Keelpilot
Request a demo

Platform

Above the OMS. Below the IC.

Keelpilot is the governed decision layer. It sits above whatever already runs your portfolio and proposes SAA recommendations up to your Investment Committee. It does not ask you to migrate anything.

How it fits

Between your Investment Committee and your order-management systems.

Your OMS continues to do what it does. The Investment Committee continues to sign. Keelpilot runs between the two — typed, logged, and defensible at every boundary.

What runs between the two

Every recommendation passes through six stages, in order.

Each stage has a typed boundary, a bounded-retry gate, and an audit footprint. No stage reaches into another’s internals; each consumes a schema-validated input and emits a schema-validated output.

  1. 01IngestIPS, constraints, signals
  2. 02ProposeEnsemble of methodologies
  3. 03ReviewIndependent dissent
  4. 04DecideGoverned selection
  5. 05MemoBoard-signable draft
  6. 06ArchiveTyped, timestamped

Integration posture

AWS-native. BYOL. Complements your stack.

Per-tenant AWS accounts

Every tenant runs in its own AWS account. ca-central-1 by default. No shared compute, no shared keys, no multi-tenant blast radius. Your security team audits one account, not a fraction of ours.

Bring your own model vendor

BYOL. You hold the LLM vendor contract; we do not resell tokens and we do not interpose on that relationship. Your procurement team already knows the vendor — and their audit obligations.

Sits beside Aladdin, CRD, SimCorp

Read-only from your OMS by default. Any write-back is gated on your sign-off and flows through your existing approval path — we do not replace it, we do not automate around it.

Why it holds up

Four pillars, each survivable in audit.

Breadth

Ensemble, not single-model

The proposal ensemble is deliberately heterogeneous — multiple methodologies against the same input. A single model’s opinion is not a recommendation; an ensemble converging is.

Challenge

Dissent surfaced, not buried

Reviewers challenge proposals independently. Dissents are logged and archived alongside the decision record. The IC sees a governed summary; the audit record keeps the raw dissent.

Audit

Reconstruction is a query

Every stage is typed, timestamped, and archived. Reconstructing a decision weeks later is a database query with a stable schema — not a forensic exercise across unstructured text.

Operations

Procurement-first

Per-tenant accounts, source escrow on request, right-to-audit, SOC 2 Type I posture, termination-for-convenience. The terms your procurement team cares about are in the MSA, not a hallway conversation.

Request a demo