Hi, don't have a formal checklist but I would consider the following steps as a best practice:
1. Must meet Patriot Act Section 326 requirements (KYC/CIP check) - verify PII of the applicant (SSN, Name, address, Phone, DOB)
2. Check OFAC, other core sanctions lists (ex: EU, UN, BOE, FBI, BIS, ect)
3. Important to setup fraud risk workflows for online applications, this may include digital identity risk factors (where is the customer logging in from?), as well as identity risk factors (is there high risk this is a synthetic or stolen identity)
4. Authenticate the applicant, this is best done with a KBA (knowledge based authentication quiz), or text verification process
There are companies that can help automate these processes for you (LexisNexis is a good one :)) If you have any questions I would be happy to setup a call.