top of page
Search

Digital Lending Modernization

  • Writer: Anand Nerurkar
    Anand Nerurkar
  • Aug 2
  • 4 min read

1. Layered Text Architecture Diagram

(Persona → API → Microservices → Data → Hybrid → SEBI)

[ Personas ]

Investor (Loan Applicant)

Distributor (Bulk Loan Initiator)

Operations (Compliance & Monitoring)


|

v

[ Presentation & API Layer ]

- Angular Loan Portal (Public Subnet, Azure CDN + Front Door)

- API Management (APIM) – OAuth2/JWT, throttling, versioning

- Azure AD B2C (Investor) / Azure AD MFA (Ops & Distributor)


|

v

[ Microservices Layer (AKS + Istio) ]

- Loan Origination MS (Create Loan, Capture Details)

- KYC MS (Real-time KYC via RTA API, fallback batch via ADF)

- Credit Scoring MS (Credit bureau integration via APIM)

- Loan Evaluation MS (Eligibility rules, risk scoring)

- Agreement MS (DocuSign, PDF generation, archival)

- Disbursement MS (Payment gateway integration)

- Notification MS (Email/SMS updates via Event Grid/SendGrid)

- Compliance MS (SEBI/RBI reporting, data export to ADF)

- Reconciliation MS (Cloud vs Legacy sync checks)


|

v

[ Data Layer ]

- Azure SQL Managed Instance (System of Record)

- Cosmos DB (Real-time loan portfolio, multi-region writes)

- Redis Cache (Session + hot data caching)


|

v

[ Hybrid Integration Layer ]

- ExpressRoute / VPN Gateway (Private connectivity to legacy loan system)

- Linked Servers / CDC (SQL MI ↔ On-prem SQL)

- Azure Data Factory (Nightly batch sync + RTA/credit fallback)


|

v

[ Compliance & SEBI Layer ]

- Compliance MS → ADF pipelines → SEBI SFTP/REST endpoints

- Blob Storage WORM (Immutable storage for 7+ years)

- Log Analytics (Audit trail for compliance events)


2. Microservices Mapping with DDD Responsibilities & Azure Components

Domain-Driven Design (DDD) Bounded Contexts:

Loan Origination Microservice

  • Responsibilities:

    • Create loan application

    • Capture borrower details & documents

    • Validate basic eligibility

  • Azure Components:

    • AKS (Java Spring Boot service)

    • APIM (expose REST APIs)

    • Azure SQL MI (persist applications)

    • Service Bus Topic (loan_created event)

KYC Microservice

  • Responsibilities:

    • Integrate with RTA APIs for KYC validation

    • Fallback batch KYC via ADF (SFTP files)

  • Azure Components:

    • AKS (service) + APIM (API security)

    • ADF (batch pipeline)

    • Key Vault (store API keys for RTA)

    • Service Bus Topic (kyc_completed event)

Credit Scoring Microservice

  • Responsibilities:

    • Fetch credit score from bureaus (CIBIL/Experian)

    • Apply credit models for risk assessment

  • Azure Components:

    • AKS + APIM

    • Service Bus eventing

    • SQL MI (store credit score)

Loan Evaluation Microservice

  • Responsibilities:

    • Aggregate KYC + credit score + legacy exposure

    • Compute final loan eligibility & approval

  • Azure Components:

    • AKS (Java microservice)

    • Linked Server (read legacy exposure)

    • SQL MI (store decision)

Agreement Microservice

  • Responsibilities:

    • Generate loan agreement (PDF)

    • Integrate with DocuSign for e-signature

    • Archive signed agreements

  • Azure Components:

    • Blob Storage (PDF archival, WORM mode)

    • APIM (DocuSign API)

Disbursement Microservice

  • Responsibilities:

    • Call payment gateway / core banking API

    • Update disbursement status in SQL MI & legacy

  • Azure Components:

    • AKS + APIM

    • SQL MI (transaction log)

    • Service Bus (loan_disbursed event)

Notification Microservice

  • Responsibilities:

    • Send SMS/email notifications for status updates

  • Azure Components:

    • Event Grid (trigger notifications)

    • SendGrid (email) / Twilio (SMS)

Compliance Microservice

  • Responsibilities:

    • Generate SEBI/RBI compliance reports (loan portfolios, NPAs)

    • Trigger exports via ADF pipelines

  • Azure Components:

    • AKS service

    • ADF (report delivery to SEBI endpoint)

    • Blob WORM (immutable archive)

Reconciliation Microservice

  • Responsibilities:

    • Compare cloud SQL MI vs legacy SQL

    • Flag mismatches for Ops review

  • Azure Components:

    • AKS

    • Linked Server + ADF (data sync)

    • Log Analytics (discrepancy logging)

3. Combined Text Version Sequence Diagram

(Loan Application → Disbursement with Hybrid + SEBI touchpoints)

Investor → Angular App → APIM → Loan Origination MS

| (JWT Auth via Azure AD B2C)

| Save to SQL MI, Emit `loan_created` event → Service Bus

|

KYC MS (Subscribes) → Call RTA API via APIM

| (If fail → fallback ADF batch)

| Update SQL MI, Emit `kyc_completed`


Credit Scoring MS (Triggered) → Call Credit Bureau via APIM

| Update SQL MI, Emit `credit_score_ready`


Loan Evaluation MS (Triggered) → Fetch data:

| - SQL MI (Loan & credit data)

| - Linked Server (Legacy exposure)

| Compute eligibility → Update SQL MI, Emit `loan_decision_made`


Agreement MS → Generate agreement (Blob WORM) → DocuSign API (APIM)

| Emit `agreement_signed`


Disbursement MS → Call Payment Gateway via APIM

| Update SQL MI + Legacy via Linked Server

| Emit `loan_disbursed` event


Notification MS → Send SMS/Email (Event Grid → SendGrid/Twilio)


Compliance MS (Scheduled) → Generate SEBI report

| ADF pipeline → SEBI endpoint (SFTP/REST)

| Archive report to Blob WORM

| Log event to Log Analytics (audit trail)


Ops Dashboard → Real-time view (Cosmos DB) + Reconciliation (Legacy vs Cloud)


4. Risk Matrix (Top 20 Risks)

#

Risk Category

Risk Description

Impact

Mitigation

1

Business

Data inconsistency cloud vs legacy

Wrong loan decisions

Dual-write + CDC + reconciliation dashboards

2

Business

Delayed compliance reporting

Regulatory penalties

Automated ADF pipelines, Blob WORM archive

3

Technology

Latency in hybrid connectivity

Slower loan approvals

ExpressRoute, Redis cache legacy data

4

Technology

Event Bus overload

Message loss

Service Bus partitioning, DLQs, autoscaling

5

Technology

SQL MI performance degradation

Slower queries

Index tuning, elastic pools, query store

6

Technology

Cosmos DB RU throttling

API failures

Autoscale RUs, partitioning strategy

7

Technology

AKS node failure

Service downtime

Node pools + autoscaler, multi-region setup

8

Security

PII data leakage

Regulatory breach

TDE, Always Encrypted, Key Vault secrets

9

Security

API DDoS attack

Service outage

APIM rate limiting, Front Door WAF

10

Security

Unauthorized hybrid access

Data breach

Private Endpoints, NSGs, RBAC

11

Compliance

Failure to meet SEBI retention

Legal non-compliance

Blob WORM, Azure Policy enforcement

12

Compliance

Missing audit trails

Audit failures

Log Analytics central logging

13

Operational

Deployment misconfigurations

Production outages

Blue-green/canary deployments via Istio

14

Operational

Monitoring blind spots

Delayed incident response

Unified Azure Monitor dashboards

15

Operational

Skill gaps in cloud adoption

Delivery delays

Training, paired ops, runbooks

16

Operational

Cost overruns

Budget breaches

FinOps, autoscale policies, reserved instances

17

DR/HA

Region-wide failure

Platform outage

Traffic Manager failover, multi-region DB

18

DR/HA

Data loss in failover

Financial loss

Cosmos multi-write, SQL MI failover groups

19

Integration

Credit bureau/RTA API downtime

Loan approval delays

Circuit breaker + ADF batch fallback

20

Performance

High traffic spikes

SLA violations

AKS autoscale, Redis hot caching, Cosmos scale-out


 
 
 

Recent Posts

See All
EA Day to Day Activity

🔹 Typical Day-to-Day Activities (Enterprise Architect – Digital Lending Program) 1. Start of Day – Communication & Prioritization Read &...

 
 
 

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
  • Facebook
  • Twitter
  • LinkedIn

©2024 by AeeroTech. Proudly created with Wix.com

bottom of page