Create loan application — process financing requests digitally

A loan application without pre-qualification consumes time on both sides. The applicant fills out a long form, the bank checks comprehensively — and in the end it turns out that the income does not support the required installment. Therefore build a lean pre-screening at the start. Three fields often suffice: desired amount, term and monthly net income. From this the calculation engine computes a rough affordability (debt service ratio) and gives the user an honest assessment immediately.

The pre-qualification does not replace a credit check — it filters out obviously hopeless inquiries and wastes no time. Anyone who passes the pre-check enters the detailed application. Anyone who does not pass receives constructive feedback: lower amount, longer term or alternative financing forms. This transparency is appreciated by the market and differentiates you from providers who send every application through the back office. Keep the pre-check explicitly marked as a non-binding indication so that no expectation of a loan commitment arises.

Every loan application usually leads to a SCHUFA inquiry by the bank. There are two variants: the SCHUFA inquiry "conditions inquiry", which is scoring-neutral, and the "loan inquiry", which flows into the SCHUFA score. Consumers often do not know this and are then surprised when the score has dropped. Clarify this actively in the form — a clear note before sending the detailed inquiry creates trust and avoids later complaints.

Formulate the notice understandably: "We check your credit standing at SCHUFA. This inquiry is made as a ‘conditions inquiry’ and does not affect your SCHUFA score. Only with a concrete contract conclusion does a ‘loan inquiry’ take place, which flows into the score." You obtain consent for this with a separate checkbox. Anyone who does not check this cannot submit an application — the SCHUFA inquiry is part of the contract initiation. Store the consent with timestamp in the audit log so that you can prove it later.

Financial data is not a special category under Art. 9 GDPR, but it is among the most sensitive personal data of all. From bank statements, life habits, political donation practices, illnesses and much more can be derived. Therefore treat this data with the same care as health data: exclusive storage in the EU, encryption in transit and at rest, strict access control.

Minimize the collected fields. You need income, expenses, existing liabilities and possibly assets — no complete life biography. If you request bank statements via upload, actively point out that non-relevant items may be redacted. An alternative is digital account access via a licensed account information service under PSD2 — here the data runs encrypted and filtered, which reduces the GDPR effort. Define a deletion period after contract end; for rejected applications six months are sufficient, for concluded contracts the statutory retention period plus an appropriate buffer.

The loan inquiry via your form is only the front end. On the back end, the application must be handed over to the core banking system or the platform of your refinancing partner — reverse collection, loan origination system or association API. Most banking systems offer interfaces that are documented to varying degrees. Stick to official standards, such as the GBIC or ISO20022 data set, and avoid proprietary mappings that are difficult to maintain later.

If no native interface exists, use a webhook into a receiver that transforms the data appropriately and then hands it over to the backend. Do not build a native integration that does not exist — a generic webhook with a clearly defined JSON schema is more transparent than a supposedly seamless connector. Pay attention to idempotency: in case of repeated handover (e.g. after network errors), the application must not be created twice. A unique application ID in the header and a dedup mechanism in the receiver solve this cleanly. Log every handover with timestamp and status so that in case of complaints you can prove the path completely.