Customer Identification Program (CIP) Components: What You Need to Have
A Customer Identification Program (CIP) helps you confirm that new clients are who they say they are. If you’re in the financial services industry, a CIP program is required to comply with federal Anti-Money Laundering (AML) regulations.
This blog will cover what your CIP program needs to include, breaking down the critical components of CIP compliance. We’ll include what’s required to confirm the identity of both individual customers and business organizations. We’ll also explain how CIP fits into broader AML requirements applicable to financial institutions and how it differs from related procedures such as Customer Due Diligence.
What Is a Customer Identification Program?
A Customer Identification Program is a set of procedures used by financial institutions to confirm the ID credentials of new customers and cross-reference them against lists of suspected terrorist and criminal organizations. CIP programs form part of Know Your Customer (KYC) programs required for broader compliance with federal Anti-Money Laundering regulations.
What Is the Purpose of CIP?
CIP is intended to prevent terrorist organizations, criminal groups, and individual criminals from opening fraudulent accounts using stolen or forged identities. Confirming customers’ identities has become imperative due to several critical factors. One is growing concern over terrorist money laundering after the 9/11 attacks of 2001. Another factor is the rise of digital banking, which has made it easier for criminals to bypass in-person security checks when opening accounts.
CIP became mandatory for financial institutions following the 2001 PATRIOT Act, which implemented measures to fight terrorism. Guidelines for implementing CIP under the PATRIOT Act are administered by the Treasury Department’s Financial Crimes Enforcement Network (FINCEN). Regulations include requirements for:
- Customer identification
- Records retention
- Cross-referencing customers against lists of sanctioned entities
- Notifying customers about identity check requests
Banking institutions and other covered institutions are responsible for developing specific internal procedures to comply with these general guidelines.
Customer Identification Program Requirements: What Should a CIP Include?
According to FINCEN rules, a CIP program should include four essential types of procedures:
- Confirming new customer identity
- Making and retaining records used to verify customer identity
- Determining whether new customers appear on federal lists of known or suspected terrorists
- Notifying customers that identity checks are being requested
This rule applies to:
- Savings associations
- Credit unions
- State-charted non-depository trust companies
- Non-federally insured credit unions and trust companies
- Private banks
- Non-federally insured state banks and savings associations
- International banking entities
Distinct procedures are used to identify individual customers and business entities to confirm customer identity. For customers, financial institutions need to collect and check information, including:
- Full name
- Birth date
- Place of birth
- ID numbers, such as Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)
To confirm business identity, data needed include:
- Company name
- Business address
- Incorporation date and issuance documents
- Ultimate Beneficial Owner (UBO) information about who ultimately owns or controls a company
- Employer Identification Number (EIN) or Company Registration Number (CRN) for British entities
These are minimum requirements and are not exhaustive. Organizations may perform additional customer verification procedures when a risk of identity fraud is detected. For example, organizations may use biometric screening methods such as facial recognition to check applicant ID photos against live selfies of individuals presenting photos.
The Three Main Components of CIP
CIP procedures should perform three main functions:
- Risk assessment
- Due diligence
Let’s break down what each of these involves:
1. Risk Assessment
One primary task for CIP procedures is assessing the risk represented by customers and transactions. Elements organizations should assess for risk include:
- The authenticity of information submitted to confirm customer identity
- Size of transactions as measured against a designated threshold
- Origin of transactions (for example, transactions originating from terrorist state sponsors)
- Account activity, such as funds transfers
Financial institutions can develop customized scoring systems to quantify risk and trigger appropriate actions when risk is detected.
2. Due Diligence
Financial institutions are responsible for doing due diligence to detect risks both at the time of customer onboarding and on an ongoing basis. Items that organizations should check include:
- Identification of Ultimate Beneficial Owner for business entities
- Screening of customers against government watch lists, sanctions lists, and Politically Exposed Persons (PEP) lists
- Real-time asset tracking
- Adverse media checks to identify any public sources disclosing negative information about the customer
Financial institutions can develop customized checklists and automated procedures to ensure that due diligence is carried out.
3. Ongoing Auditing
Financial institutions should audit their CIP programs periodically to ensure that compliance is being maintained on an ongoing basis. CIP audits should be part of a comprehensive AML and KYC compliance audit. Items that organizations should audit include:
- Data collection procedures
- Customer identity verification procedures
- Screening of customers against watch lists, sanctions lists, and PEP lists
- Conformity with compliance obligations
- Internal controls over CIP procedures
Audits can be assigned to a designated officer and conducted by an in-house team or independent agency.
How Organizations Verify Documentation
Financial institutions use two main types of documentation to confirm customer identity:
- Document-based verification, such as government-issued identification cards, birth certificates, and business incorporation records
- Non-document-based verification, such as fingerprints, facial recognition, voice recognition, and other biometric identification methods
Automated tools may assist with checking both types of documentation. Documents can be scanned and checked against databases from public and private sources. Organizations can check non-document-based data with apps such as AI-powered facial recognition software.
What Is the Difference Between AML vs. CIP?
AML is a broader category than CIP, which includes it. Anti-Money Laundering procedures encompass all procedures used to prevent fraudulent financial transactions, including but not limited to CIP. Customer Identification Programs focus on the specific task of confirming customer identity. CIP procedures form one component of Know Your Customer procedures, which also include procedures for assessing the risk posed by identified customers, monitoring transactions on an ongoing basis, and managing risk when red flags are detected. KYC, in turn, forms one component of AML. AML also includes other procedures, such as reporting procedures for suspicious transactions and enforcing trade sanctions.
What Is the Difference Between CDD and CIP?
Customer Due Diligence (CDD) is a step in the KYC process that follows CIP. After CIP procedures confirm that a customer is who they claim they are, CDD assesses the risk posed by the customer, quantifying it in terms of a risk scoring scale. CIP and CDD both form part of the complete KYC process.
Automate Your CIP to Meet Your KYC Requirements
CIP forms an essential piece of a complete KYC and AML strategy that meets federal regulatory requirements. Automating your processes is the best way to ensure your CIP procedures cover all your bases. Incode’s Omni Platform lets you automate your CIP procedures using artificial intelligence to provide simple, secure, fast identity checks. Automation saves your team and customers valuable time, empowering you to deliver a frictionless customer experience. Contact our team to discuss how we can help you meet your KYC requirements while providing your customers superior service.