The On-boarding Life Cycle of Anti-Money Laundering Know Your Customer Process under Bank Secrecy Act

The Know Your Customer (KYC) provision is a financial regulatory rule that is mandated by the Bank Secrecy Act and the USA PATRIOT Act of 2001. It has been updated many times recently to be able to cope with the developing financial crime techniques.

It requires banking and non-banking financial institutions to conduct a thorough review of a new customer before accepting that customer as a new client.

The objective of the KYC rule is to reduce the possibility of the financial system being used for money laundering and terrorist financing activities. 

With a few exceptions, the AML KYC onboarding lifecycle involves three distinct phases:

-Customer Identification Program (CIP)

-Customer due diligence (CDD)*

-Enhanced due diligence (EDD)

- Account Opening


Initiating this process involves a notification (normally automated) being sent to the AML (or related) group, alerting it to commence the AML review process .

The first phase of the AML review process is the Customer Identification Program (CIP), which involves collecting and verifying the new customer's information , purpose of opening the account , source of funds/wealth, and verifying any related documents.

The CIP is followed by Customer due diligence (CDD), which involves sanctions screening & risk based assessment  , to determine a low, medium or high-risk AML rating , Some Banks allow rasing customer's rating higher manually according to local regulator/jurisdiction laws .

 In cases where a client is deemed to pose a high risk, the case is escalated to the chief AML officer or designee in a process known as Enhanced due diligence (EDD).

Only after CDD/EDD has been approved, should an account be created in accordance with financial regulations and requirements. Continue:

How to Develop or Manage a well-defined Customer Identification Program?

This review guide has been developed to help compliance officers, AML specialists, and other regulatory compliance professionals in developing and managing well-defined and well-documented anti-money laundering (AML) Customer Identification Programs.

Customer Identification Program (CIP) 

The Customer Identification Program, commonly referred to as CIP (pronounced "SIP"), is a mandatory requirement that is stipulated by section 326 of the USA Patriot Act. 

As required by FinCEN, all financial institutions are required to have a written and well-documented Customer Identification Program (CIP) incorporated into their AML compliance program. 

CIP Rule - Final Rule

Objective of a CIP Program

The objective of each firm’s CIP program is to enable the firm to form a reasonable belief that it knows the true identity of each customer.

Each firm’s CIP needs to be risk-based and in accordance with the firm's size, type of business, customer type, and overall risk.

Customer Identification Programs must be in writing (well-documented) and be part of a company’s overall anti-money laundering program.

Anti-Money Laundering (AML) Lifecycle

The Customer Identification Program is the first of many phases that make up the anti-money laundering/know your customer lifecycle. 

During the onboarding phase, CIP is the first stage through which banks and other financial institutions identify and verify the true identity of new clients looking to open new accounts.

AML/KYC Lifecycle Flow – Client Onboarding

Five Key Requirements Process of a Customer Identification Program (CIP)

Each bank, financial, or non-banking financial institution is required to develop a Customer Identification Program that is tailored to its individual circumstances and type of clients. 

At a minimum, the CIP rule requires firms to implement the five pillars below as part of their CIP structure.


1. Gather Client Documentation

A key CIP procedure involves collecting client documentation, data, and information. 

Institutions must ensure that they have adequate procedures in place that list the relevant information and documentation that should be obtained from each customer.

There is a minimum requirement of CIP documentation/information that needs to be collected for individual and non-individual (i.e., corporations) clients. 

2. Verify Client Information 

In addition to collecting client information, financial firms also have to verify the information collected using risk-based measures.

Banks and other financial institutions are not mandated to establish the accuracy of every element of obtained client information. 

However, they must verify enough information to form a reasonable belief that they know the true identity of the individual or entity seeking to open an account. 

3. Provide CIP Notice to Customers

Section 326 of the USA PATRIOT Act requires firms to provide adequate CIP notice to new customers, informing them that the firm is reviewing or has reviewed identification information to verify their identities.

Such notification must be given during the onboarding process before the account is opened.

Here is a sample of the notice that firms have to send to customers: Customer Identification Program Notice.

Important Information You Need to Know about Opening a New Account To help the government fight the funding of terrorism and money laundering activities, federal law requires financial institutions to obtain, verify and record information that identifies each person who opens an account. This notice answers some questions about your firm’s Customer Identification Program. What types of information will I need to provide? When you open an account, your firm is required to collect the following information: f Name f Date of birth f Address f Identification number: • U.S. citizen: taxpayer identification number (Social Security number or employer identification number) • Non-U.S. citizen: taxpayer identification number; passport number and country of issuance; alien identification card number; or government-issued identification showing nationality, residence and a photograph of you. You may also need to show your driver’s license or other identifying documents. A corporation, partnership, trust or other legal entity may need to provide other information, such as its principal place of business, local office, employer identification number, certified articles of incorporation, government-issued business license, a partnership agreement or a trust agreement. U.S. Department of the Treasury, Securities and Exchange Commission, and FINRA rules already require you to provide most of this information. These rules also may require you to provide additional information, such as your net worth, annual income, occupation, employment information, investment experience and objectives and risk tolerance. What happens if I don’t provide the information requested or my identity can’t be verified? Your firm may not be able to open an account or carry out transactions for you. If your firm has already opened an account for you, they may have to close it.

4. Conduct Sanctions Screening

As part of CIP, financial firms are also required to screen their new customers against OFAC and other sanctions lists and databases.

5. Enforce Adequate Record Retention Policies

In addition to the four CIP requirements presented above, institutions are also required to retain any obtained customer identifying information and data.

Such information or documentation must be retained throughout the relationship and up to five years after the relationship has been terminated. 

In the case of credit card accounts, financial firms are required to retain the customer's identifying information for a period of five years after (1) the account is closed or (2) after the account becomes dormant.  

Risk-Based Approach to CIP

A risk-based approach to CIP happens when a financial firm identifies its overall exposure to money laundering and terrorist financing risks and then ensures it has developed enterprise-wide efficient processes to mitigate the assessed risks.

Such processes and procedures may vary based on the account types being opened, the domicile of the customer, how the account is opened (face-to-face or electronically), the nature of the customer’s business, the customer’s client base, and a wide range of other factors.

The overall objective of a risk-based approach is that a financial institution must be able to form a “reasonable belief” that it knows the true identity of the new customer.
CIP Is Not Enough  Regulators Require Firms to Do More

Federal regulators have noted that although the Customer Identification Program is very important, it should only be considered as one part of a firm’s anti-money laundering/Bank Secrecy Act compliance program. 

They advise that “adequate implementation of a CIP, standing alone, will not be sufficient to meet a bank’s other obligations under the Bank Secrecy Act.” 

In addition to the CIP, banks and other financial institutions are required to have additional AML/KYC procedures and processes in place, including customer due diligence, risk assessment and rating, suspicious activity monitoring, sanctions screening, and periodic KYC reviews.

* The CDD Final Rule by FinCEN  


Treasury Announces Key Regulations and Legislation to Counter Money Laundering and Corruption, Combat Tax Evasion


WASHINGTON – Today, the U.S. Department of the Treasury announced several actions to strengthen financial transparency and combat the misuse of companies to engage in illicit activities. Treasury announced a Customer Due Diligence (CDD) Final Rule, proposed Beneficial Ownership legislation, and proposed regulations related to foreign-owned, single-member limited liability companies (LLCs).  Together, these efforts target key points of access to the international financial system – when companies open accounts at financial institutions, when companies are formed or when company ownership is transferred, and when foreign-owned U.S. companies seek to evade their taxes. 

The CDD Final Rule adds a new requirement that financial institutions – including banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities – collect and verify the personal information of the real people (also known as beneficial owners) who own, control, and profit from companies when those companies open accounts.  The Final Rule also amends existing Bank Secrecy Act (BSA) regulations to clarify and strengthen obligations of these entities. 

The CDD Final Rule harmonizes BSA regulations and makes explicit several components of customer due diligence that have long been expected under existing regulations, as well as  incorporating a new requirement for covered financial institutions to collect beneficial ownership information.  Specifically, the rule contains three core requirements:

(1) identifying and verifying the identity of the beneficial owners of companies opening accounts;

(2) understanding the nature and purpose of customer relationships to develop customer risk profiles; and

(3) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

With respect to the new requirement to obtain beneficial ownership information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.  Based upon comments received in response to the proposed rule that was published in August 2014, the final rule extends the proposed implementation period from one year to two years, expands the list of exemptions, and makes use of a standardized beneficial ownership form optional as long as a financial institution collects the required information.

The CDD Final Rule advances the BSA by making available to law enforcement valuable information needed to disrupt illicit finance networks.  This will in turn increase financial transparency and augment the ability of financial institutions and law enforcement to identify the assets and accounts of criminals and national security threats.  This will also facilitate compliance with sanctions programs and other measures that cut off financial flows to these actors. 

Beneficial Ownership Legislation 

Also today, Treasury announced it is sending beneficial ownership legislation to Congress.  The Administration is committed to working with Congress to pass meaningful legislation that would require companies to know and report adequate and accurate beneficial ownership information at the time of a company’s creation, so that the information can be made available to law enforcement.  As part of the legislation outlined today, companies formed within the United States would be required to file beneficial ownership information with the Treasury Department, and face penalties for failure to comply.  The misuse of companies to hide beneficial ownership is a significant weakness in the U.S. anti-money laundering/counter financing of terrorism regime that can only be resolved by Congressional action.  The new draft legislation is an amended version of an Administration Budget proposal, reflecting discussions with Congress, law enforcement entities, and others.

The proposed legislation also contains technical amendments to the current Geographic Targeting Order (GTO) authority which would clarify FinCEN’s ability to collect information under GTOs, such as bank wire transfer information. The most recent GTOs temporarily require certain U.S. title insurance companies to record and report the beneficial ownership information of legal entities making “all-cash” purchases of high-value residential real estate.  All-cash purchases may be conducted by individuals attempting to hide their assets and identity by purchasing residential properties so these GTOs assist the U.S. government in better understanding potential illicit finance vulnerabilities in our real estate sector.  This January, FinCEN issued GTOs focused on the Borough of Manhattan in New York City, New York, and Miami-Dade County, Florida.  FinCEN intends to evaluate the information it gains from these GTOs and determine what next steps would best protect the U.S. financial system from criminal abuse.  Options could include broadening the GTOs to other areas, or using the information to inform a more comprehensive rulemaking.

Foreign-Owned Single-Member LLC Proposed Regulations

Treasury also announced proposed regulations to require foreign-owned “disregarded entities,” including foreign-owned single-member limited liability companies (LLCs), to obtain an employer identification number (EIN) with the IRS. Overall, our federal tax system has very strong information reporting requirements for most types of entities formed in the United States.  These requirements allow the IRS to determine whether there is any federal tax liability and if so, how much, and to share information with other tax authorities as appropriate. However, there is a narrow class of foreign-owned U.S. entities – typically single member LLCs– that have no obligation to report information to the IRS or to get a tax identification number. These "disregarded entities” can be used to shield the foreign owners of non-U.S. assets or non-U.S. bank accounts. Once these regulations are finalized, they will allow the IRS to determine whether there is any tax liability, and if so, how much, and to share information with other tax authorities. This will strengthen the IRS’s ability to prevent the use of these entities for tax avoidance purposes, and will build on the success of other efforts to curb the use of foreign entities and accounts to evade U.S. tax.



Download File