The Department of Education ("ED") issued a Dear Colleague Letter ("DCL") on January 9th providing guidance on which entities should be classified as third-party servicers for purposes of the Title IV rules.
The DCL details the existing third-party servicer requirements relating to institutional reporting, contract provisions, FERPA regulations, FTC rules on information security, and third-party servicer compliance audits. Of particular note, the DCL clarifies that entities providing computer services or software are third-party servicers if they maintain any "student-level information" related to the administration of Title IV. The DCL further advises that entities that host secure portals for the transmission or electronic storage of and access to Title IV records are considered third-party servicers.
In December 2014, ED issued a Federal Register notice seeking comments on the process used to report and audit third-party servicers (comments were due January 7th). Read our detailed analysis of that notice.
As noted in our prior alert, to avoid potential liability and reporting requirements, institutions should use extra care in determining whether the service companies they partner with must be reported as third-party servicers for Title IV purposes. In particular, we recommend that entities that do not intend to act as third-party servicers expressly disclaim such a role in any written contract with a Title IV institution and include language to prevent the institution from erroneously reporting the entity to ED as a third-party servicer.