Saudi Arabia (KSA)
12 weeks to SAMA-compliant MVP
A rising fintech startup in Saudi Arabia approached Coderfy with a critical mission: build a fully digital, multi-vendor marketplace for personal lending.
However, building commercial loan origination software isn’t just about a beautiful mobile app. The real challenge was engineering a backend infrastructure that could pass the rigorous Minimum Viable Controls (MVC) and cybersecurity audits of the Saudi Central Bank (SAMA). The client needed an architecture capable of processing real-time API calls to national databases, guaranteeing data privacy, preventing internal fraud, and calculating dynamic credit scores on the fly.
We didn’t build a standard website; we built a secure financial vault. Operating on a “Half the price, faster twice” methodology, we deployed a cloud-based loan origination system using Google Cloud (GCP) and Terraform scripts for scalable, automated infrastructure.
To ensure enterprise-grade security and pass the SAMA audit, our Node.js/PostgreSQL architecture includes:
A mandatory dual-approval logic in the Super-Admin Panel. "Makers" initiate loan approvals, and "Checkers" verify them, eliminating the risk of internal fraud.
Advanced session control that restricts account access exclusively to trusted devices. The system tracks the Device ID, OS, and Model, limiting users to a maximum of 3 verified devices (secured via OTP). Unrecognized logins instantly trigger a 412 Precondition Failed protocol, forcing reverification.
Tracking and recording every action taken by administrators and borrowers. Our system logs user-agents, IP addresses, request/response bodies, headers, and execution times for strict compliance reporting.
The true power of this white label fintech platform lies in its automated decision engine. We seamlessly integrated complex third-party services to eliminate manual underwriting:
Deep API integration with the national Nafath service. The system generates unique transaction IDs and securely handles asynchronous callback webhooks to verify user identities instantly.
We developed an automated engine that pulls live salary certificates and credit data from the SIMAH bureau. The software calculates the borrower’s Debt Burden Ratio (DBR) and evaluates them against specific provider criteria (e.g., min_salary: 10000, max_dbr_rate: 65%, min_simah_score: 350).
Automated global AML background checks trigger instantly when a loan request is submitted. If a user is flagged, the system assigns a needs_check status, pausing the application for manual admin review.
We spent thousands of engineering hours perfecting this SAMA-compliant architecture. If you are a bank, credit union, or startup looking for reliable loan origination software, you don’t need to reinvent the wheel.
The real challenge wasn’t just building a loan application form. It was engineering a banking-grade vault that feels like a modern startup app. We had to ensure the architecture could pass the Saudi Central Bank’s (SAMA) strict Minimum Viable Controls while processing National ID (Nafath) callbacks and SIMAH credit scores in milliseconds. This project proves that with the right microservices architecture, you don’t have to sacrifice speed for security.”
Technical insights into how we engineered this SAMA-compliant lending platform.
Have a question about pricing?
By utilizing our pre-engineered backend modules for core banking functions, we delivered the MVP with full SAMA compliance readiness in just under 12 weeks — saving the client months of from-scratch development.
We implemented mandatory Maker-Checker workflows, immutable audit logs, and Device Registration logic that restricts account access strictly to verified devices via OTP. Every request body, IP address, and execution time is logged for the regulator’s audit trail.
Yes. The system includes custom API wrappers designed to communicate with SIMAH — pulling real-time salary certificates and credit scores — alongside Nafath for instant biometric KYC verification via asynchronous callback webhooks.
Absolutely. Unlike renting a SaaS platform, this is a custom software development model. You receive 100% intellectual property (IP) ownership and the complete source code upon project completion.
Jumping straight into coding based on a rough estimate leads to scope creep and wasted money. Before you invest tens of thousands of dollars, invest in certainty.
In just 2 weeks, our Business Analysts and CTO will provide you with a ready-to-use Request for Proposal (RFP) document, including:
You can use this technical blueprint to build with us, or take it to any other agency. Start the smart way.
Building a resilient digital lending platform requires more than writing code — it demands highly specialized custom fintech software development. As financial regulations tighten globally, off-the-shelf SaaS products consistently fail to meet the security requirements of central banks and financial regulators.
Ukraine (Kyiv)
4 months