24 Nov 20237 min readin Use cases

Customer Identification Program vs. Know Your Customer: What Sets Them Apart?

Henry Patishman

Executive VP, Identity Verification solutions at Regula

A Know Your Customer (KYC) procedure has many components, so some people may get lost when navigating the specific requirements for any given field. For instance, a Customer Identification Program (CIP) is a requirement developed by US lawmakers for local companies that seems to be a synonym for this procedure. However, they are not the same.

In this article, we will bring all the pieces together to give you a clear understanding of the purpose and significance of KYC and CIP. Spoiler: They indeed fall under one umbrella.

Stay Tuned

We'll deliver hand-picked content from Regula's experts into your inbox

CIP: A short definition

A Customer Identification Program (CIP) is a set of procedures which financial institutions and similar companies must follow to comply with US law. This requirement is mandated by regulations such as the Bank Secrecy Act and the USA PATRIOT Act. CIP describes the procedures designed to screen customers to detect and deter occurrences of money laundering, fraud, terrorist financing, and other illicit financial activities.

Importantly, all CIP requirements target only financial institutions and businesses in the USA. However, their overseas offices may also follow these rules when they are consistent with local laws.

Key policies associated with a CIP are also described in examination manuals for financial supervisors. In this article, we consider the recommendations from the Bank Secrecy Act/Anti-Money Laundering Examination Manual Update issued in February 2021 by The Federal Financial Institutions Examination Council and Part 1020 – Rule For Banks by the US Department of the Treasury.

CIP vs. KYC: A quick explainer

KYC is associated with a batch of regulations that companies from the Banking sector must follow. All these guidelines reference the verification of current or potential customers regarding their identity, suitability, and attendant risks.

Therefore, KYC is not a single regulation/directive/law, but a practice or framework that helps businesses stay compliant with legal requirements, such as the Fifth Anti-Money Laundering Directive in the EU, and the Money Laundering Regulations in the UK. That is, each country has its own perception of what steps KYC should include. 

According to US regulators, the KYC framework consists of three key elements:

  • Customer Identification Program (CIP) 

  • Customer Due Diligence (CDD)

  • Enhanced Due Diligence (EDD)

Know Your Customer scheme with key components

The Basel Committee's interpretation 

The Basel Committee on Banking Supervision (BCBS) is a forum of banking supervisory authorities from 28 countries, including the US, the UK, and Belgium; as such, the committee interprets KYC requirements. According to this BCBS consultative document, KYC must include four essential elements: customer acceptance policy, customer identification, ongoing monitoring of high-risk accounts, and risk management.

Which procedures to include in your CIP program

Firstly, CIP should have a written form in the bank’s documentation, which should also be incorporated into the bank’s BSA/AML compliance program and approved by the board directors.

Customer identity verification is at the heart of CIP. Let’s see in detail which procedures the program must describe.

Required customer data

To stay in compliance with the CIP rule, banks should collect at least four pieces of information from each customer who wants to open an account. The list includes:

  • Name

  • Date of birth

  • Address, e.g., a residential, business street address, Army Post Office, or Fleet Post Office box number

  • Government-issued identification number, e.g., a taxpayer identification number for US residents or passport identification number for foreign citizens

Typically, this dataset can be obtained from the individual’s identity document(s). However, when opening credit card accounts, financial organizations may also acquire the customer’s information from third parties.

Customer verification

The next step involves checking whether a customer has a true identity. To do this, banks must verify all obtained information via document verification and/or non-documentary methods.

Document verification involves authenticity checks of the customer’s identity document(s). The document(s) must be valid (i.e., not expired) and provide the inspector with evidence of the individual’s nationality and/or residence, as well as their photo. The most common examples are passports and driver’s licenses. 

The rule also highlights that banks can review more than one document to prevent cases involving fraudulently obtained or counterfeit IDs.

Non-documentary methods may include:

  • Contacting the customer

  • Verifying the individual’s identity by comparing their data against data from third-party sources, such as consumer reporting agencies or public databases 

  • Checking the data from other financial institutions

  • Obtaining a financial statement if the customer represents a business

Banks also must have procedures for addressing challenges when there is a lack of verification. For instance, the bank should define the terms under which it won’t open an account.

We're Here to Help

Identity verification
for your mission-critical projects


This stage describes the mandatory procedures associated with current customers. Banks must retain all obtained personal data for five years after the account is closed or becomes dormant. They also can store copies of identity documents.

Additionally, the following descriptions must be kept:

  • The identity document data: its type, identification number, place and date of issuance, and expiration date

  • The verification data: the methods used for verification and the verification results 

  • The discrepancy data: all discoveries made when checking the person’s information

Comparison with government lists

Either before or after the account is opened, banks must screen the customer against lists of known or suspected terrorists or terrorist organizations issued by federal government agencies. 

There are no designated government lists created exclusively for CIP purposes. Typically, they include lists maintained by the US Treasury. Furthermore, banks should cross-reference customers with the Office of Foreign Assets Control list.

Customer notice

Finally, banks following the CIP rule must notify customers about collecting their data for identity verification. There are no set ways to do this, so businesses can seamlessly incorporate this element into their current identity verification flow.

Some examples of adequate notices cited by regulations include:

  • Posting a notice in the bank’s lobby

  • Publishing a notice on on the bank’s website 

  • Including a notice with application documents

Businesses can also provide customers with other written or oral notices. Clients must understand and accept these notices before their account is established.

How Regula can help you stay compliant with CIP

Since identity verification (IDV) is a core of the CIP rule, you need a reliable solution to conduct such checks properly. Considering the growth of remote interaction between financial institutions and customers, the solution should also cover online verification scenarios.

Regula Document Reader SDK is a single-vendor identity verification solution that helps you build a smooth IDV flow while complying with CIP and KYC regulations. Thanks to the data entry automation, you can ensure that accurate client data is seamlessly integrated into your systems. The complete set of authenticity checks enables you to ensure that each new customer is a genuine individual with a real ID. This cross-platform solution can be easily implemented into your web platform or application. 

Get a free 30-day trial with full functionality to test the solution → 


What is CIP (Customer Identification Program)?

A Customer Identification Program (CIP) is a written document describing risk-based procedures for verifying the identity of each customer in US financial institutions.

What is CIP in Banking?

Developing a Customer Identification Program (CIP) in written form is a mandatory KYC requirement for finance-related organizations and businesses in the US. As part of the bank's BSA/AML compliance program, the CIP needs to be approved by the bank's management.

What is CIP vs KYC?

In the US, the Know Your Customer framework includes three stages: Customer Identification Program (CIP), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD). CIP refers to the customer onboarding process, during which the company must verify whether a new client is a genuine individual who isn't on any government-based list associated with terrorism or money laundering.

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules