Part 3: Fannie Mae Seller Requirements for Vendor Management
Breaking down the regulatory requirements of Fannie Mae risk management priorities.
Hi, I'm Nicole, your friendly regulatory compliance counsel. Ncontracts asked me to do a brief video series on Fannie Mae's requirements for business continuity, audit and management controls, and management of vendors and other third-party service providers.
This video explains what Fannie Mae requires in regards to the management of vendors.
Last, but definitely not least, what does Fannie Mae require in regards to management of vendors and other third party service providers? Fannie Mae requires and states that they require this in their seller and the servicer guides that lenders must have written procedures for the approval and management of vendors and other third-party service providers. And that it is critical that third-party relationships are managed in accordance with internal policies related to strategic reputational, operational, transactional, credit, and management compliance risks.
In its recently released lists of self-assessments, Fannie Mae even reminds sellers and sellers and servicers that they remain fully responsible to Fannie Mae for functions that are outsourced to third-parties. A seller must have effective written policies and procedures for approval and management of third-party originators and must satisfy itself that all TPO’s produce quality loans. There are approximately 13 required items Fannie Mae includes for vendor oversight just for TPO’s, such as developing approval process and controls for TPO’s like mortgage brokers and correspondence, including reviews of recent financial statements, current licenses, receiving resumes of principal officers, conducting annual reviews of TPO’s financial statements, ensuring post-closing quality control processes of TPO’s. Review cycles must be structured to ensure that transactional or originated by each TPO’s are reviewed at least once annually.
Fannie Mae also stresses the importance of complete vendor oversight in three required items. Processes and procedures for the approval of vendors and other third-party service providers — and this is for all vendors across the board, especially for those high risk vendors. You have to show processes and procedures for the management of vendors and other third-party service providers.
So, you got to show that you have procedures in place for getting new vendors approved that are going to be working on Fannie Mae files, and procedures in place for your continual management of those vendors.
So, you need to seek reputable vendors. Ensure all your vendors have the appropriate IT security implementations in place. Ask your vendors the necessary questions and request evidence to determine how robust their IT security is. Have in place a vendor self-assessment checklist that includes the following: processes and procedures for the approval of vendors and other third-party service providers. Processes and procedures for management of vendors and other third-party service providers include a process to determine the potential risks using the third-party, a process for selecting and approving third-parties, pre-contract due diligence, a process to monitor the performance and termination if needed of a third-party, a process for completing an annual review of a third-party, approval and oversight procedures to ensure requirements are in alignment with business needs and risks management standards. They require a centralized operating model for third-party oversight and internal staff with the expertise to perform oversight over these vendors.
A third-party risk scorecard is also required, and that scorecard should include strategic risk components, reputational risk components, third-party relationship that results in dissatisfied customers (you need to show that there's a component for that), operational risk components, transactional risk components, credit risk of the third-party component, and last but not least, compliant risks from violation of laws, rules, or regulations for the vendor.
Common findings Fannie Mae has cited during audit reviews are that the seller/servicer does not have a comprehensive written procedure for third-party management. That the seller/servicer does not properly monitor third-party relationship. That the seller/servicer does not have a process in place to confirm that vendors’ activities related to origination of loans delivered to Fannie Mae does not appear on FHFA suspended count party program lists.
Subscribe to the Nsight Blog to get notified of new webinars!
Millions of risks. Multiple solutions.
One trusted source.
“I’ve gotten back weeks of productivity that I can use in other areas within our business. It’s a big timesaver. The cool thing about it is what work I do in there actually transfers through all the other modules we own and use.”
“We already had strong risk management in place. We didn’t need a system to teach us that. We needed a system that could work with our existing approach. For us, it was all about automation and customization.”
“When you pick a partner yes, there’s software and what it brings to the table, but also what resources do they have as far as knowledge as far as subject matter experts and professional services that you can leverage to strengthen your team and your position and do so in a way that lets you run as lean as you need to for your organization.”
“My advice for financial institutions thinking about Ncontracts is to go ahead and do it. It’s one of the best softwares that we have used, and it’s all encompassing. It gets all departments together on one system.”
Ncommunity
Case Study
First Financial Bank
Nrisk
Case Study
Montecito Bank & Trust
Nvendor
Case Study
$800+ Million Credit Union
Nvendor
Case Study
CBC Federal Credit Union
$16 Billion Bank Relieves the Burden of CRA Data Analytics with Ncommunity
- Heather Montgomery, First Financial bank Community Development Analyst
Learn how Ncontracts helps First Financial:
- Configure risk assessments
- Optimize the risk appetite/risk mitigation practices
- Reduce internal costs and time through collaboration
- Manage the vendor lifecycle
Efficient, Customizable Risk Management
- James Jefferson, Chief Risk Officer, Montecito Bank & Trust
Learn how Ncontracts helps Montecito Bank:
- Hold fewer meetings
- See risk in real time
- Ease exam prep
- Minimize headcount
- Simplify reporting
Showing Examiners the Work
Nvendor Is This Internal Audit Director’s Scalable Secret Weapon for Vendor Management
"This is the fifth financial institution I’ve used Nvendor at since 2010…Nvendor is seamless, customizable, and scalable. If I’m going to build a vendor management program, this is what I need.�quot;
- Internal Audit Director, $800+ Million Credit Union
Learn how Ncontracts helps this credit union:
- Increase vendor visibility
- Improve reporting
- Save thousands by eliminating unwanted autorenewals
- Prevent a repeat regulatory writeup
- Decrease management workload
Showing Examiners the Work
"Being able to create all the reporting with the same data across the different modules within the Ncontracts suite makes the whole experience so much easier for me to administer and present to the board and executive leadership team."
- Tim Rademaker, VP of Enterprise Risk Management
Learn how Ncontracts helps CBC:
- Spend dramatically less time on reporting
- Reduce full-time headcount
- Cut down on administrative tasks
- Improve business case analysis
- Create risk management culture