Pilot Launch You have early access to the Barinhall Compliance Intelligence Portal. Coverage and features are expanding weekly. Share feedback →
← Back to Feed
View source document ↗
T4 FHFA Medium Confidence Guidance

Enterprise Risk Management Program

FHFA advisory bulletin establishing enterprise risk management program expectations for GSEs

MODERATE
Impact Level
Top: compliance (3)

Classification

Regulatory Program
Enterprise Risk Management
Doc Type
Guidance
Effective Date
Days to Action
Comment Deadline
Published

Urgency Basis

Advisory bulletin with no specific effective date or enforcement timeline

Operational Context

Flags
Board Reporting Required Examination Focus
Affected Functions
Risk Management Compliance Internal Audit Board/committee Oversight
Institution Applicability
Government-Sponsored Enterprises Fannie Mae Freddie Mac

Impact by Category

Compliance
3
Operational
3
Data Governance
2
Model Risk
2
Reporting & Disclosure
3
Capital & Liquidity
2
Consumer Protection
1
Third-Party Risk
2

Key Requirements

- Establish comprehensive enterprise risk management framework - Implement risk appetite statement and tolerance levels - Enhance risk governance and oversight structures - Develop integrated risk reporting capabilities - Maintain independent risk management function

Scoring Rationale

Advisory bulletin provides guidance on enterprise risk management expectations requiring moderate compliance and operational adjustments. While comprehensive in scope, it represents supervisory guidance rather than regulatory mandate, resulting in moderate impact scores across risk management functions.

Scored: 2026-06-02T20:02:02.377Z Model: claude-sonnet-4-20250514 Confidence: Medium Aggregate Score: 2.2
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment. Effective dates, applicability determinations, impact assessments, and any recommended actions should be independently verified against primary regulatory source documents and reviewed by qualified compliance or legal personnel before taking compliance action. This output does not constitute legal or compliance advice.