We have updated this post! We are leaving this post up as to not disturb any saved links; however, please visit our more recent post, Customer Identification Program (CIP): Definitions and Requirements, for current information on the topic.A broker-dealer must establish, document, and maintain a written Customer Identification Program (CIP) as a part of the broker-dealer’s anti-money laundering (AML) compliance program (31 CFR 1023.220). The CIP must be appropriate for the broker-dealer’s size and business, and it must outline the following procedures: identity verification procedures; recordkeeping procedures; procedures for determining whether a customer appears on any government lists for suspicious activities; and procedures for notifying customers of information requests related to identity verification. These CIP requirements apply to all customers opening a new account (as defined in the BSA), including Delivery Versus Payment (DVP) accounts. Depending on the nature of an account and any risks associated with it, firms may conduct additional due diligence to obtain information on the beneficial owners.
For a successful AML compliance program, a broker-dealer’s customer identification program must collect, at very minimum: a customer’s name, date of birth (for an individual), address, and identification number. If the firm verifies any information through documents, the CIP must contain procedures outlining the type of documents the firm may use for verification. During the verification process, the firm must record a description of any document used to verify customer identity, noting type of document, any identification number listed, the place of issuance, and any date of issuance and expiration date listed. If the firm verified any information through non-documentary methods, the CIP must contain procedures outlining the type of non-documentary methods the firm may use for verification. During the verification process, any non-documentary methods and their results must be described and recorded.
Certain accounts or account types, such as online accounts, may have heightened risk. A firm must take additional steps to collect information about customers that pose a heightened risk of not being properly identified. The additional measures used to obtain information when standard documentation is insufficient must be documented in the broker-dealer’s customer identification program. Firms must also consider the logical consistency of all accounts – is there consistency between the information provided?
Except in the case of private banking accounts, there isn’t a specific regulation requiring member firms to collect information regarding the source of account funding. A firm may decide to document the source of funding as a part of due diligence for a general account based on the account’s assessed risk level. Private banking accounts for non-U.S. personas are defined in the BSA as accounts with a minimum aggregate account deposit of $1 million and with a liaison assigned to the account. For such accounts, the member firm must determine the source of funds for the account and the expected use of the account.
A customer’s identity must be verified within a “reasonable time” before or after the account is opened. The rule does not specify what counts as a “reasonable time”, and the Adopting Release for the Broker-Dealer CIP Rule emphasizes that broker-dealers must be reasonably flexible when undertaking verification. The broker-dealer must be able to undertake verification before or after an account if opened, as the amount of time needed may depend on various factors, which is part of the firm’s risk assessment.
[Continued in Customer Identification Program (CIP) – Part II]