Hear that? It’s the collective exhale of credit union leaders.
Start super simple with AI. It doesn’t have to touch member data. It doesn’t have to be risky.
On The Credit Union Connection, Sarah Snell Cooke sits down with Kalyani Ramadurgam, co-founder and CEO of Kobalt Labs, and the discussion quickly moves beyond the AI theatrics. Kalyani’s background includes AI research at Stanford and building fraud and compliance tooling at Apple Pay; what’s striking is how grounded her advice is for credit unions navigating the AI revolution.
Instead of pitching AI as the next shiny member-facing feature, she points straight to the back office. Third-party risk. Policy reviews. Vendor oversight. The places where teams are quietly buried under documentation, spreadsheets and annual review cycles that feel more like survival exercises than strategy.
Her assertion for credit unions regarding AI –
“Don’t hesitate to start using it instead of staying in planning mode.”
Because if you’ve spent any time around some credit union volunteers and executives lately, you’ve heard the hesitation. Will regulators approve? Is it too early? Are we exposing ourselves? Kalyani addresses that head-on. Regulators, she explains, aren’t warning institutions away from AI. They’re cautioning against unsafe usage, especially around sensitive data. That distinction matters.
What’s refreshing is her candor about the state of existing tools. When she audits how institutions handle risk and compliance today, she observed how manual it is. In some cases, “abysmal.” Credit union employees are unnecessarily drowning in documentation. So, start narrow with AI. Keep humans in the loop. Choose use cases that don’t require connecting to the core. How’s that for taking the sexy out of AI?
There’s an undercurrent throughout the conversation that credit unions don’t always get enough credit for how innovative they’ve become. Some are moving, as Kalyani puts it, at “warp speed.” Not recklessly. Intentionally and with member experience at the center.
And if you’ve been sitting in planning mode, wondering when the right time is to dip your toes in, watch this video because the answer is now.
NOTE: This transcript reads like the AI attended transcription school via correspondence course.
Sarah Snell Cooke
Hello. Welcome everyone to The Credit Union Connection. I am your host. Sarah Snell Cooke, I’m here today with Kalyani Ramadurgam, welcome.
Kalyani Ramadurgam
Thank you for having me.
Sarah Cooke
Absolutely. She’s the founder and CEO of Kobalt Labs. Can you give us a little introduction to yourself, as well as your company?
Kalyani Ramadurgam
Yeah, absolutely. So Kalyani, I’m the co founder of Kobalt Labs. My personal background was I was an AI researcher at Stanford, and then I later went on to work on the fraud team at Apple Pay, building a lot of risk and compliance tooling for the back office. And I now have started Kobalt Labs, which is an AI powered platform that automates a lot of the same kind of back office work for credit unions and financial institutions. And so one of the big use cases we have, for example, is third party risk management, where AI can actually automatically review large amounts of policies and procedures and documents and fill out risk assessments and really just take all of the paper pushing out of the process now.
Sarah Cooke
So where can Carnegie start with AI while balancing the risk and the innovation that you’re talking about?
Kalyani Ramadurgam
Where do we start? Yeah, I get that question a lot where they say, Hey, we know AI is here. It’s not just coming, it’s here. But where are the best places to start? You know, we’ve never adopted it before, and I think the answer really lies in understanding the spectrum of all the areas where you can apply this kind of technology. So for example, you know, there’s use cases of AI where it requires sending PII or PCI into AI models, and that opens up another treasure trove of data security and data privacy issues. So we’ve actually chosen the tprm use case because it’s actually one of the lowest hanging fruits, because it doesn’t actually require the ultra sensitive customer data or member data, and it actually just takes in, you know, at the documentation level. And so that’s, that’s one way to think about it, which is, start off with AI applications that take the minimal amount of sensitive data, work your way up to really then using AI in more and more critical areas. Then the second thing to think about would also be, you know, what is the level of human in the loop here? What is the level of oversight you have over outputs? So if something is, if something is member facing, then there isn’t a human in the loop to make sure that, you know, thing, things are verified, right? And you’re, you’re more reliant on it versus, I think, in our case, because it’s a back office operation, it’s something that can be, you know, AI doesn’t have to be a black box. It’s something that works with your team instead of kind of being let loose.
Sarah Cooke
And so always talk about scaling from there, where, where can you scale first? I mean, like, how do you get it to the enterprise wide state?
Kalyani Ramadurgam
Yeah, I mean, I think that also comes down to implementation. I think the CEOs we work with who are the most successful, do a really good job of starting narrow and then working their way up. So, for example, when it comes to risk and compliance, you know, we imagine starting narrow with just reviewing, you know, critical vendors doing all security reviews, and then scaling up to all the different areas of risk, privacy, legal contract review, scaling up even more to reviewing other kinds of documents. And then going beyond that first use case, you know, can we review all policies and procedures? Can we review marketing material? And then all of those include bringing on more and more teams? So I think you try to start with onboarding every single potential user at once. Then things can get a little bit out of control. And so I think, like controlled scaling, team by team is, would be our recommendation.
Sarah Cooke
And this is like data. All the data that’s in there is kind of in a black box. It’s not touching, like the internet, correct?
Kalyani Ramadurgam
Yes, in the sense that it’s not being trained into models. But our tool happens to also integrate with real time data sources. It kind of depends on the use case.
Sarah Cooke
Okay, yeah, makes sense. So you mentioned a bit ago third party risk. Can you discuss the regulatory expectations, but especially hit on that third party risk part.
Kalyani Ramadurgam
Oh yeah, because this is coming up. I mean, we work really closely with a lot of regulators, including one side of the NCUA, and really just keeping our ear to the ground of what is something that credit unions just have to be thinking about. So third party risk is evolving a lot. A couple areas where it’s evolving is actually fourth party risk is starting to come up where, you know, there’s higher expectations of having oversight over your entire supply chain. So for example, we had some or everybody had some AWS data centers go down right three months ago. I think it was now. And that may not have necessarily been a credit union’s third party, but it was most definitely credit unions work party. And so with cobalt, you know what? What we what we know regulators expect is for institutions to say, okay, how can we immediately triage this, know who’s affected in our supply chain, and then act accordingly? So we’ve kind of built a lot of our product in accordance with those new expectations, which is, hey, we’ll alert you if one of your four parties goes down, we’ll tell you who’s affected by looking at all their documentation and help you triage it. So fourth party risk is a really big one that won’t stop coming up. Another one that’s coming up a lot is having a little bit more of a of a real time monitoring aspect of parties. And so instead of really just doing this, you know, for critical vendors, once a year, looking at everything and then forgetting about them until the next year. You know if there is material news in the interim, how can you proactively know about it, instead of having to always be looking for updates about all critical vendors? So I think that’s another area where AI can be really helpful. Like, Hey, can ai do the heavy lifting of telling you if one of your vendors has a security breach, or telling you if one of your vendors is involved with some kind of major litigation or a consent order, so kind of reactive. That’s a big one. And then I think the last one is really just going beyond checking the box. I think it used to be, Hey, did we have their, you know, do we have their privacy policy check. Do we have this check and then moving on, versus now, there’s an expectation of, hey, does data leave the US? Are they doing X, Y and Z? Do they have these controls in place and actually showing that you’re looking at, you know, doing diligence at the control level?
Sarah Cooke
Okay, yeah. And so why do you feel like you want to work with credit unions?
Kalyani Ramadurgam
Yeah, it’s a, it’s a fun question. I mean, we kind of, we, we got to know. So the first credit union we ever deployed with was Mayor West Credit Union. They’re in a two and a half billion dollar under management out of San Jose, California. So they were the first credit union we ever worked with. And we just, we loved working with them. And it was, it was just like, wonderful how they were so focused on how everything went back to the member experience and we also learned a lot from them about, you know, the credit union industry, how interconnected everything is, yes, and how much, you know, how much of like a nicely, tightly network and dense community is, and how everyone is kind of rooting for each other and wanting to use the same tooling and kind of grow together. So I think it’s just been so much fun. We were invited to venture tech last November, and that was the deep dive, and we had been working with a few credit unions when that was when things really blew up for us, and since venture tech, we’ve gone live with six more credit unions that we met there, so it just really set us on an amazing path, and now we’re really, really up to the races. So yeah, I think we just love working with them, and especially ones that are excited about innovation and like looking to be more capital efficient and really streamline. I think, yeah, I think the values are just really aligning.
Sarah Cooke
Yeah, no, that’s great to hear because, you know, often credit unions, or at least the credit unions that are, you know, a billion or less, because there’s so many, a billion or less, it’s not an industry that people want to get into sometimes. But yeah, it’s great when vendors actually intentionally pursue them.
Kalyani Ramadurgam
Yeah, absolutely. And I think also because of that the technology available to them is, frankly, just low in quality. When I look at and look at the audit of the tools, you know, I always have, people show me, show me how you’re doing things today, right? What’s the status quo? So that we can see where we can help. The status quo is so frequently, just so abysmal. And there’s people just drowning in manual work and documentation, because there isn’t tech built, you know, custom built for them in a way that really solves their problem. So I think there’s very much like an unmet need in this part of the market.
Sarah Cooke
Okay, yeah, for sure. I often hear that credit unions lately have been more innovative than the community.
Kalyani Ramadurgam
There are some that are definitely moving at warp speed, which I wouldn’t have expected maybe a year ago.
Sarah Cooke
Oh yeah. 100% agree with that. So you kind of touched on it, but talk a little bit more about your origin story.
Kalyani Ramadurgam
Yeah. So origin story I mentioned, I mentioned Stanford and AI research, and what I didn’t mention as part of that overview was that I was specifically doing research on how do you deploy AI in areas where there’s sensitive data and where accuracy is really critical and not necessarily for your average consumer use case. And so we were thinking a lot about financial services and healthcare and these really highly regulated markets. That’s how I kind of got started then with Apple Pay, of course, was first Deep Dive. Of course, not in accrediting, but into FinTech and financial services and then I also, I also, kind of got together with my co founder, who was at Apple, or, sorry, not Apple. She was a firm, the FinTech company doing buy now, pay later. We both kind of connected about how even the most innovative companies are still doing risk and compliance in a way that’s so manual, and there’s such an opportunity for AI and llms to really, really just take the entire thing into the 21st Century. So that was kind of the thesis. And then what we did was we actually created this. This almost a group of, we call it our Advisory Council of Chief Risk officers, chief compliance officers, you know, CISOs, CEOs of across, you know credit unions, you know, banks, fintechs across financial services, and even some ex regulators across the multiple different bodies. And really sat down and said, What are you know? What’s going on here? What are the areas where there’s going to be a lot of scrutiny and where there needs to be some like streamlined processes and really high quality tech, also areas that aren’t taking in highly sensitive data to start? All those kind of we from? What emerged from those conversations was third party risk management, internal audit, you know, some like, policy, procedure, review, a lot of this kind of work in the back office. And that was, um, that that’s how we kind of got started with this.
Sarah Cooke
No, that’s awesome that you were able to listen to what the needs are and actually fulfill that you aren’t like, creating remote controls that have all many, so many buttons you can’t figure out how to work them.
Kalyani Ramadurgam
Exactly, kind of working backwards. Like, Hey, what is taking up the most time and budget. You know what’s holding you back? And the thing that was holding people back was, hey, we can’t even deploy tech as quickly as we need to oversight over our supply chain, and we can’t answer questions that regulators are asking us. So that was really the kind of seed of the idea.
Sarah Cooke
Yeah and you all also don’t connect to the core. Is that correct?
Kalyani Ramadurgam
We do not need to connect at the core for vendor management, easier to deploy. That was the other big aspect, right? Can it be something that has quick implementation so people can immediately start seeing value? Like time to value is a really important metric that we have internally.
Sarah Cooke
Yeah. I mean, because often that’s what you hear is holding up the innovation at credit unions, especially a lot of the smaller ones, because they’re kind of stuck with the 10 year. They don’t have a lot of negotiating skills, or not skills, but negotiating weight to be able to negotiate and get more advanced tech. So, yeah, this has been great. I love, like, talking about AI. I don’t know why I’m sick but, but I do see, you know, I’ve used it in, you know, reviewing articles, or we’re right now trying to build an AI system to upload press releases and stuff like that. So it’s been, it’s been a great adventure for me, and I can’t imagine how much efficiency a credit union would get. Yeah. So, yeah, what is your what are your final thoughts? I always ask my guests for their final thoughts.
Kalyani Ramadurgam
I think we hear, you know, I appeared so many conferences and have so many conversations in the industry. And I hear a lot about people you know, people being you know, executives and folks at credit unions in particular, wondering, will my regulators be okay with me doing this? Expectations there, you know, what are the risks of being an early mover and things like that? And I think a message that is starting to resonate well with people is that, you know, there’s this is becoming a lot more. This is not some kind of fringe thing to do anymore with the early movers. They moved over two years ago, and so now it’s really, the market is really shifting. And this is not necessarily some far off thing that on the 2027, board meeting agenda. You know, this is something that you can kind of already start, like you’re doing now, dipping your toes and just starting now, provided that you’re doing it safely. And so I would say, you know, don’t hesitate to think about how you can actually start using it instead of staying in planning mode all the time. And then I think, from the regulatory side, regulators are not just open to. The credit unions using this kind of tech, but some of them are using it themselves, like we are working with regulators to help deploy AI in their systems. And so this is something that they’re also doing, and it’s not, it’s not this thing that they’re kind of cautioning financial systems against. What they’re cautioning against is putting sensitive data into systems and doing things in an unsafe way, but in general, is very much here, and everybody’s already using it.
Sarah Cooke
Yeah, yeah, awesome. Well, thank you so much for your time today. I appreciate it. Kalyani,
Kalyani Ramadurgam
Yeah, of course. Thank you for having me. Thank you.