Risk compliance as code. P&L savings through automation.
Determistic Modern Risk Platform. AI Orchestration.
Built on Google Cloud.
What is RaaS?
Results, not engine runs
Consume governed risk states for both regulatory and economic risk analytics, with schemas, tolerances, and lineage baked in. Results stay explicitly separable across regulatory production and non-regulatory what-if analysis, while the deterministic kernel stays fixed and AI orchestrates mapping and explanation only.
- Point-in-time batches, hard to reproduce
- Opaque lineage and QA burden
- Expensive integration per desk
- Schemas + tolerances + lineage badges
- Deterministic regulatory + economic analytics with pricing, XVA, sensitivities, stress, and capital workflows
- Consumption via API, BigQuery, PDF, console
Results contract
Governed regulatory + economic outputs
* Jurisdiction coverage is not uniform out of the box and is delivered via scoped module and overlay enablement.
Deterministic vs AI
Governed AI agents with a deterministic boundary
Governed AI agents support intake guidance, mapping, readiness diagnostics, workflow support, and explanations. Pricing, Greeks, XVA, stress, SIMM/DIMM, SA-CCR/SA-CVA/Market Risk remain deterministic and versioned.
- Data mapping, enrichment, clustering
- Readiness diagnostics and draft repair suggestions
- Movement explanations & narratives
- Policy alignment + Basel paragraph mapping
- Workflow assistance and QA suggestions
- Price or change the deterministic kernel
- Approve, publish, or submit governed changes on its own
- Alter schemas, tolerances, or lineage
- Move beyond approved data domains
- Bypass governance and audit policy
Join the roadmap poll to steer allowed vs. not allowed AI features.
Results Contract
Schema-backed, regulator-ready outputs
Every result is versioned, tolerance-checked, and lineage-stamped. Confidence badges, Basel paragraph mapping, and deterministic kernels make regulators comfortable.
Result schemas
Structured JSON + PDF packs ready for API, BigQuery, dashboard, and regulator submissions.
Guarantees
- Schema + tolerance versions with SLOs
- Lineage + movement attribution per result
- Confidence and governance badges
- Regulator-ready narratives and Basel mapping
Access
- Managed SaaS on Google Cloud with typed APIs, workbench, and governed data services
- Dedicated tenant delivery surfaces with client-specific data and runtime boundaries
- Managed deployment assistance for client-specific operating models
- Console, reports/PDF, API clients, dashboards
See the results stream in action
Deliver governed risk results, not just runs
Vannarho provides continuous, deterministic risk states with AI orchestration for explanations and mapping. Subscribe to results contracts with tolerances, lineage, and regulator-ready narratives.
- Deterministic kernel: curves, pricing, dividend, XVA explain, sensitivities, stress, SIMM/DIMM, SA-CCR/SA-CVA/Market Risk
- AI only supervises mapping, QA, and narratives—never pricing
- Deliver via API, console, BigQuery, or regulator-ready PDF packs
Commercial
Outcome-based, open-core + SaaS
Pay for governed risk results with lineage and SLOs. Keep core access for exploration; add validation services when you need benchmarked proof.
Test Core Engine
Python wheels for teams exploring the deterministic kernel and APIs before subscribing to results.
- Access APIs + SDKs
- Local development & tolerance tests
- Community + docs support
Integration, Validation & Benchmarking
Independent validation runs, benchmarking, and regulator-ready packs to prove the contract. We work alongside your teams to design future-state flows and set up the platform.
- Validation & benchmarking runs
- Capital & Basel mapping evidence
- Regulatory compliance advisory
- Cost + ops take-out plans
Managed Results (RaaS)
Subscribe to governed risk states (schemas, tolerances, lineage) with delivery via API, BigQuery, PDF, and console.
- Deterministic kernel: pricing, Greeks, XVA explain, stress, SIMM/DIMM, SA-CCR/SA-CVA/Market Risk
- Confidence + lineage badges per result
- Delivery via API, console, BigQuery, PDF packs
- Outcome-based pricing aligned to consumption
Results Catalog
Deterministic coverage that feeds every result
Curves, pricing, dividends, XVA explain, sensitivities, stress, SIMM/DIMM, SA-CCR/SA-CVA/Market Risk power every risk state. Browse the governed scope and pull sample JSON/PDF.
Result Tiles
Every analytic as a governed result
Each analytic becomes a result tile with schema, tolerances, lineage, and delivery options. Mix and match for trading desks, treasury, and regulatory teams.
- Pricing and cashflows (NPV/PNL, dividend accruals)
- Sensitivity Analysis (FD & AAD/GPU)
- Stress / what-if impact
- Exposure simulation & XVA + explain
- Capital attribution & Basel mapping
- SIMM*
*SIMM license not provided with Vannarho.
Capital & Regulator Contract
Jurisdiction-ready results
Pillar 1
Counterparty Credit Risk (SA-CCR, IMM support), Standardised Credit Risk (SA-CR), IRB Credit Risk, Direct Credit Risk, Credit Risk Mitigation, CVA Risk (SA-CVA, BA-CVA, APRA CVA overlay), Market Risk (SA-MR, Simplified MR, IMA, APRA MR overlays), Output Floor/Aggregation Inputs (capital-floor component outputs).
Pillar 2
IRRBB, CSRBB, Stress Testing Compute Support.
Pillar 3
Quantitative Disclosure Feeds, Qualitative Disclosure Support, Disclosure Reconciliation Support.
Compliance as Code
Regulation is implemented as architecture-as-code
Vannarho treats compliance as a build-time operating model, not a pack written after calculators and reports already exist. Regulatory meaning is formalized into stable objects, bound to code and outputs, and emitted back out as trace, audit packets, coverage, and AI-ready knowledge assets.
Normative truth
Stable normative objects remain the source of truth across refactors, schema evolution, overlay additions, and release-by-release audit comparisons.
Operational navigation
Reverse traceability becomes the regulator and audit walkthrough experience, but it is generated from bindings rather than hand-authored after the fact.
A canonical Basel core is formalized once, then regulator overlays tighten applicability, evidence, disclosures, labels, and effective dates without creating silent compute forks.
Rules bind to code hooks, config, tests, outputs, disclosures, scenarios, assumptions, and governance records so implementation, evidence, and releases stay connected.
Trace records, audit packets, coverage summaries, change-impact views, and disclosure walkthroughs are generated from the curated layer plus executed repo state.
AI consumes generated trace, evidence manifests, and regulatory knowledge objects. It does not invent compliance meaning that the deterministic system cannot prove.
Pillar 1
Deterministic rules, parameter tables, classification logic, and governed output bindings with release-gated evidence.
Pillar 2
First-class scenarios, assumptions, governance records, controls, and evidence-heavy audit packets.
Pillar 3
Disclosure bindings, reconciliation links, and explicit trace from published cells back to the governed upstream outputs.
TradeScript: Custom product kernel inside the deterministic boundary
Define products that inherit schemas, tolerances, explainability, and lineage. Keep AI out of pricing; keep custom logic inside a governed kernel with the same results contract guarantees.
- Define custom products with flexible scripting logic that auto-inherits schemas.
- Seamlessly integrate new instruments into the deterministic kernel.
- Extend analytics or create new valuation methodologies with governance built-in.
Practical Applications & Benefits
Benchmarking & Prototyping
Accelerate your model development and ensure accuracy with Vannarho as your powerful benchmarking tool. Validate proprietary internal models against our robust analytics engine.
- Rapid validation of internal pricing and risk models.
- Inform primary model development without rebuilding core components.
- Focus on innovation by leveraging our established infrastructure for discount curve construction, risk factor evolution, and exposure simulations.
Independent Model Validation
Empower your Model Validation teams with an independent, transparent, and robust analytical framework.
- Save significant time and resources on "offline" model creation.
- Ensure thorough and efficient validation processes with a trusted external benchmark.
- Enhance regulatory confidence with clear, auditable validation results.
Risk as a Service for Financial Institutions
Vannarho provides a sophisticated, primary pricing and risk model for institutions of all sizes.
- Ideal for institutions of any size tired of large vendor software lockin.
- Reduce reliance on extensive internal development teams for core functionality.
- Gain access to advanced risk management capabilities previously out of reach.
Operating Model Outcomes
Capital confidence and ops efficiency
Ops reduction
35%
Less reconciliation and QA through deterministic outputs.
What-if speed
4x
Faster scenario turnaround with reusable risk states.
Team size
-25%
Clear governance boundary reduces support burden.
Cost Reduction
Before/after stack & waterfall
Cost drivers
- Automation of recon/QA
- Deterministic outputs reduce rework
- AI explanations speed investigations
- Shared schemas lower integration effort
- Managed ops reduce infra & headcount
Before vs after
Comprehensive Documentation
Access the full Vannarho user guide for the deterministic platform at the heart of the solution...for step-by-step instructions, reference details, and examples to get the most from the platform. This complements the examples and python wheels repository.
User Guide
Download the full guide and explore the key sections that accelerate setup and ongoing use.
Product & Analytic Scope
Data Flow
Building VRE
Parametrization
Examples
Maths, Methods & Machines
A fast refresher for quants and validators on the mathematical basis of the platform re market and credit risk, AI orchestration boundaries, and how we might evolve the kernel on Google Cloud. Not an academic paper—think roadmap and cross-links. We'd love your feedback!
What’s inside
Stochastic calculus, measure change/Girsanov, tensors/AAD on GPU, variance control, Sobol.
Basel III/IV mapping, governance, reg-to-code, IFRS 9 intersections.
MC/quasi-MC, copulas, PDE/FDM, adjoint maths, XVA sensitivities, DAG scheduling.
When ML wins, explainability, Bayesian/graph contagion, stress nets, auditability.
Streaming risk, state management, GPU/on-prem hybrids, observability, intraday capital/XVA.
Quantum gradients, neuromorphic/spiking nets, explainable-AI regulation, research roadmap.
Practitioner Resources
Access our tools and repositories to seamlessly integrate Vannarho into your development workflows.
Code Resources
Get started with our official Python client library and explore practical code examples and tutorials.
Built on Google Cloud
Learn about Vannarho's architecture leveraging Google Cloud for scalable and secure risk management.
ExploreWhy Google Cloud?
Infrastructure built for the AI era
With Google, Vannarho helps organizations build quickly, securely, and cost effectively with infrastructure optimized for AI, modern, enterprise, and distributed workloads.
This starts from their foundations: their terrestrial and subsea fiber has 10 times the reach of the next leading cloud provider; and their internal resource management and scheduling innovations, Borg and Colossus, enable us to run with nearly infinite scaling, performance, and low cost - benefits we ultimately pass on to our customers.
Google's AI-optimized supercomputing architecture, AI Hypercomputer, packages a decade of expertise to improve AI system performance and efficiency.
Their modern, container-based applications can scale higher than any of our competitors, and enterprise organizations can easily migrate critical workloads to the cloud and benefit from leading reliability & security.
Their distributed infrastructure is specifically designed to support the unique on premises requirements of sovereignty, scalability, and connectivity for organizations who have more stringent control requirements.
Customers choose Google because they're the only cloud with infrastructure designed from the ground up for the AI era.
Built on Google Cloud
Vannarho runs as a governed Google Cloud platform with a stable API boundary, a first-party workbench, dedicated tenant delivery surfaces, deterministic VRE execution, and curated serving and BI layers. Key Google Cloud components in the target operating model include:
Apigee X
Stable external API boundary for OAuth or JWT verification, quotas, request analytics, correlation IDs, and routing to canonical RaaS backends.
Firebase Hosting & Auth
Delivers the first-party workbench and authenticates users before tenant-aware authorization and approval rules are applied inside the platform.
Cloud Run / Functions
Hosts intake, translation, run control, worker glue, and projection services that turn submissions into governed control-plane objects.
BigQuery
Holds canonical registries, execution state, result facts, serving views, and BI marts that power APIs, dashboards, and client-facing analytical products.
Firestore
Supports workspace context, collaborative drafts, notifications, and low-latency summary projections without becoming the source of deterministic truth.
Gemini Enterprise
Supports explanation, narrative generation, and guided operations within the deterministic boundary, never as the pricing or approval engine.
IAM, KMS & Secrets
Provides infrastructure identity, secret custody, encryption control, and the security envelope that sits around every regulated surface.
GKE + VRE Runtime
Executes one resolved flow job at a time inside the deterministic compute plane and emits governed evidence and result artifacts.
Logging & Monitoring
Captures run diagnostics, lineage events, dispatch state, and support signals needed for evidence reconstruction and governed operations.
Looker
Consumes curated serving and BI layers for cross-role dashboards, regulatory views, and controlled downstream analytical consumption.
Pub/Sub, Scheduler & Tasks
Forms the asynchronous control backbone for domain events, recurring schedules, retryable dispatch, and downstream projection refreshes.
Networking & PSC
Keeps shared and tenant surfaces connected through controlled ingress, tenant-specific networking, and private service reachability.
Cloud Storage
Provides immutable custody for raw submissions, bundles, evidence, result artifacts, and regulator-ready output packs.
Cloud Build
Supports provider CI/CD for image builds, environment promotion, and controlled release automation around the platform.
Artifact Registry
Supports traceable runtime image publication for provider CI/CD and controlled deployment into the deterministic compute layer.
Additional implementation supports such as provider CI/CD, supporting delivery automation, and low-latency acceleration may still be used where justified, but the public product story centers on typed APIs, control-plane services, governed data custody, deterministic execution, and curated serving layers.
Workbench + Typed APIs
One control plane, multiple clients
The workbench is the first-party client of the RaaS control plane, but it is not a bespoke backend. Client automation, operator tooling, and client AI agents all consume the same typed northbound APIs.
Current model
Typed surfaces, not bespoke pages
- Workbench flows for intake, run operations, readiness, remediation, and result comparison
- Client automation against the same business domains used by the UI
- Client AI agents grounded on typed objects, evidence, and tenant-aware context
- Phase 2 proving flows in QA, evolving toward the stable `/api/v1` surface
Governed Control Plane
Runs are resolved, reviewed, and traceable
RaaS turns client submissions into governed control objects with explicit lifecycle states. The platform owns intake, readiness, approval, scheduling, and delivery; deterministic VRE execution begins only after the run is resolvable and allowed to launch.
Portfolio, market, legal, and configuration inputs enter as governed submissions with validation issues, translation reports, and artifact custody.
Reporting scopes, config sets, rulebooks, and operational bindings stay explicit so regulatory context is queryable rather than hidden in runtime artifacts.
Approval policies, waivers, readiness evaluations, and schedule rules determine whether a candidate run can progress toward submission.
Only resolved and approved runs are dispatched. Evidence, result artifacts, load jobs, and serving readiness remain linked end to end.
That lifecycle matters because the product truth is not a single batch job. It is a set of typed objects, command-oriented transitions, evidence references, and serving projections that can be reconstructed for audit, client support, and regulator review.
Readiness & Config Doctor
Catch issues before the run leaves the control plane
RaaS adds a readiness layer above raw runtime syntax. Before launch, the platform checks whether the submission, bindings, approvals, and evidence state are structurally consistent with the requested run purpose and supported native seam.
- Missing supplements on submissions
- Inconsistent scope and config bindings
- Missing approvals or incompatible launch policy
- Unsupported native seams or invalid what-if deltas
- Incomplete evidence or publication state
- Diagnose incomplete client intake packs and config compatibility
- Explain readiness failures and suggest repair actions
- Draft remediation and operational guidance for analysts and operators
- Silently self-approve governed changes
- Publish results without the required lifecycle and approval state
- Replace deterministic pricing or regulated execution logic
Tenancy & Operating Model
Dedicated project boundaries for regulated clients
The target production model is not a loose multi-tenant web app. It is a dedicated-project-per-tenant operating model with provider shared services, client-specific analytics and runtime surfaces, and optional advanced multi-geo patterns where data residency requires them.
Provider-managed control-plane, monitoring, billing support, and northbound ingress remain separate from client-owned delivery and runtime surfaces.
The default path gives each client dedicated `qa` and `prod` project boundaries for workbench, BigQuery, BI, retained data, and ephemeral runtime.
For stronger residency and cross-jurisdiction needs, geo-specific data projects can be introduced while only controlled outputs cross project boundaries.
Managed deployment assistance remains available where client operating models require it, but the reference architecture is a governed Google Cloud service with explicit provider-versus-client ownership boundaries and tenant-aware delivery surfaces.
Architecture
Governed stack: channels → control plane → evidence → deterministic execution → serving
Clients, operators, and client AI enter through a stable API boundary and a first-party workbench. The platform resolves typed control objects, preserves evidence and artifacts, dispatches deterministic VRE jobs, and serves curated results through APIs, workbench views, BI, BigQuery, and regulator-ready packs.
Channels & API boundary
Client systems, operators, and client AI enter through Apigee plus the Firebase-hosted workbench with typed northbound APIs and tenant-aware sessions.
Canonical control plane
Intake, scope, config, approvals, readiness, schedules, and resolved runs stay explicit as typed control objects with lifecycle and audit references.
Evidence & custody
Immutable artifacts live in Cloud Storage while canonical facts, evidence registries, and output load state are registered into BigQuery-backed product truth.
Dispatch backbone
Pub/Sub, Scheduler, and Tasks coordinate recurring schedules, retryable dispatch, downstream refresh, and operational decoupling across the platform.
Deterministic VRE runtime
GKE hosts the regulated compute plane: curves, pricing, XVA explain, sensitivities, stress, SIMM/DIMM, SA-CCR/SA-CVA/Market Risk, and governed evidence generation.
Serving, BI, and delivery
Serving views, low-latency projections, Looker dashboards, APIs, workbench cards, BigQuery access, and regulator-ready PDFs all consume curated facts instead of raw files.
Delivery
Choose how you consume results
API
Typed APIs over canonical facts, serving views, and evidence registries. Ideal for automation, embedding, and controlled downstream integration.
- Typed `/api/v1` families for workbench, automation, and client AI
- Per-result provenance, lineage context, and machine-readable errors
Workbench / Console
First-party workbench for lineage, movements, readiness, operational remediation, and guided explanations across the same typed APIs.
- Result streams, schema badges, and readiness status
- Comparison, remediation, and regulator-ready narratives
BigQuery / BI
Query curated facts, serving views, and BI marts for regulatory, non-regulatory, and what-if analysis without coupling consumers to raw result files.
- BigQuery access for governed analytical products
- Looker dashboards and low-latency projections for operations
Reports / PDF
Regulator packs, audit narratives, and exec-ready summaries with mappings and tolerances.
- Basel paragraph references
- Movement explanations and controlled evidence packs
Help Choose Our Next AI Breakthrough
We distilled the leading ideas from our AI research backlog. Cast your vote and tell us which innovation would elevate your risk practice the most.
What matters most?
Your feedback steers where we invest engineering time—from smarter explainability to faster onboarding and supervision tooling. We will share outcomes with the community.
- Vote once and immediately see how the community is prioritising features.
- Optionally add your own idea if we missed something critical.
- We only store aggregate counts publicly and anonymise free-text suggestions.
Live Results
Collecting community feedback...Loading poll data...
Book a demo and/or a validation run
See a demo with synthetic data. Then, when you are ready, get your results contract: risk states with schemas, tolerances, lineage, and regulator-ready narratives. We will run your data and share the outputs.
Schedule now