Maintained for Historical Purposes

This resource is being maintained for historical purposes only and is not currently applicable.

Third Party Servicer Frequently Asked Questions

The answers to these Frequently Asked Questions provide information and guidance pertaining to third-party servicers. Institutions should review all applicable requirements and guidance to ensure that they are in compliance with the applicable third-party servicer requirements.

The listing of Frequently Asked Questions will be updated periodically and will include the date of the update. New and/or updated questions and answers will be marked NEW.

The questions below are grouped by the follow categories:

  • Definition & Examples [D&E]
  • Contracts [CNT]
  • Safeguarding Student Information [SSI]
  • Third-Party Servicer Data Form [DF]
  • Audits [ADT]

A third-party servicer is an entity or individual that administers any aspect of an institution’s participation in the Title IV programs, including, but not limited to, services and functions necessary:

  • For the institution to remain eligible to participate in the Title IV programs,

  • To determine a student’s eligibility for Title IV funds,

  • To account for Title IV funds,

  • To deliver Title IV funds to students, or

  • To perform any other aspect of the administration of the Title IV programs.

To protect the interest of institutions, taxpayers, and students, an institution may not contract with a third-party servicer to perform any aspect of the institution’s participation in a Title IV program if the servicer (or its subcontractors) is located outside of the United States and/or is owned or operated by an individual who is not a U.S. citizen or national, or a lawful U.S. permanent resident. This prohibition applies to both foreign and domestic institutions. [August 18, 2016]

The link below contains a table with multiple examples of functions or services that institutions outsource to third-party providers and its characterization as a Title IV service or function subject to third-party servicer requirements. This list is not exhaustive.

Third Party Servicer Examples Chart [August 18, 2016]

In making a determination as to whether or not an entity or individual is considered a third-party servicer, the Department looks at each case individually and focuses on the specific service(s) or function(s) being performed at that institution, as opposed to a title that the entity may be using or a generic description of the types of services provided. Servicers often offer multiple versions of a product or service and frequently customize a product or service based on an institution’s unique needs. It is possible for an entity to be considered a third-party servicer at one institution and not at another depending on the specific services or functions that the entity performs at each institution.

For example, one institution may hire an entity or individual to perform a Title IV function, such as disbursing Title IV funds or delivering Title IV credit balances, making the entity or individual a third-party servicer for that institution. Another institution may hire the same entity or individual to perform a non-Title IV function, such as marketing the institution’s academic programs, which does not make that entity or individual a third-party servicer for the second institution.

Regardless of whether an individual or entity meets the definition of a Title IV third-party servicer, the institution must ensure that its contracts contain procedures governing the use and maintenance of any education records shared with the individual or entity, including specific procedures for governing the use and re-disclosure of personally identifiable information (PII) from education records. The institution must be able to access all records needed to comply with applicable record retention requirements. If the third-party servicer or the institution terminates a contract, the institution must be able to take possession of all records in the servicer’s possession pertaining to the institution’s participation in the Title IV programs. [August 18, 2016]

Yes. A third-party servicer is an entity or individual that administers any aspect of an institution’s participation in the Title IV programs on behalf of an eligible institution, regardless of remuneration. [August 18, 2016]

Yes. If a State agency performs Title IV functions or services on behalf of an eligible institution, the State agency is considered a third-party servicer and subject to the applicable third-party servicer regulations.[August 18, 2016]

While the Department has oversight authority over third-party servicers that perform Title IV functions on behalf of an institution, the Department does NOT list, endorse, or approve third-party servicers.

An institution must exercise caution in selecting third-party servicers, financial aid consulting services, financial aid management systems (software), and/or the electronic data storage systems it utilizes to assist in the administration of the Title IV programs. Regardless of whether an entity is considered a third-party servicer for Title IV purposes, the institution has a fiduciary responsibility to ensure the policies, procedures, products, and systems that the servicer utilizes are compliant with applicable laws and regulations. This includes the requirement that an institution be able to access all records (paper or electronic) created or maintained by a third-party servicer and make those records readily available to the Department for review. The institution must also implement appropriate safeguards to protect student records and ensure any information shared from education records is only used for the purpose(s) for which the information was disclosed. The institution will be held responsible for any liability incurred as a result of software deficiencies, incorrect consulting advice, lost or damaged records, and/or third-party servicer violations.[August 18, 2016]

Yes. Third-party servicers are subject to the same incentive compensation prohibitions as institutions. Neither persons nor entities may receive direct or indirect payments of incentive compensation for securing enrollment (recruitment) or securing financial aid for students. [August 18, 2016]

Temporary staffing agencies that do not specialize in, or have a significant presence in, staffing of higher education or in the administration of the Title IV student assistance programs are not considered third-party servicers. As a result, the institution is solely responsible for any liabilities that may result from errors or compliance violations caused by the use of temporary staff provided by this type of agency.

Entities that specialize in, or have a significant presence in, higher education and/or the administration of Title IV student assistance programs that provide staffing, even on a temporary basis, to support an institution’s administration of the Title IV student aid programs are considered third-party servicers and both the institution and the third-party are subject to all applicable third-party servicer requirements. The institution and the third-party servicer are jointly and severally liable to the Department for any errors or compliance violations made by the staff provided by the servicer. [August 18, 2016]

If an institution contracts with an entity to print and/or mail Title IV credit balance checks or to prepare EFTs of Title IV credit balances and those checks or EFTs draw funds directly from the institution’s treasury account (the institution’s operating account) or federal funds bank account (an account utilized to receive Title IV funds directly from the Department via G5), the check preparation or EFT entity is not considered a third-party servicer. In these arrangements, the institution is responsible for reconciling its accounts, monitoring undeliverable or un-negotiated checks and returning funds to the Department within the required regulatory timeframes. The institution is solely responsible for any liabilities that may exist as a result of errors or compliance violations that may occur because of the use of the third-party to perform these Title IV credit balance tasks.

If, on the other hand, an institution establishes an account at the third-party entity or transfers funds to an account with the third-party entity, or to any of the entity’s affiliated partners, for purposes of writing Title IV credit balance checks out of such an account or creating EFT transactions out of such an account, the third-party entity is considered to be a third-party servicer and both the institution and the third-party are subject to all applicable third-party servicer requirements. The institution and the third-party servicer are jointly and severally liable to the Department for any errors or compliance violations made by the third-party servicer. [August 18, 2016]

If an entity or individual is performing the functions necessary to calculate an institution’s placement rates (contacting and/or obtaining employment information from graduates or a graduate’s employer to confirm a student’s employment in the recognized occupation for which the student was trained), and the institution uses or relies on this information to prepare required disclosures, the entity or individual is considered a third-party servicer. If an entity or individual is only auditing or validating the information the school utilized to calculate its placement rates, the entity or individual is not considered a third-party servicer. [August 18, 2016]

It depends. If an eligible institution performs Title IV functions or services on behalf of another institution that has the same legal corporate or shared governance system (e.g. a public institution performing functions on behalf of another institution within the same legally established State educational system or a proprietary institution performing functions on behalf of another institution within the same corporate ownership) the institution would not be considered a third-party servicer.

If an eligible institution performs Title IV functions or services on behalf of another institution that is not part of the same legal corporate or shared governance system the institution is considered a third-party servicer and subject to the applicable third-party servicer regulations. [August 18, 2016]

Yes. An institution must enter into a contract with a third-party servicer that clearly and thoroughly describes the services and functions the servicer is responsible for providing or performing on behalf of the institution. [August 18, 2016]

Yes, institutions are required to notify the Department within 10 days of the date it enters into, modifies, or terminates a contract with a servicer to administer any aspect of its participation in the Title IV programs.

The institution’s notification must include the name and address of the servicer as well as a description of the functions or services that the servicer is performing on behalf of the institution. Institutions report third-party servicer notifications via the Application for Approval to Participate in the Federal Student Financial Aid Programs (E-App) website at http://www.eligcert.ed.gov.

The institution must provide a copy of its third-party servicer contract (and any modifications) to the Department, if requested. [August 18, 2016]

Institutions must ensure that their third-party servicer contracts contain language that requires the servicer to agree to:

  • Be jointly and severally liable with the institution for any violation of Title IV requirements resulting from the functions performed by the servicer;

  • Comply with all applicable statutory, regulatory, and other Title IV requirements;

  • Refer any suspicion of fraudulent or criminal conduct in relation to the institution’s Title IV program administration to the Department’s Office of the Inspector General;

  • Confirm student eligibility and return Title IV funds (if required) when a student withdraws if the servicer disburses funds; and

  • Return all records related to the servicer’s administration of the institution’s participation in the Title IV programs to the institution, and if the servicer disburses or releases Title IV funds, return all unexpended Title IV funds to the institution, if the contract with an institution is terminated, or the servicer ceases to perform any functions prescribed under the contract.

Institutions must ensure that its contracts accurately and specifically detail the functions that the servicer (or its subcontractor(s), if applicable) performs on behalf of the institution, and those functions that are required to be completed by the institution. The contract must identify the third-party servicer by its legal name and include any other name the servicer does business as (d/b/a). The contract must provide the physical address and primary phone number of the servicer’s primary location, as well as the name, title, phone number, and e-mail address of the president or chief executive officer of the entity. If a third-party servicer subcontracts any of its contractual responsibilities, the contract must identify the subcontractor and clearly describe the functions performed on behalf of the servicer and institution by the subcontractor.

In addition, institutions are subject to the information security requirements established by the Federal Trade Commission (FTC) for financial institutions. Institutions must take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards to protect customer information and require service providers by contract to implement and maintain such safeguards.

Finally, the institution must require the third-party servicer to agree to comply with all aspects of the Family Educational Rights and Privacy Act (FERPA) with regard to the third-party servicer’s receipt and use of any education records provided by the institution.

Institutions are strongly encouraged to include provisions in its contract with a third-party servicer to terminate the contract immediately, without penalty, if the institution is notified that the Department has imposed an emergency, limitation, suspension, or termination action with regard to a servicer’s ability to contract with the institution to administer any aspect of its participation in the Title IV, HEA programs or the servicer has been debarred, suspended, or voluntarily excluded government-wide from participation in covered transactions. [August 18, 2016]

Yes. An institution may not contract with or otherwise engage a third-party servicer that:

  • Has been limited, suspended, or terminated by the Department within the preceding five years;

  • Has had, during the servicer’s two most recent audits, a finding that resulted in the servicer being required to repay an amount greater than five percent of the funds that the servicer administered under the Title IV programs for any year; or

  • Has been cited during the preceding five years for failure to submit audit reports required under Title IV in a timely fashion.

As mentioned previously, an institution may not contract with a third-party servicer to perform any aspect of the institution’s participation in a Title IV program if the servicer is located outside of the United States and/or owned or operated by an individual that is not a U.S. citizen or national, or a lawful U.S. permanent resident. [August 18, 2016]

Institutions must search the General Services Administration’s System for Award Management site at http://www.sam.gov when it enters into, renews, or revises a contract with a servicer to determine if the servicer is an excluded entity. The institution should keep a copy of the search results in its records. [August 18, 2016]

The Department will notify an institution in writing if the institution reports a servicer that has been limited, suspended, or terminated by the Department, or if the Department has imposed an emergency action on the servicer. [August 18, 2016]

An institution is required to obtain a signed Certification By Lower Tier Contractor form from all of its third-party servicers, as well as any subcontractors that perform work for the institution on behalf of a third-party servicer. The Certification By Lower Tier Contractor form is included as an attachment to the institution’s PPA. The school must make copies of the form and obtain the signatures of any and all Lower Tier Contractors on copies of the certification. The signed certification(s) are to be retained in the school’s files. A Lower Tier Contractor includes any contracted individuals not considered employees of the school, who participate in the school’s administration of the Title IV programs. [August 18, 2016]

Under joint and several liabilities, the Department may seek repayment for Title IV violations from the institution, the third-party servicer, or both.

Since the institution is jointly and severally liable for any violation committed by its third-party servicer(s), the institution should take precautions during its selection and contracting process; and implement procedures with appropriate controls to periodically assess that the functions or services performed on behalf of the institution are compliant with Title IV rules. [August 18, 2016]

Yes, under certain conditions. The Family Educational Rights and Privacy Act (FERPA) (34 CFR § 99.31(a)(4)) permits institutions to disclose PII from an education record of a student to a third-party servicer, without consent, in connection with financial aid for which the student has applied or which the student has received, if disclosure of the information is necessary for such purposes as to:

  • Determine eligibility for the aid;

  • Determine the amount of the aid;

  • Determine the conditions for the aid; or

  • Enforce the terms and conditions of the aid.

Institutions must comply with FERPA’s recordkeeping requirements for disclosures (34 CFR § 99.32). These requirements state that an educational agency or institution: (1) shall maintain a record of each request for access to and each disclosure of PII from the education records of each student; and (2) shall maintain the record with the education records of the student as long as the records are maintained. Thus, if an institution discloses education records to a third-party servicer under this exception, it must be compliant with the recordation requirements under FERPA and, for each request or disclosure, the record maintained by the institution must: (1) include the parties who have requested or received PII from the education records, and (2) the legitimate interests the parties had in requesting or obtaining the information. If the institution discloses PII from education records with the understanding that further disclosures will be made, the educational institution’s record of disclosure must include the names and legitimate interests of the additional parties. [August 18, 2016]

Yes. The PII from education records provided to a third-party servicer is limited to the PII that is necessary for the third-party servicer to perform the Title IV function(s) or service(s) the third-party servicer has contracted to perform on behalf of the institution.

Institutions must ensure that its third-party servicers use PII only for the purpose(s) for which the PII was disclosed. For a third-party servicer, that purpose is the Title IV function the servicer contracted to perform on behalf of the institution. Servicers are prohibited from using PII for any other purpose.

The Department will initiate an administrative action against the institution and/or its third-party servicer if a servicer violates this prohibition. [August 18, 2016]

Yes. For both institutions and third-party servicers, access to information in Department systems may only be used for the Title IV function or service that is being performed. The data contained in Department systems such as the National Student Loan Data System (NSLDS), the Common Origination and Disbursement (COD) System, or the Central Processing System (CPS) are confidential and are protected by the Privacy Act of 1974, as amended, and other applicable statues and regulations.

Failure to comply with Department access and user requirements may result in the organization or individual losing access to Department systems and/or being subject to sanctions, including, but not limited to, the initiation of a limitation, suspension, or termination action or a debarment proceeding against the individual, the institution, and/or third-party servicer. Each user of a Department system must use his or her own User-ID. That person is responsible for safeguarding the User-ID and password and must not allow any other person to use them. Further, sharing or providing data retrieved by an authorized person from Department systems with persons or organizations that are not expressly authorized to receive that information is prohibited.

An eligible institution or third-party servicer that allows unauthorized access to Department systems will be considered to have violated its responsibilities and places itself at risk of losing access to Department systems and data, and to possible loss of eligibility to participate in the Title IV aid programs. [August 18, 2016]

The Third-Party Servicer Data form is an OMB-approved data collection tool utilized to obtain information needed to validate third-party servicer information reported to the Department by institutions, as well as to collect additional information from third-party servicers needed for effective oversight.

Entities or individuals that meet the definition of a third-party servicer are required to submit the Third-Party Servicer Data Form to the Department. Third-party servicers are required to update information provided on the Third-Party Servicer Data form within 10 days of the date that:

  • The servicer changes its name;

  • The servicer changes the address or contact information for its primary location or additional location;

  • The servicer adds or terminates a contract with an eligible Title IV institution; or

  • The servicer buys, sells, or merges with another third-party servicer. [August 18, 2016]

Third-Party Servicer Data forms can be downloaded from this site. Completed forms should be submitted electronically to: fsapc3rdpartyserviceroversight@ed.gov

or mailed to:

Third Party Servicer Oversight Group Address Data
Third-Party Servicer Oversight Group – Data Form
Federal Student Aid
United States Department of Education
1010 Walnut Street Suite 336
Kansas City, MO 64106-2147

[August 18, 2016]

Yes. A third-party servicer that performs any aspect of an institution’s administration of the Title IV programs must have an independent auditor conduct a compliance audit of its administration of the functions or services that it performs on behalf of eligible institutions, unless (1) the servicer contracts with only one participating institution, and (2) the attestation engagement of that institution’s participation involves every aspect of the servicer’s administration of the Title IV programs. A third-party servicer must follow the procedures contained in the audit guides (http://www2.ed.gov/about/offices/list/oig/nonfed/sfa.html) developed by and available from the Department of Education's Office of the Inspector General (OIG), provided that the Federal student aid functions performed by the entity are covered in the submission.

Third-party servicer audits must be submitted to:

Third-Party Servicer Oversight Group – Audits Address
Third-Party Servicer Oversight Group – Audits
U. S. Department of Education - FSA
1010 Walnut Street Suite 336
Kansas City, MO 64106-21476

Or as an encrypted e-mail attachment submitted to: fsapc3rdpartyserviceroversight@ed.gov

In cases where the Title IV services or functions performed by a third-party servicer are not covered in the OIG’s audit guide, the third-party servicer must submit a letter to the Third-Party Servicer Oversight Group that asserts that the entity is (or was) an eligible third-party servicer (as outlined in 34 CFR § 668 subpart G) regardless of whether the third-party servicer submits an audit for services or functions performed that are covered in the OIG’s audit guide. The letter must provide management’s assertion that it complied with all applicable requirements in regards to the services and functions that it performed on behalf of eligible institutions.

In addition, the letter must include the following:

  1. Letter data Part 1
    Legal Name and d/b/a name of the Servicer
    Servicer Address
    Telephone Number
    Fax Number
    Web-site URL
    Letter Data Part 2
    President/CEO Name
    Telephone Number
    E-mail Address
    Letter Data Part 3
    Other Contact Person, Title
    Telephone Number
    E-mail Address

  2. A detailed description of the functions and services the servicer performs on behalf of the institutions it contracted with. For example,

    • Deliver Title IV credit balance refund activities such as collecting student disbursement preferences, assisting with the establishment of accounts for the receipt of Title IV credit balance refunds, receiving Title IV funds and payment rosters necessary to deliver Title IV credit balance refunds to students via cash, check, ACH, debit card, or other electronic means, etc.; or,

    • Perform Default Management/Aversion activities such as obtaining student borrower information contained in Department systems, contacting borrowers regarding loan indebtedness, repayment options or loan obligations, assisting with completion and/or collection of deferments, forbearances, and/or other loan documents, etc.

  3. A listing of the Title IV institutions the servicer performed work on behalf of, during the servicer's most recently ended fiscal year. This list must include each institution's name and OPE ID.

  4. Assertions that:

    • The servicer’s contract includes all items cited in 34 CFR § 668.25(c);

    • The servicer has established a system of internal controls to assure compliance with those services or functions for which it provides,

    • The servicer maintains comprehensive written procedures describing the functions or services it performs on behalf of institutions. These procedures must clearly outline the servicer’s responsibilities versus the institutions’ responsibilities.

    • The servicer complies with all requirements of the Family Educational Rights and Privacy Act (FERPA), as well as the information security requirements established by the Federal Trade Commission (FTC) for maintaining appropriate safeguards in respect to the education records and student information it has access to.

    • The servicer is adhering to all Department requirements for accessing and/or granting access to Department systems.

The third-party servicer must submit its audit supplement letter to the:

Third-Party Servicer Oversight Group – Audits Address
Third-Party Servicer Oversight Group – Audits
U. S. Department of Education - FSA
1010 Walnut Street Suite 336
Kansas City, MO 64106-21476

Or as an encrypted e-mail attachment submitted to: fsapc3rdpartyserviceroversight@ed.gov

[August 18, 2016]

A third-party servicer must submit its compliance audit or audit letter annually no later than six months after the last day of the servicer’s fiscal year. [August 18, 2016]

For third-party servicers that provide services or functions that are included in the Department of Education's Office of the Inspector General’s (OIG’s) current audit guide, the third-party servicer must submit its missing compliance audit(s) no later than December 31, 2016. The audit(s) submitted must include all unaudited periods for the three most recently completed fiscal years (except for close-out audits). Subsequent audits must be submitted annually no later than six months after the last day of the servicer’s fiscal year.

Third-party servicers that provide services or functions that are not included in the OIG&'s audit guide must submit an audit letter containing all of the items outlined in ADT-A1 above, no later than six months after the last day of the servicer's fiscal year, that begins on or after December 31, 2016.

For example, if a third-party servicer’s fiscal year end is December 31, 2016, its audit letter must be submitted on or before June 30, 2018. Subsequent audit submissions must be submitted no later than six months after the last day of the servicer’s fiscal year end. [August 18, 2016]

Audit questions should be submitted to the Department of Education's Office of the Inspector General’s (OIG’s) Non-Federal Audit Team by e-mail at oignon-federalaudit@ed.gov. [August 18, 2016]