Financial Infrastructure · DevOps · Boston

Engineering inside
financial services.

Ten years across private equity, retail, and asset management. Real technical experience covering infrastructure, cloud, security, and trading systems. Written plainly to help other engineers navigate this world.

Michael Harlow
Michael Harlow // sys.ghost  ·  Boston, MA
☕ Buy me a coffee
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
All posts

Archive

We scheduled a Technology Connect event for our engineering team and built a lineup of games around AI and infrastructure topics. Here's how we put it together and what I'd do differently.
← Back to posts
Data Engineering Apr 28, 2026 · 13 min read

AI-Ready Data in Investment Management: What It Actually Takes

AI-Ready Data in Investment Management: What It Actually Takes

Every vendor in the investment management space is now telling you their product is AI-ready. What they usually mean is that they have added an AI button to their GUI. What they almost never mean is that the underlying data your firm generates — the positions, the transactions, the research notes, the compliance records — is in a state where AI models can actually do useful work with it.

I have been working inside investment management infrastructure for several years. Over the past eighteen months, I have been directly involved in efforts to get our data into a state where AI tooling can be applied to it. This post is about what that actually involves: the specific problems you encounter, the decisions you have to make, and the things nobody tells you before you start.

The gap between "we have data" and "we have AI-ready data"

Investment management firms generate enormous amounts of data. Positions, NAVs, trade blotters, attribution reports, risk metrics, compliance exceptions, research documents, meeting notes, email threads about portfolio decisions. Most of this data exists. Almost none of it is in a state where you can point a language model at it and get reliable, useful output.

The problems fall into a few categories, and understanding which category you're dealing with determines what you actually need to build.

Structural inconsistency is the most common. The same concept — say, "cash" as a position — is represented differently in your portfolio management system, your risk system, your accounting system, and your reporting system. They might use different instrument identifiers, different sign conventions, different accounting treatments. A model that ingests data from multiple systems without understanding these differences will produce outputs that look confident and are wrong.

Temporal confusion is subtler but equally serious. Investment data is deeply time-dependent. A position as of yesterday is a completely different fact from a position as of a week ago. A price at market close is different from a price mid-day. If your data pipeline doesn't carry rigorous timestamp and as-of-date metadata through every transformation step, you will eventually feed a model data that it treats as current when it is stale.

Missing provenance is the one that creates regulatory risk. In a regulated environment, it is not sufficient to have a number. You need to know where that number came from, who touched it, and when. If you can't answer those questions for the data you're feeding into an AI system, you cannot use that system's outputs in any context that a regulator might review. Which in investment management is most contexts.

What "AI-ready" actually means

I find it useful to think about this in terms of three properties. Data is AI-ready when it is clean, contextualised, and retrievable.

Clean means what it always meant in data engineering: consistent identifiers, no duplicates, validated against known constraints, missing values handled explicitly rather than silently. The specific wrinkle in financial data is that many of the validation rules are domain-specific and not obvious to engineers who haven't worked in the industry. A negative cash balance is sometimes valid and sometimes a data error depending on context. A 100% position weight is correct for some fund structures and wrong for others. You need the business logic encoded, not just generic data quality checks.

Contextualised is where most firms fall short, and where the interesting engineering work lives. For an AI model to do useful work with investment data, it needs to understand what the data means, not just what it says. This is the difference between a model that can tell you the current NAV of a fund and one that can tell you whether a recent NAV move is unusual given the fund's historical behaviour and the market environment. The latter requires that your data carries enough metadata and relationship information to support that kind of reasoning.

In practice, contextualisation usually means maintaining a semantic layer: a structured representation of how your data concepts relate to each other, what the valid values are, what normal ranges look like. Think of it as a machine-readable data dictionary with teeth.

Retrievable is the operational problem. Clean, contextualised data that you can't efficiently query is not AI-ready. This is where the vector database conversation comes in, but also where a lot of firms go wrong by jumping straight to the solution without solving the upstream problems first.

The data quality work you can't skip

Before you touch vector embeddings or retrieval-augmented generation or any of the model infrastructure, you need to solve the data quality problems. There is no shortcut here. A model operating on bad data produces bad outputs confidently, which is worse than producing no output at all.

The practical starting point is a data quality audit that is specifically oriented toward AI use cases. Standard data quality checks (null counts, duplicate rates, referential integrity) are necessary but not sufficient. You also need to check for what I call AI-specific quality issues.

Semantic drift is one. This is where the same field in your database has been used to store different things at different points in time. Maybe a field called instrument_type used values like EQ, FI, CASH until 2021 and then a system migration changed the vocabulary to Equity, Fixed Income, Cash Equivalent. A model trained or fine-tuned on this data will see what looks like noise when it is actually history. You need to identify these discontinuities and either clean them or ensure the model knows about them.

Coverage gaps are another. Investment management data often has gaps that are not random. Data quality tends to be worse for older records, for legacy instruments, for edge cases in fund structures. If your AI system will be used to answer questions that might touch these gaps, you need to know where they are and either fill them or bound the system's ability to answer questions in those areas.

Entity resolution is the one that takes the most time. Your firm almost certainly has multiple systems that store information about the same entities — the same securities, the same counterparties, the same clients — under different identifiers with no automated linkage. Getting to a point where you have a reliable entity graph that a model can use to understand that "Apple Inc", "AAPL US Equity", "US0378331005" (the ISIN), and "037833100" (the CUSIP) are all the same thing requires work that is fundamentally not glamorous and cannot be automated away.

Structured data vs unstructured data: two different problems

Most AI-in-finance discussions conflate two genuinely different problems: using AI to work with structured financial data (positions, prices, transactions) and using AI to work with unstructured content (research notes, earnings call transcripts, internal memos, email threads).

Both are worth solving. They require different approaches.

For structured financial data, the dominant pattern right now is text-to-SQL: you point a language model at your data schema, give it enough context to understand the domain, and let it translate natural language questions into SQL queries that you then execute against your actual data. This is more reliable than asking a model to answer directly from embeddings because the SQL is verifiable — you can inspect the query before running it, catch errors before they become wrong answers.

The challenges in financial services are that the schema is complex, the domain concepts are non-obvious, and the stakes of a wrong answer are real. A model that generates a query using the wrong as-of date for a position lookup, or that misunderstands a fund's accounting treatment, will produce results that look right and aren't. This means you need substantial prompt engineering, a well-documented schema, and a validation layer between the model's generated SQL and the result the user sees.

For unstructured content — the research notes, the meeting records, the analyst commentary — the standard approach is retrieval-augmented generation (RAG): you chunk your documents, embed them as vectors, store them in a vector database, and at query time you retrieve the most relevant chunks and give them to the model as context. This works well when your documents are well-structured and your queries are semantically clear. It works less well when your documents are poorly formatted, when the answer to a question spans multiple documents that weren't written to relate to each other, or when precision matters more than recall.

In investment management, both of these failure modes are common. Research notes are often poorly formatted. Questions about portfolio construction often require synthesising information across many sources. Precision matters a great deal.

The compliance and governance layer

This section is the one I see engineers skip and then regret.

Any AI system operating on investment management data in a regulated context needs a governance layer that is not an afterthought. Specifically, you need answers to the following questions before you deploy anything to production.

What data can this system access, and what can it not access? Material non-public information (MNPI) is the obvious concern: a system that can inadvertently surface MNPI in its responses creates regulatory exposure that no one at your firm wants. The controls you have on MNPI need to extend to any AI system that touches related data.

How is the system's output logged, and for how long? Regulators increasingly expect firms to be able to reconstruct decision-making processes. If an analyst used an AI system to inform a trade decision, you may need to produce the specific query, the specific response, and the model version that generated it. This is not a hypothetical future requirement; it is something compliance teams are starting to ask about now.

What is the process when the system produces incorrect output? This is not a question of if, it is when. You need a documented process for identifying errors, communicating them to affected users, and correcting the underlying cause. In financial services, an AI system without a clear error-handling process is not deployable in any consequential context.

The infrastructure underneath

On the infrastructure side, the stack for AI-ready financial data is more complex than most initial assessments suggest.

You need a data pipeline that carries full provenance metadata — source system, extraction timestamp, transformation steps — through every stage. This rules out a surprising number of standard ETL patterns that drop or flatten metadata as a matter of course.

You need a semantic layer that is maintained alongside your data. In practice this usually means a combination of a data catalog (something like DataHub or Collibra, depending on your scale and budget) and an in-house-maintained domain model that encodes the business logic your catalog won't know about.

For the vector database layer, the main contenders right now are Pinecone, Weaviate, and pgvector if you want to keep it inside your existing PostgreSQL infrastructure. I have worked with pgvector in production and it is a reasonable choice for moderate-scale use cases where you are already running PostgreSQL and want to minimise operational complexity. For larger scale or more sophisticated retrieval patterns, a dedicated vector database is worth the operational overhead.

On the model side: unless you have a specific reason to run models on-premise (and there are some in financial services — data residency requirements, latency requirements for certain use cases, reluctance to send sensitive data to third-party APIs), the major hosted providers are the practical choice for most firms. The security and compliance posture of the major providers has matured enough that most compliance teams can get comfortable with it, but you will need to work through a formal vendor assessment.

What a realistic timeline looks like

If you are starting from a typical investment management data environment — several source systems with inconsistent identifiers, limited data quality tooling, no semantic layer — here is a realistic timeline for getting to a state where AI tooling can be used in production on anything consequential.

Data quality audit and remediation: three to six months, depending on the number of source systems and the depth of the quality issues. This cannot be parallelised much because each issue you find often reveals a downstream issue you didn't know about.

Semantic layer and entity resolution: two to four months, heavily dependent on whether you have business analysts who know the domain well enough to encode the rules. The engineering work is not the bottleneck here; the knowledge capture is.

Governance framework and compliance sign-off: one to three months, depending on your firm's internal processes and the specific use cases you are targeting. Firms with mature model risk management frameworks (required for certain regulated entities) have a more defined process here, which is both slower and more defensible.

Infrastructure and prototype: one to two months, running in parallel with the governance work once you have enough data quality to prototype on.

Realistic total: eight to fifteen months from standing start to a production system you can stand behind in a regulated context. Anyone telling you they can do it faster is either starting from a better data position than you, cutting corners on governance, or selling you something.

The thing that actually matters

I want to end with something that doesn't fit cleanly into the technical sections above.

The firms I have seen make genuine progress on AI in investment management are the ones where data quality is treated as a first-class infrastructure problem, not a prerequisite that someone else will handle before the interesting work begins. The data quality work is the interesting work. The semantic layer is the intellectual contribution. The model is just the interface.

If your firm's AI initiative is structured as "build the AI stuff and fix the data later", it will not produce results you can use in production. If it is structured as "fix the data in a way that makes it AI-ready, then plug in the models", it might actually get somewhere useful.

The models have gotten good enough that data quality is now the binding constraint in almost every serious financial AI application. Treat it accordingly.

Found this useful?
☕ Buy Michael a Coffee
← More posts

Hey, I'm Michael Harlow.

Senior Systems Engineer · Boston, MA · Writing as sys.ghost

I have spent over a decade building and maintaining infrastructure at the intersection of technology and financial services. My career has taken me through three distinct sectors -- technology, private equity, and asset management -- and each one changed how I think about what reliable infrastructure actually requires.

I started in general IT, which is where most engineers who did not go straight into software end up. Data centers, networking, on-call rotations, learning to label cables properly because unlabeled cables are a promise that someone else will suffer later. The work taught me that almost every sophisticated system is, one layer down, a collection of unglamorous fundamentals that either hold or do not. I still believe that. I still label everything.

Private equity came next, and it was a different world. The infrastructure stakes there are less about uptime and more about data integrity. When deal teams are making acquisition decisions based on data you are responsible for, and when a due diligence process has a hard deadline that does not move regardless of what broke overnight, your relationship with reliability changes. A wrong number in an LP report does not cause an immediate incident. It causes a conversation in a partner meeting six weeks later, and by then you need to reconstruct what happened from imperfect records. I became obsessive about data provenance in PE and I have not stopped.

For the past several years I have been in asset management, supporting trading and investment operations infrastructure. This is the environment I find most technically interesting. The compliance requirements are demanding, the legacy systems have long institutional memories, and the tolerance for operational errors is genuinely low -- not just in terms of business impact, but in terms of regulatory consequence. When markets are open, there is no fixing it after the weekend.

I started Packet & Profit in January 2026 because I kept looking for the kind of writing I wanted to read and finding it mostly did not exist. There is a lot of content for engineers online. There is much less written by engineers working specifically inside regulated financial services firms, being honest about what that actually involves day to day. The compliance conversations, the legacy constraints, the incident management in front of stakeholders who measure downtime in dollars per minute. That is what I write about here.

Outside of work I have been running a Saturday morning robotics course at my local YMCA for kids aged 10 to 14. It is one of the better decisions I have made.

Certifications

Red Hat Certified Engineer (RHCE)
Certified Kubernetes Administrator (CKA)
AWS Solutions Architect -- Associate
CompTIA Security+
HashiCorp Vault Associate

My Stack

RHEL / Ubuntu
Kubernetes
OpenShift
Terraform
Ansible
Prometheus
Grafana
Python / Bash
AWS / Azure
Cisco / Palo Alto
PostgreSQL
Redis
HashiCorp Vault
Fluent Bit
Helm
ArgoCD

Career

2022 -- Present
Senior Systems Engineer, Asset Management -- Boston, MA
Leading infrastructure for trading operations and investment management systems. Responsibilities span network security, cloud migration strategy, Kubernetes platform engineering, and incident response. Deeply involved in T+1 settlement infrastructure work and the shift from overnight batch processing to near-real-time event-driven architecture.
2018 -- 2022
Systems Engineer, Private Equity -- Boston, MA
Built and maintained data infrastructure supporting deal teams, portfolio monitoring, and investor reporting. Managed infrastructure through multiple due diligence cycles with hard deadlines and high data integrity requirements. Led a major data platform migration from on-premises to cloud-hosted infrastructure, including security controls satisfying LP and regulatory requirements.
2015 -- 2018
Infrastructure Engineer, Retail Technology
Supported inventory management, real-time pricing, and supply chain integration systems across a high-SKU retail environment. Operated under peak load conditions where scale was a concrete engineering problem rather than an abstract one. Built out monitoring and alerting infrastructure from scratch and managed a full data center relocation.
2013 -- 2015
IT Engineer, Technology Sector
Established the professional fundamentals: data center operations, network infrastructure, endpoint management, and the on-call rotations that teach you more about system fragility than any textbook. Developed an appreciation for cable labeling that has never left me.

Get in Touch

If you are an engineer working in financial services, curious about the career path, or have a question about something I have written, I would genuinely like to hear from you. Use the and I will get back to you. If something here has been useful, a coffee is always appreciated.

A note on anonymity: I write under my own name but keep my current employer private. The financial services industry is small, the regulatory environment is real, and I want to write honestly without those constraints. All incidents and case studies on this site are anonymised. The technical content is real; identifying details are not.
Get in touch

Contact

Whether you are an engineer in financial services, have a question about something I have written, or just want to say hello - feel free to reach out. I read everything.

Powered by Resend · No spam, ever

Legal

Privacy Policy

Last updated: April 2026

This policy explains what information Packet & Profit collects when you visit this site, how it is used, and what choices you have.

Information We Collect

We do not require you to create an account or provide personal information to read this blog. The only personal information we collect is what you voluntarily submit through the contact form: your name, email address, and message. This information is transmitted via Resend and used solely to respond to your enquiry.

Google AdSense and Advertising

This site uses Google AdSense to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve ads based on your prior visits to this and other websites. This means Google may use information about your visits to this site to show you personalised ads on other sites across the web.

You can opt out of personalised advertising by visiting Google Ads Settings, aboutads.info, or optout.networkadvertising.org. See Google advertising policies for more.

Cookies

This site uses a single first-party cookie to remember your theme preference (light or dark mode). This cookie contains no personal information. Third-party cookies may be set by Google AdSense for advertising purposes as described above.

Analytics

This site does not currently use any analytics platform beyond what Vercel provides as part of its standard hosting service (aggregated, anonymised traffic data).

Contact Form

When you submit the contact form, your name, email address, subject, and message are transmitted to the blog author via Resend. This data is not stored by this site and is not shared with any third party beyond Resend. See Resend's privacy policy for details.

Third-Party Links

Posts on this site may link to external websites. We are not responsible for the privacy practices or content of those sites.

Your Rights

If you have submitted a message via the contact form and would like that information removed, or if you have any questions about this policy, please use the contact form to get in touch.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised.

Legal

Terms of Service

Last updated: April 2026

By accessing and using Packet & Profit (packetandprofit.com), you agree to be bound by these Terms of Service. If you do not agree, please do not use this site.

Use of Content

All written content, illustrations, and code examples published on this site are the original work of Michael Harlow unless otherwise stated. You are welcome to share links to posts and quote brief excerpts (with attribution), but you may not reproduce full articles, copy content to other websites, or use the content for commercial purposes without written permission.

No Professional Advice

Content published on this site reflects personal opinions and professional experience. It is provided for informational and educational purposes only. Nothing on this site constitutes financial, investment, legal, or professional advice of any kind. See the for more detail.

Third-Party Links

This site may contain links to third-party websites. These links are provided for convenience and do not constitute an endorsement of the linked site or its content. We have no control over and accept no responsibility for external sites.

Advertising

This site participates in Google AdSense, which displays advertisements from third-party advertisers. The presence of an advertisement does not constitute an endorsement of the advertiser's products or services. Ad content is determined by Google based on the content of this site and your browsing history.

Accuracy of Information

While we make every effort to ensure the accuracy of information published on this site, technology and financial markets change rapidly. Information that was accurate at the time of publication may become outdated. We do not warrant the completeness, accuracy, or timeliness of any content on this site.

Limitation of Liability

To the fullest extent permitted by law, Packet & Profit and its author shall not be liable for any direct, indirect, incidental, or consequential damages arising from your use of, or inability to use, this site or its content.

Changes to These Terms

We reserve the right to update these terms at any time. Continued use of the site following any changes constitutes your acceptance of the revised terms. The date at the top of this page reflects the most recent revision.

Contact

If you have questions about these terms, please use the .

Legal

Disclaimer

Last updated: April 2026

Packet & Profit is a personal blog written by Michael Harlow, a Systems Engineer based in Boston, MA. The views expressed here are entirely his own and do not represent those of any employer, client, or organisation he is affiliated with.

Not Financial or Investment Advice

This site discusses financial services technology, investment management infrastructure, and related engineering topics from a technical practitioner's perspective. Nothing published here is financial advice, investment advice, or a recommendation to buy, sell, or hold any security, asset, or financial instrument. The author is not a registered financial adviser, broker, or investment professional.

Content that references financial markets, trading systems, or investment firms is provided for technical and educational context only. Any figures, case studies, or examples are illustrative and should not be relied upon for financial decisions.

Not Legal or Professional Advice

Nothing on this site constitutes legal, compliance, regulatory, or professional advice. Readers should consult qualified professionals for advice specific to their circumstances.

Professional Experience

Posts on this site draw on the author's professional experience in systems engineering across private equity, retail technology, and asset management. Specific details about employers, clients, projects, and colleagues have been anonymised or generalised. Any resemblance to specific organisations is incidental.

Accuracy

The author makes reasonable efforts to ensure published information is accurate at the time of writing. The technology and financial services landscape changes quickly. Readers should verify any technical or regulatory information against current primary sources before acting on it.

Affiliate Links and Advertising

This site displays advertisements through Google AdSense. The site may also contain links to tools, services, or products that the author uses or finds useful. These are not paid endorsements unless explicitly stated. The author's opinions are his own and are not influenced by advertisers.

Questions

For questions about anything on this site, please use the .

This site uses cookies for theme preferences and displays ads via Google AdSense, which may use cookies to personalise ads.