<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">
Fannie Mae Seller Requirement Series

Part 1: Increased Risk of BCP and Vendor Management Audits

Breaking down the regulatory requirements of Fannie Mae risk management priorities.

Hi, I'm Nicole, your friendly regulatory compliance counsel. Ncontracts asked me to do a brief video series on Fannie Mae's requirements for business continuity, audit and management controls, and management of vendors and other third-party service providers. These three requirements complement each other and really go hand in hand.

The first question you may be pondering is why are BCP audit and management controls and vendor management important to Fannie Mae?

The pandemic highlighted the great need for solid business continuity plans, BCP, auditing, and vendor oversight. And now that need has been spotlighted because of the pandemic and coupled with some recent events with Fannie Mae's regulator, which I will discuss in this video. 

FHFA's prior director was replaced by acting director, Sandra Thompson. So our new acting director, Sandra Thompson led the agency's examination and enforcement program for risk management and consumer protection at the height of the financial crisis before she was appointed to acting director. So given her background, I would say that she's probably pretty passionate about risk management and consumer protection. In fact, in FHFA's, June 2020 report to Congress, that Thompson signed off one and participated in, they focused in on BCP, auditing, and vendor oversight.

So here's some highlights straight from that congressional 2020 report. One thing FHFA examiners consider the enterprises inherently have high operational risks from vendors and other third parties, risks related to business continuity, disaster recovery, data management, and reliance on third-party service providers.

So, the financial stability oversight council and the government accountability office each recommended that Congress authorize FHFA to examine third parties that do business with regulated entities like Fannie Mae, and of course, FHFA concurred with those recommendations.

So now we're looking at Fannie Mae being able to audit you at any time and possibly being audited by FHFA also because you do business with Fannie Mae. So what's the jist of all those statements in the 2020 congressional report?

Basically, the FHFA is saying they want to get all up in your business, and they're not satisfied with Fannie Mae's sole oversight of their mortgage sellers and services, but they want to get a little piece of that oversight pie for themselves.

So you're looking at clear directives from Fannie Mae, that they may come audit you at any time. And also the possibility, like I said before, that the Fannie Mae regulator, the FHFA will possibly come audit you also down the road.

And let's not forget about Biden's new executive data security order.

A big part of BCP planning is ensuring you maintain your customer's data and PII when a disaster occurs. And that includes assuring your critical vendors have proper data security procedures in place by conducting vendor oversight.

The pandemic combined with these recent changes, culminates into a quiet storm brewing. 

So let's not wait till you get a knock on your door from Fannie Mae telling you, "congratulations, you've been chosen for an all-expenses-paid by you, not us, audit.

Let's get proactive and prepare for that possibility now versus later.

Subscribe to the Nsight Blog to get notified of new webinars!

Millions of risks. Multiple solutions.
One trusted source.

Risk Performance Management Suite
Integrated solutions, made for integrated risk.
Troy Cyrus
Compliance Officer, Emery Federal Credit Union

“I’ve gotten back weeks of productivity that I can use in other areas within our business. It’s a big timesaver. The cool thing about it is what work I do in there actually transfers through all the other modules we own and use.” 

James Jefferson
Chief Risk Officer, Montecito Bank & Trust

“We already had strong risk management in place. We didn’t need a system to teach us that. We needed a system that could work with our existing approach. For us, it was all about automation and customization.”

SVP
Integrated Risk, $6+ billion-asset credit union

“When you pick a partner yes, there’s software and what it brings to the table, but also what resources do they have as far as knowledge as far as subject matter experts and professional services that you can leverage to strengthen your team and your position and do so in a way that lets you run as lean as you need to for your organization.” 

Jamie Kibler
Chief Compliance Officer, Richwood Bank

“My advice for financial institutions thinking about Ncontracts is to go ahead and do it. It’s one of the best softwares that we have used, and it’s all encompassing. It gets all departments together on one system.”