Customer Identification Program (CIP): Definition & Guidelines

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

Every bank needs a customer identification program (CIP) to comply with United States requirements created in the aftermath of the terrorist attacks of 9/11.

CIP in banking reduces money laundering risks. Organizations that don’t comply could face stiff fines, loss of consumer confidence, or both. 

What is a customer identification program?

Should you be able to walk into a bank, state your name, and open an account? Federal regulators don't think so. A CIP program ensures that your financial partners know who you are, what risks you pose, and what work you expect to do. Banks are expected to get all the information they need within a reasonable time, and they should use both documents and interviews to get it. 

Banks and financial institutions make their own CIP verification programs based on their size, typical customers, and location. At one bank, you could be asked for six or eight pieces of identification. At another, you might face less stringent requirements. Both organizations are complying with the law. 

We've been talking about CIP banks, but it's important to understand that credit unions, trusts, and savings associations are also required to comply. If it involves moving money, the organization must be prepared. 

Ignoring the rules isn't wise. Fines for violations could cost companies thousands, and in some cases, prosecutors could open cases in civil court. 

How does a CIP program work?

Legislative rules dictate minimums. Banks must verify identity and address, for example. But organizations must also create risk-based verification rules, so they can spot problems that might be specific to their markets. 

Before any customer can open an account, the bank must gather these four types of information:  

  1. Name: The customer must offer a first and last name. 
  2. Birthdate: An individual must provide the date of birth, including the year.
  3. Address: Individuals must provide their home addresses, and businesses must offer a principal address for the home office. 
  4. Identification number: A number associated with tax records applies here. 

With this data in hand, the organization must:

  • Verify. Accepting information at face value isn't enough. The organization should look at supporting documentation to ensure they're getting the right answers. 
  • Record. The organization should keep records of the information they've accepted. 
  • Check. The bank should also look over terrorism lists from governments to ensure they're not working with criminals. 
  • Watch. In some cases, the bank may do even more investigation. If someone attempts a transaction that seems dangerous, for example, the bank may study records again. 

CIP verification is very similar to Know Your Customer (KYC) regulations. Some people use the terms interchangeably. 

Understand CIP in banking: How did we get here?

Arguably, it was much easier to open an account and move money years ago. It can seem unusual or irritating to offer up so much data to work with your own money in a bank that you've chosen. But these rules are meant to curb very real problems. 

In the aftermath of the September 11 attacks, legislators determined that the attackers used banks within the United States to fund their work. They deposited money in these accounts, and made withdrawals to buy their supplies and pay their conspirators. 

No one wants to work with a bank that supports terrorism. And no one wants to think about American companies making American deaths possible. These rules are meant to keep people safe. 

Banks can't run these checks without your consent. They are required to provide you with ample notice that they're checking your credentials and verifying your identity. But you are not allowed to opt out. 

Interested in finding out more about how banks are securing data? Read this blog about how banks earn the trust of younger customers. 

References

Customer Identification Programs for Financial Transactions. (February 2019). Privacy Rights Clearinghouse.

BSA/AML Violations Can Cost You! (March 2018). National Association of Federally Insured Credit Unions.

Guidance on Customer Identification Regulations. (January 2004). Financial Crimes Enforcement Network.

31 CFR1020.220: Customer Identification Program Requirements for Banks. Cornell Law School.

Terrorist Financing Since 9/11: Assessing an Evolving Al-Qaeda and State Sponsors of Terrorism. (May 2012). House of Representatives.

Federally Required Customer Identification Program (CIP) for Banks. Connecticut General Assembly.