Customer Identification Program
A Customer Identification Program (CIP) is a United States requirement, where financial institutions need to verify the identity of individuals wishing to conduct financial transactions with them and is a provision of the USA Patriot Act. More commonly known as know your customer, the CIP requirement was implemented by regulations in 2003 which require US financial institutions to develop a CIP proportionate to the size and type of its business. The CIP must be incorporated into the bank's Bank Secrecy Act/Anti-money laundering compliance program, which is subject to approval by the financial institution's board of directors.
In 2002, the Department of the Treasury, through the Financial Crimes Enforcement Network (FinCEN), together with the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), and the National Credit Union Administration (NCUA) (collectively, the Agencies), jointly adopted a final rule to implement section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required To Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (the Act).
In July 2016, FinCEN enacted new rules regarding beneficial ownership: Financial institutions must collect from the legal entity customer the name, date of birth, address, and social security number or other government identification number (passport number or other similar information in the case of foreign persons) for individuals who own 25% or more of the equity interest of the legal entity (if any), and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.
The Customer Identification Program is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer. The CIP must include new account opening procedures that specify the identifying information that will be obtained from each customer. It must also include reasonable and practical risk-based procedures for verifying the identity of each customer. Financial institutions should conduct a risk assessment of their customer base and product offerings, and in determining the risks, consider:
- The types of accounts offered
- The methods of opening accounts.
- The types of identifying information available
- The institution's size, location, and customer base
Section 326 requires the Secretary of the Treasury (Secretary) to jointly prescribe with each of the Agencies, the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC), a regulation that, at a minimum, requires financial institutions to implement reasonable procedures to verify the identity of any person seeking to open an account, to the extent reasonable and practicable; maintain records of the information used to verify the person’s identity; and determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. This final regulation applies to banks, savings associations, credit unions, private banks, and trust companies.
- "New Anti-Money Laundering Guidance". FDIC. January 9, 2004. Archived from the original on June 3, 2007.
- "Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions" (PDF). FinCEN. July 19, 2016.[permanent dead link]