3.E Underwriting engine

Purpose

Combine every underwriting input into a deterministic, auditable decision: eligible / declined / refer to manual, with a risk grade, sanction amount, tenure, and pricing recommendation, and a full trace of every rule fired and every score computed.

Underwriting is the most opinionated module. Whatever else the platform looks like, the underwriting engine reflects the company’s credit philosophy. See Section 6 for the full rule library and scorecards.

In-scope features

Policy rule engine

Declarative rules in a configurable format — domain users can write / edit rules without engineering deploy.
Versioned rule sets — policy changes are versioned; every application records the rule-set version applied.
Per-product rule sets — different products / channels / co-lending partners can have different rule sets, layered.
Rule composition — atomic rules combine into rule groups, groups combine into policies.
Outcomes per rule — pass / fail / deviation (requires approval) / refer (manual review).

Eligibility engine

Hard eligibility checks — PAN match, GSTIN active, business vintage, location, KYC status, sanctions clear.
Soft eligibility checks — preliminary sufficiency of GST turnover, bank balance, etc.
Negative list checks — internal blacklist, GSTIN-cancellation feed, court-litigation hits.

Bureau scorecard

Score thresholds — CIBIL / Experian / Equifax / CRIF score cuts per product.
DPD policy — declines for DPD on certain bucket / vintage.
Multiple enquiries — count and recency policy.
Write-off / settlement — automatic decline (or refer) on write-off / settlement history.
Existing exposure — sum of all current EMIs against income / cash-flow.
Commercial bureau — entity exposure, commercial DPD history.

Bank-statement scorecard

ABB (Average Bank Balance) — minimum ABB for a defined period.
MAB (Monthly Average Balance) — same, monthly.
Credit turnover — minimum monthly credit inflow.
Debit turnover — sanity vs credit; ratios.
EMI / NACH obligation detection — sum of existing obligations.
Bounce analysis — NACH / cheque bounce count and recency.
Circular / related-party transactions — pattern detection.
Cash deposit analysis — large or frequent cash deposits flagged.
Salary / business credit identification — for proprietor’s personal account.

GST scorecard

Turnover progression — last 12 / 24 / 36 months trend.
Filing consistency — % of months filed on time.
GST sales vs bank credit reconciliation — divergence flag.
GST purchase vs bank debit reconciliation.
Customer concentration — top buyers, top suppliers.
Late filings, suspensions, cancellations — high-severity flags.
Sales volatility — coefficient of variation of monthly sales.
Seasonality — detected and accounted for in capacity.

Cash-flow underwriting

Net operating cash flow — month-by-month from bank + GST.
Debt-service capacity (DSC) — operating cash flow / proposed EMI; threshold-based.
FOIR (Fixed Obligation to Income Ratio) — for proprietor.
Working capital cycle — receivable days + inventory days − payable days.

Tally / accounting scorecard

Revenue + margin from P&L.
Receivable ageing — % > 90 days; concentration.
Payable ageing — % > 90 days; flag aged payables to known stress.
Inventory turn.
ROCE estimate.
Reconciliation with GST + bank — divergences scored.

Fraud scorecard

Identity-fraud signals — PAN-Aadhaar mismatch, mobile-PAN mismatch, address-OVD mismatch.
Bank-statement tampering signals (BSA vendor’s checks).
Velocity flags — unusual GST / invoice / bank growth that contradicts vintage.
Device fingerprint anomalies — same device for many borrowers.
Negative-list / consortium / internal blacklist hits.

Exposure rules

Single-borrower cap — vs Tier-1 capital (per SBR).
Group cap.
Sectoral cap.
Anchor / programme cap for SCF.
Channel / DSA cap.
Geography cap.

Pricing engine

Risk grade → price grid — discrete grades mapped to interest rate.
Tenure adjustment.
Channel adjustment (different DSA / channel commercials).
Product adjustment.
Override approval workflow for off-grid pricing.

Sanction proposal

Recommended sanction amount — min of: requested, capacity-based, exposure-cap-allowed.
Recommended tenure — per product policy and cash-flow fit.
Recommended pricing.
Recommended conditions — bank account for disbursement, NACH mandate, post-disbursement covenants.

Decision output

Outcome — approve / decline / refer to manual / defer (more data needed).
Reasons — full list of rules fired, scorecards triggered.
Auditable trace — every rule version, every input value, every intermediate result.
Explainability — for borrower-facing rejection reason (subject to compliance review).

Out of scope

Manual review workflow — see 3.F.
Sanction letter / KFS generation — see 3.H.
Disbursement — see 3.I.
Post-disbursement monitoring — see 3.L.

Key entities

Policy — versioned, with rule sets.
Rule — atomic, with name, expression, threshold, outcome.
Scorecard — collection of features and weights / thresholds.
Feature — extracted from data ingestion; reusable across rules and scorecards.
Decision — per application: outcome, rule trace, score-card outputs, sanction proposal.
Deviation — when policy fails but business wants to approve; needs explicit approval.
RiskGrade — discrete output from scorecards.

Key workflows

Decision run — application submitted → feature extraction → policy + scorecards execute → decision recorded.
Re-decision — when new data arrives (refreshed bureau / bank), re-run with version of policy at original decision.
Deviation approval — flag → approval queue → approver acts → decision finalised.
Policy edit — domain user edits rule → version bump → sandbox test → deploy.
Refer-to-manual — decision returns refer; case enters manual queue with all context.

Integrations

Read from data-ingestion module (bureau, BSA, GST, Tally, MCA, AA).
Read from KYC module (identity verified status).
Write to documentation module (sanction proposal) and to LMS module (sanction).

APIs

POST /decisions/run — execute decision against a policy version.
GET /decisions/{id} — retrieve decision with full trace.
POST /decisions/{id}/deviation — request deviation approval.
POST /policies — create / update policy (versioned).
GET /policies/{id}/test — sandbox test against historical applications.

Events emitted

decision.run.started / decision.run.completed
decision.approved / decision.declined / decision.referred / decision.deviation_required
policy.updated / policy.deployed

Edge cases

New data arrives mid-decision — queue → re-run after data settle window.
Conflicting rules (one passes, one fails) — explicit policy precedence.
Policy bug declines genuine borrowers — sandbox testing + champion-challenger framework.
Bureau no-hit — separate path (new-to-credit borrowers); decision relies on alternative data.
Co-lending dual policy — run originator’s + partner’s; output combined outcome.
Repeat borrower with new product — apply both repeat-borrower rules and product-specific.
Group exposure at edge of cap — strict block; not deviation-eligible.

Compliance touchpoints

Digital Lending Guidelines — credit decision must be RE’s (not LSP’s only).
Explainability — borrower must receive a reason in writing for decline.
DPDP — only data with valid consent feeds decisioning.
Bureau — pulls per CICRA, with enquiry recording.
Asset classification continuity — for renewals / top-ups, NPA status of any existing exposure must block.
Fair Practices Code — decisions cannot be discriminatory.

MVP vs production

Feature	MVP	Production
Rule engine	Simple expression language (or Drools embedded)	Full DSL with sandbox
Bureau scorecard	✓	✓
Bank-statement scorecard	✓	✓
GST scorecard	✓	✓
Cash-flow underwriting	✓	✓
Tally scorecard	(Phase 2)	✓
Fraud scorecard	Basic	Multi-signal with consortium feeds
Exposure rules	✓	✓
Pricing engine	Grid-based	Grid + risk-based + auto-test
Champion / challenger	(Phase 3)	✓
Deviation workflow	✓	✓
Re-decision on new data	(Phase 2)	✓
ML model integration	(Phase 4)	✓
Decision explainability for borrower	✓ (basic)	Rich, vernacular