Context
Financial institutions managing credit exposure across many customers face a scaling problem: manual limit reviews are slow and inconsistent, but blanket policies are either too conservative (leaving revenue on the table) or too loose (accumulating risk). The Credit Limit Management System was built to automate limit decisions within institution-defined risk policy, with humans stepping in exactly where judgment adds value.
The challenge
- Translate credit risk policy, an inherently human, judgment-heavy domain, into rules a system can execute consistently.
- Design approval workflows where automated decisions and human overrides coexist without ambiguity about accountability.
- Satisfy the audit standard of a regulated industry: every limit change explainable, attributable, and reversible.
My role
I led requirements definition with the institution's risk and operations stakeholders, specifying the rules engine behavior, limit lifecycle (request, evaluation, approval, adjustment, suspension), and the exception paths where cases escalate to human review. I authored the FSDs with exhaustive acceptance criteria covering boundary conditions, which in credit risk are the entire point: what happens exactly at the threshold matters.
The design principle was simple: the system decides the routine, humans decide the exceptional, and both leave the same audit trail. Risk officers gained capacity for the cases that genuinely needed them, without losing visibility into anything the system decided on its own.
Approach
- Policy-to-rules translation. Worked with risk stakeholders to convert policy documents into explicit, testable decision rules with defined inputs, thresholds, and outcomes.
- Lifecycle-aware states. Specified the full limit lifecycle with guarded transitions, so a limit could never reach an inconsistent state regardless of the sequence of events.
- Escalation design. Defined clear criteria for automated approval versus human review, with SLAs and routing rules for escalated cases.
- Audit-first specification. Required every decision, automated or manual, to record who or what decided, based on which rule version, at what time, with what inputs.