KYC AML Guide: the Clock shows the average reeding time of the blog09 min Read


KYC AML Guide: the Clock shows the average reeding time of the blogAugust 7, 2023

What Is a Customer Identification Program (CIP) and How Does It Work?

Financial institutions worldwide, including banks, lenders, credit unions, insurers, and various companies, must develop a thorough understanding of their clients to conduct any business transactions. The Consumer Identification Program (CIP) is a critical component of compliance with the Patriot Act and anti-money laundering (AML) regulations as part of this effort. In this blog, we will go over what the Customer Identification Program is, what are the main requirements of the customer identification program (CIP) rule, and how it works to protect financial institutions and their customers.

M Abd'al Bari

Research Associate | Fintech and KYC

What is Customer Identification Program?

The customer identification program (CIP) is a critical component of the 4 pillars of KYC. It is a legal process that financial institutions use to verify their customers’ identities. This program was established in the USA PATRIOT Act, “Unifying and Empowering America by Providing the Appropriate Tools Required to Prevent and Prevent Terrorism in 2003 and FINCEN to fight money laundering and terrorist financing.

Financial institutions are required by the Patriot Act to implement a CIP process to verify the identity of customers opening new accounts. US Patriot Act identification requirements include verifying the identity of individuals or businesses seeking to open an account. Legal name, residential address, date of birth, and social security number are all required for verification. Acceptable forms of identification for US citizens include a driver’s license or government-issued photo ID, while non-US citizens can use a passport or visitor identification card for verification.

The CIP program’s primary goal is to verify customers’ identities to prevent money laundering, fraud, identity theft, and other financial crimes. CIP requirements are critical in protecting financial institutions and their customers from fraudulent behavior.

What is CIP in Banking?

CIP requirements

Customer Identification Programme (CIP) is a requirement for all banks, credit unions, saving associations, and certain non-regulated banks in the United States. It is an essential component of their Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance program. Noncompliance with CIP regulations can result in significant federal penalties, including up to $250,000 in fines or five years in prison for malicious violations. It is critical for financial institutions to strictly adhere to CIP guidelines to deter illegal activities and maintain regulatory integrity.

How Does it Work?

The CIP process begins when a customer wants to open a new account or establish a business relationship with a bank. The customer must provide the bank with identification and supporting documentation. The information is analyzed by the bank using various methods, such as comparing the customer’s information to public databases or verifying the electronic identity.

The account is opened and the relationship is established if the customer passes the verification process and meets the CIP requirements. However, if the customer fails to meet the required identification criteria or raises any red flags during the verification process, the bank may refuse to open the account or take other actions to ensure AML compliance.

What are the Main Requirements of the Customer Identification Program (CIP) rule?

1. A well-documented CIP program

If your company is subject to the CIP Act, you must have a Customer Identification Program (CIP). However, it is critical to go beyond simply holding an event; it must be thoroughly documented and distributed to all employees involved in the process. The document should explain the CIP process in detail from beginning to end, including detailed instructions and risks that team members should be aware of. It should also include privacy and security policies to ensure proper customer information management.

2. Collecting Identifying Information

Every new customer should provide four pieces of information to your CIP program:

  • Name
  • Birthday
  • Address
  • Identification number (SSN, TIN, passport number, etc.)

Although these four pieces are required, you can collect and analyze additional data based on your company’s needs and risk factors. Phone numbers and email addresses, for example, can be used in customer communications as well as CIP processes such as phone verification, phone carrier verification, and email risk assessment.

3. Identity Verification

Financial institutions have a significant responsibility to ensure that their customers are who they claim to be.  To verify a customer’s identity, a government-issued document, such as a passport, driver’s license, or national identity card, is typically used. Identity verification can be accomplished in three ways:

  1. Documentary verification: Financial institutions verify a customer’s identity by carefully inspecting physical or digital identification documents provided by the customer.
  2. Non-Documentary verification: In addition to paper methods, financial institutions can use non-paper methods to verify the customer’s identity, such as credit reports, public databases, or customer interviews.
  3. Additional Verification for High-Risk Customers: A thorough review is required for high-risk customers, which may include access to documents or other information.

4. Record Keeping:

Another important aspect of CIP is record keeping. Customers’ identification documents, account opening documents, and transaction records must be kept on file by financial institutions. These records will be kept for a specified period, typically five years, as required by law. Furthermore, businesses should keep meticulous records of the following:

  1. Identification numbers, dates, and places of issuance are among the documents used in the verification process.
  2. Non-documentary verification procedures and their outcomes.
  3. Any significant discrepancies were discovered during the verification process, as well as the results.

5. Comparison with Government Lists

Companies should cross-check all of their customers against a government list that includes terrorists, terrorist organizations, and other regulated businesses. The US Treasury and other federal agencies must review these lists within a reasonable time after the account is opened. In addition to the terrorist list, it is critical to verify clients against lists mandated by the Banking Secrecy Act (BSA), such as the restricted list of the Office of Foreign Assets Control (OFAC), Politically Exposed Persons (PEP), AML watchlist and adverse media. These inspections help to ensure compliance and keep financial institutions from transacting with prohibited companies.

6. Customer Notice

Furthermore, financial institutions must inform their customers about CIP and the information collected for identity verification. This customer notice may be delivered in person, by mail, or electronically. Financial institutions can help their customers and the wider community by implementing a strong identity verification process and adhering to the guidelines.

What are CIP Requirements for Existing Customers?

The CIP requirements for existing customers are determined by the financial institution’s policies and procedures. Existing customers are excluded from the definition of “customer” under the CIP Act. if the company has established a reasonable belief as to its true identity. This means that once a customer’s identity has been verified, the process does not have to be repeated for any subsequent accounts they may be free of obstruction.

When applying CIP to existing customers who opened their accounts before the company established a reasonable verification process, usually in the early 2000s, difficulties arise. If a customer opened an account in the 1980s, for example, the industry may not have consolidated all of the information required by current CIP law, which did not exist at the time. To address this issue, many financial institutions include in their policies a statement stating that they have reasonable assurances about the true identity of long-term customers who opened accounts before the CIP requirements.

Wrap Up

A Customer Identification Programme (CIP) is essential for improving the security and integrity of financial transactions. Banks and other financial institutions can recognize and reduce risks related to money laundering, terrorism financing, and other financial crimes by putting CIP procedures in place.


KYC AML Guide: the Facebook share KYC AML Guide: the Linkedin share KYC AML Guide: the Twitter share
M Abd'al Bari
KYC AML Guide: the Linkedin share

Muhammed Abd'al Bari is a certified Research Professional of KYC/AML Guide. Connect with Muhammed on LinkedIn