|
| | 104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026
HB4229 Introduced 1/14/2026, by Rep. Katie Stuart SYNOPSIS AS INTRODUCED:
| | | Creates the Higher Education Enrollment Fraud Act. Requires the Board of Higher Education to convene a working group to develop policies and procedures for institutions of higher education to prevent fraudulent enrollment in online courses for the purpose of gaining access to financial aid, campus information technology systems, and student support services. Requires each institution of higher education to complete an annual cybersecurity self-assessment of its information technology infrastructure to determine its Information Technology Laboratory score and annually report local and systemwide technology and data security measures that support improved oversight of fraud mitigation, online learning quality, and cybersecurity efforts to the Board. Requires the self-assessment and report to be submitted to the Board by December 15, 2026 and each December 15 thereafter and the Board to compile a report of these submissions and submit that report to the General Assembly by January 15, 2027 and each January 15 thereafter. Includes other information an institution of higher education must submit related to enrollment fraud. Effective immediately. |
| |
| | | STATE MANDATES ACT MAY REQUIRE REIMBURSEMENT
MAY APPLY
| |
| | A BILL FOR |
|
|
| | HB4229 | | LRB104 16470 LNS 29865 b |
|
|
| 1 | | AN ACT concerning education.
|
| 2 | | Be it enacted by the People of the State of Illinois, |
| 3 | | represented in the General Assembly:
|
| 4 | | Section 1. Short title. This Act may be cited as the Higher |
| 5 | | Education Enrollment Fraud Act.
|
| 6 | | Section 5. Definition. As used in this Act, "institution |
| 7 | | of higher education" means any public or private college or |
| 8 | | university located in this State, including a public community |
| 9 | | college.
|
| 10 | | Section 10. Enrollment fraud working group. |
| 11 | | (a) The Board of Higher Education shall convene a working |
| 12 | | group, consisting of representatives the Board deems |
| 13 | | necessary, to develop policies and procedures for institutions |
| 14 | | of higher education to prevent fraudulent enrollment in online |
| 15 | | courses for the purpose of gaining access to financial aid, |
| 16 | | campus information technology systems, and student support |
| 17 | | services. The Board shall submit a report of its findings to |
| 18 | | the General Assembly by January 15, 2027. |
| 19 | | (b) This Section is repealed on January 15, 2028.
|
| 20 | | Section 15. Required self-assessment. |
| 21 | | (a) Each institution of higher education shall complete an |
|
| | HB4229 | - 2 - | LRB104 16470 LNS 29865 b |
|
|
| 1 | | annual cybersecurity self-assessment of its information |
| 2 | | technology infrastructure to determine its Information |
| 3 | | Technology Laboratory score and annually report local and |
| 4 | | systemwide technology and data security measures that support |
| 5 | | improved oversight of fraud mitigation, online learning |
| 6 | | quality, and cybersecurity efforts to the Board of Higher |
| 7 | | Education. The self-assessment shall include, but not be |
| 8 | | limited to, the following information: |
| 9 | | (1) the amount of fraudulent student enrollments |
| 10 | | reported since the COVID-19 pandemic that began in March |
| 11 | | 2020 or since the previous self-assessment; |
| 12 | | (2) the percentage of fraudulent enrollments among |
| 13 | | total enrollments; |
| 14 | | (3) any trends or patterns that can be identified in |
| 15 | | fraudulent enrollments, including preferred course types, |
| 16 | | such as online, in-person, or hybrid; |
| 17 | | (4) the amount of financial aid that has been |
| 18 | | disbursed to fraudulent students annually since the |
| 19 | | COVID-19 pandemic that began in March 2020 or since the |
| 20 | | previous self-assessment; |
| 21 | | (5) the estimated financial loss due to fraudulent |
| 22 | | enrollments; |
| 23 | | (6) the specific costs associated with fraud |
| 24 | | prevention, including systemwide expenditures on |
| 25 | | cybersecurity, admissions verification, and |
| 26 | | administrative oversight; |
|
| | HB4229 | - 3 - | LRB104 16470 LNS 29865 b |
|
|
| 1 | | (7) how fraudulent enrollments have impacted the |
| 2 | | distribution of State funding to the institution of higher |
| 3 | | education; |
| 4 | | (8) any strategies the institution of higher education |
| 5 | | has implemented to detect and prevent fraudulent |
| 6 | | enrollments; |
| 7 | | (9) any barriers that prevent the institution of |
| 8 | | higher education from effectively addressing fraudulent |
| 9 | | enrollments; |
| 10 | | (10) if any classes have been canceled due to |
| 11 | | fraudulent enrollments failing to meet minimum student |
| 12 | | thresholds; |
| 13 | | (11) if fraudulent enrollments contribute to |
| 14 | | inefficient resource allocation, including offering |
| 15 | | unnecessary course sections; |
| 16 | | (12) the effectiveness of any systemwide fraud |
| 17 | | mitigation strategies used to reduce fraudulent |
| 18 | | enrollments; |
| 19 | | (13) if the Board of Higher Education or the |
| 20 | | institution of higher education's governing body has |
| 21 | | provided sufficient guidance and support to combat fraud; |
| 22 | | (14) any additional policies or resources needed to |
| 23 | | address the ongoing threat of fraudulent enrollments; and |
| 24 | | (15) the impact on real students, including whether |
| 25 | | real students are prevented from getting classes due to |
| 26 | | fraudulent students. |
|
| | HB4229 | - 4 - | LRB104 16470 LNS 29865 b |
|
|
| 1 | | The self-assessment and report shall be submitted to the |
| 2 | | Board of Higher Education by December 15, 2026 and each |
| 3 | | December 15 thereafter, and the Board shall compile a report |
| 4 | | of these submissions and submit that report to the General |
| 5 | | Assembly by January 15, 2027 and each January 15 thereafter. |
| 6 | | (b) In addition to the self-assessment in subsection (a), |
| 7 | | each institution of higher education shall submit to the Board |
| 8 | | of Higher Education: |
| 9 | | (1) a remediation update twice per year, for the fall |
| 10 | | and spring semesters, on vulnerability and other issues |
| 11 | | identified in the most recent self-assessment; |
| 12 | | (2) a detailed after-action report of all |
| 13 | | cybersecurity incidents that either led to a breach of |
| 14 | | personally identifiable information or led to the |
| 15 | | disruption of services, including, but not limited to, a |
| 16 | | breach of student identification numbers, distributed |
| 17 | | denial-of-service attacks, and ransomware; |
| 18 | | (3) a report of the total number of admission |
| 19 | | applications received that are determined to be |
| 20 | | fraudulent, including applications considered to be likely |
| 21 | | fraudulent, on an annual basis; and |
| 22 | | (4) information that was requested on suspected |
| 23 | | fraudulent enrollments and the fraudulent receipt of |
| 24 | | financial aid, on an annual basis. |
| 25 | | The Board of Higher Education shall compile an annual |
| 26 | | report of these submissions and submit the report to the |
|
| | HB4229 | - 5 - | LRB104 16470 LNS 29865 b |
|
|
| 1 | | General Assembly. |
| 2 | | (c) If the self-assessment and reporting required under |
| 3 | | subsection (a) or the submissions required under subsection |
| 4 | | (b) are duplicative of other information provided by an |
| 5 | | institution of higher education to the Board of Higher |
| 6 | | Education, the institution of higher education may submit that |
| 7 | | information in lieu of the self-assessment and reporting |
| 8 | | required under subsection (a) or the submissions required |
| 9 | | under subsection (b).
|
| 10 | | Section 99. Effective date. This Act takes effect upon |
| 11 | | becoming law. |
