Customer Identification Program

The CIP helps prevent these customers from laundering money and financing terrorism. The CIP is implemented as part of the USA Patriot Act and is a requirement under the Bank Secrecy Act (BSA) to help financial institutions prevent fraud.

History of the Customer Identification Program

After the terrorist attacks of Sept. 11, 2001, the U.S. Congress determined that requiring banks to verify the identities of their customers would help combat terrorism and aid in anti-money laundering efforts. The CIP went into effect on June 9, 2003.

How Does the Customer Identification Program Work?

The purpose of the Customer Identification Program is to prevent customers from using financial transactions to commit fraud.  As such, banks must ensure that customers tell the truth about who they are when they open new accounts.

The CIP has minimum requirements for banks to follow when onboarding new clients. These requirements differ, depending on the organization’s size and location. For example, large banks that offer a wide variety of products and services will have different requirements than small, local community banks.

Although financial institutions develop their own CIPs, they have to follow six general regulations under the BSA:

1. Clear, comprehensive written procedures: Financial institutions must create a well-written and clear customer identification program outlining its procedures and practices in detail. They must also clearly indicate the conditions individuals must meet before they can become customers.

2. Collect customer information: Financial institutions must collect a minimum of four pieces of identifying information from every consumer: name, date of birth, address, and taxpayer identification number, i.e., a Social Security number for a U.S. citizen. For a non-U.S. citizen, the financial institution can collect a tax ID number or the number from any other government-issued document and the country where it was issued. A corporation or other legal business entity may need to provide additional information, including the address of its headquarters, employer identification number, certified articles of incorporation, and government-issued business license.

3. Procedures to verify identity: A financial institution should create reasonable, practical, risk-based procedures to verify each customer’s identity – procedures that provide the FI with a reasonable belief it knows the customer’s true identity.

4. Recordkeeping requirements: Every financial institution must keep a record of all the information it collects on a customer for at least five years after a customer closes an account.

5. Comparison with government lists: Financial institutions must check that potential customers aren’t included on any government terrorist list by comparing the names of potential customers to the names on these lists.

6. Customer notice: Financial institutions must give adequate notice that they are requesting information to verify potential customers’ identities.