What is a Customer Identification Program (CIP)?

Fitzwilliam Anderson
November 27, 2023

Table of Contents:

1. What is a Customer Identification Program (CIP)?

2. Understanding Customer Identification Programs (CIP): The Basics

3. The Differences Between CIP and KYC

  • CIP: Specific to Identity Verification
  • KYC: Beyond Identity

4. Who Falls Under the Umbrella of the CIP Rule?

  • Money Service Businesses
  • Brokers and Dealers
  • Insurers
  • Fintechs
  • Foreign Financial Institutions

5. CIP Requirements

  • Integrating CIP and Customer Experience Efforts

Innovation in the financial services market has been a boon to consumers. New banking products are giving individuals greater control over their financial footprint, and are helping to make banking and investing more convenient. While that has had a marked improvement in the relationship between consumers and their financial institutions, the increased level of accessibility poses risks and demands rigorous verification of customer identities. As a result, in 2003, the U.S. federal government created Customer Identification Program (CIP) requirements as a way to validate the identity of the customers engaging in monetary activities with financial institutions.

What is a Customer Identification Program (CIP)?

A Customer Identification Program (CIP) is a critical set of procedures established by businesses and mandated by the U.S. federal government through regulatory policies like the USA Patriot Act and the Bank Secrecy Act. Its primary objective is to verify the identity of customers or users to ensure they are who they claim to be. This verification process involves collecting essential customer information, including their name, address, date of birth, and government-issued identification number and subsequently confirming this information through a combination of documentary and database checks. 

Similar in concept to the more widely known, "Know Your Customer (KYC)" regulations, CIP operates as a legal obligation for financial institutions to authenticate identification details furnished by their consumers. In contrast, KYC pertains to the distinct methodologies employed by a financial institution to validate the identity of a customer prior to commencing transactions.

CIP programs play a vital role in deterring money laundering, identity theft, fraud, and other financial crimes, making them a fundamental component of financial institutions' anti-money laundering (AML) efforts. By adhering to CIP requirements, financial institutions bolster the security of their operations and comply with various regulatory obligations, contributing to the prevention of illicit activities such as money laundering and terrorist financing.

In today's rapidly changing financial markets, CIP has become especially important due to a variety of factors. New technologies, financial services transacting globally, and more complex financial crimes are all creating an environment that makes CIPs crucial. This is especially true for verifying that people are who they say they are, and for reducing fraud in banks and other financial institutions.

Understanding Customer Identification Programs (CIP): The Basics

Banking and financial activities have become increasingly digital, and as a result, more challenging to monitor. The conveniences provided by digital-only banking are helping more individuals participate in such activities, including the use of banking, investing, insurance services, and other financial products. However, the anonymity of digital-only banking also creates more opportunities for fraud and other types of illicit activity. 

A Customer Identification Program (CIP) is an important safeguard that bridges the gap between convenience and security both for consumers and financial enterprises. It is made up of a series of protocols and policies that a business is obligated to establish and adhere to, with the primary objective of confirming the authenticity of its clientele or users.

The underlying purpose of implementing CIP programs is to establish the bona fide nature of customers' claims about their identity. This isn’t simply an arbitrary hurdle that customers must jump over. The intricate nature of today's financial ecosystem demands that companies possess a comprehensive understanding of who they are conducting business with, both to assess the validity of an identity and to determine if that individual is someone that the company wants to do business with. In that way, CIPs protect companies and their customers by reducing their exposure to risky activity.

CIPs play a vital role in recognizing and deterring illicit financial activities such as money laundering, identity theft, fraud, and other forms of financial misconduct. They address this critical need by creating a structured approach to validate the identities of individuals engaging in financial transactions. Adopting and enacting CIP requirements enable digital companies to establish the true identity of their customers, fostering trust in online interactions. 

While every company will deliver its CIP according to its own needs, all CIPs share the common responsibility of acquiring four pivotal pieces of information about the customer, from the customer: 

  • Full name
  • Residential address
  • Date of birth
  • An identification number issued by a governmental authority (e.g., Social Security Number(SSN))

The accuracy of this information is then verified through a combination of authoritative sources, including documentary evidence (e.g., driver's license) and/or cross-references against proprietary or publicly available databases. Additional layers of identity validation methods can be incorporated on top of these procedures based on the company's preferences and risk appetite.

While the security impact is quite clear, CIPs go beyond just protecting banks from financial crimes. They can also enhance customer experiences by streamlining the identification process. Financial companies can create a seamless onboarding experience for new customers, reducing the friction that often accompanies traditional verification methods.

A CIP is far more than just a regulatory obligation; it's a strategic enabler for companies that transact online. It not only safeguards against financial crimes but also strengthens customer trust. As we delve deeper into the realm of digitalization, understanding and appreciating the significance of CIPs will be pivotal for businesses aiming to thrive in the digital age.

The Differences Between CIP and KYC

While CIP and KYC programs share the common goal of ensuring financial integrity and security, these two concepts possess distinct roles and scopes within the realm of due diligence. Let's look more closely at the differences between CIP and KYC to gain a better understanding of each one’s individual significance.

CIP: Specific to Identity Verification

The key to understanding CIP is to recognize that it revolves around the systematic verification of customer identities. As noted earlier, this process, mandated by financial regulations such as the Bank Secrecy Act and the USA Patriot Act, demands that financial institutions and digital companies confirm the authenticity of customers' identities before engaging in financial transactions. The core focus of a CIP lies in obtaining and validating specific customer information, including names, addresses, dates of birth, and government-issued identification numbers.

KYC: Beyond Identity

KYC casts a wider net than CIP, encompassing a holistic understanding of the customer's profile beyond mere identification. While KYC certainly encompasses the identity verification component found in CIP, it extends its scope with an investigation into a customer's financial history, risk profile, and potential exposure to risks associated with money laundering, corruption, and other illicit activities. KYC involves a more comprehensive due diligence process, allowing financial institutions to assess the customer's potential risk level. It allows institutions to make informed decisions about their desirability as a customer and guides their decisions about whether or not they choose to do business with the individual. This involves evaluating factors such as the customer's source of funds, transaction patterns, and connections to politically exposed persons.

Who Falls Under the Umbrella of the CIP Rule?

CIP was originally intended for financial institutions, yet as the financial ecosystem has expanded to include a variety of online platforms, payment gateways, and fintech startups, the scope of CIP has broadened into categories beyond traditional financial services. These can range from peer-to-peer lending platforms to mobile payment providers, all of which are entrusted with the responsibility of implementing rigorous identity verification processes to safeguard against fraud, money laundering, and illicit transactions.

Here are some of the types of digital organizations that must comply with CIP regulations:

Money Service Businesses

In addition to traditional financial institutions, the CIP rule extends its reach to Money Service Businesses (MSBs). These offer a range of financial products and services, such as money transmission, currency exchange, and prepaid access. As a $5 trillion market, the volume and diversity of transactions these providers oversee necessitates a rigorous identification process to thwart potential misuse and ensure the legality of transactions.

Brokers and Dealers

Securities brokers and dealers are subject to the CIP rule as well. These intermediaries facilitate securities transactions for things like stocks, bonds, currencies, commodities, and other forms of traded financial instruments. Their inclusion under the CIP umbrella underscores the commitment to maintaining the integrity of the financial markets.


As providers of various insurance products, including life, health, property, and casualty insurance, insurers handle significant financial transactions that involve policyholders and beneficiaries and are subject to CIP regulations. The implementation of CIP regulations within the insurance sector is essential to verify the identities of these customers, assess potential risks, and prevent fraudulent activities such as money laundering and identity theft. 


Fintech companies comprise one of the fastest-growing segments of the financial services market. They provide a wide array of financial solutions, including digital banking, payments, lending, and alternative investment platforms. In their transactions, they handle sensitive financial transactions, usually remotely. By complying with CIP regulations, fintech firms establish rigorous identity verification processes that mitigate the risk of financial crimes such as money laundering, fraud, and terrorist financing. 

Foreign Financial Institutions

Foreign financial institutions are subject to Customer Identification Program (CIP) regulations when they maintain correspondent accounts within the United States. Correspondent accounts involve transactions on behalf of foreign clients through U.S. institutions. CIP regulations extend to foreign financial institutions to ensure that their clients' identities are properly verified, preventing potential misuse for illicit financial activities. Foreign financial institutions contribute to global anti-money laundering (AML) efforts and help support a coordinated approach to combating financial crimes across international boundaries when they comply with CIP requirements.

Customer Identification Program Requirements

Effective CIPs start with meticulous planning, collaboration among key internal players, and a disciplined approach to implementation. Organizations must perform thorough evaluations, encompassing their specific operational needs and organizational perspectives, risk appetite, and regulatory obligations. This evaluation guides the crafting of a CIP tailored to the organization's size, scope, and customer base.

The governance of CIP is based on specific minimum requirements established by federal banking agencies that report to the U.S. Department of Treasury, but companies and organizations typically use their own methods to collect the various types of data they’re mandated to report. The key requirement categories include:

  • Collecting Customer Information: This includes key pieces of information from customers, including their name, address, date of birth, and a government-issued identification number. 
  • Risk Assessment: Businesses are expected to conduct a risk assessment to categorize customers based on their potential risk levels. High-risk customers might include politically exposed persons (PEPs), individuals from high-risk jurisdictions, or those engaged in high-value transactions.
  • Identity Verification: Financial institutions must establish methods to verify the accuracy of the collected customer information. This can involve document verification, where customers provide official identification documents like passports or driver's licenses.
  • Recordkeeping: Financial institutions are mandated to maintain accurate and up-to-date records of the customer identification process, including copies of identification documents and any correspondence related to the verification.
  • Customer Due Diligence: This involves not only verifying customer identities but also understanding the nature of the customer's financial activities. This helps to detect unusual or suspicious transactions.
  • Continuous Monitoring: Organizations bound by CIP must implement systems for ongoing monitoring of customer behavior. This helps in identifying any changes in transaction patterns, unusual activities, or other red flags that might indicate potential wrongdoing.
  • Periodic Review and Update: These programs need to be periodically reviewed and updated to adapt to changes in regulations, technology, and the evolving landscape of financial crime.

Integrating CIP and Customer Experience Efforts 

CIPs mandate that banks and other financial institutions establish a "reasonable belief" in accurately knowing the genuine identity of each potential customer, a crucial measure to prevent fraudulent account openings. In today's digitally-driven economy, these institutions often gather requisite customer information online through document scanning, albeit causing potential friction that leads to escalated rates of onboarding abandonment and fraudulent activities. 

Prove Pre-Fill® enables financial institutions to expedite customer onboarding, ensuring alignment with comprehensive KYC, including CIP regulations. Learn how financial institutions can achieve CIP compliance, and how your organization can harness the power of Prove Pre-Fill® to enhance your customer base, fortify fraud prevention, and be in tune with KYC compliance programs.. 

To learn more about how Prove Pre-Fill and other elements of the Prove platform can help your organization comply with CIP and other customer identification mandates, we encourage you to connect with us.

Keep reading

See all blogs
Company News
Introducing Prove Link™ – Unlocking the Power of Identity for Any Business

To continue achieving our mission of accelerating trusted interactions on the internet, we’re proud to announce the introduction of the Prove developer self-service platform and the Prove LinkTM SDK. With these tools, it’s now faster and easier for any company to integrate our industry-leading identity technology into its brand operations.

July 16, 2024
Company News
Combating Deepfakes: Leveraging Phone-Centric Identity℠ Verification to Overcome Media-Based Vulnerabilities

Identity verification systems that depend on image or audio samples for digital customer onboarding are increasingly vulnerable to deepfake attacks.

Tim Brown
July 5, 2024
New York Passes Child Data Protection Act to Protect Kids Mental Health and Online Privacy

As the world becomes more digital, it also becomes more anonymous. While some level of anonymity has its place, it can also facilitate malicious activities such as cyberbullying, identity theft, and the spread of misinformation.

Mary Ann Miller
June 27, 2024