NIC Trust Center

Nuvint Intelligence Core is a multi-tenant AI operating layer for community banks, credit unions, and risk teams that turns fragmented loan documents, servicing data, and workflow events into explorable decision lineage, governed automation, citation-backed answers, examiner-ready compliance bundles, and closed-loop core-banking writeback.

This public page combines the product summary buyers need with the security, architecture, identity, and operational-control posture required for diligence.

For investor and partner introductions, use the Nuvint website trust page first. For lender security review and vendor-risk diligence, use this product trust profile because it is generated from the current NIC runtime configuration.

Last updated: 2026-06-19 | Source: runtime_configuration

THEME

A Which Trust Page To Use

nuvint.ai/trust

Use for public website visitors, accelerators, partners, and investors who need a concise overview of Nuvint's trust posture, security principles, AI governance stance, and diligence readiness.

app.nuvint.ai/trust-center

Use for institution vendor-risk teams that need current product facts, runtime-backed controls, connector coverage, subprocessor details, and compliance roadmap status.

Conflict rule

Operational facts on this product trust profile should be treated as authoritative. Public website copy should summarize this page and avoid stronger claims than the runtime profile supports.

B Positioning Evidence

Evidence-native decision intelligence

NIC turns loan files, memos, workflow events, and citations into traceable decision graphs instead of opaque AI summaries.

Status: supported

citation-backed search and chat
decision lineage graph
examiner pack decision samples
tenant-scoped evidence coverage scoring

Evidence surfaces: /v1/search, /v1/chat, /v1/reporting/decision-lineage-graph/{loan_id}, /v1/reporting/examiner-pack-bundle

AI-powered lending workflows

NIC supports document intake, loan-file readiness, exception triage, decision memos, fraud signals, and core/LOS workflow handoffs.

Status: supported

loan-file overview and readiness
decision memo generation
loan exception management
core banking writeback approvals

Evidence surfaces: /v1/loans/file-overview, /v1/reporting/decision-memos, /v1/loans/exceptions, /v1/connectors/write-requests

Underwriting + compliance + auditability

NIC keeps underwriting support tied to audit logs, adverse-action context, fair-lending analysis, model-risk packaging, and evidence exports.

Status: supported

underwriting exception and condition tracking
adverse-action and fair-lending summaries
audit export packs
daily audit hash-chain verification

Evidence surfaces: /v1/audit, /v1/audit/export-pack, /v1/audit/hash-chain/daily/verify, /v1/reporting/examiner-pack-bundle

Real-time insights for credit unions

NIC surfaces tenant-scoped operational, connector, quality, exception, and pipeline signals for lending teams and credit-union operators.

Status: supported

pipeline bottleneck insights
connector health and reconciliation reporting
ops queue telemetry
core provider mappings for Jack Henry, Symitar, Fiserv, Corelation, and CU Answers

Evidence surfaces: /v1/reporting/pipeline-bottlenecks, /v1/reporting/connector-health, /v1/reporting/ops-queue, /v1/loans/reconciliation-runs

Governance + metric lineage + explainability

NIC exposes guardrail state, calibration thresholds, metric lineage, model inventory, release gates, and explainability artifacts for governed AI operations.

Status: supported

guardrail contract signals
tenant calibration thresholds
metric and decision lineage
AI governance release gates

Evidence surfaces: /v1/governance, /v1/reporting/decision-lineage-graph, /v1/reporting/phase2-evaluations, /v1/reporting/ai-quality-timeline

Closed-loop learning for lending teams

NIC captures reviewer feedback, adjudications, quality drift, adaptive candidates, and policy-routed follow-up so lending operations can improve with controls intact.

Status: supported

reviewer feedback backlog
phase 2 row adjudications
quality drift follow-up routing
adaptive policy candidate review

Evidence surfaces: /v1/reporting/reviewer-feedback, /v1/reporting/phase2-evaluations, /v1/adaptive/candidates, /v1/governance

0 Software Overview

What NIC does

Unifies loan files, memos, conversations, and decision artifacts into a tenant-scoped system of record with explorable decision lineage graphs, one-click examiner pack bundles (NCUA/OCC/FDIC), closed-loop core-banking writeback, fair-lending monitoring, model-risk evidence packaging, and HMDA / CRA examiner-support workflows.

Who it is for

Community banks, credit unions, private lenders, servicers, and risk operators that need faster due diligence, cleaner exception management, governed automation, examiner-ready compliance artifacts, and defensible AI-assisted decision support with full evidence chain visibility.

Why it matters

NIC reduces manual file review, preserves evidence trails, and keeps automation bounded by role-based access, tenant isolation, enterprise auth controls, audit visibility, and explicit compliance signoff paths.

1 Security Overview

Encryption in transit: Yes
Encryption at rest: Yes
Tenant isolation: Yes
RBAC enabled: Yes
Audit logging enabled: Yes
Retention policy engine: Yes
Connector KMS provider: local

2 Compliance Roadmap

SOC 2 Type I

in_progress.

SOC 2 Type II

planned.

ISO 27001

future.

3 Architecture Overview

Multi-tenant isolation: Yes
Control-plane separation: Yes
Evidence-first design: Yes
Governed hybrid RAG: Yes
Calibration-backed reasoning: Yes
Policy-driven release gates: Yes

4 Operational Assurance

LOS soak gate closed: Yes
Enterprise OIDC supported: Yes
SAML supported: Yes
SCIM supported: Yes
Access review workflows: Yes
Auth operations alerting: Yes
Environment drift checks: Yes
Decision Lineage Graph: Yes
Examiner Pack Bundle: Yes
Tenant quality filters: Yes
Lineage suppression follow-up: Yes
Release-gate policy automation: Yes

Production cloud posture: AWS is the current production cloud. Azure multi-cloud / disaster-recovery planning exists as a deferred implementation track and is not represented as active runtime redundancy on this page.

4b AI Evidence Surfaces

Decision Lineage Graph

Traces the full evidence chain from decision memos through conditions, exceptions, fraud signals, documents, and loan profiles with audit trail overlay, coverage scoring, calibration-backed thresholds, and low-evidence suppression.

Examiner Pack Bundle

One-click NCUA/OCC/FDIC/State-DFI exam artifacts with regulator-specific section requirements, readiness scoring, decision lineage samples, guardrail state, and fraud signal summaries.

Fair Lending Monitor

Denial-rate dashboards, protected-class slices, matched-pair analysis, exception-override bias checks, and investigation/attestation workflows.

Model Risk Packaging

SR 11-7 model cards, challenger comparisons, backtesting evidence, validation-report packaging, and approval/signoff lifecycle.

Compliance Workboard

Cross-surface governance timeline with fair-lending reviews, adverse-action queue pressure, HMDA/CRA posture, and model-risk review status.

4c Governed RAG Guardrails

Guardrail contract enabled: Yes
States: ready, needs_review, suppressed
Surfaces: search, chat, phase2_evaluations, decision_lineage_graph, audit_evidence_bundles, examiner_pack_bundle
Signals: evidence_quality, guardrail_state, suppressed, suppression_reason, gate_passed, calibration

4d Governance Automation

quality drift followup: Yes
decision lineage suppression followup: Yes
release gate auto approve: Yes
release gate auto hold: Yes
release gate auto route: Yes
release gate auto request review: Yes
tenant scope quality filters: Yes

4e Core Banking Connectors

Providers: jack_henry, symitar, fiserv, corelation, cu_answers
Capabilities: writeback, ingest, snapshot_sync, field_alias_mapping
Writeback modes: dry_run, approval_required, direct
Writeback actions: status.update, note.append, task.create, exception.disposition

All five core-banking providers support full ingest pipelines (snapshot sync, canonical mapping, field aliases) and production writeback (dry-run, approval-gated, direct) with idempotency, retry, and error mapping.

4f LOS Connectors

Providers: encompass, ncino, empower, meridianlink, mcp, calyx, lendingpad

5 Data Handling

Data residency region: eastus
Data deletion SLA (days): 30
Retention policy configurable: Yes
Tenant-scoped storage: Yes

6 Access Control

Role-based permissions: admin, member, viewer, auditor, platform_admin
Mode-based UX separation: admin, business, auditor
Least privilege guidance: Yes

7 Incident Response Summary

Detection

Operational alerts, connector failures, and audit anomaly signals.

Response

Containment, investigation, remediation, access review, and tenant impact review.

Notification

Customer communication based on severity and contractual obligations.

8 Vendor Risk FAQ

Do you support enterprise SSO?

Enterprise OIDC and SAML SSO are supported, with tenant-scoped role mapping and manual-role preservation controls.

Status: available_not_configured

Do you support SCIM provisioning?

Tenant-scoped SCIM user and group provisioning is supported for enterprise onboarding and lifecycle management.

Status: yes

Do you have audit logs?

Tenant-scoped audit logs capture access, ingestion, governance, workflow, and auth-operations actions.

Status: yes

Do you support data residency?

Deployment region is configured as 'eastus'.

Status: yes

Do you encrypt data at rest?

Data at rest uses platform-managed encryption controls.

Status: yes

Which cloud providers do you run on today?

Current production hosting is AWS-first. Azure disaster-recovery planning is documented for later implementation and is not yet a live multi-cloud runtime.

Status: aws_primary

9 Evidence Links

KMS Rotation Runbook (runbook)

10 Attestation

This profile is configuration-derived and does not itself certify external compliance.

11 Vendor Questionnaire Accelerators

SIG Lite Pre-Answers

SIG-LITE-001: How do you isolate customer data?

Tenant-scoped isolation is enforced across retrieval, storage, and audit boundaries.

Status: ready

SIG-LITE-002: Do you provide audit logging and evidentiary exports?

Yes. Tenant-scoped audit trails and export packs are available for compliance workflows.

Status: ready

SIG-LITE-003: What are your encryption controls?

Encryption is enabled in transit and at rest with environment-configured key management.

Status: ready

CAIQ Mapping

AIS-01 -> SIG-LITE-001

Application & Interface Security

Status: mapped

LOG-01 -> SIG-LITE-002

Logging & Monitoring

Status: mapped

EKM-03 -> SIG-LITE-003

Encryption & Key Management

Status: mapped

Data Flow Summary

Nodes: 5 | Flows: 4

source -> ingest

documents, transcripts, metadata

ingest -> store

parsed text, chunks, audit metadata

store -> reason

tenant-scoped retrieval context

reason -> ui

answers, citations, exports

Subprocessors

Amazon Web Services (AWS)

Cloud hosting, storage, database, and networking

Host NIC services and tenant-scoped persistence.Region: us-east-1 current default | Status: active

OpenAI

Model Inference

Reasoning and summarization tasks where enabled by tenant policy.Region: Configurable by deployment | Status: active

GitHub

Source control and CI/CD

Repository hosting, build, test, and deployment workflow metadata.Region: Provider-managed | Status: active