After the 9/11 terrorist attacks, America implemented a number of rules and regulations to protect the US from international and domestic terrorism. These rules and regulations are summarized in the USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism).
The PATRIOT Act influenced a number of segments of America, including the financial and banking sector. As the terrorists of the 9/11 attacks financed their attacks with money laundering, the finance and banking sector had a high priority for change.
As part of the measurements, the US government enforced a Customer Identification Program (CIP). In general, the CIP rule and policy require banks and other financial institutions to verify the identity of everyone who wishes to use their services. To comply with the law, banks and other financial institutions have to adapt the CIP according to their size and type of business. More on this later.
In this blog, we will go into further detail about the meaning of CIP, how it is specifically used in the banking industry, and lastly how identity verification processes can be improved and simplified.
CIP was introduced in 2003 as part of the USA PATRIOT Act and aims to confront money laundering and terrorism financing. Financial institutions such as banks and credit unions need to implement a CIP in their Anti-money laundering (AML) compliance program. If those institutions fail to do so, heavy fines of up to $250,000 or five years of imprisonment may be imposed.
So what does an organization have to do to comply with a Customer Identification Program? First of all, certain information has to be collected before a customer is allowed to use the services of a financial institution. This information includes:
- First and last name of the customer
- Date of birth
- Proof of address documents
- Identification number
Secondly, once the organization collected all data, it must:
- Verify → An organization can’t just accept the information they are provided with. Data always needs to be verified to ensure the organization received the right information.
- Record → An organization needs to keep records of received information and keep those for a minimum of 5 years after an account is closed to fulfill the CIP rule.
- Check → Financial institutions need to double-check received information with terrorism lists from governments to ensure they are not supporting criminals.
- Monitor → Continuous monitoring of customers is key. That way, seemingly dangerous transactions can be flagged and prevented.
Three key components of CIP
Furthermore, there are three key components of a CIP that an organization needs to pay attention to:
- Risk assessment → Analyzing the risk of each customer is one of the mandatory components of a CIP. This step needs to be conducted before the opening of an account. The risk assessment defines how identity components are verified. The risk assessment parameters are:
- Amount and size of transactions
- Origin of transactions
- The credibility of identity information submitted by the customer
- Account activities
- Extended Due Diligence → Based on the risk level of a certain customer, the Customer Identification Program can be extended with extra background checks and ongoing KYC. To verify a customer, the following methods can be used:
- Name screening against sanction lists
- Watchlist screening
- Real-time asset tracking
- Reviewing the CIP policy → Financial institutions should appoint someone to regularly review the KYC and AML compliance program, including the CIP policy. This allows organizations to:
- Ensure the effectiveness and functioning of CIP procedures
- Pinpoint errors in the verification process, screening procedure, information collection, and compliance requirements
In general, a Customer Identification Program is quite similar to Know Your Customer (KYC) regulations, which is why those two terms are often used interchangeably. We will discuss this more in detail later in the blog. For now, we should have a closer look at CIP in banking, as this is the main industry affected by the CIP rule.
CIP in Banking
Most of the requirements for a CIP in banking are already discussed above. Important to add is that a Customer Identification Program varies from bank to bank. In general, every bank should consider the following factors when determining an effective CIP:
- Size, location, and customer base of the bank
- Types of accounts the bank offers
- Bank’s account opening methods
- Identification information requested from the customer
In the US, every bank has to have a CIP in place to prevent financial crimes, such as money laundering and terrorist financing. Otherwise, as mentioned earlier, banks can be heavily fined.
CIP in KYC Processes
As previously mentioned, a lot of people use the words “CIP” and “KYC” interchangeably. This shouldn’t be the case, as there is a clear difference between the two terms.
CIP is an obligatory part to be compliant with AML regulations but is only applicable to US-operating financial institutions. KYC measures, on the other hand, are applied in many businesses all over the world.
In general, KYC can be seen as the umbrella term for verifying and identifying customers. While KYC may include all elements of a CIP, the opposite doesn’t hold true. A CIP needs to be accompanied by Customer Due Diligence (CDD) and other ongoing procedures to be able to fulfill all KYC elements.
This is a significant difference. Let’s have a look at the relationship between CIP and AML next.
CIP vs AML
In general, a Customer Identification Program can be included within the AML compliance program of a bank.
Since AML literally means Anti-money laundering, it is evident that following AML measures will help organizations prevent money laundering and other criminal activities. A CIP has as its goal to prevent money laundering and terrorism financing by verifying a customer’s identity.
Inevitably that means that AML and CIP are working hand in hand, which strengthens an organization even further. But sadly, all this knowledge doesn’t help anyone if you don’t know which requirements you have to fulfill for a CIP. Let’s have a look at this next.
CIP verification requirements
In general and as we already know, the CIP rule requires all banks to verify a customer’s identity. To fulfill this expectation, all financial institutions should incorporate the following key points:
- Implement a written CIP
- Collect at least all minimum required customer identification information
- Apply a risk-based approach when verifying the collected information
- Keep a record of all customers
- Compare all collected information with government lists
- Notify customers that their information needs to be collected and verified
Now, one of the main questions that remain is: How can a financial institute effectively and in accordance with the CIP rule verify a customer’s identity?
Improve your identity verification process with Klippa
Being compliant with the CIP rule should be one of the main priorities of a financial institution as there is a lot at stake. You will not only know who your customer is but also prevent heavy fines or imprisonment.
Identifying a customer’s identity is a delicate matter and needs to be done right. For a long time done offline and manually, most customer onboarding processes are now conducted online. This gives banks and other financial institutions the opportunity to implement identity verification powered by AI that automatically verifies a customer’s identity.
Klippa’s identity verification solution is able to improve your CIP by automating the identity verification process. Our AI-based software allows financial institutions to onboard new customers 24/7 and in a fast and secure way. Using Klippa’s software allows financial institutions to be AML, KYC, and CIP compliant.
With our identity verification solution, financial institutions can add a number of security layers to comply with CIP, such as:
- Accurately verify ID documents
- Verifying the age of a customer
- Eliminating the risk of identity theft through liveness checks
- Verifying identities with selfies through facial biometrics
- Automatically comparing the selfie and the picture on an ID
- Extracting all necessary information from documents within a few seconds
- Using AI algorithms to detect document fraud
- Masking sensitive information to protect them from criminals and data breaches
Furthermore, this solution can be implemented via SDK or API depending on the needs of the organization. And what about data? All data that goes through Klippa’s identity verification software, won’t be stored in Klippa’s servers, ensuring compliance with data privacy regulations as well.
Do you have questions about how to implement our solution into your organization, or how our software helps you to become compliant? Please contact one of our experts or book a free demo down below for more information.