Financial services and banking institutions face the challenge of balancing three historically competing mandates in today's digital-first environment:

• Reduce fraud
• Accelerate onboarding
• Achieve KYC (including CIP) compliance

Fortunately, breakthroughs in digital identity technology now allow financial institutions to achieve these three goals simultaneously. This article will include the following sections:

• An explainer of how digital identity technology can help financial institutions (credit unions, banks, etc.) comply with CIP regulations while also enhancing the customer experience and lowering fraud rates.
• A historical overview of how and why customer identification program requirements were established by the government 
• An overview of the key elements of a CIP.

How can financial institutions achieve KYC compliance (including AML and CIP) without slowing down onboarding?

In today’s digital-first economy, banks, credit unions, and other covered financial institutions find themselves in a difficult position. To grow and stay competitive, they must build onboarding flows that allow customers to quickly open new accounts online while still meeting all of the stringent KYC requirements.

For the past few years, some financial institutions have made the mistake of relying too heavily on document scanning for KYC purposes. Document scanning often requires expensive manual reviews, adds a ton of friction to the customer journey, and can easily be outsmarted by fraudsters who can create convincing but phony licenses with the help of AI. The result? High rates of abandonment and elevated rates of fraud. 

Today, a growing number of financial institutions are pivoting away from legacy technologies like document scanning in favor of digital identity technology to accelerate customer onboarding while achieving regulatory compliance.

What are some solutions to streamline CIP compliance and customer onboarding?

With Prove Pre-Fill®, the onboarding journey is smooth and simple for the customer. Instead of being prompted to scan their license, the customer is asked to enter two pieces of information that they already know off the top of their head: their phone number and their DOB or Social Security Number (SSN).

On the back end, Prove Pre-Fill® authenticates the consumer by running an eligibility check to ensure that the information provided is associated with a specific individual and phone owner.

After the initial checks are verified, the prospective customer will be presented with a filled-out application form with the following information pre-populated: 

• Name 
• Date of Birth (DOB) 
• Social Security Number (SSN) 
• Address 

Because the form is already filled out, the customer doesn’t have to waste time and energy entering this data. Remember, fewer keystrokes required means smaller rates of customer abandonment. In today’s digital world, consumers are continually entering the same information (name, DOB, SSN, etc.) across different forms. Filling out forms from scratch is tedious and time-consuming, giving consumers ample opportunity to second-guess their decision to start the sign-up process in the first place. 

Equally as important, the consumer has the ability to review the information in the filled-out form and has the option to edit the information in the application form as needed (e.g., if they moved that week to a new address). In this flow, the consumer  decides what information they choose to provide directly to the bank when they click “apply” or “submit.” This complies with CIP regulations, which require that the personal information supplied comes “from each customer.” 

Next, the consumer agrees to the applicable terms and conditions (provided by Prove’s business client) simply by hitting “next” or “submit.”

Once the application is submitted, Prove’s business clients re-verify the information submitted directly by the consumer using Prove’s proprietary algorithms and authoritative data sources.

Case study: How a Leading Bank Leveraged Prove Pre-Fill® to Streamline Account Signups

A leading bank came to Prove with a big problem: lengthy onboarding flows were depressing sign-ups for their demand deposit accounts (DDAs). They wanted to accelerate the onboarding journey to decrease customer abandonment while still, of course, achieving CIP compliance as part of their KYC strategy.

To streamline the onboarding journey while achieving CIP compliance, Prove began executing a “4X2 check” using two authoritative data sources. Prove also leveraged its strong matching services to reconcile conflicting data that is often created by typos (i.e. “Robert Smuth” vs. “Robert Smith”).

The result? After partnering with Prove and leveraging Prove Pre-Fill®, the bank was able to increase pass rates by 50% while reducing fraud rates by nearly 3 basis points. The bank also saved money by eliminating the second data source they leveraged in their previous onboarding process. 

What is the history of the Customer Identification Program (CIP)?

In 1970, Congress passed the Bank Secrecy Act (BSA) to combat money laundering. The Bank Secrecy Act “requires businesses to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, and regulatory matters.” The Financial Crimes Enforcement Network (FinCEN) defines money laundering as follows: “Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them. Through money laundering, the criminal transforms the monetary proceeds derived from criminal activity into funds with an apparently legal source.” Imagine running a business without the benefit of a bank account. By cracking down on money laundering, the government makes it harder for drug dealers, organized crime rings, and other criminals to operate their “business” (crime) at scale.

In 2001, in the wake of 9-11, the BSA was amended to include provisions of the USA Patriot Act. In 2001, the FBI reported to Congress that the terrorist hijackers responsible for 9-11 had opened 24 domestic bank accounts in the months leading up to the attacks. The money flowing into the accounts paid for the hijackers’ housing, flight schools, and plane tickets. To prevent banks from inadvertently aiding in the financing of terrorism in the future, Congress passed legislation (USA PATRIOT ACT) requiring banks and other financial institutions to incorporate a CIP (customer identification program) into their BSA report. Essentially, the USA Patriot Act expanded the original scope of the BSA from primarily the prevention of money laundering to include the prevention of terrorist funding and other crimes.

Today, the term KYC (know your customer) is often used to describe the process of identifying and verifying the client's identity when opening an account and periodically over time.

What is the purpose of a Customer Identification Program (CIP)?

A customer identification program is a formalized set of procedures that a business must establish and follow to verify the identity of its customers. 

The goal of CIP programs is to make sure that customers are who they say they are. Customer identification programs are an important means of identifying and preventing money laundering, identity theft, fraud, terrorism, and other crimes. 

In short, customer Identification Programs (CIPs) require banks and other financial institutions to form a “reasonable belief” that they know the true identity of each customer during the account opening process.

Who is subject to the CIP rule?

Any business that’s considered a financial institution under the Bank Secrecy Act and related laws must establish a CIP program as a part of its broader KYC program. This includes the typical financial institutions like banks, lenders, and brokers but it also includes less obvious businesses, such as insurance agencies, iGaming services, payment companies, cryptocurrency exchanges, and fintech companies. Be sure to consult with a lawyer to determine if your company is subject to the CIP. 

What are the guiding principles of the Customer Identification Program (CIP)?

CIP Rules Support Flexibility: CIP regulations are risk-based and a financial institution such as a credit union or bank has broad discretion to design and implement programs that reflect and respond to its unique risks.

Regulators Support Innovation: Federal regulators favor innovative methods in meeting BSA/Anti-Money Laundering (otherwise known as “AML”) requirements. FinCEN and the federal bank regulators recognized that innovation, including new ways of using existing tools or adopting new technologies, can help banks enhance the effectiveness and efficiency of BSA/AML compliance programs, including CIP. After all, innovation is why customers no longer have to visit a bank’s branch in person to open a checking account, for example. 

What must the customer identification program include?

Although every CIP should be unique and tailored to the specific needs of the financial institution, there are 6 elements that every CIP should follow:

1. The CIP policy must be in writing
2. Every CIP has to require at least four pieces of identifying information from a customer
3. Every CIP must include a procedure to verify the customer’s identity
4. The CIP has to create a recordkeeping policy
5. Every CIP must make sure that the customer does not appear on a government list of terrorists or terrorist organizations 
6. The customer has to be notified about the verification process.

In today’s digital-first world, collecting and verifying the four pieces of identifying information from a customer is often done online. 

What four pieces of customer information must be collected as part of any CIP procedure?

As part of its compliance program, a financial institution must collect the following from any customer before any account opening:

• Name
• Address — this includes both residential and mailing addresses for individuals and business addresses for companies. 
• Date of Birth (DOB)
• Identification Number — includes taxpayer id, employer id, or any other government-issued document that shows nationality, residence, photograph, or any other biometrics identifiers. A common example of government-issued identification is a passport or driver’s license. 

Together these four elements form the minimum requirements of a CIP. Financial institutions (credit unions, banks, etc) that can collect and verify this information without burdening the customer enjoy a major competitive advantage in today’s digital economy where every second during onboarding counts.

Present-Day CIP Compliance

Congress designed CIP requirements to provide flexibility that aligns with federal regulator statements that encourage innovative methods and approaches to combating fraud and that there's precedence for such innovation. Regulators recognize that modernization will produce new technologies that can help financial institutions enhance their defense against fraudsters. On January 25, 2023, the Acting Deputy Director of FinCEN reiterated this sentiment and that “…our regulatory framework also needs to approach these innovations in a way that recognizes not only the risks that they pose, but the opportunities that they present” and that “a number of features of a digital identity framework that, taken together, have the potential to address threats and spur innovation across all types of financial services.” 

Prove Pre-Fill® does exactly that. Not only because it supports financial services clients regarding compliance with banking regulations like CIP by relying on authoritative data sources like credit bureaus to verify identities, but because Prove Pre-Fill also relies on our unique PRO approach even before the consumer verifies, edits if needed, and directly submits the information to the financial institution and a second identity verification process begins:

• Possession: This cryptographically secure authentication determines if the consumer performing the transaction is in possession of the phone. Knowing that someone is in possession of a phone at the precise moment of a potential transaction helps identify someone regardless of the transaction channel and helps ensure the customer is indeed on the other end of an interaction.
• Reputation: This confirms that the possession check is going to the intended device by determining if there are and analyzing suspicious behaviors or red flag changes associated with the phone number which would impact the risk level (e.g., recent port or SIM swap, or a phone number that was just registered).
• Ownership: This determines if the specific consumer is associated with the phone number being used to transact which is critical (e.g., knowing that the phone number is still associated with a person even if they switch carriers).

PRO's secure approach leading up to the Pre-Fill experience ensures that the data that auto-populates into a form for review by the consumer is directly associated with that consumer and our business clients know who they're supposed to be dealing with based on the PRO checks, so there can be flags raised if someone changes the data substantially before sending it for re-verification.

Under the CIP rule, each bank has the discretion to design and implement programs and controls that reflect and respond to its unique needs and risk profile, which must expand and evolve alongside the technology leveraged by bad actors. Given that Prove Pre-Filll® provides additional security controls in a world that has gone mostly digital, our clients leverage Prove Pre-Fill to meet their compliance needs, including achieving CIP compliance.

Conclusion

Customer Identification Programs (CIPs) require banks and other financial institutions to form a “reasonable belief” that they know the true identity of each potential customer in order to prevent fraudulent account openings. In today’s digital-first economy, financial institutions often collect the necessary information from customers online using document scanning which can cause friction, resulting in increased rates of onboarding abandonment and fraud. With Prove Pre-Fill®, financial institutions can onboard new customers faster while complying with all KYC (including CIP) regulations. 

To learn how you can leverage Prove Pre-Fill® to expand your customer base, prevent fraud, and comply with KYC regulations, speak with a digital identity expert today.

‍