Heads Up Higher Ed: There Are Key Changes in Financial Aid Testing

  • 6/8/2023
Male University Or College Students Sitting Outdoors On Campus Talking

Key insights

  • Some testing changes in the new 2023 compliance supplement may affect your audit this year for student financial aid.
  • All V1 verification requirements will be reinstituted for the 2023/2024 award year.
  • Auditors are now required to review Tier 1 and Tier 2 contract arrangements for Title IV credit balances and perform new testing measures
  • NSLDS system issues from July 19, 2022, through Feb. 28, 2023, impacted compliance with enrollment reporting requirements, and auditors will not draw population samples from that period.
  • Your institution must comply with the GLBA Safeguards Rule by June 9, 2023.

Be sure your institution is prepared for the new tests.

Contact Us

It’s that time of year again — the Office of Federal Financial Management has released the 2023 compliance supplement. Auditors use this supplement for testing compliance with federal programs, and one of the longest and most complicated sections is the student financial assistance cluster.

Review some of the major changes in the new supplement that may impact your college or university’s upcoming financial aid audit.

Please note the 2023 compliance supplement is applicable to all institutions with a June 30 year end and later. Fiscal year-ends beginning earlier will use the 2022 compliance supplement.

Verification waivers reinstituted for ’23 – ’24 award years

Verification requirements exist to help prevent improper payments of Title IV program funds. During the COVID-19 public health emergency (PHE), many requirements were waived to ease the burden on students and their families; the Department of Education only kept the ones that strictly focus on identity and fraud.

With the declaration of the end of the PHE, all V1 verification requirements — including adjusted gross income, income earned, and household size — will be reinstituted for the 2023/2024 award year.

New reviews of Tier One and Tier Two contracts

Tier one (T1) and Tier two (T2) arrangements are agreements with financial institutions to offer financial account products to students, such as debit or prepaid cards, as a way for those students to receive their Title IV credit balance funds. A student has a Title IV credit balance if their federal financial aid exceeds their charges for tuition, fees, university housing, and meal plans for a term.

New to the 2023 compliance supplement, an auditor is now required to review these contracts to determine if they are a T1 or T2 arrangement. If T2, auditors must now obtain the population of students receiving credit balances for the prior three award years and determine whether it is below or above a certain threshold (500+ students or average of >= 5% of enrollment). For both tiers, there are items your auditor will review within the contracts. See the compliance supplement for details.

The tier rules include:

Tier One (servicer performs tests on one or two of the following):

  • Receiving Title IV funds
  • Posting Title IV funds
  • Calculating student’s Title IV credit balances
  • Processing documents for payment to student
  • Disbursing and delivering FSA funds

Tier Two:

  • Financial accounts offered through a financial institution marketed directly to students
    • Marketing by communicating with students on how to open account
    • Financial account/access device is cobranded with school’s logo, name, mascot, etc.
    • Card/tool (student ID) is provided to student for school purposes and can be used to access financial account

Issues with National Student Loan Data System

The National Student Loan Data System (NSLDS) provides a centralized, integrated view of Title IV loans and grants during their complete life cycle. NSLDS went through a major upgrade in July 2022, and system issues from July 19, 2022, through Feb. 28, 2023, impacted institutions’ ability to comply with enrollment reporting requirements.

Auditors verifying accurate reporting of significant, high-risk enrollment data elements are now directed to identify a population of students with changes in enrollment status from either before or after those dates. Auditors will also require institutions to access the NSLDS website and make an Enrollment Submittal File Tracking Report (SCHET1) available for their review. If you do not see the SCHET1 report in NSLDS, you need to contact NSLDS in order to make it available.

Perkins testing to include observation

There was one minor change to Perkins Loan Program testing for 2023. Through inquiry and observation, auditors must now evaluate the institution’s Perkins loan paper records storage location and whether it is in a locked, fireproof container. The observation element is new, and auditors may request a photo or to see the storage in person.

New tests for incentive compensation

An institution agrees in its Program Participation Agreement that “it will not provide any commission, bonus, or other incentive payment based in any part, directly or indirectly, upon success in securing enrollments or the award of financial aid, to any person or entity who is engaged in any student recruitment or admission activity, or in making decisions regarding the award of Title IV, HEA program funds.”

Your auditor will ask if your institution contracts for recruitment or admissions related to financial aid — or if any staff in admissions, recruiting, financial aid, or the registrar office are eligible for incentive compensation.

In addition, auditors must obtain a population of employees in these departments and verify no incentive compensation was given. The same process will occur for any external entities contracted to admit or enroll students or award Title IV funds.

This will require assistance from human resources and/or payroll departments, so it’s a good idea to warn them of the new tests.

June 9 deadline for safeguard rule compliance

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to safeguard sensitive customer data. Accordingly, institutions are required to develop, implement, and maintain a comprehensive written information security program (WISP) in one or more readily accessible parts. Regulations require the WISP to include 7 – 9 elements, based on the size of the institution. See the compliance supplement for details.

Auditors will now be required to review the WISP and verify all elements are included.

Institutions must be in compliance by June 9, 2023. Refer to this article for more details on the updated regulations from the Federal Trade Commission.

Connect with your information technology department to verify these requirements are documented and assessed.

How we can help

Your higher education institution is under growing pressure to do more with less — all while student financial aid regulations become more stringent and complex. CLA’s industry professionals can help you understand the new tests and your role in the federal award audit.

For specific GLBA questions, our cybersecurity group can guide you through the new requirements and help confirm your institution is in compliance.

Experience the CLA Promise