Artificial Intelligence/Machine Learning Risk Management
AI/ML risk management framework implementation for GSEs
Advisory Assessment
Impact. This guidance requires GSEs to build comprehensive AI/ML risk management frameworks that treat algorithmic models with the same rigor as traditional credit models. Your institution must establish governance structures, implement bias monitoring protocols, enhance vendor oversight for AI/ML providers, and create board-level reporting on AI/ML risk exposures across your mortgage operations.
Risk. Model risk management emerges as the highest-stakes area, particularly if you're already deploying AI/ML tools without formal validation frameworks. FHFA examiners will scrutinize whether your current AI/ML applications meet traditional model risk management standards, creating immediate examination vulnerability for institutions that have treated these tools as operational technologies rather than regulated models.
Recommended Action. Conduct an immediate inventory of all AI/ML applications currently in production, from automated underwriting enhancements to servicing chatbots. Have your model risk management team assess which applications require formal model validation and governance oversight under this framework, then prioritize the highest-risk deployments for immediate compliance review.
Watch. Monitor for FHFA's forthcoming examination manual updates that will operationalize this guidance into specific supervisory expectations. The 75-day implementation window suggests examiners will begin incorporating these standards into their review protocols by early next quarter.
Classification
- Regulatory Program
- FHFA Enterprise Risk Management
- Doc Type
- Guidance
- Effective Date
- 2026-09-29 (est.)
- Days to Action
- 75
- Comment Deadline
- —
- Published
- —
Urgency Basis
Advisory bulletin guidance typically requires implementation within 60-90 days for supervised entities
Operational Context
Impact by Category
Key Requirements
Scoring Rationale
High impact across multiple risk categories due to comprehensive AI/ML risk management requirements. Model risk management scores highest (5) as this directly addresses AI/ML model governance. Compliance, operational, data governance, and third-party risk all score 4 due to significant framework and process changes required. Consumer protection and reporting score moderately (3) for enhanced monitoring and disclosure requirements.