Determining third-party servicer status of service providers is a fact-based inquiry with significant consequences for institutional reporting and contractual obligations
On August 18, 2016, the U.S. Department of Education published Dear Colleague Letter (DCL) GEN-16-15 to provide additional guidance to all institutions of higher education participating in student financial aid programs under Title IV of the Higher Education Act (Title IV) regarding institutional responsibilities and requirements related to certain services provided to an institution by a third-party servicer, as defined in 34 C.F.R. § 668.2 and 34 C.F.R. §§ 668.23, 668.25 and as previously explained in Dear Colleague Letters GEN 12-08 and GEN 15-01. The new guidance does not change or reverse any previously published guidance on the topic but is meant to provide clarification, including examples in a Questions and Answers Document of the types of services that do, or do not, bring a person or entity providing services to an institution within the regulatory definition of a third-party servicer.
A third-party servicer is defined by current regulation as an entity or individual (other than an employee) that administers any aspect of an institution’s participation in the Title IV programs, including, but not limited to, services and functions necessary for the institution to remain eligible to participate in the Title IV programs, to determine a student’s eligibility for Title IV funds, to account for Title IV funds or to deliver Title IV funds to students.
The new guidance states that in addition to activities central to Title IV aid processing, other activities falling under the definition of a third-party servicer include preparing and submitting required applications or reports, such as an institution’s Application for Approval to Participate in the Federal Student Financial Aid Programs (E-App); Integrated Postsecondary Education Data System (IPEDS) reports; Campus Safety and Security data reports and/or enrollment status; and/or gainful employment reporting to the National Student Loan Data System (NSLDS). The guidance states that preparing required consumer information disclosures, such as a Clery Act Annual Security Report (including crime statistics, timely warnings and emergency notification, crime log, and emergency response and evacuation procedures); a biennial review of drug and alcohol abuse prevention programs; graduation and transfer rates; job placement rates; and/or gainful employment disclosures also fall within the third-party servicer definition.
The DCL states that the Department will look at each case individually and focus on the specific services or functions being provided to an institution as opposed to the nomenclature used to describe the services. Institutions need to undertake an evaluation of the persons or entities that provide Title IV program related services to the institution to make a determination of whether that person or entity should be reported to the Department as a third-party servicer. Significant reporting and contractual obligations accompany the identification of a person or entity as a third-party servicer, including:
Contract Reporting Requirements – Institutions must report the names of any individual or entity that performs for, or on behalf of, the institution any of the Title IV functions. This information must be reported within 10 calendar days of the date an institution enters into, modifies or terminates a contract with a servicer to administer any aspect of its participation in the Title IV programs. 34 C.F.R. § 668.25(e).
Third-Party Servicer Audit (ADT) – A third-party servicer must have an independent auditor conduct a compliance audit of its administration of the functions or services that it performs on behalf of eligible institutions, unless: (1) the servicer contracts with only one participating institution and (2) the attestation engagement of that institution’s participation involves every aspect of the servicer’s administration of the Title IV programs. A servicer must submit its compliance audit or audit letter annually no later than six months after the last day of the servicer’s fiscal year.
Contract Requirements – Institutions must ensure that their third-party servicer contracts contain language that requires the servicer to agree to:
- Be jointly and severally liable with the institution for any violation of Title IV requirements resulting from the functions performed by the servicer;
- Comply with all applicable statutory, regulatory and other Title IV requirements;
- Refer any suspicion of fraudulent or criminal conduct in relation to the institution’s Title IV program administration to the Department’s Office of the Inspector General;
- Confirm student eligibility and return Title IV funds (if required) when a student withdraws if the servicer disburses funds; and
- Return all records related to the servicer’s administration of the institution’s participation in the Title IV programs to the institution, and if the servicer disburses or releases Title IV funds, return all unexpended Title IV funds to the institution if the contract with an institution is terminated, or the servicer ceases to perform any functions prescribed under the contract.
FERPA Requirements – The Family Educational Rights and Privacy Act (FERPA) (34 C.F.R. § 99.31(a)(4)) permits institutions to disclose personally identifiable information (PII) from an education record of a student to a third-party servicer, without consent, in connection with financial aid for which the student has applied or which the student has received, if disclosure of the information is necessary for specific purposes. If an institution discloses education records to a third-party servicer, it must remain compliant with the recordation requirements under FERPA and, for each request or disclosure, the record maintained by the institution must: (1) include the parties who have requested or received PII from the education records and (2) the legitimate interests the parties had in requesting or obtaining the information. If the institution discloses PII from education records with the understanding that further disclosures will be made, the educational institution’s record of disclosure must include the names and legitimate interests of the additional parties.
Access to Department Systems – Access to information in Department of Education systems may be used only for the Title IV function or service that is being performed by the third-party servicer. The data contained in Department systems, such as the National Student Loan Data System (NSLDS), the Common Origination and Disbursement (COD) System or the Central Processing System (CPS) are confidential and are protected by the Privacy Act of 1974, as amended, and other applicable statues and regulations.
Third-Party Servicer Data Form (DF) –Third-party servicers are required to submit the Third-Party Servicer Data Form to the Department and update information provided on the Third-Party Servicer Data Form within 10 days of the date that:
- The servicer changes its name;
- The servicer changes the address or contact information for its primary location or additional location;
- The servicer adds or terminates a contract with an eligible Title IV institution; or
- The servicer buys, sells or merges with another third-party servicer.
Limitations on Servicer Eligibility – Institutions are barred from contracting or engaging a third-party servicer that is located outside of the United States or is owned/operated by an individual who is not a U.S. citizen or national, or a lawful U.S. permanent resident; has been limited, suspended or terminated by the Department within the preceding five years; has had, during the servicer’s two most recent audits, a finding that resulted in the servicer’s being required to repay an amount greater than five percent of the funds that the servicer administered under the Title IV programs for any year; or has been cited during the preceding five years for failure to submit audit reports required under Title IV in a timely fashion. Institutions are required to search the General Services Administration System to review potential contractor exclusions.
Conclusion – Based on this new guidance, institutions of higher education may want to inventory the entities or individuals providing Title IV-related services. While the DCL provides that determining third-party servicer status is a fact-based inquiry, the DCL did not provide much guidance on the degree to which providing services that constitute aspects of the administration of Title IV program may result in a vendor being deemed a third-party servicer. For instance, the DCL lists as examples of third-party servicers “preparing required consumer information disclosures” in areas, such as Security Reports, graduation and transfer rates, job placement rates and gainful employment disclosures. What is not clear is what level of participation in the preparation of these reports triggers coverage. The consequences of coverage are significant. If an institution determines that a person or entity is a third-party servicer, but was not identified as one previously, the institution will need to report that person or entity on its E-App. If that third-party servicer has not yet filed a required annual compliance audit, it may need to do so for prior audit years for which it provided service to the institution. The guidance states that audit questions should be submitted to the Department of Education's Office of the Inspector General’s (OIG’s) Non-Federal Audit Team by e-mail at: email@example.com. Finally, the institution and third-party servicer will also need to amend their contract to include all required provisions and ensure FERPA and data protection compliance.