What is a Customer Identification Program (CIP)?

Are you a FinTech operating in the US? Here's everything you need to know about the US-based Customer Identity Program (CIP)

Companies considering know your customer (KYC) procedures, such as for AML compliance, are increasingly having to navigate regulations and jurisdictions across different markets. In addition to differing regulatory requirements, specific terminology can sometimes be overwhelming. Increasingly, online services beyond just FinTech, such as ones in cryptocurrency, need to learn about terms used in financial regulations, not just to avoid fines, but to prevent fraud. In the United States, a Customer Identification Program (CIP) is a common term linked to KYC and AML regulations.

As financial regulations extend to more and more industries, such as cryptocurrency, businesses handling online transactions and may become subject to requirements. As such, having robust KYC procedures in place can help protect your business. In this post, we will outline what a Customer Identification Program is in the US and how businesses can implement a consumer-centric one efficiently to increase security and build trust with end users.

What is a Customer Identification Program?

A Customer Identification Program (CIP) is a statutory legal requirement used to verify a customer’s identity when undertaking financial transactions. US financial institutions are responsible for the program and ensuring every customer’s identity is exactly who they say they are. While a Customer Identification Program was intended for financial institutions at the time it was introduced, online businesses can adopt the principles in the program for their KYC procedures and AML compliance.

After the events of September 11, the Customer Identification Program was inserted into section 326 of the USA PATRIOT Act, commonly known as the Patriot Act, and was later ratified as a hard rule for all financial institutions to follow in 2003.

The Customer Identification Program requirement was specifically designed to reduce international money laundering and prevent funding sources for terrorism and other illegal activities as part of a bank’s wider AML compliance system. The Patriot Act outlines “the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.”

Based on the Patriot Act, the Federal Deposit Insurance Corporation (FDIC) states that CIP procedures should be “appropriate for its size and type of business” and enable it “to form a reasonable belief that it knows the true identity of each customer.” To know the true identity of a customer (KYC), an obliged financial institution needs to conduct customer due diligence (CDD). Today, performing certain types of digital identity verification allows businesses can enable a business to perform necessary CDD and KYC procedures.

To comply with Customer Identification Program requirements, financial institutions needed to know their customers, giving rise to KYC procedures. Customer Identification Programs are sometimes used interchangeably with KYC because identifying your customer allows you to be compliant.

What are the general requirements for a Customer Identification Program?

A Customer Identification Program is relevant to both individual consumers and corporations. As with KYC checks outside the US, the FDIC stipulates that the implementation should comprise four minimum pieces of identifying information for every new account opening:

  • Name
  • Date of birth
  • Address
  • Identification Number

That is just the minimum requirement. In the US context, an Identification Number refers to a tax ID number. Non-US persons would need to provide identity papers such as passport numbers, national ID card numbers or a government-backed national tax number to qualify under the Customer Identification Program.

The official rules of the CIP state that identity verification is either undertaken through documented means or through non-documentary methods. Document verification encourages a bank “to review more than a single document to ensure that it has a reasonable belief that it knows the customer’s true identity.”

Non-documentary verification includes “contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions, and obtaining a financial statement.”

At the core of the CIP is a time-specific undertaking, meaning that banks must ensure they verify the account holder within a “reasonable” time period of the account opening.

The Customer Identification Program Final Rule in the Patriot Act outlines six general requirements for a CIP:

  1. A written (documented) program
  2. Four pieces of identifying information
  3. Identity verification procedures
  4. Record keeping
  5. Checks with government lists
  6. Customer notice

Customer Identification Program verification rules

Banks must hold customer verification data for a minimum of five years, even after the account has been closed. Similarly, when the above personal information cannot be verified, a Customer Identification Program has specific rules in place to determine whether the account can still be opened legally.

Customers verified through the CIP will also be scanned through Federal Government databases. These include ‘lists’ of known suspected terrorists or terrorist organizations to ensure the bank can be confident they are doing business with a person or business who are not engaged in illegal practices.

How digital identity verification helps your Customer Identification Program

Online services today are competing on customer experience and security. Product teams have to develop frictionless user onboarding experiences to convert customers, while also demonstrating that they have robust privacy and data security measures. Instead of seeing a CIP as a regulatory burden, product teams that can incorporate a smooth, safe, and secure KYC check for customers will help conversion and retention.

Reducing friction through UX design

Depending on the industry, some companies may use databases or credit check services to fulfill their CIP requirements. The common wisdom was that this required less effort for customers than taking a selfie video and delayed online identity verification. However, CIP checks that only require a tax number can be easily stolen and used for fraud.

In contrast, doing a full identity verification to meet CIP requirements increases the assurance that you are interfacing with your actual customer and protects their accounts Identity verification takes a customer’s biometric information, such as selfie video, and matches it to their government-issued photo ID. Face matching technology allows a business to be confident that the person is who they claim to be. Document verification, such as checking for watermarks, also increases assurance. If additional information, such as a US Tax ID number is required, additional checks and documents can be added to complete the identity verification workflow. From a UX design perspective, customers can be allowed into their accounts while their identity is being verified. Once it is verified, they can gain access to other features such as transactions.

Passbase’s dashboard allows teams to customize verification flows with drag and drop options tailored for each business case. Passbase powers identity verification across more than 6000 government-issued IDs from over 190 countries. With just a photo of an identity document and a smartphone camera, users can confirm their identity and gain access to different online services, helping businesses onboard more customers, more securely.

In the context of a CIP, businesses need to look beyond basic documentary evidence to verify identity and consider new approaches to verification that are not only faster to onboard, but are also more secure and efficient. Using liveness detectionage verification and AML compliance solutions help you tackle compliance in a comprehensive way.

As established companies continue their digital transformation and a new era of digital services emerge to serve consumers in a Covid-19 landscape, business growth will be driven by secure and pragmatic online CIPs and identity verification solutions.

You can also learn more in our AML overview and KYC quick guide.

Passbase offers a 30-day free trial for teams to test how our identity verification features fit into your existing product. You can get set up with our integration guide or our Youtube tutorials.

To see any of our features live, you can also book a demo!

Get the latest news from Passbase

Passbase © 2021


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.