Download the PDF version of this article here.
A recent Department of Education (DOE) update expanding the interpretation of what a third-party servicer (TPS) is in relation to Title IV of the Higher Education Act of 1965 may lead to adverse effects, including chaos in the learning environment and increased tuition costs.
On February 15, the DOE issued a Dear Colleague Letter, (GEN-23-03) Requirements and Responsibilities for Third-Party Servicers and Institutions, as new guidance surrounding third-party servicers for higher education institutions (HEIs). The letter was updated on February 28, extending the effective date for the guidance to September 1, 2023 (from May 1, 2023), as well as extending the public comment period to March 30, 2023 (from March 17, 2023).
As part of the new guidance, the definition of TPS has been significantly updated to include functions of student recruiting and retention, the provision of software products and services involving Title IV administration activities, and the provision of educational content and instruction.
The guidance also notes that “an institution may not contract with a TPS to perform any aspect of the institution’s participation in a Title IV program if the servicer (or its subcontractors) is located outside of the United States or is owned or operated by an individual who is not a U.S. citizen or national or a lawful U.S. permanent resident”. HEIs will be required to report any arrangements with TPSs not already stated, and entities meeting the definition of a TPS will be required to submit the Third-Party Servicer Data Form to the Department by September 1.
Title IV of the Higher Education Act of 1965 provides for the authorization of loans and grant programs to students pursuing post-secondary education. Generally, a TPS provides functions or services necessary (1) for the institution to remain eligible to participate in Title IV programs; (2) to determine a student’s eligibility for Title IV funds; (3) to provide Title IV-eligible educational programs; (4) to account for Title IV funds; (5) to deliver Title IV funds to students; or (6) to perform any other aspect of the administration of Title IV programs or comply with the statutory and regulatory requirements associated with those programs.
Since this definition has been broadened by the updated guidance, vendors now categorized as TPS will be subject to new obligations, including having joint liability with schools related to Title IV activity, heightened data privacy and security responsibilities, and reporting to the Department about possible criminal misconduct around Title IV programs.
Further, the DOE clarified that these entities themselves are subject to annual nonfederal audits of the Title IV-relevant functions they perform if such functions are stated in the “audit guide,” a non-exhaustive list of functions and services that, if outsourced by an institution to a third party, would render that third party a TPS subject to the mentioned TPS requirements.
While the DOE is incentivized to ensure compliance in all Title IV eligible institutions, with such strict regulations, it’s being debated that these new provisions may outweigh the affirmation of compliance. One must take the following into consideration while assessing the efficiency and effectiveness of such strict guidelines on TPSs and higher-education institutions:
- Enforcement and Monitoring – One of the goals of the new guidance is to provide more transparency around contracts between TPSs and HEIs to ensure compliance with applicable laws and regulations. Will Universities have the capacity to monitor and enforce this increased volume of third-party risk?
- Student Information Systems (SISs) Run by Foreign Companies – By barring foreign companies from being used as SISs, one must question if it’s realistic to expect these institutions to pull out and replace their SISs by September 1, 2023. For example, contracts with German software giant SAP would no longer be permitted, should their services perform any aspect of the institution’s participation in Title IV programming. The chances of Universities successfully replacing their back-end systems in this timeframe are seemingly impossible.
- Smaller Universities – The DOE announced that it is accepting public comment on the announced guidance for 30 days (now through March 30). One comment from regulations.gov brought to light a perspective of these new changes from an employee at small college with a religious mission that involves maintaining very low tuition costs for students, many of whom come from lower socioeconomic backgrounds. The comment highlights two negative possibilities from the DOE update. First, the institution’s partners could become TPSs, creating associated increased costs that the college would need to fund, likely ultimately increasing student costs. Second, the institution partners could decline to become TPSs, in which case schools would have to cease operations, disrupting academic operations, especially in smaller, less-resourced institutions.
- Smaller Businesses – A similar comment on the new provision relates to those smaller schools that use smaller vendors in saying that these new regulations favor larger, slower-moving incumbents with bigger balance sheets over nimble startups that don’t have the budget to comply. Such a high entry barrier would, in turn, impede innovation critical to student development and learning.
Ultimately, the DOE made it clear that all third parties engaging with HEIs with respect to any Title IV activities are now considered to be TPSs and must comply, as such, moving forward.
Recommended (Re)Actions for Third Parties Engaging with HEIs
- Validate your inventory of third parties and add classifications related to the following:
- recruiting and retention
- the provision of software products and services involving Title IV administration
- the provision of educational content and instruction
- servicers (or their subcontractors) that are located outside of the United States or are owned or operated by an individual who is not a U.S. citizen or national or a lawful U.S. permanent resident (related to Title IV programming)
- Proactively communicate with all applicable third parties
- Consider participating in the public comment forum
How Can Schneider Downs Help?
Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights. For more information please visit our dedicated Third Party Risk Management page or to get started contact us.
About Schneider Downs Higher Education Services
The Schneider Downs Higher Education industry group is a dedicated team of experienced professionals specializing in serving institutions from high schools to universities. Our experience in audit and assurance, tax advisory, technology and data and more allow our professionals to stay ahead of the latest trends, developments and challenges within the education sector and provide timely and practical solutions to our clients.
To learn more, visit our Higher Education Industry Group page.