Typed orgs, scoped capabilities, and a delegation model that audits cleanly.
TPO and wholesale operations rely on knowing exactly who can do what to which loan, and being able to delegate cleanly. RateStack ships first-class org types — ORIGINATOR, INVESTOR, CORRESPONDENT, SUBSERVICER — each carrying its own capability set out of the 12 operational + 7 provider capabilities catalog.
Loan sharing and delegation are JWT-gated with TTL grants and bulk-assign by directive. The capability catalog is published at /v1/capabilities so integrating partners can write their own scoped clients without reverse-engineering. Cross-tenant operations write actingAsOrgId into the audit chain — a wholesale lender can prove which originator instigated each price discovery, lock, or import.
Pricing and guideline overlays are per-org with merge priority and sign-policy enforcement. Onboarding a new investor channel does not require code — it's a configuration step with audit-chained activation. The same engine, the same audit, the same APIs serve every channel.
Pair this with white-label deployment and a wholesale lender can stand up a branded portal for partner originators in days, not quarters. Same engine + same audit chain under the wholesale lender's brand and domain.
Before vs. after
The shape of a day.
The same operating model, rebuilt around explicit pricing and a single audit log.
Before
Wholesale audit can't prove which originator initiated a price discovery — the field is implicit.
After
actingAsOrgId in every audit row makes the grantor → grantee chain explicit.
Before
Cross-tenant sharing needs 'temporary user' accounts and email exports.
After
TTL JWT loan-share grants with explicit capabilities — revocable, time-bound, audit-chained.
Before
Investor onboarding is a release; each guideline shift hits a code path.
After
Per-org overlays with merge priority + sign-policy enforcement. New investor onboarding is configuration.
Before
Bulk LO reassignment is a Sunday job.
After
Bulk-assign by directive with one audit-row-per-loan-touched. Reason + prior/next captured.
Before
Originator and wholesale teams reconcile via email.
After
Single platform, scoped capabilities, audit chain across channels.
Capabilities, framed for you
The platform pieces you'll touch first.
Typed Org hierarchy
ORIGINATOR / INVESTOR / CORRESPONDENT / SUBSERVICER with default capability sets.
Capability catalog
12 operational + 7 provider capabilities, published at /v1/capabilities.
TTL loan-share grants
JWT-gated, time-bounded delegation with revocation.
Per-org overlays
Investor-specific pricing + guideline overlays with sign-policy enforcement.
White-label
Stand up a branded portal under your domain.
Vendor-native imports
Encompass Standardized Report CCL — 400 fields on day one.
Onboarding
What week one looks like.
A pragmatic sequence — from sandbox to first signed quote.
- 1
Day 1: org type + capability set
Set up the wholesale org and the typed sub-orgs (originators, correspondents). Assign capability sets out of the catalog.
- 2
Day 2: claim a branded domain
If running white-label, claim the partner-facing domain. DNS verifies; the controller issues the cert.
- 3
Week 1: vendor profile import
Connect Encompass (or your LOS) via the named profile. Day one, 400/400 rows land.
- 4
Week 2: overlay configuration
Investor-specific pricing and guideline overlays land via admin endpoints. Sign-policy enforcement protects activation.
- 5
Week 3: TTL share-flow validation
Walk a partner share end-to-end: grant issuance, JWT enforcement, audit row inspection. Verify the actingAsOrgId trail.
- 6
Production
Partners operate under your brand. Audit chain spans tenants. Wholesale compliance reads the actingAsOrgId trail directly.
Frequently asked
Specific to your operating model.
What's the difference between non-delegated correspondent and TPO?
Non-delegated correspondents send loans to the wholesale lender for underwriting; the wholesale lender owns the credit decision. TPO ('third-party originator') is broader — covers brokers and correspondents alike. Both fit the ORIGINATOR org type with capability sets calibrated to the underwriting delegation level.
Can a single wholesale lender host many TPOs?
Yes. Each TPO is its own org under the wholesale lender's tenant. Capability scoping isolates them. White-label gives each TPO a branded surface if desired.
Does delegation auto-expire?
Yes. TTL is enforced server-side. Revocation is also immediate; the next request from a revoked grantee returns 401. Already-completed actions remain in the audit chain — we don't rewrite history.
How are investor-specific overlays activated?
Per-org overlay with merge priority. Sign-policy enforcement requires an admin signature on activation. Backfill endpoints help admins migrate historical loans into the new overlay if needed.
Can we restrict the capability catalog per-org?
Yes. Org admins can shrink the set; they cannot expand beyond what the org type allows. Enterprise customers can request custom capability bundles.
Ready when you are
See tpo / wholesale channels on RateStack.
Live demo with your real ratesheets, your real scenarios, and an honest read on whether the platform fits your team.