Compendium of Open Recommendations - Federal Housing Finance Agency Office of Inspector General
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Federal Housing Finance Agency
Office of Inspector General
Compendium of
Open Recommendations
April 1, 2021TABLE OF CONTENTS ................................................................
ABBREVIATIONS ........................................................................................................................ 3
INTRODUCTION .......................................................................................................................... 4
Tracking of OIG Recommendations ......................................................................................... 4
Validation Testing ..................................................................................................................... 5
OPEN RECOMMENDATIONS .................................................................................................... 6
CLOSED UNIMPLEMENTED RECOMMENDATIONS .......................................................... 30
OIG • April 1, 2021 2ABBREVIATIONS .......................................................................
DER Division of Enterprise Regulation
Enterprises Fannie Mae and Freddie Mac
FHFA Federal Housing Finance Agency
MRA Matter Requiring Attention
OIG Federal Housing Finance Agency Office of Inspector General
PII Personally Identifiable Information
ROE Report of Examination
OIG • April 1, 2021 3INTRODUCTION ........................................................................
Since the Federal Housing Finance Agency (FHFA) Office of Inspector General (OIG) began
operations in October 2010, we have made more than 500 recommendations1 to improve
efficiency and effectiveness and reduce fraud, waste, and abuse at FHFA and at the
government-sponsored enterprises for which the Agency acts as conservator and regulator,
Fannie Mae and Freddie Mac (the Enterprises), and at the Federal Home Loan Banks for
which the Agency acts as regulator. As required under the Inspector General Act of 1978, as
amended, we provide information on open and closed recommendations in each semiannual
report to the Congress.2
To maintain the focus on opportunities for improvement that our recommendations identify,
OIG publishes on its website a monthly report setting forth all open recommendations from
our audits, evaluations, and other studies.3 For additional information on any
recommendation, please click on the hyperlinked report number to access its underlying
report. This compendium is comprehensive as of April 1, 2021.
Because FHFA serves a unique role as both conservator and regulator of the Enterprises,
OIG’s responsibilities necessarily include oversight of FHFA’s actions in both of these roles,
in order to determine whether the Agency is fulfilling its statutory duties and responsibilities
and safeguarding the taxpayers’ resources. Our oversight role also reaches the Enterprises—
recipients of $191.5 billion in taxpayer monies—to ensure that they are satisfying their
obligations under the authority delegated to them in the conservatorships. Through oversight,
transparent reporting of results, and robust enforcement, OIG seeks to be a voice for, and
protect the interest of, those who have funded Treasury’s investment in the Enterprises—the
American taxpayers.
Tracking of OIG Recommendations
Our recommendations, like those of other inspectors general, are primarily made in written
reports issued by our Offices of Audits, Evaluations, and Compliance. We report the facts,
as found, and recommend actions to address any shortcomings we identify in FHFA’s
exercise of its statutory duties and responsibilities or by one or both Enterprises, in connection
with their execution of responsibilities delegated to them by FHFA, as conservator. FHFA is
provided an opportunity to provide a written response to OIG recommendations. FHFA’s
1
Includes public and non-public recommendations.
2
OIG’s semiannual reports are available at www.fhfaoig.gov/Reports/Semiannual.
3
This report does not include recommendations under consideration for work that is in progress.
OIG • April 1, 2021 4determinations whether to agree with OIG’s recommendations are included in our published
reports. Once FHFA has accepted an OIG recommendation, it reports to us on its efforts to
implement the “corrective action” that is intended to respond to the recommendation. When
FHFA believes that its implementation efforts are well underway or that implementation is
complete, FHFA provides that information to us, along with corroborating documents, and we
rely on those materials in determining whether to close recommendations. If the Agency
rejects a recommendation or conclusively refuses to implement an acceptable corrective
action, then we will close the recommendation and report it separately in this compendium.
Validation Testing
OIG typically relies on materials and representations from the Agency to close its
recommendations and may close some recommendations based on the Agency’s
representations as to the corrective actions it has taken. Accordingly, we are not always able
to assess, at the time of closure, whether the implementation actions by FHFA meet the letter
and spirit of the agreed-upon recommendation, nor can we determine, at closure, the longer-
term impact of the recommendation. To better assess both the implementation and impact of
OIG recommendations, we concluded that validation testing is needed. Such testing, and
disclosure of results of that testing, provides greater accountability and adds value to FHFA
and the American taxpayers it serves.
Because our Offices of Audits and Evaluations historically had not conducted extensive
corrective action verification testing, we created the Office of Compliance and Special
Projects. The primary operational role of that office is to examine closed recommendations to
assess independently FHFA’s implementation of the corrective actions it represented to OIG
that it intended to take, as well as the impact of those actions, and to publish reports of its
validation testing in “compliance reviews.” These compliance reviews enable our
stakeholders to assess the impact of OIG’s recommendations, as well as the efficacy of the
Agency’s implementation of those recommendations. Compliance reviews enhance OIG’s
ability to stimulate positive change in critical areas and promote economy, efficiency, and
effectiveness at FHFA.
Any open recommendations contained in published compliance reviews are included in this
compendium.
OIG • April 1, 2021 5OPEN RECOMMENDATIONS .....................................................
Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Open Recommendations
Conservatorship
Conflicts of Interest FHFA should direct FHFA employees to Improved oversight Corporate
monitor the review and resolution of Senior Governance:
Executive Officer disclosures of potential, Review and
actual, or apparent conflicts of interest to Resolution of
ensure that revised Board committee Conflicts of Interest
charter(s) and management policies and Involving Fannie
procedures are being followed. Mae’s Senior
Executive Officers
Highlight the Need
for Closer Attention
to Governance
Issues by FHFA
(EVL-2018-001,
January 31, 2018)4
4
This recommendation is being held open pending the completion of a related 2020 FHFA planned supervisory
activity, and OIG’s assessment of that supervisory activity.
OIG • April 1, 2021 6Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA, as conservator, should direct Freddie Improved oversight Management Alert:
Mac to revise its policies and procedures to Need for Increased
align with the responsibilities assigned to Oversight by FHFA,
the Nominating and Governance Committee as Conservator, to
and facilitate the Nominating and Ensure that Freddie
Governance Committee’s execution of its Mac’s Policies and
responsibilities. [Closed in July 2018; Procedures for
reopened upon results of compliance Resolution of
testing.] Executive Officer
Conflicts of Interest
Align with the
Responsibilities of
the Nominating
and Governance
Committee of the
Freddie Mac Board
of Directors (OIG-
2017-005,
September 27,
2017) and Freddie
Mac Management
Failed to Adopt and
Implement
Conflicts of Interest
Policies Which
Aligned Fully with
FHFA’s Directive on
Senior Executive
Officers’ Conflicts
of Interest, and
With the Charter for
the Freddie Mac
Board’s
Nominating and
Governance
Committee (COM-
2020-006, August
26, 2020)
OIG • April 1, 2021 7Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA, as conservator, should determine the Improved oversight Corporate
appropriate disciplinary action against the Governance:
Chief Executive Officer for his non- Fannie Mae Senior
disclosure and untimely disclosure of Executive Officers
conflict of interest matters. and Ethics Officials
Again Failed to
Follow
Requirements for
Disclosure and
Resolution of
Conflicts of
Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
FHFA, as conservator, should provide timely Improved oversight Corporate
instruction to the Fannie Mae Board Governance:
regarding Fannie Mae Office of Compliance Fannie Mae Senior
and Ethics’ authority to interpret Chief Executive Officers
Executive Officer mitigation plans where and Ethics Officials
new facts are presented. Again Failed to
Follow
Requirements for
Disclosure and
Resolution of
Conflicts of
Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
OIG • April 1, 2021 8Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
In accordance with Recommendation 2, Improved oversight Corporate
FHFA, as conservator, should direct the Governance:
Fannie Mae Board and/or management to Fannie Mae Senior
amend and clarify the appropriate conflict Executive Officers
of interest governance documents to and Ethics Officials
identify all instances in which Fannie Mae Again Failed to
Office of Compliance and Ethics is required Follow
to submit conflict of interest matters Requirements for
involving the Chief Executive Officer to the Disclosure and
Fannie Mae Board of Directors’ Nominating Resolution of
and Corporate Governance Committee for Conflicts of
its resolution. Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
Supervision
Examiner Capacity FHFA should develop a process that links Improved supervision Update on FHFA’s
annual Enterprise examination plans with Efforts to
core team resource requirements. Strengthen its
Capacity to Examine
the Enterprises
(EVL-2014-002,
December 19,
2013) and Despite
Prior
Commitments,
FHFA Has Not
Implemented a
Systematic
Workforce Planning
Process to
Determine Whether
Enough Qualified
Examiners are
Available to Assess
the Safety and
Soundness of
Fannie Mae and
Freddie Mac (AUD-
2020-004,
February 25, 2020)
OIG • April 1, 2021 9Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should establish a strategy to ensure Improved supervision Update on FHFA’s
that the necessary resources are in place to Efforts to
ensure timely and effective Enterprise Strengthen its
examination oversight. Capacity to
Examine the
Enterprises
(EVL-2014-002,
December 19,
2013) and Despite
Prior
Commitments,
FHFA Has Not
Implemented a
Systematic
Workforce Planning
Process to
Determine Whether
Enough Qualified
Examiners are
Available to Assess
the Safety and
Soundness of
Fannie Mae and
Freddie Mac (AUD-
2020-004,
February 25, 2020)
FHFA should assess whether the Division of Improved supervision FHFA Failed to
Enterprise Regulation (DER) has a sufficient Complete Non-MRA
complement of qualified examiners to Supervisory
conduct and complete those examinations Activities Related to
rated by DER to be of high-priority within Cybersecurity Risks
each supervisory cycle and address the at Fannie Mae
resource constraints that have adversely Planned for the
affected DER’s ability to carry out its risk- 2016 Examination
based supervisory plans. Cycle (AUD-2017-
010, September
27, 2017)
OIG • April 1, 2021 10Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should assess whether DER has a Improved supervision FHFA’s Targeted
sufficient complement of qualified Examinations of
examiners to conduct and complete those Freddie Mac: Just
examinations rated by DER to be of high- Over Half of the
priority within each supervisory cycle and Targeted
address the resource constraints that have Examinations
adversely affected DER’s ability to carry out Planned for 2012
its risk-based supervisory plans. through 2015 Were
Completed (AUD-
2016-007,
September 30,
2016); FHFA’s
Targeted
Examinations of
Fannie Mae: Less
than Half of the
Targeted
Examinations
Planned for 2012
through 2015 Were
Completed and No
Examinations
Planned for 2015
Were Completed
Before the Report
of Examination
Issued (AUD-2016-
006, September
30, 2016)
OIG • April 1, 2021 11Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct DER to develop and Improved supervision Despite Prior
implement a systematic workforce planning Commitments,
process within 12 months that aligns with FHFA Has Not
Office of Personnel Management guidance Implemented a
and best practices and is fully documented Systematic
in writing. That process should include: Workforce Planning
• Identifying the current examination Process to
skills and competencies of its Determine Whether
examiners; Enough Qualified
Examiners are
• Forecasting the optimal staffing levels
and competencies needed to meet its Available to Assess
supervisory needs; the Safety and
Soundness of
• Evaluating whether a gap exists Fannie Mae and
between skills that its workforce may Freddie Mac (AUD-
currently need but does not possess; 2020-004,
and February 25,
• Addressing that gap. 2020)5
5
In its management response to this audit, FHFA stated it would assess the report’s recommendation and provide a
response by June 30, 2020. On September 22, 2020, we reposted this report with an Addendum that provides
FHFA’s June 30, 2020, response and related communications. In summary, FHFA has planned an alternative
approach that meets the intent of the recommendation. Implementation of this alternative approach may also
address the open, unimplemented recommendations related to the sufficiency of DER’s examiner workforce in
EVL-2014-002, AUD-2016-006, AUD-2016-007, AUD-2017-010, and EVL-2020-001.
OIG • April 1, 2021 12Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct DER to develop and Improved supervision Despite FHFA’s
implement a systematic workforce planning Recognition of
process within 12 months that aligns with Significant Risks
Office of Personnel Management guidance Associated with
and best practices and is fully documented. Fannie Mae’s and
That process should include: Freddie Mac’s
• Identifying the appropriate number of High-Risk Models,
Enterprise high-risk models to be its Examination of
examined each year through targeted Those Models Over
examinations; a Six Year Period
• Identifying the current examination Has Been Neither
skills and competencies of examiners Rigorous nor Timely
engaged in supervisory activities of (EVL-2020-001,
high-risk models; March 25, 2020)6
• Forecasting the optimal staffing levels
and competencies of examiners
necessary to complete the identified
number of targeted examinations of
high-risk models planned for each
examination cycle;
• Evaluating whether a gap exists
between skills required to conduct
supervision of high-risk models that its
examiners currently need but do not
possess; and
• Addressing that gap.
Based on the results of its workforce Improved supervision Despite FHFA’s
analysis, FHFA should conduct a written Recognition of
assessment of whether DER’s current Significant Risks
budget for its supervision of high-risk Associated with
models is sufficient. Fannie Mae’s and
Freddie Mac’s
High-Risk Models,
its Examination of
Those Models Over
a Six Year Period
Has Been Neither
Rigorous nor Timely
(EVL-2020-001,
March 25, 2020)7
6
In its management response to this evaluation, FHFA stated it would assess the report’s recommendations and
provide a response by June 30, 2020. On September 22, 2020, we reposted this report with an Addendum that
provides FHFA’s June 30, 2020, response and related communications. In summary, FHFA has planned an
alternative approach that is generally responsive to the recommendations.
7
See prior footnote.
OIG • April 1, 2021 13Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Accreditation of FHFA should determine the causes of the Improved quality OIG’s Compliance
Examiners shortfalls in the Housing Finance Examiner Review of FHFA’s
Commission Program that we have Implementation of
identified, and implement a strategy to Its Housing Finance
ensure the program fulfills its central Examiner
objective of producing commissioned Commission
examiners who are qualified to lead major Program
risk sections of government-sponsored (COM-2015-001,
enterprise examinations. July 29, 2015) and
FHFA’s Housing
Finance Examiner
Commissioning
Program: $7.7
Million and Four
Years into the
Program, the
Agency has Fewer
Commissioned
Examiners (COM-
2018-006,
September 6,
2018)8
Risk Assessments FHFA should reinforce, through training and Improved supervision FHFA Failed to
supervision of DER personnel, the Complete Non-MRA
requirements established by FHFA, and Supervisory
reinforced by DER guidance, for the risk Activities Related to
assessment and supervisory planning Cybersecurity Risks
process. Specifically: at Fannie Mae
a. Ensure that the annual supervisory Planned for the
strategy identifies significant risks and 2016 Examination
supervisory concerns and explains how Cycle (AUD-2017-
the planned supervisory activities to be 010, September
conducted during the examination 27, 2017); FHFA
cycle address the most significant Did Not Complete
risks in the operational risk All Planned
assessment. (Applies to AUD-2017- Supervisory
010 and AUD-2017-011) Activities Related to
b. Ensure that supervisory activities Cybersecurity Risks
planned during an examination cycle at Freddie Mac for
to address the most significant risks in the 2016
the operational risk assessment are Examination Cycle
completed within the examination (AUD-2017-011,
cycle. (Applies to AUD-2017-010) September 27,
2017)
8
OIG has twice determined that the Housing Finance Examiner Commission Program was not on track to produce
commissioned examiners. This recommendation is open pending FHFA actions to assess and address the Program’s
shortfalls, and OIG’s assessment of those corrective actions.
OIG • April 1, 2021 14Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Going forward, FHFA should ensure a risk Improved supervision FHFA’s Failure to
assessment for Common Securitization Include the
Solutions, LLC is prepared and approved Financial Crimes
annually in accordance with DER and Model
requirements. Components in its
CSS Risk
Assessment Is
Inconsistent with a
Risk-Based
Approach to
Supervision (AUD-
2021-005, March
23, 2021)
FHFA should include all required Improved supervision FHFA’s Failure to
components, including the Financial Crimes Include the
and Model components, when preparing the Financial Crimes
annual risk assessment for Common and Model
Securitization Solutions, LLC. Components in its
CSS Risk
Assessment Is
Inconsistent with a
Risk-Based
Approach to
Supervision (AUD-
2021-005, March
23, 2021)
OIG • April 1, 2021 15Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Assessing FHFA should ensure that Freddie Mac Improved remediation FHFA Failed to
Remediation of takes, or has taken, remedial action to of deficiencies Ensure Freddie
Deficiencies address the deficiency underlying the Mac’s Remedial
matter requiring attention (MRA) regarding Plans for a
the need to implement a process to verify Cybersecurity MRA
and monitor [certain matters]. Addressed All
Deficiencies; as
Allowed by its
Standard, FHFA
Closed the MRA
after Independently
Determining the
Enterprise
Completed its
Planned Remedial
Actions (AUD-2018-
008, March 28,
2018)9
FHFA should require DER, upon acceptance Improved remediation FHFA’s Inconsistent
of an Enterprise’s remediation plan, to of deficiencies Practices in
estimate the date by which it expects to Assessing
confirm internal audit’s validation, and to Enterprise
enter that date into a dedicated field in the Remediation of
MRA tracking system. [Closed in Serious
September 2017; reopened upon results of Deficiencies and
compliance testing.] Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016) and
Compliance Review
of the Timeliness of
FHFA’s
Assessments of the
Enterprises’
Remediation
Closure Packages
for a Matter
Requiring Attention
(COM-2020-001,
February 21, 2020)
9
This recommendation is being held open pending the completion of a 2020 FHFA planned supervisory activity
related to the underlying deficiency of the MRA that was the subject of this report, and OIG’s assessment of that
supervisory activity.
OIG • April 1, 2021 16Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Supervisory FHFA should determine the appropriate Improved supervision More than Eight
Oversight threshold or criteria for charging off Years After Issuing
delinquent single-family loans at the its Advisory
Enterprises and communicate that Bulletin, FHFA Has
threshold or criteria through revised or new Not Held the
Agency guidance. Enterprises to its
Expectations on
Charging off
Delinquent Loans
or Communicated
New Expectations
(EVL-2020-003,
September 10,
2020)
FHFA should assess the Enterprises’ Improved supervision More than Eight
implementation of the revised or new Years After Issuing
Agency guidance to ensure that the its Advisory
Enterprises’ practices comport with FHFA’s Bulletin, FHFA Has
supervisory expectations. Not Held the
Enterprises to its
Expectations on
Charging off
Delinquent Loans
or Communicated
New Expectations
(EVL-2020-003,
September 10,
2020)
FHFA should ensure that the Office of Improved supervision Weaknesses in
Housing and Regulatory Policy (a) develops FHFA’s Monitoring
and issues written guidance to the of the Enterprises’
Enterprises on the data elements to be 97% LTV Mortgage
reported regularly for FHFA’s monitoring of Programs May
the 97% LTV mortgage programs and (b) Hinder FHFA’s
establishes quality control procedures to Ability to Timely
ensure that information reported by the Identify, Analyze,
Enterprises is reliable and conforms to the and Respond to
requirements of the written guidance. Risks Related to
Achieving the
Programs’
Objectives
(AUD-2020-014,
September 29,
2020)
OIG • April 1, 2021 17Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should clarify and reinforce the Office Improved supervision Weaknesses in
of Housing and Regulatory Policy’s guidance FHFA’s Monitoring
regarding the frequency of 97% LTV of the Enterprises’
mortgage program monitoring dashboard 97% LTV Mortgage
preparation to Office of Housing and Programs May
Regulatory Policy staff and ensure that the Hinder FHFA’s
monitoring dashboards are prepared and Ability to Timely
reviewed in accordance with that guidance. Identify, Analyze,
and Respond to
Risks Related to
Achieving the
Programs’
Objectives
(AUD-2020-014,
September 29,
2020)
FHFA should ensure that DER uses its full Improved supervision Despite FHFA’s
range of available examination activities, Acknowledgement
including targeted examinations and when that Enterprise
appropriate, enhanced risk monitoring, to Reliance on Third-
provide comprehensive assessments of Parties Represents
known areas of high risk, like Fannie Mae’s a Significant
reliance on third-party vendors. Operational Risk,
No Targeted
Examinations of
Fannie Mae’s Third-
Party Risk
Management
Program Were
Completed Over a
Seven-Year Period
(AUD-2021-007,
March 29, 2021)
Examiner FHFA should assess whether Fannie Mae’s Improved supervisory FHFA Examiners’
Assessment and remediation of its [redacted] is sufficient. oversight Lack of
Escalation of Assessment and
Shortcomings Escalation of
Shortcomings
Identified by an
Enterprise in its
Servicer Fraud Risk
Management
Framework Limited
the Agency’s
Supervisory
Oversight (EVL-
2020-002, August
27, 2020)
OIG • April 1, 2021 18Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should set clear expectations in Improved supervisory FHFA Examiners’
supervisory guidance for prompt escalation oversight Lack of
within DER by examiners of information Assessment and
regarding deficient practices at an Escalation of
Enterprise for a determination of whether Shortcomings
such practices warrant additional Identified by an
supervisory attention and/or should be the Enterprise in its
subject of an adverse examination finding. Servicer Fraud Risk
Management
Framework Limited
the Agency’s
Supervisory
Oversight (EVL-
2020-002, August
27, 2020)
FHFA should reinforce in examiner training Improved supervisory FHFA Examiners’
and the annual performance appraisal oversight Lack of
process its expectations for collaboration Assessment and
among examiners, communication of Escalation of
potential deficient practices to DER Shortcomings
managers, and documentation of support Identified by an
for conclusions. Enterprise in its
Servicer Fraud Risk
Management
Framework Limited
the Agency’s
Supervisory
Oversight (EVL-
2020-002, August
27, 2020)
Examination FHFA should establish and communicate Improved supervision Five Years After
Guidance clear expectations for use of revised and Issuance, Many
new examination modules by DER Examination
examiners. Modules Remain in
Field Test; FHFA
Should Establish
Timelines and
Processes to
Ensure Timely
Revision of
Examiner Guidance
(EVL-2019-003,
September 10,
2019)
OIG • April 1, 2021 19Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should reinforce the requirement to Improved supervision FHFA Completed
examiners in charge and examination Most of its Planned
managers that changes to an examination Ongoing Monitoring
plan must be risk-based – changes in Activities for Fannie
Enterprise business operations or risk Mae and CSS for
exposures – and that resource constraints 2019; However,
are not accepted reasons for such changes. FHFA Failed to
Follow its
Requirements
When it Changed
Examination Plans
for Non-Risk-Based
Reasons and Failed
to Obtain Deputy
Director Approval
(AUD-2020-011,
September 9,
2020)
FHFA should reinforce the requirement that Improved supervision FHFA Completed
any revisions to an examination plan must Most of its Planned
be approved in writing by the Deputy Ongoing Monitoring
Director. Activities for Fannie
Mae and CSS for
2019; However,
FHFA Failed to
Follow its
Requirements
When it Changed
Examination Plans
for Non-Risk-Based
Reasons and Failed
to Obtain Deputy
Director Approval
(AUD-2020-011,
September 9,
2020)
OIG • April 1, 2021 20Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should define the term “supervisory Improved supervision FHFA’s Failure to
concern” as it is used in FHFA’s corporate Define and Clearly
governance regulation. Communicate
“Supervisory
Concerns” Hinders
the Enterprise
Boards’ Ability to
Execute Their
Oversight
Obligations Under
FHFA’s Corporate
Governance
Regulation and
Renders the
Regulation
Ineffective as a
Supervisory Tool
(EVL-2021-003,
March 30, 2021)
FHFA should develop examination guidance Improved supervision FHFA’s Failure to
that explains how supervisory concerns Define and Clearly
should be described and categorized in the Communicate
Reports of Examination, establishes DER’s “Supervisory
expectations for timely and appropriate Concerns” Hinders
remediation for each such concerns, and the Enterprise
prescribes how such concerns should be Boards’ Ability to
monitored until they are fully remediated. Execute Their
Oversight
Obligations Under
FHFA’s Corporate
Governance
Regulation and
Renders the
Regulation
Ineffective as a
Supervisory Tool
(EVL-2021-003,
March 30, 2021)
OIG • April 1, 2021 21Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Effective FHFA should require examiners to Improved examinations FHFA Should
Cybersecurity document their assessment of the design of Improve its
Controls the Federal Home Loan Banks’ vulnerability Examinations of
Examinations scans and penetration tests as part of their the Effectiveness of
assessment of the operational the Federal Home
effectiveness of such controls. [Closed in Loan Banks’ Cyber
February 2017; reopened upon results of Risk Management
compliance testing.] Programs by
Including an
Assessment of the
Design of Critical
Internal Controls
(AUD-2016-001,
February 29, 2016)
and Compliance
Review of DBR’s
Examinations of
Critical
Cybersecurity
Controls at the
Federal Home Loan
Banks (COM-2019-
004, May 7, 2019)
Quality Control FHFA’s Office of Minority and Women Improved quality Compliance Review
Reviews Inclusion should ensure that quality control of FHFA’s Office of
reviews are performed before issuing Minority and
diversity and inclusion examination findings Women Inclusion
to a regulated entity, as required by (COM-2019-005,
Supervision Directive 2017-01. June 24, 2019)
Information Technology
Information FHFA should comply with Financial Stability Improved risk FHFA Should Map
Technology Risk Oversight Council recommendations to management Its Supervisory
Examinations address the gaps, as prioritized, to reflect Standards for
and incorporate appropriate elements of Cyber Risk
the National Institute of Standards and Management to
Technology Framework. Appropriate
Elements of the
NIST Framework
(EVL-2016-003,
March 28, 2016)10
10
FHFA revised its supervisory guidance related to information security and risk management in March 2020. OIG
is reviewing the revised guidance to assess whether FHFA has adequately addressed this recommendation.
OIG • April 1, 2021 22Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should comply with Financial Stability Improved risk FHFA Should Map
Oversight Council recommendations to management Its Supervisory
revise existing regulatory guidance to reflect Standards for
and incorporate appropriate elements of Cyber Risk
the National Institute of Standards and Management to
Technology framework in a manner that Appropriate
achieves consistency with other federal Elements of the
financial regulators. NIST Framework
(EVL-2016-003,
March 28, 2016)11
Privacy Information FHFA should determine privacy controls that Improved protection of Audit of the Federal
and Data Protection are information system-specific, and/or privacy information Housing Finance
hybrid controls. Agency’s 2019
Privacy Program
(AUD-2019-009,
August 28, 2019)
FHFA should document privacy controls Improved protection of Audit of the Federal
within each system’s system security plan privacy information Housing Finance
or system-specific privacy plan, clearly Agency’s 2019
identifying whether controls are program Privacy Program
level, common, information system-specific, (AUD-2019-009,
or hybrid. August 28, 2019)
FHFA Information Because information in this report could be Improved information Audit of the Federal
Technology Security used to circumvent FHFA’s internal controls, security Housing Finance
and Availability it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2019
(AUD-2020-001,
October 25, 2019)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
11
See prior footnote.
OIG • April 1, 2021 23Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
OIG • April 1, 2021 24Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
FHFA should ensure that outdated Improved information 2019 Internal
[redacted] and [redacted] protocols in security Penetration Test of
FHFA’s systems are disabled or upgraded in FHFA’s Network
a timely manner in accordance with and Systems (AUD-
National Institute of Standards and 2019-014,
Technology directives. September 24,
2019)
FHFA should validate the implementation of Improved information FHFA Failed to
minimum security requirements for all security Follow its Cloud-
existing cloud-based General Support Based Computing
System Tools and ensure to do the same for Requirements
future cloud-based General Support System when it Did Not
Tools. Validate the
Implementation of
Minimum Security
Requirements for
Cloud-Based Tools
and Did Not Include
Required IT
Security Provisions
in Some of its
Cloud Service
Contracts (AUD-
2020-013,
September 17,
2020)
OIG • April 1, 2021 25Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should modify existing cloud-based Improved information FHFA Failed to
General Support System Tool contracts to security Follow its Cloud-
include the required IT security provisions Based Computing
and ensure future cloud-based General Requirements
Support System Tool contracts include all when it Did Not
required provisions. Validate the
Implementation of
Minimum Security
Requirements for
Cloud-Based Tools
and Did Not Include
Required IT
Security Provisions
in Some of its
Cloud Service
Contracts (AUD-
2020-013,
September 17,
2020)
FHFA should reinforce the requirements in Improved information FHFA Failed to
the Information System Characterization security Follow its Cloud-
Methodology to Office of Technology and Based Computing
Information Management Security staff. Requirements
when it Did Not
Validate the
Implementation of
Minimum Security
Requirements for
Cloud-Based Tools
and Did Not Include
Required IT
Security Provisions
in Some of its
Cloud Service
Contracts (AUD-
2020-013,
September 17,
2020)
OIG • April 1, 2021 26Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should implement multifactor Improved information Audit of an FHFA
authentication for [redacted] for security Sensitive
Employment Matters Tracking System Employment-
database servers. Related Case
Tracking System:
FHFA Followed its
Access Control
Standard, But its
System Is Adversely
Impacted by Two
Security Control
Weaknesses (AUD-
2021-006, March
29, 2021)
FHFA should send Employment Matters Improved information Audit of an FHFA
Tracking System [redacted] for correlation security Sensitive
and analysis. Employment-
Related Case
Tracking System:
FHFA Followed its
Access Control
Standard, But its
System Is Adversely
Impacted by Two
Security Control
Weaknesses (AUD-
2021-006, March
29, 2021)
Agency Operations
Oversight of FHFA FHFA should develop written procedures for Improved management FHFA Should Name
Workforce Matters carrying out the functions of the Office of of a statutory function an Ombudsman
the Ombudsman, to include procedures for and Document the
documenting that all incoming complaints Office of the
and appeals are tracked, considered, and Ombudsman’s
appropriately resolved. In developing these Procedures (AUD-
procedures, the guidance published by the 2019-011,
Coalition of Federal Ombudsmen should be September 16,
taken into consideration. 2019)
OIG • April 1, 2021 27Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Management of FHFA should update FHFA’s Prevent improper For Fiscal Year
Agency Resources Reimbursements and Stipends Policy 113 payments 2019, FHFA Did
to align with management’s intent and Not Always Follow
practice. its Policy for
Employee
Reimbursements
and Stipends;
FHFA’s Practice for
Calculating
Employee Travel
Stipends Was Not
Stated in its Policy
Nor Consistently
Followed (AUD-
2020-007, March
26, 2020)
Management of FHFA should include all National Archives Improved records FHFA Needs to
Agency Records and Records Administration-required management Strengthen
content topics in annual records Controls Over its
management training provided to FHFA Records
employees and contractor employees. Management
Program to Comply
with OMB and
NARA
Requirements
(AUD-2020-008,
March 26, 2020)
Enterprise Risk Going forward, FHFA should ensure Annual Improved risk FHFA Followed
Management Risk Profiles include all significant risk management OMB Guidance in
response action items designed to reduce Implementing its
identified risks, such as FHFA’s Enterprise Risk
organizational optimization Blueprint Management
project, along with identifying the owners of Program But its
those risk response action items and target 2020 Risk Profile
completion dates. Failed to Identify a
Significant Action
Underway to
Address
Acknowledged
Supervision Risk
(AUD-2021-004,
March 17, 2021)
OIG • April 1, 2021 28Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should develop written policies and Improved risk FHFA Followed
procedures for its Enterprise Risk management OMB Guidance in
Management program. Implementing its
Enterprise Risk
Management
Program But its
2020 Risk Profile
Failed to Identify a
Significant Action
Underway to
Address
Acknowledged
Supervision Risk
(AUD-2021-004,
March 17, 2021)
OIG • April 1, 2021 29CLOSED UNIMPLEMENTED RECOMMENDATIONS .....................
The Inspector General Act of 1978 does not authorize any federal inspector general to compel
its respective agency to adopt new policies or processes or take personnel actions to correct
shortcomings found in their audits, evaluations, and investigations. Rather, the Act empowers
inspectors general to recommend remedial actions to correct such shortcomings, and the
affected agency determines whether or not to accept the recommendations.
We believe it is important to be transparent and distinguish between recommendations
that have been closed in light of appropriate movement toward implementation and
recommendations that have been closed in light of FHFA’s refusal to take any action.
For those recommendations closed due to rejection by FHFA, we continue to stand by our
findings and believe that the Agency should have undertaken the recommended actions.
The recommendations listed below represent those that have been closed following FHFA’s
rejection and were not implemented.
Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Closed Unimplemented Recommendations
Property Inspection FHFA should direct the Enterprises to Improved quality FHFA Oversight of
Quality Controls establish uniform pre-foreclosure inspection Enterprise Controls
quality standards and quality control Over Pre-
processes for inspectors. Foreclosure
Property
Inspections (AUD-
2014-012, March
25, 2014)
Improperly FHFA should direct Fannie Mae to obtain a Improved accuracy FHFA Oversight of
Reimbursed refund from servicers for improperly Fannie Mae’s
Property Inspection reimbursed property inspection claims, Reimbursement
Claims resulting in estimated funds put to better Process for Pre-
use of $5,015,505. Foreclosure
Property
Inspections (AUD-
2014-005, January
15, 2014)
OIG • April 1, 2021 30Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Seller/Servicer FHFA should promptly quantify the potential Improved oversight FHFA Oversight of
Resolution of Aged benefit of implementing a repurchase late Enterprise
Repurchase fee program at Fannie Mae, and then Handling of Aged
Demands determine whether the potential cost Repurchase
of from $500,000 to $5.4 million still Demands
outweighs the potential benefit. (AUD-2014-009,
February 12, 2014)
Oversight of FHFA should perform a comprehensive Improved framework FHFA’s
Enterprise analysis to assess whether financial risks management Representation
Implementation of associated with the new representation and and Warranty
Representation and warranty framework, including with regard Framework (AUD-
Warranty to sunset periods, are appropriately 2014-016,
Framework balanced between the Enterprises and September 17,
sellers. This analysis should be based on 2014)
consistent transactional data across both
Enterprises, identify potential costs
and benefits to the Enterprises, and
document consideration of the Agency’s
objectives.
Seller/Servicer FHFA should direct Fannie Mae and Freddie Improved compliance FHFA’s Oversight of
Compliance with Mac to assess the cost/benefit of a risk- Risks Associated
Guidance based approach to requiring their sellers with the
and servicers to provide independent, third- Enterprises Relying
party attestation reports on compliance with on Counterparties
Enterprise origination and servicing to Comply with
guidance. Selling and
Servicing
Guidelines (AUD-
2014-018,
September 26,
2014)
Collection of Funds FHFA should publish Fannie Mae’s Improved transparency Evaluation of
from Servicers reduction targets and overpayment findings. Fannie Mae’s
Servicer
Reimbursement
Operations for
Delinquency
Expenses (EVL-
2013-012,
September 18,
2013)
OIG • April 1, 2021 31Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Examination DER should adopt a comprehensive Improved efficiency Evaluation of the
Recordkeeping examination workpaper index and Division of
Practices standardize electronic workpaper folder Enterprise
structures and naming conventions Regulation’s 2013
between the two Core Teams. In addition, Examination
FHFA and DER should upgrade Records:
recordkeeping practices as necessary to Successes and
enhance the identification and retrieval of Opportunities (EVL-
critical workpapers. 2015-001, October
6, 2014)
Oversight of FHFA should develop a strategy to enhance Improved oversight Compliance Review
Enterprise Executive the Executive Compensation Branch’s of FHFA’s Oversight
Compensation capacity to review the reasonableness and of Enterprise
justification of the Enterprises’ annual Executive
proposals to compensate their executives Compensation
based on Corporate Scorecard Based on
performance. To this end, FHFA should Corporate
ensure that: the Enterprises submit Scorecard
proposals containing information sufficient Performance (COM-
to facilitate a comprehensive review by the 2016-002, March
Executive Compensation Branch; the 17, 2016)
Executive Compensation Branch tests and
verifies the information in the Enterprises’
proposals, perhaps on a randomized basis;
and the Executive Compensation Branch
follows up with the Enterprises to resolve
any proposals that do not appear to be
reasonable and justified.
FHFA should develop a policy under which it Improved oversight Compliance Review
is required to notify OIG within 10 days of its of FHFA’s Oversight
decision not to fully implement, of Enterprise
substantially alter, or abandon a corrective Executive
action that served as the basis for OIG’s Compensation
decision to close a recommendation. Based on
Corporate
Scorecard
Performance (COM-
2016-002, March
17, 2016)
OIG • April 1, 2021 32Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should re-assess the appropriateness Improved governance FHFA’s Approval of
of the annual compensation package of Senior Executive
$3.6 million to the Fannie Mae President Succession
with consideration paid to the following Planning at Fannie
factors: the congressional intent behind the Mae Acted to
statutory cap on compensation; Fannie Circumvent the
Mae’s continued conservatorship status Congressionally
and the burdens imposed on the taxpayers Mandated Cap on
from that status; and the 10-year practice CEO Compensation
at Fannie Mae where one individual (EVL-2019-001,
executed the responsibilities of both the March 26, 2019)
Chief Executive Officer and President
positions, with annual compensation
capped at $600,000 since 2015.
FHFA should re-assess the appropriateness Improved governance FHFA’s Approval of
of the annual compensation package of Senior Executive
$3.25 million to the Freddie Mac President Succession
with consideration paid to the following Planning at Freddie
factors: the congressional intent behind the Mac Acted to
statutory cap on compensation; Freddie Circumvent the
Mac’s continued conservatorship status Congressionally
and the burdens imposed on the taxpayers Mandated Cap on
from that status; the 10-year practice at CEO Compensation
Freddie Mac where one individual executed (EVL-2019-002,
the Chief Executive Officer responsibilities March 26, 2019)
with annual compensation capped at
$600,000 since 2015; and the temporary
nature of the position of President, in light
of FHFA’s representation that Candidate A
will leave Freddie Mac if he is not selected
for the Chief Executive Officer position.
Oversight of FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Servicing Alignment Goals Deputy Director should establish an compliance and of the Servicing
Initiative ongoing process to evaluate servicers’ minimized losses Alignment Initiative
Servicing Alignment Initiative compliance (EVL-2014-003,
and the effectiveness of the Enterprises’ February 12, 2014)
remediation efforts.
FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Goals Deputy Director should direct the compliance and of the Servicing
Enterprises to provide routinely their minimized losses Alignment Initiative
internal reports and reviews for the Division (EVL-2014-003,
of Housing Mission and Goals’ assessment. February 12, 2014)
OIG • April 1, 2021 33Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Goals Deputy Director should regularly compliance and of the Servicing
review Servicing Alignment Initiative-related minimized losses Alignment Initiative
guidelines for enhancements or revisions, (EVL-2014-003,
as necessary, based on servicers’ actual February 12, 2014)
versus expected performance.
Oversight of FHFA should review FHFA’s existing Improved remediation FHFA’s Examiners
Enterprise requirements, guidance, and processes of deficiencies Did Not Meet
Remediation of regarding MRAs against the requirements, Requirements and
Deficiencies guidance, and processes adopted by the Guidance for
Office of the Comptroller of the Currency, Oversight of an
the Board of Governors of the Federal Enterprise’s
Reserve System, and other federal financial Remediation of
regulators including, but not limited to, Serious
content of an MRA; standards for proposed Deficiencies (EVL-
remediation plans; approval authority for 2016-004, March
proposed remediation plans; real-time 29, 2016)
assessments at regular intervals of the
effectiveness and timeliness of an
Enterprise’s MRA remediation efforts; final
assessment of the effectiveness and
timeliness of an Enterprise’s MRA
remediation efforts; and required
documentation for examiner oversight of
MRA remediation.
Based on the results of the review in Improved remediation FHFA’s Examiners
recommendation 1, FHFA should assess of deficiencies Did Not Meet
whether any of the existing requirements, Requirements and
guidance, and processes adopted by FHFA Guidance for
should be enhanced, and make such Oversight of an
enhancements. Enterprise’s
Remediation of
Serious
Deficiencies (EVL-
2016-004, March
29, 2016)
OIG • April 1, 2021 34Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Communication of FHFA should revise its supervision guidance Improved Board FHFA’s Supervisory
Deficiencies to to require DER to provide the Chair of the oversight Standards for
Enterprise Boards Audit Committee of an Enterprise Board Communication of
with each plan submitted by Enterprise Serious
management to remediate an MRA with Deficiencies to
associated timetables and the response by Enterprise Boards
DER. and for Board
Oversight of
Management’s
Remediation
Efforts are
Inadequate (EVL-
2016-005, March
31, 2016)
FHFA should revise its supervision guidance Improved supervision FHFA’s Supervisory
to require DER to provide the Chair of the Standards for
Audit Committee of an Enterprise Board Communication of
with each conclusion letter setting forth an Serious
MRA. Deficiencies to
Enterprise Boards
and for Board
Oversight of
Management’s
Remediation
Efforts are
Inadequate (EVL-
2016-005, March
31, 2016)
FHFA should direct DER to develop detailed Improved Board FHFA Failed to
guidance and promulgate that guidance to oversight Consistently Deliver
each Enterprise’s board of directors that Timely Reports of
explains: Examination to the
• The purpose for DER’s annual Enterprise Boards
presentation to each Enterprise board and Obtain Written
of directors on the ROE results, Responses from
conclusions, and supervisory concerns the Boards
and the opportunity for directors to ask Regarding
questions and discuss ROE Remediation of
examination conclusions and Supervisory
supervisory concerns at that Concerns Identified
presentation; and in those Reports
(EVL-2016-009,
• The requirement that each Enterprise
board of directors submit a written July 14, 2016)
response to the annual ROE to DER
and the expected level of detail
regarding ongoing and contemplated
remediation in that written response.
OIG • April 1, 2021 35Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct the Enterprises’ boards Improved Board FHFA Failed to
to amend their charters to require review by oversight Consistently Deliver
each director of each annual ROE and Timely Reports of
review and approval of the written response Examination to the
to DER in response to each annual ROE. Enterprise Boards
and Obtain Written
Responses from
the Boards
Regarding
Remediation of
Supervisory
Concerns Identified
in those Reports
(EVL-2016-009,
July 14, 2016)
Assessing FHFA should ensure that the underlying Improved remediation FHFA’s Inconsistent
Remediation of remediation documents, including the of deficiencies Practices in
Deficiencies Procedures Document, are readily available Assessing
by direct link or other means, through DER’s Enterprise
MRA tracking system(s). Remediation of
Serious
Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
FHFA should require DER to track interim Improved remediation FHFA’s Inconsistent
milestones and to independently assess of deficiencies Practices in
and document the timeliness and adequacy Assessing
of Enterprise remediation of MRAs on a Enterprise
regular basis. Remediation of
Serious
Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
OIG • April 1, 2021 36Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should require the Enterprises to Improved remediation FHFA’s Inconsistent
provide, in their remediation plans, the of deficiencies Practices in
target date in which their internal audit Assessing
departments expect to validate Enterprise
management’s remediation of MRAs, and Remediation of
require examiners to enter that date into a Serious
dedicated field in the MRA tracking system. Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
FHFA should periodically conclude, based Improved remediation FHFA Requires the
upon sufficient examination work, on the of deficiencies Enterprises’
overall effectiveness of the Internal Audit Internal Audit
functions at Fannie Mae and Freddie Mac. Functions to
Validate
Remediation of
Serious
Deficiencies but
Provides No
Guidance and
Imposes No
Preconditions on
Examiners’ Use of
that Validation
Work (EVL-2018-
002, March 28,
2018)
OIG • April 1, 2021 37Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct that examiners can use Improved remediation FHFA Requires the
Internal Audit work to assess the adequacy of deficiencies Enterprises’
of MRA remediation only if FHFA has Internal Audit
concluded that the Internal Audit function is Functions to
effective overall. Validate
Remediation of
Serious
Deficiencies but
Provides No
Guidance and
Imposes No
Preconditions on
Examiners’ Use of
that Validation
Work (EVL-2018-
002, March 28,
2018)
Identification of FHFA should direct DER to revise its Improved Board FHFA’s Failure to
Deficiencies and guidance to require ROEs to focus the oversight Consistently
Their Root Causes boards’ attention of the most critical and Identify Specific
time-sensitive supervisory concerns through Deficiencies and
(1) the prioritization of examination findings Their Root Causes
and conclusions and (2) identification of in Its Reports of
deficiencies and MRAs in the ROE and Examination
discussion of their root causes. Constrains the
Ability of the
Enterprise Boards
to Exercise
Effective Oversight
of Management’s
Remediation of
Supervisory
Concerns (EVL-
2016-008, July 14,
2016)
Oversight of Fannie FHFA should ensure that it has adequate Improved oversight Management Alert:
Mae Headquarters internal staff, outside contractors, or both, Need for Increased
Consolidation and who have the professional expertise and Oversight by FHFA,
Relocation experience in commercial construction to as Conservator of
oversee the build-out plans and associated Fannie Mae, of the
budget(s), as Fannie Mae continues to Projected Costs
revise and refine them. Associated with
Fannie Mae’s
Headquarters
Consolidation and
Relocation Project
(COM-2016-004,
June 16, 2016)
OIG • April 1, 2021 38You can also read
