Lock policy, sell-side, and audit — in one place.
Lock-desk operations need policy enforcement, sell-side comparison, and a defensible audit trail — at lock-day speed. RateStack's lock subsystem covers the full lifecycle (create, extend, cancel, fund) with per-organization desk configuration and effective-dated policy inheritance.
A lock desk is the place where the platform's promises become operational. Pricing must reproduce. Policy must enforce. Audit must be defensible. RateStack's lock subsystem treats those as primary requirements, not afterthoughts.
Per-organization desk configuration covers cutoff time, max extension days, free-extension grace windows, allowed lock periods, and fee curves. The configuration layer carries effective dating with inheritance — change a fee curve today and the change applies forward; historical locks remain priced against the curve that was effective when they wrote.
Sell-side pricing runs alongside loan-level pricing so the desk can compare bid-tape outcomes against retail commitments without opening a second tool. Every sell-side completion writes its own audit row keyed to the lock and the executing investor — useful for hedging, pull-through, and bid-tape reconciliation.
Before vs. after
The shape of a day.
The same operating model, rebuilt around explicit pricing and a single audit log.
Before
Lock policy lives in a wiki nobody updates.
After
Lock policy is configuration, validated by the system, with effective dating and audit.
Before
Extensions are a phone call to the lock desk.
After
Extensions are a self-serve API call validated against policy. Free-extension grace fires automatically.
Before
Sell-side pricing is a separate spreadsheet.
After
Sell-side runs against the same input + pin as the retail lock; comparison is a join on lockId.
Before
Expiry sweep is a cron that occasionally double-runs.
After
ShedLock-guarded sweeper runs once per cadence regardless of replica count.
Capabilities, framed for you
The platform pieces you'll touch first.
Full lock lifecycle
Create, extend, cancel, fund. Each transition writes a journal entry.
Per-org desk configuration
Cutoff times, fee curves, free-extension grace, allowed periods.
Sell-side pricing
Bid-tape ladder against the same pin. Completion audit per investor.
ShedLock expiry sweeper
Distributed-safe; runs once per minute regardless of replica count.
Audit hash chain
Every state change hashed into common_audit_log with verify endpoint.
Webhooks for hedging
locks.created/extended/cancelled/funded/expired delivered with HMAC.
Onboarding
What week one looks like.
A pragmatic sequence — from sandbox to first signed quote.
- 1
Day 1: desk configuration
Capture your current desk policy as configuration. Cutoff time, max extension days, fee curves.
- 2
Day 2: validation
Run today's actual locks through the platform's validators in dry-run mode. Reconcile any policy delta.
- 3
Week 1: sell-side enablement
Configure your sell-side investor pack and the audit fields you want captured per completion.
- 4
Week 2: webhook subscribers
Subscribe locks.* events; route to hedge / BI / ledger.
- 5
Week 3: parallel operation
Run RateStack lock-side in parallel with current system; reconcile on lockId for one week.
- 6
Cutover
Once policies and audits reconcile, cut over. Old system stays read-only for historical replay.
The webhook DLQ replay alone justified the migration. We used to lose deliveries when subscribers blipped; now we replay them in one click and the trace shows exactly what we did.
Frequently asked
Specific to your operating model.
What about EOD pricing snapshots?
Sell-side completion audits double as EOD snapshots; the pricing-service can also emit a pricing.eod.snapshot event scheduled to your desk's close time.
Can I configure tiered extension fees?
Yes. Fee curves are arbitrary functions of (lock period, extension days, days remaining). Free-extension grace windows are first-class parameters.
Do you support partial fundings?
Funding is per-lock; partial fundings are modeled as separate journal entries with cumulative funded amount tracked on the lock row.
How do we handle lock breakage?
Cancel + new lock pattern, with a reason code on the cancel. The audit chain links them via correlationId on a manual breakage event.
Ready when you are
See lock desks on RateStack.
Live demo with your real ratesheets, your real scenarios, and an honest read on whether the platform fits your team.