The most well publicized case is the one where insurance commissioners from several states sued two banks for failing to detect fraudulent activity involving insurance companies which had been looted by their owners. The complaint alleged that the banks, through their written "know your customer" programs should have detected the activity. The complaint was filed in state court and the defendants attempted to move the case to federal court, but there has been no trial. (It was reported on BOL.) A similar complaint involving land fraud, ultimately submitted to private arbitration, has been filed against a bank with operations in Texas.
Both cases pre-date CIP. They are based on the tenuous theory that a bank's attempts to detect illegal activity create a duty to a third party; i.e. if the bank fails to detect and report the illegal activity it becomes liable to those who are injured. But for the involvement of several states in the first law suit, it would be easy to label the claim as frivolous. A boilerplate reference to the real purpose of policies related to detecting suspicious activity may not prevent such a law suit. However, in the event a claim is made, having it is better than not having it.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.