Packs · Audit Trail Reports · Scenario Comparison Reports · Assumption History · Model Run History · API Outputs for Downstream Systems
Cloud Architecture

Cloud-native. Bank-ready.

The recommended production architecture is built on AWS, designed for high availability, data security, and regulatory compliance. All components are containerised and independently scalable.

Frontend
  • Next.js application (React-based)
  • AWS Amplify or S3 + CloudFront CDN
  • Server-side rendering for performance
  • Role-based UI component visibility
  • Responsive across desktop and tablet
Backend & APIs
  • Node.js / Express REST APIs
  • Python analytics services for risk models
  • Containerised microservices on AWS ECS / EKS
  • API Gateway with rate limiting and auth
  • Asynchronous task queues for scenario runs
Database & Storage
  • Amazon RDS PostgreSQL (primary structured store)
  • Amazon Redshift (optional analytical scale)
  • Amazon S3 for uploads, reports, model artefacts
  • Encrypted at rest with AWS KMS
  • Point-in-time recovery and automated backups
Security Controls
  • AWS IAM with least-privilege policies
  • AWS Secrets Manager for credentials
  • VPC with private subnets for all data services
  • AWS WAF (web application firewall)
  • CloudTrail audit logging + CloudWatch alerts
AI Layer
  • LLM gateway with enterprise guardrails
  • RAG over bank policy and regulatory documents
  • Prompt logging and response traceability
  • Human approval workflow for regulated outputs
  • Model output explainability and source attribution
Observability
  • Centralised log aggregation (CloudWatch)
  • Application performance monitoring
  • Scenario run time and error tracking
  • User session and action logging
  • Automated alerting for anomalies
Deployment Models

Three deployment options for every institution

Quantara Labs is deployable in three modes, matching the security posture, data residency requirements, and infrastructure capabilities of different institution types.

Option 01
Secure SaaS

For smaller banks, NBFCs, cooperative banks, and fast pilots. Fastest onboarding path.

  • Onboarding in days, not weeks
  • Lower infrastructure effort required
  • Managed upgrades and maintenance
  • Ideal for ECL Impact Sprint
  • Shared infrastructure, tenant-isolated data
Option 02
Private Cloud Deployment

For larger banks needing a dedicated environment with stronger control and integration.

  • Dedicated infrastructure per institution
  • Bank-specific security model
  • Integration with internal data systems
  • Better compliance alignment
  • Custom data retention policies
Option 03
On-Premise / Bank VPC

For institutions with strict data residency, sovereignty, and internal infrastructure mandates.

  • Full client-controlled deployment
  • Internal network and firewall integration
  • Custom security controls and HSM support
  • Enterprise governance aligned to bank policy
  • Air-gapped deployment option available
Security & Governance

Designed for trust, control, and auditability

Every aspect of the Quantara platform is built with the governance and control requirements of regulated financial institutions in mind. Security is a design principle, not an add-on.

🔐
Role-Based Access Control

Granular RBAC across all platform functions. Users see only what their role permits. Admin panel for full access management.

Maker-Checker Workflow

All critical actions — model assumptions, overlays, scenario approvals — require maker-checker governance with reason capture.

🔒
Encryption at Rest & in Transit

All data encrypted at rest using AES-256. All data in transit secured with TLS 1.2+. Key management via AWS KMS or client HSM.

🏢
Tenant-Level Data Isolation

Complete data isolation between tenants at schema, encryption, and access control levels. No data co-mingling across institutions.

📋
Scenario Versioning

Every scenario run is versioned with full parameter capture. Any historical run can be reproduced identically for audit purposes.

📝
Model Assumption History

Complete history of every assumption change — who changed it, when, with what approval, and what the previous value was.

👤
User Activity Audit Log

All user actions logged with timestamp, IP, session context, and data accessed. Non-repudiable audit trail for regulatory review.

🔁
Approval Workflows

Configurable approval workflows for reports, scenario runs, and data exports. Escalation paths and delegation support included.

Architecture Review

Discuss architecture and deployment with our technical team

We'll walk through deployment options, integration approach, and security controls relevant to your institution.

Request Technical Discussion → Request Security Overview