T3
FHFA
Medium Confidence
Guidance
Model Risk Management Guidance
Enhanced model risk management oversight and governance requirements for FHFA-supervised institutions
HIGH
Impact Level
Top: model risk (5)
Classification
- Regulatory Program
- Model Risk Management
- Doc Type
- Guidance
- Effective Date
- 2026-11-13 (est.)
- Days to Action
- 120
- Comment Deadline
- —
- Published
- —
Urgency Basis
FHFA guidance with no specified effective date, estimated 90-180 day implementation window
Operational Context
Flags
Examination Focus
Board Reporting Required
Model Validation Trigger
Systems Change Required
Legal Review Required
Affected Functions
Model Risk Management
Compliance
Risk Management
Internal Audit
Board Governance
Data Management
Institution Applicability
Fhfa-Regulated Entities
Fannie Mae
Freddie Mac
Federal Home Loan Banks
Impact by Category
Compliance
4
Operational
4
Data Governance
3
Model Risk
5
Reporting & Disclosure
3
Capital & Liquidity
2
Consumer Protection
1
Third-Party Risk
3
Key Requirements
- Establish comprehensive model risk management framework
- Implement board-level model risk governance and oversight
- Conduct independent model validation and testing
- Maintain detailed model documentation and inventories
- Perform ongoing model performance monitoring
- Establish clear model approval and change management processes
- Implement third-party vendor model oversight procedures
Scoring Rationale
High impact guidance requiring significant organizational changes to model risk management practices. Model risk scored 5 due to comprehensive expansion of requirements. Compliance and operational scored 4 for extensive policy and process changes needed. Lower scores for areas with indirect or minimal impact.
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory
Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or
omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment.
Effective dates, applicability determinations, impact assessments, and any recommended actions should be
independently verified against primary regulatory source documents and reviewed by qualified compliance or legal
personnel before taking compliance action. This output does not constitute legal or compliance advice.