CIP Process – Verifying Customer Identity (Stage 2)


After gathering CIP information for a new client during the onboarding process, the next phase in the CIP process is to verify the identity of the customer.

CIP-Verifying-Customer-Identity

Image Source: CIP information

As required by financial federal regulators, a financial institution’s AML KYC program must include risk-based procedures and processes for verifying the identity of a new customer.

A financial institution does not need to establish the accuracy of every element of CIP-identifying information that is obtained from the client.

However, it must verify enough information to form a reasonable belief that it knows the true identity of the customer.



Two Methods of Verification

There are two key methods for verifying the identity of a customer:

1. Documentary Method: This involves comparing information provided by the customer against official government-issued, state-issued or reputable agency-issued (e.g., DMV) documentation, registration or licenses.

2. Non-Documentary Method: This involves validating the customer’s identity using third parties or other non-document reports.

For example, the AML staff may cross-check an individual’s identity via a third-party credit reporting agency. 

For business customers, the AML staff may validate the legal entity’s information against commercial databases (e.g., Dunn & Bradstreet). 

In addition, the AML staff can compare business client information against information obtained from a consumer reporting agency, public database or other source.

A financial institution’s AML KYC program should outline the specific verification method to be used for each client and specify when to use the documentary vs. non-documentary method.



Performing Customer Identity Verification – Individuals

The goal when verifying an individual’s identity is for the financial institution to gain reasonable belief that it knows the true identity of a customer.

Identity Verification for Individuals (Documentary Method)

To verify the identity and nationality of an individual, the AML/onboarding staff should review any of the unexpired government-issued identification cards or reputable agency-issued (i.e., DMV and IRS) documentation below:

  • Driver’s license
  • State-issued ID
  • Passport
  • Consular identification cards
  • Foreign driver’s license
  • Original utility bill
  • Notarized bank statement
  • Tax bill

To verify the address of an individual, the staff should review any of the below ID cards, which should include the individual’s current place of residence:

  • Driver’s license
  • State-issued ID
  • Foreign driver’s license


In the possible event that a document provided by a client shows obvious indications of fraud, the financial institution is obligated to report this event via a suspicious activity report (SAR). You’ll need to use the BSA E-Filing System for submitting SARs.

When verifying an individual’s identity, the financial institution must ensure that the presented documents have been issued by a government or reputable agency (e.g., a department of motor vehicles-issued ID).

Identity Verification for Individuals (Non-Documentary Method)

When conducting non-documentary verification, an AML staff member can:

  • Validate the customer’s information using risk intelligence databases or platforms like World Check and LexisNexis
  • Validate customer identity against fraud and bad check databases
  • Check references (i.e., other banks and credit card companies)
  • Contact the customer directly to conduct an inquiry and also validate a provided phone number
  • Validate the customer’s identity against credit or consumer reports
  • Request and review the customer’s financial statements


Performing Customer Identity Verification – Business and Legal Entities

Identity Verification for Business/Legal Entities (Documentary Method)

When conducting documentary verification for a legal entity, an AML staff member can validate information against the following documentation as evidence that the entity does exist:

  • Registered articles of incorporation
  • Certified articles of registration
  • Government-issued business license
  • Prospectus
  • Offering memorandum
  • Plan agreement
  • Private placement memorandum
  • Signed and certified “true” copy of limited liability company (LLC)
  • Signed and certified “true” copy of limited partnership (LP) agreement
  • The entity’s most recently audited financial statements or annual reports
  • Proof of authority to open and manage account
  • Proof of IRS – 501C filing

Identity Verification for Business/Legal Entities (Non-Documentary Method)

When conducting non-documentary verification for a legal entity, an AML staff member can:

  • Validate the legal entity information against commercial databases (e.g., Dunn & Bradstreet)
  • Validate the customer’s identifying information against well-known public websites – Edgar, SEC, NASDAQ, NYSE, Department of Labor 5500 filing (funds) or  an official local government website (for public pension or other funds)
  • Verify the entity’s existence against public records
  • Review the legal entity’s website to validate information (for example, an AML staff member may review the financial statement posted on a company’s investor relations page)
  • Validate the entity’s identifying information against credit and customer reporting agencies


CDD – Assessing the Business Structure for a New Customer

Certain types of customer business structures have characteristics that are known to increase money laundering risks.

For example, LPs, LLCs, and trust funds can have complex ownership structures that obscure the true owners or beneficial owners of that entity. 

When performing AML CDD, most major US banks assess a new customer's business structure and activities as part of their risk rating evaluation.

Key considerations need to be given to:

  • The regulatory status of the customer’s business structure (is it a regulated like an investment management firm or as an unregulated entity like a payday loan advance entity)?
  • To what extent is the business entity covered by local anti-money laundering laws?
  • To what extent is the business entity supervised by regulators?
  • Is the business entity a registered or unregistered entity?
  • Is the business entity a cash intensive type of business (i.e., money services business)?
  • What is the business structure of the customer’s business (LLC, limited partnership, corporation, etc.)?


Inability to Adequately Verify a Client’s Information

In the event that the AML staff is unable to adequately verify the identity of a new customer, the financial institution is obligated to not open the account.

pexels-photo-259027

Image Source: Pexels

There may be situations where documentation provided by the client shows obvious indications of fraud or where the client provides identifying information that conflict with information gleaned via other sources (i.e., a consumer report or registration documentation obtained from a government agency).

In such situations, the financial institution is obligated to report any observed fraudulent activities to financial regulators via a suspicious activity report (SAR).



AdvisoryHQ (AHQ) Disclaimer:

Reasonable efforts have been made by AdvisoryHQ to present accurate information, however all info is presented without warranty. Review AdvisoryHQ’s Terms for details. Also review each firm’s site for the most updated data, rates and info.

Note: Firms and products, including the one(s) reviewed above, may be AdvisoryHQ's affiliates. Click to view AdvisoryHQ's advertiser disclosures.