Loading...
compliance

CIP Customer Identification Verification Checklist

Use this CIP Customer Identification Verification Checklist to confirm the required identity data, verification evidence, screening, and recordkeeping at account opening. It helps document a defensible CIP decision and spot gaps before the account is opened.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Banking · Credit Unions · Fintech · Broker Dealers

Overview

This CIP Customer Identification Verification Checklist is built for reviewing account-opening files against your institution’s Customer Identification Program controls. It walks the reviewer through the opening context, the required identity data, the verification evidence, retention, screening, escalation, and final disposition so the file tells a complete compliance story.

Use it when you need to confirm that a customer’s legal name, date of birth where applicable, address, and identification number were collected and verified before the account was opened. It is also useful when the review must show how documentary or non-documentary verification was performed, whether discrepancies were resolved, and whether any potential government-list match was escalated correctly. The checklist is especially helpful for branch, call center, and digital onboarding files where evidence can be spread across systems.

Do not use it as a substitute for the CIP policy itself, the customer due diligence process, or sanctions screening procedures beyond the scope of your program. If the issue is transaction monitoring, beneficial ownership, or ongoing account activity, a different audit template is more appropriate. This template is focused on the account-opening decision and the records that support it. A common pitfall is marking a file complete because the customer profile exists, even though the source document, verification method, or retention record is missing. This checklist is designed to catch that gap before it becomes an exam finding.

Standards & compliance context

  • This template supports Customer Identification Program expectations under the Bank Secrecy Act framework and related CIP rules used by financial institutions.
  • The checklist is compatible with risk-based procedures that document how identity is collected, verified, and retained for each account opening.
  • If your institution uses sanctions or government-list screening as part of onboarding, document that step separately so CIP evidence is not confused with broader AML screening.
  • Retention fields should align with your written policy and recordkeeping obligations so examiners can trace the source evidence behind the identity decision.
  • Customize the checklist to reflect your product mix, delivery channel, and any enhanced procedures for higher-risk customers or non-documentary verification.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Inspection Scope and Account Opening Context

This section anchors the review to the exact opening event, product, and policy version so the rest of the checklist is evaluated against the right CIP requirements.

  • Account opening event and product type identified (weight 2.0)

    Record the account type, channel, and opening date for the file under review.

  • CIP policy version referenced for review (weight 2.0)

    Identify the internal CIP policy, procedure, or SOP version used for this account-opening review.

  • Inspector confirmed review scope includes 31 CFR 1020.220 (critical · weight 6.0)

    Verify the inspection is being performed against the institution’s CIP requirements under 31 CFR 1020.220.

Required Customer Identity Information

This section confirms the minimum identity data was collected for the customer type and that no required field was skipped or left ambiguous.

  • Customer legal name collected (critical · weight 7.0)

    Verify the file contains the customer’s full legal name as required by CIP.

  • Date of birth collected for individual customer (critical · weight 6.0)

    Verify date of birth was collected for an individual customer where applicable.

  • Residential or business address collected (critical · weight 6.0)

    Verify the customer address was collected in accordance with CIP requirements and internal procedures.

  • Identification number collected (critical · weight 6.0)

    Verify the file contains an identification number such as SSN, TIN, passport number, or other permitted identifier as applicable.

Verification Method and Evidence

This section shows how the institution verified the identity data and whether the evidence actually supports the decision to open the account.

  • Documentary verification used and documented (critical · weight 7.0)

    Select the primary verification method used for identity verification.

  • Identity evidence supports the customer information collected (critical · weight 8.0)

    Verify the evidence reviewed reasonably supports the name, date of birth, address, and identification number on file.

  • Exceptions or discrepancies were resolved before account opening (critical · weight 5.0)

    Verify any mismatch, deficiency, or non-conformance was resolved or escalated before the account was opened.

  • Verification completed within required timeframe (critical · weight 5.0)

    Verify identity was verified within the institution’s CIP timeframe for account opening and any provisional account controls.

Recordkeeping and Retention

This section matters because a valid CIP decision still fails if the source records, images, or retention details cannot be produced later.

  • CIP records retained in accordance with policy (critical · weight 7.0)

    Verify required CIP records are retained and retrievable per policy and regulatory requirements.

  • Verification source documents or data captured (critical · weight 6.0)

    Verify the file includes the source documents, system records, or verification results used to support the identity decision.

  • Record retention period documented (weight 7.0)

    Enter the retention period applied to the CIP record in months.

Screening, Escalation, and Final Disposition

This section documents how alerts or potential matches were handled and whether the final CIP decision was properly closed out.

  • Customer screened against government lists when required (critical · weight 6.0)

    Verify the customer was screened against applicable government lists or sanctions/watchlist controls per institution procedure.

  • Potential match or alert escalated appropriately (critical · weight 6.0)

    Verify any alert, potential match, or exception was escalated to compliance or the designated reviewer.

  • Final CIP decision documented (critical · weight 4.0)

    Select the final disposition of the CIP review.

  • Corrective action required for deficiencies (weight 4.0)

    Indicate whether any deficiency, non-conformance, or control gap requires corrective action.

How to use this template

  1. Start by identifying the specific account opening event, product type, and CIP policy version so the review is tied to the correct onboarding rule set.
  2. Check that the file contains the required customer identity elements for the customer type, including legal name, date of birth when applicable, address, and identification number.
  3. Review the verification method and supporting evidence to confirm the identity data was validated before the account was opened and that any discrepancies were resolved.
  4. Confirm the recordkeeping section shows the source documents or data captured, the retention method used, and the retention period required by policy.
  5. Verify screening, escalation, and final disposition entries to ensure any potential match or alert was routed, documented, and closed with a clear CIP decision.
  6. Record deficiencies, assign corrective action to the responsible owner, and note whether the issue affects the account opening decision or only the supporting documentation.

Best practices

  • Tie every review to the exact account opening date and product so you can assess whether the correct CIP workflow was used.
  • Require evidence, not just a system flag, for identity verification and note the source document or data source that supported the decision.
  • Treat missing or inconsistent identity fields as a deficiency until the file shows how the issue was resolved before opening.
  • Photograph or attach the source document reference at the time of review when your process allows it, rather than reconstructing the file later.
  • Separate screening issues from identity verification issues so a potential list match does not get buried inside a general CIP pass/fail result.
  • Use the same pass, fail, or exception logic across sampled files so reviewers apply the checklist consistently.
  • Escalate unresolved discrepancies immediately, because an account opened before resolution is a common compliance failure.

What this template typically catches

Issues teams running this template most often surface in practice:

Date of birth or address is missing from the file even though the customer profile was created.
The identification number was collected but the reviewer cannot find evidence that it was verified against a source document or data source.
The account was opened before a discrepancy in the name, address, or identification number was resolved.
The file shows screening occurred, but the potential match was not escalated or the resolution is undocumented.
Source documents were reviewed at onboarding but the retention record or image is missing from the file.
The reviewer cannot tell whether documentary or non-documentary verification was used because the method was not recorded.
The final CIP decision is marked complete, but the supporting rationale for an exception is absent.

Common use cases

Branch Compliance Reviewer
A branch operations reviewer samples new consumer deposit accounts to confirm the teller or banker collected the required identity elements and retained the source document images. The checklist helps the reviewer separate a documentation gap from a true verification failure.
Digital Onboarding QA Analyst
A QA analyst reviews online account openings where identity data is pulled from a mix of customer entry and third-party verification tools. The checklist captures whether the system evidence supports the CIP decision and whether exceptions were resolved before funding.
BSA/AML Audit Lead
An audit lead tests a sample of business accounts to confirm the institution followed its CIP procedures and retained the required records. The checklist provides a repeatable way to document findings, exceptions, and remediation ownership.
Operations Manager Handling Exceptions
An operations manager uses the checklist after a failed identity match or incomplete application to decide whether the account can proceed. The template helps document escalation, resolution, and final disposition in one place.

Frequently asked questions

What does this CIP checklist actually cover?

This checklist covers the core controls used to verify a customer’s identity at account opening: legal name, date of birth when applicable, address, identification number, verification method, screening, and recordkeeping. It is designed to document whether the institution followed its CIP process for the specific account opening event under review. It does not replace the underlying CIP policy or the customer due diligence process. Use it as the inspection record for one account-opening decision or a sampled set of openings.

When should this checklist be used?

Use it during account opening reviews, periodic compliance testing, internal audits, or file sampling after a CIP exception. It is especially useful when a new product, channel, or onboarding workflow is introduced and you need to confirm the identity controls still work as intended. It can also be used after a suspected false match, missing document, or delayed verification event. If the review is about ongoing monitoring rather than onboarding, a different template is usually a better fit.

Who should complete this checklist?

A compliance analyst, BSA/AML reviewer, internal auditor, or trained operations supervisor typically completes it. The reviewer should understand the institution’s CIP policy and be able to assess whether the evidence in the file supports the identity decision. If a deficiency is found, the checklist should route the issue to the appropriate owner for remediation. It is not meant to be completed by the customer or by an untrained frontline user without review.

Does this template align with regulatory expectations?

Yes, it is structured around the Customer Identification Program requirements used by financial institutions, including the general expectations in the Bank Secrecy Act framework and related CIP rules. It also supports auditability by capturing what was collected, how it was verified, and whether exceptions were resolved before account opening. The checklist should be customized to your institution’s risk-based CIP procedures and product-specific rules. It is not legal advice, but it helps document compliance in a way examiners can follow.

What are the most common mistakes this checklist helps catch?

Common issues include missing date of birth or address fields, weak or undocumented verification evidence, and accounts opened before discrepancies were resolved. Reviewers also find cases where the identification number was collected but not validated against the source document or data source. Another frequent gap is incomplete retention of the source document or verification record. This template makes those failures visible in one pass instead of leaving them buried in the account file.

How often should CIP files be reviewed with this checklist?

That depends on your testing plan, but many institutions use it for every sampled account in a monthly or quarterly compliance review. It is also appropriate for ad hoc reviews when a control failure, complaint, or alert suggests a possible CIP breakdown. The key is consistency: use the same checklist criteria across the same product or channel so results are comparable. If your onboarding process changes, update the review cadence to include the new workflow early.

Can this checklist be customized for different account types or channels?

Yes, and it should be. You can add fields for consumer versus business accounts, branch versus digital onboarding, non-documentary verification methods, or special handling for foreign identification. You can also tailor the escalation section to your internal alerting and case management process. The core identity elements should stay intact, but the evidence expected may differ by product and risk level.

How does this differ from an ad hoc file review?

An ad hoc review often relies on memory and inconsistent notes, which makes it hard to prove what was checked or why a file passed. This checklist forces the reviewer to capture the required identity elements, the verification method, the timing, and the final disposition in a repeatable format. That makes trends easier to spot and remediation easier to assign. It also creates a cleaner audit trail for examiners and internal QA.

Related templates

Inspections

HMDA LAR Pre-Submission Audit

Audit HMDA LAR entries against source loan files before filing so you can catch mismatches, docum...
Inspections

Regulation Best Interest (Reg BI) Disclosure Documentation Checklist

Use this Regulation Best Interest (Reg BI) Disclosure Documentation Checklist to verify that each...
Inspections

FDIC/NCUA Examination Preparation Request Package Checklist

Use this checklist to assemble an FDIC or NCUA examiner request package with the right board mate...
Inspections

ATM Surprise Balance Audit

Use this unannounced ATM balance audit template to verify cash on hand against system totals, doc...
Inspections

Branch Physical Security and Alarm Test Inspection

Use this branch physical security and alarm test inspection to verify doors, locks, cameras, pani...
Forms

AML Customer Due Diligence and Risk Rating Worksheet

Assess a new customer’s source of funds, point of origin, and AML risk rating in one worksheet. U...
Sop

Beta Program Operations SOP

Beta Program Operations SOP template for defining a cohort, onboarding participants, collecting f...
Hr Policy

Open Source Software Use Policy

Open Source Software Use Policy template for reviewing, approving, using, and attributing open so...

Go deeper on the topic

Related concepts
  • Predictive Scheduling Law
    Predictive scheduling laws — also called fair workweek laws or secure scheduling — require employers in covered industries to publish employee schedules...
  • Overtime Calculation
    Overtime calculation is the process of applying federal, state, local, and contractual rules to hours worked to determine the correct pay — including...
  • Near-Miss Reporting
    A near-miss is an event that could have caused injury or damage but didn't — a slip that didn't fall, a load that shifted but didn't drop, a machine that...
  • Lockout/Tagout
    Lockout/tagout (LOTO) is the procedure for controlling hazardous energy — electrical, hydraulic, pneumatic, mechanical, thermal, chemical — before...
Related guides

Ready to use this template?

Get started with MangoApps and use CIP Customer Identification Verification Checklist with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate