Customer Identification Program


A Customer Identification Program is a United States requirement, where financial institutions need to verify the identity of individuals wishing to conduct financial transactions with them and is a provision of the USA Patriot Act. More commonly known as know your customer, the CIP requirement was implemented by regulations in 2003 which require US financial institutions to develop a CIP proportionate to the size and type of its business. The CIP must be incorporated into the bank's Bank Secrecy Act/Anti–money laundering compliance program, which is subject to approval by the financial institution's board of directors.

History

In 2002, the Department of the Treasury, through the Financial Crimes Enforcement Network, together with the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration, jointly adopted a final rule to implement section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required To Intercept and Obstruct Terrorism Act of 2001.
The rule had an effective Date of June 9, 2003 and each US financial institution had to comply with this final rule by October 1, 2003.
In July 2016, FinCEN enacted new rules regarding beneficial ownership: Financial institutions must collect from the legal entity customer the name, date of birth, address, and social security number or other government identification number for individuals who own 25% or more of the equity interest of the legal entity, and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.

Requirements

The Customer Identification Program is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer. The CIP must include new account opening procedures that specify the identifying information that will be obtained from each customer. It must also include reasonable and practical risk-based procedures for verifying the identity of each customer. Financial institutions should conduct a risk assessment of their customer base and product offerings, and in determining the risks, consider:
  • The types of accounts offered
  • The methods of opening accounts.
  • The types of identifying information available
  • The institution's size, location, and customer base
Section 326 requires the Secretary of the Treasury to jointly prescribe with each of the Agencies, the Securities and Exchange Commission, and the Commodity Futures Trading Commission, a regulation that, at a minimum, requires financial institutions to implement reasonable procedures to verify the identity of any person seeking to open an account, to the extent reasonable and practicable; maintain records of the information used to verify the person’s identity; and determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. This final regulation applies to banks, savings associations, credit unions, private banks, and trust companies.