In Effect Since October 1, 2025

The AVM Final Rule is law.
Your institution needs a control system.

Six federal agencies issued the Interagency AVM Quality Control Rule under FIRREA § 1125. It requires every mortgage originator and secondary market issuer using AVMs in covered transactions to adopt policies, practices, procedures, and control systems across five quality control standards.

Start Free Trial →Read the Five Factors
The Rule

What the AVM Final Rule requires

Section 1473(q) of the Dodd-Frank Act added Section 1125 to FIRREA, directing six federal agencies to issue regulations implementing quality control standards for automated valuation models used in mortgage lending and securitization.

The final rule was issued July 17, 2024 and took effect October 1, 2025. It requires covered institutions to adopt and maintain policies, practices, procedures, and control systems ensuring that AVMs adhere to five quality control standards.

The rule is intentionally flexible — it does not prescribe specific implementations. But examiners will expect to see documented, operational controls that demonstrate compliance across all five factors. That is exactly what AVMS.AI provides.

Issuing Agencies

OCC · Federal Reserve · FDIC · NCUA · CFPB · FHFA

Statutory Authority

FIRREA § 1125 (12 U.S.C. § 3354), as amended by Dodd-Frank § 1473(q)

Codified At

12 CFR Part 1026 (Regulation Z) — CFPB; parallel rules by OCC, FRB, FDIC, NCUA, FHFA

Effective Date

October 1, 2025 — the rule is currently in effect

Scope

Mortgage originators making credit decisions + secondary market issuers making covered securitization determinations

Requirement

Adopt policies, practices, procedures, and control systems for AVM quality control

The Five Quality Control Standards

What the rule demands.
What the platform delivers.

Each quality control standard has a regulatory requirement, an operational challenge, and a platform solution. Here is how AVMS.AI addresses each one — with the evidence to prove it.

Factor 01

Ensure a High Level of Confidence

Ensure a high level of confidence in the estimates produced by automated valuation models

The Challenge

Every AVM vendor reports confidence differently — percentages, FSD, letter grades, qualitative terms. Without standardization, institutions cannot meaningfully evaluate or compare confidence across vendors.

The Solution

AVMS.AI normalizes every vendor's proprietary confidence metric to the MISMO Common Confidence Score standard (0-100 scale) with five tiers, documented PP10 alignment verification, and a complete audit trail for every transform. Institutions set cascading confidence thresholds by loan type and property type, with configurable strictness (block, alert, or log).

The Evidence

Full normalization audit: input vendor, raw value, detected metric type, normalization method, PP10 basis (vendor-reported / platform-inferred / not applicable), output score, tier, and usage guidance — all SHA-256 sealed into the session chain.

Factor 02

Protect Against Manipulation of Data

Protect against the manipulation of data

The Challenge

Traditional systems log events after the fact. Logs can be modified, deleted, or backdated. There is no cryptographic guarantee that the data seen by the policy check is the same data that was originally submitted.

The Solution

Every document upload, AI extraction, human confirmation, policy check, and session seal is a sequenced protocol event in a SHA-256 hash chain. Each event's hash incorporates the previous event's hash, creating an append-only Merkle structure where any modification to any event invalidates every subsequent hash.

The Evidence

The protocol log provides per-action verification: action hash, previous hash, sequence number, actor attribution, timestamp, and payload — exportable as a self-contained JSON proof that an examiner can independently verify.

Factor 03

Seek to Avoid Conflicts of Interest

Seek to avoid conflicts of interest

The Challenge

Institutions need to detect and document when AVM vendors have relationships with originators, servicers, or other parties to the transaction. Manual COI tracking is inconsistent and unauditable.

The Solution

Trigger-based vendor watchlist with per-trigger strictness (block, alert, or log). Configurable exact or containment matching. Automatic party disclosure checks at every intake point — document upload, batch tape, API, and SFTP. Vendor firewall with whitelist and blacklist modes.

The Evidence

Every COI check result is recorded in the session's policy check. Vendor firewall changes are audited with actor attribution and reason codes in the protocol chain.

Factor 04

Require Random Sample Testing and Reviews

Require random sample testing and reviews

The Challenge

Random sampling must be provably random, unbiased, and representative. Institutions need to demonstrate that their QC program covers all loan types, geographies, vendors, and time periods — and that the selection process cannot be manipulated.

The Solution

Cryptographically verifiable random selection with provably unbiased seed. Institutional sampling rates and frequency controls. Multi-dimensional breadth tracking across vendor, geography, loan type, and time period. Census tract coverage monitoring for geographic representativeness.

The Evidence

Each QC round records: selection seed, sampling rate, population size, selected sessions, coverage dimensions, reviewer attestation, and acknowledgment — all protocol-chained with the cryptographic guarantee that the selection was not tampered with after the fact.

Factor 05

Comply with Applicable Nondiscrimination Laws

Comply with applicable nondiscrimination laws

The Challenge

The fifth factor — added by the agencies using discretionary authority — requires institutions to actively monitor AVM outcomes for discriminatory patterns. Most institutions have no system for continuous fair lending analysis of AVM-derived decisions.

The Solution

Every loan is tagged with applicable federal and state nondiscrimination laws. Census tracts are classified using FFIEC methodology (majority-minority designation). Continuous disparate impact monitoring uses Welch's t-test with per-MSA drill-down to detect statistically significant confidence score differentials across demographic classifications.

The Evidence

Nondiscrimination classification stored on every session. Geographic distribution, vendor disparity analysis, demographic outcome comparison, and pass rate by predominant demographic group — all computable from the protocol state at any point in time.

Scope of the Rule

Who must comply

The rule applies to mortgage originators that use AVMs in connection with credit decisions and secondary market issuers that use AVMs in covered securitization determinations — whether directly, or through or in cooperation with a third party or affiliate.

A credit decision includes decisions to approve, deny, modify, or change the terms of a mortgage, as well as decisions to set credit limits on a line of credit secured by a consumer's principal dwelling.

A secondary market issuer is any party that creates, structures, or organizes a mortgage-backed securities transaction — including but not limited to the GSEs.

Depository Originators
National banks (OCC-regulated)
State member banks (Fed-regulated)
State nonmember banks (FDIC-regulated)
Federal credit unions (NCUA-regulated)
State-chartered credit unions
Non-Depository Originators
Mortgage lenders (state-licensed)
Correspondent lenders
Mortgage brokers using AVMs
Secondary Market
Fannie Mae and Freddie Mac (FHFA-regulated)
Ginnie Mae issuers
Private-label securitizers
Aggregators and servicers
The Examiner Question

“Show me your control system.”

The rule requires institutions to adopt policies, practices, procedures, and control systems — not merely policies on paper. Examiners will evaluate whether your institution has operational controls that are documented, active, and demonstrable.

The rule is intentionally non-prescriptive about implementation. The agencies expect institutions to establish quality controls “based on their size and the risk and complexity of transactions for which they will use AVMs covered by the rule.” But this flexibility creates its own challenge: without a system that organizes and evidences your controls, you are relying on manual processes and scattered documentation.

AVMS.AI is the control system. It is not a report you run after the fact. It is the operational layer through which your AVM decisions are made, enforced, and proven — in real time, for every loan, with cryptographic evidence that the process was followed.

Requirement → Platform

Every requirement. Mapped to a capability.

The Rule Requires

Adopt policies

Institution-specific compliance policy configuration

AVMS.AI Provides

Onboarding wizard configures policies based on institution type, regulatory body, loan types, and risk tolerance. Policy version tracked in protocol state.

The Rule Requires

Adopt practices

Operational workflows for AVM quality control

AVMS.AI Provides

Four intake methods (document, batch, API, SFTP) — each enforcing the same five-factor policy checks. Role-based access with operator, reviewer, and admin permissions.

The Rule Requires

Adopt procedures

Documented steps for handling AVM evaluations

AVMS.AI Provides

Guided intake flow: upload → AI extraction → human confirmation → policy check → seal. QC sampling with reviewer attestation. Exception acknowledgment workflow.

The Rule Requires

Adopt control systems

Technical infrastructure enforcing compliance

AVMS.AI Provides

Cryptographic protocol engine (SOPA). SHA-256 hash chain. MISMO normalization engine. Vendor firewall. Automated nondiscrimination monitoring. Verifiable QC sampling.

The rule is in effect.
The platform is ready.

Start your free trial today. No credit card required. Your institution begins building cryptographic compliance evidence from the first loan you process.

Start Free Trial — No Credit Card Required →
Interagency AVM Final Rule · FIRREA § 1125 · 12 CFR Part 1125 · Effective October 1, 2025