GyanByte
Live2025

FundBook — MSME Lending Platform

A fintech platform that streamlines MSME loan applications in India — configurable workflows per loan type, document management, CA collaboration, admin review with commenting, and forwarding to lending institutions.

Node.jsTypeScriptReactPostgreSQLRedisAWS S3Docker

Category

Fintech

Year

2025

Status

Live

The Problem

Small and micro businesses (MSMEs) in India face a painful loan application process. Every lender has different requirements, different document checklists, and different approval workflows. Business owners spend weeks gathering paperwork, often getting rejected because of a missing document or an incorrectly filled form — only to start over with another lender.

On the lender and broker side, there is no standardized way to manage applications across multiple loan types. Admins juggle spreadsheets, email threads, and WhatsApp messages to track which applicant has submitted what, which documents need corrections, and which applications are ready for forwarding to financial institutions.

FundBook was built to digitize and streamline this entire pipeline — from application intake to institutional submission.

What I Built

A complete lending workflow platform where MSMEs apply for loans, collaborate with their Chartered Accountants, and admins manage the full lifecycle from intake to institutional submission.

Configurable Loan Workflows:

  • Admin can define multiple loan types: term loans, working capital loans, equipment financing, invoice discounting, government scheme loans (MUDRA, CGTMSE, Stand-Up India)
  • Each loan type has its own configurable workflow — different stages, different document requirements, different approval steps
  • Workflow builder lets admins define stages (e.g., Application Received → Documents Under Review → CA Verification → Credit Assessment → Ready for Submission → Submitted to Institution → Sanctioned / Rejected)
  • Stage transitions have rules — an application cannot move to “Ready for Submission” until all required documents are verified
  • New loan products can be launched by cloning an existing workflow and modifying stages/documents, without any code changes

Document Management:

  • Each loan type has a configurable document checklist — PAN card, Aadhaar, GST returns, ITR filings, bank statements, business registration, balance sheets, property papers, etc.
  • Applicants upload documents against the checklist — the platform tracks which documents are submitted, pending, or rejected
  • Document versioning — when an admin rejects a document (blurry scan, wrong period, missing pages), the applicant uploads a replacement without losing the history
  • Secure storage on AWS S3 with access controls — only the applicant, their CA, and authorized admins can view documents
  • Bulk download — admins can package all verified documents for an application into a single ZIP for institutional submission

MSME Applicant Portal:

  • Business owners register with their GSTIN or business PAN
  • Dashboard showing all active loan applications, their current stage, and what action is needed
  • Guided application form per loan type — fields adapt based on the loan product (business vintage, annual turnover, collateral details, etc.)
  • Document upload interface with checklist progress — clear visibility of what is submitted, what is pending, what was rejected with admin comments
  • Notification system — email and in-app alerts when admin comments on a document, requests additional information, or moves the application forward

CA (Chartered Accountant) Collaboration:

  • Applicants can invite their CA to collaborate on the application
  • CA gets their own login with scoped access — they see only the applications they are invited to
  • CAs can upload financial documents (ITR, balance sheets, audit reports) on behalf of the applicant
  • CAs can review and certify document accuracy before admin review
  • Reduces back-and-forth — the CA, who typically prepares these documents anyway, uploads them directly rather than sending to the business owner to re-upload

Admin Review & Management Portal:

  • Dashboard with all applications across loan types, filterable by stage, loan type, date, and applicant
  • Application detail view — full form data, document checklist with view/download, stage history timeline
  • Document review — admins can view each document inline, approve it, or reject it with a comment explaining what is wrong (“Bank statement is for Q1, we need full year”, “PAN card scan is not legible”)
  • Commenting system — threaded comments on the application and on individual documents. Applicants and CAs see comments and can respond.
  • Admin can request additional documents not in the original checklist — ad-hoc requests with descriptions
  • Stage progression — admin moves the application through workflow stages. Each transition is logged with timestamp, admin name, and optional notes
  • Bulk operations — select multiple applications and move them to the next stage, or export a summary report

Institutional Submission:

  • Once an application is fully verified, admin prepares it for submission to lending institutions (banks, NBFCs, government schemes)
  • Application packaging — the platform compiles all verified documents, form data, and CA certifications into the format required by each institution
  • Submission tracking — admin logs which institutions received the application, submission date, and tracks responses (sanctioned, rejected, pending, additional info requested)
  • Multi-institution submission — a single application can be submitted to multiple lenders simultaneously to improve chances of approval
  • Institution feedback loop — when a lender requests changes or additional documents, admin routes it back to the applicant through the same commenting system

Technical Challenges

  • Configurable workflow engine — The core challenge was making workflows genuinely configurable without writing custom code for each loan type. Built a workflow definition schema stored in PostgreSQL — each loan type references a workflow template that defines stages, allowed transitions, required documents per stage, and validation rules. The application state machine enforces transitions at the API level.

  • Document lifecycle management — Documents go through multiple states (pending, uploaded, under review, approved, rejected, replaced) with strict rules. A rejected document must have a comment. A replacement links to the original. Approved documents are locked — no re-upload without admin unlocking. Built this as a state machine with transition guards and audit logging.

  • Multi-role access control — Four distinct roles (applicant, CA, admin, super-admin) with overlapping but different access. CAs see only invited applications. Admins see all applications but cannot modify applicant data. Super-admins configure workflows and manage admin accounts. Implemented as a role + resource + relationship permission model in middleware.

  • Form configurability — Different loan types need different application fields. A working capital loan asks about monthly revenue and receivables. An equipment loan asks about machinery details and vendor quotes. Built a dynamic form schema that admin defines per loan type — the React frontend renders forms dynamically from the schema, and the backend validates submissions against the same schema.

  • Document security — Financial documents (tax returns, bank statements) are highly sensitive. All documents stored on S3 with server-side encryption. Pre-signed URLs with short expiry for viewing — documents are never served directly. Access logs track who viewed which document and when.

  • Audit trail for compliance — Lending workflows have regulatory requirements around record-keeping. Every action — document upload, admin comment, stage transition, document approval — is logged in an immutable audit table with actor, timestamp, action, and before/after state. This trail is exportable for compliance review.

Architecture

  • Frontend — React application with role-based routing. Applicants, CAs, and admins each get a tailored interface after login. Dynamic form renderer that builds forms from JSON schema. Document viewer with inline preview for PDFs and images.
  • API Layer — Node.js + TypeScript REST API. JWT authentication with role-based middleware. Request validation against loan-type-specific schemas. Rate limiting and request logging.
  • Workflow Engine — Core service that manages application state transitions. Validates transitions against workflow definitions, enforces document requirements per stage, and emits events on state changes for notifications.
  • Document Service — Handles upload, storage, versioning, and access control. Generates pre-signed S3 URLs for secure viewing. Manages the document state machine (uploaded → under review → approved/rejected → replaced).
  • Database — PostgreSQL for all application data, workflow definitions, user accounts, comments, and audit logs. JSONB columns for dynamic form data and workflow configuration.
  • File Storage — AWS S3 with server-side encryption for all documents. Organized by application ID and document type. Lifecycle policies for archival.
  • Cache — Redis for session management, frequently-accessed workflow definitions, and application stage counts for admin dashboards.
  • Infrastructure — Docker containers deployed on AWS. Managed RDS for PostgreSQL. ElastiCache for Redis. S3 for documents. CloudWatch for monitoring.

Results & Impact

  • Digitized the entire MSME lending workflow — from paper-and-WhatsApp chaos to a structured, trackable pipeline with full audit trail
  • Configurable loan products — admins launch new loan types by defining workflow stages and document checklists, no developer involvement needed
  • Reduced document back-and-forth — inline commenting and CA collaboration cut the average application preparation time significantly
  • Institutional submission readiness — applications arrive at lenders complete and verified, reducing rejection rates due to missing or incorrect documents
  • Compliance-ready audit trail — every action logged with actor, timestamp, and context, meeting regulatory record-keeping requirements
  • Sole architect and developer — designed and built the full platform: workflow engine, document management, multi-role access, all portals, and cloud infrastructure

Stack Deep Dive

  • Node.js + TypeScript for the API — type safety critical for workflow state machines and document lifecycle management
  • React with dynamic form rendering — forms built from JSON schema per loan type, no hardcoded forms
  • PostgreSQL with JSONB for flexible form data and workflow configuration alongside structured relational data
  • Redis for session caching and dashboard aggregation queries
  • AWS S3 with pre-signed URLs and server-side encryption for secure document storage
  • Docker for containerized, reproducible deployments
  • JWT-based authentication with a role + resource + relationship permission model
← PreviousStock Market Gaming Portal
Next →Drivuum — Road Safety Score Platform

Interested in working together?

Get in Touch