What Fannie Mae’s New AI Guidelines Mean for Your Servicing Operation

Fannie Mae’s Lender Letter LL 2026 04 sets a clear expectation for how sellers and servicers govern the use of artificial intelligence and machine learning in origination and servicing. The letter is effective 120 days from publication and applies when these tools are used in connection with loans sold to or guaranteed by Fannie Mae, or when servicing loans on Fannie Mae’s behalf.

For servicing leaders, this is not a call to slow down innovation. It is a call to run these tools with the same discipline you would apply to any high impact operational process that affects borrower outcomes, investor requirements, and regulatory compliance. If a tool influences decisions, sequencing of communications, document handling, or prioritization, you should be able to explain what it does, who owns it, what controls exist, and how you monitor results.

The guidance is about control and accountability

Fannie Mae acknowledges that these tools can improve efficiency, strengthen risk management, and support better customer experiences. It also states that as models become more complex and embedded in critical processes, servicers must ensure they are deployed safely, legally, ethically, and aligned to Fannie Mae expectations.

That is the key shift for servicing. It is no longer enough to say, “We bought a tool” or “Our vendor handles that.” The servicer remains accountable for outcomes, controls, and documentation.

What Fannie Mae is requiring in plain terms

Fannie Mae outlines three core expectations.

First, you must have policies and procedures for development, implementation, use, and maintenance, plus how you measure and manage risk. Those policies must be transparent and communicated to the right personnel, reflect legal and regulatory requirements, align to risk tolerance, incorporate characteristics of trustworthy and ethical use, and have owners who maintain and review them at least annually.

Second, you must comply with the Information Security and Business Resiliency Supplement.

Third, you must manage subcontractor and vendor use in a way that is no less protective than the requirements in the letter.

There is also an important operational point that many teams overlook. Upon request, the seller or servicer must promptly disclose what tools are used, the purpose and manner of use, and the safeguards implemented, plus any other information Fannie Mae may require.

What this changes in servicing day to day

Most servicers already have some level of model risk management, vendor management, and information security governance. The challenge is that these tools are often deployed inside business operations faster than governance catches up. The lender letter is a reminder that governance must travel with the use case, not trail behind it.

Here are the areas in servicing most likely to be impacted.

1. Decision support and routing in default and loss mitigation

If a tool helps determine the next best action, routes loans for review, prioritizes a queue, or recommends a loss mitigation path, you need controls around consistency, fairness, and explainability. You also need a clear process for handling exceptions, overrides, and complaints. In default, small mistakes do not stay small, because they show up as missed timelines, incorrect notices, and downstream legal risk.

2. Borrower communications and contact strategy

Many tools now influence how and when borrowers are contacted, what content is delivered, and how communications are personalized. That can help engagement when done correctly. It can also create risk if the logic cannot be explained, if templates drift, or if borrowers receive conflicting information across channels. Governance here should include content controls, change management, and monitoring that ties communications to outcomes.

3. Document intake, indexing, and review support

Tools that read, classify, and extract information from documents can be powerful in servicing, especially for loss mitigation packages, bankruptcy documents, and foreclosure referrals. The risk is relying on outputs that are not validated or are not consistently monitored. Your governance should address accuracy controls, exception workflows, and clear accountability for decisions that are based on extracted data.

4. Complaint management and escalation

If you use tools to classify complaints, suggest responses, or identify root causes, you need to ensure the logic does not create gaps in acknowledgment timelines, response quality, or escalation rules. A well governed approach can make you faster and more consistent. A loosely governed approach can create patterns that regulators and investors will notice.

What servicers should do now

This does not need to turn into a long academic program. It needs to be operational and defensible.

1. Inventory every use case in servicing

   Document where artificial intelligence or machine learning is used, including inside vendor platforms. Tie each use case to the process it supports and what it impacts, such as borrower communications, default routing, document decisions, or quality control.

2. Assign ownership that sits in the business, supported by risk and technology

   If servicing uses it, servicing leadership must have clear accountability. Risk, compliance, information security, and technology should be partners, but ownership cannot be vague.

3. Build a single governance packet you can produce quickly

   Assume you may have to disclose types of tools used, purpose, and safeguards promptly. Have that package ready, current, and consistent.

4. Strengthen vendor governance with specific questions

   You should be able to answer what the vendor tool does, what data it uses, how it is monitored, how changes are controlled, and how errors are detected and corrected. The letter is explicit that vendor use must be governed at a level that is not less protective.

5. Treat monitoring as a servicing control, not a one time review

   Annual policy review is a minimum. Operational monitoring should be aligned to impact. High impact use cases should have routine performance reviews, exception reporting, and clear escalation paths when results drift.

How BlackWolf Advisory Group Can Help

BlackWolf helps servicers turn this guidance into a practical operating program that stands up to investor questions, audit scrutiny, and real world volume.

Governance design and documentation

We build servicing ready policies and procedures tailored to how your operation actually uses these tools. That includes ownership models, escalation paths, change control, monitoring routines, and disclosure packages that are easy to maintain and produce on request.

Use case assessment and control mapping

We inventory and assess your current uses across servicing, including third party platforms, and map controls to the specific risk points that matter in servicing. This includes default and loss mitigation workflow, borrower communications, document processing, complaint management, and quality control.

Vendor governance and third party due diligence

We strengthen vendor oversight by defining requirements and evidence standards, then helping you operationalize them through contracting support, performance monitoring, and structured governance routines. The goal is simple. You can explain how a vendor tool is used, controlled, and monitored in your environment.

Operational monitoring and quality control support

We help you set up dashboards and testing routines that focus on borrower impact, compliance timelines, exception rates, and downstream defects. Monitoring should be actionable for operations leaders, not a quarterly report that sits on a shelf.

Exam and investor readiness

If you expect questions from investors, internal audit, or regulators, we can help you prepare a clean narrative and evidence package that shows governance, controls, and monitoring are real and repeatable.

#mortgageservicing #AI #FannieMae #FNMA