Model Risk Management Guidance
Enhanced model risk management oversight and governance requirements for FHFA-supervised institutions
Advisory Assessment
Impact. FHFA-regulated entities must establish comprehensive model risk management frameworks with board-level governance, requiring new reporting structures, validation processes, and documentation standards across all models used for business decisions. This guidance fundamentally reshapes how institutions inventory, validate, and oversee their model portfolios, demanding dedicated resources and formal escalation procedures.
Risk. Examination teams will scrutinize board governance structures and model validation independence, with institutions most vulnerable on inadequate model inventories and weak validation documentation. Risk management functions lacking dedicated model risk expertise face the highest enforcement exposure, particularly around validation frequency and performance monitoring gaps.
Recommended Action. Launch an immediate model inventory exercise through Risk Management to catalog all decision-making models across business lines, then assess current validation capabilities against FHFA's independence and expertise requirements. Engage legal counsel to review board charter modifications needed for model governance oversight before the 75-day implementation window closes.
Watch. Monitor FHFA examination guidance updates and supervisory feedback from early examinations under this framework, as enforcement priorities will clarify which governance elements receive the most scrutiny. Track peer institution approaches to model validation outsourcing as resource constraints become apparent industry-wide.
Classification
- Regulatory Program
- FHFA Model Risk Management
- Doc Type
- Guidance
- Effective Date
- 2026-09-29 (est.)
- Days to Action
- 75
- Comment Deadline
- —
- Published
- —
Urgency Basis
FHFA guidance typically allows 60-90 days for implementation planning and compliance framework development
Operational Context
Impact by Category
Key Requirements
Scoring Rationale
High model risk score (5) reflects enterprise-wide governance restructure requirements. Compliance and operational scores (4) reflect board reporting needs and significant process changes. Moderate scores for data governance and third-party risk reflect cross-functional coordination requirements. Lower consumer protection score as guidance focuses on internal risk management.