The Customer Identification Program (CIP) regulations provide specific guidance on developing policies for opening new corporate accounts. They require that you have a policy which requires you to collect the following information from customers: (1) name, (2) date of birth (for individuals), (3) address (principal place of business, local office, or other physical location), and (4) taxpayer identification number. 31 CFR 1020.220(a)(2)(i). Your policy must then provide for verifying that information, either by documentary or non-documentary methods (but not necessarily both). If you use documentary methods, you must review “documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or trust instrument.” 31 CFR 1020.220(a)(2)(ii)(A)(2). You can also provide for nondocumentary methods of verification, such as comparing the customer’s information with a public database (like the Secretary of State website), checking references with other financial institutions, and reviewing a financial statement. 31 CFR 1020.220(a)(2)(ii)(B)(1).
In addition, we recommend that you adopt a policy that requires you to file a corporate authorization and signatures in business (and not-for-profit) customers’ accounts. Your policy can provide for collecting additional information; for example, some banks call the customer’s principal place of business to confirm the information on the corporate authorizations. Illinois courts read deposit agreement as creating an implied duty of care on the part of banks in handling customers’ accounts and in paying checks. Continental Cas. Co., Inc. v. Am. Nat. Bank and Trust Co., 329 Ill.App.3d 686 at 698. If you have a suspicion that someone is embezzling from a customer, you may be required to file a Suspicious Activity Report. 31 CFR 1020.32012 CFR 208.62.