Pilot Launch You have early access to the Barinhall Compliance Intelligence Portal. Coverage and features are expanding weekly. Share feedback →
← Back to Feed
View source document ↗
T4 FHFA Medium Confidence Guidance

Enterprise Risk Management Program

FHFA supervisory guidance establishing enterprise risk management program requirements for regulated entities

MODERATE
Impact Level
Top: compliance (3)

Classification

Regulatory Program
Enterprise Risk Management
Doc Type
Guidance
Effective Date
Days to Action
Comment Deadline
Published

Urgency Basis

Advisory bulletin with no specified effective date or enforcement timeline

Operational Context

Flags
Examination Focus Board Reporting Required Systems Change Required
Affected Functions
Risk Management Compliance Internal Audit Board Governance Operations Finance
Institution Applicability
Federal Home Loan Banks Fannie Mae Freddie Mac Government-Sponsored Enterprises

Impact by Category

Compliance
3
Operational
3
Data Governance
2
Model Risk
2
Reporting & Disclosure
3
Capital & Liquidity
2
Consumer Protection
1
Third-Party Risk
2

Key Requirements

- Establish comprehensive enterprise risk management framework - Implement board-approved risk appetite and tolerance statements - Maintain independent risk management function with appropriate reporting lines - Conduct regular risk assessments across all business lines - Develop risk monitoring and reporting capabilities - Ensure adequate risk management policies and procedures - Establish risk governance structure with clear roles and responsibilities

Scoring Rationale

Advisory bulletin represents moderate supervisory guidance requiring multi-business unit implementation and examination focus, but lacks specific enforcement deadlines or penalty provisions that would drive higher urgency

Scored: 2026-06-09T20:02:07.940Z Model: claude-sonnet-4-20250514 Confidence: Medium Aggregate Score: 2.3
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment. Effective dates, applicability determinations, impact assessments, and any recommended actions should be independently verified against primary regulatory source documents and reviewed by qualified compliance or legal personnel before taking compliance action. This output does not constitute legal or compliance advice.