Download: docx | pdf

SUPPORTING STATEMENT

FOR PAPERWORK REDUCTION ACT SUBMISSION

Process for FSA ID Account Creation for Individuals without a Social Security Number in Connection with Person Authentication Service (PAS)

Background

Public Law 89-329, Sections 401-495, the Higher Education Act of 1965, as amended (HEA), mandates that the Secretary of Education “…shall produce, distribute, and process free of charge common financial reporting forms as described in this subsection to be used for application and reapplication to determine the need and eligibility of a student for financial assistance...”.

Federal Student Aid (FSA), an office of the U.S. Department of Education (the Department), subsequently developed an application process to collect and process the data necessary to determine a student’s eligibility to receive Title IV, HEA program assistance. The application process involves an applicant’s submission of the Free Application for Federal Student Aid (FAFSA®). After submission and processing of the FAFSA, an applicant receives a FAFSA Submission Summary (FSS), which is a summary of the processed data they submitted on the FAFSA. The applicant reviews the FSS, and, if necessary, will make corrections or updates to their submitted FAFSA data.

In addition, Title IV, Part G of the HEA as amended by the 1998 Amendments to the HEA (P.L. 105-244) section 485B, requires the Secretary of Education to establish a National Student Loan Data System (NSLDS).

The Department made online accessibility to these services and information a major priority as part of its compliance with The Government Paperwork Elimination Act (GPEA), 44 USC 3504. Currently, students, applicants, parents, and borrowers can access FSA systems to enter, review or correct applications and loan information. They also interact online with FSA to sign Master Promissory Notes for federal student loans and Agreements to Serve for Teacher Education Assistance for College and Higher Education (TEACH) Grants. Due to the sensitivity of the personal and financial data entered into and available on FSA systems, FSA must ensure that only authorized users have access to the data. The legacy system, Personal Identification Number (PIN), was used to manage this access by requesting a user’s social security number, date of birth and last name along with a four-digit code. However, FSA recognized the need for improved access and identity management that did not require the use of Personally Identifiable Information (PII) for each authentication. The Inspector General’s Office recommended several changes to the PIN system, which resulted in a decision to replace the PIN system with Person Authentication Service (PAS).

PAS allows for creation of an FSA ID as a standard username and password solution. In order to create an FSA ID to gain access to FSA systems, a user must register online for an FSA ID account. The primary mechanism for authenticating a user is to match their social security number (SSN) to administrative records held at the Social Security Administration (SSA). However, the FAFSA Simplification Act of 2022 requires a process for authenticating users who do not have a SSN but are required to contribute to an application for financial assistance programs under Title IV of the HEA. For all customers, the FSA ID allows for a single identity, even if there is a name change or other change to PII.

1. Explain the circumstances that make the collection of information necessary. What is the purpose for this information collection? Identify any legal or administrative requirements that necessitate the collection. Include a citation that authorizes the collection of information. Specify the review type of the collection (new, revision, extension, reinstatement with change, reinstatement without change). If revised, briefly specify the changes. If a rulemaking is involved, list the sections with a brief description of the information collection requirement, and/or changes to sections, if applicable.

The Department is requesting an emergency clearance for this new information collection. Additionally, we are requesting that the full clearance package be filed at the same time and that the Department will initiate the 60-day public comment period upon notification of emergency approval.

The Department’s legal right to require Social Security Numbers (SSN) is found in section 484(a)(4)(B) of the HEA. This section states that an applicant must provide their SSN in order to be eligible for aid under the Federal Pell Grant, Federal Direct Loan, Federal Family Education Loan, Federal Supplemental Educational Opportunity Grant, TEACH Grant, Federal Work Study, and Federal Perkins Loan Programs. The Department is authorized to collect all the other information under sections 474, 475, 476, 477, 479, 480, and 483 of the HEA.

In addition to the requirement to collection SSNs, the Department is further required under the FAFSA Simplification Act of 2022 to provide a process to create authenticated access to the student financial assistance program applications for individuals who do not have a SSN but are required to contribute to an application. The Privacy Act (34 CFR 5b.5(b)(2)(i)) requires a set of documents or signed certification under the penalty of perjury to verify identities.

OMB Circular 130, Management of Federal Information Resources, establishes that “agencies will use electronic media and formats … in order to make government information more easily accessible and useful to the public”. The GPEA, 44 USC 3504, Title XVII, requires agencies, by October 21, 2003, to provide the option of electronic submission of information by the public. The Freedom to E-File Act, E-Government Act, and the President’s Management Agenda prescribe E-Government functions as alternatives to traditional paper-based processes.

The U.S. Department of Education has been a leader in government in making paper processes available electronically. Since the introduction of FAFSA on the Web and the FSA PIN for online authentication and access in the 1990’s, the paperwork completion burden on students, borrowers and parents has been reduced by millions of hours.

Conducting online transactions necessitates processes for authenticating and authorizing online users and completing transactions with an electronic equivalent to traditional ink signatures. The Privacy Act of 1974 at 5 U.S.C. 552A (e)(10) requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. The information collected for the creation of an FSA ID enables the electronic authentication and authorization of users for FSA web-based applications and information and protects users from unauthorized access to user accounts on all protected FSA sites.

Applicants, parents, and borrowers establish an FSA ID, which includes a username and password. The FSA ID is used for the purposes of verifying the identity of the user; allowing users to establish an account with FSA; safeguarding their personally identifiable and financial information; signing applications and loan related documents; providing users access to their information and applications; allowing users to customize or update their accounts with FSA; renewing or revoking a user’s account with FSA; and supporting the Federal Student Aid Information Center (FSAIC) help desk functions.

The specific questions that applicants are asked to answer in the FSA ID creation process are described separately in the Creating FSA-ID document, which explains the use of the questions in the application. As part of the standard process, user’s information is matched with information from the Social Security Administration (SSA) to confirm their SSA status.

In the event of individuals who do not have a SSN to match, they are instructed to the contact the Department and provide one of the following documents (U.S. State/Territory Driver’s License; U.S. State or City Identification Card; Foreign Passport; Municipal identification card; Community ID; or a Consular identification card) and a signed attestation of their identity under the penalty of perjury, as instructed by the Privacy Act.

This collection provides the process and application that individuals without a SSN may use to acquire an FSA ID to access the statutory and regulatory benefits of the Title IV, HEA student financial assistance programs.

This collection will work in conjunction with the Person Authentication Service (PAS), 1845-0131.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

The information used to create an FSA ID is collected through a voluntary online self-registration process from student and parent applicants and borrowers in order to provide them with authorized access to FSA systems. Users access the account creation site through an existing FSA system or website by clicking on the “Create Account” link. The information a user is required to provide to create an FSA ID is based on the information necessary to confirm their identity with the SSA, and for them to be able to manage their information in the case that the individual forgets their username and/or password.

The online self-registration process to obtain an FSA ID is a one-time information collection process. Individuals required to engage in the non-SSN authentication process will be required to submit their documents through a secured email transmission process.

The account information can be modified without the need of the user to re-register. By creating an FSA ID, a user provides the necessary information for FSA to electronically authenticate the individual and give them access to their information.

The electronic authentication of users protects them from individuals seeking to gain unauthorized access to user accounts on FSA systems and websites. An FSA ID is used to access the following web site or systems to apply or view loan information:

1. FAFSA On The Web (FOTW) - users complete their online version of the FAFSA and can view or correct their FAFSA Submission Summary (FSS)

2. NSLDS and StudentAid.gov - students/PLUS borrowers receive “real time” information on their financial aid history; applicants can agree to the conditions of their master promissory note or the Agreement to Serve or Repay for TEACH grants, and complete loan entrance or exit counseling and the Borrower Defense form. Customers can log in to submit feedback.

3. Federal Student Aid Information Center (FSAIC) Integrated Voice Response System (IVR) - students/borrowers perform account management activities via the FSAIC IVR.

FSA also uses the information to:

1. Conduct matches with the SSA to confirm their identity. This data match is processed by the Department’s Central Processing System (CPS).

2. Support customer assistance through the FSAIC and the FSA ID help desk.

3. Provide inputs into the Department’s Audit and Program Review Planning. Data on usage of FSA websites and applications are used to support assumptions for estimating the long-term budgets for the Federal student aid programs.

4. Support audit and investigations. Transactional and non-transactional data is sent on a monthly basis to the Office of Inspector General (OIG) for purposes of populating the OIG Data Analytic System (ODAS) Data Warehouse. The information is also used by FSA Security auditors and program reviewers as part of system and program audits.

All shared data is transmitted to a system that has an approved and valid Certification and Accreditation (C&A) Authority to Operate (ATO) in effect. In addition, the shared data is securely managed by requiring a Privacy Impact Assessment (PIA) and Interface Control documents.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or forms of information technology, e.g. permitting electronic submission of responses, and the basis for the decision of adopting this means of collection. Please identify systems or websites used to electronically collect this information. Also describe any consideration given to using technology to reduce burden. If there is an increase or decrease in burden related to using technology (e.g. using an electronic form, system or website from paper), please explain in number 12.

The collection of the registration information for an FSA ID is done through an online registration form. All technology used in creation of the FSA ID is compliant with the Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq), the National Institute of Standards and Technology (NIST) Special Publication 800-53, 800-37, and Federal Information Processing Standards (FIPS) publications 140-2 and 200.

There is not a paper-based form available to register for an FSA ID. Users must access the account creation site through an existing FSA application or website. Users complete and submit the self-registration forms electronically over the Internet. The registration process is self-explanatory; where instructions are needed, they are integrated within the website.

Individuals who do not have an SSN will be provided clear instructions, via email, on how to get their FSA ID account authenticated. Additional assistance is available by phone, chat and email at FSAIC if needed.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.

The Department reviewed its existing systems to identify any instances where required data is already collected or maintained. In those cases, the data used to create an account is pre-populated or is transmitted electronically to the other system reducing duplication and the overall data entry burden on the user.

5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden. A small entity may be (1) a small business which is deemed to be one that is independently owned and operated and that is not dominant in its field of operation; (2) a small organization that is any not-for-profit enterprise that is independently owned and operated and is not dominant in its field; or (3) a small government jurisdiction, which is a government of a city, county, town, township, school district, or special district with a population of less than 50,000.

The collection of eligibility information for the awarding of student aid does not impact small businesses.

6. Describe the consequences to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

If the collection is not conducted, there will be no adequate means to safeguard access to personal and financial information and verify the identity of the user. Student financial aid applicants will be prevented from access to statutory benefits. The Department will be hindered from advancing its own compliance with GPEA, be hindered from reducing the burden on its customers by providing the most timely and efficient way to request aid and loan information and will be unable to assure the confidentiality of user information.

7. Explain any special circumstances that would cause an information collection to be conducted in a manner:

• requiring respondents to report information to the agency more often than quarterly;

• requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;

• requiring respondents to submit more than an original and two copies of any document;

• requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;

• in connection with a statistical survey, that is not designed to produce valid and reliable results than can be generalized to the universe of study;

• requiring the use of a statistical data classification that has not been reviewed and approved by OMB;

• that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or that unnecessarily impedes sharing of data with other agencies for compatible confidential use; or

• requiring respondents to submit proprietary trade secrets, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information’s confidentiality to the extent permitted by law.

There are no special circumstances associated with this information collection. Users respond as needed. Registration occurs once and updates occur only when there is a change to user’s personal information such as address, last name, email address, or mobile phone number. By utilizing the FSA ID, the Department has instituted procedures to protect the information’s confidentiality. All technology used in creation of the FSA ID is compliant with NIST Special Publication 800-53, 800-37, and FIPS publications 140-2 and 200.

8. As applicable, state that the Department has published the 60 and 30 Federal Register notices as required by 5 CFR 1320.8(d), soliciting comments on the information collection prior to submission to OMB.

Include a citation for the 60 day comment period (e.g. Vol. 84 FR ##### and the date of publication). Summarize public comments received in response to the 60 day notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden. If only non-substantive comments are provided, please provide a statement to that effect and that it did not relate or warrant any changes to this information collection request. In your comments, please also indicate the number of public comments received.

For the 30 day notice, indicate that a notice will be published.

Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instruction and record keeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years – even if the collection of information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.

This is a request for a six-month emergency clearance of the information collection process to allow the Department to collect information from applicants to safeguard access to personal and financial information and verify the identity of the user.

The Department has requested an emergency approval from the Office of Management and Budget by December 20, 2023. Included in the emergency notice that will be sent to the Federal Register is the request for a 60-day public comment period as is required for the full 3 year clearance package.

The updated clearance package will be submitted to OMB after the 60 day public comment period has ended and a 30-day Federal Register notice has been published in order to allow for full public comment on the process. The updated package will include a description of public comments received, the Department’s response to those comments, and a discussion of whether the public feedback was adopted, and why or why not.

The form included with this submission was originally developed with input from schools, guaranty agencies, servicers, lenders, and borrower advocacy groups. In developing the form included with this submission, the Department considered recommendations from its Direct Loan servicers.

8. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees with meaningful justification.

There are no payments or gifts for the completion and/or submission of the application.

8. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy. If personally identifiable information (PII) is being collected, a Privacy Act statement should be included on the instrument. Please provide a citation for the Systems of Record Notice and the date a Privacy Impact Assessment was completed as indicated on the IC Data Form. A confidentiality statement with a legal citation that authorizes the pledge of confidentiality should be provided.¹ If the collection is subject to the Privacy Act, the Privacy Act statement is deemed sufficient with respect to confidentiality. If there is no expectation of confidentiality, simply state that the Department makes no pledge about the confidentiality of the data. If no PII will be collected, state that no assurance of confidentiality is provided to respondents. If the Paperwork Burden Statement is not included physically on a form, you may include it here. Please ensure that your response per respondent matches the estimate provided in number 12.

FSA protects and holds confidential the information it collects in accordance with the following Department and OMB policies: Privacy Act of 1974, OMB Circular A-108 – Privacy Act Implementation – Guidelines and Responsibilities, OMB Circular A-130 Appendix I – Federal Agency Responsibilities for Maintaining Records About Individuals, OMB M-03-22 – OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, OMB M-06-15 – Safeguarding Personally Identifiable Information, OM:6-104 – Privacy Act of 1974 (Collection, Use and Protection of Personally Identifiable Information). FSA will not make any disclosure of the information to agencies or individuals outside this department unless previously stated in the Routine Uses section of the System of Records Notice for the Person Authentication Service (PAS), as required by law or written consent accompanies the request. A Privacy Act statement is included as part of the account creation process and is also included on the identity attestation form that will be submitted by individuals without an SSN.

8. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. The justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.

There are no questions of a sensitive nature in this collection of information.

8. Provide estimates of the hour burden for this current information collection request. The statement should:

• Provide an explanation of how the burden was estimated, including identification of burden type: recordkeeping, reporting or third party disclosure. Address changes in burden due to the use of technology (if applicable). Generally, estimates should not include burden hours for customary and usual business practices.

• Please do not include increases in burden and respondents numerically in this table. Explain these changes in number 15.

• Indicate the number of respondents by affected public type (federal government, individuals or households, private sector – businesses or other for-profit, private sector – not-for-profit institutions, farms, state, local or tribal governments), frequency of response, annual hour burden. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than 10) of potential respondents is desirable.

• If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burden in the table below.

• Provide estimates of annualized cost to respondents of the hour burdens for collections of information, identifying and using appropriate wage rate categories. Use this site to research the appropriate wage rate. The cost of contracting out or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 14. If there is no cost to respondents, indicate by entering 0 in the chart below and/or provide a statement.

The currently approved collection for the standard FSA ID account creation (1845-0131) details the burden estimate associated with standard account creation process. However, the standard FSA ID online registration form is neither complex nor long. Based upon repeated trials of the FSA ID system, it is estimated that it takes a registrant a maximum of 15 minutes (.25 hours) to register for the first time.

To complete the non-SSN process of the FSA ID account creation, the Department estimates the following additional time and effort will be needed. Based on repeated trials, it is estimated that the non-SSN process will take an additional 20 minutes (0.33 hours) to complete. The 20 minute time estimates is based on the time needed to contact a customer service representative, collect requirement documents, and submit them for validation. This is in addition to the 15 minutes it will take an individual to submit the standard FSA ID application.

The estimated additional annual burden is based on the estimated number of total individuals expected to go through the non-SSN account creation process multiplied by the maximum time required to complete the additional process. The estimates presented on the number of individuals who will be required to go through the non-SSN supplemental process are based on historical records from 2020-2023.

Estimated Annual Burden and Respondent Costs Table

Information Activity or IC (with type of respondent)	Number of Respondents	Number of Responses	Average Burden Hours per Response	Total Annual Burden Hours	Estimated Respondent Average Hourly Wage	Total Annual Costs (hourly wage x total burden hours)
Individual – Non SSN Process	3,500	3,500	.33	1,155	$22.26	$25,710
Annualized Totals	3,500	3,500		1,155		$25,710

Note that this burden estimates are in addition to the burden estimates that are captured in the current PAS standard process.

For individuals we have used the median hourly wage for all occupations, $22.26 per hour according to BLS. https://www.bls.gov/oes/current/oes_nat.htm#00-0000 .

Please ensure the annual total burden, respondents and response match those entered in IC Data Parts 1 and 2, and the response per respondent matches the Paperwork Burden Statement that must be included on all forms.

8. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14.)

• The cost estimate should be split into two components: (a) a total capital and start-up cost component (annualized over its expected useful life); and (b) a total operation and maintenance and purchase of services component. The estimates should take into account costs associated with generating, maintaining, and disclosing or providing the information. Include descriptions of methods used to estimate major cost factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software; monitoring, sampling, drilling and testing equipment; and acquiring and maintaining record storage facilities.

• If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of contracting out information collection services should be a part of this cost burden estimate. In developing cost burden estimates, agencies may consult with a sample of respondents (fewer than 10), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection, as appropriate.

• Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information or keep records for the government or (4) as part of customary and usual business or private practices. Also, these estimates should not include the hourly costs (i.e., the monetization of the hours) captured above in Item 12.

Total Annualized Capital/Startup Cost :

Total Annual Costs (O&M) :____________________

Total Annualized Costs Requested :

Other than the costs shown in Item 14, there is no annual cost burden to respondents or record keepers.

8. Provide estimates of annualized cost to the Federal government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), and any other expense that would not have been incurred without this collection of information. Agencies also may aggregate cost estimates from Items 12, 13, and 14 in a single table.

The supplemental non-SSN process has a one-time costs of 0.5 million. The ongoing support and maintenance of the process as well as the costs of staffing are absorbed in a current fixed price servicing contract and would not have any additional costs. Future development costs and ongoing support will be absorb by the standard FSA ID process and clearance.

8. Explain the reasons for any program changes or adjustments. Generally, adjustments in burden result from re-estimating burden and/or from economic phenomenon outside of an agency’s control (e.g., correcting a burden estimate or an organic increase in the size of the reporting universe). Program changes result from a deliberate action that materially changes a collection of information and generally are result of new statute or an agency action (e.g., changing a form, revising regulations, redefining the respondent universe, etc.). Burden changes should be disaggregated by type of change (i.e., adjustment, program change due to new statute, and/or program change due to agency discretion), type of collection (new, revision, extension, reinstatement with change, reinstatement without change) and include totals for changes in burden hours, responses and costs (if applicable).

This new request for approval of this collection is due to legislative changes under the FAFSA Simplification Act of 2020. New legislative language require the development of a process to allow individuals with no SSN to contribute to applications for student financial assistance programs. This process supplements the currently approved FSA ID account creation process which is a result of the Department’s action to improve user access and security of systems that include personal and financial information used to determine federal student aid eligibility.

	Program Change Due to New Statute	Program Change Due to Agency Discretion	Change Due to Adjustment in Agency Estimate
Total Burden	1,155
Total Responses	3,500
Total Costs (if applicable)

8. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

The results of the collected information will not be published for tabulation or publication.

8. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

The expiration date for OMB approval of the information collection will be displayed.

8. Explain each exception to the certification statement identified in the Certification of Paperwork Reduction Act.

Exceptions to the certification requirement are not requested for this information collection.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Supporting Statement Part A
Author	Authorised User
File Modified	0000-00-00
File Created	2023-12-22