Who are they? The Auditor’s Expectations – Knowing the Customers and Proving It

Author: Mark E. Wolfrey, CAMS-Audit

How well does your financial institution need to know your customer? All too often, the frustrating answer to this staple of the financial industry is, “it depends upon the customer risk profile,” as risk assessment is subjective. Basic requirements were provided in Section 326 of the USA PATRIOT Act, which is referred to as Customer Identification Program (CIP) Joint Final Rule. CIP outlines minimum identifying information that customers will be required to provide prior to opening an account.

The minimum requirement is the key phrase and the “Rub” in identifying customers. Minimum is never enough. As former President Ronald Reagan said at the signing of the INF Treaty, on December 8 1987, “Trust, but verify.” Verifying that the information provided is correct is required, and is considered basic customer due diligence (CDD). Determining what the person does for a living, how they get their money, and then making sure that the transactions going through their account make sense for the information collected from the customer are all required elements of knowing your customer. CDD for a business is even more significant and includes determining the customer’s expected activity, primary industry and geography, in which they operate, and the types of products and services used by the customer.

Download PDF