Lender Letter LL-2026-04 Governance framework on use of artificial intelligence and machine learning
Implementation of comprehensive AI/ML governance framework for GSE-eligible mortgage lending operations
Advisory Assessment
Impact. This lender letter establishes mandatory AI/ML governance requirements that restructure how you manage algorithmic decision-making across your mortgage operations. You must implement board-level oversight, comprehensive model inventories, validation protocols, and vendor management specifically for AI/ML systems used in underwriting, pricing, servicing, or customer interactions.
Risk. Model risk management faces the highest exposure, particularly if your current framework treats AI/ML systems as standard models rather than requiring specialized validation approaches. Examination teams will scrutinize whether your board receives adequate AI/ML reporting and whether you can demonstrate ongoing monitoring of algorithmic bias and performance drift in GSE-eligible lending.
Recommended Action. Conduct an immediate gap analysis between your existing model risk management policies and the new AI/ML requirements, then prioritize expanding your model inventory to capture all AI/ML applications touching GSE business. Your Model Risk Management function should lead this effort with direct support from Technology and Data Governance teams.
Watch. Monitor for Fannie Mae's anticipated examination procedures focusing on AI/ML governance implementation, likely to emerge within the next quarter as they begin assessing lender compliance with this framework.
Classification
- Regulatory Program
- GSE Lender Requirements
- Doc Type
- Guidance
- Effective Date
- 2026-09-14 (est.)
- Days to Action
- 60
- Comment Deadline
- —
- Published
- 2026-04-08
Urgency Basis
Lender letter published 2026-04-08, approximately 38 days ago from today (2026-05-16), likely requiring implementation within 60-90 day timeframe typical for GSE guidance
Operational Context
Impact by Category
Key Requirements
Scoring Rationale
High impact scores reflect the comprehensive nature of AI/ML governance requirements across multiple risk domains. Model risk and data governance receive maximum scores due to direct AI/ML focus. Compliance, operational, consumer protection, and third-party risk all score high due to significant implementation requirements. Capital/liquidity impact is minimal as this is governance-focused rather than capital-impacting.