Customer Identification Program (CIP): Definitions and Requirements – Part II

[Continued from Customer Identification Program (CIP): Definitions and Requirements – Part I]

How Does Risk Assessment Affect a Firm’s CIP?

Appropriate verification procedures for a CIP are governed by a risk-based assessment. A CIP must include risk-based procedures for verifying the identity of each customer to a reasonable and practicable extent. These procedures must be based on the broker-dealer’s assessment of the relevant risks, including those presented by the types of accounts maintained by the broker-dealer, the methods of opening accounts, and the types of identification information available. Additionally, this risk-based assessment should take into consideration the broker-dealer’s size, location, and customer base.

The Treasury and the SEC recommend that firms analyze whether there is a logical consistency between the identifying information provided, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth, and Social Security number (e.g., zip code and city/state are consistent).

What are the Minimum Requirements for a Successful CIP?

For a successful AML compliance program, a broker-dealer’s customer identification program must collect, at very minimum:

  • a customer’s name;
  • date of birth (for an individual);
  • address; and
  • identification number.

If the firm verifies any information through documents, the CIP must contain procedures outlining the type of documents the firm may use for verification. During the verification process, the firm must record a description of any document used to verify customer identity, noting type of document, any identification number listed, the place of issuance, and any date of issuance and expiration date listed. If the firm verified any information through non-documentary methods, the CIP must contain procedures outlining the type of non-documentary methods the firm may use for verification. During the verification process, any non-documentary methods and their results must be described and recorded.

For more information on AML Compliance Programs as a whole, please see our other blogs on the subject. For more information about customer identification programs specifically, please go here instead.