Supported LOS Platforms
Native connectors available for: nCino (Salesforce-based), Finastra LaserPro / Mortgagebot, Baker Hill NextGen, FICO Origination Manager. Custom REST/webhook integration available for all other platforms. Average integration time: 3–5 engineering days.
Step 1 · Credentials
Provision CAIBots API Credentials Required
CAIBots Customer Success Engineer provisions your institution's API key pair (client_id + client_secret) for sandbox and production environments. Keys are scoped to your institution and carry your bureau permissible purpose linkage.
Request sandbox credentials via your CSE or the CAIBots customer portal at admin.caibots.com
Store credentials in your institution's secrets manager (AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault)
Never hardcode credentials in application code — strict policy enforcement
Production keys issued only after SR 11-7 validation sign-off and security review
Step 2 · Webhook or API
Configure LOS Trigger — Webhook or REST API Call
Two integration patterns supported. Choose based on your LOS capability:
POST https://api.caibots.com/v1/underwriting/trigger
GET https://api.caibots.com/v1/underwriting/pull/{los_queue_id}
Authorization: Bearer {access_token}
Content-Type: application/json
Webhook pattern recommended for real-time decisioning (nCino, Baker Hill)
Pull pattern for batch environments or LOS platforms without webhook support
All traffic over TLS 1.3 minimum · Mutual TLS available for high-security environments
Step 3 · Field Mapping
Application Data Field Mapping Required
Map your LOS application fields to the CAIBots standardized schema. Field mapping configuration is YAML-based and maintained in the CAIBots admin portal. Required fields by loan type are pre-defined.
loan_type: consumer_heloc
borrower_ssn: los_field:applicant.ssn_masked
loan_amount: los_field:loan.requested_amount
property_address: los_field:collateral.address_full
annual_income: los_field:applicant.income_verified
loan_purpose: los_field:loan.purpose_code
CAIBots provides pre-built mapping templates for nCino, Finastra, and Baker Hill
Custom field mapping validated by CSE before production activation
SSN transmitted as masked (last 4) — full SSN never leaves institution boundary
Step 4 · Write-Back
Decision Write-Back to LOS Required
CAIBots writes the decision package back to your LOS automatically upon pipeline completion. Configure write-back endpoint and field targets in the admin portal.
Decision (Auto-Approve / Auto-Decline / Route-to-Officer) written to loan status field
Risk grade (1–10) written to risk rating field
Credit memo attached as PDF to document management system
Reg B adverse action notice queued in notice management system
Exception log written to exception tracking fields
Audit log reference ID stored in LOS for examiner cross-reference
MCO (Tri-Merge Bureau)
API · Bureau
Institution must have existing MCO relationship. Share permissible purpose code with CAIBots. Institution's API credentials stored in institution vault — never in CAIBots systems.
SBA SBSS Score
API · SBA
SBA lender credentials required. SBSS pull authorized by SBA 7(a) approval authority. CAIBots configures SBSS threshold at onboarding (default: ≥155 eligible).
CoreLogic AVM
API · Property
CoreLogic Direct API subscription required. Institution credentials vaulted. Confidence interval minimum configurable (default: ≥75%). Low-confidence routes to manual appraisal flag.
ATTOM Data Solutions
API · Property
ATTOM API subscription required. Provides deed, tax, and distress data supplementing AVM. No institution-specific credential linkage required — CAIBots platform subscription.
CoStar Group
API · CRE
CoStar institutional subscription or CAIBots platform access available. Required for CRE&I loan types. Institution may use existing CoStar relationship credentials.
GSFA / EDGAR / Finity
RAG · Financial
EDGAR is public API — no credentials required. GSFA and Finity accessed via CAIBots platform credentials. Institution uploads financial documents to secure document ingestion endpoint.
IRS 4506-C
API · IRS
Institution must be authorized IRS Income Verification Express Service (IVES) participant. Borrower consent captured at application. CAIBots submits request via institution's IVES credentials.
D&B Paydex
API · Commercial
D&B Direct+ API subscription required for commercial scoring. DUNS verification automated. Institution credentials vaulted.
Credential Security Architecture
All institution API credentials are stored in the institution's own secrets manager infrastructure. CAIBots implements a token-passing architecture at runtime — credentials are fetched from the institution's vault at execution time and never persisted in CAIBots systems. Full credential flow documentation available in the Security Architecture Supplement.
Credit Policy Matrix Upload
The credit policy matrix is uploaded via the CAIBots Admin Portal in Excel or PDF format. CAIBots parses the policy into a machine-readable rule set during onboarding. Policy versioning maintained — all decisions reference specific policy version at time of decision.
Policy matrix should include: FICO/score minimums by loan type, LTV/LTC maximums, DSCR minimums, concentration limits, maximum loan amounts by tier, and exception approval authority levels
Separate policy books supported by business unit (Community Banking, Commercial RE, SBA, etc.)
Policy updates processed within 24 hours — prior decisions not retroactively re-scored
Policy change audit log maintained for examiner review
HITL Threshold Configuration
HITL (Human-in-the-Loop) gates are configured during onboarding based on your institution's risk appetite and delegated authority framework. Default thresholds provided — customizable during Phase 1 calibration workshop.
hitl_triggers:
policy_exception_any: true
risk_grade_threshold: 6
loan_amount_consumer: 150000
all_commercial_loans: true
fair_lending_flag: true
covenant_breach: true
CAIBots Provides (Model Documentation Package)
Model Development Documentation (MDD) — agent architecture, training data sources, decision logic
Conceptual Soundness Analysis — agent design rationale and regulatory basis
Ongoing Monitoring Plan — KPI dashboard, drift detection, performance metrics
Backtesting Results — shadow-mode accuracy vs manual underwriting on 500+ historical applications
Limitation Documentation — known boundaries, out-of-scope scenarios, edge cases
Parallel Run Comparison Report (generated during Phase 1–2 pilot)
Institution MRM Validation Steps
MRM Review
Review Model Development Documentation
MRM Officer reviews CAIBots-provided MDD. Validates conceptual soundness of agent design. Documents findings in institution's model risk register. Target: 5 business days.
Independent Testing
Independent Validation Testing (25-application Sample)
MRM or designated validator runs 25 historical applications through the CAIBots sandbox. Compares agent outputs to manual underwriter decisions. Documents concordance rate and material differences.
Sign-Off
MRM Validation Report & Sign-Off
MRM documents validation findings, conditions (if any), and issues conditional or unconditional approval. Approval required before production key issuance. Ongoing monitoring requirements documented.
Test Case
Category
Pass Criteria
Consumer HELOC Auto-Approval
Auto-Decision
Agent pipeline completes in ≤5s. Auto-approve decision with ECOA clear and LOS write-back confirmed. Reg B notice not required — approval notice generated.
Consumer HELOC Decline (Score Fail)
Auto-Decision
Auto-decline routed correctly. Reg B notice generated with FCRA reason codes within 2 business days. LOS status updated to Declined.
SBA 7(a) — Officer Workbench Routing
Commercial
Pipeline routes to Credit Officer Workbench (never auto-decision). Workbench displays full credit memo, SBSS score, financial spread, risk grade, and SBA eligibility status.
CRE&I — Collateral Valuation
Commercial
CoStar AVM or appraisal comparison displayed. LTV calculated against policy maximum. Low-confidence AVM (below 75%) triggers manual appraisal flag in workbench.
Policy Exception — HITL Required
HITL Gate
Any application with identified policy exception routes to Credit Officer Workbench with exception highlighted, severity score displayed, and justification prompt surfaced.
Fair Lending Flag — Dual Routing
Compliance
Fair lending signal triggers simultaneous notification to Credit Officer AND Fair Lending Officer. Neither can approve without the other's sign-off captured in audit log.
DSCR Alert — Portfolio Monitoring
Portfolio
DSCR deterioration below threshold generates watchlist alert in LOS. Covenant breach generates HITL action item with remediation workflow prompt. Portfolio officer notified.
Maturity Renewal — Annual Review
Renewal
Updated financial spread generated from new documents. Risk grade migration displayed. Renewal credit memo assembled with prior-year comparison. Officer workbench surfaces for approval.
SR 11-7 Audit Log Export
Governance
Full audit log exportable in CSV/PDF for any date range. Includes agent execution sequence, data sources queried, decision rationale, and officer actions. Examiner-ready format confirmed.
LOS Bi-Directional Round-Trip
Integration
Application data received from LOS, processed, and decision written back to correct LOS fields within 5 seconds of pipeline completion. Field mapping validated for all required fields.
UAT Sign-Off Threshold
Production authorization requires: (1) All 10 UAT test cases pass with zero critical failures; (2) ≥90% user satisfaction score from Credit Officer UAT cohort (minimum 5 officers); (3) IT LOS integration validation confirmed by IT Lead; (4) Fair Lending Officer sign-off on compliance test cases. UAT results documented in the Phase 2 gate report submitted to MRM and CRO.
CAIBots Agent Runtime
Cloud / SaaS
Hosted in CAIBots cloud (AWS us-east-1 primary, us-west-2 DR). No on-prem agent runtime required. SOC 2 Type II certified. TLS 1.3 in transit · AES-256 at rest.
Institution Secrets Manager
Institution
AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault required for API credential storage. CAIBots does not store institution API keys.
LOS Integration Layer
Institution / DMZ
Lightweight REST adapter deployed in institution DMZ or LOS environment. Handles webhook/pull connectivity. No inbound firewall rules required — outbound HTTPS only.
Document Ingestion Endpoint
Institution / S3
Secure S3-compatible document drop for financial statement upload. Institution-controlled bucket with CAIBots read-only cross-account access. Documents deleted after 30-day retention period.
Credit Officer Workbench
Browser / SaaS
Web-based. No install required. Supports Chrome, Edge, Safari. SSO/SAML 2.0 integration available (Okta, Azure AD, Ping). MFA enforced for all users.