How to Build a underwriting Agent Using CrewAI in TypeScript for fintech

An underwriting agent automates the first pass on a loan, card, or SME financing application by collecting applicant data, checking policy rules, scoring risk, and producing a decision memo for a human underwriter. For fintech, this matters because it reduces turnaround time without removing control: you still need compliance checks, audit trails, and explainable outputs before any credit decision is made.

Architecture

• •

  Applicant intake layer

  • •Normalizes application payloads from API, web form, or broker feed.
  • •Validates required fields like income, business age, jurisdiction, and consent flags.
• •

  Policy retrieval tool

  • •Pulls underwriting rules from a controlled source of truth.
  • •Keeps product-specific thresholds out of prompt text and inside versioned policy docs.
• •

  Risk analysis agent

  • •Evaluates affordability, fraud signals, debt burden, and missing-document risk.
  • •Produces structured reasoning that can be audited later.
• •

  Compliance reviewer agent

  • •Checks KYC/AML flags, sanctions hits, data residency constraints, and adverse-action requirements.
  • •Ensures the final output is aligned with regulated lending workflows.
• •

  Decision orchestrator

  • •Combines agent outputs into approve / refer / decline / request-more-info.
  • •Enforces deterministic business rules before anything reaches production systems.

Implementation

1) Install CrewAI for TypeScript and define your domain model

Use the TypeScript package exposed by CrewAI and keep your underwriting payload typed. In fintech systems, typed inputs matter because you want predictable validation before the LLM sees anything sensitive.

import { Agent, Task, Crew } from "crewai";

type UnderwritingApplication = {
  applicantId: string;
  legalName: string;
  country: string;
  annualIncome: number;
  monthlyDebtPayments: number;
  requestedAmount: number;
  businessAgeMonths?: number;
  consentToProcessData: boolean;
};

const application: UnderwritingApplication = {
  applicantId: "app_123",
  legalName: "Acme Trading Ltd",
  country: "KE",
  annualIncome: 120000,
  monthlyDebtPayments: 1800,
  requestedAmount: 15000,
  businessAgeMonths: 18,
  consentToProcessData: true,
};

2) Create agents with narrow responsibilities

Do not build one giant “underwriting brain.” Split the work so each agent has a single job and can be tested independently. That gives you better auditability and easier prompt/version control.

const riskAgent = new Agent({
  role: "Credit Risk Analyst",
  goal: "Assess affordability and repayment risk using the provided application data",
  backstory:
    "You are a conservative credit analyst working for a regulated fintech lender.",
});

const complianceAgent = new Agent({
  role: "Compliance Reviewer",
  goal: "Check KYC/AML, consent, data residency, and adverse action requirements",
  backstory:
    "You review lending decisions under strict financial services compliance rules.",
});

const decisionAgent = new Agent({
  role: "Underwriting Decision Maker",
  goal: "Combine risk and compliance findings into a final recommendation",
});

3) Define tasks with explicit outputs

Use Task objects to force structured work. For underwriting, the output should be machine-readable enough to store in an audit log and render in an internal console.

const riskTask = new Task({
  description: `
Review this underwriting application:
${JSON.stringify(application)}

Calculate:
- debt-to-income ratio
- key risk flags
- recommendation with rationale
Return concise bullet points.
`,
  expectedOutput:
    "A concise risk summary with DTI calculation, flags, and recommendation.",
});

const complianceTask = new Task({
  description: `
Review this application for compliance issues:
${JSON.stringify(application)}

Check:
- consent present
- jurisdiction handling
- whether any sensitive data should be excluded from model context
- whether this case needs manual review
Return concise bullet points.
`,
  expectedOutput:
    "A compliance summary with issues found and escalation guidance.",
});

const decisionTask = new Task({
  description: `
Use the prior analyses to produce one final underwriting outcome:
approve | refer | decline | request_more_info

Include:
- outcome
- reason codes
- short explanation suitable for an audit log
`,
});

4) Run the crew and persist the result

This is where CrewAI’s orchestration comes together. In production you would also write the raw output to immutable storage with request metadata, model version, prompt version, and policy version.

async function runUnderwriting() {
    const crew = new Crew({
      agents: [riskAgent, complianceAgent, decisionAgent],
      tasks: [riskTask, complianceTask, decisionTask],
      verbose: true,
    });

    const result = await crew.kickoff();

    console.log("Underwriting result:");
    console.log(result);
}

runUnderwriting().catch((error) => {
    console.error("Underwriting workflow failed:", error);
    process.exit(1);
});

Production Considerations

• •

  Keep regulated data out of prompts unless necessary

  • •Minimize PII exposure.
  • •Mask account numbers, national IDs, salary slips, and bank statement lines before sending context to the model.
• •

  Pin residency by environment

  • •If your lending policy requires local processing or regional storage, keep prompts, logs, embeddings, and traces in-region.
  • •Do not let observability tooling silently replicate data across jurisdictions.
• •

  Add deterministic guardrails after the model

  • •The LLM can recommend; your rules engine should decide whether a loan is actually approvable.
  • •Hard-stop on missing consent, sanctions matches, or policy violations regardless of model confidence.
• •

  Log for auditability

  • •Store input hash, prompt version, agent versions, output text, decision code, timestamp, and operator override.
  • •In lending disputes you need to reconstruct why a case was referred or declined.

Common Pitfalls

• •

  Using one agent for everything

  • •This makes the system harder to test and easier to break.
  • •Split risk analysis from compliance review so each task has one clear responsibility.
• •

  Letting the model make final credit decisions without rules

  • •That creates inconsistency and regulatory exposure.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.