When companies and individual customers consider Know Your Customer (KYC) practices in the international context, it's sometimes easy to forget that different worldwide jurisdictions have their own specific regulations, requirements and often, unique terminology to describe similar practices elsewhere.
In delivering a frictionless onboarding experience, banks and financial institutions need to do their due-diligence by verifying their customers using a process that fulfils KYC-style compliance requirements and Anti Money Laundering (AML) fraud prevention checks.
In the United States, as part of wider Bank Secrecy Act (BSA) and AML compliance, a Customer Identification Program (CIP) is a unique and important requirement for all financial institutions based there.
A Customer Identification Program is a statutory legal requirement used to verify a customer’s identity when undertaking financial transactions. U.S Banks are responsible for the program and ensuring every customer’s identity is exactly who they say they are.
Why is a Customer Identification Program important?
After the events of 9/11, the CIP was inserted into the USA Patriot ACT (section 326 of the ACT if you’re interested), and was later ratified as a hard rule for all financial institutions to follow in 2003.
The program was specifically designed to reduce international money laundering and prevent funding sources for terrorism and other illegal activities as part of a bank’s wider AML compliance system.
Along with the National Credit Union Administration, the Federal Deposit Insurance Corporation (FDIC) is one of two federal agencies based in the US whose main job is to provide deposit insurance for American banking products such as savings accounts.
The FDIC is also responsible for protecting consumers and performing risk, soundness and safety tests on banks to ensure their integrity. Not surprisingly, the integrity of the bank’s customers are of significant interest to ensuring bank-wide customer risk-profile reduction. The CIP framework is built specifically to account for this.
It’s also one of the main reasons the FDIC has a strong interest in ensuring every bank has a tailored CIP based on their size. The FDIC states that CIP procedures should be “appropriate for its size and type of business” and must enable it “to form a reasonable belief that it knows the true identity of each customer.”
In other words, a bank’s size, location and customer base (and where the actual customers are located geographically) all need to be taken into account to serve the requirements of the CIP.
CIP is relevant to both individual consumers and corporations. As with KYC identity verification checks outside the US, the FDIC stipulates that the implementation of a CIP comprise four minimum data points for every new account opening:
- Date of birth
- Identification Number
But that’s just the minimum. In the US-context, an Identification Number refers to a tax ID number. Non-US persons would need to provide identity papers such as passport numbers, national ID card numbers or a government-backed national tax number to qualify under the CIP.
Related and helpful information is contained in the Federal Financial Institutions Examination Council and AML Examination Manual. The official rules of the CIP state that identity verification is either undertaken through documented means or through non-documentary methods.
Document verification encourages a bank “to review more than a single document to ensure that it has a reasonable belief that it knows the customer’s true identity.”
Non-documentary verification includes “contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement.”
At the core of the CIP is a time-specific undertaking, meaning that banks must ensure they verify the account holder within a “reasonable” time period of the account opening.
CIP verification rules
Banks must hold customer verification data for a minimum of five years, even after the account has been closed. Similarly, when the above personal information cannot be verified, a CIP has specific rules in place to determine whether the account can still be opened legally.
Customers verified through the CIP will also be scanned through Federal Government databases. These include ‘lists’ of known suspected terrorists or terrorist organizations to ensure the bank can be confident they are doing business with a person or business who are not engaged in illegal practices.
How Passbase can help
Passbase powers identity verification across more than 6000 government issued IDs from over 190 countries. With just a photo of an identity document and a smartphone camera, users can confirm their identity and gain access to different online services, helping businesses onboard more customers, more securely.
Our identity verification platform can also help simplify and improve the onboarding process. In the context of a CIP, banks need to look beyond basic documentary evidence to verify identity and consider new approaches to verification that are not only faster to onboard, but are also more secure and efficient. This includes a liveness detection, age verification and AML compliance solutions which help you tackle compliance with in a comprehensive way.
As each of us learns to co-exist with COVID-19 over the coming months (and possibly years), a secure and pragmatic CIP will need to stay relevant during the emerging and predicted branch interruptions and closures caused by the pandemic across the United States.
New forms of identification verification tools (the type that Passbase offers) will need to be considered as alternatives outside of the physical branch environment.