What is a Customer Identification Program (CIP)?

Are you a FinTech operating in the US? Here's everything you need to know about the US-based Customer Identity Program (CIP)

Companies considering know your customer (KYC) procedures, such as for AML compliance, are increasingly having to navigate regulations and jurisdictions across different markets. In addition to differing regulatory requirements, specific terminology can sometimes be overwhelming. Increasingly, online services beyond just FinTech, such as ones in cryptocurrency, need to learn about terms used in financial regulations, not just to avoid fines, but to prevent fraud. In the United States, a Customer Identification Program (CIP) is a common term linked to KYC and AML regulations.

As financial regulations extend to more and more industries, such as cryptocurrency, businesses handling online transactions may become subject to some condtions like customer identity program requirements. As such, having robust KYC procedures in place can help protect your business. In this post, we will outline what a Customer Identification Program is in the US and how businesses can implement a consumer-centric one efficiently to increase security and build trust with end users.

What is CIP?

A Customer Identification Program (CIP) is a statutory legal requirement used to verify a customer’s identity when undertaking financial transactions. US financial institutions are responsible for the CIP requirements and for ensuring their customer’s identity is exactly who they say they are. While a Customer Identification Program was intended for financial institutions when it was introduced, online businesses can adopt the principles in CIP rule for their KYC procedures and AML compliance.

After the events of September 11, the Customer Identification Program was inserted into section 326 of the USA PATRIOT Act, commonly known as the Patriot Act, and was later ratified as a hard rule for all financial institutions to follow in 2003.

The CIP requirement was specifically designed to reduce international money laundering and prevent funding sources for terrorism amongst other illegal activities as part of a bank’s wider KYC AML compliance system. The Patriot Act outlines “the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.”

Based on the Patriot Act, the Federal Deposit Insurance Corporation (FDIC) states that CIP requirements should be “appropriate for its size and type of business” and enable it “to form a reasonable belief that it knows the true identity of each customer.” To know the true identity of a customer (KYC), an obliged financial institution needs to conduct customer due diligence (CDD). Today, performing certain types of digital identity authentication like CIP verification allows businesses carry needful CDD and KYC checks.

To comply with CIP requirements, financial institutions needed to know their customers, giving rise to KYC procedures. For CIP and KYC, they are sometimes used interchangeably because identifying your customer allows you to stay compliant.

What are CIP requirements?

A Customer Identification Program is relevant to both individual consumers and corporations. As with KYC checks outside the US, the FDIC stipulates that the implementation should comprise four minimum pieces of identifying information for every new account opening:

  • Name
  • Date of birth
  • Address
  • Identification Number

That is just the minimum CIP requirement. In the US context, an Identification Number refers to a tax ID number. Non-US persons would need to provide identity documents such as passport numbers, national ID card numbers or a government-backed national tax number to qualify under the Customer Identification Program.

The official CIP rule states that identity verification is either undertaken through documented means or through non-documentary methods. Document verification encourages a bank “to review more than a single document to ensure that it has a reasonable belief that it knows the customer’s true identity.”

Non-documentary verification includes “contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions, and obtaining a financial statement.”

At the core of the CIP verification is a time-specific undertaking, meaning that banks must ensure they verify the account holder within a “reasonable” time period of the account opening.

The final CIP Rule in the Patriot Act outlines six general CIP requirements:

  1. A written (documented) program
  2. Four pieces of identifying information
  3. Identity verification procedures
  4. Record keeping
  5. Checks with government lists
  6. Customer notice

Customer Identification Program verification rules

Banks must hold customer verification data for a minimum of five years, even after the account has been closed. Similarly, when the above personal information cannot be verified, there shoukd be certain CIP regulations in place to determine whether the account can still be opened legally.

Customers who undergo the CIP verification will also be scanned through Federal Government databases. These include ‘lists’ of known suspected terrorists or terrorist organizations to ensure the bank can be confident they are doing business with a person or business who are not engaged in illegal practices.

How digital identity verification helps your Customer Identification Program

Online services today are competing on customer experience and security. Product teams have to develop frictionless user onboarding experiences to convert customers, while also demonstrating that they have robust privacy and data security measures. Instead of seeing a CIP as a regulatory burden, product teams that can incorporate a smooth, safe, and secure KYC check for customers will help conversion and retention.

Reducing friction through UX design

Depending on the industry, some companies may use databases or credit check services to fulfill their CIP requirements. The common wisdom was that this required less effort for customers than taking a selfie video and delayed online identity verification. However, CIP checks that only require a tax number can be easily stolen and used for fraud.

In contrast, doing a full identity verification to meet CIP requirements for existing customers and new ones increases the assurance that you are interfacing with your actual customer and protects their accounts. Identity verification takes a customer’s biometric information, such as selfie video, and matches it to their government-issued photo ID. Face matching technology allows a business to be confident that the person is who they claim to be. Document verification, such as checking for watermarks, also increases assurance. If additional information, such as a US Tax ID number is required, additional checks and documents can be added to complete the identity verification workflow. From a UX design perspective, customers can be allowed into their accounts while their identity is being verified. Once it is verified, they can gain access to other features such as transactions.

Passbase’s dashboard allows teams to customize verification flows with drag and drop options tailored for each business case. Passbase powers identity verification across more than 6000 government-issued IDs from over 190 countries. With just a photo of an identity document and a smartphone camera, users can confirm their identity and gain access to different online services, helping businesses onboard more customers, more securely.

In the context of a CIP verification, businesses need to look beyond basic documentary evidence to verify identity and consider new approaches to verification that are not only faster to onboard, but are also more secure and efficient. Using liveness detectionage verification and AML compliance solutions help you tackle compliance in a comprehensive way.

As established companies continue their digital transformation and a new era of digital services emerge to serve consumers in a Covid-19 landscape, business growth will be driven by secure and pragmatic online identity and CIP verification solutions.

Now you know what a CIP is, you can also learn more in our AML overview and KYC quick guide.

Sign up with us here to see how our identity verification features fit into your existing product. You can get set up with our integration guide or our Youtube tutorials.

To see any of our features live, you can also book a demo!

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.