A bank's CIP risk assessment must include "the various types of identifying information available." We're trying to improve this part of our risk assessment, but need help.

Some risk assessment examples that I've seen had very detailed risk ratings for other factors like types of accounts and methods of opening them, but not for "types of identifying information available." Even a CIP manual that we purchased had very little to say about rating this factor. It listed some ID examples as "Primary" or "Secondary" (driver's license, student ID, utility bill, etc.), but does that constitute a risk assessment for this factor?

Would anyone be willing to comment on how your bank's risk assessment (or any others that you've seen) deals with the "various types of identifying information available" factor? Does it use numerical ratings or terms like low, moderate, high risk? Should this factor have its own risk matrix or grid? How do you actually use the results in the rest of your CIP?

Any comments would be appreciated.