Red Flags Rule Compliance

The Red Flags Rule (16 CFR 681) requires UCA and contracted third-party service providers to take steps to prevent, detect, and respond to incidents of identity theft, including developing a written program describing how this will be executed.  This rule applies to any account for personal, family, or household purposes that involves or allows multiple transactions or an account offered or maintained by UCA or a third-party service provider for which there is a reasonable risk of identity theft.

Examples of covered accounts at UCA include student loans, student accounts, payment plans, Bear Cards, and Pay Cards through Human Resources.

The Vice President for Finance & Administration is the Program Administrator, with the Compliance Office for Finance & Administration responsible for ensuring compliance.  Please ask your supervisor for specific information on signs of identity theft in your department, and please contact the Compliance Office with any questions regarding the Identity Theft Prevention Program or materials listed below.  You may contact Information Technology with any questions related to network or computer security on campus.

Please find below materials designed to demonstrate compliance with the Red Flags Rule and assist departments in taking appropriate steps to reduce the risk of identity theft at UCA.

Departments and units subject to Red Flags Rule compliance are required to certify at least annually that:

  • The UCA Identity Theft Prevention Program has been reviewed;
  • Employees have been trained on the Program and compliance requirements;
  • A review of procedures designed to detect, prevent, and mitigate identity theft has been performed;
  • All known incidents of identity theft have been reported; and
  • That any applicable contracted service providers comply with the Red Flags Rule.

UCA has developed these materials based in part on guidance and resources published by the Federal Trade Commission (FTC), National Association of College and University Business Officers (NACUBO) and, with permission, the University of Minnesota.