Criminals who intend to launder money via financial institutions often begin by opening an account. Putting regulations in place at those first steps will help prevent financial crimes on a large scale. In order to achieve this, the Customer Identification Program (CIP) is a regulatory requirement.
The CIP is a set of requirements established under the Bank Secrecy Act (BSA) in the United States. A key objective of this program is to prevent international and domestic money laundering and terrorist financing. The program requires financial institutions to obtain specific customer information, such as name, address, date of birth, and social security or tax identification number.
It requires financial institutions to set up procedures that allow them to:
- Identify and verify persons seeking to open an account or to add signatories to an account.
- Keep records of the information used in the verification process.
- Determine whether the persons appear on any list of known or suspected terrorists or terrorist organizations given by the government.
Many types of financial institutions are covered by the CIP, such as banks, thrifts, credit unions, brokers and dealers of securities and commodities, insurance companies, precious metals dealers, casinos, travel agents, check-cashers, pawn brokers, and telegraph companies. Additionally, it applies to all types of accounts, such as deposit, credit, and asset accounts.
History of the Customer Identification Program
As a result of the terrorist attacks of September 11, 2001, the American Congress enacted some rules and regulations to protect The United States (US) from international and domestic terrorism. These rules and regulations are summarized under the USA PATRIOT Act of 2001. The act expanded the BSA’s requirements and introduced the concept of a Customer Identification Program (CIP) under section 326.
The rule took effect on June 9, 2003, and it became fully effective on October 1, 2003. CIP is part of the regulations required for Anti-Money Laundering (AML) compliance and is administered by the Financial Crimes Enforcement Network (FinCEN).
What Does the CIP Do?
Those who commit money laundering and other financial crimes do not want to be known or detected, so they pose as legitimate customers. The primary purpose of CIP is to verify that customers are who they say they are as a measure to prevent and detect money laundering and terrorism financing. Additionally, it prevents fraudulent individuals and companies from opening accounts using false or stolen identities to commit crimes. Obtaining sufficient information to verify a customer’s identity can reduce the risk that a financial institution will be used as a conduit for financial crimes.
CIP vs. KYC
The Customer Identification Program is an essential component of the broader regulatory framework of Know Your Customer (KYC) that financial institutions must comply with. They both aim to verify the true identity of customers and prevent financial crimes, but they differ in scope and complexity.
Customer Identification Program (CIP) is a one-time process that seeks to verify the identity of customers at the point of account opening or signatory addition. The Know Your Customer (KYC) process, on the other hand, entails financial institutions to create customer risk profiles, conducting due diligence on their customers, monitoring their transactions, and reporting suspicious activity.
CIP and KYC are closely related, and financial institutions must have a comprehensive program that includes both components for effective AML compliance. Failure to do so will lead to significant penalties, fines, and reputational damages.
Requirements Under CIP
CIP regulations do not impose the same rules on all institutions; instead, they require that:
- All financial institutions are to implement a Customer Identification Program appropriate for their size, location, and type of business.
- Every Financial Institution’s CIP must be approved by its board of directors or a board committee.
- The CIP must contain the statutorily prescribed procedures in a detailed and well-described format.
- The CIP must be a part of the financial institution’s AML program.
Identity Verification Procedure
Since the goal of the CIP is to ensure the true identity of their customers, each institution must have risk-based, reasonable, and practical procedures to verify customer identity. This procedure must consider the following:
- The types of accounts the financial institution maintains,
- The different methods of opening accounts,
- The types of information available.
These procedures must specify the following:
- The identifying information needed from the customer,
- The verification documents required from the customer,
- The methods, and alternative methods, the financial institutions will use to verify the information given,
- The time frame for verification,
- When it cannot thoroughly verify that the customer is who he says he is, the actions to take.
The CIP must also include procedures for providing customers with adequate notice that the institution requests information to verify their identity.
Before opening an account or adding a signatory, the following information are collected from customers:
- Address — this includes both residential and mailing addresses for individuals and business addresses for companies.
- Date of Birth — needed for individuals
- Identification Number — includes taxpayer id, employer id, or any other government-issued document that shows nationality, residence, photograph, or any other biometrics identifiers.
The time frame for verification depends on the type of account, the information available, and whether the customer is physically present at the time of account opening. A financial institution must include procedures to determine when a Suspicious Activity Report (SAR) must be filed with the FinCEN and other enforcement agencies as part of its identity verification process. When a customer appears on a government list of known or suspected terrorists, financial institutions must comply with all government directives concerning such lists.
Methods used for Customer Identity Verification
1. Documentary Verification: The financial institution specifies the documents for verification. Documents may include:
- An unexpired government-issued identification for individuals,
- Registered articles of incorporation, a government-issued business license, partnership agreement or trust instrument for corporations, companies, and partnerships.
2. Non-documentary verifications: financial institutions are to specify their methods for this. This covers cases where:
- Some customers legitimately cannot present the standard forms of identification when opening an account.
- unfamiliar documents are presented,
- The customer opens an account without appearing at the financial institution.
3. Additional Verification: Financial institutions use this when they cannot verify customers’ true identities using the methods mentioned above. Also, financial institutions are to identify types of accounts that pose a heightened risk to prescribe additional measures for identity verification of those seeking to open an account and the signatory for such accounts.
Record-Keeping in CIP
The CIP used by a financial institution must include reasonable procedures for keeping and maintaining records of the information collected and used. A financial institution must keep records of the following:
- Identifying information provided by the customer,
- The document used to verify the customer,
- Methods and results of any additional measure undertaken to verify the customer’s identity,
- The resolution of any discrepancy in the identifying information obtained.
The institution will retain these records five years after the account closure date.
CIP Compliance Management
Complying with the US regulation requirements on CIP is vital for all the institutions it applies to. Financial institutions should take the following steps to build a robust compliance program that meets their CIP obligations:
- Have policies and procedures that address customer identification, verification, and record-keeping.
- Train staff on CIP requirements to ensure they understand and effectively implement the institution’s policies and procedures.
- Conduct regular assessments of their CIP programs to identify weak points and make necessary adjustments.
The above can incur significant costs depending on the financial institution’s size, complexity, and business. non-compliance penalties can be severe. Regulatory agencies, including the FinCEN, the Federal Reserve, and the Securities and Exchange Commission (SEC), among many others, have the authority to enforce CIP requirements and impose penalties for non-compliance.
The penalties for CIP non-compliance can include fines, cease and desist orders, enforcement actions, and even criminal charges. Fines may range from thousands to millions of dollars, depending on the violation’s severity and the financial institution’s size. In some cases, regulators can pursue legal action, leading to high legal costs and reputational damage. In addition to fines and legal action, non-compliance with CIP requirements can damage the financial Institution’s reputation. Customers and investors may lose confidence in the Institution’s ability to comply with regulatory requirements and may choose to take their business elsewhere.
The Customer Identification Program (CIP) is a crucial component of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations in the United States. CIP requires financial institutions to verify customer identities for new accounts. This aims to prevent money laundering, terrorist financing, and other illicit activities. To minimize non-compliance risk and protect their reputation, institutions should create effective policies, train employees, and routinely assess their CIP program.
As a company leading a blockchain technology that will be helpful in the finance industry, we also believe in the ability to reduce fraud and all irregularities in the financial world. More reason Identity.com doesn’t take the back seat in contributing to this future via identity management systems and protocols. We also belong to the World Wide Web Consortium (W3C), the standards body for the World Wide Web.
The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.