The New Cost of Violating the Clery Act & How to Mitigate Institutional Risk


Ensure your institution is taking these steps to avoid hefty Clery Act fines

Headshot of Jennifer Scott


Stepping up Clery Act Enforcement

In early March, the US Department of Education (the Department or ED) fined Liberty University $14 million for violations of the Clery Act, with an additional $2 million to be spent on campus safety improvements. This unprecedented fine is more than three times the previous highest fine of $4.5 million issued to Michigan State University in the wake of the Larry Nassar scandal. The Liberty fine, and others issued in the fall 2023, makes it clear that the ED is now taking a far more punitive approach to Clery Act enforcement. This article will provide an in-depth look at this new enforcement paradigm and provide actionable strategies for reducing your institution’s risk of non-compliance.

A Look at What the Trend Has Been

The Healy+ Group conducted an exhaustive analysis of all publicly available final program review determinations (FPRDs), settlement agreements, and fine notices, as well as not-yet-publicly released fine notices and associated documents issued in the fall of 2023, received through a Freedom of Information Act request. This has allowed us to identify patterns and trends.

Historically, the ED has chosen to levy the maximum fine amount for failing to collect crime statistics from all required sources and for publishing inaccurate crime statistics involving crimes against persons. Many other Clery Act violations were assigned only a percentage of the maximum fine. Inaccurate statistics related to drug, alcohol, and weapons violations were fined at less than 10% of the maximum. Findings related to the Caily Crime Log were fined between 37-64% of the maximum. Even failing to publish and distribute the annual security report (ASR) by the October 1 deadline didn’t result in the maximum fine (see Figure 1).

Chart of historical clery act violations and associated fine percentages

Figure 1: Historical Clery Act Violations and Associated Fine Percentages Based on Maximum Fine at the Time of Review (2016-2022)

However, in the several most recent program reviews (issued in 2023 and beyond), the ED issued the maximum fine for many more of the most common program review findings, including failure to issue timely warnings and emergency notifications, failure to properly identify and train campus security authorities (CSAs), and failure to accurately report all of the required crime statistics (See Figure 2).

Current Clery Act Violations and Associated Fine Percentages Based on Maximum Fine at the Time of Review

Figure 2: Current Clery Act Violations and Associated Fine Percentages Based on Maximum Fine at the Time of Review (2023 – 2024)

More recent program reviews also include higher fine percentages for Drug-Free Schools and Communities Act violations, such as failing to complete a biennial review, and for Violence Against Women Act (VAWA)-related violations, such as failing to provide the required notice of rights and options to victims of VAWA crimes.

What Do the Trends in Fines Mean Today

Under the new fining rubric, at the current rate of $69,733 per violation, the penalty for failing to conduct a biennial review increases from $6,977 to $36,122. The penalty for failing to publish the ASR by the October 1st deadline increases from $44,629 to $53,973.

In addition to issuing a greater percentage of the maximum fine, the ED is now fining some institutions up to six times for certain types of discrete violation, particularly those involving crime statistics - once for each year the violation appears in the ASR and once for each year it appears in the campus safety and security data analysis cutting tool (aka, the Survey). Further, those violations are being fined using the maximum fine in force when the violation is found, not when it occurred.

Running the Numbers - in Dollars

For example: If an institution fails to count an aggravated assault in its 2021 crime statistics, and that missing statistic is discovered today, the total potential fine amount could be as high as $418,398, accounting for three years’ worth of disclosures in the ASR and the Survey. The most recent FPRDs also show that the ED is assigning the maximum fine to its most common finding: lack of administrative capability. Administrative capability is the ability of the institution to implement an effective Clery Compliance Program. According to the ED, this requires an institution to employ “an adequate number of qualified persons” [and that] program activities are undertaken with appropriate “checks and balances in its system of internal controls.” Further, it dictates that a capable institution also “has written procedures for… the preparation and submission of reports to the Secretary.”

In plain terms, an institution must have the proper personnel, policies, and procedures in place to meet all of the Clery Act requirements. Risk managers are uniquely positioned to empower an institution and its Clery Act compliance program to ensure it meets the administrative capability requirement.

What Does Adequate Administrative Capability Look Like

Figure 3 below is a depiction of adequate administrative capability. The constellation has the Clery Act compliance official at the nexus as the person with primary responsibility for Clery Act compliance. They are immediately surrounded by the campus partners whose work most significantly intersects with Clery Act requirements, including those that typically receive the largest numbers of incident reports, have primary responsibility for policies that must be described in the ASR, and support critical compliance functions such as identifying notifying and training CSAs.

On the outer orbit of the constellation are other key members of a Clery Act compliance program, including compliance and risk management, which should make up your Clery Act Compliance Committee. Real estate, for example, has a vital role in helping the institution identify and maintain its Clery Act geography. Fire safety professionals must provide the data and information required to compile and publish the Annual Fire Safety Report. Every unit depicted in the diagram plays a role in Clery Act compliance, and the Clery Act compliance official must have the authority to engage their participation in the institution’s efforts to ensure compliance.

Clery Act constellation

Figure 3: Clery Act Constellation

How an Institution Can Avoid These Hefty Fines

Being proactive is the best way to ensure your institution is meeting its Clery Act compliance obligations. Below are five strategies for mitigating the institutional risk of non-compliance with the Clery Act:

  1. Position your Clery Act compliance official(s) where they can be most effective.

    Be intentional about placing your Clery Act compliance official where they can most effectively implement the pan-institutional requirements of the Clery Act. Clery Act professionals are often housed in public safety, and this can sometimes lead to the assumption among campus constituents that the Clery Act is solely a public safety responsibility, making collaboration more challenging. It is becoming more common for institutions, especially those who have undergone program reviews by the ED, to house their Clery Act compliance officials within institutional compliance or risk management. However, every institution is different. Do a thorough analysis of your institutional structure and determine where your Clery Act compliance personnel need to be to have the authority to implement a pan-institutional compliance program.

  2. Conduct an ASR and policy/procedure review.

    The ASR contains more than 60 required policy statements addressing everything from an institution’s drug and alcohol awareness efforts, procedures for responding to reports of VAWA crimes, missing student policies, and emergency response and evacuation procedures. These policies are very often the responsibility of campus units outside public safety or the purview of the Clery Compliance official, such as Title IX, housing/residence life, and emergency management. Institutions should conduct a comprehensive policy review to ensure that the policy statements in the ASR accurately describe current policies and that those policies reflect the institution’s actual practices.

  3. Establish a data assurance working group.

    The data assurance working group should meet regularly to examine every incident report across the institution to ensure that Clery Act crimes are being reviewed in a timely fashion, properly classified, counted, and de-duplicated, and properly included in the daily crime log. This working group should include all the units identified in the inner orbit of the Clery Act constellation (Figure 3 above). An incident may be reported to multiple offices and the same information may not be shared with or documented by each one. This collaboration also ensures that an incident is not counted multiple times because it was reported to multiple offices. This incident review process results in the creation of an audit trail, the supporting documentation for your crime statistics.

  4. Convene a Clery Act Compliance Committee.

    This committee should include every office/unit with Clery Act compliance responsibilities at your institution, including senior leaders, to ensure they have detailed knowledge of what a successful Clery Act compliance program requires. The committee should focus on policies and processes needed to support Clery Act compliance across the institution such as evaluating the various records management systems used and ensuring that data can be easily shared among stakeholders when needed or drafting an institution-wide Clery Compliance policy that outlines all roles and responsibilities.

  5. Maintain detailed documentation.

    The Clery Act requires an institution to retain all records related to its Clery Act compliance program for seven years. This includes daily crime logs, audit trails, timely warning assessments, geography documentation, etc. In the event of a program review, the institution will be asked to provide all these records, and failing to do so demonstrates a lack of administrative capability. Keeping extensive, detailed records ensures that the institution can demonstrate that its compliance program meets all requirements.


By Jennifer Scott, Consultant, Regulatory Compliance, The Healy+ Group

Insights Home