GlossaryCustomer Identification Program

Customer Identification ProgramCIP

A Customer Identification Program (CIP) is the written identity verification program every US bank must maintain under Section 326 of the USA PATRIOT Act (31 CFR 1020.220). It requires collecting and verifying identifying information from every person opening an account, keeping records of the verification, and checking applicants against government lists.

The four required data points

Before opening an account, the bank must collect, at minimum: name, date of birth, address, and an identification number (SSN or TIN for US persons). Collection is only the start; the program must then verify identity through documents, non-documentary methods, or both, within a reasonable time of account opening.

Documentary vs. non-documentary verification

Documentary verification inspects credentials: a driver’s license, a passport. Non-documentary verification checks the claimed identity against independent sources: consumer reporting data, public databases, authoritative services like eCBSV, or contacting the customer through verified channels. Most modern programs run both, because documents alone miss the current failure mode: synthetic identities whose documents are technically genuine.

The program must also address recordkeeping (identity records kept five years after account closure), customer notice that identity will be verified, and procedures for when verification fails. Examiners test whether the written program matches actual practice, and whether the bank can reconstruct, for any customer, what was verified, when, and against which source.

CIP is a floor, not a fraud program

CIP compliance answers the regulatory question: did you verify identity as your program requires? It does not by itself answer the business question: is this applicant going to defraud you? First-party fraud, in particular, walks through CIP untouched, because the identity is real. Banks increasingly treat CIP as the base layer of a verification stack that also confirms income, employment, funding accounts, and fraud-risk signals in the same flow.

Common questions

What are the CIP requirements?

Collect name, date of birth, address, and an ID number from every account opener; verify identity via documentary or non-documentary methods within a reasonable time; keep verification records five years after closure; give notice; and check government lists as required.

Does CIP require a physical ID document?

No. The rule permits documentary verification, non-documentary verification, or a combination. Fully digital account opening satisfies CIP when non-documentary methods reliably verify identity.

What do examiners look for in a CIP review?

That the written program is risk-based and board-approved, that actual practice matches it, and that the bank can produce verification records showing what was checked, when, and against what source for any given customer.

How RAVEN handles this
KYC software

See it on your bank’s loans

One link to the borrower, complete verification back in minutes. Book a 20-minute call and we’ll walk through a live demo for your bank.

Or email us at isaac@reportraven.tech