Dating back to 1970, the Bank Secrecy Act (BSA) requires financial institutions (FIs) to assist U.S. government agencies in the detection and prevention of money laundering. Compliance with the BSA includes FIs maintaining Customer Information Programs (CIPs) to prove that the identities of new customers have been verified at account opening. It’s important to note that CIP represents a subset of a larger set of regulations intended to prevent money laundering, fraud, and financing of terrorism.
CIP BOLSTERED BY USA PATRIOT ACT
Out of a necessity to significantly strengthen measures to prevent money laundering in the wake of 9/11, the USA PATRIOT Act was enacted in 2001 and amended the CIP provision. Title III of the Act bolsters requirements to facilitate the prevention, detection, and prosecution of international money laundering and terrorist financing.
Today, CIP is more commonly known as a component of “Know Your Customer” or KYC programs. KYC standards are designed to protect financial institutions against fraud, corruption, money laundering and terrorist financing. KYC has three main components: (1) CIP, (2) Customer Due Diligence (CDD), and (3) ongoing monitoring. We’ll examine CIP in more detail below.
The USA PATRIOT Act requires banks, savings associations, credit unions and certain non-federally regulated banks (“bank”) to have a CIP appropriate to their size and business. Managing an effective CIP also continues to be an important aspect of complying with the BSA. The CIP rule requires a bank to verify the identity of each “customer” where a customer is generally defined as “a person that opens a new account.”
The main components of a CIP include:
- Identity verification procedures: document risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. The procedures must enable the bank to form a reasonable belief that it knows the true identity of each customer.
- Customer information required: specify the identifying information that will be collected from each customer. This includes: name, date of birth, and identification number. For a U.S. citizen, this would be the Social Security number. For non-citizens, a number from an acceptable government issued ID bearing a photograph or similar safeguard.
- Record keeping: document a procedure for making and maintaining a record of all information obtained in the identity verification process. This includes all identifying information, a description of any document relied upon for identity verification, a description of the methods and the results of any measures undertaken to verify the identity of the customer, and a description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.
- Retention of records: retain the information cited in the “Record keeping” section above for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant.
- Comparison with government lists: document procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency.
- Customer notice: document procedures for providing bank customers with adequate notice that the bank is requesting information to verify their identities.
The Socure Solution
Knowing your customer and understanding the risk associated with doing business with an individual has become even more important with the explosive growth of online account openings and the rise of fintechs. When operating in a digital environment, banks and fintechs must assess new customers accurately and quickly online, without introducing friction into the onboarding process. This creates a balancing act between delivering a good customer experience and avoiding fraud losses.
To meet high consumer expectations while mitigating fraud, digital-first identity verification companies like Socure can passively verify an identity online without disrupting the customer onboarding workflow, while offering a high degree of accuracy. Socure’s solutions have proven to dramatically increase auto acceptance rates and significantly reduce fraud while meeting KYC/CIP requirements. If a potential customer fails a passive check, a fully automated document verification system, DocV, can match the identity to a government-issued ID captured with a mobile device.