Customer identification program (CIP) requirements target money laundering, terrorism funding, corruption and other criminal activities. Under a CIP, which is required through the USA PATRIOT Act, financial institutions must have reasonable procedures to gather and maintain customer identity information and run watchlist checks. According to the Financial Crimes Enforcement Network (FinCEN), CIP requirements apply to all financial institutions. But those requirements raise questions. What do regulators consider reasonable? How can a financial institution efficiently integrate a CIP? Can organizations achieve compliance and fraud mitigation while delivering streamlined customer onboarding? The Customer Identification Process The minimum needed to open an individual financial account in the U.S. is name, birth date, address and an identification number, such as Social Security. Financial institutions can verify identities with documents, such as driver’s licenses, or nondocumentary methods, such as through credit bureaus and government databases. Those procedures are central to a CIP. Organizations, as they do with other Anti-Money Laundering (AML) requirements, can take steps toward compliance by codifying the policies. The policies may depend on an organization’s risk-based approach to verification and: The types of accounts the financial institution offers How people open accounts The available identity information The organization’s size, location and customer base Digital Identity Verification and CIP Requirements Financial institutions can conduct digital verification to meet consumer expectations for convenience and immediacy in a digital economy. Verification through nondocumentary methods can provide strong risk mitigation and fast onboarding. Organizations can also combine identity document and nondocumentary verification to cross-check data and further reduce fraud risk. While identity verification is core to a CIP, there are other requirements, including providing proper notice about document collection and identification processes. A CIP must also include procedures to handle edge cases, such as when a person doesn’t have an identity document or when a document type is unknown to the financial institution. Regulations require that CIPs incorporate procedures to manage higher-risk situations. Those procedures can determine what happens when the institution can’t verify an identity, when to prevent account opening, when to request more information and when to file a suspicious activity report. Organizations can rely on a separate qualified financial institution to administer the CIP program. The program must meet CIP standards, and the qualified entity must be regulated and have an AML program. Written Procedures Financial institutions must have a documented CIP process approved by the board of directors. The process should be part of a compliance program and include procedures for account opening, verification, screening, customer notification and recordkeeping. Risk Assessment Risk assessments, at the institutional and account level, are critical in creating a successful CIP. Each institution can set its own policy for risk. For instance, a credit union with only individual customers from a local area can have less stringent CIP risk policy than an international bank. Record Retention Financial institutions must maintain identity information for five years after a customer closes an account. That includes a description and expiration date of any document used to verify identity, including the identification number. Sanction Checks Financial institutions must check identities against domestic and international AML, counter-terrorist financing and sanctions watchlists. Business Verification CIPs also apply to corporations, partnerships and trusts. Financial institutions can verify business entities by checking certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument. Business verification is also possible through nondocumentary methods. Real-time identification and verification of company records through official registers enables quick business onboarding. Under the Customer Due Diligence Final Rule, financial institutions must now collect, maintaining and reporting beneficial ownership information. “With respect to the requirement to obtain beneficial ownership information,” according to the rule, “financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.” Under the Corporate Transparency Act, U.S. companies must report their ultimate beneficial owner (UBO) information to FinCEN. Any new incorporation or significant UBO change must be reported. A CIP is a necessary element of AML and Know Your Customer regulations, though it can present complex challenges. A sound digital strategy focused on integrated verification capabilities can position financial organizations to meet even the strictest compliance requirements. Digital KYC White Paper Build Trust and Safety With Digital KYC Learn how to achieve compliance while meeting customer expectations for onboarding convenience. Frequently Asked Questions Learn more about customer identification programs. What is a customer identification program? A customer identification program (CIP) encompasses the procedures regulated financial institutions use to identify customers and counter money laundering and terrorism funding. CIPs are required under the USA PATRIOT Act. What are the four elements of a customer identification program? The four elements of a customer identification program are: verify individual and business identities; establish written procedures that outline the financial institution’s risk-based approach to verification; retain identity records; and perform watchlist screening for all customers. What are the three primary steps in a customer identification program? The three primary steps in a customer identification program (CIP) are: establish reasonable procedures for verifying the identity of any person; maintain records of that information, including name and address; and perform watchlist screening. What is the difference between a customer identification program and Know Your Customer requirements? A customer identification program is an element of meeting Know Your Customer (KYC) requirements in the U.S. KYC requirements can be more extensive and require additional due diligence to assess the risk profile of a customer and perform ongoing monitoring. This post was originally published in February 2019 and updated to reflect the latest industry news, trends and insights. Solutions Regulatory Compliance Optimize Identity Verification for Regulatory Compliance Resources Library Know Your Customer (KYC) White Papers Build Trust and Safety With Digital KYC View All KYC Featured Blog Posts Individual Verification (KYC) KYC: 3 Steps to Achieving Know Your Customer Compliance AML AML Compliance Checklist: Best Practices for Anti-Money Laundering Business Verification (KYB) Enhanced Due Diligence Procedures for High-Risk Customers AML Sanctions and PEP Screening: A Critical Step in the KYC Process Identity Verification Proof of Address — Quickly and Accurately Verify Addresses Individual Verification (KYC) Top 10 Questions About Beneficial Ownership for AML/KYC Compliance Business Verification (KYB) How to Verify Legitimate Businesses and Merchants Individual Verification (KYC) Customer Due Diligence Checklist — Five Steps to Improve Your CDD