Purpose

This a​dvisory bulletin communicates the Federal Housing Finance Agency’s (FHFA) supervisory expectation that Fannie Mae and Freddie Mac (collectively, the Enterprises) maintain the safety and soundness of their operations by effectively managing counterparty risks. FHFA expects each Enterprise to assess financial, operational, legal, compliance, and reputation risks associated with its single-family Seller/Servicer counterparties and to take appropriate action to mitigate those risks or reduce the Enterprise’s exposure. Toward this end, each Enterprise should implement a board-approved risk management framework that specifically includes risk-based oversight of single-family Seller/Servicers. Enterprise oversight should be performed pursuant to policies and procedures as described in this advisory bulletin.

​Background

The business relationships between the Enterprises and Seller/Servicers are a fundamental component of the Enterprises’ delegated business models. Seller/Servicers engage in business transactions with and on behalf of the Enterprises, principally selling loans and performing servicing functions, under the terms of each Enterprise’s respective selling and servicing guide and other contractual provisions. The term “Seller/Servicer” as used in this advisory bulletin includes all entities that sell single-family mortgage loans to the Enterprises or perform single-family mortgage loan servicing for the Enterprises.

Seller/Servicers may engage in all aspects of a mortgage loan’s lifecycle or specialize in phases of the lifecycle (e.g., servicing delinquent mortgage loans). Individual Seller/Servicers may present unique risks due to their organizational structure and complexity; operational and technological capabilities and capacity; experience; access to financial resources, both funding and capital; and scope of regulatory oversight.

Guidance

Risk Management Framework

The board of directors is responsible for overseeing the Enterprise’s overall risk management. The use of a third party does not relieve the Enterprise’s board of directors and senior management of their respective responsibilities to oversee and manage the risks that arise out of the Enterprise’s Seller/Servicer relationships.

FHFA expects each Enterprise to have a risk management framework for Seller/Servicers as part of its enterprise-wide risk management program. An effective risk management framework addresses the Seller/Servicer relationship for the duration of its lifecycle, including due diligence and selection, contract negotiation, ongoing monitoring (including performance review and issue resolution), and termination.

The framework should incorporate a policy for the oversight of Seller/Servicer relationships. The policy should establish standards for identifying, assessing, monitoring, and managing risks associated with Seller/Servicer relationships. The policy should assign clear roles and responsibilities and require that significant decisions with respect to Seller/Servicers be documented and include all appropriate Enterprise stakeholders, including Enterprise risk management. The policy should require that significant issues related to a Seller/Servicer or exceptions to the policy be reported to senior management. The policy should identify criteria for when significant issues will be reported to the board of directors (or a committee thereof). The policy should be implemented by business line-level policies and procedures that establish processes and controls.

Selection of Seller/Servicers 

Prior to entering into a contractual relationship with a Seller/Servicer, the Enterprise should perform due diligence and document the results. The due diligence should evaluate relevant risks related to a potential Seller/Servicer and should be informed by the factors below. The framework may provide for due diligence to be conducted using a risk-based approach, pursuant to defined criteria. 

​Financial Risk Factors 

​​Financial risk is the risk of loss due to the Seller/Servicer’s inability to meet its financial obligations. Financial risk may arise due to deterioration in the Seller/Servicer’s financial condition, significant growth, or an unexpected event that causes financial hardship. The Enterprises should consider the following in assessing each potential Seller/Servicer’s financial risk, as appropriate:

• Overall financial strength and financial ratio trends; 
  
• Business plan, expertise, and loan production sources; 
  
• Ability to meet selling and servicing guides and other contractual provisions, including representations and warranties, under stable and adverse economic scenarios; 
  
• Existing and anticipated sources of income, capital, and liquidity; 
  
• Quality of loans; 
  
• Projected levels of loans, mortgage servicing rights (MSRs), and other servicing assets (e.g., MSR strips, servicing advances); 
  
• Adequacy of fidelity bond and errors and omissions insurance coverage; and 
  
• Complexity of the Seller/Servicer’s financial structure, including the terms of any financial arrangements with other parties. 
  

Operational Risk Factors

Operational risk is the exposure to loss from inadequate or failed internal processes, people, and systems, or from external events. Operational risk may arise when a Seller/Servicer cannot effectively perform the duties that it has contracted to perform due to deficiencies in its operations or controls. The Enterprises should consider the following in assessing each potential Seller/Servicer’s operational risk, as appropriate: 

• Current and prospective resources and capacity regarding staffing, facilities, technology infrastructure, and any sub-servicing arrangements; 
  
• Organizational structure, complexity, and ownership, including affiliates; 
  
• Key personnel, principals, and controlling shareholders, including information from background checks, when appropriate; 
  
• Reliance on, exposure to, and performance of sub-servicers, location of subservicers, and the Seller/Servicer’s ongoing monitoring program and quality control testing of sub-servicers; 
  
• Seller/Servicer oversight of third-party service providers (e.g., mortgage brokers, appraisers) contractually obligated to the Seller/Servicer, not the Enterprise; 
  
• Risk management program, internal controls and results of audits or reviews, including independent post-closing loan review process; 
  
• Business continuity and contingency planning; and 
  
• Information technology management program, including an information security framework. 
  

Legal, Compliance, and Reputation Risk Factors 

Legal, compliance, and reputation risk exists when a Seller/Servicer’s operations are not consistent with laws, regulations, sound practices, or an Enterprise’s selling and servicing guides and other contracts. The Enterprises should consider the following in assessing the legal, compliance, and reputation risk associated with potential Seller/Servicers, as appropriate: 

• Maintenance of the appropriate federal and state charters or licenses required for or relevant to operating their business; 
  
• Scope of federal and state regulatory oversight, both prudential and consumer protection; 
  
• Compliance programs for all applicable laws and regulations, including consumer protection laws; 
  
• Record of compliance with applicable laws and regulations, based upon publicly available information; 
  
• Information known or reasonably available to an Enterprise about loan originators used by the Seller/Servicer and their compliance with consumer protection laws; 
  
• Publicly available information about supervisory and legal actions, including criminal and civil actions, taken against the Seller/Servicer, key personnel, principals or controlling shareholders, and affiliates; 
  
• Publicly available information about investigations and litigation initiated by federal and state authorities, and agreements reached in conjunction with those actions, including the assessment of fines; 
  
• Orders issued under the FHFA Suspended Counterparty Program; and 
  
• Significant consumer complaints or a pattern of consumer complaints. 
  

Evaluation of these risk factors should be consistent with, and supportive of, the standards for approving Seller/Servicers articulated in the risk management policy. 

Ongoing Monitoring 

​Monitoring of the Seller/Servicer for the duration of the relationship is essential to an Enterprise’s ability to manage Seller/Servicer risks. As part of ongoing monitoring, each Enterprise should have risk-based procedures that require updating information obtained during the approval process and performing subsequent analysis to evaluate changes in a Seller/Servicer’s risk. FHFA expects that ongoing monitoring will be risk-based, so it will vary among individual Seller/Servicers and may change over time for a particular Seller/Servicer. Enterprise policy regarding the scope and frequency of ongoing monitoring activities should be commensurate with the risk associated with the particular Seller/Servicer. 

The documented analysis should take into account factors assessed during the approval process, as well as the following factors, as appropriate: 

• Volume of loans sold; MSRs retained, sold, transferred, or pledged; and servicing transfer activity, noting rapid or significant changes; 
  
• Outstanding obligations and past performance regarding recoveries of repurchases and compensatory fees; 
  
• Adherence to approved terms of business, including capital requirements, sales volume, and product limitations; 
  
• Delivery and servicing performance record; 
• Contractual ability of the Enterprise to access Seller/Servicer records and conduct onsite visits; 
  
• Results of operational reviews performed by the Enterprise; 
• Results of the Enterprise’s review of a Seller/Servicer for the Seller/Servicer’s compliance with consumer protection and other laws where the Enterprise may have legal liability as a result of the Seller/Servicer’s noncompliance; 
  
• Information about a Seller/Servicer’s compliance with consumer protection laws where the Enterprise may be exposed to significant risk as a result of the Seller/Servicer’s noncompliance; 
  
• Record of compliance with Seller/Servicer guides and other contractual terms, including compliance with laws and regulations, based on Enterprise compliance and quality control reviews; 
  
• Results of fraud and data integrity reviews; 
  
• Volume, type, and pattern of Seller/Servicer guide waivers considering documented justification for waivers, and results of ongoing performance reviews of loans with waivers relative to justification and expectations; 
  
• Sufficiency and timeliness of performance data to evaluate the quality and effectiveness of Seller/Servicer processes for actual and projected volumes; 
  
• Accuracy and completeness of loan recordkeeping, including loan data systems and loan documentation, throughout the life of the loan; 
  
• Changes in the Seller/Servicer’s business model, strategies, or practices; and 
  
• Operational and system complexity, including after an acquisition or merger involving multiple locations, systems, and processes.