Skip to main content

How AI Is Stopping Lending Fraud: DoxAI's End-to-End Document Verification & Governance

In this episode of Broker Tools, we chat with Alfonso, founder of DoxAI — an enterprise-level business automation partner helping banks, non-bank lenders, and aggregators streamline their lending process using AI. DoxAI's suite of solutions spans fraud detection, AI governance, document processing, and identity verification. This episode is a deep dive into how brokers and lenders can protect themselves from document fraud, build safer lending workflows, and deploy AI responsibly — without compromising client data or compliance obligations.

Podcast Transcript

[00:00] Hi and welcome to Broker Tools, where we unpack the tools, systems, and strategies that help brokers optimize the way they work. I'm Katie, your host, and today we are catching up with Alonso from Doc AI. For those of you who don't know what Docs AI is, it's an enterprise level business automations partner that leverages AI technology to help banks and non-bank lenders as well as aggregators automate their lending process. Part of their solutions include the ability to do fraud checks, AI governance, and document processing and verification. In this episode, we are going to explore how Docs AI protects bankers uh brokers and lenders as well as other finance and property industries from fraud. For organizations looking to build a safer and more secure process in their lending workload, this episode is for you. Alonso, welcome to the podcast. Thank you for having me, Katie. >> You are most welcome. It's been quite a journey because you and I have had several conversations around Docs AI.

[01:04] Um, and I kind of love the details of how it actually works. But before we can go into and talk about the what actually Docsai does, um, can you tell us where did you start? Like how did Docsai even come about? Look, doxi started in 2022. Um, it all started from different types of lenders and, you know, friends that I had into the industry that had the the same similar problems between fraud, uh, collections of documents, management, extraction, and having all of those informations traveling overseas, coming back for the extraction purposes, categorization purposes, and other different types of I would say manual jobs. Okay. Um seeing that I saw an opportunity. I saw something that could be automated, streamlined, kept into the country where we could create IP and informations here. Uh we could maintain a standardized process. We could um you know we could optimize in other ways

[02:07] either than having those informations flying everywhere. uh having a secured environment, having the informations encrypted in transit and during operations, having all the best standards in the industry, a place uh and as well, you know, all of the different products came about by just thinking and thinking of what what is the next problems that a broker or a lender will face. And subsequentially that's why we have all of those different types of services and solutions in a Lego format where the lender or the broker can select each individual each indiv individual pieces that they require and they can connect them together if they need to and optimize those individual processes. >> Yeah. When you say individual processes because obviously the lending um landscape is quite large. what are the key elements because um they're the things that you might have noticed but when when you started docai but people may not be aware that they're actual features to consider. Look during the the beginning of the lending process

[03:13] when we started docai at the start okay it was all about the ingestion of documents and the collection of information that's where all started then now it has evolved into a natural full suite of products so that cover the end to end now in the lending process as everybody knows of course that is listening to this podcast um it it's mainly the origination so the collection piece the verification of the user uh the actual establishment of the financial status, the decisioning, the packaging up those information and sending it to the lender for another verification. Those are the type of processes that we have initially started with Docai. Now Docai does a lot of different types of industries today. It has been almost four years now that we're around. So we have diversified in multiple different processes and industries. But regarding the actual learning process, we do every segment. So the origination component, the actual collection component, the processing, establishing, extracting information, decision, fraud checking,

[04:17] identity verification and then actually the loan management component as well we have as part of our offering. So all of those individual processes. Now what do I mean with the process? When you collect a document, the broker will have to read that document, validate it, extract information, fill under the system, then subsequentially submit it. The lender decides, comes back. All of those steps that are manually with Doc, you can simply just put the document in and the system does everything by itself. Basically, the broker just finds themselves with the whole application executed. So when you're saying it's executed ultimately when a document comes through um you're actually kind of scanning that particular document to decide what that top type of document is the difference between say a uh income statement versus a bank statement um or a driver's license and then you can set up set of rules based on the type of document it is. Is that >> absolutely so we we have two options. So

[05:20] we have the options where it is up to the workflow. So the document comes in we read it we understand the type of category the document is if there is multiple categories in the documents we automatically split it. So subsequentially let's say you sending me a mortgage packet in those circumstances you can have driver license passport within the same page. You could have a pay slips you could have three sets of pay slips in the same PDF. uh you could have other types of informations like the income, the income statement, the financial statement, all of these different information in one single PDF or in each individual document. The system will categorize it, classify it, split it. Then after it splits it and it understands what it is, it will automatically extract the information based on context. Then after it does that, it's uh doing the fraud checking. So checking if it is generated with AI, if it is a fake license or not. Uh it does as well federal government checks. So we go to the DVS to verify the originality of the documents. Uh we can

[06:24] as well verify the content of the documents, the metadata, the structure, the context, if it was generated with AI or not, so on so forth. Then once that document is flowched, we um we basically package it up with all the direct structure. we connect automatically to the systems of the lenders if needed and this data is then used to make the decision on the on the loan. Okay. Uh now uh as part of that once it gets to the lender we provide as well reduction services where all personal information gets removed. Then we also provide storage services, loan management services, CRM services for the brokers or the lenders. a full suite pretty much of anything that is needed to automate and streamline. That's option one. The option two that we have which is the new option that has come out this at the beginning of this year is the fully autonomous process where we have developed internal agents that are using those individual functions and items in the process that self-manage the

[07:26] communication between all of these components. And if the human intervention is required, they will request the human intervention to adjust the informations and proceed to the next step. So it's a very different process than everybody's following. Everybody is following human in the loop. So where the AI creates the issue the the human is always there in the loop while we're creating something that is completely autonomous where the human is actually um asked to join uh into the process to see if there is any issue or not instead of being there constantly only if the AI finds the issue will call the human in so it's a new approach there is a lot of different things that we're working on in regards to that but yeah >> yeah and I Guess that's where we kind of need to lead towards and move towards and I guess when it comes to document safety and process how does that actually work with you? So uh all of the informations for us if we're talking about international companies or

[08:29] national companies here in Australia we we basically are governed by what the customer prefers. So we have geolocation in everywhere around the globe. So if it is an Australian entity all the data would reside in Australia. If it is a Canadian entity, all the data will reside in Canada for example. Uh we are sock 2 type 2, we are ISO27001. Uh we also have PCIDSS certification for all different types of credit cards and all other types of informations. In other industries, we have HIPPA compliance. We in Europe we have GDPR compliant as well. uh we do have some new certifications which I would say we almost issued ourselves which is AIOC and AIGC which is around that governance AIP of our new product and new platform we have that we talked about before the podcast um but yes um we we basically have best standard encryption we do cyber security penetration testing every single year uh we test each one of our products individually we have monitoring

[09:33] tool 247 seven on our cyber security and availability and status. Best grade technology pretty much all of our infrastructure is active to active. So we guarantee to our customers zero downtime any time. Uh which it means if any data in any glossations around Australia goes down our system will still be up and available. >> No. And I guess when it comes to managing that especially now in the age of AI yes we were talking about your AI governance platform but how does that work especially if we're doing agentic first processes because um how an agent works is often the question especially now that open core exists and it's not the safest platform how do we make sure that if you are using any AI agents that is like that type of data is protected. >> Okay. So, I am not a pro- American companies and neither and against American companies, but I have mixed feelings.

[10:35] >> Informations about your customers should never be utilized in environments where I generalized purpose. Okay? They should never be used in simplicity by just putting it in a chat box and asking for a response. Okay? Rule number one, you should have systems, infrastructure, storage, and you should have the right AI models deployed in the right in the right deployed in the right sovereign methodology to ensure that your client's data are secure. There is uh tick boxes and you know terms and conditions that say that all of these data might not be used for the training purposes and so on so forth and all of this nice legality around it. But again, you should use tools that are designed for the purpose for which you want to use it. So be very responsible with your customers data. Um, a lot of times I have seen that you might I seen people collecting informations about their customers, their customers finance and not using in the proper way. So be very mindful of

[11:38] where their data is going, what type of securities you have activated. be very very cautious of the informations those models um give you because those information those model give you let's not forget that those are prediction models not deterministic models prediction models are basically just guessing the next item that they're going to tell you based on a data set of informations it has retrieved it's not always accurate it is mainly design it's mainly designed around the customer desire so if it is making you happy. It will tell you whatever you like fake or not fake. >> At the same time, there is the hallucination component so on so forth. So that's where I always suggest people to work with uh companies that have expertise in this that are using their own IP. They have full control of where the information is going, how the model is behaving, how the AI is responding and uh and they are able to audit back

[12:44] on things that have and not just provide your response based on the document. So use it very carefully. Um you know I'm been in AI since I was a 15 years old kid. I wouldn't even call it AI. I call it machine learning at the end of the day. And they're just different types of models. The technology is very promising. Um it's not yet a substitute of a human. It's a human optimizer. It's getting very very to the level of fear uh where you know people still feels that um you know uh it's going to substitute somebody. It's still far away from that. It's very efficient don't get me wrong. It's uh very very powerful but if it is misused it's as powerful. So can create big damages you know as well as you have seen with open claw. Yeah. And and this is I guess the conversation we are having and this is I guess what docai might do best in in that process as it grows because obviously you can

[13:47] validate documents whether or not they're genuine or whether they're AI uh generated um and then on top of it from an agentic AI workflow um you have auditing systems in place. So when an activity occurs by an AI agent within your system, it's almost like um when you build out a CRM, you have notifications. You can track all these activities that someone has done. You've got a version of that. >> Correct. >> For your AI agents, >> correct? So the AI agents automatically uh have to write each individual tasks that they're performing. At the same time, we're not in in our process building, in our workflow building, we don't always use generative AI or large language models. A lot of the times we use the specific technology that is best for the purpose for which we're using it for. Which it means if in some circumstances we have to use uh deterministic models, we will use deterministic models. If if in some circumstances we need general prediction

[14:52] models, we will use that. So that's where the expertise come to actually have successful deployment of AI applied to your workflow internally in your business. You need expertise from any aspect of artificial intelligence. You don't just need expertise in how to use chat GPT on how to use generative model and agents together to create a workflow. You need complete coverage because the technology that has been designed it can be applied to anything even if it is designed for general purposes but it will not work. It is it is not the same you know they say that they say a jack of all trades master of a none but still better than a master of one that apply for a human but that does not apply to >> yes and that's I guess where the context awareness really comes into play and I guess when it comes to building out any normal business and ultimately AI is not necessarily replacing people but jobs

[15:55] people do and when people do specialist jobs, you need a specialist LM l to do that particular job. >> Well, it's it's a it's a it's more like a configuration of the knowledge for which the model is relying on. Uh it's not actually a specific uh large language model that is doing the task or it it's it's it's optimized for that purpose. It's like a a recognition flow. So, it basically has to be designed for that purpose. Large language models are designed to predict the next sentence and to try to make sense of the previous tokens or words and keep predicting the next one within the context that you have established within the prompt. Uh now again it depends if we you know everyone says that you are a HR advisor uh make sure that you rely on your knowledge of being an HR advisor. It's just basically segmenting the data set

[16:59] that that model will use to respond back. But it doesn't actually mean that the response that is going to come back is 100% accurate. It might hallucinate. It might just satisfy you for that response. >> Yeah. And as you talk about it more, what I realize is from a behavioral mechanism, as you said, there's a prediction model. So it's trying to predict what you want. It's almost like giving you your f future like you're a horoscope. Um but it's not guaranteed that that's the outcome of your life. Um whereas what you're trying to move more towards within your workflow is the um the deterministic process where it's actually running on facts not >> correct assumption >> hybrid a hybrid between both contexts. So where the prediction is best and where the actual deterministic component is best. So trying to limit the prediction the prediction component of those models together with a slight

[18:02] touch of deterministic models. So instead of just giving you blah, it will actually give you a formed response and feel comfortable enough to say, hm, I might not know the answer to that point >> instead of just giving you what you desire. >> Nice. And so I guess from a workflow point of view, how would it apply to the document collection and fraud management process? So in the in the document collection space what we have developed is for example the whole following up with customers the whole asking the quality of the document for example. So I give you an example in the broker space. Um the broker requests the documents a driving license and pay slips. Okay. The customer uploads those documents. The broker can see that instead of the driving license, the customer accidentally uploaded the photo of a cat. Okay. >> Yeah. >> Today it's done by the broker. The AI that we have been built will automatically scan the document understand if that document is a cat or a driving license. And if it is a cat,

[19:07] it will automatically start a communication with the client and say, "Hey client, you have uploaded a photo of a cat. Can you please make sure it's a driving license without the need of any human intervention at that point?" Right? Because it's basing itself on the rules, on the policies that are set by the broker. Then once that it's fixed, it checks the quality of the documents if it is encrypted or not and all other sorts of informations. Once it passes all the checks, then it goes for the extraction. The extraction that it executes again is set on rules that the information that the lender actually needs. So the broker it's able to select the specific lenders and then it will automatically pull out the data that only the lender needs extracts it standardizes it into a nice format and that information can be pushed through an API to to to the lender. But again any communication between the broker and the client has been as well automated if the broker wants to activate it and as well up to the lender. So the whole

[20:10] cycle back forth pre- credit let's call the pre-redit process or the pre-approval process >> completely automated. >> Nice. And I guess this is the value of the system as a whole because when a document comes in it could be multiple documents. >> Yes. sent across, but then it's sorted and categorized it and an AI agent could also see that you inserted your kids homework in there and you know eliminate that as a nonrelevant document. >> Correct. And that avoids all the sorts of different types of data leaks. So all data that starts flowing around that you actually don't want flowing around and the lender doesn't even want that data neither you want it on your laptop. All right? So it's it's sort of the AI removes all of these things out of the place and says, "Okay, this is a loan. Just give me the data that I need based on the policies that my broker has requested." >> Yes. and and it's really like streamlining that process making sure everything goes through and then you have I guess your AI governance rules

[21:13] because um the problem with I guess most agentic AI workflows not to discredit open core but it's the one that most people understand right now and these are known issues is that it can go anywhere and click anywhere for you whereas your AI agents can only click on the things that have specific rules for it to access. >> Absolutely. So it has has completely so there is a couple of new things that uh we have established internally. So you know how that is KYC and KYB. So know your customer and know your business customers right we have developed internally KYA which is know your agent. So it is basically authentication standards that we estab pre pre-establish on each one of the agents that are controlling the functions and we give them forced human action rights. So it only can work within that established environment. It cannot go outside of that established environment

[22:16] until the human approves that action. Okay. Now again very very restricted in context of the lending but the capability because our business is completely agnostic our business is focused on processes overall the technology can be applied to anything pretty much. Yeah, which is great. And I guess we're drilling into the details only because you know information matters. Seeing how it actually all works matters and most business owners are being told to implement AI and they don't know how best to apply it and what is the best governance and processes in place and and I guess this is the value that uh docsai is doing as a process for >> for lenders specifically but you know you also do it for others as well. >> Yes. So we we also as well I would like to add that now we we uh released a new platform called clarity AI. So clarity AI it's a platform completely designed around the governance risk and

[23:18] management of AI systems. So basically we provide AI solution and processes and automation. So we are a autonomous solution AI provider. Okay, if you want to see like that custom development, we use Lego approach to assemble those things together to create perfect workflows that go by themselves. But we also understood that there is a massive luck in the market today from that KYA perspective, that governance perspective, their training perspective, the risk management component of all of these different AI systems that people is deploying inside the businesses and enterprises. So that's why we released um clarity. So clarity allows you to pretty much define your policies, governance policies, does risk assessment and management of your business internally. So it automatically goes and analyzes everything you're doing inside your business to see if people is using anything like shadow AI. Shadow AI means um users within your

[24:23] enterprise that are using charg cloud or any other tool like that without them telling you and uploading all of those sensitive data uh to those platforms without the approval of the enterprise overall. Right? So there is no management of data, no insights where is going, who is using it and it automatically detects that. Then it has policy tracking. Then it has auto assessment. It has training programs to train all your internal staff of what actually they're using and how much they can rely on this technology. And at the same time as part of it, we also have a sand pit. So what is a sand pit? Like you know a trial. So you can basically connect all different external models including docsai models and docsai services and you automatically test them in a safeguarded environment. What does it mean safeguarded environment? An environment where our system will automatically detect sensitive data, remove it and allow you to test those

[25:27] models before you deploy them into your enterprise. So it's a full uh trust risk and governance piece of using AI. >> Nice. And I guess by having the Lego approach that you have, it means that you can um plug and play the parts that you need in your business life cycle. >> Absolutely. So for example, if a broker just needs for a check or a lender just needs for a check, they can use that. But we always suggest um for you know highintensive manual workflows to sort of reverse engineer and try to work together in a full solution that can be deployed as an industry standard. Um that's that's also another approach that we work with. Um but at the same time you know every business is different every business functions different. Uh I hate when majority of consultancy say we understand your business. No you don't. Every business is different. Every business is like a household. It will be different, right? Everyone will behave

[26:30] as a different organism. So you have to understand, listen and reverse engineer from what you learn from them to then apply the technology. >> Yes. Which is perfect because um I guess as an example um a lender might have its own CRM system. So, it doesn't need to do the document collection or the um information type form field type things, but it may not have the fraud check part. That's where Ducks AI could do that or you actually don't have the form fields and therefore you can use I think it's data exchange or >> data exchange and e form. So, there's also segmentation you can use there. Yes. >> Yeah. So there, so this is the gift of all the suites because again, if you don't have a part, you probably have a service that provides that part and you can assemble the parts together so that you have a whole operating system that functions from start to finishing. >> Absolutely. Every business every business has a different approach. We work with 75 bank and non-bank lenders. We have roughly 7,000 brokers on our

[27:36] platforms, right? So our platform is known in the market still with the old brand which is very moto which now it's actually asset verification. Uh it's the new brand new name under docai. Uh that's where majority of our brokers are. Uh and it's one of the main asset verification automation platform. So we have streamlined the asset verification process there. But on another note, the the the the thing that we offer is for enterprises that want to completely redesign a process, we do a workshop which we do completely out of charge by the way, which is very important to understand. So we work together with the lender or uh the broker and we reverse engineer that process and then redesign it into a solution. Um which is which is another approach than just replacing one thing. Don't forget return of investment can actually be calculated when you are reinventing something not just fixing something. >> You can't measure accurately enough. You have to redesign something completely

[28:40] from scratch and see what it was before and what it will be not not just replacing little components. Little components are slight optimization and that doesn't mean actually return of investment. It could actually sometime add cost if not done properly. I agree. Um, if people wanted to learn more about what Docsai does, where should they go and what should they do? >> Look, um, we try our best on our website to put as much information as possible, but on our website there is everything. Uh, we're also building a new YouTube channel uh with all the informations, videos, demos and everything so on so forth. Um, but if anybody's interested, you know, our website is the best place. Contact us. Uh all blogs are there, all informations are there, all products are there. Um and if anyone wants to reach me, I'm on LinkedIn. I would say half of my day. So always there to get a message and have a chat. >> Perfect. Thank you so much for joining us on the conversation. Um Alonso, um anybody who's listening, um if you do

[29:43] have questions for Alfonso, feel free to comment below, do all the good things like like, share, and we will pick up this conversation again soon. Thank you.

1. Where It All Started

DoxAI was founded in 2022 after Alfonso identified a pattern shared by lenders and industry peers: critical processes like document collection, extraction, and categorisation were being handled manually, often with data being sent overseas for processing. This created risks around data sovereignty, security, and accuracy.

The vision was to build something that kept that intelligence onshore, encrypted, standardised, and automated — a modular platform where lenders and brokers could select only the pieces they needed, assembled in a “Lego-style” format.Episode Links

▶️ WATCH THE FULL PODCAST HERE: https://youtu.be/SgOijUkNxGY

🎧 LISTEN ON SPOTIFY: https://open.spotify.com/episode/5OOYT9KY92jmqNVwuXPmVC?si=x1DWQPIJRoms7OCTgxK-Mg

🌐 EXPLORE DOXAI: https://doxai.co/

2. What DoxAI Actually Does

The platform now covers the full lending origination lifecycle. When a document enters the system, it goes through a layered, automated process:

  • Categorisation & Classification: The system reads each document, identifies its type (e.g. pay slip, bank statement, driver's licence), and splits mixed PDFs automatically.
  • Contextual Extraction: Relevant data fields are pulled based on what the lender actually needs — not a generic scrape.
  • Fraud Checking: The system checks if documents were AI-generated, verifies IDs against the federal DVS (Document Verification Service), and analyses metadata, structure, and content integrity.
  • Automated Submission: Extracted data is packaged and pushed to lender systems via API, with optional PII redaction before handover.
  • Loan Management & CRM: Storage, loan lifecycle tracking, and broker-facing CRM tools round out the suite.

3. The Problem with Most AI in Lending Today

Alfonso discusses his concerns around Generative AI tools — even well-known ones — are prediction models, not deterministic ones. They are designed to give you the answer that satisfies you, not necessarily the correct one. Hallucination is real, and the risk of uploading sensitive client financial data into a general-purpose chat tool is significant.

His recommendation: use tools that are purpose-built for the task, with full control over where data goes, how models behave, and the ability to audit responses. Brokers should never paste client information into a generic AI chat box.

4. Agentic AI — And Why Governance Matters

DoxAI's latest product direction is a fully autonomous workflow model. Rather than keeping humans in the loop at every step (the conventional approach), DoxAI's agents handle the full process autonomously — and only escalate to a human when they identify an issue they cannot resolve.

To govern this responsibly, DoxAI introduced a concept called KYA — Know Your Agent. Every agent is assigned pre-authenticated action rights. It can only operate within its defined environment, and cannot take unauthorised actions without human approval.

Each agent also logs every individual task it performs — creating a full audit trail of AI activity across the lending workflow.

5. Real-World Automation: The Cat Example

Alfonso used a memorable example to illustrate how the workflow functions in practice. A client is asked to upload a driver's licence. They accidentally upload a photo of a cat. Rather than a broker having to catch this manually, the DoxAI system:

  1. Scans and identifies the document as a non-compliant file
  2. Automatically sends the client a message asking for the correct document
  3. Once corrected, checks document quality, encryption status, and compliance
  4. Extracts only the fields the lender requires and pushes them via API

No human touchpoint required. The broker just sees a completed, verified application.

6. Data Security & Compliance Standards

All data is geolocated and stored in-country by default (e.g. Australian clients' data stays in Australia). DoxAI holds the following certifications:

  • SOC 2 Type 2
  • ISO 27001
  • PCI DSS
  • HIPAA (for health industry clients)
  • GDPR (for European operations)
  • Annual cybersecurity penetration testing
  • Active-active infrastructure with guaranteed zero downtime

They also offer 24/7 monitoring of their systems and cyber security posture.

7. Clarity AI: Governing the AI Your Business Already Uses

Recognising a gap in the market, DoxAI released a standalone governance platform called Clarity AI. It is designed for enterprises that need to manage and audit the AI tools already operating within their business — including tools staff may be using without approval (a phenomenon Alfonso refers to as “shadow AI”).

Clarity AI provides:

  • Shadow AI detection (finding unapproved tools in use across teams)
  • Policy tracking and governance frameworks
  • Automated risk assessment
  • Internal staff training programs on AI use
  • A sandpit environment for safely testing AI models before enterprise deployment — with automatic PII removal

8. Key Takeaways for Brokers and Lenders

  • Automation is only as safe as the guardrails you put around it. Purpose-built tools beat general AI every time.
  • The Lego approach means you don't have to replace everything — add the components you actually need.
  • AI governance is not optional. If your staff are using AI tools unsupervised, you have a data risk problem.
  • ROI is best measured when you redesign a whole workflow, not just replace one component.
  • DoxAI serves 75 bank and non-bank lenders and approximately 7,000 brokers — primarily through the Verifast (formerly Veri.Moto) asset verification platform.

9. Practical Next Steps

  • Audit your current document process: where are documents going, and who is handling them?
  • Identify your fraud exposure points — what gets manually reviewed vs. automated?
  • Consider a free workshop with DoxAI to reverse-engineer and redesign your workflow from scratch.
  • Review which AI tools your team is currently using — and whether they meet compliance standards.
  • Connect with Alfonso on LinkedIn or visit doxai.co for more information.

⚠️ Disclaimer: This content is for educational and research purposes only and does not constitute financial, legal, or business advice. Always conduct your own due diligence before implementing systems, tools, or operational changes in your business. Some links or recommendations mentioned may be affiliate partnerships, meaning we may earn a commission at no additional cost to you if you choose to engage with a product or service. All opinions remain independent and based on research and experience.

Related

View details for Dox AI
Dox AI

Dox AI

AI-powered document intelligence

Make growth feel automatedwith Broker Tools workflows.

Browse the directory and compare software or services made for the Mortgage, Asset or Commercial broker in Australia. Need help to uncover the ideal tech stack for your workflow and growth goals?  Work with us.