Direct answers to direct questions.

Companies are using AI to make decisions that used to be made by humans. Your insurance premium, your loan approval, whether a self-driving car brakes. Regulators are about to require proof those decisions were fair, safe, and inside the rules. Today building that proof takes auditors weeks because the AI changes every day and the records are scattered. Velma watches the AI in real time, signs every decision, and delivers the proof pre-formatted for the people who consume it. Controllers, internal auditors, and ultimately the regulator. What took days now takes minutes.

Velma sits between your control plane and your AI. It reads every decision your model wants to make, checks it against the active rules. Rate filings, ASIL targets, PCCP limits, fairness constraints, reserve policy. And either passes it, narrows it, or blocks it. Every decision, passed or blocked, is signed onto a tamper-evident audit chain. Above control, below intelligence.

Three audiences, in order of contact. The controller and the internal auditor are the daily users. They consume the evidence Velma signs, in the format their workpaper tool already uses. The CRO / CCO is the buyer. They own the budget and care about fines avoided, capital reserved, and launch velocity. The external auditor and the regulator are the final readers. They receive evidence in their native formats (NAIC, Solvency II, ISO 26262, FDA PCCP, SR 11-7, EU AI Act) without translation. The pitch lands differently for each; the product is the same.

No. Velma writes evidence into them. Your existing GRC, model-registry, and audit-workpaper stack stays where it is. Velma is the runtime layer none of those tools provide. It watches and signs decisions as they happen, then delivers the evidence into the platforms your team already works in. We sit between your model server and your compliance stack, not in place of either.

GRC tools document policy. Model risk systems track lineage and documentation. Both are offline. Velma is runtime. We intervene on individual decisions in production, before they ship, and produce an evidence artifact the regulator reads natively. We are not a replacement for governance you already have. We are the layer that makes governance enforceable.

We do not replace your underwriting engine, autonomy stack, or model catalogue. Velma reads system state and intercepts at decision boundaries you already expose. Removal is a configuration change, not a re-architecture. We hold no customer data by default; the source of truth stays in your systems.

No. Velma runs alongside your stack. On-prem, in your cloud account, or at the edge depending on the deployment. The evidence artifact (the signed audit chain) is the only thing that needs to be portable, and it is designed to be regulator-readable in the formats the regulator already accepts.

On the basis points of what it protects. Premium written, loans originated, autonomous-mile coverage, decision volume. Pricing scales with the risk surface, not with seat count or compute. Pilots are fixed-fee.

Pilot scope is set in a single 30-minute call. The standard pilot is six weeks: two for instrumentation, two for shadow observation, two for live intervention on a bounded decision surface. The deliverable at week six is a signed evidence artifact you can hand to your regulator or your board.

NAIC Annual Statement, Solvency II SFCR, AM Best BCAR, ISO 26262 safety case, DO-178C / DO-254 evidence, FDA PCCP dossier, SR 11-7 model risk package, IFRS 17 reserve attestation, EU AI Act Article 9 documentation. The same audit chain exports to all of them. We did not pick a regulator and design for it; we designed for the format they all converge on.

Because most existing infrastructure is documentation, validation, and post-hoc reporting. Built for static models. Adaptive systems change between audits. Velma is the layer that makes ongoing governance enforceable on systems that learn. Your existing infrastructure stays; we sit beneath it on the runtime side.

Then the conversation is about the deadline you will be under. Every adaptive AI system in a regulated domain is on a clock. We help you pick the right pilot now so the artifact exists before the examiner asks for it. Not after.