T3
FHFA
Medium Confidence
Advisory
Enterprise Fraud Reporting
FHFA oversight and supervision of enterprise fraud risk management
MODERATE
Impact Level
Top: data governance (4)
Classification
- Regulatory Program
- Enterprise Fraud Reporting
- Doc Type
- Advisory
- Effective Date
- 2026-11-13 (est.)
- Days to Action
- 120
- Comment Deadline
- —
- Published
- —
Urgency Basis
Advisory bulletin without specified effective date, estimated 90-180 day implementation timeframe
Operational Context
Flags
Examination Focus
Systems Change Required
Legal Review Required
Affected Functions
Compliance
Risk Management
Operations
Legal
Information Technology
Institution Applicability
Government-Sponsored Enterprises
Fannie Mae
Freddie Mac
Impact by Category
Compliance
3
Operational
3
Data Governance
4
Model Risk
1
Reporting & Disclosure
4
Capital & Liquidity
1
Consumer Protection
2
Third-Party Risk
2
Key Requirements
- Implement fraud incident reporting procedures
- Establish data collection and validation processes
- Develop fraud detection and monitoring capabilities
- Create reporting templates and submission protocols
- Train staff on fraud identification and reporting requirements
Scoring Rationale
Advisory bulletin on fraud reporting represents moderate operational impact requiring cross-functional implementation. Data governance and reporting disclosure scored highest due to new data collection and reporting obligations. Compliance and operational scores reflect multi-BU coordination needs and examination implications.
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory
Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or
omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment.
Effective dates, applicability determinations, impact assessments, and any recommended actions should be
independently verified against primary regulatory source documents and reviewed by qualified compliance or legal
personnel before taking compliance action. This output does not constitute legal or compliance advice.