What Is a Customer Identification Program (CIP)?

Money laundering is a significant concern for financial institutions worldwide. Criminals often initiate their illicit activities by opening accounts in these institutions. Recognizing this, regulations have been put in place right from the start to curb large-scale financial crimes. One such pivotal regulation is the Customer Identification Program (CIP).

What Is a Customer Identification Program (CIP)?

A Customer Identification Program (CIP) is a set of procedures that a business must establish and follow to verify the identity of its customers or users. This is required by the Bank Secrecy Act (BSA) in the United States, and its primary goal is to combat money laundering and terrorist financing by mandating financial institutions to authenticate the identity of their customers during account creation.

The CIP applies to all financial institutions, including banks, credit unions, securities firms, and money transmitters. The requirements of the CIP vary depending on the type of institution and the size of its customer base. However, all financial institutions must take the following steps to verify the identity of their customers:

1. Collect Essential Information: Gather key details from customers, including their name, address, date of birth, and taxpayer identification number.
2. Authenticate the Information: Confirm the validity of the collected details by examining identification documents like passports or driver’s licenses, or through methods such as credit checks.
3. Maintain Records: Preserve the acquired information for a minimum duration of five years.
4. Monitor and Report Suspicious Activities: Establish protocols to detect and report any activities that might hint at money laundering or terrorist financing.

History of the Customer Identification Program

As a result of the terrorist attacks of September 11, 2001, the American Congress enacted some rules and regulations to protect The United States (US) from international and domestic terrorism. These rules and regulations are summarized under the USA PATRIOT Act of 2001. The act expanded the BSA’s requirements and introduced the concept of a Customer Identification Program (CIP) under section 326. 

The rule took effect on June 9, 2003, and it became fully effective on October 1, 2003. CIP is part of the regulations required for Anti-Money Laundering (AML) compliance and is administered by the Financial Crimes Enforcement Network (FinCEN).

What Does the CIP Do?

Those who commit money laundering and other financial crimes do not want to be known or detected, so they pose as legitimate customers. The primary purpose of CIP is to verify that customers are who they say they are as a measure to prevent and detect money laundering and terrorism financing. Additionally, it prevents fraudulent individuals and companies from opening accounts using false or stolen identities to commit crimes. By obtaining sufficient information to verify a customer’s identity, financial institutions can reduce the risk of being used as a conduit for financial crimes.

CIP vs. KYC

The Customer Identification Program is an essential component of the broader regulatory framework of Know Your Customer (KYC) that financial institutions must comply with. They both aim to verify the true identity of customers and prevent financial crimes, but they differ in scope and complexity.

Customer Identification Program (CIP) is a one-time process that seeks to verify the identity of customers at the point of account opening or signatory addition.

The Know Your Customer (KYC) process, on the other hand, entails financial institutions to create customer risk profiles, conducting due diligence on their customers, monitoring their transactions, and reporting suspicious activity.

CIP and KYC are closely related. Financial institutions must have a comprehensive program that includes both components for effective AML compliance. Failure to do so will lead to significant penalties, fines, and reputational damages.

Customer Identification Program Requirements

CIP regulations do not impose the same rules on all institutions; instead, they require that:

1. All financial institutions are to implement a Customer Identification Program appropriate for their size, location, and type of business. 
2. Board of directors or a board committee must approve every financial institution’s CIP.
3. The CIP must contain the statutorily prescribed procedures in a detailed and well-described format.
4. The CIP must be a part of the financial institution’s AML program.

Identity Verification Procedure 

Since the goal of the Customer Identification Program is to ensure the true identity of their customers, each institution must have risk-based, reasonable, and practical procedures to verify customer identity. This procedure must consider the following:

• The types of accounts the financial institution maintains,
• The different methods of opening accounts,
• The types of information available.

These procedures must specify the following:

1. The identifying information needed from the customer,
2. The verification documents required from the customer,
3. The methods, and alternative methods, the financial institutions will use to verify the information given,
4. The time frame for verification,
5. When it cannot thoroughly verify that the customer is who he says he is, the actions to take.

The CIP must also include procedures for providing customers with adequate notice that the institution requests information to verify their identity.

Customers must provide the following information before opening an account or adding a signatory:

• Name
• Address — this includes both residential and mailing addresses for individuals and business addresses for companies. 
• Date of Birth — needed for individuals
• Identification Number — includes taxpayer id, employer id, or any other government-issued document that shows nationality, residence, photograph, or any other biometrics identifiers.

The time frame for verification depends on the type of account, the information available, and whether the customer is physically present at the time of account opening. A financial institution must include procedures to determine when a Suspicious Activity Report (SAR) must be filed with the FinCEN and other enforcement agencies as part of its identity verification process. When a customer appears on a government list of known or suspected terrorists, financial institutions must comply with all government directives concerning such lists. 

Methods used for Customer Identity Verification

Financial institutions can use a variety of methods to verify the identity of their customers, including:

1. Documentary Verification: The financial institution specifies the documents for verification. Documents may include: 

• An unexpired government-issued identification for individuals,
• Registered articles of incorporation, a government-issued business license, partnership agreement or trust instrument for corporations, companies, and partnerships.

2. Non-documentary verifications: financial institutions are to specify their methods for this. This covers cases where:

• Some customers legitimately cannot present the standard forms of identification when opening an account.
• unfamiliar documents are presented,
• The customer opens an account without appearing at the financial institution.

3. Additional Verification: Financial institutions use this when they cannot verify customers’ true identities using the methods mentioned above. Also, financial institutions are to identify types of accounts that pose a heightened risk to prescribe additional measures for identity verification of those seeking to open an account and the signatory for such accounts.

CIP Compliance Management

Complying with the US regulation requirements on CIP is vital for all the institutions it applies to. Financial institutions should take the following steps to build a robust compliance program that meets their CIP obligations:

1. Have policies and procedures that address customer identification, verification, and record-keeping.
2. Train staff on CIP requirements to ensure they understand and effectively implement the institution’s policies and procedures.
3. Conduct regular assessments of their CIP programs to identify weak points and make necessary adjustments.  

The above can incur significant costs depending on the financial institution’s size, complexity, and business. non-compliance penalties can be severe. Regulatory agencies, including the FinCEN, the Federal Reserve, and the Securities and Exchange Commission (SEC), among many others, have the authority to enforce CIP requirements and impose penalties for non-compliance. 

The penalties for CIP non-compliance can include fines, cease and desist orders, enforcement actions, and even criminal charges. Fines may range from thousands to millions of dollars, depending on the violation’s severity and the financial institution’s size. In some cases, regulators can pursue legal action, leading to high legal costs and reputational damage.

In addition to fines and legal action, non-compliance with CIP requirements can damage the financial Institution’s reputation. Customers and investors may lose confidence in the institution’s ability to comply with regulatory requirements. As a result, they may choose to take their business elsewhere.

Conclusion

The Customer Identification Program (CIP) is a crucial component of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations in the United States. CIP requires financial institutions to verify customer identities for new accounts. This aims to prevent money laundering, terrorist financing, and other illicit activities. To minimize non-compliance risk and protect their reputation, institutions should create effective policies, train employees, and routinely assess their CIP program.

Identity.com

As a company leading a blockchain technology that will be helpful in the finance industry, we also believe in the ability to reduce fraud and all irregularities in the financial world. More reason Identity.com doesn’t take the back seat in contributing to this future via identity management systems and protocols. We also belong to the World Wide Web Consortium (W3C), the standards body for the World Wide Web.

The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.