Imagine you had a special building filled with lots of goods and valuables. Of course, you would be wary of the kind of person you admit into the building, as people may steal from it. You need to ascertain the identity of anyone you let into the building so you can be sure they do not have malicious intentions or are not posing as another person.
This illustration is often demonstrated as a security procedure for special locations or neighbourhoods, as well as places of business.
Digital businesses or platforms need to ascertain the identity of their customers before they are onboarded to confirm that the potential customer is who they say they are. This is what the Customer Identification Program entails.
Customer Identification programs are a necessary due diligence for digital companies to know the authenticity of their customers.
What is A Customer Identification Program?
The Customer Identification Program is a fundamental or necessary procedure that financial entities or companies must complete to abide by their Know Your Customer (KYC) obligations.
Organisations have the flexibility to customise their Customer Identification Program (CIP) within the parameters established by the CIP's basic onboarding criteria.
The primary goal of a customer identification program is to detect and prevent illegal activities like fraud, money laundering, terrorist financing, and other types of financial crimes. By complying with CIP, financial institutions provide a secure environment for their customers, ensuring their protection from illicit financial activities.
The Customer Identification Program (CIP) is a major part of the KYC process. However, it is not the whole process, which is a comprehensive or all-encompassing procedure. It's important to note that CIP is not a one-time task but rather a continuous process that needs regular review and training for effective implementation.
A Customer Identification Program (CIP) is a regulatory requirement for financial institutions, including banks, to verify the identity of their customers. It is mandated under the USA PATRIOT Act of 2001 under the Bank Secrecy Act (BSA) to combat money laundering, terrorist financing, and other illicit financial activities.
Suggested Read: What is Customer Identity Verification Process
What are the Requirements of Customer Identification Program: Customer Identification Program Elements
There are basic rules that guide a customer identification program. These rules ensure that the program is effective in preventing fraud, identity theft, money laundering, and terrorist financing.
The requirements of a Customer Identification Program (CIP) are guided by certain rules and regulations that financial institutions must adhere to, ensuring proper identification and risk management. These key requirements or necessary customer identification program elements include:
1. Identity Information Collection
Financial institutions must collect specific identifying information from customers. This typically includes:
1. Full name
2. Date of birth
3. A Valid Physical Address
4. Identification number (e.g., Social Security Number for U.S. citizens or passport number for non-citizens).
2. Verification of Identity
Institutions are required to verify the information provided by the customer. This can be done by examining or screening government-issued documents, such as a driver’s license, passport, or other forms of identification. Non-documentary methods, such as checking against databases or confirming references, can also be used.
3. Recordkeeping
These financial institutions, subject to the Patriot Act, must keep records of the identifying information obtained during account opening, including how the customer's identity was verified. Records must be kept for at least five years after the account is closed. The documents or information that must be recorded include;
a. The type of documents used to verify identity (if applicable).
b. The methods and results of any verification process.
4. Comparing With Government Lists
Financial entities are mandated to compare customers’ identities with government lists of known or suspected terrorists, sanctions, or any other high-risk groups. If there is a match, appropriate action must be taken. This is known as sanction screening.
5. Customer Notification
Customers must be informed that the institution is requesting identification information to verify their identity, as required by law. This notice can be included in account agreements or other communications.
6. Risk-Based Procedures
Institutions must establish procedures based on the risk associated with different types of accounts and customers. Higher-risk customers eg, politically exposed persons (PEPs) or those from high-risk countries, may need to be more closely monitored for additional scrutiny.
7. Reliance on Third Parties
In some cases, financial institutions may rely on third parties to perform the CIP requirements; however, they must ensure that those parties follow the same strict guidelines.
What is a CIP Checklist?
A Customer Identification Program (CIP) Checklist is a tool used by financial institutions to ensure they follow Customer identification program requirements mandated by the Patriot Act when opening new accounts and onboarding customers.
The checklist helps personnel follow consistent procedures for verifying a customer’s identity and meeting regulatory obligations.
What is the difference between CIP and KYC?
The Customer Identification Program (CIP) and Know Your Customer (KYC) are both important parts of a financial institution's efforts to prevent illegal activities, but they differ in purpose and scope.
1. CIP basically focuses on verifying a customer's identity at the time of account opening. It ensures that the institution collects essential identifying information such as the customer's name, address, date of birth, and identification number.
This process is mandated under the USA PATRIOT Act (Section 326) in the U.S. and serves as the initial step in confirming that the institution knows who its customers are.
2. On the other hand, KYC (Know Your Customer) involves a wide range of activities, including CIP at the very beginning, but it goes far beyond just identity verification.
KYC involves ongoing monitoring of the customer's financial behavior, assessing their risk profile, and detecting any suspicious activities throughout the customer relationship. KYC's goal isn’t just to only verify a customer's identity but also to understand their financial transactions and to ensure they are not involved in any form of money laundering, fraud, or terrorist financing.
KYC is governed by a combination of local and global regulations, including the Bank Secrecy Act (BSA) and guidelines set by the Financial Action Task Force (FATF).
The customer identification process is a one-time process performed at the time of account opening, and KYC is an ongoing effort. CIP forms the foundation of KYC by collecting and verifying basic information so that KYC builds on this by continuously monitoring the customer’s activity, regularly assessing the customer’s risk, and applying additional scrutiny (Enhanced Due Diligence) for high-risk customers or transactions.
KYC includes customer due diligence (CDD), which is a process of understanding the customer’s business and transaction patterns, and enhanced due diligence (EDD) for customers who pose a higher risk, like politically exposed persons (PEPs).
3. The main difference between CIP and KYC is that CIP is basically concerned with identity verification, while KYC is about both identity verification and managing the customer’s risk over time.
CIP is a regulatory requirement designed to establish who the customer is. At the same time, KYC is a more comprehensive approach to understanding the customer’s behavior, assessing risks, and complying with broader anti-money laundering (AML) regulations.
Simply, CIP is the initial identification step, and KYC is the ongoing process of managing and mitigating financial crime risks.
Who Is Required to Follow the CIP Rule?
The Customer Identification Program (CIP) rule oversees or includes to "financial institutions" which is stated by the Bank Secrecy Act (BSA) and related regulations. These institutions include:
- Loan or Finance Companies
- Trust Companies
- Mutual Funds
- Broker Deals in securities
- Banks and credit unions
- Insurance companies
- Money services businesses (MSBs) such as money transmitters and currency exchanges
- Real estate companies
- Cryptocurrency companies or exchanges
- Operators of credit card systems
- Merchants in precious metals, stones, jewels, or art
- Automobile dealerships
- Casinos and iGaming platforms
Bottom Line / Next Steps
The Customer Identification Program (CIP) plays a vital role in the security framework of financial institutions by ensuring that customers are properly identified during the onboarding process. It’s a foundational element in the broader Know Your Customer (KYC) protocol, which helps institutions mitigate risks like money laundering, fraud, and terrorist financing.
CIP focuses on the initial identity verification, while KYC extends to ongoing monitoring and risk management of customer activities. The CIP rule applies to different types of financial companies or institutions, from banks and credit unions to mutual funds, casinos, and even cryptocurrency exchanges.
Businesses should regularly review their CIP procedures to ensure compliance with evolving regulations and adjust their protocols based on their customers' risk levels. Continuous staff training and the use of updated technology to verify customer identities can help institutions maintain robust and compliant Customer Identification Programs.
Financial institutions should consider how to integrate their CIP into their broader KYC and Anti-Money Laundering (AML) strategies to manage customer risks over time efficiently and effectively.
With Youverify, businesses and financial institutions can seamlessly identify their customer using our AI-powered KYC software. Book a FREE demo to get started with an effective customer identification program. Ready to get started? Try now.