Lenders, “Agency AI Policies” Have Arrived Like Lightning Bolts

In case you missed it – both Fannie Mae and Freddie Mac have issued their requirements for AI Oversight and Governance.

Which also means, it is now more critical than ever that all mortgage lenders, specifically the Technology and Regulatory Compliance teams, must start to operate in alignment with these newly released AI policies now formally published.

Whether your firm is originating; Conventional, FHA, VA, or RD Loans, the process in which AI is used must be managed to meet these new policy requirements. As a result, some firms may find they don’t have the depth of AI talent, knowledge, skills, and experience required to ensure these policy requirements are effectively covered.  

I think we can all agree that the understanding of, use of, and oversight of AI is moving at lightning speed, hitting us now lie like a lightning bolt. AI development and these policy requirements are now hitting us faster than the creation of the 125 loan programs we saw back in the early 2000 time period – so pay close attention!

Moving forward, lenders will now need to develop and administer a well-planned strategy for its business use and management of AI technology applications, and the associated risk. The use of AI will now need vetting by multiple business units, implementation of controls, training, oversight and ongoing management within organizations. The ability to demonstrate an AI Policy, Procedure and Oversight is now critical – your firms new required AI framework is NOW here!

Why Governance? AI systems are different; they each assemble information from different sources and interpret this information based upon the method in which the information is reviewed. In other words, one AI system may analyze information differently than the other.  This is where the complexity of understanding AI, how to evaluate the use, and implications of AI in the workplace is critical.   

Assembling a collaborative cross-functional team with different perspectives is now critically important to determine how, when, and start to absorb the cost associated with now implementing and managing a successful and now ‘agency required’ compliant AI strategy. Some questions your firm will now need to ask and answer, include:

• What is the AI foundation that your organization will base its key decisions on?
• How, and whom will be responsible for annual security and compliance audits?  (Remember that each of the GSE’s have requirements for Third-Party Vendors. Since AI is a new frontier, the way Third-Party Vendor Review and Oversight is implemented has just changed.)
• What Policy documents need to be in place for AI? Does this fall with Technology or Regulatory Compliance as the “owner” with ongoing training and monitoring of the business units?
• How would your organization identify threats through AI?
• Ongoing AI Monitoring: How will your firm develop this? Recognize that the speed at which AI has changed and will change is at a far greater pace than traditional lending.
• Security Awareness and Training: Does this fall on the organization’s training team or another group that can pull together information from business units to make the training be easy to understand and valuable?

Now, while it could be argued that the new agency AI policies are mostly ‘broad’ and don’t provide enough specifics or  detail to feel you need to do anything, this is where you can get into trouble. If you don’t have a new, formal, AI oversight and management framework – you could be held liable and buybacks could be in your future. Don’t underestimate how savvy the agencies are as they clearly see where a lenders does or doesn’t have AI policies or a management framework in place.

As mentioned earlier, the world of AI is moving at lightning speed. An understanding of how your organization will use and implement AI and monitor all origination sources, including TPO is not a future requirement – it’s a “now requirement.” For more information, the attached link to BlackFin’s White Paper on this topic is provided.  Thought leadership by BlackFin’s Technology Team was put into this document.  It is well worth the read and can be used as a beginning point for this discussion https://www.blackfin-group.com/whitepapers