HBP Part 19.5. Red Flag Rule

Handbook of Business Procedures

Date published: November 11, 2013
Last revised: January 15, 2021
Issued by: Risk Management


A. Introduction

The Federal Trade Commission added title 16 of the Code of Federal Regulations (CFR), the Red Flags Rule, under the Fair and Accurate Credit Transactions Act of 2003. Red flags are suspicious patterns or practices, or specific activities that indicate the possibility that identity theft may occur. The Red Flags Rule requires The University of Texas at Austin to implement a written identity theft prevention program designed to identify and detect the warning signs ("red flags") of identity theft in day-to-day operations.  

As a result, the university adopted guidelines to address the following:

  • Receiving an address change discrepancy notice from a consumer reporting agency (as per 681.1).
  • Opening and maintaining covered accounts (as per 681.2).
  • Issuing and reissuing debit after an address change request (as per 681.3).

The Identity (ID) Theft Prevention Program was implemented by the University to protect consumers in the following situations:

  • Upon accepting an extension of certain types of credit - either directly or indirectly - by the University.
  • Receiving a Notice of an Address Discrepancy after requesting a consumer report from a consumer reporting agency.
  • Requesting an additional or replacement debit or credit card that follows shortly after an address change request.

All areas, departments, colleges, and schools that hold personally identifiable financial records and information and/or covered accounts must comply with ID Theft Prevention Program.

B. Resources



Part 19. Risk Management - Table of Contents