Visualizing AI Governance: Why We Built a Modern CALM Tool
Learn how Tetrate's new CALM visualization tool transforms AI governance frameworks into implementable, enforceable architectures—making compliance visual, automated, and scalable for regulated industries.
Tetrate 
If you’re a CISO or AI lead in financial services, you’ve probably experienced the same frustration: everyone wants AI governance frameworks, but translating those frameworks into actual, implementable architectures feels like trying to build IKEA furniture without the pictures.
That’s the problem we set out to solve when we built a new visualization tool for FINOS CALM (Common Architecture Language Model). But this isn’t just about prettier diagrams—it’s about making AI governance something you can actually operationalize at scale.
The AI Governance Translation Problem
Here’s the challenge we keep seeing: the FINOS AI Governance Framework provides excellent guidance on the 15 critical risks and controls for AI systems in regulated environments. Organizations can read it, understand it, even agree with it. But then what?
How do you translate “implement robust data lineage tracking” or “establish model versioning controls” into concrete architectural patterns that your teams can actually follow? How do you ensure that when engineering builds an AI system, it inherently includes the controls you need for compliance? And critically, how do you validate that what gets deployed actually matches what you approved?
This isn’t a hypothetical problem. We’ve watched organizations struggle with it firsthand. Governance teams create detailed control frameworks. Architecture teams design reference architectures. Engineering teams build systems. But these three artifacts often live in completely different worlds—Word documents, PowerPoint slides, and production code that may or may not resemble either.
Why CALM Changes the Game
This is where FINOS CALM becomes transformative. CALM lets you define architectures in a standardized, machine-readable format. Instead of static diagrams that become outdated the moment they’re drawn, you’re working with architecture as code—versioned, validated, and enforceable.
For AI governance specifically, this means you can:
Create reference architectures with built-in controls: Define architectural patterns that embed the FINOS AI Governance Framework controls directly into the structure. Your reference architecture for an LLM-based trading advisor doesn’t just show components—it encodes which data classification controls apply, where model versioning happens, how audit logging flows, and which guardrails gate each decision point.
Validate implementations against approved patterns: When teams build AI systems, CALM can automatically validate that their architecture conforms to your approved reference architecture. This isn’t a manual review process—it’s automated checking that happens in your CI/CD pipeline. If a system is missing required controls or deviating from approved patterns, you know immediately.
Maintain a single source of truth: Your governance framework, your architectural standards, and your actual implementations all speak the same language. When regulations change or you discover new risks, you update the reference architecture once, and all future implementations inherit those controls.
The Visualization Gap
As we built reference architectures for AI systems using CALM, we realized something: the existing visualization tool wasn’t keeping pace with what CALM could do. We needed to demonstrate these complex, layered architectures—showing how controls map to components, how data flows through systems, how different patterns compose—but the tooling felt like it was from a different era of web design.
More importantly, our financial services users often work in restricted environments. They can’t always rely on external web services or cloud-based visualization tools. They need something that runs offline, with minimal setup, and no dependencies on services they don’t control.
So we built a new one from scratch.
What Makes This Different
We used modern web technologies—TypeScript, React, Vite—to create a visualization tool that fully displays CALM blueprints in a clean, intuitive interface. It runs completely offline. There’s minimal setup. You can visualize even complex, multi-layered architectures instantly, which makes them dramatically easier to understand and update.
But here’s what matters for AI governance: when you’re reviewing a proposed AI system architecture, you can now see at a glance whether it implements the controls you require. When you’re explaining to auditors how you enforce data classification, you can show them the actual architectural pattern with controls highlighted. When you’re onboarding a new engineering team, they can visualize exactly what a compliant AI architecture looks like for your organization.
A Milestone for CALM
We’re proud that Tetrate is the first company outside of Morgan Stanley to contribute code to the CALM project. Morgan Stanley created CALM to solve their own architectural governance challenges—it powers over 1,400 deployments in their environment. By contributing our visualization tool back to the community, we’re helping make CALM more accessible to the broader financial services industry and beyond.
This matters because AI governance frameworks only work if people actually use them. And people will only use them if there’s a clear, practical path from framework to implementation. CALM provides that path. Our visualization tool makes it visible.
The Bigger Picture
At Tetrate, we’re focused on AI governance because we see the same pattern everywhere in regulated industries: enormous appetite for AI, matched by equally enormous anxiety about governance. CISOs and AI leads are stuck between competitive pressure to move fast and regulatory pressure to move carefully.
The solution isn’t to choose speed or safety—it’s to make safety architectural. When your reference architectures encode governance controls, when validation happens automatically, when teams can visualize exactly what compliant looks like, you stop trading off speed against safety. You build them both into the foundation.
That’s what architecture as code enables. That’s why we’re contributing to CALM. And that’s why visualization matters—because you can’t govern what you can’t see.
CALM is becoming the industry standard for describing software architectures in a structured, enforceable way. As AI systems become more complex and regulations become more demanding, having a common language for architectural governance isn’t just nice to have—it’s essential. We’re excited to be part of making that language more accessible, more visual, and more practical for the organizations that need it most.
Interested in learning more about how Tetrate approaches AI governance at the infrastructure level? Learn more about Tetrate Agent Router Service or contact us to discuss your AI governance challenges. Follow us on LinkedIn for the latest updates and best practices.
Tetrate 
