# Mortgage Pricing Engine — Vendor RFP Template

A 60-question vendor-neutral RFP for evaluating mortgage pricing engines.
Operator-grounded, designed to expose where vendors are strong and where they're hand-waving.

> Use this template on every vendor you evaluate. Score answers 1-5 per question; outliers — sections where vendors score very differently — are where the real differentiation is. Don't skip the "demonstrate" prompts; the signal is whether the vendor can actually run the thing they describe.

---

## 1. Pricing engine fundamentals

1. Describe how your engine accepts loan input (REST, GraphQL, batch, file). Provide a sample request body for a 30-year conforming purchase.
2. What pricing modes do you support (BEST_EX, BY_RATE, BY_PRICE, others)? Demonstrate each on the same loan input.
3. Walk through your two-stage eligibility (Stage 1 predicate evaluation followed by Stage 2 full pricing). What's the latency target for Stage 1 alone?
4. Provide your warm-path p50, p95, p99 pricing latency numbers and how you measure them.
5. Describe your caching architecture and how cache invalidation propagates after a ratesheet activation.
6. How do you handle loans that intersect multiple programs (e.g., a borderline FICO/LTV that may qualify for both standard conforming and a high-LTV specialty product)?
7. Demonstrate historical replay: reprice a sample loan as of a date 12 months ago using the ratesheet that was active then.

## 2. Rule engine and adjustments

1. Describe your adjustment rule engine. How are rules expressed, stored, and executed? Are rules data or code?
2. List the operators your rule engine supports (EQ, NEQ, ranges, set membership, etc.) and your combine strategies (SUM, MAX, MIN, OVERRIDE, etc.).
3. How do you represent the GSE LLPA grids? Show us a Fannie Mae LLPA grid as configured in your engine.
4. How do you handle investor-specific overlays on top of GSE rules?
5. What happens when a rule references a loan field that's missing from the input? Demonstrate.
6. How do you audit a rule set for fair-lending concerns (proxy variables, protected-class correlations)?
7. Show us an example rule whose execution depends on the value of a previously-fired rule.

## 3. Trace, drill-down, and explainability

1. Show us the per-rule trace returned with a quote.
2. Is the trace built as a side-effect of pricing computation, or is it a separate explain pass?
3. Open a quote drill-down for a specific investor. Walk through the rule chain end-to-end as you would for compliance.
4. How do you surface the trace to a borrower in a way appropriate for that audience?
5. Provide an example regulator response: 'reproduce this loan's pricing as of <date> and explain why each adjustment fired.'

## 4. Ratesheet automation

1. List every ratesheet ingestion source you support.
2. What document formats do you handle (XLSX, text PDF, image PDF/scan with OCR, HTML, JSON)?
3. Describe your header normalization process. Hardcoded, ML-based, or hybrid?
4. Demonstrate how your pipeline handles a vendor that reorders or renames a column header.
5. Show us your QC dashboard.
6. What's your activation model? Show us a rollback.
7. What's your retention policy on raw documents and on parsed ratesheet rows?

## 5. Lock management and secondary

1. Describe your lock subsystem's state machine.
2. What does a lock pin?
3. How do you handle distributed-safe expiry sweeping when running multiple replicas?
4. Show us per-organization lock-desk policy with effective-dated inheritance.
5. Demonstrate sell-side pricing alongside loan-level pricing.
6. Show us the lock journal for a recently-funded lock.

## 6. Comp & margin

1. Describe your comp/margin hierarchy.
2. How do you handle effective-dated rule changes?
3. Show us your applicable-margin lookup endpoint.
4. How do you support an officer who works across multiple branches?
5. Walk through an LO compensation calculation that uses tier logic.

## 7. AMI, eligibility, and borrower programs

1. Describe how your platform consumes FFIEC AMI tables. What's your update cadence?
2. Show us a percent-of-AMI calculation with family-size adjustment for a specific county.
3. How do you handle program eligibility checks that depend on AMI thresholds?
4. What state-specific overlays do you support? How are they configured?
5. How do you handle MISMO 3.4 / ULAD loan import?

## 8. APIs, SDKs, and integration

1. Provide the OpenAPI spec URL.
2. Demonstrate idempotency-key handling on a mutation endpoint.
3. Show us your error response shape. RFC 7807?
4. Walk through your GraphQL endpoint if you have one.
5. What SDKs / client libraries do you maintain officially?
6. Demonstrate your webhook delivery: signing, retry, DLQ, replay.
7. What's your rate-limit policy? Demonstrate the burndown response.
8. How do you handle multi-tenant isolation?

## 9. Security and audit

1. Describe your encryption at rest and in transit. Algorithms? Key management?
2. Walk through your audit log. Hash-chained? Demonstrate the verify endpoint.
3. Describe your PII handling and retention policy.
4. Describe your RBAC model.
5. What SSO / OIDC providers do you support? SAML?
6. What's your SOC 2 Type II / ISO 27001 / HITRUST attestation status?
7. Walk through your incident response playbook.
8. What's your subprocessor list and notification process?

## 10. Operations, SLA, and support

1. What's your uptime SLA per tier?
2. What does customer support look like at each tier?
3. What's your typical implementation timeline?
4. Provide three references.
5. Walk through a recent production incident.
6. Describe your release cadence.

## 11. Pricing and contracting

1. What are your tier-level prices?
2. What does enterprise pricing look like?
3. What's the minimum contract term?
4. What does the cancel and offboarding process look like?
5. Describe your standard MSA, DPA, and SLA. Negotiable on standard tiers?
6. What payment methods do you accept?

---

Produced by RateStack. Free to share.  
Latest version: https://ratestack.com/resources/rfp-template