Fannie Mae's Playbook For Technology Velocity: Our Initial Step To Increase Velocity Through Digital Governance

Enterprise Security Magazine

Fannie Mae’s mission is to advance equitable and sustainable access to homeownership and quality, affordable rental housing across America. Our digital and technology teams are front and center in the execution of this mission, as we work to modernize and innovate our mortgage solutions to help our partners serve homeowners and renters.

Over the past few years, Fannie Mae has initiated a company-wide digital transformation with the aim to deliver smart, innovative solutions to make mortgage lending faster, better, cheaper, and safer through systems that help provide security, resiliency, and flexibility. This drive to increase technology velocity must be balanced with our relentless focus on managing risks to help ensure a safe and sound housing technology ecosystem.

In this article, we’ll dive into a couple examples where we’ve streamlined our governance processes to enable technology velocity while working to remain safe and sound.

Accelerating Decision Making

We initiated our journey with our architecture governance team, where the most critical decisions are made. Many viewed this function as a bureaucratic body that slowed down work. So, we re-evaluated our processes to identify opportunities to reduce this friction and transform governance to bean innovation enabler.


Our first opportunity was with our patterns and exceptions. We streamlined the process by:

• Empowering technology teams to re-use patterns without asking for permission.

• Only leveraging architecture governance bodies to review new patterns or exceptions.

• Federating decision-making through business portfolio-aligned architecture review boards who understand the intricacies and business-specifics of a given portfolio.

Allowing teams to review exceptions quickly and empowering those closest to the work to make decisions helped to accelerate work significantly. Additionally, transitioning from consensus-based to targeted, accountability-based approvals – with Fannie Mae’s business, architecture, and information security teams – also improved our time to market.

Our next opportunity was with our technology selection process (TSP), which is Fannie Mae’s vetting process for introducing new technologies. Enhancements to the process included:

• Redesigning the TSP to focus on the type of technology, component, and expected usage.

• Creating tailored review processes when necessitated for specific types of technology.

• Integrating required reviews (e.g., procurement, legal, security).

• Introducing service level agreements with escalation mechanisms for timely decision-making.

As a result, our technologists can now rapidly assess emerging technologies and make appropriate use of open-source components and cloud-native software, while ensuring our technology environment remains safe, secure, and compliant.

By streamlining review processes, asking the right questions, and empowering the right people to make decisions, Fannie Mae transformed digital governance to be an innovation enabler.


Leveraging digital governance as an innovation enabler was just the beginning of our velocity journey. Our ability to make fast, sound decisions is the foundation for our ongoing digital transformation efforts, which include:

• Building re-usable architecture and design components.

• Streamlining and automating how software is developed and deployed.

• Shifting the culture toward acceptable risks, failing-fast, and “test and learn.”

• Automating maintenance and operations by eliminating hand offs with “you build, you own.”

• Transitioning to a more open environment via open-source technologies

Weekly Brief

Read Also

Deliver Resiliency with Managed Services

Deliver Resiliency with Managed Services

Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
Improve Diversity and Cybersecurity Hiring in One Fell Swoop

Improve Diversity and Cybersecurity Hiring in One Fell Swoop

Michael Carr, JD, CISSP, CCSP, CIPP/US/E Adjunct Faculty, Cincinnati State and Andrew Opare, Security+, Ohio Army National Guard
Businesses at Risk: Survey Exposes Gaps in Crisis Readiness among UK Firms

Businesses at Risk: Survey Exposes Gaps in Crisis Readiness among...

Jim Steven, Head of Crisis & Data Breach Response Services, Experian Consumer Services
Ingredients for Success in Transformation

Ingredients for Success in Transformation

Eric Martin, Vice President, Information Technology and Digitization, Groupe Deschenes
Implementing an Identity and Access Management Program

Implementing an Identity and Access Management Program

Devan N. D’Silva, Manager, Identity and Access Management, Vice President, Baird
The Hidden Risks of Work From Anywhere

The Hidden Risks of Work From Anywhere

Joshua Brown, VP and Global CISO at H&R Block