Customer Identification Program (CIP)
October 12, 2020
Customer Identification Program (CIP)
October 12, 2020

Do you remember where you were on September 11, 2001? I think we all do. I was working at a financial institution in Dayton, Ohio when the news hit the television. I was horrified to see this terrorism in our own country. As a certified CAM specialist, it is near and dear to me as this was the foundation of the USA Patriot Act. After the terrorist attacks on September 11, 2001, Congress passed the United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act). This law required financial institutions to come up with written policies and procedures on how to verify the identity of their customers. This law also expanded to other types of businesses to be classified as financial institutions. Among those businesses are car dealerships. The following link shows a list of businesses that are considered financial institutions for Bank Secrecy Act purposes:

This program should be risk-based and take many factors into consideration such as:

  • The size of the financial institution
  • The location of the financial institution and its branches
  • Business operations
  • Types of accounts
  • Different ways in which accounts are opened (in person, through the mail, online)
  • The different types of identification information available
  • Types of businesses/customers you serve

Basically, to comply with the USA Patriot Act your Customer Identification Program (CIP) must:

  • Be in writing and be a part of the financial institutions Anti-Money Laundering compliance program-which requires approval from the Board of Directors
  • Verify the identity of any person/business seeking to open an account with your financial institution
  • Maintain records of the information used to verify their identity
  • Make sure the person/business is not on any government-provided terrorist list

There are five parts to the Customer Identification Program (CIP):

  • Customer Information Required
  • Customer Verification
  • Customer Notice
  • Comparison with terrorist lists
  • Recordkeeping

Let’s start with Customer Information Required. Financial institutions must obtain, at a minimum:

  • Name
  • Date of Birth
  • Residential or Business address (must be a physical address-no PO boxes)
  • If U.S. customer-must be a Tax Identification Number (TIN). If non-U.S. customer one of the following:
    1. Tax Identification Number (TIN)
    2. Passport number and country of issuance
    3. Alien ID card and country of issuance
    4. Any other government issued document showing nationality or residence that has a photo or other similar safeguard

Financial institutions can choose to open an account without a Tax Identification Number if they have proof that it has been applied for. But if they choose to do this, it needs to be addressed in their Customer Identification Program (CIP). They need to spell out what is acceptable proof that it has been applied for and how long they are willing to leave the account open with it.

The next step is Customer Verification. The financial institution needs to explain when they will rely on documents, non-documentary methods or a combination of both and what are acceptable documents for each type.

Acceptable Documents

  • For individuals it should be an unexpired government issued ID such as a driver’s license or passport
  • For non-individuals it should be a document showing the existence of the entity such as Certified Articles of Incorporation, government issued business license, partnership agreements or trust documents

Acceptable Non-Documentary Method

  • Contact the customer with the information provided by them at account opening (call them at work or send them a piece of mail)
  • Compare information on the Credit Report to the information provided by the customer at account opening
  • Check references with other financial institutions
  • Request financial statements from the customer

This financial institution can require more than one non-documentary item if they choose as long as it is in their Customer Identification Program policy

The Customer Identification Program (CIP) must also discuss situations in which it is unable to verify the customers identity such as:

  • When an account should not be opened
  • The terms I which an account can be used while the financial institution is attempting to verify the customers identity
  • When to close the account
  • When to file a Suspicious Activity Report (SAR)

Financial institutions must also give Customer Notice. They must notify the customer, prior to account opening, that they will be collecting information to verify their identity. This notice can be done by:

  • Post a visible notice in the lobby of the financial institution
  • Post a notice on their website
  • Include the notice with the new account application
  • Any other form of written or oral notice

Also, the financial institution must do a Comparison to Government Lists. Your Customer Identification Program (CIP) must contain the steps the financial institution will take to determine that the customer does not appear on any list of terrorists or terrorist organizations issued by any federal government agency.

And lastly is Recordkeeping. All financial institutions must maintain at a minimum:

  • Identification information obtained from the customer when account was opened (name, address, date of birth, and tax identification number)
  • Description of any document used to include:
    1. Type of document
    2. Any ID number on said document
    3. Place of issuance
    4. Date of issuance/expiration
  • Description of methods and results of non-documentary methods (is used)
  • Description of the resolution of any discrepancy when verifying identification
  • Must be maintained for 5 years after the account has been closed

This is the minimum of what is required by financial institutions to comply with the USA Patriot Act for Customer Identification. And this is just one small part of your entire Bank Secrecy Act program. More and more is being put on financial institutions to help combat the fight against terrorism in the United States. LeBrun Management Solutions LLC is based in Dayton, Ohio and is here to help your financial institution in this fight. We would love to be of help to your credit union or small community bank. Please feel free to reach out to us at 937-912-9045 or via email at for a free consultation to see how we can partner with your institution.