Review the 101 EPD loans not previously selected for review and submit the results to HUD, including any findings of fraud, material misrepresentations, or other material findings that it is unable to mitigate. If required, Neighborhood Loans should execute indemnification agreements or reimburse claims paid to help protect the FHA insurance fund from unacceptable risk.

Review its QC files for up to the 432 loans with post-closing reviews in which it may not have performed complete reverifications of borrower information and reverify information where appropriate. Neighborhood Loans should then evaluate the risk of any new findings identified, and if required, it should execute indemnification agreements or reimburse claims paid to help protect the FHA insurance fund from unacceptable risk.

Evaluate its QC files for the 59 loans with EPD reviews in which it did not assess the risk of findings identified to confirm whether it self-reported to HUD all findings of fraud or material misrepresentation, along with any other material findings that its records did not show had been acceptably mitigated. If required, Neighborhood Loans should execute indemnification agreements or reimburse claims paid to help protect the FHA insurance…

Evaluate its QC files for the 96 loans in which it identified material findings to confirm whether it self-reported to HUD all findings of fraud or material misrepresentation, along with any other material findings that its records did not show have been acceptably mitigated. If required, Neighborhood Loans should execute indemnification agreements or reimburse claims paid to help protect the FHA insurance fund from unacceptable risk.

Provide indemnification agreements or documentation to support the one loan in which it missed material deficiencies and the three loans in which it identified material misrepresentations or other material findings that it did not acceptably mitigate or self-report to HUD. Implementation of this recommendation will protect the FHA insurance fund from an estimated loss of $339,186.

We recommend that the Director, Office of Public Housing, New York, instruct the Authority to reimburse from non-Federal funds the $219,715 expended for ineligible costs as follows; $215,402 to HUD, and $4,313 to the 2007 ROSS Family grant.

Develop and implement adequate policies, procedures, and controls to ensure that owner certifications and surveys and other relevant documents related to properties that fail inspections or are noted as having EHS deficiencies are maintained and retrievable from an easily accessible location.

Implement adequate procedures and controls to ensure that documentation is maintained to support that the reports were submitted to Congress.

Review the two loans in our sample that did not receive appropriate servicing and take administrative actions if appropriate.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

HUD OCIO should identify needs to address Federal requirements by performing a gap analysis on its zero trust architecture strategic plan.

HUD OCIO should establish a zero trust architecture implementation plan that includes milestones and resources to address all zero trust pillars.

The CDO should coordinate with HUD’s Records Office, Privacy Office, and program offices to develop data policies and procedures for data inventory, categorization, and labeling in support of zero trust architecture. Status HUD provided a corrective action plan for this recommendation in May 2025. The planned corrective action requires the agency to acquire a data management system, develop cataloging standards, and coordinate with…

HUD OCIO should develop system policies and procedures for dynamic access controls that include just-in-time and just-enough access tailored to individual actions and individual resource needs.

HUD’s Privacy Office should require program offices to periodically review systems in all environments (testing, development, production) for unnecessary disclosure of personally identifiable information (PII).

HUD OCIO should capture risks that are associated with zero trust architecture implementation and document these risks in its risk register.