Federal National Mortgage Association (FNMA) Risk Factors

Our business is highly dependent on the talents and efforts of our executives and other employees. The conservatorship, the uncertainty of our future, and limitations on executive and employee compensation have had, and are likely to continue to have, an adverse effect on our ability to retain and recruit talent. Voluntary attrition of our executives and other employees has increased over the past year compared with prior years. Attrition in key management positions and challenges in finding replacements could harm our ability to manage our business effectively, to successfully implement strategic initiatives, and ultimately could adversely affect our financial performance. Actions taken by Congress, FHFA and Treasury to date, or that may be taken by them or other government agencies in the future, have had, and may continue to have, an adverse effect on our retention and recruitment of executives and other employees. We are subject to significant restrictions on the amount and type of compensation we may pay while under conservatorship. For example: •The Equity in Government Compensation Act of 2015 limits the compensation and benefits for our Chief Executive Officer to the same level in effect as of January 1, 2015 while we are in conservatorship or receivership. Accordingly, annual direct compensation for our Chief Executive Officer is limited to base salary at an annual rate of $600,000. •The Stop Trading on Congressional Knowledge Act of 2012, known as the STOCK Act, and related FHFA regulations prohibit our senior executives from receiving bonuses during conservatorship. •As our conservator, FHFA has the authority to approve the terms and amounts of our executive compensation and may require changes to our executive compensation program. FHFA has advised us that, given our conservatorship status, our executive compensation program is designed generally to provide for lower pay levels relative to large financial services firms that are not in conservatorship. FHFA has instructed us to benchmark to the lower end of the range of market compensation for new executive hires and compensation increase requests for existing executives, which limits our ability to offer market-competitive compensation for our executives if FHFA does not grant an exception. See “Executive Compensation—Compensation Discussion and Analysis—2021 Executive Compensation Program; Chief Executive Officer Compensation” for a description of FHFA’s primary objectives for our executive compensation program, as well as directives and guidance FHFA has provided relating to our executive compensation during conservatorship. •The terms of our senior preferred stock purchase agreement with Treasury contain specified restrictions relating to compensation, including a prohibition on selling or issuing equity securities without Treasury’s prior written consent except under limited circumstances, which effectively eliminates our ability to offer equity-based compensation to our employees. As a result of the restrictions on our compensation, we have not been able to incent and reward excellent performance with compensation structures that provide upside potential to our executives, which places us at a disadvantage compared to many other companies in attracting and retaining executives. In addition, the restrictions on our compensation and the uncertainty of potential action by Congress or the Administration with respect to our future— including whether we will exit conservatorship, how long it may take before we exit conservatorship, or whether housing finance reform will result in a significant restructuring of the company or the company no longer continuing to exist—also negatively affects our ability to retain and recruit executives and other employees. The cap on our Chief Executive Officer compensation continues to make retention and succession planning for this position particularly difficult, and it may make it difficult to attract qualified candidates for this critical role in the future. In June 2021, FHFA issued a request for input on executive compensation at FHFA’s regulated entities. The request for input asked for public feedback on our executive compensation program both during and after conservatorship. Further changes in our executive compensation program could affect our ability to retain and recruit executive officers. We face competition from the financial services and technology industries, and from businesses outside of these industries, for qualified executives and other employees. An improving economy and increased remote work opportunities have increased the competition we face from other companies in hiring new executives and other employees, as well as in retaining our executives and employees. If this increased competition for executive and employee talent persists and if we are unable to retain, promote and attract executives and other employees with the necessary skills and talent, we would face increased risks for operational failures. If there were several high-level departures at approximately the same time, our ability to conduct our business could be materially adversely affected, which could have a material adverse effect on our results of operations and financial condition.

We rely on our institutional counterparties to provide services and credit enhancements that are critical to our business. We face the risk that one or more of our institutional counterparties may fail to fulfill their contractual obligations to us. If an institutional counterparty defaults on its obligations to us, it could also negatively impact our ability to operate our business, as we outsource some of our critical functions to third parties, such as mortgage servicing, single-family Fannie Mae MBS issuance and administration, and certain technology functions. Our primary exposures to institutional counterparties are with credit guarantors that provide credit enhancements on the mortgage assets that we hold in our retained mortgage portfolio or that back our Fannie Mae MBS, including; •mortgage insurers and reinsurers, including those that participate in our CIRT transactions, and multifamily lenders with risk sharing arrangements; •mortgage servicers that service the loans we hold in our retained mortgage portfolio or that back our Fannie Mae MBS; •mortgage sellers and servicers that are obligated to repurchase loans from us or reimburse us for losses in certain circumstances; •the financial institutions that issue the investments, including overnight bank deposits, held in our other investments portfolio; and •derivatives counterparties. We also have counterparty exposure to custodial depository institutions; mortgage originators, investors and dealers; debt security dealers; central counterparty clearing institutions; and document custodians. The concentration of our counterparties in similar or related businesses heightens our counterparty risk exposure. We routinely enter into a high volume of transactions with counterparties in the financial services industry, including brokers and dealers, mortgage lenders and commercial banks, and mortgage insurers, resulting in a significant credit concentration with respect to this industry. We may also have multiple exposures to particular counterparties, as many of our counterparties perform several types of services for us. For example, our lenders or their affiliates may also act as derivatives counterparties, mortgage servicers, custodial depository institutions or document custodians. Accordingly, if one of these counterparties were to become insolvent or otherwise default on its obligations to us, it could harm our business and financial results in a variety of ways. An institutional counterparty may default on its obligations to us for a number of reasons, such as changes in financial condition that affect its credit rating, changes in its servicer rating, a reduction in liquidity, operational failures or insolvency. In the event of a bankruptcy or receivership of one of our counterparties, we may be required to establish our ownership rights to the assets these counterparties hold on our behalf to the satisfaction of the bankruptcy court or receiver, which could result in a delay in accessing these assets causing a decline in their value. Counterparty defaults or limitations on their ability to do business with us could result in significant financial losses or hamper our ability to do business or manage the risks to our business. In addition, if we are unable to replace a defaulting counterparty that performs services critical to our business, it could adversely affect our ability to conduct our operations and manage risk. We have significant exposure to institutions in the financial services industry relating to derivatives, funding, short-term lending, securities, and other transactions. We depend on our ability to enter into derivatives transactions with our derivatives counterparties in order to manage the duration and prepayment risk of our retained mortgage portfolio. If we lose access to our derivatives counterparties, it could adversely affect our ability to manage these risks. We use clearinghouses to facilitate many of our derivative trades. If the clearinghouse or the clearing member we use to access the clearinghouse defaults, we could lose margin that we have posted with the clearing member or clearinghouse. We are also a clearing member of two divisions of Fixed Income Clearing Corporation (“FICC”), a central counterparty (“CCP”). One FICC division clears our trades involving securities purchased under agreements to resell, securities sold under agreements to repurchase, and other non-mortgage related securities. The other division clears our forward purchase and sale commitments of mortgage-related securities, including dollar roll transactions. As a clearing member of FICC, we could be exposed to the losses if the CCP or one or more of the CCP’s clearing members fails to perform its obligations, because each FICC clearing member is required to absorb a portion of the losses incurred by other clearing members if they fail to meet their obligations to the clearinghouse. For more information, see “MD&A—Risk Management—Institutional Counterparty Credit Risk Management—Other Counterparties—Central Counterparty Clearing Institutions.”

Our operations rely on the secure receipt, processing, storage and transmission of confidential and other information in our computer systems and networks and with our business partners, including proprietary, confidential or personal information that is subject to privacy laws, regulations or contractual obligations. Information security risks for large institutions like us have significantly increased in recent years in part because of the proliferation of new technologies and the use of the Internet, mobile, telecommunications and cloud technologies to conduct or automate financial transactions. A number of financial services companies, consumer-based companies and other organizations have reported the unauthorized disclosure of client, customer or other confidential information, as well as cyber attacks involving the dissemination, theft and destruction of corporate information, intellectual property, cash or other valuable assets. There have also been several highly publicized ransomware cyber attacks where hackers have requested “ransom” payments in exchange for not disclosing stolen customer information or for unlocking or not disabling the target company’s computer or other systems. We have been, and likely will continue to be, the target of cyber attacks, computer viruses, malicious code, social engineering attacks, including phishing attacks, denial of service attacks and other information security threats. To date, cyber attacks have not had a material impact on our financial condition, results or business. However, we could suffer material financial or other losses in the future as a result of cyber attacks, and these attacks and their impacts are hard to predict. Our risk and exposure to these matters remains heightened because of, among other things: •the evolving nature of these threats; •the current global economic and political environment; •our prominent size and scale and our role in the financial services industry; •the outsourcing of some of our business operations; •the ongoing shortage of qualified cybersecurity professionals; •our migration to cloud-based systems; •our increased use of employee-owned devices for business communication; •the large number of our employees working remotely; and •the interconnectivity and interdependence of third parties to our systems. Despite our efforts to ensure the integrity of our software, computers, systems and information, we may not be able to anticipate, detect or recognize threats to our systems and assets, or to implement effective preventive measures against all cyber threats, especially because the techniques used are increasingly sophisticated, change frequently, are complex, and are often not recognized until launched. In addition, recent large-scale cyber attacks suggest that the risk of damaging cyberattacks impacting us and/or third-parties with which we do business is increasing. We expect cyber attack and breach incidents to continue, and we are unable to predict the direct or indirect impact of future attacks or breaches on our business operations. We routinely identify cyber threats as well as vulnerabilities in our systems and work to address them. Some cyber vulnerabilities take a substantial amount of time to resolve. In addition, efforts to resolve them may be insufficient. Further, these efforts involve costs that can be significant as cyber attack methods continue to rapidly evolve. Cyber attacks can originate from a variety of sources, including external parties who are affiliated with foreign governments or are involved with organized crime or terrorist organizations. Cybersecurity risks also derive from human error, fraud or malice on the part of our employees or third parties. Third parties have, and will likely continue to, attempt to induce employees, lenders (including servicers) or other users of our systems to disclose sensitive information or provide access to our systems or network, or to our data or that of our counterparties or borrowers, and these types of risks may be difficult to detect or prevent. The occurrence of a cyber attack, breach, unauthorized access, misuse, computer virus or other malicious code or other cybersecurity event could jeopardize or result in the unauthorized disclosure, gathering, monitoring, misuse, corruption, loss or destruction of confidential and other information that belongs to us, our lenders, our counterparties, third-party service providers or borrowers that is processed and stored in, and transmitted through, our computer systems and networks. The occurrence of such an event could also result in damage to our software, computers or systems, or otherwise cause interruptions or malfunctions in our, our lenders’, our counterparties’ or third parties’ operations. This could result in significant financial losses, loss of lenders and business opportunities, reputational damage, litigation, regulatory fines, penalties or intervention, reimbursement or other compensatory costs, or otherwise adversely affect our business, financial condition or results of operations. Cyber attacks can occur and persist for an extended period of time without detection. Investigations of cyber attacks are inherently unpredictable, and it takes time to complete an investigation and have full and reliable information. While we are investigating a cyber attack, we do not necessarily know the extent of the harm or how best to remediate it, and we can repeat or compound certain errors or actions before we discover and remediate them. In addition, announcing that a cyber attack has occurred increases the risk of additional cyber attacks, and preparing for this elevated risk can delay the announcement of a cyber attack. All or any of these challenges could further increase the costs and consequences of a cyber attack. These factors may also inhibit our ability to provide rapid, complete and reliable information about a cyber attack to our lenders, counterparties and regulators, as well as the public. In addition, we may be required to expend significant additional resources to modify our protective measures and to investigate and remediate vulnerabilities or other exposures arising from operational and security risks. Although we maintain insurance coverage relating to cybersecurity risks, our insurance may not be sufficient to provide adequate loss coverage in all circumstances. Because we are interconnected with and dependent on third-party vendors, exchanges, clearing houses, fiscal and paying agents, and other financial intermediaries, including CSS, we could be materially adversely impacted if any of them is subject to a successful cyber attack or other information security event. Third parties with which we do business may also be sources of cybersecurity or other technological risks. We outsource certain functions and these relationships allow for the external storage and processing of our information, as well as lender, counterparty and borrower information, including on cloud-based systems. We also share this type of information with regulatory agencies and their vendors. While we engage in actions to mitigate our exposure resulting from our information-sharing activities, ongoing threats may result in unauthorized access, loss or destruction of data or other cybersecurity incidents with increased costs and consequences to us such as those described above. We routinely transmit and receive personal, confidential and proprietary information by electronic means. In addition, our lenders maintain personal, confidential and proprietary information on systems we provide. We have discussed and worked with lenders, vendors, service providers, counterparties and other third parties to develop secure transmission capabilities and protect against cyber attacks, but we do not have, and may be unable to put in place, secure capabilities with all of our lenders, vendors, service providers, counterparties and other third parties and we may not be able to ensure that these third parties have appropriate controls in place to protect the confidentiality of the information. An interception, misuse or mishandling of personal, confidential or proprietary information being sent to or received from a lender, vendor, service provider, counterparty or other third party could result in legal liability, substantial fines, regulatory action and reputational harm. Furthermore the legal and regulatory environment related to data privacy and cybersecurity is constantly changing. An actual or perceived failure by us, lenders, vendors, service providers, counterparties or other third parties to comply with privacy, data protection and information security laws, regulations, standards, policies and contractual obligations could result in legal liability, substantial fines, regulatory action and reputational harm.

In general, a prolonged period of slow growth in the U.S. economy or any deterioration in general economic conditions or financial markets could materially adversely affect our results of operations, net worth and financial condition. Our business is significantly affected by the status of the U.S. economy, including home prices and employment trends, as well as economic output levels, interest and inflation rates, and shifts in fiscal and monetary policies. As described in "MD&A-Key Market Economic Indicators" in this report, we currently expect that a modest recession is likely to occur beginning in the first quarter of 2023, resulting in an increase in the unemployment rate. In addition, home prices declined slightly on a national basis in the third quarter of 2022, and we expect additional home price declines in the fourth quarter of 2022 and in 2023. In recent years, the Federal Reserve has purchased a significant amount of mortgage-backed securities issued by us, Freddie Mac and Ginnie Mae. The Federal Reserve began to taper these purchases in November 2021 and concluded its asset purchase program in March 2022. In March 2022, the Federal Reserve stated that it would reinvest principal payments from its holdings of both agency debt and agency mortgage-backed securities into agency mortgage-backed securities, and that it expected to begin reducing its holdings of agency debt and agency mortgage-backed securities. In May 2022, the Federal Reserve announced its plans to reduce its securities holdings over time by reinvesting principal payments from agency debt and agency mortgage-backed securities only to the extent those payments exceed monthly caps; the cap was initially set at $17.5 billion per month beginning on June 1, 2022, and increased to $35 billion per month in September 2022. In addition, the Federal Reserve has raised the target range for the federal funds rate several times this year to address inflation, and in November 2022 stated that it anticipates that ongoing increases in the target range will be appropriate. The strength in inflation also contributed to the sharp rise in mortgage rates in 2022, and mortgage rates may continue to rise. The increase in mortgage interest rates has already led to a slowdown in housing demand and a reduction in our business volume. Due to the recent sharp rise in interest rates and increases in mortgage spreads, we have been issuing MBS with higher coupon yields. Demand for, and liquidity of, these higher MBS coupon yields has been lower than typical demand and liquidity for our MBS. Further rate increases would likely further reduce our business volume and demand for and the liquidity of our MBS, which could adversely affect our results of operations, net worth and financial condition. Further rate increases also could result in greater home price declines, which also could adversely affect our results of operations, net worth and financial condition. Global economic conditions can also adversely affect our business and financial results. Changes or volatility in market conditions resulting from deterioration in or uncertainty regarding global economic conditions can adversely affect the value of our assets, which could materially adversely affect our results of operations, net worth and financial condition. Differing rates of economic recovery from the COVID-19 pandemic around the world along with continued dislocations in supply chains remain a concern for policy makers and financial markets. To the extent global economic conditions negatively affect the U.S. economy, they also could negatively affect the credit performance of the loans in our book of business. Volatility or uncertainty in global or domestic political conditions also can significantly affect economic conditions and financial markets. Global or domestic political unrest also could affect economic growth and financial markets. For example, the Russian war in Ukraine and related economic sanctions imposed on Russia, as well as any further actions by Russia, the United States or others relating to this conflict, may further impact the global economy and financial markets, which could further increase inflationary pressure and interest rates, as well as negatively affect economic growth and result in disruptions in the financial markets. We describe in "Risk Factors" in our 2021 Form 10-K the risks to our business posed by changes in interest rates and changes in spreads. In addition, future changes or disruptions in financial markets could significantly change the amount, mix and cost of funds we obtain, as well as our liquidity position.