Creodata Workplace Banking Application: Check-Off Loan Origination for Banks
Run check-off (payroll-deduction) loan origination end to end — payslip-accurate affordability, a 13-stage role-based workflow, embedded IPRS, CRB, KRA and AML checks, maker-checker disbursement, SLAs, and an immutable audit trail — for banks, microfinance banks, and SACCOs in East Africa.
The Creodata Workplace Banking Application (WPB) is an enterprise-grade platform for unsecured, check-off (payroll-deduction) lending to employees of approved employer schemes. It carries a loan from the first pre-sale calculation, through application, documentation, compliance review, credit analysis and approval, to check-off booking, core-banking booking, disbursement and post-disbursement — as one structured, role-based, fully audited journey. It is built for the Kenyan financial market, with the integrations, business rules and controls that workplace lending in that market actually requires.
The problem
Workplace-banking lending looks simple from the outside — a salaried borrower, an employer that deducts the instalment at source, a predictable repayment — but the origination process behind it is anything but. Most lenders still run it across spreadsheets, email, a generic loan system and several manual hand-offs. An affordability figure is worked out by hand from a payslip, then re-keyed. Compliance checks against the national ID register, the credit bureau, the tax authority and a sanctions list are run in separate windows and pasted into a form. A file moves between a sales executive, a sales manager, a compliance analyst, a credit analyst and a credit approver with no single record of who did what, or how long each step took.
The cost is rarely one dramatic failure. It is the accumulation of small ones: an affordability calculation that omits a deduction and breaches the minimum take-home rule; a loan booked without the break-period interest that keeps the check-off in step with the repayment schedule; a buy-off disbursed before the other lender's clearance letter arrives; a disbursement made by the same officer who booked it. Turnaround stretches, applications stall in queues nobody is monitoring, and when an auditor asks what happened to a particular facility, reconstructing the answer means stitching together inboxes.
WPB exists to close that gap: to make the journey guided for sales, structured for credit and operations, and evidential for compliance and audit. For the full discipline and a stage-by-stage view, the complete guide to workplace-banking loan origination sets out the whole picture.
What the platform does
Pre-sale: three calculators and a real affordability check
Every loan begins with a number the customer can trust. WPB provides three calculators: a forward calculator (loan amount to monthly instalment), a reverse calculator (an affordable instalment to a maximum loan amount), and an affordability check that builds a true net-pay picture from the payslip. The affordability check is selected against the customer's employer scheme and factors in every allowance — house, commuter, hardship and others — and every deduction — PAYE, NSSF, NITA, NHIF, pension, SACCO contributions and loans, bank loans and more. It enforces a minimum take-home of KES 50,000 even where there is a buy-off, and any loan being taken over is included in the calculation. The disciplines behind these tools are covered in forward, reverse and affordability calculators explained and loan affordability checks from the payslip.
Employer schemes and check-off
Workplace lending is anchored on the employer. WPB manages an approved-scheme list and holds each employer's parameters — interest rate, minimum and maximum loan amount, processing fees, tenure bounds and insurance — so that selecting a scheme drives the rest of the application. Repayment runs by check-off: the instalment is deducted at source and remitted to the bank. For government payrolls, the platform generates the deduction data delivered to IPPD for confirmation and booking; for private employers it runs scheme-based check-off with employee verification. The mechanics are explained in employer scheme onboarding and check-off loans in Kenya.
A 13-stage, role-based workflow
Behind the application sits a defined workflow with role-based authorisation and decision gates at every step: pre-sale, customer application and document collection (Direct Sales Executive); application review (Sales Manager); document verification and data capture (Sales Centre Compliance Analyst); credit analysis (Credit Analyst); and credit approval (Credit Approver). After approval the path branches — new loans and top-ups to check-off booking with the Scheme Loan Administrator, buy-offs to a clearance route — before loan booking, disbursement and post-disbursement. Each stage supports a consistent set of actions: comment, forward, return with a reason, decline with a reason, approve and refer. The full map is in the workplace-banking loan workflow.
Compliance, credit analysis and underwriting
WPB runs the checks a regulated lender must perform and shows them to reviewers on a split screen beside the application: IPRS identity verification, CRB credit history, KRA tax-PIN validation and Comply Advantage AML, sanctions and PEP screening, with results cached for 24 hours. A deterministic business-rules engine then applies the bank's policy — the PEP rule, the minimum take-home, the retirement-age and contract-maturity limits on tenure, the debt-income and one-third-of-basic tests, CRB rules and net-pay verification against bank-statement credits. Credit analysts may reduce a requested amount to fit affordability but never increase it, and carry out enhanced due diligence through recorded employer verification. These layers are covered in compliance checks in loan origination and credit analysis and underwriting for unsecured personal loans. Origination screening is the start of compliance, not the end of it; ongoing monitoring after the loan is live is the job of the Creodata AML Compliance Platform.
Documents, the offer and OTP acceptance
WPB replaces the email-and-folder approach with checklist-driven document upload and verification, with a checklist that differs for customers existing to the bank and those new to it. Once documents are in, the system auto-generates a loan offer for the customer to execute and upload, sends a one-time password by SMS with a link to the terms and conditions, and regenerates the OTP if any detail changes after verification. A reference number is generated for tracking. The full checklist is set out in loan application documents and the OTP-signed offer.
Booking, disbursement and maker-checker
Loan booking and disbursement are the points where money moves, so they are protected by maker-checker dual control: an inputter initiates and a separate verifier approves, with the database preventing the same user from being both. WPB books the facility in the core banking system (Finacle) — branch, CIF, loan amount, scheme and employer codes, repayment account, currency, EMI, tenor, rate, value date and fees — marks the limit, and disburses in full, part or final tranches. Bank commissions and insurance are recovered to the relevant general-ledger accounts, a one-month moratorium applies with the first instalment falling due on the tenth of the following month, and break-period interest is factored into the EMI so the check-off is never short. Buy-off funds route to a suspense account and settle by RTGS to a bank or a bankers cheque to a SACCO. See maker-checker controls, loan booking and disbursement and loan buy-offs and takeovers.
SLAs, notifications and operational visibility
Each workflow stage carries its own service-level timer, with breach detection and turnaround-time reporting — average, minimum and maximum time by stage — so a stalled application is visible before it becomes a complaint. Email and SMS notifications keep sales, credit and the customer informed at each transition. The discipline is covered in loan processing SLAs and turnaround time.
Built on microservices, deployed your way
WPB is built on eleven .NET 9 Azure Functions microservices — Employer Scheme, Loan Calculator, Loan Application, Workflow Engine, Compliance, Document, Disbursement, Authorization, Auditing, Email Notification and SLA Monitoring — with a Next.js 14 backend-for-frontend portal. Data lives in PostgreSQL 16, and external systems are reached through an adapter layer with retry and circuit-breaker resilience. The same codebase runs on Microsoft Azure, including as a transactable Azure Marketplace managed application, or on-premises on Kubernetes, with feature parity across both.
| Capability | Microsoft Azure | On-premises (Kubernetes) |
|---|---|---|
| Relational data | PostgreSQL Flexible Server | PostgreSQL 16 |
| Messaging / events | Azure Service Bus | RabbitMQ |
| Document storage | Azure Blob Storage | MinIO |
| Identity | Microsoft Entra ID | Keycloak / LDAP |
| Telemetry | Azure Application Insights | OpenTelemetry + Prometheus |
The backend chosen for each capability is switched by configuration, so a bank can run WPB in the cloud or in its own data centre on the basis of its data-residency and operational preferences without giving up capability. The integration layer and its resilience model are described in workplace-banking system integrations.
Designed for audit and trust
Regulated lending has to be defensible after the fact, so WPB is built around an append-only audit log that records actions as they happen — protected at the database level so entries cannot be altered or deleted. Access is governed by role-based access control across ten lending roles and twenty-one permissions, enforced at each workflow stage, and the booking and disbursement steps enforce a four-eyes separation between the officer who prepares and the officer who approves. Sessions are encrypted, requests are protected against cross-site request forgery, inter-service calls are authenticated, and secrets are held in Azure Key Vault or Kubernetes secrets.
This is audit-ready architecture designed for SOC 2 and GDPR-aligned controls — not a certification claim, but the structural foundation a lender needs to demonstrate control over its origination process. The thinking is set out in audit trail, RBAC and security in a lending platform.
Who it is for
WPB is built for regulated lenders running workplace-banking programmes in Kenya and the wider East African market: banks, microfinance banks and SACCOs that lend to employees of approved employer schemes by check-off. It suits a lender that wants to retire spreadsheets and manual hand-offs for a guided, controlled, measurable origination process; one that needs payslip-accurate affordability, embedded IPRS, CRB, KRA and AML checks, and core-banking booking under maker-checker control; and one that needs to demonstrate, to an internal auditor or a regulator, exactly how each facility was originated. For the generic loan lifecycle beyond workplace schemes, the Creodata Loan Management System covers the broader picture.
Frequently asked questions
How is the Workplace Banking Application different from a generic loan management system?
WPB is purpose-built for workplace-banking (check-off) lending rather than lending in general. It models employer schemes and their parameters, runs payslip-driven affordability with the specific rules workplace lending requires — minimum take-home, retirement-age and contract-maturity caps, debt-income and one-third-of-basic tests — and books repayment by check-off, including the IPPD deduction-data flow for government payrolls. It also handles buy-offs and takeovers end to end. The broader, scheme-agnostic loan lifecycle is the domain of the Creodata Loan Management System; WPB is the specialised origination platform for the workplace-banking niche.
Can the platform run on our own infrastructure rather than in the cloud?
Yes. WPB runs on Microsoft Azure, including as a transactable Azure Marketplace managed application, or entirely on-premises on Kubernetes, with feature parity between the two. The on-premises stack uses PostgreSQL, RabbitMQ, MinIO and Keycloak in place of the equivalent Azure services for relational data, messaging, document storage and identity, while the same eleven .NET 9 microservices and Next.js portal run in both. This lets a lender choose a deployment that matches its data-residency, regulatory and operational requirements without losing any capability.
Does the platform connect to our core banking and compliance systems?
WPB is designed to integrate with the systems workplace lending relies on — Finacle for core banking (CIF, accounts, loan booking, limit marking and disbursement), IPRS for identity verification, CRB for credit history, KRA for tax-PIN validation, Comply Advantage for AML, sanctions and PEP screening, IPPD for government-payroll deductions, and DMS and RTGS for document workflow and inter-bank transfers. These are reached through an adapter layer with retry and circuit-breaker resilience, and compliance results are cached to reduce repeated calls. The integration model is explained in workplace-banking system integrations.
Ready to see check-off origination run against your own schemes, payslip rules and branding — from the affordability calculator to the maker-checker disbursement? Explore the complete guide and book a demo to walk a loan from pre-sale to disbursement with our team.