Search Icon

Customer Identification Program (CIP)

The Customer Identification Program (CIP) is a process financial institutions follow to verify the identity of their customers. This program is mandated by the USA Patriot Act and the Bank Secrecy Act to prevent illicit activities such as money laundering and terrorist financing.

CIP is an important measure for financial institutions to ensure the security of their operations and prevent financial crime. It requires financial institutions to verify customer identification information, such as name, address, date of birth and government-issued identification number before opening an account. CIP is also important for the entity’s anti-money laundering (AML) program as it helps them to comply with various regulatory requirements. Let’s delve into the details of the CIP process.

Verification of customer identity

The CIP compliant financial institutions must verify the customers’ identity using trusted and independent data sources. They can use different methods to verify their identity, such as government-issued identification documents, utility bills, credit reports, and other reliable information. Additionally, financial entities are bound to verify the customer’s identity within a specific time after opening the account, usually within five business days. If the business is unable to verify the customer’s identity or notices the risk, it must close the account.

Risk assessment

Financial institutions should conduct a risk assessment to determine the level of risk associated with each customer’s identity based on their past transactions and legal activities. Also, they must have a risk-based approach in place to determine the level of CIP required for each customer. High-risk customers require more in-depth customer due diligence, while low-risk customers require less.

Record keeping

The customer identification program requires financial businesses to maintain accurate records of CIP, techniques used to verify the customer’s identity and the results of their background checks. They also must keep records of any suspicious activity reports (SARs) filed in connection with the customer’s account and retain these records for at least five years after closing the account.

Training and oversight

Organizations must train their employees to detect and report suspicious activities along with providing regular training to keep them up-to-date with regulatory changes. Besides, they must also have oversight procedures in place to track the impact of the CIP process and ensure compliance with regulatory requirements. The board of directors or senior management should also approve the CIP process and monitor its implementation.

Penalties for non-compliance

Failure to comply with CIP requirements can result in severe penalties, including heavy fines, regulatory sanctions, and reputational damage. Businesses must ensure they have adequate controls in place to comply with regulatory requirements to mitigate financial crime risks.

Best practices for implementing an effective CIP

Financial institutions can adopt the following best practices to carry out a successful customer identification program:

  • Create written CIP policies and procedures that comply with regulatory requirements and ensure they are communicated to all relevant employees
  • Use risk-based customer due diligence to determine the adequate level of CIP required for each customer and update it often
  • Train employees to identify and report suspicious activities, provide regular training to keep them updated with regulatory changes, and maintain training records
  • Conduct independent testing and review of the CIP program to ensure its effectiveness and compliance with regulatory requirements
  • Use advanced technologies to automate the CIP process, reduce manual errors and enhance customer experience


What is the purpose of the CIP?

The main goal of the CIP is to verify the identity of customers opening a new account at a financial institution.

What is CIP vs KYC?

CIP and KYC are both regulatory measures implemented by financial institutions, but CIP specifically focuses on verifying the identity of new customers while KYC focuses on assessing the risk of all customers.

What is CIP verification?

CIP verification is the process of verifying the identity of a customer opening a new account at a financial institution.

What is the difference between CIP and CDD?

The main difference between CIP and CDD is that CIP focuses on verifying the identity of new customers while CDD focuses on ongoing monitoring of customer transactions to identify and mitigate potential money laundering or terrorist financing risks.

What are CIP requirements?

CIP requirements include identifying information such as name, date of birth, address and government-issued identification documents. Later, verifying that information through various methods such as comparing it to third-party databases or conducting in-person verification.

How does CIP verification differ for individuals vs. businesses?

CIP verification for individuals typically involves obtaining and verifying personal identification information. Whereas, CIP verification for businesses involves obtaining and verifying the business's identity as well as the identity of its beneficial owners or control persons.

What are the challenges of implementing effective CIP programs?

Some challenges of implementing effective CIP programs include balancing compliance requirements with customer experience, keeping up with regulatory changes and ensuring that the program is customized to the institution's specific risks and operations.

Customer Identification Program (CIP)

Other terms related to Customer Identification Program