In our environment all devices are required to be encrypted. When a student graduates, the laptop they were issued is given to them. We run a cleanup script that removes our software, admin accounts, removes the JAMF framework and then reboots for housekeeping.
Subsequently, when the end user decrypts the hard drive, they get a system message that states the administrator requires that FileVault be enabled. This was originally set using a policy, setting an Individual Recovery Key escrowed it on the JSS and an Institutional Key. (A practice that we have since stopped.)
It would seem that we haven't' removed all of our hooks and this needs to be resolved without wiping the drive.