Let’s set the scene: Your platform has a need for the ability to facilitate the transfer of funds between your users’ U.S. bank accounts. You’re interested in Dwolla. You’re looking at our API documentation and talking to a business development representative, but there’s something you don’t understand…
Your business development representative keeps mentioning CIP verification. What is that? Why is it important? In this post I’ll explain what CIP verification is, where it came from, and why it’s incredibly important for your business to understand if you’re going to deal with payments.
You may be familiar with the USA PATRIOT Act—the “Uniting and Strengthening America by Providing Appropriate Tools to Restrict, Intercept, and Obstruct Terrorism Act” was passed into law in 2001 with the post-9/11 objective of criminalizing the financing of terrorism.
This Act expanded the requirements of all financial institutions and expanded information sharing between the government and financial institutions.
One provision of the USA Patriot Act was the requirement to implement a Customer Identification Program (“CIP”) appropriate for the size and risk of each institution.
Also known more broadly as “KYC”, or “Know Your Customer”, the purpose of performing this due diligence is to verify the identity of individuals wishing to conduct a financial transaction, while also giving a reasonable understanding of the type of activity in which each customer will engage.
So why are we talking about this? When considering a payments integration, CIP verification requirements and processes are unbeknownst to many parties. However, they are an incredibly important piece of the payments puzzle.
Lucky for you, working together with Dwolla’s sophisticated compliance department is part of your Dwolla package.
CIP Verification & Dwolla
It is worth noting that Dwolla is a white labeled product that facilitates bank transfers within your platform.
Through the API, you gather the necessary personal information (and banking information) from your users, all within your branded interface. Then you simply pass the information to Dwolla through the API.
Within Dwolla, when a user successfully completes CIP verification and adds a funding source, that user is created as a Verified Customer Record (learn more about types of customers you can create).
In the case of Dwolla, Verified Customer Records (or VCRs, for short) have the most functionality of any customer type—they can do things like hold a balance and enjoy increased transaction limits.
In order for that user within your platform to become CIP verified, there are guidelines and requirements. The key principle to remember is that in ANY transaction, one party must be CIP verified.
When you think of a transaction between two parties, your customer types can be arranged in a variety of ways, for example:
- If your platform is delivering payouts from your business bank account to your user’s bank accounts, your business will need to undergo CIP verification.
- If you are facilitating payments in a rental marketplace from tenant to landlord, the landlord will need to undergo CIP verification (assuming the tenant has no need to send more than $5,000 per week—learn more about Unverified Customer Records).
- If your platform is approved to offer crowdfunding investments, then all parties within your platform will need to undergo CIP verification.
However, you can always choose to verify the identity of every individual within your platform to reduce risk, which is something we can do as well.
When an individual is going through CIP verification, he or she will need to provide:
- First name, Last name
- Email address
- Physical address
- Date of birth
- Last four digits of SSN
If a business entity needs to undergo CIP verification, Dwolla will need to collect the following information:
- Business Name
- Business EIN
- Authorized representatives:
- First Name, Last Name
- Email Address
- Date of birth
- Last four digits of SSN
When integrating an ACH payments API, you’re operating in a heavily regulated financial space; because of this, collecting the right information from the appropriate parties is imperative.
Dwolla can help you mitigate some of the risk in managing sensitive data – for example, banking information can route directly to Dwolla’s servers rather than hitting your servers directly.
When dealing in payments, confidence is key. You want to feel confident in your solution and payments integration.
At Dwolla, we’ve spent the better part of a decade perfecting our ACH API, we know what it takes to be compliant and productive in this space. We understand that security and compliance are ever-evolving—we take that very seriously and we are committed to staying on top of the industry standard.