DataFab

Car Finance Utility — AutoFab

Version: 1.0 Last Updated: May 2026 Reference Implementation: AutoFab

Component Overview

The Car Finance utility is a motor finance remediation application built on the DataFab core framework. It supports the end-to-end remediation lifecycle of motor finance claims under the FCA Motor Finance Scheme — from data ingestion and population building, through cohorting, scheme testing, redress calculation, customer outreach, payment validation, and case closure with a complete audit trail.

The flagship deployment of this utility is AutoFab — a standalone instance in a private cloud that supports execution services. The Car Finance utility is structured so that the same capabilities can be reused for other motor-finance remediation engagements with different banks, schemes, and integration points.

Capabilities:

Capability Description
Population Build Entity-resolved population of customers, agreements, vehicles, dealers in scope for remediation
Cohorting Rule-based segmentation of the population into scheme-relevant cohorts with scoring rationale
Scheme Testing Deterministic DDA pipelines that apply FCA Scheme rules to determine eligibility per case
Redress Calculation Deterministic calculation pipelines applying scheme-specific redress formulae with full audit trail
Customer Outreach Outbound customer engagement via Amazon Connect with portal access and communication logging
Straight-Through Processing Automated case progression for clear cases; manual review path for cases requiring engagement
Payment Validation Per-case validation and payment-file generation for delivery to the bank
Case Closure Closure workflow, CRM write-back, immutable audit trail per case
Analyst Dialog Playbook-driven dialog exposing case lookup, decision explanation, rule deep dives
Regulatory Audit Support Decision traceability, rule transparency, lineage from source field to final output

Architecture Overview

┌──────────────────────────────────────────────────────────────────────┐
│                CAR FINANCE UTILITY (AutoFab Reference)               │
├──────────────────────────────────────────────────────────────────────┤
│                                                                      │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │                    DATA SOURCES (Bank-side)                    │  │
│  │  Customer Records │ Loan Agreements │ Payment Histories        │  │
│  │  Vehicle Data │ Dealer Data                                    │  │
│  │  Connected via VPN tunnel / Private Link                       │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 1   KNOWLEDGE FABRIC                                    │  │
│  │            MCP Connectors → Discovery → Schema Mapping →       │  │
│  │            Data Quality Validation                             │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 2   POPULATION BUILD                                    │  │
│  │            Entity Resolution → Knowledge Graph                 │  │
│  │            Customer → Loan → Vehicle → Dealer relationships    │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 3   COHORTING (Graph Operations)                        │  │
│  │            Rule Engine → Cohort Assignment → Document Store    │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 4   SCHEME TESTING (Studio DDA Pipelines)               │  │
│  │            Deterministic eligibility tests → Calculated flags  │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 5   REDRESS CALCULATION (Studio DDA Pipelines + HITL)   │  │
│  │            Scheme formulae → Calculated amounts → Audit trail  │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 6   STP / PORTAL / OUTREACH (Chain of Agents)           │  │
│  │            Auto-progress clear cases │ Amazon Connect outreach │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 7   PAYMENT VALIDATION (Studio DDA Pipelines)           │  │
│  │            Validate completeness → Generate payment file       │  │
│  │            Encrypted SFTP delivery to bank                     │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │  Stage 8   CLOSURE & AUDIT (Graph Operations + Knowledge       │  │
│  │            Fabric Write-back)                                  │  │
│  │            Close case │ Update bank CRM │ Compile audit trail  │  │
│  └────────────────────────────────────────────────────────────────┘  │
│                              │                                       │
│  ┌────────────────────────────────────────────────────────────────┐  │
│  │           ANALYST DIALOG (Playbook)                            │  │
│  │  list_cases │ explain_decision │ rule_deep_dive │ outreach     │  │
│  │  payment_status │ audit_trail                                  │  │
│  └────────────────────────────────────────────────────────────────┘  │
└──────────────────────────────────────────────────────────────────────┘

The utility uses Studio’s Chain of Agents rather than Graph Operations DAG Rules as its primary orchestration: the remediation lifecycle is naturally a sequence of stages with explicit Human-in-the-Loop gates (e.g., redress calculation approval) and integration boundaries (Amazon Connect, payment delivery, CRM write-back). The Graph Operations Rule Engine is used inside Stage 3 (Cohorting) for cohort assignment scoring.

Domain and Schemas

Entity Description
Customer The motor-finance customer / claimant
Loan Agreement The motor finance agreement under remediation
Vehicle The financed vehicle
Dealer The motor dealer that originated the agreement
Cohort A scheme-relevant segment with shared eligibility characteristics
Case A claim record progressing through the remediation lifecycle
Decision An eligibility, redress, or closure decision against a case
Payment File Per-case validated redress amounts packaged for delivery to the bank
AnalysisRecord Persisted result of a chain or DDA pipeline run
Relationship Description
HOLDS Customer → Loan Agreement
FINANCES Loan Agreement → Vehicle
ORIGINATED_BY Loan Agreement → Dealer
ASSIGNED_TO_COHORT Case → Cohort
DECISION_ON Decision → Case
PAYMENT_FOR Payment File entry → Case

Schemas are managed by the Schema Registry. All extraction is schema-bounded — the platform can only extract and process attributes defined in the Car Finance domain schema; bulk replication of bank data is not permitted.

Data Sources

Source Purpose Integration
Bank Databases (Customer Records) Customer identity and contact data MCP Connector via VPN tunnel / Private Link
Bank Databases (Loan Agreements) Agreement terms, dates, parties MCP Connector
Bank Databases (Payment Histories) Historical payments and balances MCP Connector
Bank Databases (Vehicle Data) Vehicle and asset attributes MCP Connector
Bank Databases (Dealer Data) Originating dealer attributes MCP Connector

Connection security (see 02-Architecture: Connectivity, 03-Knowledge-Fabric: MCP Connectors):

Control Implementation
Connection Method MCP Connector via VPN tunnel or Private Link
Protocol JDBC / ODBC over encrypted tunnel
Direction Inbound (read); outbound only for CRM write-back
Credential Storage Encrypted vault (AES-256-GCM) with role-based access
Connection Audit All connection attempts logged with user, timestamp, result
Rotation Credentials rotated every 90 days; on-demand for incident response
Quality Monitoring Availability, latency, error rate, data quality score

Eight-Stage Remediation Lifecycle

The Car Finance utility implements an eight-stage remediation lifecycle. Each stage maps to specific DataFab core components.

Stage 1 — Data Source & Cleanse

Aspect Detail
Objective Connect to bank databases, ingest claims data, validate and cleanse
Core Component 03-Knowledge-Fabric — MCP Connectors, Discovery Service, Data Quality
Processing Automated attribute mapping to the Car Finance schema; PII classification; data-quality validation
Output Cleansed, schema-validated dataset in Knowledge Fabric

Stage 2 — Population Build

Aspect Detail
Objective Build the remediation population — identify all customers and agreements in scope
Core Component 03-Knowledge-Fabric — Entity Resolution, Knowledge Graph
Processing Entity resolution to create golden customer records across multiple source tables; relationship mapping (Customer → Loan → Vehicle → Dealer)
Output Unified population with deduplicated customer records and linked agreements

Stage 3 — Cohorting

Aspect Detail
Objective Segment the population into cohorts based on agreement characteristics and scheme criteria
Core Component 08-Graph-Operations — Rule Engine, Cohort Analysis
Processing Rule-based cohort assignment using defined eligibility criteria; pattern scoring for scheme classification
Output Cohort assignments stored against each case in Document Store with scoring rationale

The cohorting Rule Engine uses the Pattern Scoring Rules defined in 08-Graph-Operations. Rule changes follow Rule Engine governance (role-based editing, version control, multi-party approval, testing, rollback).

Stage 4 — Scheme Testing

Aspect Detail
Objective Apply Scheme rules to determine eligibility and applicable remediation pathway
Core Component 04-Studio — DDA Pipelines (deterministic processing)
Processing Deterministic agent pipelines execute scheme tests against each case; calculated flags stored in Document Store
Output Eligibility determination, scheme classification, and test results per case

DDA pipelines in this stage are deterministic — they do not use probabilistic LLM-driven reasoning for the eligibility decision itself. LLM use is restricted to pre/post-processing tasks (e.g., document understanding) and bounded by schema validation and ontology execution per 05-AI-LLM.

Stage 5 — Redress Calculation

Aspect Detail
Objective Calculate redress amounts for eligible cases
Core Component 04-Studio — DDA Pipelines, Human-in-the-Loop review
Processing Deterministic calculation agents apply scheme-specific redress formulae; results validated and stored
Output Calculated redress amounts with full calculation audit trail

A Human-in-the-Loop gate is enforced on the redress calculation stage by default. Calculation parameters, intermediate values, and final amounts are persisted with the calculation audit trail.

Stage 6 — STP / Portal / Outreach

Aspect Detail
Objective Straight-through processing for clear cases; portal and outreach for cases requiring engagement
Core Component 04-Studio — Chain of Agents, Integration Layer
Integration Point Amazon Connect for customer engagement
Processing STP pipeline for automated case progression; outreach workflows via Amazon Connect
Output Customer communications, portal access, outreach records

Amazon Connect data handling (see AutoFab Document 02, Section 12):

Control Implementation
Data Sent Customer contact details (name, phone) and case reference ID only — no financial data, redress amounts, or loan details
Data Residency Amazon Connect instance in the same UK cloud region as the platform
Recordings Encrypted (AES-256), restricted access
Retention Per engagement retention policy; purged after transfer to platform audit trail

Stage 7 — Payment Validation

Aspect Detail
Objective Validate and process redress payments
Core Component 04-Studio — DDA Pipelines, Integration Layer
Integration Point Encrypted payment-file delivery to the bank
Processing Validation agents verify case completeness and generate detailed payment files
Output Validated payment files per case, ready for bank processing

Payment-file delivery security:

Control Implementation
Transfer Method SFTP over dedicated VPN tunnel
File Encryption AES-256-GCM applied per file before transfer
Integrity HMAC-SHA256 signature transmitted via separate secure channel
Non-Repudiation ECDSA P-256 digital signature with timestamp
Confirmation Bank acknowledgement logged with hash verification
Retention Payment-file events retained 7 years

Stage 8 — Closure & Audit Trail

Aspect Detail
Objective Close cases, update bank CRM, provide full audit trail
Core Component 08-Graph-Operations — Case Management; 03-Knowledge-Fabric — Write-back
Integration Point Bank CRM — updated customer profiles with audit trail and decision rationale
Processing Case closure workflow, audit-trail compilation, CRM update generation
Output Closed cases with complete audit trail; updated bank customer profiles

Integration Points

The utility has four defined integration points with external systems.

# Integration Direction Method Security
1 Bank Databases Inbound MCP Connector (JDBC/ODBC) via VPN / Private Link Encrypted transport, credential vault, read access
2 Amazon Connect Outbound API integration for customer engagement OAuth 2.0, webhook HMAC signatures, HTTPS only
3 Payment File Delivery Outbound Detailed payment file per validated case Encrypted file transfer, HMAC + ECDSA signature, validation
4 Bank CRM Outbound Updated customer profiles, audit trail, decision rationale API integration, mTLS, write-back with audit logging

Internal Data Store

Claim processing data is persisted in the internal Document Store.

Data Type Purpose
Claim Metadata Core claim attributes mapped from source systems
Calculated Flags Scheme-test results, eligibility flags, cohort assignments
Processing Status Current stage, status, timestamps
User Notes Analyst and reviewer notes attached to cases
Redress Calculations Calculation results with full parameter audit trail
Audit Events All actions, decisions, and state changes (immutable log)
Encryption Layer Method
Document Store at rest AES-256-GCM
PII fields Application-layer field-level encryption with separate PII key (180-day rotation)
Financial fields Application-layer field-level encryption with separate financial key (180-day rotation)
In transit TLS 1.3

Decision Outputs

Output Description
Cohort Assignment Cohort label and scoring rationale (Stage 3)
Eligibility Determination Eligible / ineligible with scheme classification and applied rules (Stage 4)
Redress Calculation Calculated amount with full parameter trail (Stage 5)
Outreach Outcome Customer engagement result and communications log (Stage 6)
Payment File Per-case validated payment record (Stage 7)
Closure Decision Closure status with full audit trail (Stage 8)
CRM Write-Back Record Updated bank-side customer profile reference

Decisions are deterministic and reproducible: every decision carries a pointer to the rule version, DDA pipeline version, inputs, intermediate values, and approver (where HITL is engaged).

Dialog Playbook

The Car Finance playbook (see Dialog › Playbook-Based Communication) governs the analyst conversation surface. It is the analyst-facing layer over the case-management workflow.

Intents

Intent Slots Tools Risk Class
list_cases status, cohort, stage, customer, limit get_cases Low
case_status case_id get_case Low
explain_decision case_id, stage chain trace + DDA execution log lookup Medium
rule_deep_dive rule_id get_rule_deep_dive Low
cohort_breakdown cohort_id get_cohort Low
outreach_status case_id get_outreach Low
payment_status case_id get_payment Medium
audit_trail case_id audit log lookup Medium

Tool Catalog (illustrative)

Tool Description
get_cases Filtered list of cases with stage, cohort, status filters
get_case Full case record including stage history and current flags
get_rule_deep_dive Rule metadata, version history, scoring weight
get_cohort Cohort definition, population, and scoring rationale
get_outreach Amazon Connect engagement record for a case
get_payment Payment validation status and file reference

Tools are subject to Tool Authorization; analysts only see tools their role permits.

Persona and Guardrails

Setting Default
Persona Concise, evidence-first; tables and case cards preferred; never fabricates rule outcomes or decisions
Refuse-List No legal advice; no override of redress calculations; no bypass of HITL gates
Escalation Any user request to mutate rules or thresholds is redirected to Rule Engine governance
Memory Turn + session memory retained; cross-session memory off by default

System Self-Awareness

Within Car Finance, Self-Awareness (see Dialog › System Self-Awareness) gives analysts these specific capabilities:

Question Tool / Source
“What rules ran on this case?” DDA execution log + cohorting rule trace
“Why was this customer assigned to cohort X?” Cohort assignment rationale + rule deep dive
“How was redress calculated for this case?” Redress calculation audit trail (Stage 5 parameter trail)
“Has the customer been contacted?” Amazon Connect outreach record
“Is the payment file delivered?” Payment validation + delivery confirmation
“Show me the full audit trail for this case” Closure-stage audit-trail compilation
“Which version of rule X was applied?” Rule version history (Rule Engine governance)

Self-Awareness is read-only; rule, threshold, and pipeline changes go through the Rule Engine and DDA-publish governance workflows.

User Roles

The utility implements role-based access control aligned with the engagement structure (matching the AutoFab reference deployment).

Role Responsibilities Access Level
Analyst Day-to-day case processing, eligibility review, standard analysis Case work, read/write on assigned cases
Senior Analyst Case approval, rule override, quality review Full case access, approval authority
Operations Manager Escalation approval, oversight, reporting Full system access, configuration
Data Coordinator Data intake, initial screening, case creation Create cases, basic screening
Auditor Internal/external audit, compliance review Read-only access to all cases and audit logs
RBAC Capability Matrix Case Work Approve Override Configure Audit
Analyst
Senior Analyst
Operations Manager
Data Coordinator Create only
Auditor Read-only

Authentication: MFA required; password policy minimum 12 characters; idle timeout 15 minutes; absolute session timeout 8 hours; SAML 2.0 SSO supported.

Operational Modes

Given the regulatory nature of remediation, the Car Finance utility runs primarily under Mode 1 (AI-Assisted Manual) and Mode 2 (Routine Automation).

Mode Behavior
1 — AI-Assisted Manual Default for cohort and eligibility decisions during pilot; HITL on every decision
2 — Routine Automation STP for clear cohort assignments and eligibility determinations; HITL on redress calculation
3 — Autonomous with Escalation Closure of clear cases automated; ambiguous cases escalate; HITL on redress calculation retained

Modes 0 and 4 are not used for this utility; redress calculations always retain a HITL gate by default to meet regulatory expectations on fair treatment and decision rationale.

Reference Implementation: AutoFab

Deployment: Standalone single-tenant instance in a private cloud, with limited integration points. Scope: End-to-end remediation lifecycle (Stages 1–8) for motor finance claims.

Aspect AutoFab Detail
Platform Provider DataFab
Deployment Model Customer Cloud Deployment (Private Cloud)
Region UK
Multi-Tenancy Single-tenant, dedicated instance
Integration Scope 4 integration points: Databases (in), Amazon Connect (out), payment-file delivery (out), CRM (out)
Data Residency All claim data and metadata stored within UK region; no cross-border transfer

Vendor (DataFab) access controls in the AutoFab deployment:

Control Implementation
Production Access No standing access; break-glass with client’s approval required
Access Method Time-limited, audited VPN sessions via client-managed jump box
Scope Limitation Application-layer components only; no direct database access
Activity Logging Vendor sessions recorded with full command audit trail
Access Review Quarterly review of vendor access events by client’s security
Data Visibility Vendor personnel cannot view customer PII or financial data; access limited to system configuration and logs with PII redacted

Security Controls

Control Implementation
Tenant Isolation Single-tenant deployment; all case data, audit logs, and traces tenant-scoped
Schema Bounding All extraction and processing constrained by the Car Finance domain schema
Deterministic Execution Eligibility and redress calculation pipelines are deterministic; no probabilistic decision-making in core processing
Field-Level Encryption PII and financial fields encrypted at the application layer with separate keys
Network Segmentation Edge / Application / Data / Management zones (see Architecture)
Inter-Service Authentication mTLS between services; service mesh with zero-trust networking
Credential Vault All integration credentials in encrypted vault (AES-256-GCM); 90-day rotation
HITL Gates Redress calculation requires Senior Analyst approval; HITL gates cannot be bypassed
Rule Governance Cohorting rules and DDA pipelines under role-based editing, version control, multi-party approval, testing, rollback
Audit Logging Every case action, decision, rule execution, integration call, and configuration change logged immutably
Tool Authorization Dialog tools follow 04-Studio Tool Authorization model
Vendor Access No standing production access; break-glass with engagement-host approval

Audit Logging

Event Retention
Case Created 3 years
Case Decision 3 years
Cohort Assignment 3 years
Rule Executed 1 year (3 years for case-processing)
Process / DDA Executed 1 year (3 years for case-processing)
Escalation 3 years
Outreach Initiated 3 years
Call Connected / Customer Response 3 years
Payment File Generated 7 years
Payment File Transferred / Confirmed / Failed 7 years
CRM Write-Back 3 years
Authentication / Authorisation 1 year
Configuration Change 2 years
Compliance Event 7 years
Security Incident 2 years

Logs are stored in immutable tamper-evident storage with PII redaction. Auditor role has read-only access to all cases and audit logs.

Data Subject Rights

Right Process Response Time
Access Automated data export from Knowledge Fabric and Document Store 30 days
Rectification Data update workflow with audit trail 30 days
Erasure Deletion with verification (subject to regulatory retention requirements) 30 days
Portability Standard format export 30 days
Objection Processing review workflow 30 days

Regulatory Mapping

Regulator / Regulation Supported Capability
FCA Motor Finance Scheme End-to-end remediation lifecycle: population, cohorting, scheme testing, redress, outreach, payment, closure with audit trail
FCA — Treating Customers Fairly Consistent rule-based processing applied equally to all cases in scope
UK GDPR / Data Protection Act 2018 Lawful basis (legitimate interest + legal obligation), data subject rights, breach notification, data residency
ICO Breach Notification Triage within 4h, ICO notification within 72h (per UK GDPR Article 33)
EU AI Act Risk classification, transparency, human oversight, technical documentation
SOC 2 Audit trail, change control, access control

Recovery Objectives (Reference Implementation)

Component RPO RTO
Knowledge Graph 1 hour 4 hours
Document Store (Claims Data) 1 hour 4 hours
API Services N/A (stateless) 15 minutes
Credential Vault 1 hour 2 hours
Audit Logs 15 minutes 4 hours

DR testing schedule: monthly backup-restore tests; quarterly failover tests; annual full DR exercise; semi-annual tabletop exercise.

Cross-References