LogoRegulatory Alerts
2025-08-05 | FIL-39-2025

FDIC Supervisory Approach Regarding the Use of Pre-Populated Information for Purposes of Customer Identification Program Requirements

The FDIC updates its supervisory approach to permit supervised institutions to satisfy Customer Identification Program (CIP) requirements by using pre-populated customer information during account opening. Institutions must ensure customers can review, correct, and confirm the pre-filled data while maintaining risk-based processes that establish a reasonable belief of customer identity. This interpretation explicitly allows leveraging existing records, affiliates, vendors, or third parties without violating the CIP rule’s mandate to collect identifying information “from the customer.”

Federal Deposit Insurance Corporation logo

United States

Federal Deposit Insurance Corporation

Click to view thumbnail

Supervisory Guidance

August 5, 2025

Share on Facebook

Share on X

Follow the FDIC on LinkedIn

Share through email

Print

Summary: The FDIC is updating its supervisory approach regarding whether an FDIC-supervised institution can use pre-populated customer information for the purpose of opening an account to satisfy Customer Identification Program (CIP) requirements. Statement of Applicability: The contents of, and material referenced in, this FIL apply to all FDIC-supervised financial institutions. Highlights: The CIP rule, 31 C.F.R. § 1020.220, implements Section 326 of the USA PATRIOT Act, which, among other things, requires financial institutions to implement reasonable procedures for verifying the identity of a person seeking to open an account, to the extent reasonable and practicable, and maintain records of the information used to verify a person’s identity. The CIP rule requires an institution to collect certain information from a customer opening an account. It is the FDIC’s position that the requirement to collect identifying information “from the customer” under the CIP rule does not preclude the use of pre-filled information. A commonly encountered example is the opening of an account electronically where fields in a digital form are automatically pre-populated (or “pre-filled”) with a customer’s identifying information. Under the FDIC’s interpretation, a financial institution could use information from current or prior accounts or relationships involving the bank or its agents, or other sources, such as parent organizations, affiliates, vendors, and other third parties to pre-fill information that is reviewed and submitted by the customer. The FDIC considers such information from the customer for purposes of the CIP rule. When examining an FDIC-supervised institution that collects identifying information from a customer where some or all of the information was pre-populated, FDIC examiners will consider the pre-filled information as from the customer provided that (1) the customer has opportunity and the ability to review, correct, update, and confirm the accuracy of the information, and (2) the institution’s processes for opening an account that involves pre-populated information allow the institution to form a reasonable belief as to the identity of its customer and are based on the institution’s assessment of the relevant risks, including the risk of fraudulent account opening or takeover.

FIL-39-2025

Related Topics

Bank Secrecy Act

Contact(s)

Division of Risk Management Supervision

Bank Secrecy Act/Anti-Money Laundering (BSA/AML)

Legal Division

Share