.png)
EA in Loan processing System
- Anand Nerurkar
- May 10
- 12 min read
š¦ Enterprise Architect Role in Loan Processing System Modernization
(Microservices + Azure Cloud)
š§ 1. Preliminary Phase: Vision and Assessment
Responsibility | Description |
Understand Business Drivers | Align with business on goals: faster loan approvals, real-time decisioning, compliance, fraud prevention, multi-channel integration. |
Assess Legacy System | Analyze existing loan modules (monolith or vendor-driven), integrations (CBS, LOS, LMS), bottlenecks (manual processing, batch jobs). |
Stakeholder Mapping | Identify key stakeholders: credit risk, operations, underwriting, compliance, IT, InfoSec, customer service. |
Define Modernization Vision | "Deliver a modular, scalable, API-first loan platform leveraging event-driven microservices on Azure for agility and resilience." |
Baseline Capability Map | Core capabilities: Application Intake, KYC, Credit Score, Risk Evaluation, Agreement Generation, Disbursement, Fraud Detection. |
š 2. Initiation Phase: Strategy and Roadmap
Responsibility | Description |
Define Modernization Roadmap | Break down delivery: KYC & Intake ā Risk & Scoring ā Agreements ā Disbursement ā Analytics. |
Prioritize Quick Wins | Start with services like Credit Score, KYC that are loosely coupled. |
SaaS & Cloud Strategy | Azure-first, containerized deployment via AKS, with support for active-active setup across regions. |
Target KPIs | Approval TAT < 1hr, Uptime > 99.9%, Fraud detection latency < 5s, NPA prediction > 90% accuracy. |
š 3. Planning Phase: Architecture Blueprint and Standards
Responsibility | Description |
Microservices Decomposition | Services: LoanIntakeService, KYCService, CreditScoreService, LoanEvaluationService, AgreementService, DisbursementService, FraudService, NotificationService. |
Event-Driven Architecture | Use Kafka on Azure (via Confluent or HDInsight) for decoupled event processing across stages. |
Service Registry & API Gateway | Use Spring Cloud Gateway + Azure API Management (APIM). |
Tenancy & Multi-Channel Strategy | APIs to support digital, branch, call center channels. |
Database Strategy | Azure SQL + CosmosDB per service with CQRS where needed. |
Security | Azure AD, RBAC/ABAC, OAuth2, Key Vault, network security groups (NSGs), VNet injection for AKS. |
DevSecOps | GitHub Actions / Azure DevOps, security gates (Snyk, Trivy), IaC via Bicep/Terraform, DAST/SAST scanning. |
Schema Management | Flyway/Liquibase integrated into CI pipelines for each service. |
š ļø 4. Execution Phase: Delivery Enablement
Responsibility | Description |
Solution Design Reviews | Evaluate each serviceās HLD/LLD for consistency, scalability, data handling. |
Integration Flow Realization | Example: KYC completion ā triggers Credit Score event ā feeds Loan Evaluation ā results go to Agreement & Notification. |
Observability Stack | Logs via ELK, metrics via Prometheus/Grafana, traces via Jaeger/Zipkin, alerts into Azure Monitor. |
AKS Deployment Strategy | Dev ā UAT ā Staging ā Prod via blue-green or canary releases. |
CI/CD Orchestration | Build, scan, test, deploy microservices individually with rollback support. |
š 5. Governance, Risk, and Compliance
Responsibility | Description |
Architecture Governance | Review cloud cost estimates, Azure services compliance (e.g., data at rest, encryption standards). |
Loan Process Flow Governance | Approval SLAs, decision matrices, audit logging of changes and status per loan stage. |
Compliance Adherence | RBI, SEBI, and internal audit needs mapped to service logs, user actions, and encryption mandates. |
Risk Registry | Maintain RAID log with mitigation (e.g., fallback to manual for scoring service failure, replay mechanism for Kafka). |
š 6. Standards, Guidelines & Principles
Area | Examples |
Design Standards | 12-factor apps, domain-driven design, interface segregation, API versioning. |
Data Handling | PII masking, tenant-level encryption, real-time backup, audit logs. |
API Practices | Use Swagger/OpenAPI, consumer contract testing (Pact), standard HTTP status codes. |
Microservices Resilience | Retry, timeout, bulkhead, circuit breaker using Resilience4j. |
DevSecOps Guidelines | Include unit, integration, contract, performance tests in CI; use OWASP ZAP or Burp Suite in CD. |
SRE Readiness | Define SLAs, SLOs, SLIs per service; budget for error rate and latency SLIs. |
š Sample Architecture Flow
UserĀ submits loan application from mobile app ā
LoanIntakeServiceĀ receives request ā emits event to Kafka loan.initiatedĀ ā
KYCServiceĀ consumes, validates KYC, emits kyc.verifiedĀ ā
CreditScoreServiceĀ fetches score from CIBIL, emits credit.scoredĀ ā
LoanEvaluationServiceĀ makes decision ā emits loan.approvedĀ or loan.rejectedĀ ā
AgreementServiceĀ generates agreement ā
DisbursementServiceĀ transfers funds ā
NotificationServiceĀ alerts customer via email/SMS ā
DashboardServiceĀ (WebSocket + Kafka consumer) updates Ops dashboard in real-time.
ā Expected Outcomes of EA Involvement
Value Delivered | Outcome |
Faster Loan Approvals | Reduced TAT from 24 hrs ā <1 hr |
Improved Observability | Real-time monitoring of each loan stage |
Tenant Scalability | New branches/banks onboarded in hours |
Reduced Downtime | Active-active DR setup with zero data loss |
Audit & Regulatory Compliance | Logs, encryption, and SLAs for every step |
ā Top 50 Business Outcomes ā LPIs ā Risks Table
# | Business Outcome | Linked Performance Indicators (LPIs) | Category | Risk | Priority | Owner | Mitigation Plan |
1 | Reduce loan approval time to < 2 hours | Avg. processing time | Process | Manual review bottlenecks | High | Ops Head | Automate approvals with rule engines |
2 | Increase KYC accuracy to 99% | KYC match score | Technology | Poor OCR performance | High | Tech Lead | Improve OCR model, fallback to manual KYC |
3 | Reduce fraud by 95% | # Fraudulent transactions caught | Security | Unusual pattern detection lag | Critical | CISO | Integrate ML fraud detection, Kafka alerting |
4 | Improve system uptime to 99.99% | Uptime %, MTTR | Infra | AKS node failure | Critical | Infra Lead | Auto-scale, zonal clusters, probes |
5 | Comply with RBI & SEBI data regulations | Audit logs, Compliance score | Compliance | Missing logs or encryption gaps | Critical | Compliance Officer | Central logging, encryption via Azure Key Vault |
6 | Seamless onboarding experience | Drop-off rate | UX/Process | Multi-step forms fatigue | Medium | Product Owner | Simplify UI, progressive onboarding |
7 | Improve credit risk scoring | Credit score variance | Business | Inaccurate external credit feeds | High | Risk Officer | Retry logic, caching, secondary scoring models |
8 | Enable real-time dashboards | Dashboard refresh rate | Technology | Websocket disconnects | High | Frontend Lead | Heartbeat monitoring, reconnect logic |
9 | Reduce deployment rollback rate | # Rollbacks / month | DevOps | Poor canary validation | High | DevOps Manager | Implement blue/green + Istio traffic shifting |
10 | Increase multi-tenant adoption | # Active tenants | Business | Tenant-specific config issues | Medium | SaaS Ops | Use config server, tenant registry |
11 | Deliver 100% auditability | % Events audited | Governance | Missing Kafka events | High | Governance Lead | Kafka topic versioning, DLQ handling |
12 | Protect PII data at rest | Encryption compliance % | Security | Blob data not encrypted | Critical | Security Engineer | Enforce KeyVault-backed storage accounts |
13 | Improve approval conversion rate | Loan approval % | Business | High rejection due to manual error | High | Ops Lead | Rule-based filtering, feedback loops |
14 | Decrease operational cost by 20% | Monthly infra cost | Infra | Over-provisioned AKS nodes | Medium | Infra Lead | Azure AutoScaler, rightsizing |
15 | Improve SLA compliance to 98% | SLA adherence % | Operations | Unpredictable Kafka lag | High | Platform Lead | Monitor partitions, rebalance, scale consumer group |
16 | Maintain 100% disaster recovery readiness | DR drills passed | Infra | Region outage | Critical | Infra Manager | Geo-redundant Kafka, backup cluster |
17 | Increase observability coverage to 100% | Service health coverage | Technology | Missing traces/logs | High | SRE | Use OpenTelemetry, ELK, Prometheus |
18 | Scale to 1M concurrent users | Peak concurrent user count | Infra | AKS ingress overload | Critical | Cloud Architect | Azure Front Door + App Gateway autoscale |
19 | Reduce customer support tickets | # Support tickets | People | Misaligned FAQ and UX | Medium | CX Lead | In-app help, NLP chatbot |
20 | Reduce loan default rate | NPA ratio | Business | Weak eligibility model | High | Risk Manager | Retrain model monthly, use multi-agent scoring |
21 | 100% real-time status updates | Push notification delivery % | Technology | Kafka/Websocket disconnections | High | Messaging Engineer | Kafka retention tuning + WS auto-reconnect |
22 | Ensure clean CI/CD pipeline | Build pass %, Deployment duration | DevOps | Broken builds, slow pipelines | Medium | DevOps Lead | Azure DevOps YAML pipelines, gates |
23 | Improve audit resolution time | Avg. audit response duration | Governance | Disconnected audit trails | High | Compliance Lead | Correlation ID across all events |
24 | Secure APIs with OAuth + Azure AD | API access control % | Security | Token leak / insecure API | Critical | Security Lead | OAuth2.0, scopes, throttling |
25 | Improve agent productivity | Avg. case closure time | People | Poor dashboard performance | Medium | Ops Manager | Angular lazy loading, backend pagination |
26 | Detect loan fraud proactively | # Proactive flags | Security | Delayed Kafka fraud alerts | Critical | AI/ML Lead | Use stream processor w/ alert threshold |
27 | Ensure tenant isolation | % tenant boundary checks passed | Tech/Infra | Shared DB/table access | Critical | Platform Architect | Multi-schema design or schema-per-tenant |
28 | Improve LTV (Lifetime Value) | Avg. revenue / customer | Business | Lack of upsell mechanisms | Medium | Product Manager | Recommendation engine |
29 | Reduce code defects in prod | Bug rate | Tech | Lack of contract testing | High | QA Lead | Pact contract tests, TestContainers |
30 | Maintain data lineage for all entities | % Entities traceable | Governance | Data transformations untracked | High | Data Steward | Use metadata service, data catalogs |
31 | Compliance with SEBI circulars | Circular implementation % | Compliance | Late awareness of new rules | High | Regulatory Officer | Monthly compliance board + alerts |
32 | Accurate daily loan disbursement reports | Report accuracy | Process | Delayed data aggregation | High | Reporting Lead | Kafka + OLAP-based near real-time analytics |
33 | Achieve SSO across all apps | SSO success rate | People | Incorrect Azure AD configuration | Medium | IAM Admin | Proper scope mapping, app registration |
34 | Enable active-active deployment | DR % Sync | Infra | Config mismatch across regions | High | Infra Engineer | Use centralized config, blue/green deploy |
35 | Improve recovery from failure | MTTR | Ops | No auto-heal for Kafka lag | High | SRE | Kafka lag monitor, Istio retry logic |
36 | Ensure test coverage > 85% | Code coverage % | Tech | Unstable tests in CI | Medium | QA Lead | Enforce coverage gates, parallel test runners |
37 | Deliver zero-downtime deployments | Downtime minutes | DevOps | Long DB migration time | High | DB Admin | Flyway/Liquibase + phased rollout |
38 | Ensure GDPR compliance | PII access audit score | Compliance | Untracked user data deletion | Critical | DPO | Data access logs, purge scripts |
39 | Increase partner integration | # APIs consumed by partners | Business | Unstable partner APIs | Medium | Partner Manager | SLA contracts, fallback retries |
40 | Secure Kafka with RBAC and TLS | Auth coverage | Security | Unencrypted internal traffic | High | Kafka Admin | mTLS on Kafka brokers, ACLs |
41 | Track all user behavior | Event coverage | Analytics | Missing UI interaction events | Medium | Analytics Lead | Add event tracking hooks |
42 | Reduce app load time < 2s | Page load time | UX | Slow backend APIs | High | Frontend Lead | Cache layer, backend profiling |
43 | Onboard new tenants in < 1 week | Avg. onboarding time | Business | Manual steps in tenant setup | Medium | SaaS Ops | Tenant provisioning pipeline |
44 | Maintain consistent naming conventions | Conformance % | Governance | Teams diverging on standards | Medium | Arch Lead | Coding guideline document, PR checks |
45 | Prevent underage loan applications | Invalid app % | Process | No DOB validation | High | Product Owner | Strict schema + UI + API validations |
46 | Sync UI and backend deployments | Deployment sync % | Tech | UI version mismatch | Medium | DevOps | Version pinning, API versioning |
47 | Avoid credit bureau throttling | # Failures from bureaus | External | Rate limits exceeded | High | External API Manager | Circuit breakers, backoff logic |
48 | Maintain data freshness in dashboard | Staleness window (sec) | Technology | Kafka lag in reporting topic | High | Analytics | Kafka topic TTL tuning |
49 | Enable automated interest recalculations | Calc accuracy % | Finance | Stale interest rates | High | Finance Product Lead | Rate sync scheduler |
50 | Ensure loan document e-signature completion | E-sign success rate | Legal | Email delivery issues | Medium | Legal Tech | SMS fallback, DocuSign webhook retry |
š Event-Driven Architecture with Kafka:
Event Trigger | Microservice | Action |
User submits loan application | LoanIntakeService | Publishes loan.initiatedĀ event to Kafka |
loan.initiated | KYCService | Performs customer KYC ā emits kyc.verified |
kyc.verified | CreditScoreService | Fetches CIBIL/Experian score ā emits credit.scored |
credit.scored | LoanEvaluationService | Evaluates loan eligibility ā emits loan.evaluatedĀ (approved/rejected) |
loan.evaluatedĀ (if approved) | AgreementService | Generates digital agreement and stores |
loan.evaluatedĀ (if rejected) | NotificationService | Sends rejection notice |
agreement.generated | DisbursementService | Initiates disbursement ā emits loan.disbursed |
Any major event | DashboardService | Subscribes to Kafka topics ā pushes updates via WebSocket to UI |
All services | Kafka Topics (e.g. kyc.verified, credit.scored, loan.evaluated) | Used for audit, analytics, and retry mechanisms |
š Kafka Topics Example
bashCopyEdit
loan.initiated ā kyc.verified ā credit.scored ā loan.evaluated ā agreement.generated ā loan.disbursed
š§ Why This Matters
ā Loose couplingĀ of services
ā Enables asynchronous processing
ā Supports real-time updatesĀ to dashboards
ā Improves resilienceĀ via message replay in case of failure
š Loan Processing System ā Event-Driven Sequence Flow (Text Version)
1. LoanIntakeService
Action: User submits a loan application via REST API or frontend.
Operation: Validates application, stores initial loan request.
Kafka Output: Publishes loan.initiatedĀ event with applicant details and loan metadata.
2. KYCService
Trigger: Subscribes to loan.initiatedĀ topic.
Action: Performs customer KYC (Aadhaar/PAN validation, document OCR, fraud checks).
Operation: If successful, updates customer profile.
Kafka Output: Publishes kyc.verifiedĀ event.
3. CreditScoreService
Trigger: Subscribes to kyc.verifiedĀ topic.
Action: Invokes third-party APIs (like CIBIL or Experian) to fetch credit score.
Operation: Stores score with metadata.
Kafka Output: Publishes credit.scoredĀ event (includes score, status).
4. LoanEvaluationService
Trigger: Subscribes to credit.scoredĀ topic.
Action: Applies business rules or ML model to evaluate loan eligibility.
Outcome:
If approved ā emits loan.evaluatedĀ event with status approved.
If rejected ā emits loan.evaluatedĀ event with status rejected.
5. LoanAgreementService
Trigger: Subscribes to loan.evaluatedĀ topic where status = approved.
Action: Generates digital loan agreement (PDF, e-sign integration).
Kafka Output: Publishes agreement.generatedĀ event.
6. LoanDisbursementService
Trigger: Subscribes to agreement.generatedĀ topic.
Action: Triggers disbursement via core banking or payment gateway APIs.
Kafka Output: Publishes loan.disbursedĀ event.
7. NotificationService
Trigger:
loan.evaluatedĀ where status = rejectedĀ ā send rejection SMS/email.
loan.disbursedĀ ā send confirmation with disbursement info.
Action: Publishes alerts to customers via email/SMS.
8. DashboardService (WebSocket Integration)
Trigger: Subscribes to all major Kafka events (loan.initiated, kyc.verified, credit.scored, etc.)
Action: Pushes real-time status updates to frontend (React or Angular) via WebSocket.
Outcome: Real-time customer dashboard or internal ops dashboard.
9. AuditService
Trigger: Subscribes to all Kafka topics (CDC style).
Action: Persists an immutable event log (event sourcing) for auditing, analytics, and reporting.
10. FraudDetectionService (Optional)
Trigger: Subscribes to kyc.verified, credit.scored, loan.evaluated.
Action: Runs anomaly detection (velocity checks, geo pattern detection).
Outcome: May emit fraud.alertedĀ ā halt disbursement pipeline.
š Kafka Topic Flow
markdownloan.initiated
āāā¶ kyc.verified
āāā¶ credit.scored
āāā¶ loan.evaluated
āāā¶ agreement.generated
ā āāā¶ loan.disbursed
āāā¶ notification (if rejected)
š§ Summary
Microservice | Trigger Event | Emits Event | Key Role |
LoanIntakeService | User action | loan.initiated | Accepts and initiates loan application |
KYCService | loan.initiated | kyc.verified | Validates identity/KYC |
CreditScoreService | kyc.verified | credit.scored | Retrieves credit score |
LoanEvaluationService | credit.scored | loan.evaluated | Approves or rejects loan |
LoanAgreementService | loan.evaluated=approved | agreement.generated | Prepares digital loan agreement |
LoanDisbursementService | agreement.generated | loan.disbursed | Transfers money to customer |
NotificationService | loan.evaluated/rejected, loan.disbursed | - | Sends updates to customers |
DashboardService | All above | WebSocket push | Shows real-time UI status updates |
AuditService | All above | - | Maintains immutable event logs |
šļø Architecture Overview
Microservices:
LoanIntakeService: Handles loan applications.
KYCService: Performs Know Your Customer verification.
CreditScoreService: Retrieves credit scores from external agencies.
LoanEvaluationService: Evaluates loan eligibility.
LoanAgreementService: Generates loan agreements.
LoanDisbursementService: Manages fund disbursement.
NotificationService: Sends notifications to users.
DashboardService: Provides real-time updates to the frontend via WebSockets.
Communication Flow:
Services communicate asynchronously through Kafka topics.
DashboardServiceĀ consumes relevant Kafka topics and pushes updates to the frontend using WebSockets.
ā Full-Scale Banking SaaS Loan Processing Architecture on Azure (Enterprise-Ready)
š 1. Authentication & Authorization: Azure Active Directory (Azure AD)
FrontendĀ (Angular) integrates with MSAL (Microsoft Authentication Library)Ā for SSO login.
Spring Boot microservicesĀ use OAuth2 with Azure AD for token verification and role-based access control.
AAD Roles: Customer, LoanOfficer, Underwriter, Admin, mapped to endpoints via @PreAuthorize.
Security Layer:
OAuth2.0 JWT tokens from Azure AD
Access control using Spring Security
Role-based dashboards and APIs
š 2. Network & Infrastructure
š§ Azure Virtual Network (VNet)
Public Subnet: For Angular UI, API Gateway, Load Balancer
Private Subnet: For AKS, Azure SQL, Kafka, NoSQL, internal services
š Multi-Region HA (High Availability)
Active-ActiveĀ setup in East IndiaĀ and South IndiaĀ Azure regions
Multi-AZ AKS clusters in each region
Kafka MirrorMaker for replication across regions
Azure Front Door or Azure Traffic Manager to route traffic
š DR & Replication
Azure Site Recovery for RTO/RPO objectives
AKS backup via VeleroĀ or Azure Backup
Cosmos DB Geo-replication enabled
āøļø 3. AKS (Azure Kubernetes Service) Deployment
Istio Service Mesh for:
Traffic routing
mTLS (zero-trust)
Canary deployments
Retry/failover
Policy enforcement
Each microservice is containerized with Docker, deployed via Helm or Kustomize, and exposed through Istio Ingress Gateway.
š© 4. Kafka Integration via Azure
Use Azure Event Hubs with Kafka protocolĀ (enterprise-grade)
Topics:
loan.applications, kyc.verified, credit.score.updated, loan.evaluation.done, loan.disbursed, etc.
Kafka Streams for processing and aggregation
Kafka consumers push to WebSocket or NotificationService
š 5. Monitoring, Logging, and Observability
Logs: ELK Stack (Filebeat + Logstash + Elasticsearch + Kibana)
Metrics: Prometheus + Grafana dashboards for each microservice and Kafka topics
Tracing: OpenTelemetry with Jaeger or Zipkin for distributed tracing
šļø 6. Data Layer per Microservice (Polyglot Persistence)
Microservice | DB Type | Azure Resource |
KYCService | RDBMS | Azure SQL Database |
CreditScoreService | NoSQL | Azure Cosmos DB |
LoanEvaluationService | RDBMS + Blob | Azure SQL + Blob Storage |
LoanAgreementService | Blob | Azure Blob Storage |
NotificationService | NoSQL | Azure Table / Cosmos DB |
DisbursementService | RDBMS | Azure SQL |
FlywayĀ or LiquibaseĀ is used for schema versioning.
All sensitive data is encrypted at rest and in transit (AES256, TLS 1.3).
š 7. SEBI & RBI Compliance
Data Residency: All customer data stored in Indian Azure data centers.
Audit Trails: Immutable logs stored in Azure Blob Archive Tier.
Consent Management: APIs exposed for consent withdrawal, as per RBI guidelines.
Encryption & Masking: PII masked; data encrypted with Azure Key Vault managed keys.
Regulatory Reports: Auto-generated from ELK + Prometheus + Cosmos DB.
š 8. CI/CD with Azure DevOps
CI Pipelines: Java + Angular build, test, sonar scan, Docker build
CD Pipelines: Helm deployment to AKS clusters, Canary release via Istio
Secrets: Managed via Azure Key Vault and injected using aad-pod-identity
š£ 9. WebSocket Push to UI (Angular Dashboard)
DashboardServiceĀ listens to Kafka topics
Pushes live updates via STOMP over WebSocket
Angular uses @stomp/ng2-stompjsĀ + SockJS
š§© Key Features Summary
Feature | Technology |
Authentication | Azure AD (OIDC / OAuth2) |
Eventing & Messaging | Apache Kafka (Azure Event Hubs) |
API Management | Azure API Management Gateway |
Microservices Runtime | Spring Boot on AKS with Istio |
Observability | ELK + Prometheus + Grafana |
DevSecOps | Azure DevOps + Key Vault |
Storage | Azure SQL, Cosmos DB, Blob |
Security | mTLS, RBAC, Azure AD |
Compliance | SEBI, RBI, GDPR |
Scaling | AKS HPA + Cluster Autoscaler |
Disaster Recovery | Multi-region replication, Velero, ASR |
ā High-Level Architecture ā Loan Processing System
š¹ Key Components
Frontend (Angular/React)
Customer Dashboard
Ops/Reviewer Dashboard
Real-time updates via WebSocket or SignalR
Spring Boot Microservices (Deployed on AKS):
LoanApplicationService
KYCService
CreditScoreService
LoanEvaluationService
ManualReviewService
LoanAgreementService
LoanDisbursementService
NotificationService
AuditService
Common DTO/Event Module
Kafka Topics (Events):
loan-application-submitted
kyc-check-completed
credit-score-evaluated
loan-decisioned
loan-decision-finalized
loan-agreement-signed
loan-disbursed
Azure Services
AKS (Kubernetes Cluster)
Azure AD (Authentication & Authorization)
Azure PostgreSQL/MySQL (for microservices DB)
Azure CDN + Azure Front Door
Azure Monitor, Log Analytics
Azure Key Vault (Secrets, Keys)
Azure DevOps (CI/CD Pipelines)
Service Mesh:
IstioĀ for secure, observable, and managed microservice communication.
š End-to-End Solution Flow (Text Version)
1. Loan Application Submission
Customer applies via frontend.
LoanApplicationServiceĀ stores request & emits loan-application-submittedĀ Kafka event.
Event includes metadata like customer ID, loan type, amount, channel.
2. KYC Verification
KYCServiceĀ consumes loan-application-submitted, triggers verification (e.g., PAN + Aadhaar).
After completion, it emits kyc-check-completedĀ Kafka event.
3. Credit Score Evaluation
CreditScoreServiceĀ consumes kyc-check-completed.
Calls external CIBIL/Experian API and emits credit-score-evaluated.
4. Loan Evaluation
LoanEvaluationServiceĀ consumes credit-score-evaluated.
Uses rules engine (e.g., Drools) for auto-decisioning.
Emits loan-decisionedĀ (APPROVED/REJECTED/REVIEW_REQUIRED).
5. Manual Review (Optional)
If REVIEW_REQUIRED, ManualReviewServiceĀ picks it from event queue/UI.
Reviewer inputs comments and emits loan-decision-finalized.
6. Agreement Signing
LoanAgreementServiceĀ triggered on APPROVED decision.
Coordinates eSign/eMandate and emits loan-agreement-signed.
7. Loan Disbursement
LoanDisbursementServiceĀ listens to agreement event and initiates disbursement.
Updates core banking and emits loan-disbursed.
8. Notification Service
Subscribes to all events and pushes updates to UI via WebSocket (SignalR for Angular).
Sends email/SMS if required.
9. Audit Service
Listens to all events.
Stores audit trail with headers like correlationId, timestamp, service name.
š Security
Azure ADĀ integration for all service APIs (via OAuth2 + JWT).
Role-based access for customer/ops/reviewer.
Istio mTLS between services.
Azure Key Vault for managing secrets/keys.
š DevOps & Observability
CI/CD:Ā Azure DevOps pipelines build Docker images, deploy to AKS.
Monitoring:Ā Prometheus + Grafana + Azure Monitor.
Logging:Ā ELK or Azure Log Analytics.
š” Real-Time UI Updates
WebSocket or SignalR connection to NotificationService.
Backend emits updates on key Kafka events.
UI dashboards reflect live status (e.g., "Loan Approved", "Disbursed", etc.).
Comments