Internal Controls Configuration
  • 16 Jan 2023
  • 3 Minutes To Read
  • Dark
  • PDF

Internal Controls Configuration

  • Dark
  • PDF

Early Access Feature
If you would like to request early access to this feature, please get in touch with your Mambu Customer Success Manager to discuss your requirements. For more information, see Mambu Release Cycle - Feature Release Status.

With internal controls you can set up automatic controls for loans, such as the dormancy period, the number of days you want to wait before locking accounts in arrears or automatically locking accounts in arrears when interest, fees, and penalties are more than a percentage of the current principal balance or of the original principal amount. For more information, see Internal Controls.

With Configuration as Code (CasC), you may batch configure your internal controls configuration via the API using YAML. For general information on CasC, see Configuration as Code Overview.

API Operations

CasC for internal controls supports two operations.

Action Endpoint Description
GET /configuration/internalcontrols.yaml Get current internal controls configuration.
PUT /configuration/internalcontrols.yaml Write a new internal controls configuration to Mambu.
Please Note

If you PUT a configuration to Mambu, any current configuration settings not included in the new YAML configuration will be deleted. PATCH requests are not currently supported.


For general information on CasC requests such as authentication and required headers, see Configuration as Code Overview.

The following section shows sample requests using curl and basic authentication. For all examples, replace TENANT_NAME with your actual tenant name.

With regards to authentication, {auth} is the base-64-encoded value of username:password. For more information, see Authentication in our API reference.

GET configuration

curl -X GET '' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Authorization: Basic {auth}'

PUT configuration

curl -X PUT '' \
-H 'Accept: application/vnd.mambu.v2+yaml' \
-H 'Content-Type: application/yaml' \
-H 'Authorization: Basic {auth}' \
--data-binary @internalcontrols.yaml

@internalcontrols.yaml represents the absolute path of the file on your device.

Use “--data-raw” if you want to specify the YAML body inline.

Example configuration body

  exposureType: "SUM_OF_LOANS"
  exposureAmount: 25000.00
allowMultipleLoans: true
allowMultipleGroupMemberships: true
  - "EMAIL"
  duplicateClientConstraintAction: "ERROR"
arrearsDaysBeforeWriteOff: 30
maxAllowedUndoClosurePeriod: 60
defaultClientState: "PENDING_APPROVAL"
defaultLineOfCreditState: "PENDING_APPROVAL"
  groupSizeLimitType: "HARD"
  minGroupSizeLimit: 10
  maxGroupSizeLimit: 20
approvalDisbursalTwoManRuleEnabled: true


If you do not receive a 200 OK response then fix any validation errors and make another PUT request until you receive a 200 OK response.

Please Note

If you PUT a valid YAML configuration to the API and you do not receive a 200 OK status code within 60 seconds, you may receive a 504 Gateway Timeout status code. We expect all responses to be below 60 seconds.

If you encounter this issue, please contact us through Mambu Support so we can investigate it.


Name Type Description Required
loanExposure Loan Exposure Configuration Configuration for maximum exposure to a client
loanExposure.exposureType String Type of maximum exposure to a client.
loanExposure.exposureAmount Number Maximum amount. Required when exposureType is not UNLIMITED.
assignmentConstraints List List of required assignments for clients and groups, ordered alphabetically.
allowMultipleLoans Boolean Option that shows if multiple loans are allowed or not.
allowMultipleGroupMemberships Boolean Option that shows if a client can be member of multiple groups.
duplicateClientFieldsConfiguration Duplicate Client Fields Configuration The duplicate client constraints configuration that are available in the administration and can be performed.
List Constraints regarding what fields can't be duplicate between two clients, ordered alphabetically.
String Action to be taken if constraints exist and are not met.
arrearsDaysBeforeWriteOff Number Number of days that are required before an account can be written off.
maxAllowedUndoClosurePeriod Number Maximum of days we allow users to undo of close obligations met for an loan account.
defaultClientState String The state that a client it's set when it's created.
defaultLineOfCreditState String The state that a line of credit it's set when it's created.
groupSizeLimit Group Size Limit Configuration Configuration for the group size limitations.
groupSizeLimit.groupSizeLimitType String Group size limit type. The options are HARD, WARNING, and NONE.
groupSizeLimit.minGroupSizeLimit Number Minimum group size. Required when groupSizeLimitType is not NONE.
groupSizeLimit.maxGroupSizeLimit Number Maximum group size. Required when groupSizeLimitType is not NONE.
approvalDisbursalTwoManRuleEnabled Boolean Requires separate users for approvals and disbursals.
availableDashboardSections List List of available dashboard sections, ordered alphabetically. The options are UPCOMING_REPAYMENTS, INDICATORS, LATEST_ACTIVITY, FAVOURITE_VIEWS, TASKS, CURRENT_TILLS, and CLIENTS.


Name Valid value range
loanExposure.exposureAmount 0-2,000,000,000,000,000
arrearsDaysBeforeWriteOff 0-2,000,000,000
maxAllowedUndoClosurePeriod 0-2,000,000,000
groupSizeLimit.minGroupSizeLimit 0-2,000,000,000
groupSizeLimit.maxGroupSizeLimit 0-2,000,000,000

Was this article helpful?