This annual report describes FHFA's accomplishments, as well as challenges, the agency faced in meeting the strategic goals and objectives during the past fiscal year.
Read about the agency’s 2020 examinations of Fannie Mac, Freddie Mac and the Home Loan Bank System.
Submit comments and provide input on FHFA Rules Open for Comment by clicking on Rulemaking and Federal Register.
Implement critical reforms that will produce a stronger and more resilient housing finance system.
FOSTER competitive, liquid, efficient, and resilient (CLEAR) national housing finance markets that support sustainable homeownership and affordable rental housing; OPERATE in a safe and sound manner appropriate for entities in conservatorship; and PREPARE for eventual exits from the conservatorships.
2019 Conservatorships Strategic Plan
FHFA experts provide reliable data, including all states, about activity in the U.S. mortgage market through its House Price Index, Refinance Report, Foreclosure Prevention Report, and Performance Report.
FHFA economists and policy experts provide reliable research and policy analysis about critical topics impacting the nation’s housing finance sector. Meet the experts...
AB 2020-04: FINANCIAL REPORTING AND DISCLOSURE AND EXTERNAL AUDIT
This Advisory Bulletin (AB) articulates the Federal Housing Finance Agency's (FHFA) supervisory expectations for oversight and management of financial reporting and disclosures and of the external audit function.
This AB applies to Fannie Mae and Freddie Mac (the Enterprises), the Federal Home Loan Banks (FHLBanks), and the FHLBanks' Office of Finance (OF) (collectively, the regulated entities)
 and is effective immediately. This AB rescinds, and along with AB 2016-05 Internal Audit Governance and Function, replaces FHFA's Examination for Accounting Practices guidance.
Transparent financial reporting and disclosures, subject to strong internal control over financial reporting (ICFR) and confirmed by a high-quality external audit, help ensure that published financial information is reliable and free from material misstatements for all stakeholders. Timely, accurate, complete, and meaningful reporting and disclosures regarding financial condition and performance support FHFA's risk-focused supervision of the regulated entities. For FHFA as a prudential regulator, such reporting facilitates effective risk assessments, off-site monitoring, and examination planning. Financial condition and performance metrics for capital adequacy, liquidity, earnings adequacy, and asset quality are based on information in these reports.
The Office of Federal Housing Enterprise Oversight (OFHEO) issued the Examination for Accounting Practices guidance to the Enterprises in 2006. FHFA revised and updated that guidance in 2009 and expanded its application to the FHLBanks. With the issuance of this financial reporting and external audit guidance and AB 2016-05 Internal Audit Governance and Function, FHFA has updated and revised the 2009 guidance to reflect our regulatory experience and that of other financial regulators, and to more clearly communicate FHFA's supervisory expectations in these areas to the regulated entities.
Regarding financial reporting and external audit, the regulated entities are governed by different, yet generally concordant, FHFA and/or Securities and Exchange Commission (SEC) regulations and auditing standards.
Each Enterprise and FHLBank is covered by FHFA's Prudential Management and Operations Standards (PMOS) and each regulated entity reports financial information in conformance with U.S. Generally Accepted Accounting Principles (GAAP).
 Enterprise and FHLBank management assess the effectiveness of their respective entity's ICFR based on the criteria in the Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
The referenced FHFA, SEC, and NYSE rules and regulations, as applicable, address a wide range of audit committee governance topics including:
The guidance in this AB is intended to be consistent with applicable statutes, regulations, GAAP, and auditing standards. In some instances, substantive elements of guidance herein for all regulated entities may be addressed by FHFA regulation, SEC regulation, or applicable accounting or auditing standards for one or more regulated entities. This guidance does not relieve or diminish the responsibility of a regulated entity's board of directors or management to follow applicable laws, rules, and regulations and to conform to applicable accounting standards. Any perceived conflicts should be resolved so as to comply with applicable laws and regulations, and in conformance with accounting standards.
I. Financial Reporting and Disclosure Oversight and Management
Regulated entities' boards of directors and senior managers are responsible, within their respective roles as described in FHFA's corporate governance regulation and prudential standards, for the institution operating in a safe and sound manner. Entities should maintain effective accounting and reporting systems and ICFR to produce reliable and accurate financial reports and meaningful disclosures.
To address accounting, financial reporting, and disclosure, audit committees should:
A. Assessing Materiality
An entity's audit committee should review and clearly understand how management and the external auditor assess financial statement materiality. For public financial disclosures, FHFA's regulated entities should follow materiality guidelines established by the SEC and other U.S. standard-setters and regulators as appropriate. FHFA is informed by the SEC's statements regarding materiality and generally considers them as part of its ongoing review of regulated entities' accounting practices and controls.
A regulated entity's determination that an accounting matter is material or presents a materiality issue may be a factor in FHFA's oversight of a regulated entity. An item not being deemed to be “material" or not having “materiality" for financial reporting purposes, however, would not necessarily preclude FHFA from having supervisory concerns about the item. Further, FHLBanks may be required to provide information that is less than material to their individual financial statements to the OF in order to support FHLBank System combined financial filings.
B. Accounting Policies and Procedures
FHFA expects each regulated entity's management, with appropriate audit committee oversight, to establish and maintain:
Each regulated entity currently submits its accounting guide to FHFA annually, and significant revisions to FHFA quarterly, although the FHFA Chief Accountant may request more frequent submissions.
C. Internal Control over Financial Reporting
Each regulated entity is responsible for designing, implementing, monitoring, and maintaining its ICFR.
 Each regulated entity should ensure that its ICFR system is designed to minimize the risk of a material financial misstatement, whether due to reporting error, fraud, or other external or company-specific risks.
FHFA expects regulated entities to develop, implement, and maintain robust business and accounting systems and processes subject to rigorous quality controls to minimize the possibility of material misstatements. Regulated entities should remediate identified deficiencies timely and should not allow significant control deficiencies to persist.
ICFR review functions
 should be structured to ensure that those persons performing and evaluating testing are appropriately independent of the controls being tested. Each regulated entity should ensure that it has protocols in place for its employees and vendors to comply with the regulated entity's ICFR-related policies and procedures.
Each regulated entity should have a system in place to provide reasonable assurance that accounting and disclosure policies and procedures reflect regulatory and GAAP requirements and should have proper procedures and processes in place to evaluate compliance with those requirements. The ICFR risk assessment process should include assessing new products and business lines, as well as significant growth, shrinkage, and other changes in existing products and business lines. This should help ensure that key controls are identified and tested so that potential control deficiencies are identified timely and properly addressed.
Each regulated entity's management should ensure, and its audit committee should oversee, that the regulated entity establishes, implements, and maintains effective controls over information reported to FHFA through FHFA's Call Report System and in formal data requests.
D. Regulated Entity Accounting Staff
Each regulated entity's management should hire sufficient numbers of technically competent accounting staff and that staff should remain professionally competent and current in professional standards. Accounting departments should implement and maintain quality control procedures to ensure that they follow accounting policies and procedures. Further, accounting staff should be charged with reporting any non-compliance with GAAP to appropriate management and/or auditors.
E. Financial Statements
As SEC registrants, each FHLBank and Enterprise must prepare and timely file with the SEC periodic financial statements and disclosures that comply with applicable SEC regulations. Each regulated entity also should prepare and timely file financial statements and information as required by FHFA regulations. FHFA encourages the regulated entities to maximize transparency in their public financial reporting and disclosures, and to establish and implement policies that lead to comparable and consistent accounting and disclosures to the extent practicable.
FHFA expects each FHLBank and Enterprise to submit to FHFA any financial information, disclosures, or other items it submits to the SEC that are not available to FHFA in public filings. FHFA also expects each regulated entity to provide additional information about the financial information, disclosures, and other items it submits to the SEC when and in the manner requested by FHFA.
F. Non-GAAP Measures in Financial Statements
Regulated entities should consider risks associated with presenting non-GAAP measures in public financial reports, along with their responsibilities to transparently inform stakeholders about the entity's financial condition and results of operations. If a regulated entity decides to disclose a non-GAAP measure in its periodic filings, that measure should be subject to rigorous internal controls, should not be presented more prominently than similar GAAP measures, and should otherwise conform to applicable regulations. Any new proposed non-GAAP measure should be discussed with the audit committee, as appropriate, prior to initial publication.
G. Alternate and Preferable GAAP Accounting Treatments
At least quarterly, each regulated entity's audit committee should review management's analyses of significant financial reporting issues and accounting judgments made in preparing the entity's financial statements. To facilitate this review, management should highlight, and the committee should review, significant new or unusual items arising during the financial quarter, and management's anticipated implementation of significant new or revised GAAP. These reviews should include effects of alternative GAAP methods. The audit committee should also review and discuss these areas (and others as described in applicable rules, regulations, and guidance) with the external auditor.
FHFA believes that it is prudent for the regulated entities' audit committees to assess the costs and benefits of engaging an independent third party to evaluate one or more accounting policy areas at least every two years. Committees should report their findings to their board of directors and to FHFA. Such a review may be appropriate for new or revised GAAP guidance and/or for new types of transactions that the regulated entity expects to become material, especially those for which the accounting may involve significant estimates and/or management judgments.
If the audit committee determines that the results of any such assessment warrant a targeted evaluation, it should then consider the appropriate form and scope of the engagement. Given the potential relevance of such assessments to FHFA's supervisory responsibilities, the regulated entity should structure any targeted evaluation engagement so as to make reports and workpapers available for review by FHFA.
II. External Audit Function Oversight
Rigorous and effective audit committee oversight of external audit functions is critical to secure the benefits of an independent, high-quality audit. FHFA expects each regulated entity's audit committee to perform this role in accordance with applicable FHFA, SEC, and NYSE requirements. Further, FHFA expects each audit committee to establish and maintain appropriate charter elements, and well-documented policies where needed, around this oversight role. Finally, FHFA encourages regulated entities to develop, and audit committees to regularly review and approve for publication, disclosures that provide insight and information to stakeholders about how the committees oversee their external auditors.
A. Overseeing the External Audit Relationship
The concepts in this section should be considered when appointing, retaining, or terminating an external auditor.
1. Monitoring Performance
Each regulated entity's audit committee should perform and document a comprehensive assessment of the external audit firm's performance at least annually. As part of the review, the committee should request and review input from audit committee members, management, and internal auditors regarding the performance of the external auditors. The current external auditor's tenure should be considered as a factor in the assessment.
FHFA expects each audit committee to identify and consider Audit Quality Indicators (AQIs) to inform dialogue and discussions with the external auditor. AQIs are qualitative and quantitative performance metrics to help inform stakeholders, including audit committees, about key conditions or attributes that may contribute to audit quality. AQIs may be defined at both the auditing firm and the audit engagement team levels. While there is no regulation or auditing standard requiring firms to report or audit committees to use AQIs, larger auditing firms provide firm-level AQIs and/or similar information to their stakeholders.
 FHFA views identifying and assessing AQIs as a best practice in assessing external auditor performance.
The audit committee should consider the external auditor's internal quality control procedures, including the auditing firm's processes for performing quality control reviews, when evaluating the external auditor. The committee should discuss the auditing firm's internal quality control reviews and external PCAOB inspection results with the external auditors as part of their performance assessment. The committee should pay particular attention to any deficiencies or non-compliance issues identified by the PCAOB or internal reviews that are relevant to their regulated entity's audit. To aid in this process, the audit committee should request that the external auditor align any PCAOB inspection deficiencies with potential areas of exposure to the audit of the regulated entity. The audit committee should have a good understanding of how the audit firm is addressing any identified deficiencies, including remediation plans and timetables.
Auditing firm tenure is not explicitly addressed by FHFA or SEC regulations. Even if an incumbent auditing firm has performed satisfactorily, FHFA considers it prudent for audit committees to periodically consider, and document their consideration of, the potential costs and benefits of changing or retaining their incumbent auditing firms at least every five years, or more frequently if circumstances warrant.
2. Monitoring Independence
External auditor independence is necessary for a reliable audit. Therefore, each regulated entity's audit committee should carefully consider regulatory and professional requirements regarding independence in fact and appearance during all phases of the audit engagement.
 Independence requirements apply to the external auditing firm, to engagement and concurring partners, and to auditing firm staff and contractors working on the engagement. The audit committee should have a robust process for monitoring and assessing the external auditor's independence, including understanding how the external auditor assesses and monitors independence within the auditing firm.
The external auditor's communications to the audit committee regarding independence and the committee's related discussions and decisions regarding the auditor's independence should be appropriately documented. Arrangements regarding any permissible non-audit services to be provided by the audit firm should be clear and transparent, should not involve contingent compensation other than appropriate arrangements for tax work, and should be pre-approved by the audit committee. If the committee delegates some of its pre-approval authority to, for example, its Chair, it should subsequently ratify the delegate's approval.
At least annually, the committee should review the nature of all services performed by the external audit firm and assess the relative magnitude of fees and personnel involved. The committee should then consider establishing safeguards, as needed, to mitigate potential threats to audit independence that may arise as a result of providing these other services. Further, the audit committee should be informed about and consider business and financial relationships between the auditor and the regulated entity or its officers, directors, or significant shareholders, and about employment of former regulated entity employees by the auditing firm and vice versa, as necessary to identify and address circumstances that could indicate a lack of independence or the appearance thereof.
B. Communication with External Auditor and Audit Engagement Letters
Each regulated entity's audit committee and its external auditor should have an open working relationship. Communications should be frank and robust and should cover the full range of potential topics related to financial reporting and audit risks. Significant discussions during scheduled audit committee meetings should be clearly documented in committee minutes. Other relevant substantive discussions should be appropriately documented in audit committee packages or minutes. Audit committees can promote effective communications by:
It is also important for the audit committee to have ongoing communication with the external auditor regarding its audit fees. One objective of those communications is to provide assurance to the audit committee that negotiations for the fees and the fee arrangements themselves encourage the external auditor to conduct rigorous, high-quality audits and reviews.
The engagement letter is the key document defining the relationship between the regulated entity and its external auditor. FHFA's authority to examine the regulated entities allows it to have access to all regulated entity documents, including accounting records. FHFA expects regulated entities' external audit engagement letters to be consistent with FHFA's examination authority. Accordingly, FHFA expects that each regulated entity's engagement letter should:
C. Audit Committee Transparency
FHFA regulations and guidelines require that the audit committees for the regulated entities review their charters annually and that the boards of directors reapprove them at least every three years.
 FHFA's regulated entities regularly publish their audit committee charters. Besides serving as the committee's roadmap to help ensure that it fulfills all of its duties and obligations, a well-drafted charter can provide outside readers with insights on the committee's governance and functions.
Under the PCAOB standards, auditor tenure is now a required element of the independent auditor's report. Also, critical audit matters—which are matters that have been communicated to the audit committee, are related to accounts or disclosures that are material to the financial statements, and involved especially challenging, subjective, or complex auditor judgment—must be reported by the auditor beginning in the next few years.
 While this reporting is the responsibility of public companies' external auditors, we believe that these requirements evidence increased demand by financial statement users for information on audits and audit governance.
While effective audit committee oversight of and engagement with the external auditor are keys to obtaining a high-quality audit, there are no formal rules or standards that require those topics to be reported to shareholders. That said, industry studies confirm an increasing trend among public companies to make enhanced voluntary disclosures about their audit committees' oversight of the external audit function. Examples include disclosures about the factors that the audit committee considers when appointing or retaining an external auditor, the role of the audit committee in fee negotiations and compensation, the length of time the auditor has been engaged, whether evaluations of the auditing firm are done annually, and audit partner selection and rotation.
FHFA encourages each regulated entity's audit committee to consider providing such voluntary disclosures regarding its role in supporting a quality audit. The audit committee should remain aware of industry trends and developments regarding audit committee transparency and should work to provide the regulated entity's stakeholders with relevant information regarding their activities to the extent practicable.
III. Annual Review by Audit Committee
At least annually, each regulated entity's audit committee should review, with any appropriate professional assistance, the committee's performance in light of the requirements of laws, rules, and regulations that are applicable to its activities and duties. The committee should also assess whether it is operating consistent with applicable regulatory guidance. The audit committee should provide the FHFA Chief Accountant with the materials and procedures employed in such review, as well as the final report. The review may be done as part of a committee self-assessment, an outside review, or a combination of approaches.
Related Regulations and Guidance
12 CFR Part 1236 and Appendix – Prudential Management and Operations Standards
12 CFR Part 1239 – Responsibilities of Boards of Directors, Corporate Practices and Corporate Governance Matters
12 CFR Part 1273 – Office of Finance
12 CFR Part 1274 – Financial Statements of the Banks
Securities and Exchange Commission Guidance Regarding Management's Report on Internal Control Over Financial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934, 72 Fed. Reg. 35324 (June 27, 2007) (codified at 17 CFR Part 241)
Securities and Exchange Commission Rule 10A-3: Listing Standards Relating to Audit Committees (National Securities Exchanges), 17 CFR § 240.10A-3
Securities and Exchange Commission Rule Reg. S-X: Form and Content of and Requirements for Financial Statements, Securities Act of 1933, Securities Exchange Act of 1934, Investment Company Act of 1940, Investment Advisers Act of 1940, and Energy Policy and Conservation Act of 1975 (Qualifications and Reports of Accountants), 17 CFR § 210.2-01 through -07
Securities and Exchange Commission Rule Reg. S-K: Standard Instructions for Filing Forms under Securities Act of 1933, Securities Exchange Act of 1934 and Energy Policy and Conservation Act of 1975, 17 CFR Part 229
Public Company Accounting Oversight Board Rule 3526: Auditor Communications with Audit Committees Concerning Independence
NYSE, Inc., Listed Company Manual, § 303A (Corporate Governance Standards) (2018)
 The OF is not a “regulated entity" as the term is defined by 12 U.S.C. 4502(20), but for convenience, references to the “regulated entities" in this AB should be read to also apply to the OF as regards its roles in issuing combined financial reports and engaging the external auditor for those reports, and to regulated entities' affiliates as regards their roles, if any, in issuing public financial reports and in engaging external auditors.
 Duties of FHLBank audit committees are described in 12 CFR 1239.32. Duties of the OF audit committee are described in 12 CFR 1273.9. Part 1239 stipulates that the duties and responsibilities of Enterprise audit committees are set forth under rules issued by the New York Stock Exchange, and further requires that those committees comply with requirements set forth under section 301 of the Sarbanes-Oxley Act, 15 U.S.C.§ 78j-1(f). The Prudential Management and Operations Standards set forth in the Appendix to 12 CFR Part 1236 also include standards applicable to the audit committees of the FHLBanks and Enterprises.
 See 12 CFR 1274.2(c).
 See 12 CFR 1274.2(c).
 See 12 CFR 1274.2(d), (e).
 See 12 CFR Part 1236, Appendix (Standard 10.1) and 12 CFR 1273.6(b) (2).
 SEC Exchange Act Rule 13a-15(f) defines the term “internal control over financial reporting" as: a process designed by, or under the supervision of, the issuer's principal executive and principal financial officers, or persons performing similar functions, and effected by the issuer's board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:
See 17 CFR 240.13a-15(f).
 For the OF, this refers to the ICFR over the OF's process for producing the FHLBanks' combined financial reports.
 On comparability and consistency, see FASB Statement of Financial Accounting Concepts No. 8 as amended August 2018.
 See Center for Audit Quality, “Audit Quality Indicators: The Journey and Path Ahead," Jan. 12, 2016.
 The FHLBanks and the OF, in light of the FHLBank System's requirement to issue combined financial statements, have historically engaged the same external audit firm. Therefore, they undertake external auditor performance reviews and decisions on which audit firm to engage jointly.
 The external auditor must meet the requirements of independence set forth by the PCAOB Auditing Standard 1005 and in the SEC regulations at 17 CFR § 210.2-01.
 71 Fed. Reg. 6847 (Feb. 9, 2006).
 See 12 CFR Part 1236, Appendix (Prudential Management and Operations Standard 2.2) (regulated entity boards); 12 CFR 1239.32(d) (1), (2) (Bank audit committees and boards of directors); 12 CFR 1273.9(c) (1) (i), (ii) (Office of Finance). Enterprise boards of directors must adopt a written charter for each board committee and comply with the committee requirements of the NYSE rules and section 301 of the Sarbanes-Oxley Act, 15 U.S.C. § 78j-1.
See 12 CFR 1239.5(b). Neither those incorporated provisions nor the regulation itself imposes any requirements with respect to the review or re-approval of committee charters.
 See PCAOB Auditing Standard 3101.
 See 2018 Audit Committee Transparency Barometer prepared by the Center for Audit Quality and by Audit Analytics (November 2018).
FHFA has statutory responsibility to ensure the safe and sound operations of the regulated entities and the Office of Finance. Advisory bulletins describe FHFA supervisory expectations for safe and sound operations in particular areas and are used in FHFA examinations of the regulated entities. Questions about this advisory bulletin should be directed to
© 2022 Federal Housing Finance Agency