How Customer Identification Program (CIP) Works
A Customer Identification Program operates as a structured, written set of procedures that must be approved by senior management and embedded into onboarding workflows. The program governs what data is collected, how it is verified, when the account can be opened, and how records are stored. Below are the core procedural steps every CIP must execute.
Collect Minimum Identifying Information
Before opening an account or enabling transactions, collect the four mandatory data points: full legal name, date of birth, residential address (no P.O. boxes), and a government-issued identification number (SSN for U.S. persons; passport number or foreign TIN for non-U.S. persons). For legal entities, also collect the entity name, principal business address, EIN, and beneficial ownership information for any individual controlling 25% or more.
Verify Identity Through Documentary or Non-Documentary Methods
Documentary verification uses government-issued photo ID — passports, driver's licenses, or national identity cards. Non-documentary methods, which are essential for digital-first businesses, use data sources such as credit bureau files, public records, and identity databases to cross-reference the collected information. Many platforms layer both: document capture plus a real-time database check against authoritative sources.
Screen Against Government Watch Lists
Every CIP must include a check against the OFAC Specially Designated Nationals (SDN) list and other government sanctions databases. This step must occur before the account is opened or, in limited circumstances, within a reasonable time after. Failure to screen at onboarding is one of the most frequently cited deficiencies in regulatory examinations.
Assess and Assign a Risk Rating
Collected and verified identity information feeds into the broader know-your-customer risk framework. Based on customer type, geography, business model, and transaction profile, the institution assigns a risk tier that determines the level of ongoing monitoring required. High-risk customers may trigger enhanced due diligence before account activation.
Maintain Records for Five Years Minimum
All identity documents, verification records, and the methods used must be retained for at least five years following account closure. Records must be retrievable for regulatory examination within a reasonable timeframe. This retention obligation applies even if the customer never completed onboarding.
Provide Customer Notice
Regulated institutions must notify customers that they are requesting information to verify identity for legal compliance purposes. This notice can be delivered verbally, on an application form, or digitally during onboarding — but it must occur before or during the information collection step.
Why Customer Identification Program (CIP) Matters
Financial crime is not a theoretical risk — it flows directly through payment infrastructure when identity verification gaps exist. A robust CIP protects merchants and platforms from becoming unwitting conduits for fraud, money laundering, and sanctions evasion, while also satisfying the legal requirements that banking partners use to evaluate counterparty risk.
According to the United Nations Office on Drugs and Crime, an estimated $800 billion to $2 trillion is laundered globally each year, representing 2–5% of global GDP. A significant proportion of this volume enters the financial system through businesses with weak or non-existent identity verification at onboarding. Meanwhile, FinCEN reported that U.S. financial institutions filed 3.6 million Suspicious Activity Reports (SARs) in 2023, the majority of which originated from failures at the identity verification layer — precisely what CIP is designed to address.
For payment platforms and ecommerce operators, the business case is equally concrete. Visa and Mastercard network rules require payment facilitators to implement CIP-equivalent merchant onboarding verification. A 2023 LexisNexis study found that for every $1 of fraud loss, U.S. financial services firms incur $4.41 in total costs when factoring in investigation, remediation, and regulatory response — costs that robust upfront identity verification directly reduces.
Regulatory Baseline
CIP requirements for U.S. banks are codified in 31 CFR 1020.220. Broker-dealers fall under 31 CFR 1023.220. Mutual funds are governed by 31 CFR 1024.220. Each rule shares the same four-element minimum but varies in implementation guidance based on account types served.
Customer Identification Program (CIP) vs. Customer Due Diligence (CDD)
CIP and customer-due-diligence are closely related but serve distinct functions within a compliance program. Many practitioners use the terms interchangeably, which creates gaps in both programs.
| Dimension | Customer Identification Program (CIP) | Customer Due Diligence (CDD) |
|---|---|---|
| Primary purpose | Verify who the customer is | Understand what the customer does and their risk profile |
| Regulatory trigger | Account opening / onboarding | Ongoing relationship and transaction patterns |
| Minimum data collected | Name, DOB, address, ID number | Business nature, expected transaction patterns, source of funds |
| Timing | Before or at account opening | Onboarding + periodic refresh throughout relationship |
| Legal mandate (U.S.) | 31 CFR 1020.220 (banks) | FinCEN CDD Rule (31 CFR 1010.230) effective 2018 |
| Output | Verified identity record | Risk rating and customer risk profile |
| Triggered by transaction? | No — triggered by account event | Yes — ongoing monitoring and event-driven review |
| Enhanced version | N/A | Enhanced Due Diligence (EDD) for high-risk customers |
CIP is a prerequisite for CDD — you cannot assess the risk profile of a customer whose identity has not been verified. Together, both programs feed the anti-money-laundering monitoring layer that flags suspicious activity post-onboarding.
Types of Customer Identification Program (CIP)
CIP programs are not monolithic. The specific design varies based on the regulated entity type, the customer base served, and the channels through which accounts are opened.
Standard CIP (Retail Banking / Consumer): Designed for individual consumers opening deposit accounts. Relies heavily on documentary verification (driver's license, passport) with in-person or video-based identity confirmation. Minimum four-element data collection applies.
Business CIP (Commercial / Entity Onboarding): Applies to legal entities — LLCs, corporations, partnerships. Requires entity-level verification (EIN, articles of incorporation, operating agreement) plus beneficial ownership verification of natural persons holding ≥25% equity. More complex and document-intensive than consumer CIP.
Digital / Remote CIP: Adopted by neobanks, payment platforms, and fintech companies that operate without physical branches. Relies on non-documentary verification: database checks, knowledge-based authentication (KBA), biometric document scanning, and liveness detection. Must meet the same regulatory standard as in-person programs while operating entirely through digital channels.
Simplified CIP (Low-Risk Accounts): Some regulators permit a reduced verification burden for demonstrably low-risk account types — such as payroll cards below certain thresholds — where the customer has already been verified by an employer or government program. Simplified CIP must still be documented and approved.
Third-Party Reliance CIP: An institution may contractually rely on a third-party provider (often a banking-as-a-service sponsor bank) to perform CIP on its behalf. The relying institution remains fully liable and must obtain annual certifications that the third party's program is compliant and active.
Best Practices
A well-designed CIP does more than meet the minimum regulatory bar — it creates a frictionless customer experience while generating clean data for downstream risk and fraud systems.
For Merchants
Treat CIP as a business asset, not just a compliance checkbox. The identity data collected during onboarding — verified legal name, address, government ID — is the same data your payment processor uses for dispute resolution, chargeback defense, and fraud investigations. Merchants who invest in thorough onboarding verification see measurably lower chargeback rates because they can quickly produce verified customer identity records.
Choose verification providers that support risk-tiered flows. Low-risk customers (returning buyers, known entities) should clear CIP with minimal friction — often a database check in milliseconds. Flag higher-risk signals — unusual geographies, mismatched device and billing data, new email domains — for stepped-up verification rather than blanket document requests that drive abandonment.
Maintain your CIP records in a format accessible to your payment partners and acquiring bank on short notice. Regulatory examinations increasingly extend to payment facilitators and platform operators, and producing records within 48–72 hours is now a practical requirement, not an aspirational one.
For Developers
Build CIP as a configurable orchestration layer, not hardcoded logic. Regulatory requirements change, and the specific data fields, verification methods, and screening lists required in one jurisdiction will differ from another. Abstract your CIP workflow into rules-driven configuration so compliance teams can update requirements without a code deployment.
Integrate identity-verification and sanctions screening as synchronous calls in the onboarding flow, not background jobs. Accounts opened before screening results return create regulatory exposure. Use async escalation only for edge cases (document review queues, manual review) — not for core screening.
Implement structured audit logging from day one. Every data point collected, every API call to a verification provider, every screening result, and every decision (approved, declined, escalated) must be recorded with timestamps and immutable identifiers. This log is your compliance evidence in an examination or litigation scenario.
Common Mistakes
1. Treating CIP as a one-time checkbox at account opening. CIP records must stay current. A customer who passed CIP three years ago with a residential address that has since changed may now present a different risk profile. Build periodic refresh triggers — especially when customers upgrade account tiers, increase transaction limits, or change business models.
2. Relying solely on documentary verification for digital onboarding. Accepting a photo of a driver's license without liveness detection or database cross-referencing creates a significant fraud vector. Synthetic identity fraud — where real identity data is combined with fabricated elements — passes document-only checks routinely. Layer non-documentary database verification against authoritative sources.
3. Failing to document the CIP policy itself. Regulators require a written CIP that has been approved by the board or senior management. Many smaller platforms operate with informal procedures that have never been formalized. If you cannot produce a signed, versioned CIP document, you are non-compliant regardless of how good your actual verification practices are.
4. Incomplete beneficial ownership collection for business accounts. The FinCEN Beneficial Ownership Rule requires identifying all natural persons owning 25% or more of a legal entity, plus one control person. Many platforms collect entity-level data but skip the individual ownership layer, creating a gap that is now a top examination finding for payment facilitators.
5. Neglecting sanctions re-screening post-onboarding. OFAC adds and removes names from the SDN list continuously. A customer who cleared sanctions screening at onboarding may appear on a list update six months later. Ongoing batch re-screening — at minimum monthly, ideally daily for high-risk segments — is required by most sophisticated compliance programs and expected by correspondent banking partners.
Customer Identification Program (CIP) and Tagada
Payment orchestration platforms like Tagada sit at the intersection of merchant onboarding and payment processing — exactly the layer where CIP obligations and practical verification workflows must meet. When a merchant connects to Tagada to route payments across processors, their identity needs to be verified in a manner that satisfies both Tagada's banking partners and applicable regulatory requirements.
How Tagada Supports CIP-Ready Onboarding
Tagada's orchestration layer is designed to work with your existing identity verification and KYC providers. Whether you're connecting a third-party IDV API, a sanctions screening service, or relying on a sponsor bank's CIP infrastructure, Tagada's merchant onboarding configuration supports structured data capture and routing — so your compliance team gets the verified identity record they need, and your engineering team doesn't rebuild the wheel for every new market or payment partner.
For ecommerce platforms and marketplaces that onboard sub-merchants through Tagada, maintaining CIP-equivalent verification for each sub-merchant is not optional — it is a contractual requirement of the card networks and a regulatory expectation of acquiring banks. Building that verification layer directly into the Tagada-powered onboarding flow ensures that sub-merchant identity records are captured, stored, and retrievable alongside the payment and transaction data they generate.