Customer Identification Program (CIP)
The CIP is intended to enable the institution to form a reasonable belief that it knows the true identity of each customer. The CIP must include account opening procedures that specify the identifying information that will be obtained from each customer. It must also include reasonable and practical risk-based procedures for verifying the identity of each customer. Financial institutions should conduct a risk assessment of their customer base and product offerings, and in determining the risks, consider:
- The types of accounts offered
- The methods of opening accounts.
- The types of identifying information available
- The institution's size, location, and customer base
Recordkeeping
A financial institution's CIP must include recordkeeping procedures. At a minimum, the institution must retain the identifying information (name, address, date of birth for an individual, TIN, and any other information required by the CIP) obtained at account opening for a period of time after the account is closed.
The institution must also keep a description of the following after the record was made:
- Any document that was relied on to verify identity, noting the type of document, the identification number, the place of issuance and, if any, the date of issuance and expiration date.
- The method and the results of any measures undertaken to verify identity.
- The results of any substantive discrepancy discovered when verifying identity.
Comparison with Government Lists
The CIP must include procedures for determining whether the customer appears on any federal government list of known or suspected terrorists or terrorist institutions. The Treasury OFAC list of Specially Designated Nationals (SDN) is the primary point of contact. Other lists are described on the Prime Associates Compliance Databank site.
A range of hosted services are available that can provide a full set of list checking, complete with more in-depth risk, credit and identity database checking.
The CIP must include procedures for providing customers with adequate notice that the financial institutions is requesting information to verify their identities.
Use of third-partiesRules exist to enable a financial institution to rely on other financial institutions to perform elements of the CIP. This is often utilized for online account opening where trial deposits are made into a checking account at another institution to validate a customer holds a valid account there. Contracts are required between the institutions to ensure that the AML program is certified annually.
In addition other third parties may be utilized to collect and keep records of customer identities. For example, a car-dealer acting as the agent for a loan. In this scenario additional controls are required since the finacial services institution is responsible for the compliance of the third party with the financial institution's CIP.
More information is available from the FFIEC BSA/AML InfoBase.
Return to Identity, Profile and Know Your Customer