oversight

FHFA Should Re-evaluate and Revise Fraud Reporting by the Enterprises to Enhance its Utility

Published by the Federal Housing Finance Agency, Office of Inspector General on 2018-09-24.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

             Federal Housing Finance Agency
                 Office of Inspector General




    FHFA Should Re-evaluate and
    Revise Fraud Reporting by the
   Enterprises to Enhance its Utility




Evaluation Report • EVL-2018-004 • September 24, 2018
                Executive Summary
                Pursuant to the Housing and Economic Recovery Act of 2008 (HERA),
                the Federal Housing Finance Agency (FHFA or Agency) is the safety and
                soundness regulator for Fannie Mae and Freddie Mac (the Enterprises) and
                for the Federal Home Loan Banks. Within FHFA, its Division of Federal
                Home Loan Bank Regulation is responsible for the supervision of the
EVL-2018-004    FHLBanks and the Office of Finance, and its Division of Enterprise
                Regulation (DER) is responsible for the supervision of the Enterprises.
September 24,
    2018        HERA requires the Enterprises to establish and maintain procedures designed
                to discover and report instances of fraud and possible fraud. In 2010, FHFA
                promulgated a regulation to implement HERA’s fraud reporting requirements.
                This regulation requires each Enterprise to report to the FHFA Director
                instances of fraud and possible fraud relating to the purchase or sale of
                fraudulent loans or financial instruments. In addition, FHFA Advisory
                Bulletin 2015-02, Enterprise Fraud Reporting, directs the Enterprises
                to submit monthly and quarterly fraud status reports. FHFA provided
                standardized templates for specifying the information the Enterprises should
                include in their monthly and quarterly reports. Similarly, under the Bank
                Secrecy Act, the Enterprises are required to report fraud and other suspicious
                activities to the Financial Crimes Enforcement Network, a bureau of the U.S.
                Department of the Treasury.

                FHFA is responsible for examining and monitoring the Enterprises’ fraud risk
                management practices and overseeing the Enterprises’ compliance with FHFA
                fraud reporting requirements. FHFA recognizes that timely fraud reporting to
                the Agency is essential to maintain the Enterprises’ safe and sound condition.

                This evaluation reviews the applicable requirements and guidance governing
                the Enterprises’ obligations to detect and report fraud, the Enterprises’ fraud
                detection and reporting practices, and FHFA’s use of the Enterprises’ fraud
                reports. We reviewed each Enterprise’s documented processes and
                interviewed key Enterprise personnel to understand its practices for reporting
                fraud to FHFA. We also interviewed the examination managers and
                examiners responsible for the Enterprises’ fraud reporting.

                We found that FHFA does not make any documented, systematic use of the
                content of the Enterprises’ fraud reports. FHFA advised us that it recently
                began to analyze trends of the information in the Enterprises’ fraud reports.
                While FHFA has considered using that information for risk analysis, it has not
                developed any framework in which to assess that information.
                Because Congress required the Enterprises to prepare fraud reports and FHFA
                has directed them to submit detailed monthly and quarterly reports to meet
                this statutory requirement, we recommend that FHFA re-evaluate the fraud
                information it requires from the Enterprises and revise, as appropriate, its
                existing reporting requirements to enhance the utility of these reports with the
                goal of using these reports to inform its supervisory activities with respect to
                the risk that fraud poses to the Enterprises. FHFA agreed with our
EVL-2018-004    recommendation.

September 24,   We appreciate the cooperation of FHFA staff, as well as the assistance of all
    2018        those who contributed to the preparation of this report.

                This report has been distributed to Congress, the Office of Management and
                Budget, and others and will be posted on our website, www.fhfaoig.gov.




                Kyle D. Roberts
                Deputy Inspector General for Evaluations
TABLE OF CONTENTS ................................................................
EXECUTIVE SUMMARY .............................................................................................................2

ABBREVIATIONS .........................................................................................................................5

BACKGROUND .............................................................................................................................6
      Obligations of the Enterprises to Report Possible Fraud ..........................................................6
      Obligations of FHFA Regarding Enterprise Fraud Reporting ..................................................8

FACTS AND ANALYSIS...............................................................................................................8
      The Enterprises’ Current Fraud Detection and Reporting ........................................................8
      FHFA Supervision of Enterprise Fraud Detection and Reporting Under AB 2015-02 ..........10
              Receiving the Reports—Who, How, When ....................................................................10
              Compliance Monitoring ..................................................................................................10
              Use of Reports ................................................................................................................10
              Development of Analytics ..............................................................................................11

FINDING .......................................................................................................................................12
      FHFA does not make any documented, systematic use of the content of the
      Enterprises’ required monthly and quarterly fraud reports.....................................................12

CONCLUSIONS............................................................................................................................12

RECOMMENDATION .................................................................................................................13

FHFA COMMENTS AND OIG RESPONSE ...............................................................................13

OBJECTIVE, SCOPE, AND METHODOLOGY .........................................................................14

APPENDIX: FHFA MANAGEMENT RESPONSE ....................................................................15

ADDITIONAL INFORMATION AND COPIES .........................................................................16




                                         OIG • EVL-2018-004 • September 24, 2018                                                              4
ABBREVIATIONS .......................................................................

AB                 Advisory Bulletin

BSA                Bank Secrecy Act

DER                Division of Enterprise Regulation

Enterprises        Fannie Mae and Freddie Mac, collectively

Fannie Mae         Federal National Mortgage Association

FHFA               Federal Housing Finance Agency

FinCEN             Financial Crimes Enforcement Network

Freddie Mac        Federal Home Loan Mortgage Corporation

HERA               Housing and Economic Recovery Act of 2008

OGC                FHFA’s Office of General Counsel

ORP                Office of Risk and Policy

SAR                Suspicious Activity Report




                        OIG • EVL-2018-004 • September 24, 2018                     5
BACKGROUND ..........................................................................

In a recent report, we explained that the Enterprises face the risk of fraud throughout the
mortgage life cycle. 1 Fraud may be perpetrated by various participants in the mortgage
market, including borrowers, loan originators, mortgage brokers, loan sellers, attorneys,
servicers, appraisers, property managers, and insiders. FHFA recognizes that fraud may
subject an Enterprise to significant financial, operational, legal, or reputational harm.
Accordingly, the Enterprises have long been required to report fraud to their supervisory
agency. 2

During our fieldwork for that report, we identified issues that warranted attention but fell
outside the scope of our review. This evaluation describes the Enterprises’ fraud detection
and reporting and assesses FHFA’s supervision and use of that fraud reporting.

Obligations of the Enterprises to Report Possible Fraud

The Housing and Economic Recovery Act of 2008 (HERA) requires each Enterprise to
establish and maintain procedures designed to discover when it has purchased or sold a
fraudulent loan or financial instrument, and to submit “a timely report upon discovery . . . that
it has purchased or sold a fraudulent loan or financial instrument, or suspects a possible fraud
relating to the purchase or sale of any loan or financial instrument.”

In 2010, FHFA promulgated a regulation to implement HERA’s fraud reporting
requirements. 3 The regulation requires each Enterprise to submit to the FHFA Director “a
timely written report upon discovery . . . that it has purchased or sold a fraudulent loan or
financial instrument, or suspects a possible fraud relating to the purchase or sale of any loan
or financial instrument.” The regulation also requires each Enterprise to immediately report a
fraud or possible fraud to the Director that “would have a significant impact.” 4 The


1
 See OIG, FHFA Should Address the Potential Disparity Between the Statutory Requirement for Fraud
Reporting and its Implementing Regulation and Advisory Bulletin (Mar. 23, 2018) (COM-2018-002) (online at
www.fhfaoig.gov/Content/Files/2018_03_23 Enterprise Fraud Reporting.FINAL_.pdf).
2
  The requirement that the Enterprises report fraud to their primary regulator was first established by FHFA’s
predecessor agency, the Office of Federal Housing Enterprise Oversight (OFHEO). The requirement was
established in 2005 and codified at 12 C.F.R. Part 1731 (2006).
3
    12 C.F.R. Part 1233.
4
 We have previously observed that this regulation “appears to contemplate a degree of inquiry and proof
beyond the statutory requirement that timely reporting occur when an entity ‘suspects’ a possible fraud.” See
OIG, FHFA Should Address the Potential Disparity Between the Statutory Requirement for Fraud Reporting
and its Implementing Regulation and Advisory Bulletin, at 8 (Mar. 23, 2018) (COM-2018-002) (online at
www.fhfaoig.gov/Content/Files/2018_03_23 Enterprise Fraud Reporting.FINAL_.pdf).



                                 OIG • EVL-2018-004 • September 24, 2018                                         6
regulation defines “fraud” to mean: “a misstatement, misrepresentation, or omission that
cannot be corrected and that was relied upon by a regulated entity to purchase or sell a loan or
financial instrument.”

The Enterprises also have fraud reporting obligations under the Bank Secrecy Act (BSA).
The BSA authorizes the U.S. Department of the Treasury (Treasury) to require financial
institutions to keep records and file reports. The Financial Crimes Enforcement Network
(FinCEN), a bureau of the Treasury, implements, administers, and enforces compliance with
the BSA and its implementing regulations. FinCEN issued a final rule (FinCEN Rule) in
2014 that defines the Enterprises as financial institutions for the purposes of the BSA. 5 Under
the rule, each Enterprise must implement an anti-money laundering program and report
suspicious activities—including suspected money laundering and mortgage fraud—to
FinCEN in Suspicious Activity Reports (SARs). 6

In March 2015, FHFA issued Advisory Bulletin 2015-02, Enterprise Fraud Reporting
(AB 2015-02 or the Advisory Bulletin), which remains in effect. AB 2015-02 directs each
Enterprise to submit monthly fraud status reports to FHFA containing information regarding
(a) the SARs filed with FinCEN during the previous month and (b) all known or suspected
possible fraud relating to the purchase or sale of a loan or financial instrument for which the
Enterprise has not filed a SAR. In addition, AB 2015-02 directs each Enterprise to submit
quarterly reports to FHFA on the status of matters “required to be reported in the monthly
fraud status report for which the Enterprise’s fraud unit has opened a case.” 7 FHFA provided
templates specifying the information the Enterprises should include in their monthly and
quarterly reports.




5
 Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Housing
Government Sponsored Enterprises 79 Fed. Reg. 10365, codified at 31 C.F.R. Parts 1010 and 1030. The
FinCEN Rule required compliance with its provisions on or before August 25, 2014. 31 C.F.R. §§ 1030.210(d)
and 1030.320(g).
6
  FinCEN has a long-established reporting regime requiring financial institutions to file SARs. Prior to the
FinCEN Rule, FHFA acted as an intermediary between the Enterprises and FinCEN with respect to fraud
reporting. The Enterprises filed fraud reports with FHFA, and FHFA would review and file them with FinCEN
as appropriate.
7
 AB 2015-02 also provided guidance regarding the circumstances in which FHFA expects an immediate
notification of fraud or possible fraud pursuant to 12 C.F.R. Part 1233. FHFA’s oversight of the Enterprises’
compliance with the AB’s immediate notification requirement is outside the scope of this evaluation.



                                 OIG • EVL-2018-004 • September 24, 2018                                        7
Obligations of FHFA Regarding Enterprise Fraud Reporting

HERA vests FHFA with responsibilities as the safety, soundness, and housing mission
regulator for the Enterprises. 8 According to FHFA, effective fraud risk management,
including timely fraud reporting to the Agency, is essential to maintain the Enterprises’ safe
and sound condition.

FHFA performs its obligations to supervise the Enterprises through DER. DER is responsible
for examining and monitoring the Enterprises’ fraud risk management practices generally and
overseeing the Enterprises’ compliance with FHFA’s fraud reporting requirements. The
FHFA senior official responsible for leading the annual onsite examination of each Enterprise
(the examiner-in-charge) is designated “to receive reports of fraud or possible fraud relating to
the purchase or sale of a financial instrument or loan.”


FACTS AND ANALYSIS ...............................................................

The Enterprises’ Current Fraud Detection and Reporting

FHFA’s regulation does not prescribe any specific design or methodology for mortgage fraud
detection and reporting; it requires only that each Enterprise establish and maintain “adequate
and efficient internal controls, policies, procedures, and an operational training program to
discover and report fraud or possible fraud in connection with the purchase or sale of any loan
or financial instrument.” Both Enterprises follow the same basic sequence of actions to detect
and report possible fraud: (1) tip intake, (2) assessment of pertinent facts, and (3) reporting, if
fraud is identified or the Enterprise suspects possible fraud. Reporting, if warranted, is to
FinCEN in the case of SARs and to FHFA in monthly and quarterly reports.

A “tip” can come from an internal or external source. Internal sources include the units at
each Enterprise that perform post-purchase loan quality control reviews. Quality control
personnel may identify anomalies in loan file information and data that may lead to an
assessment for fraud or possible fraud. Tips also come from external sources, currently
most often from loan sellers or servicers. For both Enterprises, most tips come from external
sources.




8
  FHFA replaced OFHEO and the Federal Housing Finance Board as the primary regulator for the Enterprises
and the Federal Home Loan Bank System, respectively. HERA also authorized FHFA to place the Enterprises
into conservatorships. In September 2008, FHFA exercised that authority and the Enterprises have operated in
conservatorship since then.



                                OIG • EVL-2018-004 • September 24, 2018                                        8
After a tip is received, the Enterprise assesses it for fraud or a suspicion of possible fraud.
Each Enterprise has its own practices, systems, and staff responsibilities for determining
whether to file a SAR, and for identifying fraud or suspected possible fraud for reporting
to FHFA. Each Enterprise has also developed a system to prepare and submit the required
monthly and quarterly reports to FHFA.

Pursuant to AB 2015-02, Freddie Mac submits monthly reports to FHFA in which it lists the
SARs it filed with FinCEN during the preceding month. While its monthly reports do not
identify loans with suspected fraud for which SARs have not been filed, Freddie Mac’s
policies, procedures, and practices require Freddie Mac to file a SAR for every instance of
known suspicious activity. Similarly, Fannie Mae submits monthly reports to FHFA that list
the SARs filed with FinCEN during the preceding month. Its monthly reports also identify
loans found during the quality control process to contain a “misrepresentation” that amounted
to a “significant defect” under Fannie Mae’s quality control procedures. 9 While Fannie
Mae’s internal procedure states that not all misrepresentations constitute fraud or possible
suspected fraud, its internal systems do not distinguish between significant defect
misrepresentations for which it suspects possible fraud and those for which it does not.

Fannie Mae acknowledges that its monthly reports to FHFA, under AB 2015-02, identify
loans with significant defect misrepresentations that contain known or suspected possible
fraud as well as loans with significant defect misrepresentations that do not appear to contain
known or suspected possible fraud. In 2015, Fannie Mae disclosed its monthly reporting
practice to FHFA, and earlier this year, Fannie Mae notified FHFA that it considers its
monthly reporting practice (which goes beyond the requirements in AB 2015-02) to amount
to “over-reporting.” FHFA has not objected to this practice.

Pursuant to AB 2015-02, both Enterprises file quarterly reports with FHFA on the status of
matters “required to be reported in the monthly fraud status report for which the Enterprise’s
fraud unit has opened a case.”




9
  Fannie Mae’s policies use the term “misrepresentation” to capture a variety of loan defects. For example,
“misrepresentations” can include false information concerning the borrower’s eligibility for a loan, such as
misstatements of their residency, identity, employment, income, assets, debt, or credit performance. The term
also covers a range of severity to the Enterprise, from defects within a tolerance threshold that do not require
remediation to “significant defects” that warrant repurchase or another form of remediation. Reports submitted
under AB 2015-02 contain “significant defect” misrepresentations—that is, misrepresentations that cause the
loan to be ineligible for purchase under Fannie Mae’s Selling Guide.



                                 OIG • EVL-2018-004 • September 24, 2018                                           9
FHFA Supervision of Enterprise Fraud Detection and Reporting Under AB 2015-02

     Receiving the Reports—Who, How, When

FHFA receives monthly and quarterly fraud reports from the Enterprises electronically
through FHFA’s secure portal; these reports are accessible by DER examiners working
on fraud-related matters and by personnel from DER’s Office of Risk and Policy (ORP) and
Office of Enterprise Supervision Operations (OESO), and FHFA’s Office of General Counsel
(OGC). These reports are stored in FHFA’s document repository.

     Compliance Monitoring

DER monitors compliance through targeted examinations and ongoing monitoring. Targeted
examinations conducted in 2016 consisted of a baseline assessment of the Enterprises’ fraud
programs, including whether the Enterprises used the template to report information required
by AB 2015-02. DER found that both Enterprises used the required templates and did not
raise concerns about the Enterprises’ compliance with the Advisory Bulletin.

According to the 2017 supervisory plans, DER scheduled ongoing monitoring of the
Enterprises’ fraud risk management using the standards set forth in AB 2015-02 and Advisory
Bulletin 2015-07, Fraud Risk Management. DER confirmed to us that no ongoing monitoring
of the fraud reporting by one Enterprise, pursuant to AB 2015-02, was conducted during
2017. For the other Enterprise, DER examiners explained to us that the ongoing monitoring
work looked for discrepancies between the monthly and quarterly fraud reports required by
these ABs and the Enterprise’s monthly and quarterly reports submitted to FHFA. We
reviewed the examiners’ year-end memorandum and related workpapers and determined that
they do not record the ongoing monitoring work that refers to the Enterprise’s fraud reports to
FHFA. 10

     Use of Reports

Our fieldwork found that FHFA has conducted little or no analysis of the information
contained in the Enterprises’ monthly and quarterly required fraud reports. 11 DER has no

10
   After the targeted examinations concluded, DER has monitored changes to the Enterprises’ respective fraud
detection and reporting programs. In some instances, changes were prompted by findings issued by FHFA or
the Enterprises’ own internal audit work. Other changes may have been the result of additional resources or
compliance strategies. One recent change was a realignment of fraud detection and reporting responsibilities
within the Enterprise. Another subject of DER ongoing monitoring was a refinement of strategies and systems
to detect possible single-transaction fraud, as opposed to pattern frauds.
11
  We looked to HERA’s legislative history in an effort to ascertain Congress’ intent with respect to FHFA’s
use of these reports, but were unable to identify any relevant history. Lacking any relevant legislative history,
we apply the principle of statutory interpretation that statutory language not be construed as “mere surplusage.”
See Larry M. Eig, Cong. Research Serv., Congressional Research Service Statutory Interpretation: General


                                 OIG • EVL-2018-004 • September 24, 2018                                            10
procedures or practices for the review or analysis of these reports, nor has it assigned this
responsibility to any of its personnel. Examiners may review the reports in conjunction with
their assigned examination activities if they choose, but DER examination guidance does not
require them to do so.

DER examiners told us that information in required Enterprise fraud reports is not their
primary source of information on fraud risk for supervisory purposes. Although they
explained that they periodically review these reports, which provide a snapshot in time, they
rely primarily on the Enterprises’ internal risk management reports, which include trend
information.

From our interviews with various FHFA officials, we determined that FHFA has not required
routine review or analysis of the Enterprises’ required fraud reports. While various FHFA
non-examination personnel have discrete responsibilities related to these required fraud
reports, which are not detailed in any FHFA policy or guidance, those responsibilities do not
include any analysis of the information included in the reports. According to a staff attorney
in FHFA’s Office of General Counsel, the OGC serves as the Agency point of contact with
FinCEN and one of its undocumented responsibilities includes assisting DER, as needed.
According to an ORP manager, ORP reviews the required reports from a policy perspective
and assesses whether there is a need to update the Advisory Bulletin. Personnel in the OESO
advised us that OESO has no responsibility for reviewing the required fraud reports, but
instead manages permissions and grants users access to the folders containing the Enterprise
fraud reports.

    Development of Analytics

FHFA has not created any database of information from the Enterprises’ fraud reports. A
DER official stated that creating such a database had been discussed, but this was only a
concept, and no project plan had been developed. According to DER, there are no immediate
plans to create a database of the reported information.

Prior to our evaluation, FHFA did not prepare trend reports or other analyses of the
information it had received from the Enterprises. As of August 2018, FHFA informed us that
ORP had begun to analyze trends of the information contained in the Enterprise fraud reports.
ORP also considered using the data for risk analysis, but has yet to develop any analytical


Principles and Recent Trends, at 14-15 (2014). Under this principle, we consider it reasonable to conclude that
at least one purpose behind the statutory requirement is for FHFA to use the reports as a means of informing its
supervisory activities with respect to the risk that fraud poses to the Enterprises.
Simply put, Congress must have intended FHFA to review the reports and act on them in a manner consistent
with the FHFA Director’s statutory duty to ensure that the Enterprises operate in a safe and sound manner. See
12 U.S.C. § 4513(a)(1)(B)(i).



                                 OIG • EVL-2018-004 • September 24, 2018                                           11
product. In addition, DER reported to OIG that it has no plans in 2018 to update the fraud
reporting templates.

This failure to develop analytics is a departure from the Agency’s thinking at the time it
issued AB 2015-02. During the development of AB 2015-02, FHFA contemplated using the
Enterprises’ reports to develop fraud-related analytics. A March 2015 DER memorandum
stated that one purpose of AB 2015-02 reporting was to support FHFA’s fraud risk oversight
program. FHFA staff explained in an internal presentation that the potential uses for the data
from the Enterprises’ monthly and quarterly AB reports could include: “Dashboard Metrics;
Comparisons/monitoring external sources for emerging risks; Loan level patterns/fraud
indicators; and [SAR] database comparisons . . .”


FINDING ...................................................................................

       FHFA does not make any documented, systematic use of the content of the
       Enterprises’ required monthly and quarterly fraud reports.

DER does not regularly use the reports in any supervisory activity, and several examiners
informed us that they do not rely on information in the reports. During two 2016 targeted
examinations, DER conducted baseline assessments of the Enterprises’ fraud programs,
including whether the Enterprises used the template to report information required by AB
2015-02, but did not validate the underlying data. Our review of DER ongoing monitoring
workpapers in recent years identified no review of the content of the required fraud reports.
Other offices that review the reports conduct cursory reviews, but do not analyze the
information contained in the reports. According to DER, ORP has begun recently to analyze
trends of the information contained in the reports. Contrary to its stated intentions at the time
it issued AB 2015-02, the Agency has not developed an analytics program or other means to
systematically use the reported fraud information to support its oversight of fraud risk.


CONCLUSIONS ..........................................................................

The ostensible purpose of the fraud reporting requirement in HERA is to alert the Agency to
incidents of fraud and potential fraud and permit the Agency to take appropriate supervisory
action to address the risk of financial, operational, legal, and reputational harm that fraud
poses to the Enterprises. We found, however, that the Agency makes limited to no use of
the reported data. There is no formal, defined process to ensure Agency personnel review
and analyze the reported data, and there is no database to facilitate trend analysis or permit
the development of fraud-related metrics that further FHFA’s supervisory function.

                            OIG • EVL-2018-004 • September 24, 2018                                 12
Consequently, the required fraud reports are of limited utility with respect to the risks posed
on the Enterprises.


RECOMMENDATION .................................................................

Because Congress required the Enterprises to prepare fraud reports and FHFA has directed
them to submit detailed monthly and quarterly reports to meet this statutory requirement,
we recommend that FHFA re-evaluate the fraud information it requires from the Enterprises,
and revise, as appropriate, its existing reporting requirements to enhance the utility of these
reports with the goal of using these reports to inform its supervisory activities with respect to
the risk that fraud poses to the Enterprises.


FHFA COMMENTS AND OIG RESPONSE .....................................

We provided FHFA an opportunity to respond to a draft report of this evaluation. FHFA
provided technical comments on the draft report, which we incorporated as appropriate. In its
management response, which is reprinted in its entirety in the Appendix, FHFA agreed with
OIG’s recommendation.




                             OIG • EVL-2018-004 • September 24, 2018                                13
OBJECTIVE, SCOPE, AND METHODOLOGY .................................

The objective of this report was to review the Enterprises’ programs for identifying and
reporting fraud and DER’s supervisory oversight of those programs. To achieve this
objective, we requested and reviewed the Enterprises’ written policies, procedures, reports,
correspondence, and data pertaining to the identification and reporting of fraud and
interviewed knowledgeable Enterprise employees. We also reviewed relevant DER
examination workpapers, and interviewed DER staff who coordinated the Enterprises’
submission of the monthly and quarterly reports, conducted the 2016 and 2017 examinations
of the Enterprises’ fraud programs, and reviewed AB 2015-02 from a policy perspective.
We familiarized ourselves with the relevant statutory and regulatory provisions, as well as
relevant FHFA guidance. Additional materials reviewed include prior OIG evaluation reports
and supporting materials, along with relevant portions of the Enterprises’ seller-servicer
guides.

The field work for this report was completed between April 2018 and July 2018.

This evaluation was conducted under the authority of the Inspector General Act and in
accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality
Standards for Inspection and Evaluation (January 2012). These standards require us to plan
and perform an evaluation based upon evidence sufficient to provide a reasonable basis to
support its findings and recommendations. We believe that the finding and recommendation
discussed in this report meet those standards.




                           OIG • EVL-2018-004 • September 24, 2018                             14
APPENDIX: FHFA MANAGEMENT RESPONSE .............................




                  OIG • EVL-2018-004 • September 24, 2018     15
ADDITIONAL INFORMATION AND COPIES .................................


For additional copies of this report:

   •   Call: 202-730-0880

   •   Fax: 202-318-0239

   •   Visit: www.fhfaoig.gov



To report potential fraud, waste, abuse, mismanagement, or any other kind of criminal or
noncriminal misconduct relative to FHFA’s programs or operations:

   •   Call: 1-800-793-7724

   •   Fax: 202-318-0358

   •   Visit: www.fhfaoig.gov/ReportFraud

   •   Write:

                FHFA Office of Inspector General
                Attn: Office of Investigations – Hotline
                400 Seventh Street SW
                Washington, DC 20219




                             OIG • EVL-2018-004 • September 24, 2018                       16