On August 18, 2016, the US Department of Education (ED or the Department) issued a Dear Colleague Letter (DCL) providing additional guidance on issues related to the requirements for third parties that provide financial aid services (Servicers). The DCL lays out the Department's increasingly expansive view of the types of functions or services that constitute Servicer activities and the reporting and audit obligations of educational institutions and Servicers. After an extended period of uncertainty, the DCL may signal that ED is prepared to refocus its enforcement efforts on this compliance area.

Servicer and non-servicer functions

While breaking little new policy ground, the DCL provides additional specificity about what is and what is not considered a Servicer activity. The DCL's non-exhaustive list includes commonly understood services such as processing or administering Title IV funds, but also clearly encompasses the outsourcing of any required consumer information, such as annual security reports required by the Clery Act, graduation and transfer rates, job placement rates, or gainful employment disclosures, among others.

The Department affirmed this interpretation in a recent, highly publicized action against a for-profit institution, Medtech College. ED determined that the institution had breached its fiduciary duty to the Department by failing to report a placement verifying contractor as a Servicer and failing to include the required contractual provisions in its services agreement, which would have given the Department further recourse. ED concluded that the institution's disregard for the Servicer regulations demonstrated a lack of administrative capability and as a result, moved to deny the institution's recertification. While we expect that most instances of noncompliance will result in fines, the recent action makes clear that the Department may tie Servicer compliance to an institution's eligibility for Title IV funding.

The Department's more expansive interpretation of Servicer functions is also accompanied by its position that it will not base its determinations on a generic list of Servicer or non-Servicer functions. The DCL is clear that the Department will "look at each case individually" based on the functions and services being performed in each individual contractual relationship. In light of this position, we recommend institutions carefully review their contractor relationships.

Servicer contracts

The DCL also places heightened emphasis on an institution's responsibility to ensure that the Servicer is compliant with all applicable laws and regulations. Institutions continue to be required to include the contractual provisions outlined in the regulation at 34 CFR § 668.25 in all agreements with Servicers. However, the DCL underscores several additional provisions not specifically listed in the regulation that address the Servicer's compliance with certain laws:

  1. Institutions are subject to the information security requirements for consumer information established by the Federal Trade Commission (FTC) and must require Servicers by contract to implement and maintain such safeguards.
  2. Institutions must require Servicers to agree and comply with all aspects of the Family Educational Rights and Privacy Act (FERPA) regarding the Servicer's receipt and use of any education records provided by the institution.
  3. Institutions are encouraged to include an immediate termination right, triggered if the institution is notified the Department has imposed an emergency, limitation, suspension, or termination action with regard to a Servicer's ability to contract with the institution to administer Title IV aid.

Reporting and audits

The DCL clarifies that, in addition to the requirement for institutions to report Servicers to the Department within 10 days of entering into a contract, Servicers must also submit a data collection form to the Department within 10 days of adding or terminating a contract with an institution, changing its name, address, or contract information, or buying, selling, or merging with another Servicer.

The DCL also clarifies the audit requirements for Servicers whose functions are not covered by the Office of Inspector General (OIG) Audit Guide. The DCL clarifies that if the Servicer's Title IV functions or services are not covered by the OIG Audit Guide, the Servicer must still submit an audit letter to the Department providing management's assertion that it complied with all requirements applicable to the services and functions it performed on behalf of eligible institutions.

Audits or audit letters are generally due no later than six months after the last day of the Servicer's fiscal year. However, the DCL imposes different deadlines for Servicers who have not submitted audits for one or more years either because they did not believe they were a Servicer or because they were not covered by the OIG Audit Guide. If the Servicer's functions are covered by the OIG Audit Guide, compliance audits are due no later than December 31, 2016. If the Servicer's functions are not covered by the OIG Audit Guide, audit letters are due no later than six months after the last day of the Servicer's fiscal year that begins on or after December 31, 2016.

We encourage you to review the full text of the DCL