Compendium of Open Recommendations - Federal Housing Finance Agency Office of Inspector General
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Federal Housing Finance Agency
Office of Inspector General
Compendium of
Open Recommendations
September 1, 2021TABLE OF CONTENTS ................................................................
ABBREVIATIONS ........................................................................................................................ 3
INTRODUCTION .......................................................................................................................... 4
Tracking of OIG Recommendations ......................................................................................... 4
Validation Testing ..................................................................................................................... 5
OPEN RECOMMENDATIONS .................................................................................................... 6
CLOSED UNIMPLEMENTED RECOMMENDATIONS .......................................................... 29
OIG • September 1, 2021 2ABBREVIATIONS .......................................................................
DER Division of Enterprise Regulation
Enterprises Fannie Mae and Freddie Mac
FHFA Federal Housing Finance Agency
MRA Matter Requiring Attention
OIG Federal Housing Finance Agency Office of Inspector General
PII Personally Identifiable Information
ROE Report of Examination
OIG • September 1, 2021 3INTRODUCTION ........................................................................
Since the Federal Housing Finance Agency (FHFA) Office of Inspector General (OIG) began
operations in October 2010, we have made more than 525 recommendations1 to improve
efficiency and effectiveness and reduce fraud, waste, and abuse at FHFA and at the
government-sponsored enterprises for which the Agency acts as conservator and regulator,
Fannie Mae and Freddie Mac (the Enterprises), and at the Federal Home Loan Banks for
which the Agency acts as regulator. As required under the Inspector General Act of 1978, as
amended, we provide information on open and closed recommendations in each semiannual
report to the Congress.2
To maintain the focus on opportunities for improvement that our recommendations identify,
OIG publishes on its website a monthly report setting forth all open recommendations from
our audits, evaluations, and other studies.3 For additional information on any
recommendation, please click on the hyperlinked report number to access its underlying
report. This compendium is comprehensive as of September 1, 2021.
Because FHFA serves a unique role as both conservator and regulator of the Enterprises,
OIG’s responsibilities necessarily include oversight of FHFA’s actions in both of these roles,
in order to determine whether the Agency is fulfilling its statutory duties and responsibilities
and safeguarding the taxpayers’ resources. Our oversight role also reaches the Enterprises—
recipients of $191.5 billion in taxpayer monies—to ensure that they are satisfying their
obligations under the authority delegated to them in the conservatorships. Through oversight,
transparent reporting of results, and robust enforcement, OIG seeks to be a voice for, and
protect the interest of, those who have funded Treasury’s investment in the Enterprises—the
American taxpayers.
Tracking of OIG Recommendations
Our recommendations, like those of other inspectors general, are primarily made in written
reports issued by our Offices of Audits, Evaluations, and Compliance. We report the facts,
as found, and recommend actions to address any shortcomings we identify in FHFA’s
exercise of its statutory duties and responsibilities or by one or both Enterprises, in connection
with their execution of responsibilities delegated to them by FHFA, as conservator. FHFA is
provided an opportunity to provide a written response to OIG recommendations. FHFA’s
1
Includes public and non-public recommendations.
2
OIG’s semiannual reports are available at www.fhfaoig.gov/Reports/Semiannual.
3
This report does not include recommendations under consideration for work that is in progress.
OIG • September 1, 2021 4determinations whether to agree with OIG’s recommendations are included in our published
reports. Once FHFA has accepted an OIG recommendation, it reports to us on its efforts to
implement the “corrective action” that is intended to respond to the recommendation. When
FHFA believes that its implementation efforts are well underway or that implementation is
complete, FHFA provides that information to us, along with corroborating documents, and we
rely on those materials in determining whether to close recommendations. If the Agency
rejects a recommendation or conclusively refuses to implement an acceptable corrective
action, then we will close the recommendation and report it separately in this compendium.
Validation Testing
OIG typically relies on materials and representations from the Agency to close its
recommendations and may close some recommendations based on the Agency’s
representations as to the corrective actions it has taken. Accordingly, we are not always able
to assess, at the time of closure, whether the implementation actions by FHFA meet the letter
and spirit of the agreed-upon recommendation, nor can we determine, at closure, the longer-
term impact of the recommendation. To better assess both the implementation and impact of
OIG recommendations, we concluded that validation testing is needed. Such testing, and
disclosure of results of that testing, provides greater accountability and adds value to FHFA
and the American taxpayers it serves.
Because our Offices of Audits and Evaluations historically had not conducted extensive
corrective action verification testing, we created the Office of Compliance and Special
Projects. The primary operational role of that office is to examine closed recommendations to
assess independently FHFA’s implementation of the corrective actions it represented to OIG
that it intended to take, as well as the impact of those actions, and to publish reports of its
validation testing in “compliance reviews.” These compliance reviews enable our
stakeholders to assess the impact of OIG’s recommendations, as well as the efficacy of the
Agency’s implementation of those recommendations. Compliance reviews enhance OIG’s
ability to stimulate positive change in critical areas and promote economy, efficiency, and
effectiveness at FHFA.
Any open recommendations contained in published compliance reviews are included in this
compendium.
OIG • September 1, 2021 5OPEN RECOMMENDATIONS .....................................................
Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Open Recommendations
Conservatorship
Conflicts of Interest FHFA should direct FHFA employees to Improved oversight Corporate
monitor the review and resolution of Senior Governance:
Executive Officer disclosures of potential, Review and
actual, or apparent conflicts of interest to Resolution of
ensure that revised Board committee Conflicts of Interest
charter(s) and management policies and Involving Fannie
procedures are being followed. Mae’s Senior
Executive Officers
Highlight the Need
for Closer Attention
to Governance
Issues by FHFA
(EVL-2018-001,
January 31, 2018)4
FHFA, as conservator, should determine the Improved oversight Corporate
appropriate disciplinary action against the Governance:
Chief Executive Officer for his non- Fannie Mae Senior
disclosure and untimely disclosure of Executive Officers
conflict of interest matters. and Ethics Officials
Again Failed to
Follow
Requirements for
Disclosure and
Resolution of
Conflicts of
Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
4
This recommendation is being held open pending the completion of a related 2021 FHFA planned supervisory
activity in response to the second recommendation of EVL-2021-001, and OIG’s assessment of that supervisory
activity.
OIG • September 1, 2021 6Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA, as conservator, should provide timely Improved oversight Corporate
instruction to the Fannie Mae Board Governance:
regarding Fannie Mae Office of Compliance Fannie Mae Senior
and Ethics’ authority to interpret Chief Executive Officers
Executive Officer mitigation plans where and Ethics Officials
new facts are presented. Again Failed to
Follow
Requirements for
Disclosure and
Resolution of
Conflicts of
Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
In accordance with Recommendation 2, Improved oversight Corporate
FHFA, as conservator, should direct the Governance:
Fannie Mae Board and/or management to Fannie Mae Senior
amend and clarify the appropriate conflict Executive Officers
of interest governance documents to and Ethics Officials
identify all instances in which Fannie Mae Again Failed to
Office of Compliance and Ethics is required Follow
to submit conflict of interest matters Requirements for
involving the Chief Executive Officer to the Disclosure and
Fannie Mae Board of Directors’ Nominating Resolution of
and Corporate Governance Committee for Conflicts of
its resolution. Interest, Prompting
the Need for FHFA
Direction (EVL-
2021-001, March
15, 2021)
OIG • September 1, 2021 7Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Supervision
Examiner Capacity FHFA should develop a process that links Improved supervision Update on FHFA’s
annual Enterprise examination plans with Efforts to
core team resource requirements. Strengthen its
Capacity to Examine
the Enterprises
(EVL-2014-002,
December 19,
2013) and Despite
Prior
Commitments,
FHFA Has Not
Implemented a
Systematic
Workforce Planning
Process to
Determine Whether
Enough Qualified
Examiners are
Available to Assess
the Safety and
Soundness of
Fannie Mae and
Freddie Mac (AUD-
2020-004,
February 25, 2020)
OIG • September 1, 2021 8Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should establish a strategy to ensure Improved supervision Update on FHFA’s
that the necessary resources are in place to Efforts to
ensure timely and effective Enterprise Strengthen its
examination oversight. Capacity to
Examine the
Enterprises
(EVL-2014-002,
December 19,
2013) and Despite
Prior
Commitments,
FHFA Has Not
Implemented a
Systematic
Workforce Planning
Process to
Determine Whether
Enough Qualified
Examiners are
Available to Assess
the Safety and
Soundness of
Fannie Mae and
Freddie Mac (AUD-
2020-004,
February 25, 2020)
FHFA should assess whether the Division of Improved supervision FHFA Failed to
Enterprise Regulation (DER) has a sufficient Complete Non-MRA
complement of qualified examiners to Supervisory
conduct and complete those examinations Activities Related to
rated by DER to be of high-priority within Cybersecurity Risks
each supervisory cycle and address the at Fannie Mae
resource constraints that have adversely Planned for the
affected DER’s ability to carry out its risk- 2016 Examination
based supervisory plans. Cycle (AUD-2017-
010, September
27, 2017)
OIG • September 1, 2021 9Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should assess whether DER has a Improved supervision FHFA’s Targeted
sufficient complement of qualified Examinations of
examiners to conduct and complete those Freddie Mac: Just
examinations rated by DER to be of high- Over Half of the
priority within each supervisory cycle and Targeted
address the resource constraints that have Examinations
adversely affected DER’s ability to carry out Planned for 2012
its risk-based supervisory plans. through 2015 Were
Completed (AUD-
2016-007,
September 30,
2016); FHFA’s
Targeted
Examinations of
Fannie Mae: Less
than Half of the
Targeted
Examinations
Planned for 2012
through 2015 Were
Completed and No
Examinations
Planned for 2015
Were Completed
Before the Report
of Examination
Issued (AUD-2016-
006, September
30, 2016)
OIG • September 1, 2021 10Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct DER to develop and Improved supervision Despite Prior
implement a systematic workforce planning Commitments,
process within 12 months that aligns with FHFA Has Not
Office of Personnel Management guidance Implemented a
and best practices and is fully documented Systematic
in writing. That process should include: Workforce Planning
• Identifying the current examination Process to
skills and competencies of its Determine Whether
examiners; Enough Qualified
Examiners are
• Forecasting the optimal staffing levels
and competencies needed to meet its Available to Assess
supervisory needs; the Safety and
Soundness of
• Evaluating whether a gap exists Fannie Mae and
between skills that its workforce may Freddie Mac (AUD-
currently need but does not possess; 2020-004,
and February 25,
• Addressing that gap. 2020)5
5
FHFA represented that its Agency-wide “Organizational Optimization Blueprint” project would address the spirit
of this recommendation. FHFA committed to providing OIG certain deliverables by October 30, 2020. Instead,
those deliverables were provided on March 9, 2021. In its Annual Performance Plan for FY 2021, FHFA assigned
the task of “an action plan to address improvement opportunities identified in FHFA’s optimization study to further
the development of a world-class supervision program” to FHFA’s Chief Operating Officer, with a target due date
of June 30, 2021.
OIG • September 1, 2021 11Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct DER to develop and Improved supervision Despite FHFA’s
implement a systematic workforce planning Recognition of
process within 12 months that aligns with Significant Risks
Office of Personnel Management guidance Associated with
and best practices and is fully documented. Fannie Mae’s and
That process should include: Freddie Mac’s
• Identifying the appropriate number of High-Risk Models,
Enterprise high-risk models to be its Examination of
examined each year through targeted Those Models Over
examinations; a Six Year Period
• Identifying the current examination Has Been Neither
skills and competencies of examiners Rigorous nor Timely
engaged in supervisory activities of (EVL-2020-001,
high-risk models; March 25, 2020)6
• Forecasting the optimal staffing levels
and competencies of examiners
necessary to complete the identified
number of targeted examinations of
high-risk models planned for each
examination cycle;
• Evaluating whether a gap exists
between skills required to conduct
supervision of high-risk models that its
examiners currently need but do not
possess; and
• Addressing that gap.
Based on the results of its workforce Improved supervision Despite FHFA’s
analysis, FHFA should conduct a written Recognition of
assessment of whether DER’s current Significant Risks
budget for its supervision of high-risk Associated with
models is sufficient. Fannie Mae’s and
Freddie Mac’s
High-Risk Models,
its Examination of
Those Models Over
a Six Year Period
Has Been Neither
Rigorous nor Timely
(EVL-2020-001,
March 25, 2020)
6
See prior footnote.
OIG • September 1, 2021 12Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Accreditation of FHFA should determine the causes of the Improved quality OIG’s Compliance
Examiners shortfalls in the Housing Finance Examiner Review of FHFA’s
Commission Program that we have Implementation of
identified, and implement a strategy to Its Housing Finance
ensure the program fulfills its central Examiner
objective of producing commissioned Commission
examiners who are qualified to lead major Program
risk sections of government-sponsored (COM-2015-001,
enterprise examinations. July 29, 2015) and
FHFA’s Housing
Finance Examiner
Commissioning
Program: $7.7
Million and Four
Years into the
Program, the
Agency has Fewer
Commissioned
Examiners (COM-
2018-006,
September 6,
2018)7
Risk Assessments FHFA should reinforce, through training and Improved supervision FHFA Failed to
supervision of DER personnel, the Complete Non-MRA
requirements established by FHFA, and Supervisory
reinforced by DER guidance, for the risk Activities Related to
assessment and supervisory planning Cybersecurity Risks
process. Specifically: at Fannie Mae
a. Ensure that the annual supervisory Planned for the
strategy identifies significant risks and 2016 Examination
supervisory concerns and explains how Cycle (AUD-2017-
the planned supervisory activities to be 010, September
conducted during the examination 27, 2017); FHFA
cycle address the most significant Did Not Complete
risks in the operational risk All Planned
assessment. (Applies to AUD-2017- Supervisory
010 and AUD-2017-011) Activities Related to
b. Ensure that supervisory activities Cybersecurity Risks
planned during an examination cycle at Freddie Mac for
to address the most significant risks in the 2016
the operational risk assessment are Examination Cycle
completed within the examination (AUD-2017-011,
cycle. (Applies to AUD-2017-010) September 27,
2017)
7
OIG has twice determined that the Housing Finance Examiner Commission Program was not on track to produce
commissioned examiners. This recommendation is open pending FHFA actions to assess and address the Program’s
shortfalls, and OIG’s assessment of those corrective actions.
OIG • September 1, 2021 13Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Going forward, FHFA should ensure a risk Improved supervision FHFA’s Failure to
assessment for Common Securitization Include the
Solutions, LLC is prepared and approved Financial Crimes
annually in accordance with DER and Model
requirements. Components in its
CSS Risk
Assessment Is
Inconsistent with a
Risk-Based
Approach to
Supervision (AUD-
2021-005, March
23, 2021)
FHFA should include all required Improved supervision FHFA’s Failure to
components, including the Financial Crimes Include the
and Model components, when preparing the Financial Crimes
annual risk assessment for Common and Model
Securitization Solutions, LLC. Components in its
CSS Risk
Assessment Is
Inconsistent with a
Risk-Based
Approach to
Supervision (AUD-
2021-005, March
23, 2021)
Assessing FHFA should ensure that Freddie Mac Improved remediation FHFA Failed to
Remediation of takes, or has taken, remedial action to of deficiencies Ensure Freddie
Deficiencies address the deficiency underlying the Mac’s Remedial
matter requiring attention (MRA) regarding Plans for a
the need to implement a process to verify Cybersecurity MRA
and monitor [certain matters]. Addressed All
Deficiencies; as
Allowed by its
Standard, FHFA
Closed the MRA
after Independently
Determining the
Enterprise
Completed its
Planned Remedial
Actions (AUD-2018-
008, March 28,
2018)8
8
This recommendation is being held open pending OIG’s assessment of a supervisory activity that FHFA completed
during the 2020 examination cycle related to the underlying deficiency of the MRA discussed in this report.
OIG • September 1, 2021 14Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should require DER, upon acceptance Improved remediation FHFA’s Inconsistent
of an Enterprise’s remediation plan, to of deficiencies Practices in
estimate the date by which it expects to Assessing
confirm internal audit’s validation, and to Enterprise
enter that date into a dedicated field in the Remediation of
MRA tracking system. [Closed in Serious
September 2017; reopened upon results of Deficiencies and
compliance testing.] Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016) and
Compliance Review
of the Timeliness of
FHFA’s
Assessments of the
Enterprises’
Remediation
Closure Packages
for a Matter
Requiring Attention
(COM-2020-001,
February 21, 2020)
Supervisory FHFA should determine the appropriate Improved supervision More than Eight
Oversight threshold or criteria for charging off Years After Issuing
delinquent single-family loans at the its Advisory
Enterprises and communicate that Bulletin, FHFA Has
threshold or criteria through revised or new Not Held the
Agency guidance. Enterprises to its
Expectations on
Charging off
Delinquent Loans
or Communicated
New Expectations
(EVL-2020-003,
September 10,
2020)
OIG • September 1, 2021 15Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should assess the Enterprises’ Improved supervision More than Eight
implementation of the revised or new Years After Issuing
Agency guidance to ensure that the its Advisory
Enterprises’ practices comport with FHFA’s Bulletin, FHFA Has
supervisory expectations. Not Held the
Enterprises to its
Expectations on
Charging off
Delinquent Loans
or Communicated
New Expectations
(EVL-2020-003,
September 10,
2020)
FHFA should ensure that the Office of Improved supervision Weaknesses in
Housing and Regulatory Policy (a) develops FHFA’s Monitoring
and issues written guidance to the of the Enterprises’
Enterprises on the data elements to be 97% LTV Mortgage
reported regularly for FHFA’s monitoring of Programs May
the 97% LTV mortgage programs and (b) Hinder FHFA’s
establishes quality control procedures to Ability to Timely
ensure that information reported by the Identify, Analyze,
Enterprises is reliable and conforms to the and Respond to
requirements of the written guidance. Risks Related to
Achieving the
Programs’
Objectives
(AUD-2020-014,
September 29,
2020)
FHFA should clarify and reinforce the Office Improved supervision Weaknesses in
of Housing and Regulatory Policy’s guidance FHFA’s Monitoring
regarding the frequency of 97% LTV of the Enterprises’
mortgage program monitoring dashboard 97% LTV Mortgage
preparation to Office of Housing and Programs May
Regulatory Policy staff and ensure that the Hinder FHFA’s
monitoring dashboards are prepared and Ability to Timely
reviewed in accordance with that guidance. Identify, Analyze,
and Respond to
Risks Related to
Achieving the
Programs’
Objectives
(AUD-2020-014,
September 29,
2020)
OIG • September 1, 2021 16Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Examiner FHFA should assess whether Fannie Mae’s Improved supervisory FHFA Examiners’
Assessment and remediation of its [redacted] is sufficient. oversight Lack of
Escalation of Assessment and
Shortcomings Escalation of
Shortcomings
Identified by an
Enterprise in its
Servicer Fraud Risk
Management
Framework Limited
the Agency’s
Supervisory
Oversight (EVL-
2020-002, August
27, 2020)
Examination FHFA should reinforce the requirement to Improved supervision FHFA Completed
Guidance examiners in charge and examination Most of its Planned
managers that changes to an examination Ongoing Monitoring
plan must be risk-based – changes in Activities for Fannie
Enterprise business operations or risk Mae and CSS for
exposures – and that resource constraints 2019; However,
are not accepted reasons for such changes. FHFA Failed to
Follow its
Requirements
When it Changed
Examination Plans
for Non-Risk-Based
Reasons and Failed
to Obtain Deputy
Director Approval
(AUD-2020-011,
September 9,
2020)
OIG • September 1, 2021 17Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should reinforce the requirement that Improved supervision FHFA Completed
any revisions to an examination plan must Most of its Planned
be approved in writing by the Deputy Ongoing Monitoring
Director. Activities for Fannie
Mae and CSS for
2019; However,
FHFA Failed to
Follow its
Requirements
When it Changed
Examination Plans
for Non-Risk-Based
Reasons and Failed
to Obtain Deputy
Director Approval
(AUD-2020-011,
September 9,
2020)
FHFA should define the term “supervisory Improved supervision FHFA’s Failure to
concern” as it is used in FHFA’s corporate Define and Clearly
governance regulation. Communicate
“Supervisory
Concerns” Hinders
the Enterprise
Boards’ Ability to
Execute Their
Oversight
Obligations Under
FHFA’s Corporate
Governance
Regulation and
Renders the
Regulation
Ineffective as a
Supervisory Tool
(EVL-2021-003,
March 30, 2021)
OIG • September 1, 2021 18Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should develop examination guidance Improved supervision FHFA’s Failure to
that explains how supervisory concerns Define and Clearly
should be described and categorized in the Communicate
Reports of Examination, establishes DER’s “Supervisory
expectations for timely and appropriate Concerns” Hinders
remediation for each such concerns, and the Enterprise
prescribes how such concerns should be Boards’ Ability to
monitored until they are fully remediated. Execute Their
Oversight
Obligations Under
FHFA’s Corporate
Governance
Regulation and
Renders the
Regulation
Ineffective as a
Supervisory Tool
(EVL-2021-003,
March 30, 2021)
Examination FHFA should revise the Division of Federal Improved quality FHFA Conducted
Workpapers Home Loan Bank Regulation’s quality control BSA/AML Program
control procedures to specifically require Examinations of 10
that all examination workpapers supporting of 11 Federal
examination findings, conclusions, and Home Loan Banks
ratings directly prepared by the examiner-in- During 2016-2018
charge be reviewed by an individual who did in Accordance with
not participate in the examination. [Closed its Guidelines, But
in October 2019; reopened upon results of Failed to Support a
compliance testing.] Conclusion in the
Report of
Examination for the
Other Bank (AUD-
2019-008, July 10,
2019) and
Compliance Review
of DBR’s Quality
Control for
Examination Work
Performed by
Examiners-in-
Charge (COM-
2021-007, August
25, 2021)
OIG • September 1, 2021 19Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Quality Control FHFA’s Office of Minority and Women Improved quality Compliance Review
Reviews Inclusion should ensure that quality control of FHFA’s Office of
reviews are performed before issuing Minority and
diversity and inclusion examination findings Women Inclusion
to a regulated entity, as required by (COM-2019-005,
Supervision Directive 2017-01. June 24, 2019)
Counterparties and Third Parties
FHFA should ensure that DER uses its full Improved supervision Despite FHFA’s
range of available examination activities, Acknowledgement
including targeted examinations and when that Enterprise
appropriate, enhanced risk monitoring, to Reliance on Third-
provide comprehensive assessments of Parties Represents
known areas of high risk, like Fannie Mae’s a Significant
reliance on third-party vendors. Operational Risk,
No Targeted
Examinations of
Fannie Mae’s Third-
Party Risk
Management
Program Were
Completed Over a
Seven-Year Period
(AUD-2021-007,
March 29, 2021)
Information Technology
Information FHFA should comply with Financial Stability Improved risk FHFA Should Map
Technology Risk Oversight Council recommendations to management Its Supervisory
Examinations address the gaps, as prioritized, to reflect Standards for
and incorporate appropriate elements of Cyber Risk
the National Institute of Standards and Management to
Technology Framework. Appropriate
Elements of the
NIST Framework
(EVL-2016-003,
March 28, 2016)9
9
OIG is reviewing additional documentation provided by FHFA during this reporting period to assess whether the
Agency has adequately addressed this recommendation.
OIG • September 1, 2021 20Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should comply with Financial Stability Improved risk FHFA Should Map
Oversight Council recommendations to management Its Supervisory
revise existing regulatory guidance to reflect Standards for
and incorporate appropriate elements of Cyber Risk
the National Institute of Standards and Management to
Technology framework in a manner that Appropriate
achieves consistency with other federal Elements of the
financial regulators. NIST Framework
(EVL-2016-003,
March 28, 2016)10
Privacy Information FHFA should determine privacy controls that Improved protection of Audit of the Federal
and Data Protection are information system-specific, and/or privacy information Housing Finance
hybrid controls. Agency’s 2019
Privacy Program
(AUD-2019-009,
August 28, 2019)
FHFA should document privacy controls Improved protection of Audit of the Federal
within each system’s system security plan privacy information Housing Finance
or system-specific privacy plan, clearly Agency’s 2019
identifying whether controls are program Privacy Program
level, common, information system-specific, (AUD-2019-009,
or hybrid. August 28, 2019)
FHFA should update the privacy impact Improved protection of Audit of the Federal
assessments using the privacy impact privacy information Housing Finance
assessments template for Affordable Agency’s 2021
Housing Project, Federal Human Resources Privacy Program
Navigator, and Suspended Counterparty (AUD-2021-011,
System. August 11, 2021)
FHFA should ensure privacy impact Improved protection of Audit of the Federal
assessments are conducted timely using privacy information Housing Finance
the privacy impact assessments template in Agency’s 2021
accordance with the FHFA Privacy Program Privacy Program
Plan (i.e., before a new system is (AUD-2021-011,
developed, after a significant change to a August 11, 2021)
system, or within three years of the privacy
impact assessments).
10
See prior footnote.
OIG • September 1, 2021 21Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should update the Privacy Continuous Improved protection of Audit of the Federal
Monitoring Strategy to ensure that it privacy information Housing Finance
reflects the FHFA’s current privacy control Agency’s 2021
assessment process in accordance with Privacy Program
Office of Management and Budget Circular (AUD-2021-011,
A-130. August 11, 2021)
FHFA should develop and implement Improved protection of Audit of the Federal
Privacy Control Assessment plans, that privacy information Housing Finance
include all required elements. Agency’s 2021
Privacy Program
(AUD-2021-011,
August 11, 2021)
FHFA should ensure Privacy Control Improved protection of Audit of the Federal
Assessments are performed for all systems privacy information Housing Finance
that collect PII. Agency’s 2021
Privacy Program
(AUD-2021-011,
August 11, 2021)
FHFA Information Because information in this report could be Improved information Audit of the Federal
Technology Security used to circumvent FHFA’s internal controls, security Housing Finance
and Availability it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2019
(AUD-2020-001,
October 25, 2019)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
OIG • September 1, 2021 22Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
Because information in this report could be Improved information Audit of the Federal
used to circumvent FHFA’s internal controls, security Housing Finance
it has not been released publicly. Agency’s
Information
Security Program
Fiscal Year 2020
(AUD-2021-001,
October 20, 2020)
OIG • September 1, 2021 23Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should ensure that outdated Improved information 2019 Internal
[redacted] and [redacted] protocols in security Penetration Test of
FHFA’s systems are disabled or upgraded in FHFA’s Network
a timely manner in accordance with and Systems (AUD-
National Institute of Standards and 2019-014,
Technology directives. September 24,
2019)
FHFA should modify existing cloud-based Improved information FHFA Failed to
General Support System Tool contracts to security Follow its Cloud-
include the required IT security provisions Based Computing
and ensure future cloud-based General Requirements
Support System Tool contracts include all when it Did Not
required provisions. Validate the
Implementation of
Minimum Security
Requirements for
Cloud-Based Tools
and Did Not Include
Required IT
Security Provisions
in Some of its
Cloud Service
Contracts (AUD-
2020-013,
September 17,
2020)
FHFA should implement multifactor Improved information Audit of an FHFA
authentication for [redacted] for security Sensitive
Employment Matters Tracking System Employment-
database servers. Related Case
Tracking System:
FHFA Followed its
Access Control
Standard, But its
System Is Adversely
Impacted by Two
Security Control
Weaknesses (AUD-
2021-006, March
29, 2021)
OIG • September 1, 2021 24Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should send Employment Matters Improved information Audit of an FHFA
Tracking System [redacted] for correlation security Sensitive
and analysis. Employment-
Related Case
Tracking System:
FHFA Followed its
Access Control
Standard, But its
System Is Adversely
Impacted by Two
Security Control
Weaknesses (AUD-
2021-006, March
29, 2021)
Agency Operations
Oversight of FHFA FHFA should develop written procedures for Improved management FHFA Should Name
Workforce Matters carrying out the functions of the Office of of a statutory function an Ombudsman
the Ombudsman, to include procedures for and Document the
documenting that all incoming complaints Office of the
and appeals are tracked, considered, and Ombudsman’s
appropriately resolved. In developing these Procedures (AUD-
procedures, the guidance published by the 2019-011,
Coalition of Federal Ombudsmen should be September 16,
taken into consideration. 2019)
Management of FHFA should include all National Archives Improved records FHFA Needs to
Agency Records and Records Administration-required management Strengthen
content topics in annual records Controls Over its
management training provided to FHFA Records
employees and contractor employees. Management
Program to Comply
with OMB and
NARA
Requirements
(AUD-2020-008,
March 26, 2020)
OIG • September 1, 2021 25Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Enterprise Risk Going forward, FHFA should ensure Annual Improved risk FHFA Followed
Management Risk Profiles include all significant risk management OMB Guidance in
response action items designed to reduce Implementing its
identified risks, such as FHFA’s Enterprise Risk
organizational optimization Blueprint Management
project, along with identifying the owners of Program But its
those risk response action items and target 2020 Risk Profile
completion dates. Failed to Identify a
Significant Action
Underway to
Address
Acknowledged
Supervision Risk
(AUD-2021-004,
March 17, 2021)
FHFA should develop written policies and Improved risk FHFA Followed
procedures for its Enterprise Risk management OMB Guidance in
Management program. Implementing its
Enterprise Risk
Management
Program But its
2020 Risk Profile
Failed to Identify a
Significant Action
Underway to
Address
Acknowledged
Supervision Risk
(AUD-2021-004,
March 17, 2021)
OIG • September 1, 2021 26Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Policies for FHFA should reinforce FHFA’s program Improved internal FHFA Did Not
Monetary Awards, policies and procedures through a reminder controls Always Follow its
Recruitment to FHFA supervisors and senior officials Policies for
Bonuses, and involved in initiating, reviewing, and Monetary Awards,
Retention approving monetary awards, recruitment Recruitment
Allowances bonuses, and retention allowances to: Bonuses, and
• Obtain the requisite concurrence Retention
from the supervisors of record and Allowances during
second-level supervisors, when Fiscal Years 2019
applicable, for monetary awards, and 2020; FHFA’s
• Ensure documentation supporting Excellence Awards
recruitment bonuses for non- Were Not Included
executive, mission-critical positions in Agency Policy
cite how the positions were (AUD-2021-008,
recruitment challenges, and June 17, 2021)
• Ensure documentation supporting
retention allowances cite that non-
executive employees were offered
non-FHFA employment or applied
for retirement.
FHFA should ensure that the Excellence Improved internal FHFA Did Not
Awards program is included in the planned controls Always Follow its
revision to the FHFA Awards Policy before Policies for
such awards are made again. Monetary Awards,
Recruitment
Bonuses, and
Retention
Allowances during
Fiscal Years 2019
and 2020; FHFA’s
Excellence Awards
Were Not Included
in Agency Policy
(AUD-2021-008,
June 17, 2021)
OIG • September 1, 2021 27Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Data Quality FHFA should complete in an expedited Improved data quality FHFA Lacked
manner, its evaluation and development Documentation of
activities related to FHFA Information its Validation of
Quality Guidelines in response to M-19-15, Data Used to
the Office of Management and Budget’s Produce the Third
Memorandum on Improving Implementation Quarter 2020
of the Information Quality Act, and update Seasonally
the Guidelines, as deemed necessary. Adjusted,
Expanded-Data
FHFA HPI and
Failed to Timely
Review its
Information Quality
Guidelines (AUD-
2021-010, July 22,
2021)
OIG • September 1, 2021 28CLOSED UNIMPLEMENTED RECOMMENDATIONS .....................
The Inspector General Act of 1978 does not authorize any federal inspector general to compel
its respective agency to adopt new policies or processes or take personnel actions to correct
shortcomings found in their audits, evaluations, and investigations. Rather, the Act empowers
inspectors general to recommend remedial actions to correct such shortcomings, and the
affected agency determines whether or not to accept the recommendations.
We believe it is important to be transparent and distinguish between recommendations
that have been closed in light of appropriate movement toward implementation and
recommendations that have been closed in light of FHFA’s refusal to take any action.
For those recommendations closed due to rejection by FHFA, we continue to stand by our
findings and believe that the Agency should have undertaken the recommended actions.
The recommendations listed below represent those that have been closed following FHFA’s
rejection and were not implemented.
Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Closed Unimplemented Recommendations
Conservatorship
Oversight of FHFA should develop a strategy to enhance Improved oversight Compliance Review
Enterprise Executive the Executive Compensation Branch’s of FHFA’s Oversight
Compensation capacity to review the reasonableness and of Enterprise
justification of the Enterprises’ annual Executive
proposals to compensate their executives Compensation
based on Corporate Scorecard Based on
performance. To this end, FHFA should Corporate
ensure that: the Enterprises submit Scorecard
proposals containing information sufficient Performance (COM-
to facilitate a comprehensive review by the 2016-002, March
Executive Compensation Branch; the 17, 2016)
Executive Compensation Branch tests and
verifies the information in the Enterprises’
proposals, perhaps on a randomized basis;
and the Executive Compensation Branch
follows up with the Enterprises to resolve
any proposals that do not appear to be
reasonable and justified.
OIG • September 1, 2021 29Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should develop a policy under which it Improved oversight Compliance Review
is required to notify OIG within 10 days of its of FHFA’s Oversight
decision not to fully implement, of Enterprise
substantially alter, or abandon a corrective Executive
action that served as the basis for OIG’s Compensation
decision to close a recommendation. Based on
Corporate
Scorecard
Performance (COM-
2016-002, March
17, 2016)
FHFA should re-assess the appropriateness Improved governance FHFA’s Approval of
of the annual compensation package of Senior Executive
$3.6 million to the Fannie Mae President Succession
with consideration paid to the following Planning at Fannie
factors: the congressional intent behind the Mae Acted to
statutory cap on compensation; Fannie Circumvent the
Mae’s continued conservatorship status Congressionally
and the burdens imposed on the taxpayers Mandated Cap on
from that status; and the 10-year practice CEO Compensation
at Fannie Mae where one individual (EVL-2019-001,
executed the responsibilities of both the March 26, 2019)
Chief Executive Officer and President
positions, with annual compensation
capped at $600,000 since 2015.
FHFA should re-assess the appropriateness Improved governance FHFA’s Approval of
of the annual compensation package of Senior Executive
$3.25 million to the Freddie Mac President Succession
with consideration paid to the following Planning at Freddie
factors: the congressional intent behind the Mac Acted to
statutory cap on compensation; Freddie Circumvent the
Mac’s continued conservatorship status Congressionally
and the burdens imposed on the taxpayers Mandated Cap on
from that status; the 10-year practice at CEO Compensation
Freddie Mac where one individual executed (EVL-2019-002,
the Chief Executive Officer responsibilities March 26, 2019)
with annual compensation capped at
$600,000 since 2015; and the temporary
nature of the position of President, in light
of FHFA’s representation that Candidate A
will leave Freddie Mac if he is not selected
for the Chief Executive Officer position.
OIG • September 1, 2021 30Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Oversight of FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Servicing Alignment Goals Deputy Director should establish an compliance and of the Servicing
Initiative ongoing process to evaluate servicers’ minimized losses Alignment Initiative
Servicing Alignment Initiative compliance (EVL-2014-003,
and the effectiveness of the Enterprises’ February 12, 2014)
remediation efforts.
FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Goals Deputy Director should direct the compliance and of the Servicing
Enterprises to provide routinely their minimized losses Alignment Initiative
internal reports and reviews for the Division (EVL-2014-003,
of Housing Mission and Goals’ assessment. February 12, 2014)
FHFA’s Division of Housing Mission and Improved servicing FHFA’s Oversight
Goals Deputy Director should regularly compliance and of the Servicing
review Servicing Alignment Initiative-related minimized losses Alignment Initiative
guidelines for enhancements or revisions, (EVL-2014-003,
as necessary, based on servicers’ actual February 12, 2014)
versus expected performance.
Oversight of Fannie FHFA should ensure that it has adequate Improved oversight Management Alert:
Mae Headquarters internal staff, outside contractors, or both, Need for Increased
Consolidation and who have the professional expertise and Oversight by FHFA,
Relocation experience in commercial construction to as Conservator of
oversee the build-out plans and associated Fannie Mae, of the
budget(s), as Fannie Mae continues to Projected Costs
revise and refine them. Associated with
Fannie Mae’s
Headquarters
Consolidation and
Relocation Project
(COM-2016-004,
June 16, 2016)
FHFA should direct Fannie Mae to provide Improved oversight Management Alert:
regular updates and formal budgetary Need for Increased
reports to the Division of Conservatorship Oversight by FHFA,
(now known as the Division of Resolutions) as Conservator of
for its review and for FHFA approval through Fannie Mae, of the
the design and construction of Fannie Projected Costs
Mae’s leased space in Midtown Center. Associated with
Fannie Mae’s
Headquarters
Consolidation and
Relocation Project
(COM-2016-004,
June 16, 2016)
OIG • September 1, 2021 31Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Oversight of Fannie To reduce the waste from Option C (the Reduced waste Consolidation and
Mae Northern option Fannie Mae selected for its future Relocation of
Virginia operations in Northern Virginia), FHFA, Fannie Mae’s
Consolidation and consistent with its duties as conservator, Northern Virginia
Relocation should cause Fannie Mae to calculate the Workforce (OIG-
net present value for a Status Quo Option, 2018-004,
and calculate the costs associated with September 6,
terminating the lease with Boston 2018)
Properties.
To reduce the waste from Option C, FHFA, Reduced waste Consolidation and
consistent with its duties as conservator, Relocation of
should direct Fannie Mae to terminate the Fannie Mae’s
lease, cancel the sale of the three owned Northern Virginia
buildings, and implement the Status Quo Workforce (OIG-
Option, should the net present value for a 2018-004,
Status Quo Option and the termination September 6,
costs be lower than the adjusted net 2018)
present value for Option C.
Conflicts of Interest Take appropriate action to address conflicts Improved oversight Administrative
of interest issue involving an entity within Investigation into
FHFA’s oversight authority. Public release Anonymous Hotline
by OIG of certain information in the Complaints
Management Alert and accompanying Concerning
expert report is prohibited by the Privacy Act Timeliness and
of 1974 (Pub.L. 93–579, 88 Stat. 1896, Completeness of
enacted December 31, 1974, 5 U.S.C. § Disclosures
552a). Regarding a
Potential Conflict of
Interest by a Senior
Executive Officer of
an Enterprise (OIG-
2017-004, March
23, 2017)
OIG • September 1, 2021 32Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Take appropriate action to address conflicts Improved oversight Administrative
of interest issue involving an entity within Investigation into
FHFA’s oversight authority. Public release Anonymous Hotline
by OIG of certain information in the Complaints
Management Alert and accompanying Concerning
expert report is prohibited by the Privacy Act Timeliness and
of 1974 (Pub.L. 93–579, 88 Stat. 1896, Completeness of
enacted December 31, 1974, 5 U.S.C. § Disclosures
552a). Regarding a
Potential Conflict of
Interest by a Senior
Executive Officer of
an Enterprise (OIG-
2017-004, March
23, 2017)
Supervision
Examination DER should adopt a comprehensive Improved efficiency Evaluation of the
Recordkeeping examination workpaper index and Division of
Practices standardize electronic workpaper folder Enterprise
structures and naming conventions Regulation’s 2013
between the two Core Teams. In addition, Examination
FHFA and DER should upgrade Records:
recordkeeping practices as necessary to Successes and
enhance the identification and retrieval of Opportunities (EVL-
critical workpapers. 2015-001, October
6, 2014)
Examination FHFA should establish and communicate Improved supervision Five Years After
Guidance clear expectations for use of revised and Issuance, Many
new examination modules by DER Examination
examiners. Modules Remain in
Field Test; FHFA
Should Establish
Timelines and
Processes to
Ensure Timely
Revision of
Examiner Guidance
(EVL-2019-003,
September 10,
2019)
OIG • September 1, 2021 33Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
Oversight of FHFA should review FHFA’s existing Improved remediation FHFA’s Examiners
Enterprise requirements, guidance, and processes of deficiencies Did Not Meet
Remediation of regarding MRAs against the requirements, Requirements and
Deficiencies guidance, and processes adopted by the Guidance for
Office of the Comptroller of the Currency, Oversight of an
the Board of Governors of the Federal Enterprise’s
Reserve System, and other federal financial Remediation of
regulators including, but not limited to, Serious
content of an MRA; standards for proposed Deficiencies (EVL-
remediation plans; approval authority for 2016-004, March
proposed remediation plans; real-time 29, 2016)
assessments at regular intervals of the
effectiveness and timeliness of an
Enterprise’s MRA remediation efforts; final
assessment of the effectiveness and
timeliness of an Enterprise’s MRA
remediation efforts; and required
documentation for examiner oversight of
MRA remediation.
Based on the results of the review in Improved remediation FHFA’s Examiners
recommendation 1, FHFA should assess of deficiencies Did Not Meet
whether any of the existing requirements, Requirements and
guidance, and processes adopted by FHFA Guidance for
should be enhanced, and make such Oversight of an
enhancements. Enterprise’s
Remediation of
Serious
Deficiencies (EVL-
2016-004, March
29, 2016)
Communication of FHFA should revise its supervision guidance Improved Board FHFA’s Supervisory
Deficiencies to to require DER to provide the Chair of the oversight Standards for
Enterprise Boards Audit Committee of an Enterprise Board Communication of
with each plan submitted by Enterprise Serious
management to remediate an MRA with Deficiencies to
associated timetables and the response by Enterprise Boards
DER. and for Board
Oversight of
Management’s
Remediation
Efforts are
Inadequate (EVL-
2016-005, March
31, 2016)
OIG • September 1, 2021 34Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should revise its supervision guidance Improved supervision FHFA’s Supervisory
to require DER to provide the Chair of the Standards for
Audit Committee of an Enterprise Board Communication of
with each conclusion letter setting forth an Serious
MRA. Deficiencies to
Enterprise Boards
and for Board
Oversight of
Management’s
Remediation
Efforts are
Inadequate (EVL-
2016-005, March
31, 2016)
FHFA should direct DER to develop detailed Improved Board FHFA Failed to
guidance and promulgate that guidance to oversight Consistently Deliver
each Enterprise’s board of directors that Timely Reports of
explains: Examination to the
• The purpose for DER’s annual Enterprise Boards
presentation to each Enterprise board and Obtain Written
of directors on the ROE results, Responses from
conclusions, and supervisory concerns the Boards
and the opportunity for directors to ask Regarding
questions and discuss ROE Remediation of
examination conclusions and Supervisory
supervisory concerns at that Concerns Identified
presentation; and in those Reports
(EVL-2016-009,
• The requirement that each Enterprise
board of directors submit a written July 14, 2016)
response to the annual ROE to DER
and the expected level of detail
regarding ongoing and contemplated
remediation in that written response.
OIG • September 1, 2021 35Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should direct the Enterprises’ boards Improved Board FHFA Failed to
to amend their charters to require review by oversight Consistently Deliver
each director of each annual ROE and Timely Reports of
review and approval of the written response Examination to the
to DER in response to each annual ROE. Enterprise Boards
and Obtain Written
Responses from
the Boards
Regarding
Remediation of
Supervisory
Concerns Identified
in those Reports
(EVL-2016-009,
July 14, 2016)
Assessing FHFA should ensure that the underlying Improved remediation FHFA’s Inconsistent
Remediation of remediation documents, including the of deficiencies Practices in
Deficiencies Procedures Document, are readily available Assessing
by direct link or other means, through DER’s Enterprise
MRA tracking system(s). Remediation of
Serious
Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
FHFA should require DER to track interim Improved remediation FHFA’s Inconsistent
milestones and to independently assess of deficiencies Practices in
and document the timeliness and adequacy Assessing
of Enterprise remediation of MRAs on a Enterprise
regular basis. Remediation of
Serious
Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
OIG • September 1, 2021 36Specific Risk to be Report Name and
Recommendation Expected Impact
Mitigated Date
FHFA should require the Enterprises to Improved remediation FHFA’s Inconsistent
provide, in their remediation plans, the of deficiencies Practices in
target date in which their internal audit Assessing
departments expect to validate Enterprise
management’s remediation of MRAs, and Remediation of
require examiners to enter that date into a Serious
dedicated field in the MRA tracking system. Deficiencies and
Weaknesses in its
Tracking Systems
Limit the
Effectiveness of
FHFA’s Supervision
of the Enterprises
(EVL-2016-007,
July 14, 2016)
FHFA should periodically conclude, based Improved remediation FHFA Requires the
upon sufficient examination work, on the of deficiencies Enterprises’
overall effectiveness of the Internal Audit Internal Audit
functions at Fannie Mae and Freddie Mac. Functions to
Validate
Remediation of
Serious
Deficiencies but
Provides No
Guidance and
Imposes No
Preconditions on
Examiners’ Use of
that Validation
Work (EVL-2018-
002, March 28,
2018)
OIG • September 1, 2021 37You can also read
