YOUR COMPLIANCE QUESTION
We are using your AI Policy Program. Upon receipt, we had it reviewed by our AI committee to determine whether it complies with Freddie's requirements for establishing a comprehensive AI governance framework for AI and Machine Learning.
I am pleased to report that your AI Policy Program received the committee's approval. It met our checklist based on Freddie's requirements.
As a Freddie Mac Seller/Servicer, we want to know what the effect would be on us if we had relationship partners that are not in compliance with the AI governance framework.
What restrictions will Freddie Mac impose on us if our relationship partners do not comply with their AI requirements as of March 3, 2026?
Signed,
An Anxious Compliance Manager
OUR COMPLIANCE SOLUTION
AI POLICY PROGRAM FOR MORTGAGE BANKING™
Our AI Policy Program aligns with Freddie Mac's AI governance requirements for the Freddie Mac Seller/Servicer (or "Lender"). Our well-constructed AI Policy Program is a proactive means designed to avoid and mitigate risks associated with Artificial Intelligence and Machine Learning. Responsible AI practices can help align AI system design, development, and use with applicable legal and regulatory guidelines.
Our AI Policy Program consists of the following policies:
1. Artificial Intelligence Governance Policy
2. Artificial Intelligence Use Policy
3. Artificial Intelligence Workplace Policy
4. Artificial Intelligence Credit Underwriting Policy
5. Artificial Intelligence Do & Do Not Policy
6. Artificial Intelligence Ethics Policy
7. Artificial Intelligence Vendor Management Policy
Discount offer available until March 3, 2026!
Contact us for the presentation and pricing.
OUR RESPONSE TO YOUR QUESTION
Thank you for using our AI Policy Program. Since its release on October 30, 2025, it has been in considerable demand.
Our AI Policy Program for Mortgage Banking™, which meets Freddie Mac's AI Governance Framework ("AI Framework"), is the first to provide a set of AI policies dedicated to mortgage banking.
We had been tracking the GSE formulation of AI requirements for several months.
On March 11, 2025, Freddie released a formal AI/ML governance framework in its Seller/Servicer Guide ("Guide"), introducing a comprehensive AI Framework for Sellers and Servicers that requires formal policies for the use of artificial intelligence ("AI") and machine learning ("ML"). This update mandated that any AI/ML used in the origination or servicing of Freddie Mac-eligible loans be governed by strict policies.
On December 3, 2025, Bulletin 2025-16 was issued, clarifying timelines and expectations and stating that AI is no longer optional. In effect, Freddie asserted that implementation is a mission-critical, governed enterprise function.
The compliance effective date is March 3, 2026.
After considerable review, research, and drafting, we issued our AI Policy Program on October 30, 2025, thirty-four days before Freddie issued Bulletin 2025-16 on December 3, 2025, and Bulletin 2025-17 issued on December 10, 2025.
On December 10, 2025, Freddie issued Bulletin 2025-17, which introduced revisions to AI Tools relating to servicing, information security, and Seller/Servicer insurance, with most changes effective on March 3, 2026.
In the context of the AI Framework, "AI Tools" are any artificial intelligence or machine learning tools used in the loan lifecycle.
BULLETINS
Bulletin 2025-16 solidifies the compliance effective date of March 3, 2026, requires Lenders to have a comprehensive governance framework for AI/ML Tools used in loan origination or servicing, and, effective January 1, 2026, Lenders must ensure executive oversight, document AI use cases, ensure fairness, mitigate bias, and manage vendor risk.
Bulletin 2025-17 set forth servicing updates, effective January 1, 2026, involving servicing AI Tools, information security, and insurance, and revised the Guide's licensing mandates, updated Repayment Plans and Forbearance Agreements, and added new requirements for Seller/Servicer insurance.
The AI Framework applies to any AI/ML used in the origination of loans sold to, or serviced on behalf of, Freddie Mac. Compliance with the new AI governance framework is required by March 3, 2026. These changes signify a shift towards mandatory, auditable AI governance for Freddie Mac partners.
EFFECTIVE DATES AND KEY DEADLINES
Here is a timeline of the AI Framework:
- March 11, 2025: Initial release of the formal AI/ML Governance Framework
- December 3, 2025: Bulletin 2025-16 requires Lenders to have a comprehensive governance framework for AI/ML Tools used in loan origination or servicing, among other things.
- December 10, 2025: Bulletin 2025-17 addresses AI Tools, information security, and insurance, and revises the Guide's licensing mandates, among other things.
- January 1, 2026: Deadline for senior management approval of AI/ML policies.
- March 3, 2026: Deadline for the effective compliance date to implement the AI governance program.
In substance and effect, the AI Framework requires Lenders to establish enterprise-wide controls to manage AI risks, thereby shifting responsibility for AI-driven decisions entirely onto the Freddie-approved Seller/Servicer.
NON-COMPLIANCE CONSEQUENCES
I will provide a helpful outline of certain AI Framework requirements in a future article.
In this article, I want to answer your question about what would happen if a Freddie Mac Seller/Servicer does not comply with their AI requirement by March 3, 2026.
Let me make this clear: failure to comply will likely result in adverse audit findings, increased liability, and the potential suspension of any AI/ML use, among other things. Because AI governance requirements are now part of the Seller/Servicer Guide, a failure here is treated with the same severity as an underwriting or fraud-prevention failure.
A Freddie Mac Seller/Servicer that does not comply faces significant financial, operational, and legal risks, including the potential for Freddie Mac to refuse to purchase loans or to require the repurchase of loans processed with non-compliant AI Tools. The AI Framework specifically emphasizes that "Shadow-IT" – that is, unofficial, undocumented AI Tools – is not acceptable, making it critical for Lenders to audit their technology stacks immediately.
The requirements mandate that all AI/ML usage in loan origination or servicing – including vendor AI Tools for document processing, fraud detection, and valuation – must be governed by documented and ratified policies.
Consequences for non-compliance include the following:
Financial and Repurchase Risk: Loans may be deemed ineligible for sale to Freddie Mac. If a loan is reviewed and found to involve improperly governed AI Tools, the Lender may be required to repurchase it. If a loan has already been sold, Freddie Mac can require the Lender to repurchase it if an audit reveals that documentation for the AI Tools used is missing, inconsistent, or incomplete.
Operational Disruption: Lenders without a centralized, documented AI Framework may face challenges during audits, forcing them to scramble to reconstruct vendor approvals and AI usage logs.
Indemnification Liability: Lenders are required to indemnify Freddie Mac against all liabilities, losses, and damages – including attorney fees – related to the Lender's use of AI/ML. Starting March 3, 2026, Lenders assume full responsibility for AI-driven decisions. Lenders are contractually obligated to indemnify and hold Freddie Mac harmless against all liabilities, losses, damages, expenses, and legal fees arising from their use of AI/ML, whether the AI Tools worked as intended or not.
Mandatory Disclosure Violations: Failure to disclose the types of AI/ML used, their purpose, and the risk-mitigation safeguards may result in penalties.
Senior Management Liability: The AI Framework requires approval from senior management (such as the Chief Information Officer, Chief Technology Officer, or Chief Risk Officer, or equivalent). Failure to have this approval or to review the AI Framework annually leaves leadership exposed.
Compensatory Fees: Servicers may be billed monthly for failing to meet specific AI Framework and Guide requirements, including any updates thereto.
Audit Findings and Increased Oversight: Failure to demonstrate an "auditable AI governance program" increases the risk of negative audit findings. Generally, such findings lead to mandated third-party audits for 12 to 24 months.
Suspension or Termination: Severe or repeated non-compliance with technology and risk standards can result in enforcement actions, cease-and-desist orders, or the suspension of the Lender's license to sell or service Freddie Mac mortgages.
Data Integrity and Security Breaches: Lenders must now include AI-specific threats (like "data poisoning" or "prompt injection") in their annual training. Failure to secure AI systems in accordance with the AI Framework against these threats can lead to data breaches, potentially causing state-level fines per violation.
REMEDIES TO NON-COMPLIANCE OF THE AI FRAMEWORK
To avoid the foregoing penalties, the Freddie Mac Seller/Servicer must demonstrate:
Senior Management Accountability: Policies must be approved by the Chief Information Officer, Chief Technology Officer, or Chief Risk Officer (or equivalent).
Audit Trail: Lenders must maintain evidence of how AI risks are mapped, measured, and managed across the entire loan lifecycle.
Transparency: The use of "black box" systems is prohibited; therefore, Lenders must understand and document how AI decisions are actually made.
Comprehensive Inventory: Create a complete map of all AI/ML Tools used in origination or servicing, and keep it up to date at all times.
Annual Reviews: A designated "owner" must conduct at least one review per year to ensure policies reflect current law and best practices.
Training Records: Proof that staff are trained on AI risks, including "deepfakes" and "prompt injection."
Vendor Oversight: Documented risk assessments of all third-party technology partners using AI.
THE THIRD-PARTY VENDOR TRAP
The Freddie Mac Seller/Servicer cannot outsource liability. If the Lender's software vendor (for instance, a POS or LOS provider) uses a non-compliant AI model, the Lender is the responsible party. Freddie Mac explicitly places the burden of risk oversight for technology partners on the Lender.
The "third-party vendor trap" in the parlance of Freddie Mac's AI Framework refers to the high-risk scenario in which Lenders outsource AI/ML functions to external vendors without properly vetting them for mortgage-specific and AI Framework compliance, thereby assuming full liability for the vendor's regulatory violations or operational failures.
Effective March 3, 2026, Freddie Mac requires Lenders to assume full responsibility for AI-driven decisions, meaning that if a vendor's AI results in a compliance breach, the Lender, not the vendor, is accountable to Freddie Mac.
AVOIDING THE THIRD-PARTY VENDOR TRAP
The AI Framework mandates that Lenders manage the Third-Party Vendor Trap, as follows:
Conduct Due Diligence: Thoroughly vet the vendor's data-handling practices, model performance, and AI-related security (for instance, determine how "data poisoning" or "model inversion" is handled).
Establish Oversight: Require that vendor AI Tools be approved, monitored, and regularly evaluated, just as they would for internal staff.
Require Transparency: Ensure the vendor provides adequate information on how their AI works so the Lender can meet reporting requirements.
Integrate Risk Management: Align vendor AI Tools with internal, senior management oversight, specifically involving the Chief Information Officer, Chief Technology Officer, or Chief Risk Officer (or equivalent).
Please contact us for information about our AI Policy Program for Mortgage Banking™. We would be glad to discuss it at your convenience.
This article, Freddie Mac Deadline: March 3, 2026 – AI Governance Framework, published on February 4, 2026, is authored by Jonathan Foxx, PhD, MBA, the Chairman & Managing Director of Lenders Compliance Group, the first and only full-service, mortgage risk management firm in the United States, specializing exclusively in residential mortgage compliance.
