Discover our latest AI-powered innovations around faster payments, smarter workflows, and real-time visibility.Learn more →
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
The CIP helps prevent these customers from laundering money and financing terrorism. The CIP is implemented as part of the USA Patriot Act and is a requirement under the Bank Secrecy Act (BSA) to help financial institutions prevent fraud.
History of the Customer Identification Program
After the terrorist attacks of Sept. 11, 2001, the U.S. Congress determined that requiring banks to verify the identities of their customers would help combat terrorism and aid in anti-money laundering efforts. The CIP went into effect on June 9, 2003.
How Does the Customer Identification Program Work?
The purpose of the Customer Identification Program is to prevent customers from using financial transactions to commit fraud. As such, banks must ensure that customers tell the truth about who they are when they open new accounts.
The CIP has minimum requirements for banks to follow when onboarding new clients. These requirements differ, depending on the organization’s size and location. For example, large banks that offer a wide variety of products and services will have different requirements than small, local community banks.
Although financial institutions develop their own CIPs, they have to follow six general regulations under the BSA:
1. Clear, comprehensive written procedures: Financial institutions must create a well-written and clear customer identification program outlining its procedures and practices in detail. They must also clearly indicate the conditions individuals must meet before they can become customers.
2. Collect customer information: Financial institutions must collect a minimum of four pieces of identifying information from every consumer: name, date of birth, address, and taxpayer identification number, i.e., a Social Security number for a U.S. citizen. For a non-U.S. citizen, the financial institution can collect a tax ID number or the number from any other government-issued document and the country where it was issued. A corporation or other legal business entity may need to provide additional information, including the address of its headquarters, employer identification number, certified articles of incorporation, and government-issued business license.
3. Procedures to verify identity: A financial institution should create reasonable, practical, risk-based procedures to verify each customer’s identity – procedures that provide the FI with a reasonable belief it knows the customer’s true identity.
4. Recordkeeping requirements: Every financial institution must keep a record of all the information it collects on a customer for at least five years after a customer closes an account.
5. Comparison with government lists: Financial institutions must check that potential customers aren’t included on any government terrorist list by comparing the names of potential customers to the names on these lists.
6. Customer notice: Financial institutions must give adequate notice that they are requesting information to verify potential customers’ identities.
Try Modern Treasury
See how smooth payment operations can be.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.
Subscribe to Journal updates
Discover product features and get primers on the payments industry.