A Customer Identification Program (CIP) is a set of procedures mandated by regulatory authorities that financial institutions must follow to verify the identity of their customers. The CIP is a fundamental component of an institution’s anti-money laundering (AML) and counter-terrorist financing (CTF) compliance efforts.
Key Points:
- Purpose: The primary purpose of CIP is to ensure that financial institutions know who their customers are, which helps prevent money laundering, terrorist financing, fraud, and other financial crimes.
- Regulatory Framework:
- USA PATRIOT Act: In the United States, the CIP requirements are outlined in Section 326 of the USA PATRIOT Act. Similar regulations exist in other countries under their respective AML laws.
- Financial Action Task Force (FATF): Provides international standards and guidelines for customer identification as part of broader AML and CTF measures.
- Core Requirements:
- Customer Identification: Financial institutions must collect and verify certain information about their customers at the time of account opening. This information typically includes:
- Full name
- Date of birth
- Address (residential or business)
- Identification number (such as a Social Security Number in the U.S., a passport number, or a taxpayer identification number)
- Verification Methods: Institutions must use reasonable measures to verify the information provided by customers. This can include:
- Checking government-issued identification documents (e.g., passports, driver’s licenses)
- Using third-party databases or public records
- Conducting face-to-face interviews or video verification
- Customer Identification: Financial institutions must collect and verify certain information about their customers at the time of account opening. This information typically includes:
- Risk-Based Approach: Financial institutions may tailor their CIP procedures based on the risk profile of the customer. Higher-risk customers might require enhanced verification measures, while lower-risk customers might undergo a simplified process.
- Record-Keeping: Institutions are required to maintain records of the identification information and verification methods used for each customer. These records must be kept for a specified period, typically five years after the account is closed.
- Ongoing Monitoring: CIP is not a one-time process. Financial institutions must continuously monitor customer accounts and transactions to detect suspicious activities and ensure that the information remains accurate and up-to-date.
- Exceptions and Exemptions: Certain types of accounts or customers may be exempt from some CIP requirements. For example, accounts opened by publicly traded companies or government entities might have simplified identification requirements.
- Penalties for Non-Compliance: Failure to comply with CIP requirements can result in significant penalties for financial institutions, including fines, legal sanctions, and reputational damage.
- Examples of CIP Practices:
- A bank collects a customer’s name, address, date of birth, and Social Security Number when opening a new account and verifies the information using a government-issued ID and a third-party database.
- An online financial service uses a combination of document verification and biometric identification to verify the identities of its customers during the account opening process.
