1

ISAC Update and a

Review of Hot Topics

from the 2017 Federal

Student Aid (FSA)

Conference

January 31, 2018

Agenda

ISAC Update

Highlights from FSA Conference

Resources

Questions/Comments

2

2017-18 (FY18)

3

2017-18 MAP

ISAC released student records from suspense status whose FAFSA®

receipt dates were January 16, 2017 through (and including)

February 14, 2017

Released records were made available for viewing in GAP Access on

December 19

Students with initial FAFSA receipt dates on or after February 15, 2017 remain

in suspense status

To identify student records included in the release of suspense, use the

filter functionality in GAP Access

Create a listing of student records using the date range of FAFSA receipt dates

January 16, 2017 through February 14, 2017, and save as report

Schools may submit first term payment claims for students who were

recently released from suspense as well as second term claims for all

eligible students

Second term claim deadline date is Friday, March 9, 2018

4

5

Identifying Released Student Records

6

Enter or

select the

date range

After selecting the

View button, you

will have the

option to save and

view the list, as

well as generate

an Excel report

2017-18 Illinois Veteran Grant

An online IVG application is now available at isac.org

Please update website content to direct students to the new online option

Required documentation may be submitted electronically

Allowable formats are PDF, JPG, JPEG, DOC and DOCX files

Applicants can still download and print a PDF version and complete the

application process by mail

The current version has the date of 6/17 in the footer

Please discard any old paper versions

The IVG benefit request process is no longer available in My Zone and

will soon be available in GAP Access

Fall term data was due on or before January 15, 2018

Spring term processing normally would have begun on January 16, 2018,

but is currently on hold

Spring term data will be due on or before May 25, 2018

7

8

studentportal.isac.org

2017-18 Illinois National Guard

(ING) Grant Program

Online application can be accessed:

On the Applications page at isac.org

Through the ISAC Programs tab in the ISAC Student Portal at

studentportal.isac.org

Application deadline dates are:

October 1, 2017 for full-year consideration

March 1, 2018 for spring-term and summer-term consideration

June 15, 2018 for summer-term consideration only

Benefit reporting functionality is available in GAP Access for the

fall term

Deadline to submit fall term benefit request information was

December 8, 2017

9

2017-18 Minority Teachers of

Illinois (MTI) Scholarship Program

ISAC will continue to accept applications for the 2017-18

MTI Program through Thursday, February 15, 2018

An additional round of awarding took place on November 15,

2017 and award information is available to colleges in My Zone

TESP payment request rosters can be completed online

and submitted to ISAC via My Zone

Payment request results received will be available in My Zone

after vouchers have been generated

Colleges are encouraged to check My Zone every Tuesday

morning for new payment results

10

2017-18 Grant Programs for Dependents of

Police/Fire/Correctional Officers

Remaining application deadline dates

March 1 for spring-term and summer-term consideration,

June 15 for summer-term consideration only

Announcements of eligibility are being made to students

as applications are received and processed

Fall payment request rosters were due Dec. 8, 2017

11

2018-19 (FY19)

12

2018-19 MAP Start Up

The proposed Start-Up Formula, which is the same as the 2017-18

Recompute Formula, was approved at the November 15, 2017

Commission meeting

Maximum annual award amount for the 2018-19 MAP grant is $4,869

For more information about the Start-Up Formula, see the agenda item that

was posted to isac.org in the ISAC's Governing Board: The Commission

section (About ISAC area)

Start-up activities were implemented

in GAP Access on October 23

A 2018-19 suspension date

has not yet been announced

ISAC continues to analyze

application volume and will

provide schools with as much

advance notice as possible

before announcing a suspense

date

13

2018-19 Teacher Programs

Special Education Teacher Tuition Waiver &

Minority Teachers of Illinois Scholarship Program

Application is available at isac.org

Priority application deadline date is March 1, 2018

MTI Program

Application is available at isac.org

Priority application deadline date is March 1, 2018

14

State of the State

Governor Rauner presented his State of the State

address at noon today

Visit the Governor’s Office web page or the Governor’s Facebook

page for more information

www.illinois.gov/gov/Pages/default.aspx

www.facebook.com/GovRauner

Legislators returned to Springfield on January 30

For the spring session

schedule, as well as

the full text and status

of bills, visit the General

Assembly web site

at www.ilga.gov

15

ISAC Training & Information

Financial Aid 101 Workshops

March 13 at ISAC’s Deerfield Office

March 20 at ISAC’s Springfield Office

Financial Aid 201 Workshops

March 14 at ISAC’s Deerfield Office

March 21 at ISAC’s Springfield Office

Monthly Webinars (last Wednesday of the month)

February 28, 2 p.m.

An Overview of ISAC’s Military Programs

March 28, 2 p.m.

An Overview of ISAC’s Teacher Programs

Questions may be directed to: Kimberly.Eck@illinois.gov

16

HIGHLIGHTS FROM THE

FEDERAL STUDENT AID

(FSA) CONFERENCE

17

https://fsaconferences.ed.gov/

18

http://www.webcastregister.live/2017fsatc_records/

registration_view_catalog_public.php

19

Lynn Mahaffie and Cynthia Hammond | November 27, 2017

U.S. Department of Education

2017 FSA Training Conference for Financial Aid Professionals

Session GS2

Federal Update

GS1. Welcome & Keynote Address

Vision, mission and goals of U.S. Department of

Education

Presented by Secretary Betsy DeVos

Update on disaster relief efforts

21

22

GS2. Federal Update

Key topics:

Regulatory Update

Creation of Regulatory Reform Task Force (RRTF)to review regulatory and

sub-regulatory guidance throughout ED

Initial focus

Elimination of outdated guidance

Borrower Defense to Repayment

Gainful Employment

Borrower Defense

Gainful Employment

Perkins Wind-Down

Year-Round Pell

Guidance on Natural Disasters

Hurricanes Harvey, Irma, and Maria Education Relief Act of 2017 (Public Law

115-64)

Data/Cyber Security 23

24

GS3. Verification (2017 - 18 and 2018 - 19) and

Identification and Resolution of 2017 - 18 Conflicting

Information

• Session Agenda

• Verification History

• 2017–18 Verification

• 2018–19 Verification

• Verification Hot Topics

• IRS Data Retrieval Tool

• Conflicting Information

• Code 399

• Codes 400 & 401

• Following are a few slides from the session …

25

2018–19 Verification

Same data items as 2017-18

No changes to the verification tracking groups

Some changes to acceptable documentation

26

2018–19 Verification

Internal Revenue Service (IRS) Data Retrieval

Tool (DRT) is available again

Dependent students who are nontax filers do not

have to provide confirmation of nonfiling status

from the IRS or other relevant tax authority

Clarified that an applicant selected for V4 or V5

verification must submit an unexpired valid

government-issued photo ID

27

2018–19 Verification

Verification of Nonfiling (VNF)

IRS documents that clearly indicate that the IRS

does not have a tax return record on file for the tax

year are acceptable for VNF

• Includes Tax Return Transcripts/Tax Account

Transcripts that indicate “no record of return filed” or

“no transcript on file”

• Includes any version of IRS Form 13873 that clearly

states that the form is provided to the individual as

verification of nonfiling or states the IRS has no record

of a tax return 28

IRS Data Retrieval Tool 2017–18

IRS Tax Return Filers

• A signed paper copy of the 2015 IRS tax return rather

than using the IRS DRT or obtaining an IRS transcript

Verification of Nonfiling

• A signed statement certifying that the individual has

not and is not required to file an income tax return and

a list of the sources and amount of income from each

source

• A copy of IRS Form W-2 for each source of income

(GEN-17-04)

29

IRS Data Retrieval Tool 2018–19

IRS DRT function was reinstated for the 2018–19

FAFSA® processing year

To enhance the security and privacy of the

sensitive personal data, all DRT data will be

encrypted/masked and hidden from view on:

• IRS DRT website

• FAFSA web pages

• Student Aid Report (SAR)

30

IRS Data Retrieval Tool 2018–19

Institutional and state agency Institutional Student

Information Records (ISIRs) will have IRS data

Applicants and parents will not be able to make

corrections to the IRS DRT transferred items

before or after submission

Institutions will continue to be able to make any

necessary corrections

31

IRS Data Retrieval Tool 2018–19

IRS Data Field Flags

NEW set of flags that identify what, if any, information

was changed

Separate flags for student and parents

Flags listed for EACH field that can be transferred from

the IRS

DIFFERENT flags than the IRS Request Flags

02 Request Flag still means no data changed for

verification purposes

32

IRS Data Retrieval Tool 2018–19

IRS Notification of access to the IRS DRT

• Additional security protection

• Tax filer notified that their personal information was

used to access their tax return information through

the IRS DRT

IRS Get Transcript Online Unavailable For New

Users

• Electronic Announcement dated 11/2/17

33

V4 and V5 Tracking Results

V4 and V5 tracking process in Financial Aid

Administrator (FAA) Access continues to be in

effect for 2017–18 and 2018–19

Institutions need to select the proper award year

for which they are providing results

Value #6 added to drop down options

• Verification attempted, issues found with both identity

and high school completion

34

V4 and V5 Tracking Results

Whom to report: Student for whom institution

received an ISIR with a Verification Tracking Group

of V4 or V5 AND for whom you requested

verification documentation

• Do NOT include students selected for verification by the

institution

When to report: 60 days following the institution’s

first request for verification documentation

• Changes to previously submitted Identity Verification

Results must be updated within 30 days

35

Purpose of Comment Code 399

The 2017–18 FAFSA is compared to the

applicant’s last 2016–17 ISIR transaction

Review will determine if any conflicting income

and/or tax information would, once resolved,

produce a significant change in the student’s

expected family contribution (EFC)

If so, the Central Processing System (CPS) will

flag the applicant’s 2017–18 ISIR with a ‘C’ Code

and Comment Code 399

36

Unresolved 399

Until the conflicting information issue has been

resolved, the institution may not disburse any Title

IV aid

If Comment Code 399 was set prior to September

9, 2017 and the institution is unable to resolve the

conflicting information, the institution must

consider the student to be in an overaward status

for any need-based 2016-2017 Title IV aid (Title

IV Grants, Federal Perkins Loans, and Direct

Subsidized Loans) that was disbursed, and cease

paying the student with FWS funds

37

Resources

For more information on Comment Code 399

see

• Dear Colleague Letter GEN-16-14

• Electronic Announcement published August 10, 2017

• Frequently Asked Questions (FAQ) on IFAP at

https://ifap.ed.gov/EarlyFAFSA/earlyfafsaFAQv1.html

38

Web Edits and SAR Comments

2018–19 FAFSA:

• Because information transferred from the IRS does not

display to the applicant or parent (nor can corrections

be made), any web edits that include information

transferred from the IRS can no longer be presented to

the applicant or parent

• Instead, new SAR comments will display on the ISIR

(and SAR) to alert financial aid administrators that at

least one edit was triggered but could not be displayed

to the applicant or parent and therefore, could not be

resolved online

39

Comment Codes 400/401

Comment Codes 400 (parents) and 401

(dependent and independent student applicants)

400 = Your Financial Aid Administrator may

contact you to resolve any issues related to

parental data reported on your FAFSA

401 = Your Financial Aid Administrator may

contact you to resolve any issues related to data

reported on your FAFSA

40

Reasons for Comment Code 400

For Parents of Dependent Students

• Parent is a tax filer (FAFSA Question 80) and the AGI

retrieved from the IRS is zero, but the total income

earned from work (FAFSA Questions 88 and 89) is

greater than zero

41

Reasons for Comment Code 400

For Parents of Dependent Students

• The total of the Additional Financial Information fields

reported on the FAFSA form (FAFSA Questions 93a-f)

is greater than the AGI transferred from the IRS

42

Reasons for Comment Code 400

For Parents of Dependent Students

• Any item from the FAFSA list of Untaxed Income

(FAFSA Questions 94a-i) is equal to or exceeds the AGI

transferred from the IRS

43

Reasons for Comment Code 401

For Dependent Students and Independent

Students

• Student is a tax filer (FAFSA Question 32) and the AGI

retrieved from the IRS is zero, but the total income

earned from work (FAFSA Questions 39 and 40) is

greater than zero

44

Reasons for Comment Code 401

For Dependent Students and Independent

Students

• The total of the Additional Financial Information fields

reported on the FAFSA form (FAFSA Questions 44a-

f) is greater than the AGI transferred from the IRS

45

Reasons for Comment Code 401

For Dependent Students and Independent

Students

• Any item from the FAFSA list of Untaxed Income

(FAFSA Questions 45a-j) is equal to or exceeds the

AGI transferred from the IRS

46

Special Notes

When Comment Code 400 or 401 appears on an

ISIR and an institutional review confirms that

none of the relevant data items for a 400/401

condition exists, the institution need not take any

further action

Comment Code 400/401 can be considered

resolved if (V1 or V5) verification is completed for

the same applicant for the same ISIR record

47

Resources

For more information on Comment Code

400/401 see

• Electronic Announcement Published August 7, 2017

48

GS4. Keynote Address

Presented by FSA Chief Operating Officer

Dr. A. Wayne Johnson

Highlights the future of the FAFSA/FSA process and the mobile

app

Session 33. The Future of FAFSA® is a follow-up to Dr.

Johnson's Keynote Address and showcases FSA plans for the

future of FAFSA 49

Misty Parkinson and Ed Pacchetti | Nov.-Dec. 2017

U.S. Department of Education

2017 FSA Training Conference for Financial Aid Professionals

FAFSA® and CPS –

Now and What’s Next

Session GS5

Agenda: FAFSA® and CPS - Now and What's Next

2018-19 Start-up Enhancements

2018-19 Resources

Prior-Prior Year and 2018-19 FAFSA Stats

2018-19 Mid-cycle Enhancements

2019-20 Important Dates

1

2

3

4

5

51

IRS DRT Security Enhancements

ISSUE

RESOLUTION

Concerns were raised that cyber criminals could use the IRS

DRT to steal sensitive taxpayer data.

• New encryption safety measures to protect sensitive

taxpayer data

• Different user experience

52

New User Experience (cont.)

53

New User Experience (cont.)

54

New User Experience (cont.)

55

New User Experience (cont.)

56

2018-19 MID-CYCLE

ENHANCEMENTS

57

Responsive Web Design

58

ISSUE

RESOLUTION

The FAFSA form was not designed for use with mobile

devices.

• FAFSA form will utilize Responsive Web Design

• Implementation will be done via a multi-phase

approach

• Application and Home page only (Phase

One)

• More accessible to all users

• Greatly enhances user experience on all devices

58

Sample Screenshots

59

Sample Screenshots

60

Sample Screenshots

61

Sample Screenshots

62

Sample Screenshots

YES NO

63

Sample Screenshots

64

Breakout Sessions

65

66

67

Jim Wyant and Brian Bender | Nov.-Dec. 2017

U.S. Department of Education

2017 FSA Training Conference for Financial Aid Professionals

Program Review Essentials and

the Top 10 Compliance Findings

Session 26

Top Audit Findings

1. NSLDS Roster Reporting – Inaccurate/Untimely Reporting

2. Repeat Finding-Failure to Take Corrective Action

3. Return of Title IV (R2T4) Calculation Errors

4. Return of Title IV (R2T4) Funds Made Late

5. Verification Violations

6. Entrance/Exit Counseling Deficiencies

7. Qualified Auditor’s Opinion Cited in Audit

8. Pell Grants – Overpayment/Underpayment

9. Student Credit Balance Deficiencies

10. G5 Expenditures Untimely/Incorrectly Reported

69

Top Program Review Findings

1. NSLDS Roster Reporting – Inaccurate/Untimely Reporting

2. Crime Awareness Requirements Not Met

3. Return of Title IV (R2T4) Calculation Errors

4. Verification Violations

5. Drug Abuse Prevention Requirements Not Met

6. Entrance/Exit Counseling Deficiencies

7. Consumer Information Requirements Not Met

8. Student Credit Balance Deficiencies

9. Inaccurate Recordkeeping

10. Satisfactory Academic Progress Policy Not Adequately

Developed/Monitored

70

Dr. Michael Dean, Dr. Linda Wilbanks, and Theon Dam | Nov.-Dec. 2017

U.S. Department of Education

2017 FSA Training Conference for Financial Aid Professionals

What FAAs need to know about

Cybersecurity Initiatives, Data Protection,

Identity Theft and Cybersecurity Risk

Management

Session 30

72

Presentation Overview

ORGANIZATIONAL VIEW OF RISKS

• Enterprise Risk Management

• Cyber Security Risk Management

OPERATIONAL CYBER SECURITY

• Cyber Security Guidance on IT

Security to Institutions of Higher

Education

Dr. Michael Dean

Chief Enterprise Risk Officer

Dr. Linda Wilbanks

Senior Advisor, Cyber Security Risk Management

Theon Dam

ISSO

Agenda

Purpose

Comply with Laws and Regulations

FSA Security Initiatives

What are PII and SPII ?

Security & Privacy Awareness

Cost of Breach

FAA Guidance

73

Passwords not secure...

99.9% of all user-generated

passwords are insecure

Word-number-punctuation most

commonly cracked ‘complex’

password

Solutions are based on two factor

authentication

The myth of privacy and security

Password cracking by security experts: Six characters: 12 seconds Seven characters: 5 minutes Eight characters: 4 hours

https://www.privacyrights.org

74

75

Agenda

Who needs to worry about data security?

Why do I need to worry about data security?

What are the data security requirements?

What is a breach?

When do I report a breach?

How do I report a breach?

How can you help me with data security?

What are my next steps?

76

Why do I need to worry about data

security?

Starting in 2018, GLBA information security safeguards will be audited to

ensure administrative capability. Draft audit language:

Audit Objectives – Determine whether the IHE designated an individual to

coordinate the information security program; performed a risk assessment

that addresses the three areas noted in 16 CFR 314.4 (b) and documented

safeguards for identified risks.

Suggested Audit Procedures a. Verify that the IHE has designated an individual to coordinate the

information security program.

b. Obtain the IHE risk assessment and verify that it addresses the three

required areas noted in 16 CFR 314.4 (b).

c. Obtain the documentation created by the IHE that aligns each

safeguard with each risk identified from step b above, verifying that the

IHE has identified a safeguard for each risk.

77

What are the data security requirements?

• Title IV schools are financial institutions per Gramm-Leach-

Bliley Act (GLBA, 2002)

• Per FSA PPA & SAIG agreements, these schools must have GLBA

safeguards in place. Schools without GLBA safeguards may be

found administratively incapable (unable to properly administer

Title IV funds).

• GLBA Safeguards are:

• Develop, implement, & maintain documented data security (info-sec)

program

• Designate an employee(s) to coordinate the program

78

What is a breach?

• Per GLBA, a breach is any unauthorized

disclosure, misuse, alteration, destruction or other

compromise of information.

• Administrative, technical, and physical

safeguards:

1) ensure the security & confidentiality of

customer information

2) protect against any anticipated threats or

hazards to the security or integrity of such

records

3) protect against unauthorized access to or

use of such records or information which

could result in substantial harm or

inconvenience to any customer.

Important items to note:

• No minimum size or # of

records

• Employee access is not

exempt if wrong

• Not strictly digital or

technology-based –

paper counts!

• Covers data in storage,

in transit or being

processed

79

When do I report a breach?

• The Student Aid Internet Gateway (SAIG) Agreement requires that as

a condition of continued participation in the federal student aid

programs Title IV schools report suspected/actual data breaches

• Title IV schools must report on the day of detection when a data

breach is even suspected

• The Department has the authority to fine institutions that do not

comply with the requirement to self-report data breaches; up to

$54,789 per violation per 34 C.F.R. § 36.2

• The Department has reminded all institutions of this requirement

through Dear Colleague Letters (GEN 15-18, GEN 16-12), electronic

announcements, and the annual FSA Handbook.

80

How do I report a data breach? (Yes, you!)

1. Email cpssaig@ed.gov & copy your data breach team, executives,

per your policy

Data to include in the email:

• Date of breach (suspected or known)

• Impact of breach (# of records, etc.)

• Method of breach (hack, accidental disclosure, etc.)

• Information Security Program Point of Contact - email and phone

details

• Remediation Status (complete, in process – with detail) & Next

steps (as needed)

2. Call Education Security Operations Center (ED SOC) at 202-245-

6550 with above data. ED-SOC operates 7x24.

3. Call or Email Tiina Rodrigue – tiina.rodrigue@ed.gov or 202-377-

3887 – if both previous methods fail.

81

Cybersecurity Assessment Tool (CAT) - optional self-assessment electronic tool that helps establish school’s current risk profile and cybersecurity maturity for executive review & prioritization:

• Built by Federal Financial Institution Examiners’ Council (FFIEC) to help financial institutions review current state

• Education has automated it to better enable schools of all levels to review current state of risk and maturity

• Targets specific areas to address to close the gaps from a best practice perspective while preventing waste or over-engineering

• Covers 5 Domains in depth, with diverse areas including culture, acquisitions, third-party management which aligns with GLBA requirements

• Pertains to policy, people and process issues, too

How can you help me with data security?

82

How can you help me with data security?

As an option, you can contact Senior Advisor – Cybersecurity to:

• Ask hypothetical questions – is this an area of concern?

• Get a consultative review – policy or process (it’s free!)

• Use the tools or get additional information (also free)

• Collaborate on best practices or bring ideas forward

• Review new Cybersecurity Compliance page – send input

Contact information:

• Tiina Rodrigue – tiina.rodrigue@ed.gov

202-377-3887 (desk) or 202-279-0269 (mobile)

83

ifap.ed.gov

84

85

Changes to Federal Student Aid

Web Addresses

Electronic Announcement was posted on ifap.ed.gov on October 31, 2016

Provides information about changes that impacted web addresses used to access

FSA systems and websites

To comply with a federal mandate that all publicly-accessible federal websites and web

services provide service only through a secure internet connection.

For external users, this resulted in two key changes to FSA web addresses Any FSA URL that begins with the “http” prefix was updated to use the “https” prefix

The “www” prefix has been removed from any FSA URL that included the “www” prefix

As of December 31, 2017, all FSA web addresses will begin with “https” web

addresses and will not contain “www”

As ED implemented the change, redirects were put in place to ease the transition,

however, the plan was to only use redirects until December 31, 2017

If you have not already updated bookmarks and links on your school’s website, it’s

recommended that you do so as soon as possible

In addition to updating web sites, be sure to update student documents,

publications, training materials, etc. that reference the FSA sites

Web sites of federal loan servicers are also impacted by this change

Each federal loan servicer has updated its borrower notifications and has been working

directly with borrowers to ensure the change is communicated

86

ISAC Contact Information

Student and Parent Services

Phone: 800-899-4722

E-mail: isac.studentservices@isac.illinois.gov

School Services

Phone: 866-247-2172

E-mail: isac.schoolservices@isac.illinois.gov

Kim Eck, Training Services

Phone: 217-785-7139

E-mail: Kimberly.Eck@illinois.gov

87

QUESTIONS/COMMENTS?

Thank you for joining us today!

88