Azure AI Lending Platform for a U.S. Private Credit and Marketplace Fintech

The Customer is a United States fintech building a private credit marketplace: business borrowers, institutional and non-bank lenders, and internal operations staff all need a single system for discovery, applications, underwriting packets, and post-close servicing signals. The product vision emphasized transparent sourcing, repeatable risk signals, and faster cycle times than spreadsheet-led workflows - without sacrificing the audit trail regulators and partners expect in lending-adjacent categories.

• Borrower-facing discovery and application flows with role-aware Angular workspaces backed by ASP.NET Core APIs and Entra ID B2B where partners onboard with least privilege
• Automated KYC and KYB intake: templated tasks, document upload to Blob Storage, and structured extraction via Azure AI Document Intelligence feeding normalized records in Azure SQL
• Credit and bank-data integrations behind idempotent .NET integration services, vault-stored secrets, and explicit consent scopes per applicant
• Assistive AI for loan option explanations and lender-side summaries - routed through a private Azure OpenAI deployment with schema-bound outputs and human-in-the-loop for any pricing or term suggestion
• Underwriting queues, SLA timers, and exception paths so operations can clear stipulations without losing context across channels
• Observable pipelines: OpenTelemetry traces, Application Insights dashboards, and release automation through GitHub Actions

The leadership team had a crisp market thesis but engineering risk in every direction. Underwriting depended on fragmented email, shared drives, and ad hoc exports. Each new lender partner implied another half-custom spreadsheet for eligibility and covenants. Borrowers abandoned flows when document requests repeated or when status updates went silent for days.

They needed a cloud-native platform that could grow from a focused MVP - private loans to SMBs in a handful of verticals - toward broader marketplace liquidity. That meant strong tenant and partner boundaries, predictable cost on Azure, and a credible story for SOC-minded counterparties - all while shipping visible value every sprint, not a multi-year big bang.

• Manual underwriting packets with weak lineage between source documents and credit decisions
• High drop-off when borrowers could not see why a request was needed or how long review would take
• Inconsistent scoring inputs across lender partners and internal risk analysts
• Pressure to add visible AI features without a policy for PII, model outputs, or override workflows
• Limited platform telemetry: failures in integrations surfaced late or only through support tickets

• Data residency and least privilege: Every service principal, connection string, and bureau credential lived in Azure Key Vault with rotation hooks; APIs never returned raw bureau payloads to the browser - only derived fields the UI contract allowed.
• Document heterogeneity: Financial statements, articles of incorporation, and tax artifacts arrived as PDFs and images with uneven quality. Extraction had to degrade gracefully with manual correction queues instead of silent wrong numbers.
• Multi-party workflows: Borrower, lender, and internal roles needed distinct task models but shared case identifiers (case_id) so audit views stayed coherent.
• Controlled AI: Assistive features used a small gateway in .NET with allow-listed fields, structured JSON responses, and feature flags so lending officers could turn off model assistance per segment without redeploying the SPA.

• 2 Senior .NET engineers (origination APIs, integration workers, AI gateway, EF Core models, OpenAPI)
• 1 Frontend engineer (Angular modules, underwriting desk UX, accessibility, state for long-running applications)
• 1 Azure / DevOps engineer (App Service, SQL, networking, CI/CD, observability baselines)
• 1 Product-minded QA engineer (risk scenarios, regression suites in xUnit and UI checks)
• 1 Project manager (roadmap, compliance workshops, stakeholder reporting)

Softellar delivered a modular lending workspace on Azure. A set of stateless .NET ASP.NET Core APIs owns commands for applications, stipulations, and decisions, while read models and reporting projections stay query-friendly in Azure SQL. A companion worker host polls and webhooks external systems so user-facing paths stay fast. The borrower and lender experience is a typed Angular SPA with route-level guards aligned to Entra ID groups.

Origination, documents, and decision support

Applications progress through explicit stages with immutable event rows for compliance review. Uploaded files land in Azure Blob Storage with virus scanning and content-type checks before extraction jobs run. Azure AI Document Intelligence populates normalized tables for financial line items and identity fields; analysts see side-by-side PDF and parsed fields, with corrections feeding back into training priorities without overwriting originals.

Risk scoring combines bureau attributes, cash-flow signals from bank aggregation partners, and lender-specific policy tables versioned per cohort. Scores and reasons travel as structured DTOs so the Angular UI can render plain-language explanations without exposing restricted attributes.

Underwriting desk and partner onboarding

Internal users work from a queue that respects assignment rules and blackout windows for partner SLAs. Partner lenders receive scoped portals: only cases they sponsor, with document bundles watermarked for their channel. Entra ID enterprise applications isolate each partner app registration so credential leakage does not cross tenants.

Assistive AI with guardrails

Borrower assist features suggest plausible product fits based on non-sensitive profile fields and disclosed use of funds, always labeled as guidance. Lender assist summarizes long threads and highlights missing stipulations, but any recommended term change routes through policy tables and human approval. The .NET gateway calls Azure OpenAI inside the Customer's tenant with private endpoints; prompts exclude full document bodies and use hashed identifiers for correlation.

How AI sits next to the .NET services

Synchronous loan submission paths never block on model latency. When assistive text is requested, Angular calls a dedicated read endpoint that either returns a cached, versioned summary or enqueues a short-lived job. The gateway enforces maximum tokens, schema validation for responses, and circuit breakers; failures degrade to static help content and log a structured "AI unavailable" event for support.

TypeScript types generated from OpenAPI contracts keep the SPA and APIs aligned across releases, reducing drift when underwriting rules change weekly during pilot programs.

Security and compliance posture

Encryption in transit and at rest is default across SQL, Blob, and Key Vault. Row-level filters in the database enforce partner scope for shared tables. Break-glass access for engineers is time-boxed, logged, and requires dual control in production. Penetration findings from the Customer's third-party assessor were triaged into the same sprint board as product work so fixes shipped with traceability.

• Secret hygiene: no bureau keys in configuration files; short-lived tokens where vendors support OAuth-style flows.
• Document retention: lifecycle policies on Blob paths aligned to legal hold tags on cases.
• Telemetry boundaries: Application Insights sampling tuned so payloads never include raw PII in custom dimensions.

Payments and subscriptions

Platform subscription and document bundle fees use a payment provider integration behind a thin .NET façade with idempotent webhooks, reconciliation exports for finance, and explicit mapping to Entra ID organizations for invoicing - a pattern the Customer can extend to borrower-paid services later without rewriting core ledgers.

• API-first core: keeps mobile or partner-native clients possible later without forking business rules.
• Angular for complex forms: mature patterns for long-lived wizards, validation, and accessibility across borrower and lender desks.
• Azure SQL as system of record: relational integrity for money-adjacent entities with clear migration history via EF Core.
• Blob plus extraction: cheaper storage for large PDFs than overloading the primary database while still linking every file to cases and decisions.
• Private AI: meets investor and partner diligence questions about model data handling without blocking useful assistive features.
• GitHub Actions: repeatable deployments to App Service slots with smoke tests before swap.

Delivery moved in four deliberate phases:

1. Discovery and target architecture
   Journey mapping with credit, legal, and operations stakeholders; canonical domain model for cases, parties, and documents; threat modeling for bureau and bank integrations; Azure landing zone choices and cost guardrails.
2. MVP: apply, upload, and underwrite the first vertical
   Shipped Angular apply flow, ASP.NET Core APIs, SQL schema, Blob storage, basic queues, manual underwriting desk, and initial bureau connector behind feature flags.
3. Partner scale and extraction quality
   Multi-lender portals, improved Document Intelligence templates, stipulation automation, observability hardening, and load tests on peak submission windows.
4. Assistive AI and operational polish
   Introduced the private OpenAI gateway, lender summaries, borrower guidance with disclosures, admin controls for model versions, and runbooks for on-call.

Outcomes vary with lender mix and geography, but the Customer reported faster cycle times on cleared applications, fewer rework loops on document packages, and calmer audits because decisions linked cleanly to evidence objects and integration logs.

Business outcomes

• Higher completion rates once borrowers saw transparent status and fewer duplicate asks
• Faster partner onboarding through standardized APIs and scoped portals
• Clearer path to expand segments without rewriting the underwriting kernel
• Investor conversations improved with a concrete architecture and AI control narrative

Technical outcomes

• Consistent .NET service boundaries with versioned contracts to the Angular client
• Resilient integrations with retriable workers and visible health in Azure monitors
• Document extraction accuracy improved iteratively from analyst corrections
• CI/CD with slot swaps reduced release anxiety during pilot growth

.NET 8, C#, ASP.NET Core, Entity Framework Core, Angular, TypeScript, Azure App Service, Azure SQL, Azure Blob Storage, Azure Key Vault, Entra ID, Azure OpenAI, Azure AI Document Intelligence, Application Insights, OpenTelemetry, GitHub Actions, xUnit.

For teams with similar goals, our cloud architecture and enterprise application design practices align regulated product ambitions with engineering reality on Azure.