LendingIQ logo

Use case #0003

Thin-File AI and Financial Inclusion: The Compliance Framework

Financial inclusion is not a regulatory concession — it is a regulatory objective. The MAS / Central Bank's directed lending guidelines, the financial inclusion framework, and the SME guarantee programmes all express a consistent policy intention: that formal credit should reach the underserved, and that the institutions extending it should do so responsibly, transparently, and with appropriate borrower protection. The Thin-File AI is built to satisfy all three requirements simultaneously.

The Regulatory Context for Alternative Data Credit Scoring

The use of alternative data in credit decisioning is not unregulated — but the regulation is enabling rather than restrictive when the practices are sound. The MAS / Central Bank's open banking / SGFinDex framework, launched in 2021 and expanded significantly through 2023 and 2024, is the regulatory infrastructure that makes GST and bank statement data available for credit decisioning with explicit, revocable borrower consent. The GSTN API for lenders provides access to GST filing data with consent from the registered taxpayer. The PDPA / local data protection law 2023 governs the collection, processing, and storage of the personal and financial data that the Thin-File AI uses.

Each of these frameworks creates obligations — on consent collection, data minimisation, purpose limitation, and the borrower's right to explanation of automated decisions — that the Thin-File AI is designed from the ground up to satisfy. Compliance with the financial inclusion regulatory framework is not retrofitted onto the Thin-File AI. It is structural.

"The MAS / Central Bank's financial inclusion mandate and the PDPA / local data protection law's data protection requirements are not in tension. Both point toward the same architecture: consent-based data use, explainable automated decisions, and transparent borrower communication. The Thin-File AI is that architecture."

The Regulatory Framework — Mapped to Thin-File AI Practices

MAS / Central Bank / AA Framework

open banking / SGFinDex Consent Architecture

MAS / Central Bank open banking / SGFinDex Circular 2021 / finance company-AA Directions

All financial data — bank statements, PayNow / PromptPay / DuitNow history, investment accounts — must be accessed through the AA framework with explicit, informed, purpose-specific, revocable borrower consent. The Thin-File AI uses only finance company-AA registered aggregators. Consent is purpose-limited to "credit assessment for this application" and expires on application closure. Borrowers may revoke consent at any stage and withdraw their application.

AA-licenced aggregator integration ✓ Purpose-specific consent collection ✓ Consent revocation pathway available ✓ Consent log maintained per application ✓
GSTN API

GST Data Access via Borrower Consent

GSTN API for Lenders Framework · IT Act 69

GST filing data is accessed via the IRAS lender API infrastructure — which requires the registered GST taxpayer to explicitly authorise access. The Thin-File AI collects this consent during onboarding, accesses only the data types authorised (turnover, filing dates, ITC — not invoice-level data), and does not retain raw GST data beyond the processing period specified in the consent. GSTN data is used solely for credit assessment and not shared with third parties.

GSTN API integration with registered lender credentials ✓ Taxpayer consent obtained before any data pull ✓ Data minimisation — aggregate metrics only retained ✓ Raw data purged post-assessment ✓
PDPA / local data protection law 2023

Automated Decision Transparency and Borrower Rights

PDPA / local data protection law 6, 7, 11 — Automated Processing Obligations

The PDPA / local data protection law requires that when a significant decision about a person is made solely by automated means, the person must be informed and must be able to obtain a meaningful explanation. The Thin-File AI generates a plain-language explanation of every credit decision — approval or rejection — that specifies which data sources were used, which factors drove the outcome, and what the borrower can do to improve their score. Every borrower also has the right to request a human review of the automated decision within 30 days.

Plain-language decision explanation per application ✓ Data sources used disclosed per decision ✓ Actionable improvement guidance for rejections ✓ Human review request pathway — 30-day window ✓
MAS / Central Bank Fair Practices

Anti-Discrimination and Fairness in Alternative Data Scoring

MAS / Central Bank Fair Practices Code · Emerging AI Fairness Guidelines

Alternative data models carry a specific fairness risk: variables that appear neutral may be proxies for protected characteristics. GST turnover is correlated with business sector; PayNow / PromptPay / DuitNow inflow patterns may reflect regional economic cycles; utility payment history may reflect infrastructure availability rather than borrower discipline. The Thin-File AI's fairness audit checks monthly approval rates and score distributions by gender, geography, and religion-adjacent indicators — and flags any statistically significant disparity for model review.

Monthly proxy variable audit ✓ Gender approval rate parity monitored ✓ Geography approval rate benchmark ✓ Disparity escalation to Board Risk Committee ✓
directed lending

directed lending Classification and Regulatory Credit Reporting

MAS / Central Bank directed lending MAS Notice / central bank guideline 2020 / SME Development Act

Thin-file loans to micro and small enterprises typically qualify as directed lending — a significant institutional benefit for finance companies and banks with directed lending targets. The Thin-File AI automatically classifies each application by directed lending eligibility (enterprise category, turnover threshold, borrower gender for the women micro-entrepreneur category) and generates the SME documentation package required for directed lending reporting. This classification is verified against SME Udyam registration data where available.

Auto directed lending classification per application ✓ Udyam registration verification ✓ Women entrepreneur category flag ✓ directed lending reporting package for regulatory submission ✓

The Consent Architecture: How the AI Obtains and Manages Alternative Data Access

1
Consent Disclosure

Borrower Informed of All Data Sources Before Any Pull is Initiated

Before the Thin-File AI initiates any data retrieval, the borrower receives a plain-language disclosure listing every data source that will be accessed, the specific data types (GST turnover and filing dates — not invoice details; bank balance and transaction categories — not full statement; PayNow / PromptPay / DuitNow aggregate inflows — not individual transaction recipients), the purpose (credit assessment for this application only), and the retention period (raw data purged within 48 hours of decision; aggregate metrics retained for model monitoring for 3 years). Consent is granular: the borrower may consent to GST and bank data but decline PayNow / PromptPay / DuitNow, and the AI will work with the available consented data.

2
Consent Collection — Explicit and Recorded

OTP-Based Consent Confirmation — Logged With Timestamp and Application Reference

Consent is confirmed via OTP — the same phone number associated with the GST registration and bank account. This creates a verifiable link between consent and identity. The consent record is stored with the application file: timestamp, OTP confirmation, data sources consented to, data sources declined, and the version of the consent disclosure shown. This record satisfies both the PDPA / local data protection law's explicit consent requirement and the AA framework's consent log obligation.

3
Data Access — Minimised, Purposeful, Time-Limited

Only Consented Data Retrieved · Only Aggregate Metrics Processed · Raw Data Purged

The SGFinDex and IRAS API pull only the specific data types consented to, for the specific time window specified (18 months bank, 8 quarters GST, 12 months PayNow / PromptPay / DuitNow). The raw data is processed within the Thin-File AI's secure environment to compute the 28 aggregated metrics that feed the scoring model. Raw transaction records are not stored after metric computation — only the computed metrics are retained. This is data minimisation in practice: the model needs the signal, not the source records.

4
Decision and Explanation

Every Decision Explained in Plain Language — With the Right to Human Review

Whether the application is approved or rejected, the borrower receives a plain-language explanation identifying the top factors that drove the decision, the specific metrics that were strongest and weakest, and — for rejections — the specific changes that would improve their score (e.g., "Bringing your average bank balance above SGD1.5L and maintaining GST filing regularity for 4 more quarters would lift your Thin-File Score by approximately 35–45 points"). The right to human review is stated in every communication.

The What-If Explanation: Giving Rejected Borrowers a Genuine Path

The most powerful compliance feature in the Thin-File AI's borrower communication is the what-if improvement model. For every rejected application, the AI models the specific, quantified changes the borrower could make to their financial behaviour that would bring their Thin-File Score to the approval threshold. This is not a generic "improve your creditworthiness" message — it is a specific, personalised roadmap.

Rejection Improvement Roadmap — Application TF-2025-2841 (Declined — TFS 612)
GST Filing Regularity
Current: 4 late in 8 quarters
Target: Max 1 late in 8 quarters
→ +28 points (achievable in 12 months)
Bank Balance Average
Current: SGD38,000 avg
Target: SGD80,000+ avg (3 months)
→ +18 points (achievable in 3 months)
PayNow / PromptPay / DuitNow Inflow Consistency
Current: CoV 0.44 (volatile)
Target: CoV below 0.25
→ +12 points (business mix change needed)
GST Turnover Trend
Current: Flat for 4 quarters
Target: Two consecutive growth quarters
→ +16 points (6–12 months)
Combined Impact
Current TFS: 612
Projected TFS: 686 (above 650 threshold)
→ Eligible in 12–18 months
5Regulatory frameworks addressed — AA, GSTN API, PDPA / local data protection law, Fair Practices, directed lending
GranularConsent architecture — per data source, purpose-specific, revocable at any stage
48hrsRaw data purge window — only aggregated metrics retained post-assessment
directed lendingAuto Priority Sector classification — qualifying thin-file loans reported for directed lending targets

Responsible Inclusion Is the Only Sustainable Kind

The lender that extends thin-file credit without a sound consent architecture, explainable decisions, and fairness monitoring is not doing financial inclusion — it is creating a compliance liability and a reputational risk while charging a premium. The Thin-File AI's compliance framework is not the cost of doing inclusion responsibly. It is the structure that makes inclusion sustainable at scale: borrowers who understand their decisions, regulators who can inspect the practices, and a model that continuously checks whether it is treating all borrower populations fairly. Done this way, thin-file lending is not a risk the institution tolerates in pursuit of social impact. It is a soundly governed, regulatorily aligned, commercially viable expansion of the loan book into the market that every other lender has measured incorrectly and therefore missed.

← Back to Thin-File Credit Agent AI