Companies considering Know Your Customer (KYC) procedures, such as for AML compliance, are increasingly having to navigate regulations and jurisdictions across different markets. In addition to differing regulatory requirements, specific terminology can sometimes be overwhelming. Increasingly, online services beyond just FinTech, such as ones in cryptocurrency, need to learn about terms used in financial regulations, not just to avoid fines, but to prevent fraud. In the United States, a Customer Identification Program (CIP) is a common term linked to KYC and AML regulations.
As financial regulations extend to more and more industries, such as cryptocurrency, businesses handling online transactions and may become subject to requirements. As such, having robust KYC procedures in place can help protect your business. In this post, we will outline what a CIP is in the US and how businesses can implement a consumer-centric one efficiently to increase security and build trust with end users.
What is a Customer Identification Program?
A Customer Identification Program (CIP) is a statutory legal requirement used to verify a customer’s identity when undertaking financial transactions. US financial institutions are responsible for the program and ensuring every customer’s identity is exactly who they say they are. While a CIP was intended for financial institutions at the time it was introduced, online businesses can adopt the principles in the program for their KYC procedures and AML compliance.
After the events of September 11, the CIP was inserted into section 326 of the USA PATRIOT Act, commonly known as the Patriot Act, and was later ratified as a hard rule for all financial institutions to follow in 2003.
The CIP requirement was specifically designed to reduce international money laundering and prevent funding sources for terrorism and other illegal activities as part of a bank’s wider AML compliance system. The Patriot Act outlines “the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.”
Based on the Patriot Act, the Federal Deposit Insurance Corporation (FDIC) states that CIP procedures should be “appropriate for its size and type of business” and enable it “to form a reasonable belief that it knows the true identity of each customer.” To know the true identity of a customer (KYC), an obliged financial institution needs to conduct customer due diligence (CDD). Today, performing certain types of digital identity verification allows businesses can enable a business to perform necessary CDD and KYC procedures.
To comply with CIP requirements, financial institutions needed to know their customers, giving rise to KYC procedures. CIP is sometimes used interchangeably with KYC because identifying your customer allows you to be compliant.
A CIP needed to be incorporated into the bank’s Bank Secrecy Act and AML compliance program.
What are the general requirements for a CIP?
A CIP is relevant to both individual consumers and corporations. As with KYC checks outside the US, the FDIC stipulates that the implementation of a CIP comprise four minimum pieces of identifying information for every new account opening:
- Date of birth
- Identification Number
That is just the minimum requirement. In the US context, an Identification Number refers to a tax ID number. Non-US persons would need to provide identity papers such as passport numbers, national ID card numbers or a government-backed national tax number to qualify under the CIP.
The official rules of the CIP state that identity verification is either undertaken through documented means or through non-documentary methods. Document verification encourages a bank “to review more than a single document to ensure that it has a reasonable belief that it knows the customer’s true identity.”
Non-documentary verification includes “contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions, and obtaining a financial statement.”
At the core of the CIP is a time-specific undertaking, meaning that banks must ensure they verify the account holder within a “reasonable” time period of the account opening.
The CIP Final Rule in the Patriot Act outlines six general requirements for a CIP:
- A written (documented) program
- Four pieces of identifying information
- Identity verification procedures
- Record keeping
- Checks with government lists
- Customer notice
CIP verification rules
Banks must hold customer verification data for a minimum of five years, even after the account has been closed. Similarly, when the above personal information cannot be verified, a CIP has specific rules in place to determine whether the account can still be opened legally.
Customers verified through the CIP will also be scanned through Federal Government databases. These include ‘lists’ of known suspected terrorists or terrorist organizations to ensure the bank can be confident they are doing business with a person or business who are not engaged in illegal practices.
How digital identity verification helps your CIP
Online services today are competing on customer experience and security. Product teams have to develop frictionless user onboarding experiences to convert customers, while also demonstrating that they have robust privacy and data security measures. Instead of seeing a CIP as a regulatory burden, product teams that can incorporate a smooth, safe, and secure KYC check for customers will help conversion and retention.
Digital identity verification services, like Passbase, provide companies with a crucial cornerstone for a CIP. Identity verification takes a customer’s biometric information, such as selfie video, and matches it to their government-issued photo ID. Face matching technology allows a business to be confident that the person is who they claim to be. Document verification, such as checking for watermarks, also increases assurance. If additional information, such as a US Tax ID number is required, additional checks and documents can be added to complete the identity verification workflow. Passbase’s dashboard allows teams to customize verification flows with drag and drop options tailored for each business case.
Passbase powers identity verification across more than 6000 government-issued IDs from over 190 countries. With just a photo of an identity document and a smartphone camera, users can confirm their identity and gain access to different online services, helping businesses onboard more customers, more securely.
In the context of a CIP, businesses need to look beyond basic documentary evidence to verify identity and consider new approaches to verification that are not only faster to onboard, but are also more secure and efficient. Using liveness detection, age verification and AML compliance solutions help you tackle compliance in a comprehensive way.
As established companies continue their digital transformation and a new era of digital services emerge to serve consumers in a Covid-19 landscape, business growth will be driven by secure and pragmatic online CIPs and identity verification solutions.
To see any of our features live, you can also book a demo!