At this time when we open a new business account we apply our CIP procedures to the entity, individual authorizing the account and all authorized signers. I am looking at changing the policy to state that we CIP the entity and the individual authorizing the account- leaving out CIP requirements for authorized signers. We would continue to verify the authorized signers with picture ID but no request for social security number,etc.. I would like to see what others are doing. We are a small community bank "low" risk ratings for CIP, AML and OFAC. Thanks for your comments.

BUMP...I am looking to see how other banks answer this, as we are trying to refine our CIP procedures. What about loans to a corporation? What CIP is applied to the individuals associated with the corporation? I know our customer is the corporation, and the CIP rules are applied to the corporation, but what is done regarding CIP to the corporate officers, if anything?

Nemsi: to answer your question, I believe that the Act reads that you are required to CIP all OWNERS of the account. We interpret this is meaning that because authorized signers are not OWNERS we are not required to CIP them. So, we do not CIP ATWs. We are a $250,000 bank with 5 branches - also a Low Risk FI. Hope this helps!

Security Guy...I personally feel that the corporate officers should be covered under "due diligence" rather than CIP. You need to know who is running this company, their experience, background, possible legal problems, etc. You can CIP them if you want but knowing "about" them is where your risk is.

Thanks for the response- it helps. We CIP authorized signers because that's what our CIP policy says. I would like to change that policy to CIP the entity- "our customer". Wanted to get an idea of what the norm is, if there is one! Security Guy, thanks for bumping the post. I was very interested in reading the responses to your post.

The proposed CIP regulation required banks to verify the identity of mere signatories. Some banks protested and the final regulations only required banks to perform their CIP processes on a "customer;" i.e. the entity. My opinion is that the current industry standard ignores that shift and requires verified identification of all signatories, regardless of whether it is required by law. (Kaybee is correct, it may be more akin to customer due diligence, but the easiest place to plug it in to the process is in the bank's CIP.)

I've waited to offer this comment until there were over a hundred "views" and anyone who had followed the course you are considering had a chance to weigh in. My observation would be that the absence of any such comments would suggest that most banks are weathering the whining coming from some customers and some CSRs and continuing to obtain and verify information on signatories.

Whether it's required by law or not, it's simply prudent. It's far easier to steal the identity of a corporation than it is that of a person; it's identifying the signatories that gives the process some meaning. (Excluding signatories on government entities and publicly traded companies still falls within the "prudent" range, in my opinion.)

A good commercial lending process had this included in its underwriting process long before CIP ever existed. It generally is written up in credit proposals under "management".

We were identifying deposit account signers long before CIP as well as part of the bank's KYC program. It just seems like Banking 101 to me. Where is the greater risk, with a commercial customer or with a consumer?