Pilot Launch You have early access to the Barinhall Compliance Intelligence Portal. Coverage and features are expanding weekly. Share feedback →
← Back to Feed
View source document ↗
T2 FHFA Medium Confidence Guidance

Oversight of Third-Party Provider Relationships

Enhanced oversight and risk management of third-party provider relationships for FHFA-regulated entities

MODERATE
Impact Level
Top: third party risk (4)

Classification

Regulatory Program
FHFA Third-Party Risk Management
Doc Type
Guidance
Effective Date
2026-09-14 (est.)
Days to Action
60
Comment Deadline
Published

Urgency Basis

Advisory bulletin guidance requires implementation within 30-90 days for examination readiness

Operational Context

Flags
Examination Focus Board Reporting Required Systems Change Required Legal Review Required
Affected Functions
Risk Management Vendor Management Compliance Legal Internal Audit Board Risk Committee
Institution Applicability
Federal Home Loan Banks Fannie Mae Freddie Mac Fhfa-Regulated Entities

Impact by Category

Compliance
3
Operational
3
Data Governance
2
Model Risk
1
Reporting & Disclosure
2
Capital & Liquidity
0
Consumer Protection
2
Third-Party Risk
4

Key Requirements

- Implement comprehensive third-party risk management framework - Establish board-level oversight of third-party relationships - Conduct due diligence and ongoing monitoring of critical vendors - Develop incident response procedures for third-party disruptions - Maintain inventory of all third-party relationships with risk assessments

Scoring Rationale

Advisory bulletin guidance creates moderate compliance and operational impact requiring policy development and process implementation. Primary impact on third-party risk management with secondary effects on operational controls and compliance frameworks. Limited capital/liquidity impact but examination focus creates urgency for implementation.

Scored: 2026-06-09T21:02:05.119Z Model: claude-sonnet-4-20250514 Confidence: Medium Aggregate Score: 2.4
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment. Effective dates, applicability determinations, impact assessments, and any recommended actions should be independently verified against primary regulatory source documents and reviewed by qualified compliance or legal personnel before taking compliance action. This output does not constitute legal or compliance advice.