What to Expect from a CORE Review
A consultative review to evaluate a counterparty’s mortgage operations.
The Freddie Mac Counterparty Operational Risk Evaluation (CORE) is an informal, consultative review that Freddie Mac conducts with pre-selected counterparties. During the planning stage, we identify specific areas to include in the scope of the review and then work with you to evaluate those associated mortgage operations, help ensure your processes meet our requirements and help identify related risks that could potentially become liabilities. We review specific controls and processes to help ensure they fit into Freddie Mac’s overall risk and control framework as outlined in the Single-Family Seller/Servicer Guide (Guide).
How does CORE help you?
- Identifies and reduces risk.
- Provides valuable insight into particular areas within your mortgage operations relative to Freddie Mac requirements.
- Shares best practices to address identified weaknesses.
- Helps strengthen specific controls and processes.
- Provides opportunities to share your feedback with us.
A CORE review includes three phases:
1. Pre-Review
A Freddie Mac CORE liaison will contact you approximately 3 to 4 months in advance of the on-site visit to discuss what you can expect from the process. In advance we’ll send you a brief Seller/Servicer questionnaire that helps us understand your loan sourcing and servicing methods. During the Pre-Review phase, we’ll work with you to:
- Communicate the scope and depth of the review.
- Schedule the dates and related logistics for our visit.
- Identify information and documentation we’ll review in advance of the on-site visit.
- Designate the representatives of the various business areas within your organization who we’ll work with.
- Conduct a series of conference calls with select functional areas of your business prior to our arrival. These calls will help us understand your procedures and controls and allow us to be more efficient while on site. The review could focus on the following areas of your mortgage operations:
- Governance: Organizational structure, internal audit, business continuity, information security, Freddie Mac system access, change management
- Loan Production: Wholesale origination, approval, monitoring
- Underwriting: Appraiser management, appraisal review, fraud controls
- Quality Control: Pre-funding and post-closing reviews
- Servicing: Escrow administration, tax and hazard insurance processing, escrow analysis, mortgage insurance
- Servicing Quality Control: Types of audits performed and reported
- Default Management: Collection, loss mitigation, foreclosure, bankruptcy processes
- Fraud Management: Identifying and reporting suspicious activity, use of exclusionary lists, fraud training
- Secondary Marketing: Loan sale and delivery to Freddie Mac, warehouse lines of credit
- Investor Reporting: Payment/payoff processing, reporting/remitting, custodial account reconciliation
- Responsible Lending: High cost/priced loans, TRID compliance
- Flood: Zone changes, authorized insurance monitoring
- MERS: Authorized signers, assignments
2. On-Site Review
Using the information obtained during Pre-Review, we’ll perform an on-site review that lasts about 3 to 5 days. The review activities may include:
- System demonstrations/walk-throughs to observe your staff as they perform certain functions or tasks – helps us understand your processes and system support, identifying sources of risk, control points and possible gaps.
- Documentation reviews, which could include policies and procedures, internal audit reports, management reports and other documentation – determines if the design and operation of specific internal controls are compliant with Freddie Mac requirements.
- Detailed testing of supporting documentation – validates and substantiates your controls, evaluates documentation effectiveness and ensures compliance with specific Guide requirements.
- Daily updates summarizing the day’s observations so you’ll have the opportunity to immediately clarify or address any items we identify.
3. Post-Review
Approximately 40 to 45 days after the On-Site Review, you’ll receive our exception letter, which formally documents the results of those areas reviewed. In Post-Review, we’ll:
- Identify control weaknesses and compliance-related issues.
- Conduct an exit meeting where you’ll receive feedback on our observations or areas that require additional controls.
- Provide a written report of the exceptions noted during our review.
- Request an action plan for remediation of any weaknesses identified. We can assist you in developing the action plan.
Common Core Findings
| Number | Common Core Findings | Related Guide Sections |
|---|---|---|
| 1 | Organizational changes reported to Freddie Mac via Form 1107SF | Guide 2101.12 |
| 2 | Business Continuity/Information Security requirements | Guide 1302.2, 1302.3 |
| 3 | Office of Foreign Assets Control (OFAC)/Anti-Money Laundering (AML) reporting requirements | Guide Section 1301.2 |
| 4 | Fraud policies and procedures, including reporting and use of the exclusionary lists | Guide Sections 3101, 3201 |
| 5 | Servicing Quality Control program | Guide Section 3403 |
| 6 | MERS processes and requirements | Guide Sections 2203, 6301, 8101, 8303, 9301 |
| 7 | Freddie Mac systems access/removal | Guide Section 1302 |
| 8 | Pre-funding and post-closing Quality Control | Guide Section 3402 |
| 9 | Default Management | Guide Sections 9100-9500 |
| 10 | Custodial bank account reconciliation | Guide Section 8304 |
Tips on Getting Ready
Before our visit, there are a few things you can do to prepare:
- Complete and return the Seller/Servicer questionnaire that we’ll send to you in advance.
- Designate one member of your organization as our point of contact.
- Identify your department representatives for phone and on-site interviews.
- Gather requested documents/information to be sent prior to the on-site review or when your Freddie Mac CORE liaison arrives on site.
- Notify us of any issues that may prevent you from providing requested documents/information.
- Be prepared to discuss any organizational or financial changes, business strategies and your approach to assessing, monitoring and managing risk.
- Keep all Freddie Mac agreements up to date.