top of page

Aviraj Dongare

  • LinkedIn
  • Instagram
  • X
  • Facebook
ai-data-analysis-team_11zon (1).jpg

Leading the Rollout of JPMorgan’s Compliance-First LLM Suite

for 200K+ Employees

Screenshot 2025-06-13 at 7.31.56 PM.png

Overview

As the financial industry increasingly adopts artificial intelligence, this case study imagines JPMorgan Chase leading with a compliance-first LLM Suite, a generative AI platform built to function as a virtual research analyst for more than 200,000 employees.

In my proposed approach, the LLM Suite would be deployed within JPMorgan’s private infrastructure, trained on proprietary, permissioned datasets and governed by rigorous compliance and audit controls. Designed to enhance legal, compliance, and servicing workflows, the platform delivers explainable, context-aware responses while meeting the bank’s strict data protection and regulatory requirements.

This case study explores how a Technical Program Manager could lead such a transformation by aligning security, compliance, engineering, and change management efforts to close performance gaps and drive measurable productivity across a global financial enterprise.

Quick Navigation:

Context

Why JPMorgan built an LLM Suite

Gap & Vision

Fragmented workflows
→ need for AI-driven governance as the north star

Business Impact

↓60% manual load, 
↓70% turnaround time in compliance

Architecture

GenAI platform powering 200K employees with secure scale

OKRs

Success metrics tied to adoption, efficiency, and trust 

RACI Map

Program ownership across Tech, Legal, and Compliance

My Role

Driving execution and learnings on scaling GenAI in enterprises

The Need for Enterprise GenAI

What happens when manual legal workflows can no longer keep pace with enterprise-scale SLAs?
When legacy systems bottleneck critical decisions, what’s the cost of inaction?

Can you drive speed, compliance, and trust, without sacrificing control?

Adopting an enterprise GenAI suite at JPMorgan demands overcoming compliance and servicing bottlenecks with a model-neutral, auditable design.

As I assessed JPMorgan’s internal workflows, it became clear that legacy systems in legal, compliance, and servicing were not only slow but they were brittle under scale.

Screenshot 2025-07-31 at 1.07.02 AM.png

I identified two critical systemic gaps holding back JPMorgan’s operations:

- A performance gap, where outdated processes couldn’t meet SLA demands.
- An opportunity gap, where GenAI could elevate productivity, precision, and enterprise responsiveness.

Rather than automate broken processes, the team reimagined them ground up with model-neutral, audit-compliant GenAI at the core.

Gap Statement

JPMorgan’s legal operations were facing rising turnaround times and bottlenecks caused by manual, resource-heavy document reviews, making it increasingly difficult to meet service-level expectations at scale.

To address this, the AI Product and Risk teams initiated the rollout of an enterprise-grade LLM Suite built with embedded model governance, compliance-by-design, and internal data alignment. The initiative set ambitious targets: a 50% reduction in manual review workload by Q3 2025, and significant gains in frontline legal responsiveness.

Business Impact

Before JPMorgan’s LLM Suite, legal, compliance, and servicing workflows were heavily manual, fragmented, and slow, creating bottlenecks at enterprise scale. Teams struggled with siloed systems, high compliance risks, and long turnaround times that limited both scalability and responsiveness.

 

By operationalizing a compliance-first GenAI suite, JPMorgan unlocks measurable outcomes at both enterprise and regulatory levels:

  • Efficiency Gains: Automates manual document reviews and SLA-heavy workflows, reducing turnaround times by 60–70%.

  • Cost Savings: Cuts thousands of employee-hours in repetitive legal/compliance checks, freeing analysts for higher-value decisions and contributing to ~$1–2B in estimated annual ROI.

  • Compliance & Auditability: Ensures 100% traceable workflows, reducing regulatory exposure and audit findings.

  • Scalability: Supports 200,000+ employees across legal, compliance, and operations without bottlenecks.

  • Risk Mitigation: Embeds real-time guardrails (RBAC, encryption, audit logs) to minimize operational and regulatory risks.

  • Strategic Agility: Enables faster onboarding of new policies, regulations, and AI models without re-architecting core systems.

Before vs After Swimlane - visual selection.png
Screenshot 2025-08-01 at 1.49.12 AM.png

Vision and North Star Metrics

JPMorgan Chase launched its internal Generative AI (GenAI) platform with a clear strategic vision:
To responsibly deploy GenAI across knowledge-intensive workflows by enhancing scale, compliance, and productivity while safeguarding explainability and trust.

This north-star vision guided the development and rollout of the LLM Suite, with a focus on long-term enablement rather than isolated experiments.

System Architecture

jpmc llm final.png

From the first handshake (SSO) to the final word (legal output), the proposed architecture would treat every prompt like a high-value transaction that is verified, risk-checked, routed to the right model, and fed back into a loop that makes tomorrow’s answers better than today’s.

Proposed Execution Flow

​The following flow illustrates how I would architect the request lifecycle under compliance-first constraints.

  • SSO + MFA → RBAC

    • SSO asserts identity (OIDC). MFA must be fresh (acr=aal2+)

    • IAM resolves role, data entitlements, model tier
       

  • Prompt Policy Enforcement (pre-gate)

    • Checks: allowed purpose, max tokens, attachment classes, export controls, egress eligibility

    • Violations → HTTP 403 with policy id
       

  • PromptOps

    • Builds prompt from template_id + variables

    • Emits PromptCreated to Prompt Logging Queue with trace_id
       

  • Risk Scoring

    • Features: prompt length, domain, sensitivity of attachments, user risk profile, template risk

    • Output: risk_score [0–100], risk_tier {LOW|MED|HIGH}
       

  • Validation (PII/Bias/Terms)

    • Regex/ML PII scan on user input; bias/abuse lexicon; allowlist of legal phrases

    • If HIGH risk and PII present → strip/redact or send to approval
       

  • Approval Workflow (HITL)

    • Rules: risk_tier == HIGH OR purpose in {regulatory_filing, external_comms}

    • Approver action logged (approver_id, decision, reason)
       

  • Model Router → Model-Neutral Executor

    • Creates standard inference job; attaches data access token for retrieval
       

  • Containerized Services + Hybrid Hosting

    • Fetches embeddings/context (if needed), mounts sanitized docs, applies model-specific adapters

    • Runs in K8s (HPA enabled) on-prem/Outposts. Backpressure uses the queue
       

  • Model Selector

    • Chooses Internal LLM vs External Proxy (gated) using policy + live SLOs

    • External calls require egress_allowed && purpose in allowlist && attachment.class != PII
       

  • LLM Inference Cluster

    • Executes with system prompt, template, guardrails (stop words, max tokens)

    • Returns raw answer + safety signals (toxicity, duplication, confidence)
       

  • Audit Trace Layer

    • Persists full lineage: trace_id, user_id, role, template_id, model_id, risk_score, validators, approver_id, latency_ms, token_usage, egress_used(bool)
       

  • Centralized Logs → SIEM / Shadow AI / DLP / Red-teaming

    • SIEM alerts on anomalous usage; Shadow-AI blocks unapproved egress; DLP re-checks outputs; Red-team replay harness fuzz-tests prompts
       

  • RLHF Feedback Collector → Labeling → Model Refinement

    • Captures thumbs-up/down, edits, and reviewer notes → training set → periodic fine-tuning
       

  • Legal Response Generator (post-processor)

    • Normalizes output to approved template (e.g., redline summary, clauses list, citations)

    • Emits ResponseReady + links to artifacts

OKR Tree

The OKR framework below shows how I would align teams if leading this rollout to a shared vision for delivering secure, explainable AI at scale while driving measurable productivity and trust.

Screenshot 2025-08-01 at 2.47.04 AM.png
Screenshot 2025-08-09 at 12.25.11 AM.png

Illustrative RACI Map

Screenshot 2025-08-09 at 12.22.48 AM.png

Stakeholders

  • Security & Egress: A = IAM Director; R = Security Eng, Red-Team, SOC, DLP
     

  • Prompt Governance / Policy: A = AI Governance Lead; R = Product Owners, TPM
     

  • Platform / SLOs / Cost: A = CTO – Head of Platforms; R = Platform Eng Manager, SRE, Release
     

  • Model Tiering & Routing: A = MLOps Lead; R = Router Owner, Eval & Testing, RLHF/Labeling
     

  • Data & Integrations (RAG/Taxonomy): A = CDAO; R = Data Eng Lead, Knowledge Mgmt Lead
     

  • Business Adoption (Legal/Compliance): A = COOs (Legal & Compliance); R = Legal Research/Compliance Review/Contact Center Ops
     

  • Security Posture (org-wide): A = CISO; R = Security Eng, SOC

Note: Roles and responsibilities shown are representative of how I would structure governance.

Single-A per workstream

My Role and Key Learnings

Working through this case study reinforced for me that rolling out AI at enterprise scale isn’t just about model performance but about trust, governance, and clarity of impact. I realized how much hinges on getting the guardrails right: aligning stakeholders through clear OKRs, building auditability into every layer, and keeping compliance teams as close partners rather than afterthoughts. Just as important was connecting the dots between technical choices like routing models or enforcing policy checks and the business outcomes they enable. At JPMorgan’s scale, you can’t afford to let complexity cloud the story; the architecture has to be airtight, but the narrative has to show why it matters. That balance of technical depth and strategic storytelling is what I sharpened most here.

LLM Suite named 2025 “Innovation of the Year” by American Banker

banner-llmsuite-ab-award.png
Screenshot 2025-07-09 at 2.37.38 PM.png
  • LinkedIn
  • Instagram
  • X
  • Facebook

© 2025 Aviraj Dongare. All rights reserved.

bottom of page