+1 (201) 771-1665 Sales Support 24/7 Engagements active in 5 regions
Case Study

Fintech AI Integration -- RAG + Audit Logging | Cobham Consulting Group

A fintech lender processing 800 loan applications per month needed decision-support tooling that would reduce loan officer review time without introducing hallucination risk into a regulated decision process. SOC 2 Type II compliance required. Six-week timeline from brief to production.

The problem

Loan officers spent an average of 47 minutes per application manually reviewing bank statements, tax documents, and credit reports to extract the data points required for underwriting. The process was consistent but slow. The organization had evaluated three commercial AI tools that failed SOC 2 requirements because they processed documents through third-party inference APIs.

The solution required: fully on-premise inference (no document content leaving the network), retrieval from a document index not a generative model for factual extraction, structured output format that maps to the existing underwriting system, and a complete audit trail of every AI-assisted extraction for regulatory review.

What we built

Document ingestion pipeline: PDFs parsed with Docling, chunked by document section, embedded with a locally hosted Nomic embedding model. Vector store: Qdrant running on the organization's on-premise infrastructure. Retrieval layer: hybrid search (dense plus sparse) with reranking, returning document excerpts with source page citation. Inference: Mistral 7B Instruct quantized to Q4_K_M via vLLM for structured JSON extraction from retrieved context. Audit log: PostgreSQL table with query, retrieved chunks, model output, and loan officer confirmation timestamp -- append-only, retained for 7 years per regulatory requirement.

Outcome

Loan officer review time reduced from 47 minutes to 18 minutes per application. System processes factual extraction only -- underwriting judgment remains with the human. Zero hallucination incidents in 90-day production period (verified against ground-truth document values). SOC 2 Type II audit completed with no findings related to the AI system. Total infrastructure cost for the on-premise deployment: 1,200 dollars per month in server costs, versus 4,800 dollars per month estimated for a compliant commercial alternative.

Common questions

Frequently asked.

How did you ensure the AI system met SOC 2 requirements?
Every data flow was documented before any code was written. The audit log was designed as append-only from day one. Access to the system was controlled via the organization's existing SSO. The SOC 2 auditor reviewed the architecture documentation and found no findings specific to the AI system.
How do you prevent the AI from making underwriting decisions?
The system only extracts and surfaces factual data from documents -- income amounts, payment history, stated liabilities. It does not score, recommend, or approve. The underwriting judgment is performed by the loan officer using AI-extracted data, not AI-generated conclusions.
What happened when the model returned an incorrect extraction?
Incorrect extractions were caught during the 90-day production period by loan officers comparing AI output to source documents. Each error was logged, the retrieved chunks were reviewed, and chunking or retrieval parameters were adjusted. The error rate dropped below 0.5 percent by week 6.
All case studies
Similar problem?

Let us scope your engagement.

30 minutes. We map your situation, tell you which engagement fits, and give you a fixed price before the call ends.

Schedule a call
Direct to a principal · Response under four hours