Docket: ED-2022-SCC-0044
Third Party Servicer Data Collection
Page
Comments Received From Two Respondents:
Anonymous
Coalition of Higher Education Assistance Organizations (COHEAO)
Comment |
Submitted By |
Department’s Response |
Anonymous stated this information does not validate information reported by institutions and is not necessary for oversight if the Department has the relevant business contact information in its possession.
Anonymous also expressed concern about the Department’s lack of controls to protect confidentiality.
Similarly, COHEAO requested the Department strike all fields seeking personal information of individuals employed by the third-party servicer (highest ranking officer, primary and secondary contacts of the company/organization). |
Anonymous COHEAO |
The Department disagrees with Anonymous’ assessment that obtaining personal contact information for relevant officers employed by a third-party servicer is unnecessary for effective oversight.
As part of its oversight responsibility, the Department must be able to obtain and/or share information timely with owners and officials of entities that perform any aspect of the administration of the Title IV Programs on behalf of institutions. Numerous events in recent years, including but not limited to, precipitous closures, institutional or servicer data breaches, the Covid-19 Pandemic, and natural disasters such as hurricanes, tornadoes, wildfires, and historic flooding have hindered the Department’s ability to issue time sensitive correspondence and/or reach owners or officials with the business information currently provided or publicly available for these individuals.
In response to the concern regarding the Department’s ability to protect confidentiality, the Partner Connect system is a secure, password protected portal and the Department does not release personal contact information in response to Freedom of Information Act requests. |
Anonymous stated that institutions are only required to provide contracts with third-party servicers upon the Department’s request when there is a specific issue that requires the Department’s review or oversight.
Anonymous also stated that contracts with institutions and subcontractors are confidential and include proprietary information and trade secrets, such as pricing and detailed lists of services performed. Anonymous expressed concerns regarding the Department’s ability to protect confidentiality and stated that it is inappropriate for the Department to make a request that would subject a Third-Party Servicer’s trade secrets to potential review by competitors and clients alike.
COHEAO requested the Department eliminate the request for third-party servicers to submit a copy of the company/organization’s contract with each institution because these contracts (including amendments, etc.) are highly confidential and burdensome to produce.
|
Anonymous COHEAO |
The Department has determined that contracts are required to validate the information reported by institutions and third-party servicers as well as to collect information necessary for the effective oversight of the individuals and entities that subcontract to perform functions and services on behalf of the third-party servicer to fulfill its obligations to an institution.
The Department must have this information to validate institutions correctly reported the services and functions that are being performed on behalf of the institution; ensure debarred individuals/entities are not performing work as subcontractors; and to ensure all functions and services performed by a third-party servicer and its subcontractors is included in the scope of a third-party servicer’s annual compliance audit.
As stated above, the Partner Connect system is a secure, password protected portal. In addition, users will have the ability to identify contracts uploaded in response to this request contain proprietary information.
34 C.F.R. § 668.25(e)(2) does not limit the Department’s ability to require institutions or third-party servicers to submit copies of contracts as part of an information collection request. |
|
Anonymous |
The Department disagrees with Anonymous’ assessment that the organization chart does not validate information reported by institutions and is not necessary for effective oversight of Third-Party Servicers. The Department has collected organizational charts as part of the current TPS Data Form request since 2015 and has used the form to validate information reported by institutions, as well as an oversight tool to determine if debarred individuals are employed by the third-party servicer.
As stated above, the Partner Connect system is a secure, password protected portal. In addition, users will have the ability to identify organizational charts uploaded in response to this request contain proprietary information.
|
COHEAO requested the Department reduce the request for information regarding the Department systems a third-party servicer accesses/utilizes to perform functions to high level and seek information about the systems used by third-party servicers generally but not specifically as to a particular institution.
|
Anonymous COHEAO |
Third-party servicers frequently download information from both institutional and Department systems into systems owned, operated, and controlled by the third-party servicer or an entity that contracts with the third-party servicer. These systems contain students’ financial, academic, and personally identifiable information (PII). As part of its oversight responsibilities, the Department must know how information is shared, used, and maintained to ensure student information is appropriately safeguarded and the information collected is only used for the administration of the Title IV programs. The Department also needs this information to identify cybersecurity risk and to respond timely in the event of a security breach.
Contracts are frequently customized to meet the needs of an individual institution, including how information is accessed and stored between the institution and its third-party servicers. For effective oversight, the Department must collect this information at the institutional level. The Department reviewed the software questions and has confirmed the information regarding software providers is needed for appropriate oversight of third-party servicers.
As stated above, the Partner Connect system is a secure, password protected portal and users will have the ability to identify contracts contain proprietary information.
|
|
COHEAO |
The Department reviewed the Subcontractor and Affiliate Information section and has determined this information is needed to ensure all functions and services performed by a third-party servicer and its subcontractors is included in the scope of a third-party servicer’s annual compliance audit as well as to ensure student information is appropriately safeguarded and the information collected is only used for the administration of the Title IV programs.
|
|
COHEAO |
The Department has determined it is essential for third-party servicers to report the services provided for each institution to validate the information institutions report on the E-App. The Department has noted that institutions frequently report inaccurate information regarding the services third-party servicers perform on their behalf. In addition, the Department has identified deficiencies during program reviews in which institutions believed that a servicer was performing a specific service or function that the servicer was not in fact performing. For effective oversight, the Department must understand both the scope of services offered by a third-party servicer as well as the specific services the third-party servicer provides to each institution. The Department plans to coordinate with institutions and third-party servicers to resolve discrepancies when conflicting information is reported. |
|
Anonymous COHEAO |
The Department disagrees with this assertion.
All of the information the Department is seeking will be utilized to validate information reported by institutions and/or to ensure Third-Party servicers and subcontractors are complying with applicable regulations including safeguarding of student information. |
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | U.S. Department of Education |
File Modified | 0000-00-00 |
File Created | 2022-08-01 |