New Regs Will Change How Colleges Offer Bank Accounts to Students

by Bryan Cave

On October 30, 2015, the Department of Education issued regulations to impose requirements on the marketing and terms of deposit and prepaid accounts offered to students at educational institutions that participate in Federal student aid programs. According to the DOE, the regulations are intended to ensure that students have convenient access to their title IV, Higher Education Act program funds, do not incur unreasonable and uncommon account fees on their title IV funds, and are not led to believe that they must open a particular financial account to receive Federal student aid. Most of these new rules take effect on July 1, 2016.

On December 16, the CFPB published a Safe Student Account Toolkit “to help colleges evaluate whether to co-sponsor a prepaid or checking account with a financial institution.” The Toolkit includes a Scorecard that can be used by schools when selecting a third-party vendor for student accounts and an Administrator Handbook designed to help school administrators gather relevant information to review, compare and evaluate accounts offered by different financial institutions.

The CFPB’s Toolkit provides guidance on the new DOE regulations, but with a focus on those provisions that are designed to protect students. The CFPB can bring and has brought enforcement actions against colleges under federal consumer protection laws. Their issuing of the Toolkit should be understood as a warning that they also will be enforcing the consumer protection portions of the DOE rules, though perhaps under their unfair, deceptive and abusive practices statute.

As the CFPB itself notes, the Toolkit addresses only some of the requirements under the new DOE regulations. Colleges therefore must understand both the new DOE regulations and the Toolkit to have a complete picture of the requirements and regulatory expectations. This article summarizes some of the key consumer protection rules in the new DOE regulations, with a focus on those addressed in the Toolkit.


The DOE regulations generally apply to institutions of higher education and certain postsecondary vocational institutions, each referred to as “institutions” in the regulation. The key consumer protections relate to student “financial accounts,” defined in the DOE regulations as “a student’s or parent’s checking or savings account, prepaid account, or other consumer asset account held directly or indirectly by a financial institution.”

The DOE regulations and the Toolkit distinguish between “tier one arrangements” and “tier two arrangements. A tier one or T1 arrangement is an arrangement in which:

  1. an institution has entered into a contract with a third-party servicer for the servicer to perform one or more functions associated with the processing of direct payments of title IV, HEA program funds on behalf of the institution; and
  2. the institution or third-party servicer makes payments to –
    • one or more financial accounts offered to students under the contract;
    • a financial account where information about the account is communicated directly to students by the servicer or the institution; or
    • a financial account where information about the account is communicated directly to students by an entity contracting with or affiliated with the servicer

“Third-party servicer” is broadly defined in existing DOE regulations as including any individual, a State, or an organization that enters into a contract with an institution to administer any aspect of the institution’s participation in any title IV, HEA program. The term includes, among others, those third parties that receive, disburse or deliver title IV, HEA program funds, other than by “normal bank electronic fund transfers.” This subtle EFT distinction becomes important for purposes of the definition of tier two arrangements.

A tier two or T2 arrangement is one in which an institution has contracted with a financial institution, or entity that offers financial accounts through a financial institution, under which financial accounts are offered and “marketed directly” to students enrolled at the institution. The accounts will be considered to be marketed directly if the institution communicates directly with students about opening the account, the account or access device is cobranded with the institution’s name or logo and is marketed principally to its students, or if a card or tool is provided to the student for institutional purposes (such as an ID card) and it enables the student to use the device to access the account.

In contrast to T1 arrangements, no third-party servicer is involved in a T2 arrangement. The exclusion for normal bank electronic transfers is therefore important so that banks and other financial institutions that only disburse title IV funds by normal bank EFTs are not treated as third-party servicers and cause the T1 rules to apply.

It is possible for any particular educational institution to have both tier one and tier two arrangements. The DOE points out, however, that this could occur only if the institution has separate agreements with different financial account providers: “One that provided third-party servicing functions and the other that provided accounts that met the T2 arrangement direct marketing definition in some way….”

On the other hand, if a single provider serves as a third-party servicer and offers multiple account options to students of an institution, all of those account offerings must comply with the requirements for T1 arrangements even if absent the third-party relationship one or more of those offerings would only be T2 arrangements. The DOE’s rationale for this approach is that “a third-party service provider exerts a tremendous amount of control over the disbursement process and timing.”

Summary of Requirements

Student Choice. Under the DOE rules, an institution that makes direct payments to a student by EFT and that enters into a T1 or T2 arrangement must establish a selection process to allow the student to choose among “several options” for receiving those payments. This means, among other things, that the institution must ensure that:

  • The student is informed in writing that he or she is not required to obtain a financial account or access device offered by or through a specific financial institution;

  • The student’s options for receiving direct payments are described in a clear and neutral manner;
  • No account option is preselected in the materials provided to the student;
  • In describing the account options, the student’s existing financial account is prominently displayed as the first option; and
  • Disclosures are provided to consumers before an account is opened that list and identify the major features and commonly assessed fees associated with the account (compliance with this particular rule is not required until July 1, 2017).

The CFPB’s Scorecard, which the CFPB envisions could be used by institutions to solicit information from prospective vendors, requests information from vendors regarding their ability to comply with the following requirements, among other things:

  • Informing students of the terms and conditions of the account before it is created, including with proper written notice that the account is not required;
  • Presenting materials in an objective and fact-based manner; and
  • Maintaining transparency about the vendor’s relationship with the institution.

Accounts Must Be In The Best Financial Interests of the Students. Under both T1 and T2 arrangements, the institution must “ensure” that the terms of the accounts “are not inconsistent with the best financial interests of the students opening them.” Part of the way in which an institution can satisfy this requirement is through documented due diligence at least every two years to determine whether the fees under the arrangement “are, considered as a whole, consistent with or below prevailing market rates.” The CFPB’s Administrator Handbook states that school administrators “may wish to continuously monitor the account fee schedule, policies for changing fees, and the total net fees paid by students.”

Free ATMs. Institutions entering into a T1 arrangement must ensure that students have “convenient access” to the funds in the account through a surcharge-free national or regional ATM network with a sufficient number of ATMs such that title IV funds are reasonably available. Balance inquiries must also be free at these ATMs. The rule is similar for T2 arrangements, except that it applies only if a specified number or percentage of the institution’s students had a title IV credit balance in the prior three award years. (A “title IV credit balance” is basically the amount of title IV funds for a payment period that exceeds the institution’s allowable charges associated with that payment.)

Other Fee Limits. For T1 arrangements, students cannot incur any cost to open the financial account or initially receive an access device. In addition, no charges may be imposed by the institution, third-party servicer, or a financial institution associated with the servicer, for point-of-sale transactions in a State.

No Credit and No NSF Fees. Financial accounts and access devices under either a T1 or T2 arrangement cannot be marketed or portrayed as, or converted into, a credit card. This rule will not apply to T2 arrangements if the institution had no students with title IV credit balances in the prior three award years. For T1 arrangements, no credit whatsoever may be associated with the financial account. A transaction that exceeds the account balance may be “inadvertently authorized” so long as no fee is imposed for overdrawing the account.

Consent to Access Device. Under both T1 and T2 arrangements, the institution must ensure that the student’s consent to open the financial account is obtained before any access device, or any representation of an access device, is sent to the student. (This rule applies to T2 arrangements only if the institution had at least one student with a title IV credit balance in the prior three award years.) The one exception is that the institution may send the student an “access device that is a card provided to the student for institutional purposes, such as a student ID card,” so long as the institution obtains the student’s consent before validating the device to enable access to the account. For these purposes, an “access device” is a card, code, or other means of access to a financial account that may be used by a student to initiate electronic fund transfers.

Regulation E Protections. Financial accounts marketed under either a T1 or T2 arrangement generally must comply with Regulation E. For financial accounts that are prepaid card accounts the Regulation E provisions applicable to payroll cards will apply.

Note: this post, despite its length, provides only a high level summary of the new DOE regulations and addresses only certain of those regulations. Every educational institution participating in a title IV, HEA program will need to be thoroughly familiar with all of the rules, preferably long before the July 1, 2016 effective date for most of these rules.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave | Attorney Advertising

Written by:

Bryan Cave

Bryan Cave on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.