Pilot Launch You have early access to the Barinhall Compliance Intelligence Portal. Coverage and features are expanding weekly. Share feedback →
← Back to Feed
View source document ↗
T4 FANNIE_MAE High Confidence Guidance

Announcement SVC-2025-01 – Servicing Guide Update

Fannie Mae cybersecurity requirements for mortgage servicers and seller/servicers

MODERATE
Impact Level
Top: Operational (4)

Classification

Regulatory Program
GSE Servicing Requirements
Doc Type
Guidance
Effective Date
2025-08-12
Days to Action
-338
Comment Deadline
Published
2025-02-12

Urgency Basis

Effective date of August 12, 2025 is beyond 180 days from today (June 2, 2026), but servicers are encouraged to adopt immediately

Operational Context

Flags
Systems Change Required Examination Focus
Affected Functions
Compliance Risk Management Technology Operations
Institution Applicability
All

Impact by Category

Compliance
3
Operational
4
Data Governance
3
Model Risk
0
Reporting & Disclosure
3
Capital & Liquidity
0
Consumer Protection
1
Third-Party Risk
2

Key Requirements

- Implement comprehensive cybersecurity program covering information security, incident management, and business resiliency by August 12, 2025 - Report cybersecurity incidents to Fannie Mae within 36 hours of discovery - Adopt Fannie Mae Information Security and Business Resiliency Supplement requirements - Establish incident management procedures for third-party cybersecurity impacts - Update Community Land Trust Ground Lease Rider documentation to accept Freddie Mac equivalent forms

Scoring Rationale

This Fannie Mae servicing guide update introduces moderate cybersecurity compliance obligations with operational implementation requirements. The 36-hour incident reporting mandate and comprehensive cybersecurity program implementation create cross-functional remediation needs. The shared equity clarifications are minor administrative updates. Scored as GSE guidance rather than federal regulation, but creates binding contractual obligations for Fannie Mae servicers.

Scored: 2026-06-02T14:01:51.752Z Model: claude-sonnet-4-20250514 Confidence: High Aggregate Score: 2.7
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment. Effective dates, applicability determinations, impact assessments, and any recommended actions should be independently verified against primary regulatory source documents and reviewed by qualified compliance or legal personnel before taking compliance action. This output does not constitute legal or compliance advice.