Heterogeneous documents
Policies, procedures and circulars scattered across SharePoint and shared drives. The system answers from contradictory sources.
Southbridge Consulting Services Ltd
We build permission-aware retrieval systems for UK financial services, the NHS and the public sector — with the documented evidence that supervisors and inspectors expect.
The problem
Policies, procedures and circulars scattered across SharePoint and shared drives. The system answers from contradictory sources.
Fixed windows that separate a decision criterion from its supporting analysis. The retrieved fragment looks plausible but lacks the context to be defensible.
Semantic search misses exact strings: counterparty names, ISIN codes, regulatory rule numbers, ICD-10 codes. The content users most often search for.
Top-five retrieval misses the truly relevant chunk. The model reasons confidently from the wrong evidence.
Without curated real-user questions with scored answers, every change is a guess. Quality drift goes unmeasured until incidents reveal it.
Identity and access treated as a deployment-time concern. In a regulated workflow, an information barrier breach with regulatory consequences.
The first five sink the pilot. The sixth sinks the firm.
AI deployments in regulated industries succeed or fail on their evidence, not their engineering. Our methodology is structured so that every artefact a supervisor or inspector might ask for is produced as a delivery output — not reconstructed after the fact.
Methodology
Southbridge builds retrieval-augmented AI systems that ground language models in your organisation's own documents while respecting the access controls already in place at the source.
The index itself respects the user's permissions through your existing identity provider — Microsoft Entra ID, AWS IAM Identity Center, or NHS Care Identity Service. Information barriers are enforced at the retrieval layer, not at the presentation layer. They are not bypassable by clever prompting.
Every answer cites the documents it drew from. Every retrieval is logged. Every change to the system is measured against a curated evaluation set. The audit trail is the deliverable.
Integrated with Entra ID and equivalent providers at the data layer. Information barriers respected by architecture, not by policy.
Every retrieval logged. Every answer cited. Evidence produced as a delivery output, not a reconstruction.
Discovery, Pilot, Production and Retained stages with defined outputs and defined timelines. No scope creep.
Sectors
Vertical 01
UK banks, insurers, fintechs, wealth and asset managers, central banks and supervisors. Aligned to PRA SS1/23 Model Risk Management Principles, FCA Consumer Duty, Operational Resilience and the BoE/PRA AI Innovation framework. Bi-jurisdictional coverage including Nigerian financial services institutions under CBN and NDPA.
Vertical 02
NHS Trusts (acute, mental health, community), Integrated Care Boards, local authority adult social care and CQC-regulated private providers. Aligned to the NHS SBS Healthcare AI Solutions Framework, with clinical safety case work under DCB0129/0160 and Data Security and Protection Toolkit alignment.
Engagement
Engagements stack into a structured pathway. Each stage produces a defined output and a defensible internal decision point before committing to the next. No obligation to proceed beyond any given stage.
Stage 01
A written diagnostic of your document estate, retrieval baseline against 20 real questions, prioritised remediation roadmap, and a draft DPIA template. Owned by you. No commitment to continue.
Stage 02
Production-equivalent system for one named use case. Full model risk file. Evaluation harness with 100+ named questions. Limited release to a defined user cohort with measured outcomes.
Stage 03
Wider rollout to the eligible population. Full SS1/23 or DCB0160 model record. Monitoring, alerting and incident response. Staff training, change management and handover.
Stage 04
Continuous evaluation. Model upgrades with re-validation before promotion. Quarterly business reviews. Ongoing model record maintenance as part of your inventory.
Position
We combine the engineering depth of a boutique, the regulatory fluency of a Big Four, the fixed-fee discipline of a SaaS vendor, and an identity-engineering moat rare in AI consultancies.
Microsoft Entra ID, AWS IAM Identity Center and NHS Care Identity Service integrations at the data layer. The sixth failure mode, solved by architecture.
Structured Discovery Sprints make us procurable without lengthy commercial cycles. The pathway is designed for public-sector and regulated-industry procurement processes.
SS1/23, Consumer Duty, Operational Resilience, Caldicott, DSPT, DCB0129/0160, DTAC, NDPA and CBN frameworks as native vocabulary.
Registered in England and Wales. UK-resident founders with bi-jurisdictional reach into the Nigerian financial services market.
Every engagement begins and ends with a written artefact you own. No verbal hand-waving on what was delivered or what comes next.
Standards & compliance
Start the conversation
One week. A written diagnostic owned by you. No obligation to continue.
Get in touch