<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Fannie Mae Seller Requirement Video Series: BCP, Vendor Management & Audits

Lending Compliance

Fannie Mae Seller Requirement Video Series: BCP, Vendor Management & Audits

Posted by Ncontracts on Sep 15, 2021 6:00:00 AM

Fannie Mae has always been all about risk management, and with Acting Director Sandra Thompson running the Federal Housing Finance Agency (FHFA), it’s taking on even more of a focus, especially when it comes to:

  • Business continuity and disaster recovery 
  • Third-party and vendor management 
  • Audit and management controls 

Ncontracts has a video series breaking down the regulatory requirements of each of these Fannie Mae risk management priorities. In each video, one of our compliance experts dives into the requirements, how the current environment has impacted expectations, and what mortgage lenders, sellers, and servicers need to do to be compliant.  

New call-to-action

Why the focus on risk management? 

Thompson ran the FHFA’s examination and enforcement program for risk management and consumer protection at the height of the financial crisis. That gave her a front row seat for the best and worst outcomes of the crisis—including what caused them and what prevented them. 

Each year the FHFA issues a report to Congress covering its activities and the activities of the entities it regulates. This year Thompson signed off on the report which focused on the three aforementioned themes, which are all connected.  

Learn more in this video Fannie Mae Seller Requirements: The Increased Risk of BCP and Vendor Management Audits. 

Business continuity and disaster recovery procedures. Fannie Mae seller and servicer guides and agreements have always expected mortgage lenders, sellers, and servicers to follow their individual business continuity and disaster recovery plans—and those plans should ensure the ability to regain critical business operations.  

While this isn’t a new requirement, it seems like it was one that some mortgage lenders and servicers didn’t pay much attention to, which became clear during the COVID-19 pandemic. 

What are Fannie Mae’s BCP expectations? Watch the video to learn about what to expect from a BCP and vendor management audit 

Third-party and vendor management. During the pandemic, some critical third-party vendors folded. Mortgage lenders and servicers without a business continuity or disaster recovery plan saw their operations hugely disrupted and were left scrambling to find approved Fannie Mae vendors.  

Vendor management is a necessity for every mortgage seller and servicer. The necessary due diligence makes it possible to recognize when vendors are struggling financially or otherwise and take action (including finding an alternate vendor) before the vendor is in crisis. It also provides insight into vendors’ business continuity plans so that you know whether or not your vendors are equipped to handle a disaster or disruption—and whether they’ll be able to quickly restore your operations. 

Good vendor management also helps protect against ransomware and other data security issues. It ensures that vendors are required to quickly inform you of data breaches, provide reports and testing results that let you know how effective their cyber controls are, and share information about their own third-party vendors (including their data security and BCPs). 

Check out the video for deeper insights into Fannie’s vendor management requirements 

Audit and management controls. Fannie Mae conducts audits to validate adherence to their requirements and assess operational capabilities. The documents will include policies, procedures, reports, and loan files. They also expect to see test results. Fannie Mae also expects lenders to routinely audit their vendor management and BCP themselves. 

Recently The Financial Stability Oversight Council (FSOC) and the Government Accountability Office (GAO) both recommended that Congress authorize FHFA to examine third parties that do business with regulated entities like Fannie Mae. Fannie Mae can already audit you and the FHFA may be able to do so in the future.  

You don’t want to be caught off guard with an audit. Now is the time to review business continuity and vendor management procedures to make sure you have documented processes and procedures. What is the audit process like and what does it include? This video on Fannie Mae audit consequences will show you. 


Related: Lending Compliance Management, Made Simple

Topics: Lending Compliance, Lending Compliance Management,

Share This Page
Search Blog
    subscribe to nsight blog