What is a Customer Identification Program (CIP)?

DEVHUB LOGIN

Products
Products Experience the power of graph-defined identity verification.
Platform

Fraud Risk

Compliance

ID Document Verification

Account Intelligence

Decisioning
Platform

. Socure ID + Platform
The new standard for digital identity verification, providing real-time, predictive analytics for the most accurate and comprehensive identity verification and fraud prediction—all through one API.

Socure named a Leader in The Forrester Wave
Identity Verification Solutions Q4 2022
See More

Fraud Risk

. Sigma Identity Fraud
Analyze every dimension of a consumer identity to capture up to 90% of fraud in the riskiest 3% of users.

. Sigma Synthetic Fraud
Identify and isolate synthetic identity risk at enrollment and in existing customer portfolios.

. Address RiskScore
Predict the risk of an address utilizing various risk intelligence and residency attributes.

. Email RiskScore
Predict the risk of an email and its correlation to an identity.

. Sigma Device
Predict the risk associated with a device while binding known identities to known good devices.

. Phone RiskScore
Predict the risk of a phone number as well as ownership utilizing various risk intelligence and phone number attributes.

. Portfolio Scrub
Identify fraud and compliance risks, safeguard customer accounts, and gain actionable insights.

. Sigma First-Party Fraud
Minimize early payment default, investigate disputes, and gain insights into high risk transactions.

Compliance

Compliance Solutions

Protect your organization with market leading data coverage, unmatched accuracy, demonstrable controls and world-class tools to efficiently manage your operations
Overview

. Socure Verify
Automate the customer onboarding process with unrivaled data coverage and industry-leading technology.

. eCBSV
Instantly verify consumer provided name, SSN and DOB with the issuing authority - enhancing compliance and promoting financial inclusion.

. Global Watchlist Screening with Monitoring
Identify risk by matching identities against sanctions and enforcement lists, as well as PEP and Adverse Media registries worldwide.

. Portfolio Scrub
Identify fraud and compliance risks, safeguard customer accounts, and gain actionable insights.

ID Document Verification

. Predictive DocV
Authenticate government IDs, stop spoofing attacks, drive better decisioning, and approve more good users on the first try.

Report
3 Warning Signs That Your ID Verification Process is Robbing You of Revenue
See more

Account Intelligence

. Socure Account Intelligence
Accurately verify account ownership and availability with consortium-powered analytics while supercharging customer conversion and reducing risk.

Decisioning

. Decision Module
Align policy with process, automate decisions, help ensure compliance, and efficiently scale growth.

. Control Center
Prevent fraud across your portfolio, and demonstrate compliance in an evolving regulatory environment.
Industries

Industries Seamlessly onboard more good customers while preventing fraud—no matter your industry.

.

Financial Services
Verify identities and stop fraud throughout the customer lifecycle, while meeting the most stringent compliance requirements.

.

Marketplace
Strengthen the reputation of your ecosystem and instantly onboard more consumers and sellers without increasing risk.

.

Sharing Economy
Ensure trust & safety while instantly onboarding more consumers, sellers, and gig workers without increasing fraud.

.

Online Gaming
Maximize player conversion rates and reduce identity fraud losses while maintaining compliance.

.

Buy Now Pay Later (BNPL)
Auto-accept more shoppers, attract more merchants, and protect your customers from identity fraud.

.

Public Sector
Increase auto-verification rates of eligible individuals, improve program integrity, and eliminate manual reviews.

.

Crypto
Verify identities faster and accelerate time to funding, trading, purchase, and storage.

.

Workforce
Register and onboard more good applicants with passive identity verification.

.

Sponsor Bank
Streamline BaaS management, enhance compliance, simplify partner oversight, and grow your customer base.
Resources
Resources Stay up to date on industry news, trends, and Socure's world-class solutions.
Fact Sheets

Case Studies

White Papers

eBooks

Reports

Infographics

Webinars

Events

Blogs

Videos
Socure Identity Risk Insights
Defining and Solving the Elusive Challenge of First-Party Fraud
Learn More
Partners
Company
Company Learn more about the award-winning people and technologies that power Socure.
About Socure

News & Press

Careers

Events

Socure Risk Insights Network
Socure named a Leader in The Forrester Wave
Identity Verification Solutions Q4 2022
See More

Talk To An Expert

Home Glossary Customer Identification Program (CIP)

Customer Identification Program (CIP)

The Customer Identification Program (CIP) is a process financial institutions follow to verify the identity of their customers. This program is mandated by the USA Patriot Act and the Bank Secrecy Act to prevent illicit activities such as money laundering and terrorist financing.

CIP is an important measure for financial institutions to ensure the security of their operations and prevent financial crime. It requires financial institutions to verify customer identification information, such as name, address, date of birth and government-issued identification number before opening an account. CIP is also important for the entity’s anti-money laundering (AML) program as it helps them to comply with various regulatory requirements. Let’s delve into the details of the CIP process.

Verification of customer identity

The CIP compliant financial institutions must verify the customers’ identity using trusted and independent data sources. They can use different methods to verify their identity, such as government-issued identification documents, utility bills, credit reports, and other reliable information. Additionally, financial entities are bound to verify the customer’s identity within a specific time after opening the account, usually within five business days. If the business is unable to verify the customer’s identity or notices the risk, it must close the account.

Risk assessment

Financial institutions should conduct a risk assessment to determine the level of risk associated with each customer’s identity based on their past transactions and legal activities. Also, they must have a risk-based approach in place to determine the level of CIP required for each customer. High-risk customers require more in-depth customer due diligence, while low-risk customers require less.

Record keeping

The customer identification program requires financial businesses to maintain accurate records of CIP, techniques used to verify the customer’s identity and the results of their background checks. They also must keep records of any suspicious activity reports (SARs) filed in connection with the customer’s account and retain these records for at least five years after closing the account.

Training and oversight

Organizations must train their employees to detect and report suspicious activities along with providing regular training to keep them up-to-date with regulatory changes. Besides, they must also have oversight procedures in place to track the impact of the CIP process and ensure compliance with regulatory requirements. The board of directors or senior management should also approve the CIP process and monitor its implementation.

Penalties for non-compliance

Failure to comply with CIP requirements can result in severe penalties, including heavy fines, regulatory sanctions, and reputational damage. Businesses must ensure they have adequate controls in place to comply with regulatory requirements to mitigate financial crime risks.

Best practices for implementing an effective CIP

Financial institutions can adopt the following best practices to carry out a successful customer identification program:

Create written CIP policies and procedures that comply with regulatory requirements and ensure they are communicated to all relevant employees
Use risk-based customer due diligence to determine the adequate level of CIP required for each customer and update it often
Train employees to identify and report suspicious activities, provide regular training to keep them updated with regulatory changes, and maintain training records
Conduct independent testing and review of the CIP program to ensure its effectiveness and compliance with regulatory requirements
Use advanced technologies to automate the CIP process, reduce manual errors and enhance customer experience

Customer identification program requirements

A customer identification program (CIP) requires financial institutions to “establish risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable.” CIP requirements stem from U.S. federal regulations, including the Bank Secrecy Act of 1970 (BSA), which requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. Compliance with the BSA includes financial institutions maintaining a Customer Identification Program to prove that the identities of new customers have been verified at account opening.

The current requirements for CIP were codified into law with the signing of the USA PATRIOT Act in 2001, requiring all financial institutions to have a CIP appropriate to their size and business.

CIP requirements include:

Collecting customer information: Minimum customer information includes a name, date-of-birth, address, and a taxpayer identification number. A U.S. citizen’s social security number can serve as the taxpayer identification number. A government-issued photo ID is typically considered acceptable for a non-U.S. person. Each organization’s policy should address the types of identification accepted for identity verification.
Implementing identity verification procedures: A financial institution must be able to form a reasonable belief that it knows the customer’s true identity. However, CIP requirements do not mandate specific verification procedures to ensure this process. The two forms of verification acceptable to regulators are non-documentary verification and documentary verification.
Comparing with government lists: Institutions must confirm that the customer is not included on any sanctions list of known or suspected terrorists or terrorist organizations issued by any federal government agency.
Keeping written records: All information obtained during the identity verification process must be collected and maintained in written records. Necessary information includes all identifying data, a description of any document used for identity verification, an explanation of the methods and the results of any measures undertaken to verify the customer’s identity and the resolution of any substantive discrepancy discovered while verifying the identifying information obtained.
Retaining records: Customer data must be retained for five years after the closing of a bank account. For credit card accounts, the data must be stored for five years after the account is closed or becomes dormant.
Providing customer notice: Customers reserve the right to receive adequate notice that the bank is requesting information to verify their identities, and the process for providing notice should be documented by the bank.

What is the purpose of the CIP?

The main goal of the CIP is to verify the identity of customers opening a new account at a financial institution.

What is CIP vs KYC?

CIP and KYC are both regulatory measures implemented by financial institutions, but CIP specifically focuses on verifying the identity of new customers while KYC focuses on assessing the risk of all customers.

What is CIP verification?

CIP verification is the process of verifying the identity of a customer opening a new account at a financial institution.

What is the difference between customer due diligence (CDD) and customer identification program (CIP)?

What are CIP requirements?

CIP requirements include identifying information such as name, date of birth, address and government-issued identification documents. Later, verifying that information through various methods such as comparing it to third-party databases or conducting in-person verification.

How does CIP verification differ for individuals vs. businesses?

CIP verification for individuals typically involves obtaining and verifying personal identification information. Whereas, CIP verification for businesses involves obtaining and verifying the business's identity as well as the identity of its beneficial owners or control persons.

What are the challenges of implementing effective CIP programs?

Some challenges of implementing effective CIP programs include balancing compliance requirements with customer experience, keeping up with regulatory changes and ensuring that the program is customized to the institution's specific risks and operations.

How does a customer identification program relate to KYC?

Who is subject to the customer identification program rule?

Is CIP required for any organization types not on the list above?

CIP is not required under the law for non-regulated entities; however, there is certainly value in protecting customers, users, and the business from identity takeover, synthetic identity, and other issues. In most non-regulated entities, it is a matter of customer safety and security as opposed to a requirement under the law.