You have a couple issues to resolve:
1) Is the NPO a "person" as defined by CIP? Although it's not fool-proof, one easy test is, "does the NPO have a TIN?" If they have a TIN you're probably dealing with a "person" as defined by CIP. If not, move carefully. You may be dealing with a guy who wants an account for his golf league which has no formal or legal structure.
2) If the NPO is a "person" then you must review your own CIP procedures. While it's true that the Reg does not require you to perform CIP on authorized signers, some FI's wrote their policies such that they are required to do full CIP. For example: in our data processing equipment we don't have the option of creating a common file for a non customer so consequently if we don't get SSN, DL, etc. on authorized signers they keep showing up on exception lists. Our CIP policy doesn't require full information on authorized signers but if we want to keep data processing happy we'd better get it!
In summary, NPO's are no different than any other business for CIP purposes.
_________________________
If you approach life with pure logic you can avoid almost all of the fun.