There's a moment in every technology cycle when the infrastructure catches up to the ambition. 

The AI agents everyone has been talking about for the past two years; the ones that were supposed to automatically pull a borrower's bank statements, run a credit check, flag fraud signals, and generate an offer letter while the customer is still filling out the form; those agents couldn't actually do any of that, not reliably. Every connection had to be hand-coded, every data source required a separate integration, and every time a model was updated, something broke. The ambition was real but the plumbing wasn't. 

That changed in November 2024, when Anthropic released an open standard called Model Context Protocol. MCP is, at its most basic, a universal interface for AI. Think of it the way you think of USB-C: one port, any device. Before USB-C, every gadget had its own connector. Before MCP, every AI integration had its own custom code. MCP ends that fragmentation. Any AI model, any data source -- one standardized connection. 

In twelve months, it went from a small open-source experiment to what is now the de facto standard for connecting AI to enterprise systems. The lending industry is just beginning to understand what that means. 

The old problem, stated plainly 

Here is what AI in lending actually looked like before MCP. 

A lender wants to build an agent that can assess a loan application in real time. The agent needs to read bank statements, query a credit bureau, check GST returns, cross-reference fraud signals, and pull the borrower's repayment history from the LMS. Each of those data sources lives behind a different API, authentication system, and schema. Someone has to write the glue code, then maintain it and then rewrite it every time any of those systems change. 

Financial services firms were spending an average of $1.2 million annually on custom API integrations for AI systems. And that wasn't buying them real intelligence but was rather just duct tape. Expensive, fragile duct tape that snapped every time a vendor updated their API. 

The result was that most "AI in lending" was AI in the narrow sense, a model sitting at the edge, doing something cosmetic like summarizing a document or auto-filling a form. The actual decision-making, the orchestration, the real-time data retrieval, that still happened through manual steps and legacy logic. Lenders ended up with isolated wins without a connected systems. 

What MCP actually is 

MCP works through a client-server model. The AI agent is the client. Every data source or tool, a credit bureau, a bank statement analyzer, an LMS, a fraud database; becomes an MCP server. The protocol standardizes how the agent calls these servers, what data comes back, and how access is controlled. 

Three things make this particularly important for lenders. 

Function calling with access control: MCP standardizes API metadata, schemas, parameters, authentication; into a format that language models understand natively. The agent can call the right tool at the right time without someone hard coding that decision in advance. New data sources can be added without retraining the model. 

Memory lifecycle and scoped context: Each agent operates only with the context it needs. No data leakage or compliance gaps. The agent processing a loan application sees exactly what it needs to see for that application, nothing more. 

Prompt and model management: Prompts are version-controlled and governed. No  hard coded instructions buried in application code that drift or hallucinate. 

When correctly implemented across the enterprise, MCP allows IT and AI teams to declaratively connect models to data, tools, and memory without writing glue code. Risk and compliance teams can leverage built-in logging, access control, and audit trails for every model interaction. 

The lending use cases that matter 

Loan origination - the obvious one, done right 

A borrower applies for a business loan. The moment they submit, an MCP-governed agent wakes up --> It calls a Bank Statement Analysis and AA to pull six months of bank statements --> It queries the credit bureau. It checks GST return data -->  it runs a fraud signal check --> It generates a credit assessment with explainability; which factors drove the score, what the promoters and detractors were, what questions a credit officer should ask. 

All of this happens in sequence, with proper authentication, logged at every step, before a human reviewer sees the file. The reviewer opens the case with context already assembled. They're not starting from scratch, instead they're making a judgment call with a full picture in front of them. 

Collections and portfolio monitoring 

A collections agent needs to decide how to treat a borrower who has missed two EMIs. It needs current account balance data, the borrower's repayment history, any recent change in income, and the lender's collections policy. Previously, a collections officer pulled this from four different screens and made a judgment call. Now, an MCP-governed agent assembles the full picture and recommends an action, restructuring, a call, a payment link, with the reasoning visible. 

Fraud detection, real-time, not rule-based 

Rule-based fraud detection is a game of catch-up. Fraud patterns evolve faster than rule sets. What MCP enables is AI that can query transaction patterns, behavioral signals, device fingerprints, and historical fraud cases simultaneously, not in a batch overnight, but in real time, at the point of application. 

AI-powered compliance systems reduce false positives by 50-70%, and fraud detection improves 3x faster than rule-based systems. For lenders where fraud-driven NPA is a material problem, that is not a marginal improvement. It changes the economics of the book. 

The India-specific context 

India's lending stack has a structural advantage here that most markets don't. 

The Account Aggregator framework, BSA, GSTN, and the OCEN protocol have created a set of consented, structured financial data pipes that most other countries are still trying to build. An MCP server sitting on top of a BSA can give an AI agent real-time access to a borrower's transaction history, income patterns, and cash flow behavior, with full consent, in a structured format, with audit logs. 

RBI's Co-Lending Directions 2025, which came into force from January 2026, expanded the scope of co-lending arrangements significantly, now covering all NBFCs and commercial banks, with mandatory irrevocable commitments and comprehensive disclosure requirements. This creates a more complex data-sharing and credit decisioning environment. Multiple lenders, shared risk, blended rates, and a single customer interface. That is precisely the kind of multi-source, multi-party orchestration problem that MCP was designed to solve. 

An agent that can simultaneously query the bank partner's credit policy, the NBFC's LMS, and the borrower's consented financial data, and assemble a co-lending decision with the right sharing ratio, compliant KFS disclosure, and risk documentation, is what MCP makes buildable today. 

The governance question 

Every CTO and CRO who has read this far is now thinking about the same thing: what happens when the agent does something wrong? 

A centralized failure in MCP configuration can cause errors across multiple workflows. Over-centralization of privileges poses another threat, where a single privileged user could unintentionally disrupt essential AI functions such as fraud detection. Rapid change of MCP components can lead to specification drift, causing failures in dependent agents due to uncoordinated schema changes. 

These are real risks. MCP doesn't eliminate them, but makes them manageable, which is different. 

The control mechanisms are specific. Access is scoped per agent, per use case. Every tool call is logged and human escalation is built into the workflow for edge cases. Also, schema versions are tracked. The agent that assesses a loan application cannot, by design, modify a customer record or override a compliance control. The permissions architecture needs to be made structural, not behavioral. 

For Indian lenders operating under RBI's model risk management expectations, the audit trail that MCP produces by default is exactly what a regulatory examination requires. Every data access, timestamped. Every decision, traceable. Every exception, logged. 

What changes for credit teams 

The shift MCP enables is not automation for its own sake. It is about what credit officers, collections teams, and risk managers actually spend their time on. 

Today, a significant fraction of a credit analyst's day is assembly work: pulling data from different systems, formatting it, reconciling inconsistencies, preparing a credit note. MCP-connected agents do that assembly. The analyst opens a file with the work already done. Their judgment, the part that requires experience, context, and human accountability, is applied to a decision, not to data retrieval. 

This matters more in the Indian NBFC context than almost anywhere else. The NBFC retail credit portfolio expanded at a CAGR of 23% during FY23-FY24, with retail assets now constituting 58% of total NBFC lending. That volume of applications, with the underwriting complexity that retail lending requires, cannot be processed through manual assembly. 

The question worth asking 

Here is what I keep thinking about. 

MCP is a protocol. Protocols are neutral. The question is always what gets built on top of them. 

The USB-C analogy is useful up to a point. USB-C enabled genuine convenience but it also enabled a lot of cheap cables that break in six months. The protocol doesn't guarantee quality but just interoperability. 

In lending, interoperability without governance is its own risk. An agent that can connect to everything can also make mistakes at scale. The institutions that get this right will be the ones that treat MCP as infrastructure, the same way they treat their core banking system, with proper change management, schema controls, testing protocols, and human oversight at the points that matter. 

One last thing 

There is a version of this story where MCP is a developer tool. A way to save engineering hours. A technical curiosity that the credit team doesn't need to understand. 

That version is wrong. 

MCP changes what is possible in loan origination, underwriting, collections, and fraud detection. It changes how credit data is assembled, how decisions are documented, and how AI is governed inside a lending institution. That is a business decision, not a technical one. 

The credit leaders, CROs, and business heads who understand this early will have a meaningful head start, not because they will deploy faster, but because they will deploy with more discipline. They will know what questions to ask, where the risks are and what "governed AI" actually means in practice, rather than in a slide deck. 

And that is the real advantage.  

Until next time,

Srijan
Co-founder
FinBox