NIC Trust Center

Nuvint Intelligence Core is a multi-tenant AI operating layer for community banks, credit unions, and risk teams that turns fragmented loan documents, servicing data, and workflow events into explorable decision lineage, governed automation, citation-backed answers, examiner-ready compliance bundles, and closed-loop core-banking writeback.

This public page combines the product summary buyers need with the security, architecture, identity, and operational-control posture required for diligence.

Last updated: 2026-06-09 | Source: runtime_configuration

THEME

0 Software Overview

What NIC does

Unifies loan files, memos, conversations, and decision artifacts into a tenant-scoped system of record with explorable decision lineage graphs, one-click examiner pack bundles (NCUA/OCC/FDIC), closed-loop core-banking writeback, fair-lending monitoring, model-risk evidence packaging, and HMDA / CRA examiner-support workflows.

Who it is for

Community banks, credit unions, private lenders, servicers, and risk operators that need faster due diligence, cleaner exception management, governed automation, examiner-ready compliance artifacts, and defensible AI-assisted decision support with full evidence chain visibility.

Why it matters

NIC reduces manual file review, preserves evidence trails, and keeps automation bounded by role-based access, tenant isolation, enterprise auth controls, audit visibility, and explicit compliance signoff paths.

1 Security Overview

Encryption in transit: Yes
Encryption at rest: Yes
Tenant isolation: Yes
RBAC enabled: Yes
Audit logging enabled: Yes
Retention policy engine: Yes
Connector KMS provider: local

2 Compliance Roadmap

SOC 2 Type I

in_progress.

SOC 2 Type II

planned.

ISO 27001

future.

3 Architecture Overview

Multi-tenant isolation: Yes
Control-plane separation: Yes
Evidence-first design: Yes
Governed hybrid RAG: Yes
Calibration-backed reasoning: Yes
Policy-driven release gates: Yes

4 Operational Assurance

LOS soak gate closed: Yes
Enterprise OIDC supported: Yes
SAML supported: Yes
SCIM supported: Yes
Access review workflows: Yes
Auth operations alerting: Yes
Environment drift checks: Yes
Decision Lineage Graph: Yes
Examiner Pack Bundle: Yes
Tenant quality filters: Yes
Lineage suppression follow-up: Yes
Release-gate policy automation: Yes

Production cloud posture: AWS is the current production cloud. Azure multi-cloud / disaster-recovery planning exists as a deferred implementation track and is not represented as active runtime redundancy on this page.

4b AI Evidence Surfaces

Decision Lineage Graph

Traces the full evidence chain from decision memos through conditions, exceptions, fraud signals, documents, and loan profiles with audit trail overlay, coverage scoring, calibration-backed thresholds, and low-evidence suppression.

Examiner Pack Bundle

One-click NCUA/OCC/FDIC/State-DFI exam artifacts with regulator-specific section requirements, readiness scoring, decision lineage samples, guardrail state, and fraud signal summaries.

Fair Lending Monitor

Denial-rate dashboards, protected-class slices, matched-pair analysis, exception-override bias checks, and investigation/attestation workflows.

Model Risk Packaging

SR 11-7 model cards, challenger comparisons, backtesting evidence, validation-report packaging, and approval/signoff lifecycle.

Compliance Workboard

Cross-surface governance timeline with fair-lending reviews, adverse-action queue pressure, HMDA/CRA posture, and model-risk review status.

4c Governed RAG Guardrails

Guardrail contract enabled: Yes
States: ready, needs_review, suppressed
Surfaces: search, chat, phase2_evaluations, decision_lineage_graph, audit_evidence_bundles, examiner_pack_bundle
Signals: evidence_quality, guardrail_state, suppressed, suppression_reason, gate_passed, calibration

4d Governance Automation

quality drift followup: Yes
decision lineage suppression followup: Yes
release gate auto approve: Yes
release gate auto hold: Yes
release gate auto route: Yes
release gate auto request review: Yes
tenant scope quality filters: Yes

4e Core Banking Connectors

Providers: jack_henry, symitar, fiserv, corelation, cu_answers
Capabilities: writeback, ingest, snapshot_sync, field_alias_mapping
Writeback modes: dry_run, approval_required, direct
Writeback actions: status.update, note.append, task.create, exception.disposition

All five core-banking providers support full ingest pipelines (snapshot sync, canonical mapping, field aliases) and production writeback (dry-run, approval-gated, direct) with idempotency, retry, and error mapping.

4f LOS Connectors

Providers: encompass, ncino, empower, meridianlink, mcp, calyx, lendingpad

5 Data Handling

Data residency region: us-east-1
Data deletion SLA (days): 30
Retention policy configurable: Yes
Tenant-scoped storage: Yes

6 Access Control

Role-based permissions: admin, member, viewer, auditor, platform_admin
Mode-based UX separation: admin, business, auditor
Least privilege guidance: Yes

7 Incident Response Summary

Detection

Operational alerts, connector failures, and audit anomaly signals.

Response

Containment, investigation, remediation, access review, and tenant impact review.

Notification

Customer communication based on severity and contractual obligations.

8 Vendor Risk FAQ

Do you support enterprise SSO?

Enterprise OIDC and SAML SSO are supported, with tenant-scoped role mapping and manual-role preservation controls.

Status: configured

Do you support SCIM provisioning?

Tenant-scoped SCIM user and group provisioning is supported for enterprise onboarding and lifecycle management.

Status: yes

Do you have audit logs?

Tenant-scoped audit logs capture access, ingestion, governance, workflow, and auth-operations actions.

Status: yes

Do you support data residency?

Deployment region is configured as 'us-east-1'.

Status: yes

Do you encrypt data at rest?

Data at rest uses platform-managed encryption controls.

Status: yes

Which cloud providers do you run on today?

Current production hosting is AWS-first. Azure disaster-recovery planning is documented for later implementation and is not yet a live multi-cloud runtime.

Status: aws_primary

9 Evidence Links

KMS Rotation Runbook (runbook)

10 Attestation

This profile is configuration-derived and does not itself certify external compliance.

11 Vendor Questionnaire Accelerators

SIG Lite Pre-Answers

SIG-LITE-001: How do you isolate customer data?

Tenant-scoped isolation is enforced across retrieval, storage, and audit boundaries.

Status: ready

SIG-LITE-002: Do you provide audit logging and evidentiary exports?

Yes. Tenant-scoped audit trails and export packs are available for compliance workflows.

Status: ready

SIG-LITE-003: What are your encryption controls?

Encryption is enabled in transit and at rest with environment-configured key management.

Status: ready

CAIQ Mapping

AIS-01 -> SIG-LITE-001

Application & Interface Security

Status: mapped

LOG-01 -> SIG-LITE-002

Logging & Monitoring

Status: mapped

EKM-03 -> SIG-LITE-003

Encryption & Key Management

Status: mapped

Data Flow Summary

Nodes: 5 | Flows: 4

source -> ingest

documents, transcripts, metadata

ingest -> store

parsed text, chunks, audit metadata

store -> reason

tenant-scoped retrieval context

reason -> ui

answers, citations, exports

Subprocessors

OpenAI

Model Inference

Reasoning and summarization tasks where enabled by tenant policy.Region: Configurable by deployment | Status: active