AN UPDATE ON THE COMMON SECURITIZATION PLATFORM September 15, 2015 Division of Conservatorship An Update on the Common Securitization Platform EXECUTIVE SUMMARY The Federal Housing Finance Agency’s (FHFA) 2014 Strategic Plan for the Conservatorships of Fannie Mae and Freddie Mac includes the strategic goal of developing a new securitization infrastructure for Fannie Mae and Freddie Mac (the Enterprises) for mortgage loans backed by 14 unit (single-family) properties. To achieve that strategic goal, the Enterprises, under FHFA’s direction and guidance, are developing a Common Securitization Platform (CSP) that will support their single-family mortgage securitization activities, including the issuance by both Enterprises of a single mortgage-backed security (Single Security). The CSP will be a common information technology (IT) platform that will use industry-standard software, systems, and data requirements and will be adaptable for use by other market participants in the future. Investing in a single platform to support single-family securitization and the Single Security will benefit both Enterprises and taxpayers in the long run. The CSP is being developed by Common Securitization Solutions (CSS), a joint venture owned by Fannie Mae and Freddie Mac. CSS will act as each Enterprise’s agent to facilitate issuance of single-family mortgage securities, to release related at-issuance and ongoing disclosures, and to administer the securities post-issuance. In addition, CSS is creating the operational capabilities necessary to run the platform. The company is organized into three distinct business units and will evolve over time as the CSP is brought into production. From 2012 through mid-2015, the Enterprises had invested $146 million in CSS. The company currently relies on Enterprise resources in various areas including finance, accounting, and human resources, and all CSS associates are currently employees of either Fannie Mae or Freddie Mac. CSS plans to convert its associates to CSS employees and to stand up its own corporate functions, including a human resources and benefits platform and financial systems, in the first half of 2016. The Enterprises’ single-family guarantee business has several aspects, and the CSP focuses solely on the securitization aspect. The platform will be composed of five distinct modules that will support the initial issuance of Enterprise single-family mortgage securities, the release of related loan- and security-level disclosures, and the ongoing administration of the securities. The modules include (1) Data Acceptance, (2) Issuance Support, (3) Master Servicing Operations, (4) Bond Administration, and (5) Disclosure. The completion and use of the Master Servicing Operations module is being deferred until after Fannie Mae and Freddie Mac begin using the platform to issue Single Securities. 2 An Update on the Common Securitization Platform The CSP is being developed in accordance with a set of software design principles that will leverage industry data standards wherever possible. CSS is using a software development process in which cross-functional teams produce work on an incremental, iterative basis, mitigating the risk of missed deadlines or project failure. CSS and the Enterprises are also carefully testing the evolving software and related operational capabilities in distinct steps. CSS and the Enterprises are now preparing for two releases of the CSP software. Release 1 will allow Freddie Mac to begin to use the platform. Specifically, under Release 1 Freddie Mac will use the Data Acceptance, Issuance Support, and Bond Administration modules to perform activities related to its current single-class, fixed-rate securities—Participation Certificates (PCs) and Giant PCs—and certain activities related to the underlying mortgage loans (such as tracking unpaid principal balances). Release 2 will allow both Enterprises to use the Data Acceptance, Issuance Support, Disclosure, and Bond Administration modules to perform activities related their current fixed-rate securities, both single- and multi-class; to issue Single Securities, including commingled re-securitizations; and to perform activities related to the underlying loans. Release 2 will also allow Fannie Mae to use the CSP to issue and administer mortgage securities backed by adjustable-rate loans. Developing the CSP is a large-scale, multi-year project, and the platform’s requirements will continue to be refined and adjusted as FHFA and the Enterprises receive public and industry input and based on actual experience. FHFA’s progress reports on the conservatorships have provided updates on the initiative. In addition, representatives from FHFA, Fannie Mae, Freddie Mac, and CSS have provided regular updates to industry groups and stakeholders on the development of the CSP. A Single Security/CSP Industry Advisory Group of stakeholders— including representatives from lenders, servicers, securities dealers, investors, consumer groups, and trade associations—has been created by the Enterprises and CSS to provide feedback and share information related to the development of the platform. FHFA plans to announce in 2016 the date on which Freddie Mac will begin using the CSP (Release 1). In addition, as part of the 2016 Conservatorship Scorecards for the Enterprises and CSS, FHFA may provide information on the timing of the Enterprises’ use of the CSP to issue Single Securities (Release 2). FHFA also plans to continue discussions with stakeholders about the implementation of the CSP and about future plans for the evolution of the CSP. 3 An Update on the Common Securitization Platform BACKGROUND I. RATIONALE FOR A COMMON SECURITIZATION PLATFORM Like other financial companies, Fannie Mae and Freddie Mac each use an IT platform to support its business activities. An IT platform consists of integrated hardware, software applications, and telecommunications equipment that receive, process, store, and transmit data—information captured in electronic form. Each Enterprise devotes a sizable portion of its annual budget to maintaining and enhancing its IT platform and to training the personnel who operate that platform. An important function of each Enterprise’s IT platform is to support the Enterprise’s securitization activities. In 2012, FHFA determined that it would be more effective for the Enterprises to invest jointly in a single, common IT platform that could support the “back office” activities related to single-family securitization and that could be adapted for use by other market participants in the future. These activities involve storing, processing, and transmitting large volumes of data, so that investing in a single IT platform and accompanying operational capabilities to support these functions will benefit both companies and taxpayers in the long run. Investing in a CSP will also support various possible future paths under housing finance reform. II. REFINING THE SCOPE OF THE CSP In February 2012, FHFA released A Strategic Plan for the Enterprise Conservatorships: The Next Chapter in a Story that Needs an Ending (2012 Conservatorship Strategic Plan). The 2012 Conservatorship Strategic Plan included the goal of building a new infrastructure for the secondary mortgage market. The two key components of this proposed new infrastructure were the CSP and a model contractual and disclosure framework that aimed to address deficiencies in the legal and operational aspects of mortgage securitization revealed by the financial crisis. In October 2012, FHFA released a white paper that provided a more detailed proposal regarding the CSP and the model contractual and disclosure framework. The white paper also raised the possibility of the platform supporting Enterprise activities beyond single-family securitization, as some industry stakeholders had contemplated, and requested industry input on both the principles and scope of the proposed CSP. The input received helped the Enterprises and FHFA to refine the scope of the business activities the CSP will support. 4 An Update on the Common Securitization Platform In May 2014, FHFA released the 2014 Strategic Plan for the Conservatorships of Fannie Mae and Freddie Mac (2014 Conservatorship Strategic Plan). The 2014 Conservatorship Strategic Plan refined the scope of the CSP to focus on supporting the Enterprises’ current securitization activities. Other aspects of the Enterprises’ single-family guarantee business—such as setting underwriting standards, establishing loss mitigation and servicing standards, loan sourcing, and executing loan aggregation and loan delivery—will remain with each Enterprise. Further, the shift to using the CSP will not affect the Enterprises’ business relationships or data exchanges with seller/servicers. This refinement in scope has allowed FHFA and the Enterprises to appropriately manage the risk involved in the overall CSP initiative and increase its chances of success. The 2014 Conservatorship Strategic Plan also made clear that the CSP would support the issuance by both Enterprises of the Single Security and reaffirmed that the CSP would be developed so that it can be adapted for use by additional market participants in the future. A decision was also made not to go forward with the model contractual and disclosure framework because the deficiencies that the framework aimed to address pertain more to private-label mortgage securitization. III. TYPES OF ENTERPRISE MORTGAGE SECURITIES It is useful to distinguish three levels of Enterprise mortgage securities that finance single-family mortgage loans. The three levels of securities differ in terms of their collateral and how payments are made to investors. The term “re-securitization” refers to the process of creating second- or third-level securities. A f i r s t - l e v e l m o r t g a g e s e c u r i t y is collateralized by a single pool of mortgage loans. A first-level security is also a pass-through or single-class security, meaning there is only one class of investors, each of whom receives a proportionate share of all the principal and interest payments on the underlying collateral. Fannie Mae Mortgage-Backed Securities (MBS) and Freddie Mac Participation Certificates (PCs) are first-level securities. A s e c o n d - l e v e l m o r t g a g e s e c u r i t y is collateralized by a group of previously issued first- or second-level securities. A second-level security is also a pass-through or single-class security. Fannie Mae Megas are second-level securities typically backed by Fannie Mae MBS or 5 An Update on the Common Securitization Platform other Megas, whereas Freddie Mac Giant PCs are second-level securities typically backed by Freddie Mac PCs or other Giant PCs. 1 A t h i r d - l e v e l m o r t g a g e s e c u r i t y is a multi-class security that may be collateralized by a group of previously issued first-, second-, or third-level securities. In third-level securities, including Real Estate Mortgage Investment Conduit (REMIC) securities, the cash flows on the underlying collateral are divided to support multiple classes of securities. Each class of securities entitles investors to a separate portion of the underlying cash flows that is tailored to the risk and investment preferences of the investors. 2 Each Enterprise will use the CSP as its agent to facilitate issuance of first- and second-level Single Securities (that may subsequently become collateral for third-level securities), to make related at-issuance and ongoing disclosures, and to administer those securities post-issuance. Second-level Single Securities will be comparable to second-level mortgage securities issued by each Enterprise today. The notable differences will be that Single-Securities will have a 55-day payment delay and investors will be able to commingle first- and second-level Single Securities issued by one Enterprise or both as the collateral for a second- or third-level security issued by either Enterprise. 3 COMMON SECURITIZATION I. SOLUTIONS FORMATION AND GOVERNANCE In October 2013, Fannie Mae and Freddie Mac established CSS as an independent, jointly owned business entity—a Limited Liability Corporation (LLC). Office space for CSS was leased in Bethesda, Maryland, and work began to develop the company’s key legal documents and business infrastructure. In November 2014, Fannie Mae and Freddie Mac signed governance and operating agreements for CSS, each Enterprise appointed two members to the CSS Board of Managers, and a Chief 1 The collateral backing a Mega or Giant PC may include REMIC classes that are comparable to single-class securities in that payments on the classes collectively represent a proportional share of all principal and interest payments on the collateral backing the classes. 2 Each Enterprise also issues a few REMIC securities collateralized by whole mortgage loans. 3 For more information, see Federal Housing Finance Agency, An Update on the Structure of the Single Security (May 2015), http://www.fhfa.gov/AboutUs/Reports/ReportDocuments/Single%20Security%20Update%20final.pdf. 6 An Update on the Common Securitization Platform Executive Officer (CEO) was hired. FHFA participates as an observer and is authorized to resolve matters that the Board of Managers is unable to decide. The CEO is responsible for all CSS business, operational, and corporate functions. Three committees support the CEO and the Board of Managers. The members of each committee include representatives from CSS, Fannie Mae, and Freddie Mac, with a member of FHFA’s staff in the role of observer. The Platform Steering Committee monitors progress on and makes recommendations regarding the overall project. The Administrative Services Committee supports the process of moving certain administrative functions initially provided by the Enterprises to CSS, including human resources, finance, risk management, and legal, and establishing service agreements with external providers and/or the Enterprises. The Finance Committee monitors budgets and reviews each Enterprise’s allocated costs. II. ORGANIZATIONAL STRUCTURE In the initial phase of operations, CSS is building a large software application, the operational capacity to run a business that will use that software to meet the needs of the Enterprises, and a technical infrastructure that supports the application and the company’s business processes. When the “build” process is complete, CSS will operate as a stand-alone, production-focused, client-driven organization. The CEO of CSS has created an organizational structure that supports this initial phase and is capable of evolving as the platform is brought into production and the company matures. The structure includes three major business units and other smaller functions that support these units, CSS management, and the Board of Managers. T h e A p p l i c a t i o n D e v e l o p m e n t U n i t is building software functionality in increments in accordance with a master schedule. Versions of the software are being produced and tested. T h e S e c u r i t i z a t i o n O p e r a t i o n s U n i t is building the internal business processes CSS will need to run the CSP and support the securitization activities of Fannie Mae and Freddie Mac. With input from the Enterprises, CSS is creating workflow, policies, procedures, controls, and service level agreements. In addition, the company is undertaking work to ensure appropriate levels of redundancy, business continuity, and disaster recovery. T h e T e c h n i c a l O p e r a t i o n s U n i t maintains the technical infrastructure that supports work to develop and test the application and build securitization operations. The infrastructure 7 An Update on the Common Securitization Platform involves “cloud computing”—accessing third-party processing capability and data centers. The use of cloud computing enhances reliability, provides faster recovery time, and permits scaling up processing and data storage, all at a lower cost than investing directly in processers and data centers. CSS is developing capabilities to allow its employees to monitor the performance of the CSP and securitization operations through a central command center and customized dashboards. Scalable databases will be used to manage data flow, data retention, and reporting. All the IT operations of CSS are being created with a high level of attention to cybersecurity. CSS is also creating in-house capabilities in the areas of risk management, human resources, project/change management, and budgeting. The company has created an internal governance structure that supports the creation of detailed project plans and schedules for the completion of key components of the initiative as well as cost estimates for all the stages of software and operational development. III. USE OF ENTERPRISE RESOURCES From 2012 through mid-2015, the Enterprises invested $146 million in CSS. 4 This investment financed the creation of detailed functional requirements for the CSP, the architectural design of the application, development and testing of the platform software, and the creation of an independent IT environment to support software development and testing. The amount does not include spending by the Enterprises to adapt their existing IT platforms and operations to integrate with the CSP. As CSS endeavors to build the platform software and related operational capabilities and technical infrastructure, it has been most efficient for the company to draw on the existing resources of the Enterprises in the areas of finance and accounting, legal, compliance, and human resources. As a result, all CSS associates are currently either employees of Fannie Mae or Freddie Mac, but they are fully dedicated to CSS activities and take direction from CSS officers. CSS senior executives, including the CEO, are dual officers of CSS and either Fannie Mae or Freddie Mac. As of August 2015, CSS was staffed with 140 associates and 275 contractors. CSS plans to convert CSS associates to CSS employees in the first half of 2016. The conversion will help CSS to transition and to develop into a self-sustaining entity as the work on the CSP continues. CSS will continue to purchase certain services from Fannie Mae and Freddie Mac, as 4 Fannie Mae and Freddie Mac have published specific amounts in their annual reports on Form 10-K and quarterly reports on Form 10-Q filed with the Securities and Exchange Commission. 8 An Update on the Common Securitization Platform appropriate, to achieve the company’s business objectives and will also consider obtaining those services from other sources when cost-effective. CSS will also launch a standalone website in 2016. IV. DEVELOPMENT OF A CORPORATE CULTURE To foster the development of the CSS’s corporate culture, the CEO has developed operating principles and strategic themes for CSS. There are two operating principles: • CSS is in partnership with Fannie Mae and Freddie Mac to define a single or common approach to mortgage securitization, improve market liquidity, and reduce long-term operating costs; and • The CSP that CSS is building could be adapted for use by other parties in the future. These principles reflect the importance of the CSP being able to support the issuance of Single Securities by Fannie Mae and Freddie Mac. Today, neither Enterprise can issue second- or thirdlevel mortgage securities backed by commingled first-, second-, or third-level securities issued by both Enterprises. That capability is critical to achieving the Single Security initiative’s objective of enhancing the liquidity of the secondary mortgage market. Complementing those operating principles are five strategic themes that articulate the overall corporate objectives of CSS: • Build a low-cost and industry-leading platform to support mortgage security issuance and administration; • Design an IT environment—the policies, procedures, and controls governing the operation of the CSP—that will ensure best-in-class cybersecurity, business continuity, and disaster recovery; • Provide premier customer service and meet all agreed-upon service level agreements; • Strive to improve CSS’s internal costs, efficiency, and controls to drive regular client enhancements; and 9 An Update on the Common Securitization Platform • Create compensation programs that will reward, retain, and motivate CSS associates. THE STRUCTURE AND DEVELOPMENT SECURITIZATION PLATFORM I. OF THE COMMON FUNCTIONS AND MODULES CSS will act as each Enterprise’s agent for the issuance of single-family mortgage securities, the release of related loan- and security-level disclosures, and the ongoing administration of mortgage securities. Consistent with this scope, the Enterprises and CSS have determined that the CSP will have five distinct modules: (1) Data Acceptance, (2) Issuance Support, (3) Master Servicing Operations, (4) Bond Administration, and (5) Disclosure. Other components of the platform will include an integration layer that manages messaging between the modules as well as a data repository where information about loans and securities will be centrally stored. Specific types of data flows between the CSP and external parties—for example, securitization requests—will occur through specific interfaces. The figure below depicts the platform’s components, the services the CSP will provide, and the parties that will send data to and receive data from the platform. M o d u l e 1 : D a t a A c c e p t a n c e . Upon receipt of a securitization request, the Data Acceptance module will endeavor to validate the request. The validation process will involve confirming the identity of the requesting Enterprise, the type of collateral, the coupon on the security, the security’s CUSIP number, the servicer (for a first-level security), and the wiring 10 An Update on the Common Securitization Platform instructions related to the issuance of the security and any transfer of funds. 5 Validation will also involve checking the internal consistency of the data related to the collateral and calculating any data values (for example, the weighted-average coupon and maturity of the collateral) that are required for the at-issuance disclosures. The Data Acceptance module will send a message to the requesting Enterprise acknowledging a request and indicating that it was validated or, if not, pointing out any errors. If there are errors, the requesting Enterprise will have the opportunity to make changes to the request or the accompanying data so the request can be validated. The activities of the Data Acceptance module will be the foundation for the activities of the other modules. M o d u l e 2 : I s s u a n c e S u p p o r t . Once validation is complete, the Issuance Support module will send data on the security to the Federal Reserve Bank of New York (NY Fed) or, for some securities, the Depository Trust & Clearing Corporation (DTCC). 6 These data will include the identity of the issuer, the type of collateral, and the security’s CUSIP number. The NY Fed or DTCC will register the security in its system and “broadcast” summary information about the security to market participants, typically two days before the security will be issued. On or prior to the issuance date, the Issuance Support module will send to the NY Fed or DTCC wiring instructions related to the transfer of the security to its initial owner and any remittance of cash proceeds. The module will also receive information from the NY Fed or DTCC confirming that issuance and payment have occurred and will send that information back to the issuing Enterprise. M o d u l e 3 : M a s t e r S e r v i c i n g O p e r a t i o n s . The CSP includes a Master Servicing Operations module, but the completion of the module and decisions on its use have been deferred until after the Enterprises begin issuing Single Securities. The Enterprises will continue to validate all loan-level data submitted by servicers, communicating with servicers as necessary to resolve issues, and sending validated loan-level data to CSS for the use of the Bond Administration module. Deferring the implementation of the Master Servicing Operations module reduces the scope of the CSP initiative in the near term so that CSS and the Enterprises 5 A CUSIP is a nine-character alphanumeric code that identifies a financial security for the purposes of facilitating clearing and settlement of trades. The acronym CUSIP derives from the Committee on Uniform Security Identification Procedures, a committee of the American Bankers Association. 6 The Federal Reserve System operates funds and securities transfer systems, collectively referred to as Fedwire, that enable depository institutions and federal agencies to electronically transfer funds and federal agencies and government-sponsored enterprises to issue securities. The Enterprises issue their debt securities and nearly all of their mortgage securities and make and receive related payments through Fedwire. The Enterprises use DTCC to issue some mortgage securities and execute related payments. 11 An Update on the Common Securitization Platform can focus on preparing for the issuance of Single Securities, thereby reducing the risk associated with, and likely the time necessary for, that preparation. At a later date, the Enterprises and FHFA will assess the potential benefits of using the Master Servicing Operations module and determine if and when the module will be used. M o d u l e 4 : B o n d A d m i n i s t r a t i o n . The Bond Administration module will calculate pool factors for first-level securities and bond factors for second- and third-level securities and release the factors to the market. 7 The module will use the pool and bond factors to calculate principal and interest factors for all securities and to determine funds payable to security holders, and will wire payment instructions to the NY Fed or DTCC. For third-level securities, the module will use industry-standard software to track and forecast multi-class payments. Each quarter and each year the module will also perform appropriate tax reporting to investors and will prepare and send to the Internal Revenue Service information on the income earned by investors from residual (equity) interests in REMIC securities. M o d u l e 5 : D i s c l o s u r e . Current Enterprise practice with respect to at-issuance mortgage security disclosures is to release a data file and publish a prospectus supplement prior to issuance of a security. These disclosures provide detailed information about the security and the underlying collateral that market participants require for analyzing and trading the security. Throughout the life of a security, the issuing Enterprise also releases monthly data files that provide detailed information about the performance of the collateral and the security. The Disclosure Module of the CSP will produce loan- and security-level disclosures, as applicable, before the issuance of a security and monthly throughout the life of the security. Data files that contain at-issuance and ongoing disclosures will be released for use by data vendors. 7 The pool factor for a first-level mortgage security is a fraction that is equal to the remaining security-level principal balance at the end of the previous reporting period divided by the original security-level principal balance. The remaining principal balance reflects the cumulative distribution of principal payments from the mortgage loans underlying the security that the Enterprise has made to holders of the security through the previous month. A factor of one means the security is newly issued and no principal has yet been distributed to the holders of the security, whereas a factor of 0.50 means the security has paid off 50 percent of the original balance, and a factor of zero means the Enterprise has distributed 100 percent of the original balance. The bond factor for a second- or third-level security is comparable to the pool factor for a first-level security except that the remaining security-level principal balance used to calculate a bond factor reflects the cumulative distribution of the underlying securities, not the underlying mortgage loans. Release of pool and bond factors to the market enables investors to calculate the principal and interest payments they expect to receive on mortgage securities they own. 12 An Update on the Common Securitization Platform II. SOFTWARE DESIGN PRINCIPLES CSS and the Enterprises have agreed on a set of software design principles to guide the development of the CSP. These principles will allow an issuer to process, manage, and access data on the status of its securitization activities in real time and provide immediate reporting capabilities for CSS. The principles will also make it easier for CSS to adapt in response to changes in technology, industry standards, regulatory requirements, and customer needs. O p e n A r c h i t e c t u r e . A key objective of CSS is for the Enterprises and potential future users of the CSP to be able to easily integrate their IT platforms and exchange data with the CSP. To this end, the CSP’s external interfaces leverage the Mortgage Industry Standards Maintenance Organization (MISMO) reference model and other industry data standards. The use of industry data standards will help ensure consistency in the data used across the CSP’s modules and maximize the value of the significant investment the Enterprises are making in the CSP and CSS. F u n c t i o n a l M o d u l a r i t y . Each module of the CSP will contain everything necessary to execute a distinct aspect of the overall functionality of the platform. Data flows among the CSP’s modules and other components use a standard data format for internal processing. The platform’s modular structure and the use of standardized data will ensure that the modules can be modified, configured, or replaced, or that new functionality can be added to a module, with reduced impact on any of the other modules or on the CSP as a whole. Modularity is fundamental to dealing with the complexity of the platform in that it improves the ability to make necessary changes in a confined manner and should minimize maintenance costs by reducing the likelihood of change-related failures. S c a l a b i l i t y . The CSP will incorporate approaches to making software applications scalable—capable of performing well at steadily increasing volumes—that have worked in multiple industries, including financial services. External consultants have reviewed these approaches and concluded that, based on their experience, the platform will be scalable. Scalability will ensure that the CSP can accommodate growth in securitization volumes and data flows while maintaining a high level of performance. D a t a T r a n s p a r e n c y . The design of the CSP and the reliance on industry data standards will allow changes in the data on individual loans and securities to be traced throughout the securitization lifecycle. Data elements for each loan and security that do not change will be stored and accessed centrally. Data generated by one of the platform’s modules will be 13 An Update on the Common Securitization Platform accessible through the module’s operational data store. The consistency, accuracy, and ease of accessing data will drive timely response to information requests and improved service delivery. E v e n t A u t o m a t i o n a n d S t r a i g h t - T h r o u g h P r o c e s s i n g . The CSP has an Event- Driven Service Oriented Architecture, a type of software design in which carefully defined events trigger further data processing by a separate part of the software that can be called upon whenever it is needed. An event occurs when the platform receives a message from an external party—for example, an issuer reports the position of a loan or the NY Fed reports the transfer of a security to its initial owner—or when one of the modules receives a message from another module—for example, the Data Acceptance module reports to the Issuance Support module that a securitization request has been accepted. When an event occurs, it automatically leads to subsequent activities that are supplied as services that the software calls on via defined messages. This design facilitates the automation of activities undertaken in response to exceptions—events, such as non-validation of loan-level data submitted with a securitization request, that signal the need for further processing by a module. This design will drive efficient operations and performance by enabling straight-through processing—the transfer of data among applications without manual intervention—and by allowing for capture of operational and market metrics centrally and at a granular level. The benefits of straight-through processing include shortened processing cycles, reduced security settlement risks, lower operating costs through higher transaction volumes, and better access to real-time data through reduction in the time inherent in manual intervention to handle exceptions. III. SOFTWARE DEVELOPMENT CSS is developing the CSP software utilizing Agile application development practices. Agile is an umbrella term for multiple methodologies in which cross-functional teams produce work on an iterative basis where requirements and software solutions evolve. In a traditional software development process, applications are built in a single process of five segments that are completed sequentially: 1) planning and analysis of business requirements, 2) application design, 3) code creation, 4) software testing, and 5) bringing the finished application into production. Separate teams, which may work in different locations, complete each segment and may not be in regular communication with each other. The traditional approach poses substantial risk of project delays, failure to satisfy business requirements, or outright project failure. Sources of risk include the possibility that requirements may change significantly before the software is deployed, lack of communication among the teams may lead to coding errors, 14 An Update on the Common Securitization Platform testing may reveal the need for substantial revisions in the code, and time pressure may lead to inadequate testing. A g i l e D e v e l o p m e n t P r o c e s s . While the Agile software development approach used at CSS encompasses the same five segments as the traditional software development process, there are significant differences in how the work is accomplished and how teams are organized. The Agile approach involves creating not one but a sequence of versions of the application, each with more sophisticated capabilities than the previous ones. Each version is developed in a series of three-week sprints. During each sprint, there are individual teams working on each of the CSP’s modules and another team working on the platform’s interfaces. Each team includes business analysts, software designers, programmers, and personnel who perform testing. Each team’s members work together in close physical proximity. In the Agile approach, cross-functional collaboration and transparency maximize each team member’s knowledge of what the whole team is working to accomplish during each sprint, which accelerates the development process and enhances the quality of the work. As new units of code are completed during a sprint, they are integrated into the existing software, the functionality of which is tested to ensure deployment of accurate code on an incremental basis. Business requirements and code functionality incorporate greater levels of detail over time and may evolve to a degree from sprint to sprint as the team learns and adapts. The teams working on the CSP are consciously addressing the risks associated with Agile methodologies. For example, on an ongoing basis each team is updating appropriate documentation of the business requirements related to the functionality it is developing. S o f t w a r e T e s t i n g . There are distinct steps in the testing of the evolving application. Within a sprint, these steps include testing each new unit of code, validating that the new functionality meets business requirements, and integrated testing of the software incorporating all functionality developed during the sprint. After CSS has tested a new version of the software, the company releases the new version to enable testing by Fannie Mae and Freddie Mac. Initial testing involves the Enterprises transmitting manually-created data through the CSP’s external standard interfaces and receiving data in return from the platform. System-to-system testing involves automated data exchanges between modified or newly-developed Enterprise applications and the CSP. End-to-end and user testing include testing of complete business scenarios that involve all the systems of each Enterprise, the CSP, and the related business processes of the Enterprises and CSS. 15 An Update on the Common Securitization Platform Tri-party testing involves assessing the ability of CSS and each Enterprise to perform simultaneously the business processes necessary for the Enterprises to use the CSP and to support the Single Security. Following the completion of tri-party testing, the final stage is parallel processing in which care is taken to ensure that the platform produces the same results as each Enterprise’s existing production systems. MULTI-YEAR STRATEGY CSS is currently focused on developing and bringing into production the software and operational capabilities it will need to support the Enterprises’ single-family securitization activities, including the issuance of Single Securities. The CSP will use industry-standard software, systems, and data requirements, which will make it adaptable for use by other market participants in the future. CSS has aligned the technical build of the CSP to support defined Fannie Mae and Freddie Mac single-family loan products and business processes. This approach will ensure that the Enterprises have seamless connectivity to the platform and will enable CSS to build an operational infrastructure that will support required Enterprise business processes. Each Enterprise has sophisticated applications that currently manage all aspects of loan acquisition, loan boarding, securitization, credit risk management, and other aspects of the single-family guarantee business. CSS will support the securitization aspect of that business, acting as each Enterprise’s agent for the issuance of new securities and the ongoing administration of existing and new securities. These activities were selected because of the significant transaction processing power required to perform them and the need to make these aspects of the single-family securitization process relatively standardized to support the Single Security initiative. Many of the functions not in scope for the CSP, such as credit risk management, are not as standardized at the Enterprises (or across the industry) as the selected functions. Consequently, incorporating them into the platform would be less likely to generate benefits for the Enterprises or for the industry. I. INITIAL RELEASES OF THE SOFTWARE The development of the CSP and related CSS business operations has focused on the capabilities necessary to support single-class (first- and second-level) securities and on the various external interfaces that will allow the Enterprises and future users to access the platform. The initial release of the platform software will build on that work. 16 An Update on the Common Securitization Platform R e l e a s e 1 . The initial software release will allow Freddie Mac to use the Data Acceptance, Issuance Support, and Bond Administration modules to perform activities related to its current single-class, fixed-rate PCs and Giant PCs and certain activities related to the underlying mortgage loans (such as tracking unpaid principal balances). This initial release will require the CSP to support data processing, at the required scale, for approximately nine million mortgage loans, 500,000 pools, and 250,000 securities. In 2015 CSS has moved software development and testing activities out of Fannie Mae’s IT environment, where they had resided since the initiation of the project in 2012, and into an environment managed by CSS. Multiple information security controls are in place. CSS is also preparing the IT environment to be production-ready for Release 1. CSS and the Enterprises are performing joint system-to-system testing of the CSP’s single-class functionality with steadily increasing volumes and complexity of transactions. That testing involves the Enterprises sending data on pools of mortgage loans to CSS. CSS and the Enterprises are also developing the operating procedures and controls necessary to support firstand second-level securities issued by the Enterprises. The testing process involves testing CSS’s operational capabilities to ensure that CSS has the trained staff to perform securitization operations and other functions, including information security. R e l e a s e 2 . The second release of the platform software will allow both Enterprises to (1) use the Data Acceptance, Issuance Support, Disclosure, and Bond Administration Modules to perform activities related to their current fixed-rate securities, both single- and multi-class; (2) issue Single Securities (including commingled resecuritizations); and (3) perform certain activities related to the underlying mortgage loans. Fannie Mae will also use the CSP to issue and administer mortgage securities backed by adjustable-rate loans. Release 2 will enable the platform to support data processing, at the required scale, for both Enterprises single-family books of business. II. OBJECTIVES FOR 2015 Consistent with FHFA’s 2015 Conservatorship Scorecard for Fannie Mae, Freddie Mac, and Common Securitization Solutions, CSS’s multi-year plan for the development of the CSP included three major objectives for 2015. The company has made progress toward achieving each of those objectives, as detailed below. 17 An Update on the Common Securitization Platform The first objective, which supports Release 1, is to deliver single-class platform capabilities and to conduct detailed testing that assesses CSS’s production readiness. CSS has been building the capabilities of the Data Acceptance, Issuance Support, and Bond Administration modules required for single-class securities. In addition, the company has been developing the business processes that will support securities issuance and administration as well as the conversion of legacy data. Extensive testing of single-class activities will continue to be conducted between CSS and each Enterprise during the second half of 2015. The second objective, which supports Release 2, is to define and make progress toward developing the unique platform capabilities that are necessary for multi-class securities. 8 To date, progress has been made on defining the delivery of multi-class securities capabilities and on completing tri-party multi-class securities requirements. Once those requirements have been completed, development of the aspects of the platform software necessary to support multi-class securitization will begin. The third objective, which also supports Release 2, is to define and make progress in delivering Single Security capabilities, including supporting the re-securitization of commingled securities issued by both Enterprises. The delivery of Single Security capabilities is well underway. Progress on the Single Security is described in more detail in An Update on the Structure of the Single Security, issued by FHFA in May 2015. LOOKING FORWARD In partnership with Fannie Mae and Freddie Mac, CSS is building a stand-alone software development, testing, and production infrastructure and related business operations that will support the Enterprises’ single-family mortgage securitization activities. CSS is also forming a sustainable organization that, while leveraging Enterprise resources where appropriate, will allow CSS to operate as an independent business entity. In the meantime, CSS continues to meet the significant challenges posed in the initial build phase of the company’s life, including successful completion of complex tri-party testing, the operation of Release 1 in a production environment while completing the development of Release 2, and the need to meet high standards for the timeliness and accuracy of data processing once Release 1 is in production. In 2015, CSS has transitioned from Fannie Mae’s IT environment to a cloud-based environment that supports both the CSP and CSS’s securitization operations. Detailed business continuity 8 Capabilities for single-class securities that will be available in Release 1 will also be used for multi-class securities. 18 An Update on the Common Securitization Platform programs and disaster recovery plans are being put in place along with a second business location to meet the highest possible cybersecurity standards. CSS associates are targeted to become CSS employees in the first half of 2016. To accomplish this transition, CSS will stand up its own human resources and benefits platform and financial systems. Developing the CSP is a large-scale, multi-year project, and the platform’s requirements will continue to be refined and adjusted as testing proceeds and as FHFA and the Enterprises receive public and industry input. To facilitate input from industry stakeholders, in July 2015 Fannie Mae, Freddie Mac, and CSS convened a Single Security/CSP Industry Advisory Group. The group will provide feedback and share information with CSS and the Enterprises related to the Single Security and the development of the platform. The group’s members include representatives from the American Bankers Association, Center for Responsible Lending, Financial Services Roundtable, Fixed Income Clearing Corporation, Independent Community Bankers of America, Mortgage Bankers Association, Securities Industry and Financial Markets Association, and the Structured Finance Industry Group. Fannie Mae and Freddie Mac have also initiated Single Security and CSP web pages that provide regular progress updates, frequently asked questions and answers, and a schedule of upcoming speaking engagements and conferences. These web pages also allow visitors to register to receive regular updates and to submit questions. All information that CSS shares with the Advisory Group, as well as minutes from its meetings, will be posted on the web pages. Prior to issuance of Single Securities, the Enterprises will make public the file formats and other technical specifications related to Single Security disclosures. The Enterprises will provide this information far enough ahead of the initial issuance of Single Securities to give data vendors and other market participants adequate time to implement any necessary changes to their systems and business processes. FHFA plans to announce in 2016 the date on which Freddie Mac will begin to use the CSP (Release 1). In addition, as part of the 2016 Conservatorship Scorecards for the Enterprises and CSS, FHFA may provide information on the timing of the Enterprises’ use of the CSP to issue Single Securities (Release 2). FHFA also plans to continue discussions with stakeholders about the implementation of the CSP and about future plans for the evolution of the CSP. 19