Building a UPI-First Lending App: Architecture from KYC to Disbursal
UPI-first lending, small-ticket, instant-disbursal, repayment via UPI mandate, is now the dominant pattern in Indian consumer credit. Building one isn't conceptually hard; building one that passes RBI inspection, scales past ₹100 crore disbursed, and doesn't burn capital on fraud is the actual challenge. Here's the architecture.
Key takeaways
- Six core services: identity, underwriting, disbursal, repayment, collections, compliance.
- RBI Digital Lending Guidelines must be wired into the state machine, not appended as a "compliance check."
- Use direct bank-to-bank flows; no pass-through wallets.
- Repayment via UPI AutoPay (mandate) is the cleanest UX.
- Observability and audit logs are first-class concerns.
Why this matters
The lending stack you build in months 1-6 dictates whether you can scale to ₹500 crore disbursed without rebuilding. Most lending startups that rebuild do so because their architecture didn't anticipate compliance, scale, or fraud.
The six services
1. Identity & KYC
Mobile-OTP entry. Aadhaar OKYC for basic KYC. Video KYC for full KYC. Sanction screening, PEP check. Liveness detection. Document OCR with cross-validation.
This service owns the user record and the KYC lifecycle (NEW → IN_PROGRESS → KYC_COMPLETE → KYC_FAILED). It writes to an immutable audit log on every state transition.
2. Underwriting
Takes a loan application and decides yes/no/amount/rate. Pulls credit bureau data (CIBIL, Experian), pulls AA data (bank statements, MF holdings), applies your model.
The underwriting service should be stateless: same input always produces the same output. Versioned models. Every decision logged with the inputs that produced it.
3. Disbursal
Once approved, disburses to the borrower's bank account. Uses your payment gateway's direct-credit API. Bank-to-bank, no wallet pass-through.
State machine: APPROVED → DISBURSAL_INITIATED → DISBURSED / FAILED. Reconciliation job runs every 30 minutes against gateway records.
4. Repayment
UPI AutoPay mandates for recurring debits. Mandate amount capped at maximum monthly payment; debits triggered by your service per the schedule.
Track every debit attempt and result. Failed debits trigger your collections workflow.
5. Collections
Soft collections (SMS/WhatsApp/email reminders) for early-stage delinquency. Hard collections (calls) for later-stage. Field collection only as a last resort. All communications attributable to the regulated lender per RBI DLG.
6. Compliance & Audit
Centralized log of every customer interaction, every disclosure, every Key Fact Statement shown, every state transition. Inspector-friendly format. Retention per RBI requirements.
Cross-cutting concerns
Idempotency. Every API call must be idempotent. Disbursing the same loan twice is catastrophic.
Observability. Metrics on every state transition. Alerts on stuck-state loans.
Fraud. Device fingerprinting, behavioral patterns, velocity checks. Build it as a separate service that can veto any approve decision.
Multi-region. Active-active across AWS Mumbai and AWS Hyderabad for resilience.
Common pitfalls
Pass-through wallet. You'll be tempted; resist. RBI DLG explicitly prohibits.
Underwriting in the API call. Long-running scoring blocks the request. Move it async with a state machine.
No reconciliation job. Gateway and your DB will diverge. Build recon from day one.
Single point of failure on KYC providers. Have a fallback. Vendor uptime varies.
What we recommend
Build the state machine first, the UX second. Most teams get this backwards. The loan state machine is the spine; everything else attaches to it. Use Temporal or AWS Step Functions if you can, they save you from writing your own state engine.
FAQs
Can we use a single payment gateway for both disbursal and collection? Yes, Razorpay, Cashfree, and PayU all support both.
Do we need a banking partner license? Yes, you operate as a Lending Service Provider in partnership with an NBFC or bank. Get this set up before V1 design.
What about co-lending? Common pattern. Add a co-lending state branch in the architecture from day one.