isac update and fsa conference hot topicsoctober 1, 2017 for full-year consideration march 1, 2018...
TRANSCRIPT
1
ISAC Update and a
Review of Hot Topics
from the 2017 Federal
Student Aid (FSA)
Conference
January 31, 2018
Agenda
ISAC Update
Highlights from FSA Conference
Resources
Questions/Comments
2
2017-18 (FY18)
3
2017-18 MAP
ISAC released student records from suspense status whose FAFSA®
receipt dates were January 16, 2017 through (and including)
February 14, 2017
Released records were made available for viewing in GAP Access on
December 19
Students with initial FAFSA receipt dates on or after February 15, 2017 remain
in suspense status
To identify student records included in the release of suspense, use the
filter functionality in GAP Access
Create a listing of student records using the date range of FAFSA receipt dates
January 16, 2017 through February 14, 2017, and save as report
Schools may submit first term payment claims for students who were
recently released from suspense as well as second term claims for all
eligible students
Second term claim deadline date is Friday, March 9, 2018
4
5
Identifying Released Student Records
6
Enter or
select the
date range
After selecting the
View button, you
will have the
option to save and
view the list, as
well as generate
an Excel report
2017-18 Illinois Veteran Grant
An online IVG application is now available at isac.org
Please update website content to direct students to the new online option
Required documentation may be submitted electronically
Allowable formats are PDF, JPG, JPEG, DOC and DOCX files
Applicants can still download and print a PDF version and complete the
application process by mail
The current version has the date of 6/17 in the footer
Please discard any old paper versions
The IVG benefit request process is no longer available in My Zone and
will soon be available in GAP Access
Fall term data was due on or before January 15, 2018
Spring term processing normally would have begun on January 16, 2018,
but is currently on hold
Spring term data will be due on or before May 25, 2018
7
8
studentportal.isac.org
2017-18 Illinois National Guard
(ING) Grant Program
Online application can be accessed:
On the Applications page at isac.org
Through the ISAC Programs tab in the ISAC Student Portal at
studentportal.isac.org
Application deadline dates are:
October 1, 2017 for full-year consideration
March 1, 2018 for spring-term and summer-term consideration
June 15, 2018 for summer-term consideration only
Benefit reporting functionality is available in GAP Access for the
fall term
Deadline to submit fall term benefit request information was
December 8, 2017
9
2017-18 Minority Teachers of
Illinois (MTI) Scholarship Program
ISAC will continue to accept applications for the 2017-18
MTI Program through Thursday, February 15, 2018
An additional round of awarding took place on November 15,
2017 and award information is available to colleges in My Zone
TESP payment request rosters can be completed online
and submitted to ISAC via My Zone
Payment request results received will be available in My Zone
after vouchers have been generated
Colleges are encouraged to check My Zone every Tuesday
morning for new payment results
10
2017-18 Grant Programs for Dependents of
Police/Fire/Correctional Officers
Remaining application deadline dates
March 1 for spring-term and summer-term consideration,
June 15 for summer-term consideration only
Announcements of eligibility are being made to students
as applications are received and processed
Fall payment request rosters were due Dec. 8, 2017
11
2018-19 (FY19)
12
2018-19 MAP Start Up
The proposed Start-Up Formula, which is the same as the 2017-18
Recompute Formula, was approved at the November 15, 2017
Commission meeting
Maximum annual award amount for the 2018-19 MAP grant is $4,869
For more information about the Start-Up Formula, see the agenda item that
was posted to isac.org in the ISAC's Governing Board: The Commission
section (About ISAC area)
Start-up activities were implemented
in GAP Access on October 23
A 2018-19 suspension date
has not yet been announced
ISAC continues to analyze
application volume and will
provide schools with as much
advance notice as possible
before announcing a suspense
date
13
2018-19 Teacher Programs
Special Education Teacher Tuition Waiver &
Minority Teachers of Illinois Scholarship Program
Application is available at isac.org
Priority application deadline date is March 1, 2018
MTI Program
Application is available at isac.org
Priority application deadline date is March 1, 2018
14
State of the State
Governor Rauner presented his State of the State
address at noon today
Visit the Governor’s Office web page or the Governor’s Facebook
page for more information
www.illinois.gov/gov/Pages/default.aspx
www.facebook.com/GovRauner
Legislators returned to Springfield on January 30
For the spring session
schedule, as well as
the full text and status
of bills, visit the General
Assembly web site
at www.ilga.gov
15
ISAC Training & Information
Financial Aid 101 Workshops
March 13 at ISAC’s Deerfield Office
March 20 at ISAC’s Springfield Office
Financial Aid 201 Workshops
March 14 at ISAC’s Deerfield Office
March 21 at ISAC’s Springfield Office
Monthly Webinars (last Wednesday of the month)
February 28, 2 p.m.
An Overview of ISAC’s Military Programs
March 28, 2 p.m.
An Overview of ISAC’s Teacher Programs
Questions may be directed to: [email protected]
16
HIGHLIGHTS FROM THE
FEDERAL STUDENT AID
(FSA) CONFERENCE
17
https://fsaconferences.ed.gov/
18
http://www.webcastregister.live/2017fsatc_records/
registration_view_catalog_public.php
19
Lynn Mahaffie and Cynthia Hammond | November 27, 2017
U.S. Department of Education
2017 FSA Training Conference for Financial Aid Professionals
Session GS2
Federal Update
GS1. Welcome & Keynote Address
Vision, mission and goals of U.S. Department of
Education
Presented by Secretary Betsy DeVos
Update on disaster relief efforts
21
22
GS2. Federal Update
Key topics:
Regulatory Update
Creation of Regulatory Reform Task Force (RRTF)to review regulatory and
sub-regulatory guidance throughout ED
Initial focus
Elimination of outdated guidance
Borrower Defense to Repayment
Gainful Employment
Borrower Defense
Gainful Employment
Perkins Wind-Down
Year-Round Pell
Guidance on Natural Disasters
Hurricanes Harvey, Irma, and Maria Education Relief Act of 2017 (Public Law
115-64)
Data/Cyber Security 23
24
GS3. Verification (2017 - 18 and 2018 - 19) and
Identification and Resolution of 2017 - 18 Conflicting
Information
• Session Agenda
• Verification History
• 2017–18 Verification
• 2018–19 Verification
• Verification Hot Topics
• IRS Data Retrieval Tool
• Conflicting Information
• Code 399
• Codes 400 & 401
• Following are a few slides from the session …
25
2018–19 Verification
Same data items as 2017-18
No changes to the verification tracking groups
Some changes to acceptable documentation
26
2018–19 Verification
Internal Revenue Service (IRS) Data Retrieval
Tool (DRT) is available again
Dependent students who are nontax filers do not
have to provide confirmation of nonfiling status
from the IRS or other relevant tax authority
Clarified that an applicant selected for V4 or V5
verification must submit an unexpired valid
government-issued photo ID
27
2018–19 Verification
Verification of Nonfiling (VNF)
IRS documents that clearly indicate that the IRS
does not have a tax return record on file for the tax
year are acceptable for VNF
• Includes Tax Return Transcripts/Tax Account
Transcripts that indicate “no record of return filed” or
“no transcript on file”
• Includes any version of IRS Form 13873 that clearly
states that the form is provided to the individual as
verification of nonfiling or states the IRS has no record
of a tax return 28
IRS Data Retrieval Tool 2017–18
IRS Tax Return Filers
• A signed paper copy of the 2015 IRS tax return rather
than using the IRS DRT or obtaining an IRS transcript
Verification of Nonfiling
• A signed statement certifying that the individual has
not and is not required to file an income tax return and
a list of the sources and amount of income from each
source
• A copy of IRS Form W-2 for each source of income
(GEN-17-04)
29
IRS Data Retrieval Tool 2018–19
IRS DRT function was reinstated for the 2018–19
FAFSA® processing year
To enhance the security and privacy of the
sensitive personal data, all DRT data will be
encrypted/masked and hidden from view on:
• IRS DRT website
• FAFSA web pages
• Student Aid Report (SAR)
30
IRS Data Retrieval Tool 2018–19
Institutional and state agency Institutional Student
Information Records (ISIRs) will have IRS data
Applicants and parents will not be able to make
corrections to the IRS DRT transferred items
before or after submission
Institutions will continue to be able to make any
necessary corrections
31
IRS Data Retrieval Tool 2018–19
IRS Data Field Flags
NEW set of flags that identify what, if any, information
was changed
Separate flags for student and parents
Flags listed for EACH field that can be transferred from
the IRS
DIFFERENT flags than the IRS Request Flags
02 Request Flag still means no data changed for
verification purposes
32
IRS Data Retrieval Tool 2018–19
IRS Notification of access to the IRS DRT
• Additional security protection
• Tax filer notified that their personal information was
used to access their tax return information through
the IRS DRT
IRS Get Transcript Online Unavailable For New
Users
• Electronic Announcement dated 11/2/17
33
V4 and V5 Tracking Results
V4 and V5 tracking process in Financial Aid
Administrator (FAA) Access continues to be in
effect for 2017–18 and 2018–19
Institutions need to select the proper award year
for which they are providing results
Value #6 added to drop down options
• Verification attempted, issues found with both identity
and high school completion
34
V4 and V5 Tracking Results
Whom to report: Student for whom institution
received an ISIR with a Verification Tracking Group
of V4 or V5 AND for whom you requested
verification documentation
• Do NOT include students selected for verification by the
institution
When to report: 60 days following the institution’s
first request for verification documentation
• Changes to previously submitted Identity Verification
Results must be updated within 30 days
35
Purpose of Comment Code 399
The 2017–18 FAFSA is compared to the
applicant’s last 2016–17 ISIR transaction
Review will determine if any conflicting income
and/or tax information would, once resolved,
produce a significant change in the student’s
expected family contribution (EFC)
If so, the Central Processing System (CPS) will
flag the applicant’s 2017–18 ISIR with a ‘C’ Code
and Comment Code 399
36
Unresolved 399
Until the conflicting information issue has been
resolved, the institution may not disburse any Title
IV aid
If Comment Code 399 was set prior to September
9, 2017 and the institution is unable to resolve the
conflicting information, the institution must
consider the student to be in an overaward status
for any need-based 2016-2017 Title IV aid (Title
IV Grants, Federal Perkins Loans, and Direct
Subsidized Loans) that was disbursed, and cease
paying the student with FWS funds
37
Resources
For more information on Comment Code 399
see
• Dear Colleague Letter GEN-16-14
• Electronic Announcement published August 10, 2017
• Frequently Asked Questions (FAQ) on IFAP at
https://ifap.ed.gov/EarlyFAFSA/earlyfafsaFAQv1.html
38
Web Edits and SAR Comments
2018–19 FAFSA:
• Because information transferred from the IRS does not
display to the applicant or parent (nor can corrections
be made), any web edits that include information
transferred from the IRS can no longer be presented to
the applicant or parent
• Instead, new SAR comments will display on the ISIR
(and SAR) to alert financial aid administrators that at
least one edit was triggered but could not be displayed
to the applicant or parent and therefore, could not be
resolved online
39
Comment Codes 400/401
Comment Codes 400 (parents) and 401
(dependent and independent student applicants)
400 = Your Financial Aid Administrator may
contact you to resolve any issues related to
parental data reported on your FAFSA
401 = Your Financial Aid Administrator may
contact you to resolve any issues related to data
reported on your FAFSA
40
Reasons for Comment Code 400
For Parents of Dependent Students
• Parent is a tax filer (FAFSA Question 80) and the AGI
retrieved from the IRS is zero, but the total income
earned from work (FAFSA Questions 88 and 89) is
greater than zero
41
Reasons for Comment Code 400
For Parents of Dependent Students
• The total of the Additional Financial Information fields
reported on the FAFSA form (FAFSA Questions 93a-f)
is greater than the AGI transferred from the IRS
42
Reasons for Comment Code 400
For Parents of Dependent Students
• Any item from the FAFSA list of Untaxed Income
(FAFSA Questions 94a-i) is equal to or exceeds the AGI
transferred from the IRS
43
Reasons for Comment Code 401
For Dependent Students and Independent
Students
• Student is a tax filer (FAFSA Question 32) and the AGI
retrieved from the IRS is zero, but the total income
earned from work (FAFSA Questions 39 and 40) is
greater than zero
44
Reasons for Comment Code 401
For Dependent Students and Independent
Students
• The total of the Additional Financial Information fields
reported on the FAFSA form (FAFSA Questions 44a-
f) is greater than the AGI transferred from the IRS
45
Reasons for Comment Code 401
For Dependent Students and Independent
Students
• Any item from the FAFSA list of Untaxed Income
(FAFSA Questions 45a-j) is equal to or exceeds the
AGI transferred from the IRS
46
Special Notes
When Comment Code 400 or 401 appears on an
ISIR and an institutional review confirms that
none of the relevant data items for a 400/401
condition exists, the institution need not take any
further action
Comment Code 400/401 can be considered
resolved if (V1 or V5) verification is completed for
the same applicant for the same ISIR record
47
Resources
For more information on Comment Code
400/401 see
• Electronic Announcement Published August 7, 2017
48
GS4. Keynote Address
Presented by FSA Chief Operating Officer
Dr. A. Wayne Johnson
Highlights the future of the FAFSA/FSA process and the mobile
app
Session 33. The Future of FAFSA® is a follow-up to Dr.
Johnson's Keynote Address and showcases FSA plans for the
future of FAFSA 49
Misty Parkinson and Ed Pacchetti | Nov.-Dec. 2017
U.S. Department of Education
2017 FSA Training Conference for Financial Aid Professionals
FAFSA® and CPS –
Now and What’s Next
Session GS5
Agenda: FAFSA® and CPS - Now and What's Next
2018-19 Start-up Enhancements
2018-19 Resources
Prior-Prior Year and 2018-19 FAFSA Stats
2018-19 Mid-cycle Enhancements
2019-20 Important Dates
1
2
3
4
5
51
IRS DRT Security Enhancements
ISSUE
RESOLUTION
Concerns were raised that cyber criminals could use the IRS
DRT to steal sensitive taxpayer data.
• New encryption safety measures to protect sensitive
taxpayer data
• Different user experience
52
New User Experience (cont.)
53
New User Experience (cont.)
54
New User Experience (cont.)
55
New User Experience (cont.)
56
2018-19 MID-CYCLE
ENHANCEMENTS
57
Responsive Web Design
58
ISSUE
RESOLUTION
The FAFSA form was not designed for use with mobile
devices.
• FAFSA form will utilize Responsive Web Design
• Implementation will be done via a multi-phase
approach
• Application and Home page only (Phase
One)
• More accessible to all users
• Greatly enhances user experience on all devices
58
Sample Screenshots
59
Sample Screenshots
60
Sample Screenshots
61
Sample Screenshots
62
Sample Screenshots
YES NO
63
Sample Screenshots
64
Breakout Sessions
65
66
67
Jim Wyant and Brian Bender | Nov.-Dec. 2017
U.S. Department of Education
2017 FSA Training Conference for Financial Aid Professionals
Program Review Essentials and
the Top 10 Compliance Findings
Session 26
Top Audit Findings
1. NSLDS Roster Reporting – Inaccurate/Untimely Reporting
2. Repeat Finding-Failure to Take Corrective Action
3. Return of Title IV (R2T4) Calculation Errors
4. Return of Title IV (R2T4) Funds Made Late
5. Verification Violations
6. Entrance/Exit Counseling Deficiencies
7. Qualified Auditor’s Opinion Cited in Audit
8. Pell Grants – Overpayment/Underpayment
9. Student Credit Balance Deficiencies
10. G5 Expenditures Untimely/Incorrectly Reported
69
Top Program Review Findings
1. NSLDS Roster Reporting – Inaccurate/Untimely Reporting
2. Crime Awareness Requirements Not Met
3. Return of Title IV (R2T4) Calculation Errors
4. Verification Violations
5. Drug Abuse Prevention Requirements Not Met
6. Entrance/Exit Counseling Deficiencies
7. Consumer Information Requirements Not Met
8. Student Credit Balance Deficiencies
9. Inaccurate Recordkeeping
10. Satisfactory Academic Progress Policy Not Adequately
Developed/Monitored
70
Dr. Michael Dean, Dr. Linda Wilbanks, and Theon Dam | Nov.-Dec. 2017
U.S. Department of Education
2017 FSA Training Conference for Financial Aid Professionals
What FAAs need to know about
Cybersecurity Initiatives, Data Protection,
Identity Theft and Cybersecurity Risk
Management
Session 30
72
Presentation Overview
ORGANIZATIONAL VIEW OF RISKS
• Enterprise Risk Management
• Cyber Security Risk Management
OPERATIONAL CYBER SECURITY
• Cyber Security Guidance on IT
Security to Institutions of Higher
Education
Dr. Michael Dean
Chief Enterprise Risk Officer
Dr. Linda Wilbanks
Senior Advisor, Cyber Security Risk Management
Theon Dam
ISSO
Agenda
Purpose
Comply with Laws and Regulations
FSA Security Initiatives
What are PII and SPII ?
Security & Privacy Awareness
Cost of Breach
FAA Guidance
73
Passwords not secure...
99.9% of all user-generated
passwords are insecure
Word-number-punctuation most
commonly cracked ‘complex’
password
Solutions are based on two factor
authentication
The myth of privacy and security
Password cracking by security experts: Six characters: 12 seconds Seven characters: 5 minutes Eight characters: 4 hours
https://www.privacyrights.org
74
75
Agenda
Who needs to worry about data security?
Why do I need to worry about data security?
What are the data security requirements?
What is a breach?
When do I report a breach?
How do I report a breach?
How can you help me with data security?
What are my next steps?
76
Why do I need to worry about data
security?
Starting in 2018, GLBA information security safeguards will be audited to
ensure administrative capability. Draft audit language:
Audit Objectives – Determine whether the IHE designated an individual to
coordinate the information security program; performed a risk assessment
that addresses the three areas noted in 16 CFR 314.4 (b) and documented
safeguards for identified risks.
Suggested Audit Procedures a. Verify that the IHE has designated an individual to coordinate the
information security program.
b. Obtain the IHE risk assessment and verify that it addresses the three
required areas noted in 16 CFR 314.4 (b).
c. Obtain the documentation created by the IHE that aligns each
safeguard with each risk identified from step b above, verifying that the
IHE has identified a safeguard for each risk.
77
What are the data security requirements?
• Title IV schools are financial institutions per Gramm-Leach-
Bliley Act (GLBA, 2002)
• Per FSA PPA & SAIG agreements, these schools must have GLBA
safeguards in place. Schools without GLBA safeguards may be
found administratively incapable (unable to properly administer
Title IV funds).
• GLBA Safeguards are:
• Develop, implement, & maintain documented data security (info-sec)
program
• Designate an employee(s) to coordinate the program
78
What is a breach?
• Per GLBA, a breach is any unauthorized
disclosure, misuse, alteration, destruction or other
compromise of information.
• Administrative, technical, and physical
safeguards:
1) ensure the security & confidentiality of
customer information
2) protect against any anticipated threats or
hazards to the security or integrity of such
records
3) protect against unauthorized access to or
use of such records or information which
could result in substantial harm or
inconvenience to any customer.
Important items to note:
• No minimum size or # of
records
• Employee access is not
exempt if wrong
• Not strictly digital or
technology-based –
paper counts!
• Covers data in storage,
in transit or being
processed
79
When do I report a breach?
• The Student Aid Internet Gateway (SAIG) Agreement requires that as
a condition of continued participation in the federal student aid
programs Title IV schools report suspected/actual data breaches
• Title IV schools must report on the day of detection when a data
breach is even suspected
• The Department has the authority to fine institutions that do not
comply with the requirement to self-report data breaches; up to
$54,789 per violation per 34 C.F.R. § 36.2
• The Department has reminded all institutions of this requirement
through Dear Colleague Letters (GEN 15-18, GEN 16-12), electronic
announcements, and the annual FSA Handbook.
80
How do I report a data breach? (Yes, you!)
1. Email [email protected] & copy your data breach team, executives,
per your policy
Data to include in the email:
• Date of breach (suspected or known)
• Impact of breach (# of records, etc.)
• Method of breach (hack, accidental disclosure, etc.)
• Information Security Program Point of Contact - email and phone
details
• Remediation Status (complete, in process – with detail) & Next
steps (as needed)
2. Call Education Security Operations Center (ED SOC) at 202-245-
6550 with above data. ED-SOC operates 7x24.
3. Call or Email Tiina Rodrigue – [email protected] or 202-377-
3887 – if both previous methods fail.
81
Cybersecurity Assessment Tool (CAT) - optional self-assessment electronic tool that helps establish school’s current risk profile and cybersecurity maturity for executive review & prioritization:
• Built by Federal Financial Institution Examiners’ Council (FFIEC) to help financial institutions review current state
• Education has automated it to better enable schools of all levels to review current state of risk and maturity
• Targets specific areas to address to close the gaps from a best practice perspective while preventing waste or over-engineering
• Covers 5 Domains in depth, with diverse areas including culture, acquisitions, third-party management which aligns with GLBA requirements
• Pertains to policy, people and process issues, too
How can you help me with data security?
82
How can you help me with data security?
As an option, you can contact Senior Advisor – Cybersecurity to:
• Ask hypothetical questions – is this an area of concern?
• Get a consultative review – policy or process (it’s free!)
• Use the tools or get additional information (also free)
• Collaborate on best practices or bring ideas forward
• Review new Cybersecurity Compliance page – send input
Contact information:
• Tiina Rodrigue – [email protected]
202-377-3887 (desk) or 202-279-0269 (mobile)
83
ifap.ed.gov
84
85
Changes to Federal Student Aid
Web Addresses
Electronic Announcement was posted on ifap.ed.gov on October 31, 2016
Provides information about changes that impacted web addresses used to access
FSA systems and websites
To comply with a federal mandate that all publicly-accessible federal websites and web
services provide service only through a secure internet connection.
For external users, this resulted in two key changes to FSA web addresses Any FSA URL that begins with the “http” prefix was updated to use the “https” prefix
The “www” prefix has been removed from any FSA URL that included the “www” prefix
As of December 31, 2017, all FSA web addresses will begin with “https” web
addresses and will not contain “www”
As ED implemented the change, redirects were put in place to ease the transition,
however, the plan was to only use redirects until December 31, 2017
If you have not already updated bookmarks and links on your school’s website, it’s
recommended that you do so as soon as possible
In addition to updating web sites, be sure to update student documents,
publications, training materials, etc. that reference the FSA sites
Web sites of federal loan servicers are also impacted by this change
Each federal loan servicer has updated its borrower notifications and has been working
directly with borrowers to ensure the change is communicated
86
ISAC Contact Information
Student and Parent Services
Phone: 800-899-4722
E-mail: [email protected]
School Services
Phone: 866-247-2172
E-mail: [email protected]
Kim Eck, Training Services
Phone: 217-785-7139
E-mail: [email protected]
87
QUESTIONS/COMMENTS?
Thank you for joining us today!
88