Horizon Bank · Reference Architecture
On-prem deployment · BFSI
Same codebase deploys here

Six tiers. All inside the bank's perimeter.

The demo you just ran is running on hosted infrastructure for convenience. In production, every tier below runs inside the bank's DC, with the compliance layer enforced inline on every single turn.

Tier 1
Edge — Customer
Public internet / PSTN / SIP trunk
  • Inbound DID / outbound originationTelco-agnostic
  • WebRTC (demo) or SIP (prod)Carrier-neutral SBC
  • TLS 1.3 + SRTP encryption
Tier 2
Voice Gateway
Bank DMZ
  • Deepgram Nova / Faster-WhisperStreaming STT, 200–300ms
  • ElevenLabs Turbo / XTTSTTS, self-hosted option
  • Barge-in detection + VAD
  • Per-turn audio buffer (WORM-backed)
Tier 3
Conversation Brain
Bank internal zone
  • Claude Sonnet 4.6 (hosted) / Llama-3.1 (on-prem)Swappable LLM
  • Scenario engine + tool router
  • Tool calls: lookup_account, log_outcome, escalate
  • Prompt guardrails + persona per bank
Tier 4
Compliance Layer
Bank internal zone (inline)
  • Calling-window enforcementPer-customer TZ, 08:00–19:00
  • Consent classifierMulti-lingual (EN/MS/ZH/HI)
  • DNC registry checkReal-time lookup
  • PII redactionCard / NRIC / Aadhaar / MyKad / phone
  • Coercive-language detectorInline agent monitoring
Tier 5
Data & Audit
Bank core zone
  • Postgres (Supabase / self-hosted)Calls, transcripts, events
  • Object storage for recordingsWORM + object-lock
  • Append-only compliance audit log
  • Integration: CBS / CRM / DNC / IVR
Tier 6
Security & Ops
Bank SOC
  • mTLS between tiers
  • HSM-backed secrets
  • Syslog / SIEM forwarding
  • RBAC + SSO (SAML / OIDC)
  • Air-gap option for sensitive workloads
Per-turn flow (≤ 1 second end-to-end target)
  1. 01Customer answers / calls in
  2. 02SBC → Voice Gateway (STT)
  3. 03Text → Conversation Brain (LLM + tools)
  4. 04Compliance checks inline (window, consent, DNC, PII)
  5. 05Tool calls → CBS / CRM
  6. 06Response → TTS → Customer
  7. 07Every turn logged to audit store
Data residency
SG / MY / IN / UAE, bank-choice
PDPA · MAS TRM · BNM RMiT · DPDPA · UAE PDPL compliant
Deployment modes
On-prem · Private cloud · Hybrid
Docker Compose · K8s Helm · Air-gapped image
LLM flexibility
Claude · GPT · Llama-3.1 · Qwen
Swap per workload. Self-hosted option for sensitive flows.