Skip to main content
Industries · Credit unions

Ship production AI in 90 days — without putting your charter at risk.

We build and operate AI systems for credit unions and regulated lenders, with the examiner-ready audit trail your NCUA review expects on day one.

Credit union outcomes

70%+
Auto-decisioning lift

Prime applications, vs. legacy rule engine

3x
Member acquisition lift

Pilot quarter, vs. baseline quarter

<5%
Bias variance

Across protected classes, annual review

90 days
Pilot to production

Median, readiness through deployment

Engagement model

How we work with credit unions.

A four-phase path from blank slate to a model in production with an examiner package in hand. We staff the same principals across all four phases.

012 weeks

Readiness assessment

Data inventory, core integration review, and a written gap analysis against NCUA Letter 22-CU-02 and the FFIEC IT Examination Handbook.

024 weeks

Pilot scope and governance setup

Narrow first use case, board-ready governance memo, model risk framework, and the artifact checklist your examiner will ask for.

038 weeks

Production deployment and examiner artifacts

Build and ship inside your FedRAMP-aligned environment, with model cards, bias reports, change logs, and the third-party vendor risk package delivered with the system.

04Continuous

Operations and model governance

Monitoring, drift detection, periodic validation, and quarterly board reporting. We own the run-rate, you own the charter.

Regulator alignment

Named frameworks, named deliverables.

Every framework below maps to a specific artifact we hand you, with a written owner and a refresh cadence. No checkbox theater.

NCUA Letter 22-CU-02

Artificial Intelligence Risk Management

Model risk management documentation, board-ready governance memos, periodic model validation reports.

FFIEC IT Examination Handbook

Information Security and Architecture

Architecture-of-record documentation, change management artifacts, third-party vendor risk packages.

NIST AI RMF 1.0

Govern · Map · Measure · Manage

Govern, Map, Measure, and Manage function coverage with a profile document per deployed model.

HIPAA

Where PHI touches the system

Encrypted at rest and in transit, BAAs in place with every subprocessor, audit logs retained per BAA terms.

From the field

One we shipped this year.

Mid-Atlantic credit union · $2.1B AUM

Replaced a legacy rule-based underwriting engine with a governed ML decisioning system inside the member's Azure tenant — examiner package signed off in the same quarter as the production cutover.

Read the case study
74%

Auto-decisioned applications

Pilot quarter, prime book only

FAQ

Questions your CTO is going to ask.

Honest answers to the five we hear most often on the first technical call.

Where does our member data live during model training and inference?
In your tenant, in your region. We deploy inside your Azure, AWS, or GCP environment under your IAM, and run inference against private endpoints — no member data leaves your cloud boundary. Training data stays inside the same tenant; we do not pool member data across credit unions.
How do you document and validate the models you deploy?
Every deployed model ships with a model card, a NIST AI RMF profile, a bias and performance report against protected classes, and a written validation memo signed by a PRR principal. Validation runs at deployment and on a quarterly cadence thereafter; results land in a shared evidence folder your examiner can read directly.
What artifacts do we hand our examiner?
A binder, not a scramble. Architecture-of-record, model inventory, model cards, validation memos, vendor risk packages for every third-party AI component, change logs, incident logs, and the board-approved AI governance policy. We co-author the response to examiner questions on request.
How do you assess vendor risk on the AI components you bring?
Each model and managed service ships with a vendor risk package: provenance, training data posture, data residency, breach history, financial standing, and a written sub-processor list. We do not ship a component to a credit union until that package is in your hands.
What happens if we want to terminate the engagement — do we own the models, the data, the documentation?
You own all of it. Source code, model weights, training pipelines, documentation, and operational runbooks are deliverables of the engagement and sit in your repos and your cloud account from week one. The exit clause in our MSA is concrete: 30-day knowledge transfer, no proprietary lock on artifacts, no holdback on access.

Why PRR

Why credit unions choose PRR over the alternatives.

We ship the system, not just the model.

Generalist consultancies hand off a model and a Jupyter notebook. We deliver the model, the inference infrastructure, the governance documentation, and the operations rotation that keeps it running.

Examiner artifacts are deliverables, not add-ons.

Model cards, validation memos, bias reports, vendor risk packages, and architecture-of-record diagrams ship with the system on day one — written by the engineers who built it, not a separate compliance team backfilling six months later.

Senior architects build what they scope.

The principal who writes the SOW writes the first commit. There is no handoff to junior staff after the contract signs, because there is no junior staff layer to hand off to.

Bring us your hardest credit union AI question.

Thirty minutes with a principal. We will walk through your constraints and what a 90-day pilot would actually look like.