Understanding the Difference Between CIP and KYC

Financial institutions worldwide, including banks, lenders, credit unions, insurers, and other enterprises, must comprehensively understand their business counterparts. This obligation, mandated by regulations, such as the Bank Secrecy Act and USA PATRIOT Act, aims to detect and prevent occurrences of money laundering, fraud, terrorism financing, and other financial crimes. The set of protocols businesses establish to adhere to these requirements is called Know Your Customer (KYC). However, the Customer Identification Programme (CIP) is a crucial component of KYC. Let’s dive deeper into the blog to understand the fundamental difference between CIP and KYC.

The Customer Identification Programme

Financial institutions incorporate customer identification procedures within the framework of KYC as part of their internal verification process. The Bank Secrecy Act of 1970 explicitly mandated financial firms to introduce an internal CIP to help the government prevent money laundering. The USA Patriot Act 2001 expanded and formalised this requirement for banks, savings institutions, and credit unions. The customer identification programme requirements demand to authenticate a customer’s identity effectively. This initial step of the KYC process is crucial for security purposes and sets the foundation for the subsequent stages.

There are several fundamental steps of a CIP process:

• Data Collection: Financial firms, including banks, must gather essential client data, like name, location, and date of birth. However, additional information, including documents with photographic identification, may also be collected to ensure proper customer identification.
• Identity Verification: Businesses perform the verification process to check customer’s identity. While the specific methods may vary among organisations, they must be robust enough to authenticate the customer reasonably. This may involve cross-referencing with third-party databases, biometric authentication, verifying documents, and employing identity assurance protocols.
• Record Authorisation: Alongside document authentication and identity confirmation, the bank must match the customer’s information against government databases to assess their involvement in criminal activity.
• Record-Keeping: The bank is responsible for maintaining comprehensive documentation of all document verification and authorisation procedures. This entails keeping records of document requests, securely storing customer-identifying information, addressing any discrepancies in collected data, and taking steps towards resolution.
• Record Retention: Financial firms must keep records for five years after the customer account is closed and, in the case of credit cards, after their account becomes inactive.
• Customer Notice: The bank should notify customers regarding their document collection and authentication processes.

Know Your Customer (KYC)

KYC laws are regulatory requirements imposed on businesses to combat fraud by deploying client identification and authentication procedures. These laws encompass multiple regulations about customer identity and verification, culminating in establishing KYC protocols. Initially, KYC laws emerged as part of Anti-Money Laundering (AML) legislation to mitigate money laundering and fraud within high-value financial institutions, including investment firms.

The primary objective of KYC laws is to ensure that financial institutions possess accurate knowledge of their customers and implement reasonable procedures to verify their identities. KYC laws require financial firms to evaluate customers’ trustworthiness and continually monitor their activities for any indications of fraudulent behaviour. It is important to note that the term “customers” does not refer to everyday consumer interactions but encompasses businesses, investment firms, and other individuals or organisations prone to fraud and money laundering seeking to open business or investment accounts.

KYC programmes comprise three fundamental components:

1. Customer Identification Programme (CIP)

Customer identification programmes are legally mandated processes using clients’ documentation to authenticate their claimed identity. 

2. Customer Due Diligence (CDD)

After verifying the customer’s identity, financial institutions are required to conduct due diligence to assess the integrity of the individual. This involves performing background checks and verifying professional references to ensure the customer has no criminal record or politically exposed status.

There are three levels of Customer Due Diligence (CDD):

• Standard Customer Due Diligence (CDD): Under CDD, the organisation must collect certain basic information from the customer, which is then compared against criminal databases and other third-party sources of information.
• Simplified Due Diligence (SDD): SDD is employed when there is a low risk of fraud or theft. There is no mandatory requirement for identity document verification. This approach is used only when the customer presents minimal or no risk of fraud.
• Enhanced Due Diligence (EDD): Certain customers pose higher risks of fraud, such as those with a criminal background or appear on Politically Exposed Persons (PEPs) lists and are susceptible to bribery. In such cases, banks are obligated to conduct EDD procedures. These may involve gathering additional background information, verifying the source of their funds, requesting documentation regarding their wealth and its structure, or researching media reports and interviewing relevant third parties.
  

  3. Ongoing Monitoring

Even after successfully passing the initial screening, customers cannot be assumed to remain trustworthy forever. Financial institutions must incorporate ongoing monitoring practices to ensure the bank’s security and prevent potential incidents of fraud.

As part of such monitoring programmes, organisations may track various factors, including:

• Unusual Expenditures or Transfers: Large transactions deviate significantly from the average pattern.
• Increased Transaction Volume: An upsurge in the number of transactions that the customer conducts.
• Deposits or Transfers Involving Foreign Banks: Transactions involving transfers to or from international banks.
• Transactions with Individuals on Criminal or Sanction Lists: Conduct transactions with individuals listed on criminal or sanction databases.

Detecting such activities may require filing a Suspicious Activity Report (SAR). Banks should have updated risk reports showing the legal and financial risks they are exposed to and the measures they have implemented to prevent unlawful activities.

How Can Shufti Help?

Shufti offers a robust KYC solution that fast-tracks clients in real-time. Our robust KYC solution is globally trusted in verifying identities within seconds and helping businesses comply with global regulations. 

Here’s what makes our KYC solution stand out:

• Duplicate account detection
• Tailored logos and iFrame colours for branding
• Drag and drop identity verification journey builder
• Flexibility to select ID document formats to be accepted
• Single Sign-on (SSO) for workers to access various corporate channels securely
• Data retention policy to fulfil data privacy regulations

Still confused about how a KYC solution helps businesses avoid heavy non-compliance fines?