A customer identification program checklist is an essential tool that identity management experts, compliance officers, AML specialists, and other professionals can use to complete various CIP tasks in order to create and manage a Customer Identification Program (CIP). In most countries, financial institutions must implement customer identification procedures for verifying the identity of their customers when opening accounts. A CIP checklist can help prevent violations of the USA Patriot Act of 2001, Anti-Money Laundering Act, and Bank Secrecy Act (BSA), as well as hefty fines and penalties for noncompliance.
What is Customer Identification Program (CIP)?
Customer identification program (CIP) requirements were introduced in 2003 as part of the USA Patriot Act provision which require identity verification for all customers who open accounts to enter into financial transactions. CIP which is commonly referred to as Know Your Customer (KYC) was primarily introduced for tracking money laundering and terrorist funding activities and financial transactions and requires financial institutions to develop a program for customer identity verification and incorporate the process into the Anti-Money Laundering and Bank Secrecy Act (BSA) compliance programs. The extent of the CIP may be in proportion to the type and size of the organization which must comply with the provision.
Who is Considered a “Customer”?
A “customer” under the CIP rule is a person who opens a new account at a financial institution. Other persons of interest who qualify as customers include:
- Co-owners of existing deposit accounts.
- Substituted borrowers for original borrowers through assumption loans.
- Persons with power of attorney if account holders are legally incapacitated.
The Customer Identification Program rule doesn’t apply to applicants who are denied an account. It only applies when the bank enters into a loan agreement or opens an account, after verifying an applicant’s identity. An identity verification is comprised of a set of standards, referred to as Know Your Customer (KYC). Each organization within the the financial services and investment industry uses its own criteria for verifying customers who apply for accounts or services.
CIP Compliance Requirements
As part of a customer identification program, institutions must assess the risk associated with each account based on the type of accounts, methods used for opening accounts, identifying information used in the process, as well as the size and nature of the organization. CIP program is not meant to be a “one size fits all” type of program.
Financial institutions may consider the following when instituting a CIP:
- Internal controls, policies, and procedures.
- A designated compliance officer.
- Continuous training program for the employees.
- Independent auditing for testing the program.
Established procedures for opening an account include:
- Identity verification of any individual opening an account.
- Record maintenance of information used to verify the person’s identity, such as the name, address, and other information to prove identity.
- Verification of an individual listed as a known or suspected terrorist or linked to an extremist organization per government listings.
Written CIPs must address procedures for:
- Verifying new customer identity.
- Creating and maintaining verification records.
- Ensuring exclusion of new customers from terrorist or extremist organization lists maintained by the government.
- Providing customers with notification that the financial institution is requesting information to verify their identities.
Who Must Comply with CIP Requirements?
- Financial institutions
- Credit Unions
- Trust companies
- Investment and lending firms
- Insurance companies
How is CIP Related to Anti Money Laundering Laws?
CIP is strongly related to anti-money laundering laws and is required to be included in the AML compliance program. Banks and other financial institutions are required to have a written Customer Identification Program implemented based on their size and type.
General Procedures of an Effective Customer Identification
Companies need to hire a professional compliance officer and/or AML specialist to constantly monitor both their CIP and anti-money laundering programs. If entities fail to comply, they could face criminal charges along with fines and penalties.
General procedures of an effective customer identification program include risk-based assessment for customer identity verification. An efficient customer identification must include procedures for:
- verifying customers’ identities
- identifying required information
- verifying information and documentations
- comparing governmental listings
- providing adequate notice
- establishing exemption criteria
- examining/assessing the CIP processes
- auditing and testing
CIP Violation Fines and Penalties
Financial institutions that willfully violates the CIP rules may be fined $250,000 and serve five years in prison. The harshest punishment for a BSA violations and related laws can include fines and penalties up to $500,000 and/or a 10-year prison sentence.
Customer Identification Program Checklist
To ensure CIP compliance and the customer identification process is completed properly, the following customer identification program checklist may be considered which includes the activities and tasks requiring yes or no responses. Each staff member, such as the account rep, AML specialist, and compliance officer must who complete CIP tasks can use the following CIP checklist items to ensure they follow the customer identification program requirements.
- Notified anti-money laundering staff of a new client or customer.
- Reviewed information provided by account representatives about the new client/customer.
- Created profile for the customer to track the new account opening process.
- Determined the KYC documents required for verifying the identity.
- Notified account reps of AML documentation and information needed from the customer.
- Account reps contacted and requested documents and information.
- New customer provided documents/information.
- Account reps sent required documentation and information to AML Compliance Officer or AML Specialist.
- AML professional received the documents and information.
- AML Specialist reviewed documents.
- Validated the identity of the new customer using approved verification methods.
- Completed review of customer identity.
- Conducted screening for sanctions per Office of Foreign Assets Control (OFAC).
- Identified potential matches of the sanctions screening.
- Investigated possible matches for validation.
- Prepared escalation documents for potential matches.
- Reported escalation documentations to the Chief AML Compliance Officer.
- AML Compliance Officer reviewed escalation document.
- Approval or rejection of high-risk client by Compliance Officer.
- Performed other customer due diligence.
- Assigned client risk rating.
- Recorded results of risk rating.
- Opened account for customer based on acceptable risk.
AML compliance officers and other AML professionals create their own checklists based on the type of financial institution they are working for and product offerings. Companies and banks in the financial industry that need additional CIP compliance information can visit reliable sources such as FinCEN and other government agencies.
To meet their customer identification compliance needs, organizations are advised to hire qualified identity management compliance professionals to avoid unnecessary penalties and fines for CIP non-compliance of BSA and AML requirements. Use the information in this CIP checklist as guidance when implementing an appropriate CIP compliance program. Learn more about customer identification and verification methods.