Answer by David Dickinson: You only have to get enough verification so that you are reasonably satisfied that the customer is who they say they are. This is the "risk based" part. Because of that, there are no hard and fast rules for this step. You don't have to verify all identification or even two of the four things. No where does CIP say how many forms of ID are required.
Answer by Ryan Rasske: David is correct, there is no regulatory requirement stipulating how many forms of identification your bank must obtain. In fact, your bank could decided not to gather any forms of documentation and rely solely on using non-documentary methods (e.g. Credit bureau) or use a combination of both. Regardless of the verification methods your institution decides to use, the most important step will be your ability to demonstrate to your regulators (1) what method (documentary and/or non-documentary) was used, (2) results of the method used, and (3) how any discrepancies where resolved. Strong record keeping of your verification process will help carry your program a long way.
First published on BankersOnline.com 5/2/05