Department of Internal Audit and Compliance

FACTA "Red Flags" Consulting

In 2007, the federal government organizations passed legislation now known as the Red Flag Rules.  It requires a written "Identity Theft Prevention Program" to manage theft in connection with maintaining customer accounts.  Organizations have until June 1, 2010 to become compliant with the Red Flags provisions.  

For both the academic and clinical enterprises, the UT Internal Audit organization can help your business function become compliant with the FACTA requirements.  For example, we can help you analyze whether red flags can be detected in your business processes, including processes to obtain identity information and verifying identity, authenticating transactions for existing customers, and monitoring transactions (activity) of customers.  We also can provide advice pertaining to preventing and mitigating identity theft with an appropriate response.  And finally, we can assist and advise as you update your red flags program. 

For questions or other ways we can assist you in becoming “Red Flags” compliant, please contact us at


Last Updated: 6/9/16