What is customer identification program

What Is a Customer Identification Program (CIP)?

Quick Answer

A Customer Identification Program or CIP is a set of procedures used by financial institutions to confirm the ID credentials of new customers and cross-reference them against lists of suspected terrorist and criminal organizations.

A Customer Identification Program (CIP) helps you confirm that new clients are who they say they are. If you’re in the financial services industry, a CIP program is required to comply with federal Anti-Money Laundering (AML) regulations.

This blog will cover what your CIP program needs to include, breaking down the critical components of CIP compliance. We’ll include what’s required to confirm the identity of both individual customers and business organizations. We’ll also explain how Customer Identification Programs fit into broader AML requirements applicable to financial institutions and how they differ from related procedures such as Customer Due Diligence.

What Is a Customer Identification Program?

A Customer Identification Program is a set of procedures used by financial institutions to confirm the ID credentials of new customers and cross-reference them against lists of suspected terrorist and criminal organizations. CIP programs form part of Know Your Customer (KYC) programs required for broader compliance with federal Anti-Money Laundering regulations.

What Does CIP Mean?

CIP is the abbreviation of Customer Identification Program, a system intended to prevent terrorist organizations, criminal groups, and individual criminals from opening fraudulent accounts using stolen or forged identities. Confirming customers’ identities has become imperative due to several critical factors. One is growing concern over terrorist money laundering after the 9/11 attacks of 2001. Another factor is the rise of digital banking, which has made it easier for criminals to bypass in-person security checks when opening accounts.

What Is the Purpose of Customer Identification Programs (CIP)?

Customer Identification Programs became mandatory for financial institutions following the 2001 PATRIOT Act, which implemented measures to fight terrorism. Guidelines for implementing CIP under the PATRIOT Act are administered by the Treasury Department’s Financial Crimes Enforcement Network (FINCEN). Regulations include requirements for:

  • Customer identification
  • Records retention
  • Cross-referencing customers against lists of sanctioned entities
  • Notifying customers about identity check requests

Banking institutions and other covered institutions are responsible for developing specific internal procedures to comply with these general guidelines.

CIP Requirements: What Should a CIP Include?

According to FINCEN rules, a Customer Identification Program should include four essential types of procedures:

  1. Confirming the new customer identity
  2. Making and retaining records used to verify the customer identity
  3. Determining whether new customers appear on federal lists of known or suspected terrorists
  4. Notifying customers that identity checks are being requested

This rule applies to:

  • Banks
  • Savings associations
  • Credit unions
  • State-chartered non-depository trust companies
  • Non-federally insured credit unions and trust companies
  • Private banks
  • Non-federally insured state banks and savings associations
  • International banking entities

Specific CIP Requirements for Individual Customers

Distinct procedures are used to identify individual customers to confirm customer identity. For customers, financial institutions need to collect and check information, including:

  • Full name
  • Birth date
  • Place of birth
  • Address
  • ID numbers, such as Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)

These are minimum requirements and are not exhaustive. Organizations may perform additional customer verification procedures when a risk of identity fraud is detected. For example, organizations may use biometric screening methods such as facial recognition to check applicant ID photos against live selfies of individuals presenting photos.

CIP Requirements for Business Entities

To confirm the identity of business entities, financial institutions should collect and revise the following data:

  • Company name
  • Business address
  • Incorporation date and issuance documents
  • Ultimate Beneficial Owner (UBO) information about who ultimately owns or controls a company
  • Employer Identification Number (EIN) or Company Registration Number (CRN) for British entities

The CIP Process

The CIP process should perform three main functions:

  1. Risk assessment
  2. Due diligence
  3. Auditing

Let’s break down what each of these involves:

1. Risk Assessment

One primary task for the CIP process is assessing the risk represented by customers and transactions. Elements organizations should assess for risk include:

  • The authenticity of information submitted to confirm customer identity
  • Size of transactions as measured against a designated threshold
  • Origin of transactions (for example, transactions originating from terrorist state sponsors)
  • Account activity, such as funds transfers

Financial institutions can develop customized scoring systems to quantify risk and trigger appropriate actions when risk is detected.

2. Due Diligence

As part of the CIP process, financial institutions are responsible for doing due diligence to detect risks both at the time of customer onboarding and on an ongoing basis. Items that organizations should check include:

  • Identification of Ultimate Beneficial Owner for business entities
  • Screening of customers against government watch lists, sanctions lists, and Politically Exposed Persons (PEP) lists
  • Real-time asset tracking
  • Adverse media checks to identify any public sources disclosing negative information about the customer

Financial institutions can develop customized checklists and automated procedures to ensure that due diligence is carried out.

3. Ongoing Auditing

Financial institutions should audit their Customer Identification Program periodically to ensure that compliance is being maintained on an ongoing basis. CIP audits should be part of a comprehensive AML and KYC compliance audit. Items that organizations should audit include:

  • Data collection procedures
  • Customer identity verification procedures
  • Screening of customers against watch lists, sanctions lists, and PEP lists
  • Conformity with compliance obligations
  • Internal controls over CIP procedures

Audits can be assigned to a designated officer and conducted by an in-house team or independent agency.

Identity Verification Methods for CIPs

Financial institutions use two main types of identity verification methods to confirm customer identity:

  • Document-based verification checks government-issued identification cards, birth certificates, and business incorporation records.
  • Non-document-based verification includes biometric identification methods such as fingerprint verification, facial recognition, voice recognition, and other similar techniques.

Automated tools may assist with checking both types of documentation. Documents can be scanned and checked against databases from public and private sources. Organizations can check non-document-based data with apps such as AI-powered facial recognition software.

Automate Your CIP to Meet Your KYC Requirements

CIP forms an essential piece of a complete KYC and AML strategy that meets federal regulatory requirements. Automating your processes is the best way to ensure your CIP procedures cover all your bases. Incode’s Omni Platform lets you automate your CIP procedures using artificial intelligence to provide simple, secure, fast identity checks. Automation saves your team and customers valuable time, empowering you to deliver a frictionless customer experience. Contact our team to discuss how we can help you meet your KYC requirements while providing your customers superior service.

FAQs About Customer Identification Program (CIP)

CIP & AML: What Is the Difference?

Anti-Money Laundering (AML) is a broad framework that includes various procedures designed to prevent fraudulent financial activities. One component of AML is the Customer Identification Program (CIP).

CIP is a specific subset of AML focused solely on verifying the identity of customers. It forms part of the broader Know Your Customer (KYC) procedures, which include assessing the risk posed by identified customers, monitoring transactions on an ongoing basis, and managing risk when red flags are detected. KYC, in turn, is a component of AML.

AML encompasses other procedures, such as monitoring transactions, reporting suspicious activities, and enforcing trade sanctions. Therefore, AML covers a wider range of procedures aimed at detecting and preventing money laundering and other financial crimes than CIP alone.

What Is the Difference Between CDD and CIP?

Customer Due Diligence (CDD) is a step in the KYC process that follows CIP. After CIP procedures confirm that a customer is who they claim they are, CDD assesses the risk posed by the customer, quantifying it in terms of a risk scoring scale. CIP and CDD both form part of the complete KYC process.