• Information Security and Confidentiality 
  • Administrative Policies and Procedures Manual - Policy 2500: Acceptable Information and Information System Use 
  • Administrative Policies and Procedures Manual - Policy 2520: Accessing and Safeguarding Personally Identifiable and Controlled Information 
  • Administrative Policies and Procedures Manual - Policy 2550: Information Security 

• Clery 
  • Administrative Policies and Procedures Manual - Policy 2745: Clery Act Compliance 

• Minors on Campus 
  • Administrative Policies and Procedures Manual - Policy 2205: Minors on Campus 

• Title IV of the Higher Education Act requires all institutions that process U.S. federal student aid to disclose semiannually to the U.S. Department of Education (Ed) specific financial transactions with Foreign Sources, pursuant to Section 117. The requirement states, in relevant part: “Whenever any institution is owned or controlled by a Foreign Source or receives a Gift from or enters into a Contract with a Foreign Source, the value of which is $250,000 or more, considered alone or in combination with all other Gifts from or Contracts with that Foreign Source within a calendar year, the institution shall file a disclosure report with the Secretary on January 31 or July 31, whichever is sooner.”  

• Reportable data: To comply with federal law and reporting requirements, UNM must collect and properly evaluate all Gifts and Contracts it receives from Foreign Sources to determine if federal reporting thresholds have been met. All individuals, departments, and units must submit semiannually via the reporting form, accurate and timely reporting of Gifts or Contracts from any Foreign Source at the time the Gift or Contract is finalized. Gifts must be recorded at the time the Gift is received. Contract values must be recorded at the time the Contract is executed or, if the Contract amount is not determinable at the time the Contract is executed, then amounts must be recorded at the time they are received. Units are responsible for recording the following information at a minimum: 
  • Dates of transactions 
  • Values 
  • Amounts 
  • Source name and type 
  • Source address (including country) 
  • Type of transaction (i.e., Gift or Contract) 
  • Intermediaries (for Gifts) or domestic parties (for Contracts); and 
  • Start and end date(s) for Contracts  

• Definitions: The following definitions apply for the purposes of this policy and compliance with Section 117.   

• Contract has the meaning given at 20 U.S.C. §1011(f)(h)(1) as any agreement for the acquisition by purchase, lease, or barter of property or services by the Foreign Source, for the direct benefit or use of either of the parties. 
• Foreign Source has the meaning given at 20 U.S.C. §1011(f)(h)(2) as any one of the following: 
  • a foreign government, including an agency of a foreign government; 
  • a legal entity, governmental or otherwise, created solely under the laws of a foreign state or states; 
  • an individual who is not a citizen or a national of the United States or a trust territory or protectorate thereof; and 
  • an agent, including a subsidiary or affiliate of a foreign legal entity, acting on behalf of a Foreign Source. Gift has the meaning given at 20 U.S.C. §1011(f)(h)(3) The voluntary transfer of money or property by a Foreign Source made without consideration. Subsidiary Any entity that is owned or majority controlled by UNM.  

• Office of Postsecondary Education Identification (OPEID) 
  • List all 
  • Is the institution, or any part thereof, owned or substantially controlled by a foreign source? (Y/N) 
    • If yes, then identify: 
      • The foreign source 
      • The date on which the foreign source assumed ownership or control 
      • Any changes in program or structure resulting from the change in ownership or control 

• Gifts from a foreign entity 
  • Name of foreign entity 
  • Is the gift from a foreign government, including but not limited to, any agency of a foreign government? (Y/N) 
    • If yes, provide the name of the foreign government 
  • Is the gift from a legal entity, governmental or otherwise, created solely under the laws of a foreign state or states? (Y/N) 
  • Is the gift from an individual who is not a citizen or a national of the United States or a trust territory or protectorate thereof? (Y/N) 
  • Is the gift from a person, including a subsidiary or affiliate of a foreign legal entity, who acts as an agent of a foreign government, a legal entity created solely under the laws of a foreign state or states, or an individual who is not a citizen or national of the United States or a trust territory or protectorate thereof? (Y/N) 
    • If yes, provide the name of the foreign government, legal entity, individual, or person. 

• Foreign source address including country of origin 
  • For gifts received from a foreign source other than a foreign government, the country of citizenship, or if unknown, the principal residence for a foreign source who is a natural person, and the country of incorporation, or if unknown, the principal place of business for a foreign source which is a legal entity. 

• Gift 
  • Amount. 
  • Date received. 

• Recipient, including any and all 
  • Contracts with a foreign entity 
    • Name of the foreign entity 
    • Is the contract with a foreign government, including but not limited to any agency of a foreign government? (Y/N) 
      • If yes, provide the name of the foreign 
    • Is the contract with a legal entity, governmental or otherwise, created solely under the laws of a foreign state or states? (Y/N) 
    • Is the contract with an individual who is not a citizen or a national of the United States or a trust territory or protectorate thereof? (Y/N) 
    • Is the contract with a person, including a subsidiary or affiliate of a foreign legal entity, who acts as an agent of a foreign government, legal entity created solely under the laws of a foreign state or states, or individual who is not a citizen or national of the United States or a trust territory or protectorate thereof? (Y/N) 
      • If yes, provide the name of the foreign government, legal entity, individual, or person. 
    • Foreign source address including country of entity 

• For contracts with a foreign source other than a foreign government, the country of citizenship, or if unknown, the principal residence for a foreign source who is a natural person, and the country of incorporation, or if unknown, the principal place of business for a foreign source which is a legal entity. 
  • Domestic party 
  • Contract 
    • Amount. 
    • Contract start date. 
    • Contract end date. 

• Restricted or conditional gifts from a foreign entity 
  • Name of the foreign entity 
    • Is the gift from a foreign government, including but not limited to any agency of a foreign government? (Y/N) 
      • If yes, provide the name of the foreign entity 
    • Is the gift from a legal entity, governmental or otherwise, created solely under the laws of a foreign state or states? (Y/N) 
    • Is the gift from an individual who is not a citizen or a national of the United States or a trust territory or protectorate thereof? (Y/N) 
    • Is the gift from a person, including a subsidiary or affiliate of a foreign legal entity, who acts as an agent of a foreign government, a legal entity created solely under the laws of a foreign state or states, or an individual who is not a citizen or national of the United States or a trust territory or protectorate thereof? (Y/N) 
    • If yes, provide the name of the foreign government, legal entity, individual, or person. 

• Foreign source address including country of entity 
  • For gifts received from a foreign source other than a foreign government, the country of citizenship, or if unknown, the principal residence for a foreign source who is a natural person, and the country of incorporation, or if unknown, the principal place of business for a foreign source which is a legal entity. 

• Restricted or conditional gift 
  • Amount. 
  • Date received. 
  • Detailed description of all conditions or restrictions. 
  • Specific restricted or conditional gift 
    • Do the restrictions or conditions concern or relate to the employment, assignment, or termination of faculty? (Y/N) 
    • Do the restrictions or conditions concern or relate to the establishment of departments, centers, research or lecture programs, or new faculty positions? (Y/N) 
    • Do the restrictions or conditions concern or relate to the selection or admission of students? (Y/N) 
    • Do the restrictions or conditions concern or relate to the award of grants, loans, scholarships, fellowships, or other forms of financial aid restricted to students of a specified country, religion, sex, ethnic origin, or political opinion? (Y/N) 
  • Recipient, including any and all 

• Restricted or conditional contracts with a foreign entity 
  • Name of the foreign entity 
    • Is the contract with a foreign government, including but not limited to any agency of a foreign government? (Y/N) 
      • If yes, provide the name of the foreign 
    • Is the contract with a legal entity, governmental or otherwise, created solely under the laws of a foreign state or states? (Y/N) 
    • Is the contract with an individual who is not a citizen or a national of the United States or a trust territory or protectorate thereof? (Y/N) 
    • Is the contract with a person, including a subsidiary or affiliate of a foreign legal entity, who acts as an agent of a foreign government, a legal entity created solely under the laws of a foreign state or states, or an individual who is not a citizen or national of the United States or a trust territory or protectorate thereof? (Y/N) 
      • If yes, provide the name of the foreign government, legal entity, individual, or person. 
  • Foreign source address including country of entity 
    • For contracts with a foreign source other than a foreign government, the country of citizenship, or if unknown, the principal residence for a foreign source who is a natural person, and the country of incorporation, or if unknown, the principal place of business for a foreign source which is a legal entity. 
    • Domestic 
• Restricted or conditional contract 
  • Amount. 
  • Contract start date. 
  • Contract end date. 
  • Narrative description of all conditions or restrictions 
  • Specific restricted or conditional contract 
    • Do the restrictions or conditions concern or relate to the employment, assignment, or termination of faculty? (Y/N) 
    • Do the restrictions or conditions concern or relate to the establishment of departments, centers, research or lecture programs, or new faculty positions? (Y/N) 
    • Do the restrictions or conditions concern or relate to the selection or admission of students? (Y/N) 
    • Do the restrictions or conditions concern or relate to the award of grants, loans, scholarships, fellowships, or other forms of financial aid restricted to students of a specified country, religion, sex, ethnic origin, or political opinion? (Y/N) 

• Acknowledgement: This information collection is subject to 18 U.S.C. §1001, which provides that whoever knowingly and willfully falsifies, conceals, or covers up by any trick, scheme, or device a material fact; makes any materially false, fictitious, or fraudulent statement or representation; or makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry, may be subject to fines and imprisonment. (Y/N) 
• Appendix B 

• Q1: Are institutions required to report contracts involving purchases made by institutions from foreign sources, such as equipment purchased by an institution from a foreign source? 
  • A1: Section 20 U.S.C. §1011(f)(h)(1) defines “contract” as “any agreement for the acquisition by purchase, lease, or barter of property or services by the foreign source, for the direct benefit or use of either of the parties.” The Department is bound by the statutory text, construed in context and with a view to the words’ place in the statutory scheme. Although the Department must follow statutory text and not legislative history, we note the legislative history provides an example of a type of contract that would not have to be reported: an arms-length transaction in which an institution purchased equipment from a foreign source or leased property from a foreign source. Based on the language “any agreement for the acquisition…by the foreign source […]” the Department interprets the definition to exclude a contract involving the transfer of funds from an institution to a foreign source. We note, however, that each transaction should be evaluated independently. 

• Q2: Are institutions required to disclose payments of tuition and fees for foreign students paid directly by the student, or under certain circumstances, paid by other individuals, institutions, or governments? 
  • A2: We generally consider instances where a foreign source pays tuition for a student or students to meet the definition of a “contract” under Section 117(h)(1). An institution would only need to report this type of contract if the $250,000 threshold is met by a given foreign source. We note the threshold would likely be met in situations where a foreign source pays tuition for multiple students, and the aggregate amount exceeds the $250,000 threshold. 

• Q3: Are institutions required to report contracts involving an intellectual property license fee from a foreign licensee of a University patent or data or materials to be transferred for use in research? 
  • A3: While each transaction should be evaluated independently, intellectual property license fees from a foreign licensee of a University patent and data or materials to be transferred via purchase, lease, or barter for use in research would generally be included in the statutory definition of “contract.” 

• Q4: Is an institution required to report the maximum potential amount of the contract once it is executed or wait to report the contract once the institution receives payments that reach the $250,000 reporting threshold? 
  • A4: Section 117(a) requires that whenever an institution “enters into a contract with a foreign source, the value of which is $250,000 or more, considered alone or in combination with all other contracts with that foreign source within a calendar year,” it must be disclosed. (emphasis added). Therefore, whether a particular contract must be reported by an institution depends upon whether the value of the contract when it is signed, combined with the value of all other gifts and contracts with that foreign source, meets or exceeds the statutory threshold. Given the valuation challenges presented by certain contracts (e.g., indefinite delivery/indefinite quantity contracts), institutions may wish to consider simply reporting contracts whose values could meet or exceed the statutory threshold to avoid potential non- compliance. 

• Q5: How should institutions value property? 
  • A5: In general, the value of property should be the fair market value of the property. 

• Q6: Are institutions required to report gifts and contracts involving organizations outside of the direct control of an institution, such as alumni associations, athletic booster clubs, student clubs, and affiliated groups? 
  • A6: An institution receiving the benefit of a gift from or a contract with a foreign source, even if through an intermediary, must disclose the gift or contract. Additionally, where a legal entity (e.g., a foundation) operates substantially for the benefit or under the auspices of an institution, there is a rebuttable presumption that when that legal entity receives money or enters into a contract with a foreign source, it is for the benefit of the institution, and, thus, must be disclosed. Institutions have a duty, under Section 117, to conduct reasonable due diligence when they receive the benefit of a contract or gift from any entity to determine whether the gift or contract is from or with a foreign source. If they do receive such a benefit and it meets the threshold amount, they must report the item to the Department. However, institutions are not required to report any gift to or contract between a foreign source and an entity if the institution did not receive a benefit from the gift or contract. 

• Q7: How is the term “intermediary” defined? 
  • A7: For purposes of Section 117 reporting, an intermediary is an entity other than an institution that receives a gift originating from a foreign source or enters into a contract with a foreign source. 

• Q8: How must an institution report the names and addresses of anonymous donors when it is nearly impossible for an institution to obtain the name or address of an anonymous donor? 
  • A8: An institution is required to report the names and addresses of anonymous donors to the extent that the institution has or could reasonably obtain the donor’s identity. However, in all instances, including gifts and contracts involving anonymous parties, the Department will withhold a party’s name and address (excepting country) from becoming part of the public disclosure report. Institutions must make a reasonable effort to obtain a donor’s identity. The reasonableness standard is well established by law. 

• It is the policy of the University of New Mexico, to the extent required under Title VI of the Civil Rights Act of 1964 § 2000d and Executive Order 13166, to ensure that our programs and activities, normally provided in English, are accessible to Limited English Proficiency (“LEP”) persons. Consistent with the law, the University will provide appropriate alternative. 

• Human Trafficking, also known as trafficking in persons, involves the recruitment, transportation, transfer, harboring, or receipt of persons through force, fraud, or coercion for the purposes of exploitation in forced labor or commercial sexual exploitation. Human trafficking is the second largest criminal industry worldwide and affects the most vulnerable in our societies, with more than 25 million people enslaved. Seventy percent of identified victims are women and girls.   
• The United States has long had a policy prohibiting Government employees and contractor personnel from engaging in trafficking in persons activities, including severe forms of trafficking in persons. “Severe forms of trafficking in persons” is defined in section 103 of the Trafficking Victims Protection Act of 2000 (TVPA) 22 U.S.C. §7102 to include the recruitment, harboring, transportation, provision, or obtaining of a person for labor or services, using force, fraud, or coercion for the purpose of subjection to involuntary servitude, peonage, debt bondage, or slavery, and sex trafficking.[1]   
• On January 29, 2015, the U.S. Government released a final rule amending the Federal Acquisition Regulation (“FAR”). The final rule reflects changes to proposed amendments originally released in September 2013. The final rule is intended to implement Executive Order 13627 (“Strengthening Protections Against Trafficking in Persons in Federal Contracts”) and Title XVII of the National Defense Authorization Act for Fiscal Year 2013 (“Ending Trafficking in Government Contracting”). The stated purpose of the new regulation is to create a stronger framework for compliance by imposing additional requirements for awareness, compliance, and enforcement.   
• In addition, the state of New Mexico created the Human Trafficking Task Force in the New Mexico Attorney General’s Office. This task force is a federally funded collaborative task force of local, state, tribal, and federal law enforcement agencies from around the state. The purpose of the task force is to combat all forms of human trafficking within New Mexico.[2]    

• Finally, the U.S. Department of Education recognizes these facts and stands ready to support America's schools in preventing, responding to, and helping students recover from human trafficking. It is fitting that schools take on this challenge; of all social institutions, schools are perhaps the best positioned to identify and report suspected trafficking and connect affected students to critical services.[3]   
• University of New Mexico Anti-Trafficking Policy 
  • Reason for Policy   
    • Federal law, state law, and the University of New Mexico (UNM) policy prohibit human trafficking in all forms. Federal law requires that an anti-trafficking compliance program be in place for any federal contractors and sub-contractors where the estimated value of the supplies acquired, or services required to be performed outside the United States exceeds $500,000. This policy was derived from the federal government’s zero tolerance policy for human trafficking (48 FAR 52.222-50). 
  • Applicability   
    • All UNM employees must read and adhere to this policy. In addition, UNM contracted consultants and subcontractors are required to adhere to this policy to the extent required by contract of law.    
  • Policy Statement   
    • The University of New Mexico has a zero-tolerance policy on trafficking in persons. Trafficking of people includes:   
      • Recruitment, transportation, transfer, harboring, or receipt of persons, by means of the threat or use of force or other forms of coercion, of abduction, of fraud, of deception, of the abuse of power or of a position of vulnerability or of the giving or receiving of payments or benefits to achieve the consent of a person having control over another person, for the purpose of exploitation.    
      • Exploitation includes, at a minimum, the exploitation of the prostitution of others or other forms of sexual exploitation, forced labor or services, slavery, or practices similar to slavery, servitude, or the removal of organs.  
      • UNM employees are prohibited from engaging in any of the following types of trafficking related activities:   
        • Engage in any form of trafficking in persons during the performance of their employment or contract with UNM;   
        • Procure commercial sex acts during the performance of their employment or contract with UNM;   
        • Used forced labor in the performance of the contract or subcontract;   
        • Using misleading or fraudulent recruitment practices during the recruitment of employees, such as failing to disclose basic information or making material misrepresentations regarding the key terms and conditions of employment, including wages and fringe benefits, the location of work, living conditions and housing (if employer provided or arranged), any significant costs to be charged to the employee, and, if applicable, the hazardous nature of the work;   
        • Charging employees recruitment fees;   
        • Destroying, concealing, confiscating, or otherwise denying employees access to their identity documents, such as passports or drivers’ licenses;   
        • Providing or arranging housing that fails to meet the host country house and safety standards;   
        • For portions of contracts and subcontracts:   
          • Performed outside the United States, failing to pay return transportation costs upon the end of employment, for an employee who is not a national of the country in which the work is taking place and who was brought into that country for the purpose of working on a U.S. Government contract or subcontract;   
          • Failing to pay return transportation costs upon the end of employment, for an employee who is not a national of the country in which the work is taking place and who was brought into that country for the purpose of working on a U.S. Government contract or subcontract, if the payment of such costs is required under existing temporary worker programs or pursuant to a written agreement with the employee;    
        • Other specific activities that the Federal Acquisition Regulation (FAR) Council identifies as directly supporting or promoting trafficking individuals, the procurement of commercial sex acts, or the use of forced labor in the performance of the contract or subcontract;   
        • The requirements set forth in 8(a) and 8(b) above shall not apply to the following:   
          • An employee who is legally permitted to remain in the country of employment and who chooses to do so; or   
          • An employee who is a victim of trafficking and is seeking victim services or legal redress in the country of employment, or an employee who is a witness in a trafficking-related enforcement action.    
  • Policy Violations   
    • The University is required to and will act on violation of the U.S. Government’s and State of New Mexico’s zero tolerance policy, including, but not limited to:   
      • Removing the violating employee from working on any applicable contract;    
      • Reduction in benefits for the violating employee; or   
      • Imposing actions related to employment, up to and including the termination of employment with UNM, in accordance with University Administrative Policies 3215 and Faculty Handbook Policy C09.   
  • Reporting   
    • UNM Employees may report without fear of retaliation, activity inconsistent with this policy, by contacting UNM’s Compliance Reporting Hotline call 1-888-899-6092, by visiting the UNM Compliance Hotline Website at, http://compliance.unm.edu/compliance-hotline/, or by visiting UNM’s Office of Compliance, Ethics & Equal Opportunity (CEEO). All Hotlines are anonymous reporting as permitted by applicable law.    

[1]https://www.federalregister.gov/documents/2015/01/29/2015-01524/federal-acquisition-regulation-ending-trafficking-in-persons   

[2]https://www.nmag.gov/human-trafficking-task-force.aspx   

[3]https://www.ed.gov/human-trafficking    

• The Gramm-Leach-Bliley Act (GLBA)[1] is also known as the Financial Services Modernization Act of 1999. The law was originally passed to allow different types of financial institutions to merge. These mergers created new challenges and risks in protecting financial information. GLBA includes rules on how financial institutions must protect consumer financial information. GLBA is under the purview of the Federal Trade Commission.   
• The Student Aid Internet Gateway allows authorized entities, including higher education institutions, to exchange data electronically with the U.S. Department of Education (DOE).[2]  
• Application to Higher Education  
  • In 2015 and 2016, the (DOE) and Student Financial Aid Office (SFA) issued Dear Colleague Letters[3] indicating that Title IV institutions[4] must comply with the provisions of the GLBA and the Student Aid Internet Gateway (SAIG) because they maintain student financial data and information. The Dear Colleague Letters indicate that higher education institutions must protect students’ Personally Identifiable Information (PII) by adopting strong data security policies and procedures that comply with GLBA and SAIG. In 2019, SFA also incorporated GLBA requirements into educational institution annual federal audits. Incorporating data protection requirements into SFA audits clarifies UNM’s requirement for adherence to GLBA and SAIG.  
  • In 2020, the SFA issued Enforcement Guidance[5] stating that it will hold institutions responsible for fulfilling GLBA requirements. Consequences for failure to adhere to GLBA can include fines, temporarily disablement of an institutions access to the DOE information systems, and loss of federal financial aid.   

• GLBA  
  • As stated in 16 C.F.R. § 314.4[6], the GLBA compliance process for educational institutions must, among other things:  
    • Develop, implement, and maintain a comprehensive information security program and adjust the program in light of results of testing and monitoring.  
    • Designate a qualified individual responsible for overseeing, implementing, and enforcing an information security program.  
    • Conduct risk assessments periodically and implement additional controls to mitigate identified risks. 
    • Regularly test and monitor the effectiveness of the controls, systems and procedures including those to detect actual and attempted attacked on, or intrusions into information systems.  
    • Implement policies and procedures to ensure that personnel can enact the information security program.  
    • Timely identify and address system vulnerabilities.  
    • Develop a written incident response plan.  
  • In addition, the GLBA Safeguards rule was updated in December, 2021. The Safeguards rule became effective January, 2022, and compliance with the updated rule is required by 12/09/2022, and the rule includes several new requirements.  

• SAIG  
  • As part of compliance with SAIG, a Title IV participating institution must ensure that all federal student aid applicant data is protected from access by or disclosure to unauthorized personnel. This includes:  
    • Assessing the risk and magnitude of harm that could result from unauthorized access, use, disclosure, or disruption of information or information systems.  
    • Determining the levels of information security appropriate to protect information and information systems.  
    • Implementing policies and procedures to reduce risks.  
    • Regularly testing and evaluation of information security controls.  
  • The SAIG Agreement also includes a provision that indicates that in the event of an unauthorized disclosure or actual or suspected breach of information or PII, the institution must immediately notify SFA at CPSSAIG@ed.gov.    

• UNM Response 
  • In response to GLBA and SAIG requirements for protection of student financial and PII, UNM has done the following:  
    • Identified Jeff Gassaway, Information Security and Privacy Officer and Duane Arruti, UNM’s CIO as the qualified individuals responsible for overseeing and implementing UNM’s information security program.   
    • Created a project to organize the work of aligning UNM’s practices to the updated GLBA and SAIG requirements. The project is led by UNM process owners for student records and for student financial aid. Among other work, for primary and secondary systems subject to GLBA, the group is:  
    • Developing an inventory of such systems  
    • Conducting a risk assessment of such systems  
    • Confirming institutional processes covered by the updated regulations  
    • Identifying controls to detect and minimize or prevent unauthorized PII disclosures or data breeches, and  
    • Developing and submitting a risk management plan for any gaps identified by the project team  
        

[1]https://www.congress.gov/bill/106th-congress/senate-bill/900/text  

[2]FSSAIGOverviewContactInfo.pdf (ed.gov)  

[3]GEN1612.pdf (ed.gov) and GEN1518.pdf. A Dear Colleague Letters is an official correspondence from the  department or agency (in this case DOE), that conveys guidance regarding federal programs.    

[4] Title IV of the Higher Education Act of 1965 as Amended applies to all institutions that receive federal student financial aid.  

[5]Enforcement of Cybersecurity Requirements under the Gramm-Leach-Bliley Act | Knowledge Center  

[6]https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314/section-314.4