Compliant Solutions for Lending Partners

Transforming Loan Processing Through an Event-Driven Architecture: A Case Study on Scalable, Compliant Solutions for Lending Partners

Overview

A customer required the ability to accept, validate, approve/reject, and fund loan applications for their third-party origination partners while retaining the flexibility and optionality to utilize the platform for future use cases. The customer’s foundational design principles were challenging; the platform needed to be designed for scale and API-centric while enhancing the customer’s current risk and compliance controls. These requirements were grounded in the context of the current regulatory landscape and the importance of maintaining accurate financial records. The platform needed to meet and exceed the customer’s current standards for compliance, traceability, and auditability for every loan processed as well as pass independent assessments, reviews, and validations from both the customer and external auditors.

To meet these demands, we implemented a distributed, event-driven architecture that ensures scalability, resilience, and domain-driven business logic enforcement. This system not only allows applications to be processed in accordance with credit policies but also provides a transparent and adaptable framework that evolves with changing business and regulatory needs.

Challenges

Lending applications must be evaluated against dynamic credit policies that dictate loan eligibility, APR thresholds, and rejection criteria. These policies naturally evolve over time due to regulatory changes, market conditions, and evolving agreements between banks and lending partners. The customer needed to ensure full traceability and auditability of the approval rules in place that evaluated every loan at the time of calculation while maintaining a change management and oversight structure that could quickly adapt to market conditions while ensuring compliance. The client evaluated several in-market platforms and determined that while many offered wide functionality, they were built for “resale” rather than tailored toward a client’s unique needs. They concluded that they needed a holistic solution, deeply integrated into their systems while meeting specific requirements. Through their discovery process, they uncovered a unique requirement: they could define all the requirements. This led to a critical realization—flexibility and iterative design were key requirements—they needed the capability to deliver for today’s problems but retain the flexibility to adapt to tomorrow’s opportunities.

Key Challenges Included:

- Dynamic Credit Policy Enforcement: Approval rules must be updated without requiring significant code changes, allowing business teams to modify policies without engineering intervention.

- Auditability & Compliance: Every loan must be traceable to the exact version of the credit policy used at the time of evaluation, ensuring regulatory compliance.

- Application Rejections: A system was needed to persist and categorize rejection reasons for audit purposes.

- Loan Disbursement Flexibility: The system needed to support multiple disbursement models (e.g., lump-sum vs. phased funding) and integrate seamlessly with payment rails like ACH, Wires, FedNow, Book Transfers, and RTP.

- Flexibility: The system needed to be adaptable so that it could serve as a foundation for future growth initiatives and support quick feature and functionality changes through an agile development cycle.

Solution

To address these challenges, we worked closely with the client’s technology and business teams to determine where they needed foundational rigidity and scale, and where they needed optionality and future flexibility. We conducted several discovery workshops with cross-functional teams to ensure that we had a clearly defined MVP use case, timeline, cost expectations, as well as well-defined key technical, business, compliance, and regulatory requirements. We established an agile meeting schedule with project stakeholders and a monthly meeting with the project’s executive sponsor.

Based on the discovery sessions, it became clear that the client’s key foundational requirements were rules-based flexibility with auditability while maintaining high standards for resiliency and scalability. We collaborated with the client’s technology team and third-party service providers to design an architecture that met these standards. This design was further validated by the client through an independent review before implementation.

The core architecture was built around a wide-scale distributed system leveraging NServiceBus, Domain-Driven Design (DDD), and Azure-based messaging patterns to create a resilient and scalable loan processing system.

The architecture utilized IaaS design principles to dynamically scale key microservices, minimizing costs while meeting client-defined capacity-based SLAs. To minimize overall design complexity while retaining future flexibility, we adopted a domain-driven design model. This approach allowed each key component to function independently. Each component interacts with others so that changes can be implemented quickly while lowering the overall risk of large-scale deployments. This design also aligned with the client’s requirement for optionality.

Monolithic, waterfall system design often means that adding material functionality requires significant scope changes. The domain-driven design approach enables the application to be constructed as modular components (like “legos”). Components can be reassembled or repurposed without major rewrites, allowing development to be split into manageable, cost-effective segments.

The system was centered around asynchronous event-driven messaging principles, enabling fault-tolerant, fully idempotent communication between services largely isolated from single points of failure. The design incorporated cloud-based regional resiliency along with multiple paths back to key client systems involved in decision-making or funding flows. Given the volume of loans processed using the platform, event handling was a critical focus area.

As platforms scale, event handling and transaction approvals become vital to ensure transaction uniqueness. The client had specific requirements for idempotency key management to address concerns about duplicate submissions or funding. We designed the eventing framework so that each message could be individually evaluated for uniqueness; duplicates could be detected and rejected with appropriate messaging and logging.

The final element of the solution design was identifying key components (“legos”) needed to build services consumed from the client or their partners. To simplify the evaluation and review process of what would ultimately be a complex technical diagram, we laid out a "create/consume" model. This high-level design allowed discussions about “what” and “how” with less technical stakeholders while being intentional about understanding “who.” We aimed to “create” where possible to help the client differentiate while “consuming” existing services whenever feasible. This approach minimized costs and reduced timelines while allowing for enhanced functionality in the MVP by leveraging existing services.

How the System Works (Event-Driven Workflow Example)

Each phase of loan processing operates as an independent service communicating via commands and events over Azure Service Bus:

1. Loan Submission

- A customer submits a loan request with the SubmitLoan command.

- The Loan Application Service stores the request and publishes a LoanSubmitted event.

2. Loan Validation

- The Loan Validation Service listens for LoanSubmitted.

- It evaluates the request based on fraud detection, credit score checks, and regulatory rules.

- If valid, it publishes a LoanValidated event; if not valid, it publishes a LoanRejected event.

3. Approval Engine

- The Loan Decision Service determines approval status based on dynamic business rules.

- It publishes either LoanApproved or LoanRejected event.

4. Loan Funding

- The Loan Funding Service listens for a LoanApproved event and processes payments using payment rails (ACH, Wires, FedNow, RTP).

5. Customer Notifications & Auditing

- The Customer Notification Service (Webhook) ensures real-time updates to partners and customers.

- The Audit Logging Service maintains immutable records for compliance.

By using configurable rules engines, approval criteria can evolve without requiring code changes. Each loan application is tagged with the versioned credit policy, ensuring full auditability.

Additionally, loan disbursement was implemented as a modular service allowing flexible funding mechanisms that adapt to partner-specific payment rails. This approach reduced complexity and allowed seamless batch processing when required.

Why This Approach?

This event-driven design ensures:

- Reliability: No single point of failure in the loan approval pipeline.

- Scalability: Capable of handling high-volume partner transactions.

- Extensibility: New business rules and payment methods can be integrated without rewriting core services.

Outcome

The Lending-as-a-Service system has transformed how the bank integrates with its lending partners. By standardizing approval and funding rules at the API level, the system ensures that loan applications from any partner are processed consistently and securely.

Key Benefits:

- Seamless Partner Integration: Lending partners receive real-time updates on approval and funding events, enabling faster decision-making.

- Scalable Loan Processing: The asynchronous event-driven model allows the system to scale without bottlenecks.

- Regulatory Compliance & Auditability: Every decision is tied to a versioned ruleset, simplifying audits and compliance inquiries.

- Increased Business Agility: Approval rules can be modified dynamically without requiring engineering changes, reducing operational overhead.

Technologies Used

- C#

- .NET 8

- NServiceBus

- Entity Framework

- Docker

- Azure Services:- Service Bus

- Container Apps

- App Services

- Application Insights

- API Management

- App Configuration

- Key Vault