Part 1: Increased Risk of BCP and Vendor Management Audits
Breaking down the regulatory requirements of Fannie Mae risk management priorities.
Hi, I'm Nicole, your friendly regulatory compliance counsel. Ncontracts asked me to do a brief video series on Fannie Mae's requirements for business continuity, audit and management controls, and management of vendors and other third-party service providers. These three requirements complement each other and really go hand in hand.
The first question you may be pondering is why are BCP audit and management controls and vendor management important to Fannie Mae?
The pandemic highlighted the great need for solid business continuity plans, BCP, auditing, and vendor oversight. And now that need has been spotlighted because of the pandemic and coupled with some recent events with Fannie Mae's regulator, which I will discuss in this video.
FHFA's prior director was replaced by acting director, Sandra Thompson. So our new acting director, Sandra Thompson led the agency's examination and enforcement program for risk management and consumer protection at the height of the financial crisis before she was appointed to acting director. So given her background, I would say that she's probably pretty passionate about risk management and consumer protection. In fact, in FHFA's, June 2020 report to Congress, that Thompson signed off one and participated in, they focused in on BCP, auditing, and vendor oversight.
So here's some highlights straight from that congressional 2020 report. One thing FHFA examiners consider the enterprises inherently have high operational risks from vendors and other third parties, risks related to business continuity, disaster recovery, data management, and reliance on third-party service providers.
So, the financial stability oversight council and the government accountability office each recommended that Congress authorize FHFA to examine third parties that do business with regulated entities like Fannie Mae, and of course, FHFA concurred with those recommendations.
So now we're looking at Fannie Mae being able to audit you at any time and possibly being audited by FHFA also because you do business with Fannie Mae. So what's the jist of all those statements in the 2020 congressional report?
Basically, the FHFA is saying they want to get all up in your business, and they're not satisfied with Fannie Mae's sole oversight of their mortgage sellers and services, but they want to get a little piece of that oversight pie for themselves.
So you're looking at clear directives from Fannie Mae, that they may come audit you at any time. And also the possibility, like I said before, that the Fannie Mae regulator, the FHFA will possibly come audit you also down the road.
And let's not forget about Biden's new executive data security order.
A big part of BCP planning is ensuring you maintain your customer's data and PII when a disaster occurs. And that includes assuring your critical vendors have proper data security procedures in place by conducting vendor oversight.
The pandemic combined with these recent changes, culminates into a quiet storm brewing.
So let's not wait till you get a knock on your door from Fannie Mae telling you, "congratulations, you've been chosen for an all-expenses-paid by you, not us, audit.
Let's get proactive and prepare for that possibility now versus later.
Subscribe to the Nsight Blog to get notified of new webinars!
Millions of risks. Multiple solutions.
One trusted source.
“I’ve gotten back weeks of productivity that I can use in other areas within our business. It’s a big timesaver. The cool thing about it is what work I do in there actually transfers through all the other modules we own and use.”
“We already had strong risk management in place. We didn’t need a system to teach us that. We needed a system that could work with our existing approach. For us, it was all about automation and customization.”
“When you pick a partner yes, there’s software and what it brings to the table, but also what resources do they have as far as knowledge as far as subject matter experts and professional services that you can leverage to strengthen your team and your position and do so in a way that lets you run as lean as you need to for your organization.”
“My advice for financial institutions thinking about Ncontracts is to go ahead and do it. It’s one of the best softwares that we have used, and it’s all encompassing. It gets all departments together on one system.”
Ncommunity
Case Study
First Financial Bank
Nrisk
Case Study
Montecito Bank & Trust
Nvendor
Case Study
$800+ Million Credit Union
Nvendor
Case Study
CBC Federal Credit Union
$16 Billion Bank Relieves the Burden of CRA Data Analytics with Ncommunity
- Heather Montgomery, First Financial bank Community Development Analyst
Learn how Ncontracts helps First Financial:
- Configure risk assessments
- Optimize the risk appetite/risk mitigation practices
- Reduce internal costs and time through collaboration
- Manage the vendor lifecycle
Efficient, Customizable Risk Management
- James Jefferson, Chief Risk Officer, Montecito Bank & Trust
Learn how Ncontracts helps Montecito Bank:
- Hold fewer meetings
- See risk in real time
- Ease exam prep
- Minimize headcount
- Simplify reporting
Showing Examiners the Work
Nvendor Is This Internal Audit Director’s Scalable Secret Weapon for Vendor Management
"This is the fifth financial institution I’ve used Nvendor at since 2010…Nvendor is seamless, customizable, and scalable. If I’m going to build a vendor management program, this is what I need. quot;
- Internal Audit Director, $800+ Million Credit Union
Learn how Ncontracts helps this credit union:
- Increase vendor visibility
- Improve reporting
- Save thousands by eliminating unwanted autorenewals
- Prevent a repeat regulatory writeup
- Decrease management workload
Showing Examiners the Work
"Being able to create all the reporting with the same data across the different modules within the Ncontracts suite makes the whole experience so much easier for me to administer and present to the board and executive leadership team."
- Tim Rademaker, VP of Enterprise Risk Management
Learn how Ncontracts helps CBC:
- Spend dramatically less time on reporting
- Reduce full-time headcount
- Cut down on administrative tasks
- Improve business case analysis
- Create risk management culture