Skip to content
RateStack
Resources · RFP template

Mortgage pricing engine RFP template.

A 60-question vendor-neutral RFP for evaluating mortgage pricing engines. Operator-grounded, designed to expose where vendors are strong and where they're hand-waving.

This template is for buyers, not for us. Use it on us; use it on every other vendor you evaluate. Honest answers from a vendor are the best signal you'll get during evaluation. The questions are structured so that wrong or hand-wavy answers are obvious.

How to use it

  1. Copy the sections below into your RFP / RFI system, or print this page.
  2. Send to two to four vendors. Two is fine; six is too many.
  3. Score answers on a 1-5 scale per question. Average per section. Outliers — sections where vendors score very differently — are where the real differentiation is.
  4. Don't skip the "demonstrate" questions. The most important signal is whether the vendor can actually run the thing they describe in their answer.
  5. After RFP responses, run a parallel pricing exercise on your top scenarios with the top two finalists. Decide based on the exercise, not the RFP.

You're welcome to share this template freely. If you publish your scoring methodology after, we'd love to read it.

Download as MarkdownRun RateStack through it

1. Pricing engine fundamentals

  1. Describe how your engine accepts loan input (REST, GraphQL, batch, file). Provide a sample request body for a 30-year conforming purchase.
  2. What pricing modes do you support (BEST_EX, BY_RATE, BY_PRICE, others)? Demonstrate each on the same loan input.
  3. Walk through your two-stage eligibility (Stage 1 predicate evaluation followed by Stage 2 full pricing). What's the latency target for Stage 1 alone?
  4. Provide your warm-path p50, p95, p99 pricing latency numbers and how you measure them.
  5. Describe your caching architecture and how cache invalidation propagates after a ratesheet activation.
  6. How do you handle loans that intersect multiple programs (e.g., a borderline FICO/LTV that may qualify for both standard conforming and a high-LTV specialty product)?
  7. Demonstrate historical replay: reprice a sample loan as of a date 12 months ago using the ratesheet that was active then.

2. Rule engine and adjustments

  1. Describe your adjustment rule engine. How are rules expressed, stored, and executed? Are rules data or code?
  2. List the operators your rule engine supports (EQ, NEQ, ranges, set membership, etc.) and your combine strategies (SUM, MAX, MIN, OVERRIDE, etc.).
  3. How do you represent the GSE LLPA grids? Show us a Fannie Mae LLPA grid as configured in your engine.
  4. How do you handle investor-specific overlays on top of GSE rules?
  5. What happens when a rule references a loan field that's missing from the input? Demonstrate.
  6. How do you audit a rule set for fair-lending concerns (proxy variables, protected-class correlations)?
  7. Show us an example rule whose execution depends on the value of a previously-fired rule. (We're testing for ordering and side-effect handling.)

3. Trace, drill-down, and explainability

  1. Show us the per-rule trace returned with a quote. We want to see every adjustment with its rule id, condition matched, combine strategy, and value contributed.
  2. Is the trace built as a side-effect of pricing computation, or is it a separate explain pass? (Separate explain passes can drift from the regular pricing path.)
  3. Open a quote drill-down for a specific investor. Walk through the rule chain end-to-end as you would for a compliance team.
  4. How do you surface the trace to a borrower in a way that's appropriate for that audience (fewer rule lines, more business-language summary)?
  5. Provide an example regulator response: 'reproduce this loan's pricing as of <date> and explain why each adjustment fired.' Walk through your tooling.

4. Ratesheet automation

  1. List every ratesheet ingestion source you support: email-in (IMAP), portal automation, web/API scrape, file upload, native API.
  2. What document formats do you handle (XLSX, text PDF, image PDF/scan with OCR, HTML, JSON)?
  3. Describe your header normalization process. Is it hardcoded per investor, ML-based, or hybrid?
  4. Demonstrate how your pipeline handles a vendor that reorders or renames a column header on a daily ratesheet.
  5. Show us your QC dashboard. What does an operator see when reviewing a DRAFT ratesheet?
  6. What's your activation model — DRAFT → ACTIVE → SUPERSEDED, single-state, something else? Show us a rollback.
  7. What's your retention policy on raw documents and on parsed ratesheet rows?

5. Lock management and secondary

  1. Describe your lock subsystem's state machine. What states do you support (LOCKED, EXTENDED, CANCELLED, FUNDED, EXPIRED)?
  2. What does a lock pin? (We want: ratesheet version, investor, program, rate, full quote trace, actor.)
  3. How do you handle distributed-safe expiry sweeping when running multiple replicas?
  4. Show us per-organization lock-desk policy with effective-dated inheritance. Walk through a fee-curve change.
  5. Demonstrate sell-side pricing alongside loan-level pricing. How do they relate in your data model?
  6. Show us the lock journal for a recently-funded lock. Every transition should be visible with actor, timestamp, and reason.

6. Comp & margin

  1. Describe your comp/margin hierarchy. What levels do you support (platform, org, branch, officer, others)?
  2. How do you handle effective-dated rule changes? Demonstrate a margin update that doesn't retroactively affect already-priced loans.
  3. Show us your applicable-margin lookup endpoint: for a given (org, branch, officer, asOf) tuple, what does the engine return?
  4. How do you support an officer who works across multiple branches with different comp plans?
  5. Walk through an LO compensation calculation that uses tier logic across loan amount and product.

7. AMI, eligibility, and borrower programs

  1. Describe how your platform consumes FFIEC AMI tables. What's your update cadence?
  2. Show us a percent-of-AMI calculation with family-size adjustment for a specific county.
  3. How do you handle program eligibility checks that depend on AMI thresholds? Walk through Stage 1 ineligibility for a borrower above the program's AMI cap.
  4. What state-specific overlays do you support (NY, CA, MA, IL, others)? How are they configured?
  5. How do you handle MISMO 3.4 / ULAD loan import? Demonstrate a sample import.

8. APIs, SDKs, and integration

  1. Provide the OpenAPI spec URL. We want to download and inspect it.
  2. Demonstrate idempotency-key handling on a mutation endpoint. What happens on retry?
  3. Show us your error response shape. Is it RFC 7807 problem+json? Where does the correlationId appear?
  4. Walk through your GraphQL endpoint if you have one. What schema do you expose?
  5. What SDKs / client libraries do you maintain officially? In what languages?
  6. Demonstrate your webhook delivery: signing scheme, retry semantics, DLQ, replay. We want to see the full lifecycle on a sample event.
  7. What's your rate-limit policy? Per API key? Per organization? Demonstrate the burndown response.
  8. How do you handle partner-specific credentials (multi-tenant isolation)?

9. Security and audit

  1. Describe your encryption at rest and in transit. What algorithms? What key management?
  2. Walk through your audit log. Is it hash-chained? Demonstrate the verify endpoint.
  3. Describe your PII handling. Specifically, what NPI fields do you collect, how are they redacted in logs and traces, and what's your retention policy?
  4. Describe your RBAC model. How granular are permissions? Show us a few example roles and the permissions they include.
  5. What SSO / OIDC providers do you support? SAML?
  6. What's your SOC 2 Type II / ISO 27001 / HITRUST attestation status? When was the last audit and which firm conducted it?
  7. Walk through your incident response playbook. Severity tiers, escalation, notification SLAs.
  8. What's your subprocessor list and how do you notify customers of changes?

10. Operations, SLA, and support

  1. What's your uptime SLA per tier?
  2. What does customer support look like at each tier? Response SLAs, channels, named contacts?
  3. What's your typical implementation timeline for a customer of our size and complexity?
  4. Provide three references — ideally one in each of: correspondent lender, broker network, lock desk.
  5. Walk through a recent production incident: severity, resolution, customer notification. (We want to understand how you handle bad days.)
  6. Describe your release cadence. How often do you deploy? How do customers get notified of changes?

11. Pricing and contracting

  1. What are your tier-level prices? List tiers, what's included, and the upgrade path.
  2. What does enterprise pricing look like? What drives the variability?
  3. What's the minimum contract term?
  4. What does the cancel and offboarding process look like? Data export window?
  5. Describe your standard MSA, DPA, and SLA. Are they negotiable on standard tiers?
  6. What payment methods do you accept? What about international entities?

Companion content

Read alongside the RFP.

Mortgage pricing engine RFP template | RateStack