We obtain the 4 required items in CIP. Our policy states that we may use nondocumentary or other documentary methods as deemed necessary (i.e., letters, call backs, etc obtain other ID). We OFAC all new customers with no existing relationship, and run ChexSystems. We basically leave it up to the discretion of our customer service associates to determine if they will get additional information. Our policy also has a risk rating system of the different levels of risks for the various products and required elements. Does anyone think that this is not adequate as far as what regulation requires
?