IBA Compliance Connection

Your go to source for compliance!

What is required under the Customer Identification Program (CIP) rules for a user of a business credit card? We have been getting push back from the employee users of business credit cards because they do not want to provide their name, address, date of birth, and driver’s license number. Are we required to obtain this information from them?

by

admin

No, we do not believe that the CIP rules require your organization to collect identifying information for every individual who uses a business credit card. However, we believe that your bank is permitted to obtain identifying information from such individuals in certain situations described below.

The CIP rules require that you collect certain identifying information from every customer, including business customers. The term “customer” is defined as any “person that opens a new account.” We do not believe that the term “customer” would include an individual cardholder who is authorized to sign on behalf of a customer, and therefore we do not believe that the requirement to collect a customer’s identifying information would extend to an authorized signer.

The FFIEC’s BSA/AML Examination Manual does identify some situations in which it may be advisable to collect identifying information from an account’s authorized signers. The manual’s Customer Due Diligence section states that if a bank determines that a customer presents a higher risk, then “the bank should consider obtaining” information on “individuals with ownership or control over the account, such as beneficial owners, signatories, or guarantors.”

For resources related to our guidance, please see:

  • 31 CFR 1020.220(a)(2)(i) (“The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (a)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum, the following information from the customer prior to opening an account: (1) Name; (2) Date of birth, for an individual; (3) Address . . .; and (4) Identification number. . .”)

  • 31 CFR 1020.100(c)(1)(i) (“Customer means: . . . A person that opens a new account . . .”)

  • FFIEC BSA/AML Examination Manual, Customer Due Diligence – Overview (“The bank may determine that a customer poses a higher risk because of the customer’s business activity, ownership structure, anticipated or actual volume and types of transactions, including those transactions involving higher-risk jurisdictions. If so, the bank should consider obtaining, both at account opening and throughout the relationship, the following information on the customer: . . . Individuals with ownership or control over the account, such as beneficial owners, signatories, or guarantors”)