Skip to content

CIP & Red Flag ID Compliance

Answered by: 

If a bank relies on an automated ID verification system for both CIP and red flags compliance and there are red flags associated with the name, date of birth, or social security number that go unresolved, are these CIP violations as well as violations of the bank's identity theft program? We only use the system to verify the identity of customer’s who are new to the bank.

The mere existence of red flags in your non-documentary verification report does not constitute a CIP violation. You have to have a process in your CIP for addressing those discrepancies so that you can form a reasonable belief that you know the actual identity of the customer. If you fail to complete that process, ignoring the discrepancies, you're likely to be cited for CIP deficiencies.

For example, suppose the address you obtain from your customer is in your local area, but the customer has just moved, so the address obtained by your system raises a red flag. Your procedure calls for you to reconcile the discrepancy, and your technique for doing that is to ask the customer about other addresses at which he has lived in the past two years. If one of the addresses he supplies agrees with the address reported by your verification system, your procedure allows you to note the discrepancy but accept the customer's identity, all other things being equal. You then have to document that you took that step.

First published on 10/12/09

First published on 10/12/2009

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics