Modernization Challenges & Resolution

Anand Nerurkar
2 days ago
4 min read

Updated: 1 day ago

1. Business Stakeholders (CXOs, Product Owners, Lending Ops)

Wanted faster time-to-market for new loan products.
Worried about business disruption while migrating from legacy monoliths (PL/SQL, Pro*C).
Needed regulatory compliance (RBI/SEBI, KYC, AML).
Concerned about customer experience (loan approvals in minutes, not days).

Approach:
- Created a Business Capability Map → mapped loan origination, KYC, credit scoring, disbursement into microservices.
- Proposed event-driven model (Kafka topics like Loan-Initiated, KYC-Completed, CreditScore-Checked).
- Demonstrated quick wins: POC for instant loan approval in < 5 mins.
- Created regulatory compliance matrix (RBI + SEBI + Data Localization).
👉 This built trust that modernization aligned with business KPIs.
Business KPIs
- ✅ Loan Approval SLA: % of loans processed within <15 mins.
- ✅ Customer Conversion Rate: applications completed vs dropped.
- ✅ NPS/CSAT for loan applicants.
- ✅ Loan Disbursement TAT (application → money in account).

2. Technology Stakeholders (CIO, Architects, Engineers)

Resistance to move away from legacy Oracle PL/SQL/pro*c job.Legacy monolithic loan systems slowed down integration.
Unsure whether to use Azure-only services or go cloud-agnostic.
Concerned about integration with existing enterprise Kafka (used by multiple LOBs).
Pushback on infrastructure cost optimization vs high availability (South India + West India active-active setup).
Data duplication between SQL (transactions) and NoSQL (customer 360).
Infra scaling to 150K concurrent users, 8K TPS in BFSI compliance.
DevSecOps pipeline needed shift-left security & compliance gates.

Approach
Broke monolith into domain-driven microservices (KYC, Credit Score, Loan Evaluation, Agreement, Disbursement). Ran architecture workshops to explain why microservices + AKS + Istio + Azure SQL/NoSQL was better.
PL/SQL,trigger moved to event driven microservices,pro*c job moved to Spring Batch Job
Proposed cloud-agnostic design: Kafka at enterprise level, Redis enterprise cache, APIs containerized → deployable to Azure, AWS, or On-Prem.
Cost challenge → optimized using Azure Reserved Instances, Autoscaling, Redis caching.
Explained active-active with Azure Traffic Manager + Front Door + App Gateway, ensuring geo-redundancy.
Implemented Event-driven design with Kafka + Azure SQL MI (transactional) + Cosmos DB (document/360).
Designed Active-Active setup with BDR Postgres + Geo-Replicated Cosmos across South & West India.
Azure DevSecOps pipeline with SAST (SonarQube), DAST, IaC scan (Terraform), container image scan, approval gates.

Technology KPIs
- ✅ System Latency: average response per microservice (e.g., <200ms).
- ✅ Throughput: # of loan applications processed per minute.
- ✅ Availability/Uptime: >99.9% SLA across active-active setup.
- ✅ Error Rates: failed transactions per 1,000 requests.

3. Operations & Security Teams

Concerns around data security & privacy in cloud.
Needed strong IAM (Azure AD + RBAC) and DevSecOps pipeline with SAST, DAST, dependency scanning.
Fear of misconfigurations without governance (Azure Policy, OPA, Blueprints).
Ensuring zero downtime migration with disaster recovery & resilience.

Approach

Integrated Veracode SAST, OWASP ZAP DAST, and Aqua Trivy in Azure DevSecOps pipeline.
Introduced OPA (Open Policy Agent) for policy-as-code enforcement in AKS.
Used Azure Policy + Blueprints → automated security guardrails.
Defined RTO/RPO strategy → tested DR between South India ↔ West India.

👉 This gave security & ops confidence that modernization won’t weaken compliance.

Operations KPIs

✅ Exception Queue Volume: % routed to manual review (should reduce over time).
✅ Resolution Time for Escalations.
✅ Customer Support Calls related to loan approval.
✅ False Positive/Negative Rate in automated checks.

4. Compliance & Risk Teams

Wanted audit trails, logging, monitoring.
Needed to ensure encryption at rest + in transit.
Concerned about model fairness (ML/AI for credit scoring not biased).
Asked for fraud detection integration with Kafka + ML models.

Approach

Implemented end-to-end audit logs via Azure Monitor + ELK + Kafka replay.
Enabled Azure Key Vault + CMK encryption for sensitive data.
Brought Responsible AI checks → fairness, bias detection in credit ML models.
Added fraud detection pipeline (Spring Boot + Kafka + ML scoring service).
All services behind Azure VNet, private subnet, NSGs, WAF, Istio service mesh mTLS.
Key Vault + HSM for secrets/keys.
Kafka integrated with audit CDC topics + WORM (Write Once Read Many) storage for audit.
SIEM integration (Azure Sentinel) with SOC dashboards.

👉 Compliance teams saw risks mitigated proactively.

Risk/Compliance KPIs

✅ Fraud Detection Rate: % fraud caught before approval.
✅ Regulatory Breach Incidents (must be zero).
✅ Audit Trail Coverage: % of loan applications fully logged.
✅ KYC Accuracy: % of KYC done without manual corrections.

4. External Stakeholders

Credit Bureaus (CIBIL, Experian, Equifax, CRIF)
UIDAI (Aadhaar) / CKYC
Payment Gateways & Disbursement Partners

Challenges:

Each bureau had different SLAs, APIs, downtime issues.
External API integration added latency & availability risks.
Payments/disbursements required real-time settlement + RBI compliance.

Resolution:

Parallel bureau calls with circuit breaker + retry + fallback logic.
Cached results via Azure Redis for short-lived responses.
Disbursement routed via NPCI UPI/IMPS/NEFT APIs, with real-time reconciliation microservice.

5. End Customers

Loan Applicants
Guarantors / Co-applicants