Facts in
The control plane consumes ledger facts — balances, due dates, statuses, protections — with explicit freshness and as-of semantics, so every decision knows exactly how current its inputs were.
Platform architecture
Two planes. One gate. Every action accounted for.
A servicing control plane above, a lending core below, joined by a clean fact/action contract. Humans and AI agents enter through one governed interface, every action clears the compliance gate at execution time, and everything lands in a tamper-evident evidence graph.
Human workforce
AI agent workforce
one governed action interface
Servicing control plane
decides, routes, and records every unit of work
facts in · governed actions out
Lending core
Compliance gate
Every action clears the gate before execution — the full architecture is mapped below.
The architecture
The whole platform on one screen
Workforce, governed interface, control plane, contract seam, core — and the compliance gate railing all of it. Every section below walks one layer of this picture.
Human workforce
agents · managers · reviewers
AI agent workforce
graduated autonomy · kill switch
One governed action interface
every action carries an operational context — the case it serves, an audited exception, or a system trigger
Servicing control plane
decides, routes, and records every unit of work
Cases · tasks · smart queuesOmnichannel interactionsCompliance engineConfigurable workflows
fact / action contract
facts up · as-of + freshnessactions down · idempotent + normalized outcomes
Lending core
Double-entry ledgerValue-dated paymentsNACHA returns · autopayReg Z APR · statements · payoff
Compliance gate · checked at execution
Evidence graphhash-chained decision records under both planes — every action links to its rule versions, approvals, and operational context
The four products
One platform, four products — each with its own deep dive
Adopt them together as an operating system for servicing, or start with the piece that hurts most. Each product gets a full page of its own; this is the map.
The governed action path
Five steps between intent and execution
Every action on the platform — a payment, a message, a dial, by a human or an AI agent — travels the same path. No shortcuts, no side doors.
- 1
Operational context
Every action starts with a reason the platform understands: the case it serves, an audited exception, or a system trigger.
- 2
Compliance gate
Version-pinned, regulation-traceable rules evaluate the action at execution time. Missing facts never permit.
- 3
Maker-checker
Actions that policy marks sensitive route to a distinct human approver before anything happens.
- 4
Execute
The action runs through the governed interface — idempotent, with normalized outcomes whether it hits LendEasy's core or yours.
- 5
Evidence record
Decision, rule versions, approvals, and outcome land in a hash-chained record linked into the evidence graph.
Composability
Bring your own core — the contract is the architecture
The control plane binds to any system of record through a fact/action contract designed to be reasoned about: what flows in, what flows out, and how the two sides reconcile. Run LendEasy's core, keep yours, or migrate later.
Governed actions out
Actions flow back to the core as idempotent commands with normalized outcomes. Retries are safe, partial failures are explicit, and the evidence record captures what actually happened.
Events for reconciliation
Core events stream back for reconciliation, so the control plane's view and the system of record converge continuously instead of drifting until month-end.
The architectural consequence: because compliance, grounding, and evidence live in the control plane — not in the core — they work identically in every configuration. Adopting the AI workforce does not require a core migration, and migrating cores later does not re-open your compliance posture.
The AI agent workforce
AI agents as governed workers beside your team
Architecturally, an AI agent is just another worker identity: same queues, same permissions, same audit trail — and the same compliance gate in front of every action. The difference is what you can prove afterwards.
Governed workers, not bolted-on bots
AI agents — including voice agents working collections and hardship calls — pull from the same queues, hold the same scoped permissions, and write to the same audit trail as humans. There is no AI side door.
Structural grounding
Every borrower-facing figure comes straight from the ledger. The model writes the words; the ledger supplies the numbers.
Graduated autonomy
Assist, approve, then autonomous within policy — set per task type, with a distinct human reviewer for anything the agent proposes.
Operational controls
Instant kill switch with scoped suppression (global, queue, case type, or channel), pinned model and prompt versions per decision, PII scrubbed before any model call.
Security posture
Deny-by-default, on open foundations
Deny-by-default API surface
Every endpoint requires an explicit permission grant — for humans, integrations, and AI agents alike. Nothing is reachable because a default was left open, and PII is scrubbed before any external model call. Access reviews read like policy, because access is policy.
Open, auditable foundation
The lending core is built on open, bank-grade infrastructure that institutions worldwide have operated for years — built by the same engineers who lead it. Your auditors can read the foundation, and your exit path never depends on a vendor black box.
FAQ
Questions architects ask us
The contract is deliberately narrow: the control plane reads ledger facts with as-of and freshness semantics, and emits governed actions as idempotent commands with normalized outcomes. There is no deep coupling to your ledger schema and no requirement to change how your core posts. Most integrations are an adapter over APIs or extracts you already expose.
Walk the architecture with the people who built it
Bring your hardest integration question. We will trace a real action from operational context to evidence record — on our core or against yours.