Search Icon
Back to Blog

Customer Identification Program (CIP) and Know Your Customer (KYC) are related terms and often used interchangeably. It’s important to understand the distinction between these two terms and their impact to financial services organizations to ensure compliance.

What Is the Difference Between CIP & KYC?

CIP is the legal requirement for financial institutions to verify information provided by a consumer as outlined in the USA Patriot Act, whereas KYC refers to the specific processes a financial institution utilizes to verify a consumer’s identity before engaging in transactions.

CIP Requirements

The Bank Secrecy Act of 1970 (BSA) requires financial institutions to assist U.S. government agencies in the detection and prevention of money laundering. Compliance with the BSA includes financial institutions maintaining a Customer Identification Program to prove that the identities of new customers have been verified at account opening.

The current requirements for CIP were codified into law with the landmark signing of the USA Patriot Act in 2001 requiring banks, savings associations, credit unions and certain non-federally regulated banks to have a CIP appropriate to their size and business. Managing an effective CIP also continues to be an important aspect of complying with the original provisions of the BSA. The CIP rule requires a bank to verify the identity of each “customer” where a customer is generally defined as “a person that opens a new account” and must enable it “to form a reasonable belief that it knows the true identity of each customer.”

The main components of a CIP include:

  • Collection of customer information: Name, date-of-birth, address and a taxpayer identification number are the minimum requirements. For a U.S. citizen, a SSN serves as the taxpayer identification number. For non-U.S. persons, an identification number from a government issued ID bearing a photograph or similar safeguard is considered acceptable.
  • Identity verification procedures: While the specific procedures used are not mandated, the procedures must enable the financial institution to form a reasonable belief that it knows the true identity of the customer. In online channels, this is often satisfied with comparing consumer provided information to records from databases, and/or document risk-based procedures for verifying the identity of each customer.
  • Comparison with government lists: Ensuring the customer is not included on any sanctions list of known or suspected terrorists or terrorist organizations issued by any federal government agency, most commonly deployed via OFAC.
  • Record keeping requirements: Written procedures are necessary for the collection and maintenance of records for all information obtained in the identity verification process. This includes all identifying information, a description of any document relied upon for identity verification, a description of the methods and the results of any measures undertaken to verify the identity of the customer, and a description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.
  • Retention of records: Requirement to maintain customer data for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant.
  • Customer notice: Documented process for providing bank customers with adequate notice that the bank is requesting information to verify their identities.

CIP as part of a KYC Program

Today, CIP is more commonly known as a component of KYC programs. As mentioned, KYC standards are designed to protect financial institutions against fraud, corruption, money laundering and terrorist financing.

An effective KYC program has three main components:

  • CIP: The collection and verification of consumer provided information establishing a reasonable belief that the consumer exists and is who they say they are.
  • Customer Due Diligence (CDD): Ensuring that a customer is trustworthy and suitable to do business with. Different levels of CDD should be deployed depending on the risk of the consumer and types of transactions they are desiring to perform. For example, low dollar amount accounts and transactions typically require less CDD than higher value transactions.
  • Ongoing monitoring: The first two components of a KYC program typically safeguard financial institutions at account opening, but do not provide protection for any changes once a customer. Regular re-evaluation of a customer is necessary to ensure there is no emergence of unusual activities or inclusions on a government sanctions list. While periodic re-screening may be acceptable in some cases, the best practice is to deploy continuous monitoring so that any changes can be alerted to in real-time.

How to Better Comply with CIP Requirements

Compliance with CIP is not only essential, it is growing more challenging as transactions have shifted to digital channels. When operating in a digital environment, financial institutions must not only assess new customers accurately, they must do so without introducing friction into the onboarding process.

Socure KYC can automate your KYC/CIP program, enabling you to auto-approve up to 98% of customers while satisfying compliance requirements. Our KYC solution is powered by the industry-leading ID graph and uses advanced AI/ML and search analytics to achieve the highest match accuracy in the industry including Gen Z and underserved consumers.

Socure offers the deepest multi-dimensional view of any consumer along with detailed risk and reason codes for each identity element that provide actionable intelligence. Socure KYC powers solutions for some of the largest card issuers, 4 of the 5 top banks and Fintech service providers in the U.S.

Additionally, Socure’s Global Watchlist with Monitoring can deliver true continuous monitoring of your customer accounts with sophisticated matching algorithms, proprietary data, and industry-leading accuracy for uninterrupted compliance with CIP regulations.

To learn more about how Socure can enable best-in-class KYC/CIP programs for your organization, talk to an expert today.

Customer Identification Program (CIP) and Know Your Customer (KYC) are related terms and often used interchangeably. It’s important to understand the distinction between these two terms and their impact to financial services organizations to ensure compliance.

What Is the Difference Between CIP & KYC?

CIP is the legal requirement for financial institutions to verify information provided by a consumer as outlined in the USA Patriot Act, whereas KYC refers to the specific processes a financial institution utilizes to verify a consumer’s identity before engaging in transactions.

CIP Requirements

The Bank Secrecy Act of 1970 (BSA) requires financial institutions to assist U.S. government agencies in the detection and prevention of money laundering. Compliance with the BSA includes financial institutions maintaining a Customer Identification Program to prove that the identities of new customers have been verified at account opening.

The current requirements for CIP were codified into law with the landmark signing of the USA Patriot Act in 2001 requiring banks, savings associations, credit unions and certain non-federally regulated banks to have a CIP appropriate to their size and business. Managing an effective CIP also continues to be an important aspect of complying with the original provisions of the BSA. The CIP rule requires a bank to verify the identity of each “customer” where a customer is generally defined as “a person that opens a new account” and must enable it “to form a reasonable belief that it knows the true identity of each customer.”

The main components of a CIP include:

  • Collection of customer information: Name, date-of-birth, address and a taxpayer identification number are the minimum requirements. For a U.S. citizen, a SSN serves as the taxpayer identification number. For non-U.S. persons, an identification number from a government issued ID bearing a photograph or similar safeguard is considered acceptable.
  • Identity verification procedures: While the specific procedures used are not mandated, the procedures must enable the financial institution to form a reasonable belief that it knows the true identity of the customer. In online channels, this is often satisfied with comparing consumer provided information to records from databases, and/or document risk-based procedures for verifying the identity of each customer.
  • Comparison with government lists: Ensuring the customer is not included on any sanctions list of known or suspected terrorists or terrorist organizations issued by any federal government agency, most commonly deployed via OFAC.
  • Record keeping requirements: Written procedures are necessary for the collection and maintenance of records for all information obtained in the identity verification process. This includes all identifying information, a description of any document relied upon for identity verification, a description of the methods and the results of any measures undertaken to verify the identity of the customer, and a description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.
  • Retention of records: Requirement to maintain customer data for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant.
  • Customer notice: Documented process for providing bank customers with adequate notice that the bank is requesting information to verify their identities.

CIP as part of a KYC Program

Today, CIP is more commonly known as a component of KYC programs. As mentioned, KYC standards are designed to protect financial institutions against fraud, corruption, money laundering and terrorist financing.

An effective KYC program has three main components:

  • CIP: The collection and verification of consumer provided information establishing a reasonable belief that the consumer exists and is who they say they are.
  • Customer Due Diligence (CDD): Ensuring that a customer is trustworthy and suitable to do business with. Different levels of CDD should be deployed depending on the risk of the consumer and types of transactions they are desiring to perform. For example, low dollar amount accounts and transactions typically require less CDD than higher value transactions.
  • Ongoing monitoring: The first two components of a KYC program typically safeguard financial institutions at account opening, but do not provide protection for any changes once a customer. Regular re-evaluation of a customer is necessary to ensure there is no emergence of unusual activities or inclusions on a government sanctions list. While periodic re-screening may be acceptable in some cases, the best practice is to deploy continuous monitoring so that any changes can be alerted to in real-time.

How to Better Comply with CIP Requirements

Compliance with CIP is not only essential, it is growing more challenging as transactions have shifted to digital channels. When operating in a digital environment, financial institutions must not only assess new customers accurately, they must do so without introducing friction into the onboarding process.

Socure KYC can automate your KYC/CIP program, enabling you to auto-approve up to 98% of customers while satisfying compliance requirements. Our KYC solution is powered by the industry-leading ID graph and uses advanced AI/ML and search analytics to achieve the highest match accuracy in the industry including Gen Z and underserved consumers.

Socure offers the deepest multi-dimensional view of any consumer along with detailed risk and reason codes for each identity element that provide actionable intelligence. Socure KYC powers solutions for some of the largest card issuers, 4 of the 5 top banks and Fintech service providers in the U.S.

Additionally, Socure’s Global Watchlist with Monitoring can deliver true continuous monitoring of your customer accounts with sophisticated matching algorithms, proprietary data, and industry-leading accuracy for uninterrupted compliance with CIP regulations.

To learn more about how Socure can enable best-in-class KYC/CIP programs for your organization, talk to an expert today.

Matt Johnson
Posted by

Matt Johnson

Matt Johnson

Matt is the Director of Product Marketing for KYC and Global Watchlist solutions at Socure. Prior to Socure, Matt established and led the product marketing efforts for fraud and identity solutions at TransUnion.