On July 2, 2025, the Office of the Comptroller and the Currency (OCC), along with the Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Administration (NCUA), issued a pivotal exemption to the Customer Identification Program (CIP) Rule. This change allows financial institutions to use third-party sources to obtain a customer’s Taxpayer Identification Number (TIN) including Social Security Numbers (SSN) —instead of collecting it directly from the customer. This exemption represents a significant shift in how financial institutions can meet their obligations under the Bank Secrecy Act (BSA), which established the foundation for customer identification program requirements.
While this exemption offers greater flexibility and privacy in onboarding, it also introduces a new challenge: How can institutions ensure the accuracy of third-party data when the customer never provides it directly?
Highlights
Banks now need accurate, current, and transparent data to verify customer identities effectively.
CLEAR’s ID Confirm and Risk Inform help banks verify TINs/SSNs and detect fraud under the new CIP exemption.
The risk behind the flexibility
The CIP rule still requires banks to form a “reasonable belief” that they know the true identity of each customer. If a third-party source returns an incorrect or conflicting SSN—and the bank has no customer-provided data to verify it—then that belief may not be reasonable at all. This is where data quality becomes not just important, but essential for effective anti-money laundering (AML) compliance programs.
Why data quality is now a compliance imperative
At Thomson Reuters, we’ve long emphasized the importance of high-quality data in investigative and compliance workflows. In fact, in a previous post, we explored how to evaluate a data partner using the CAT principle—Currency, Accuracy, and Transparency.
These three pillars are now more relevant than ever:
- Currency: With onboarding decisions happening in real time, relying on outdated data can result in missed red flags or false positives. Our public records aggregation tools are powered by live data gateways and frequent updates, ensuring you’re working with the most current information available. Timely data is especially critical as today’s sophisticated fraudsters increasingly use AI-driven tools to synthetically create identities, bypass weak CIP processes, and commit financial fraud at lightning speed.
- Accuracy: Public records can be messy. That’s why we leverage advanced entity resolution, AI-driven matching, and human QA processes to reduce errors and improve precision. When appending a Social Security Number from a third-party source, it’s critical to ensure it’s the correct one. Equally important is having tools that can accurately surface serious identity red flags right from the start—this is essential for effective risk mitigation and meeting the expectations of the Financial Crimes Enforcement Network (FinCEN), which oversees BSA compliance.
- Transparency: If you don’t know where the data came from—or when it was last updated—you can’t trust it. Our tools provide full source traceability and timestamping, giving you the confidence to meet regulatory expectations.
How Thomson Reuters supports the new CIP rule
CLEAR, our public records data aggregation platform is uniquely positioned to help financial institutions comply with the new CIP exemption while maintaining strong identity verification standards. We provide:
- Comprehensive identity resolution using robust public records
- Real-time access to SSNs and other identifiers
- Risk-based insights to flag anomalies or potential fraud
- Identity-flags to flush out erroneous and/or conflicting TIN/SSNs
- Audit-ready transparency for compliance teams and regulators
CLEAR: The gold standard in public records research
CLEAR is the industry leader in public records research, offering access to robust public and proprietary data sources that are regularly updated—including many live gateways for real-time data.
CLEAR ID Confirm is a powerful identity verification tool designed to support compliance with the new Customer Identification Program (CIP) rule. It enhances identity validation by appending Social Security Numbers (SSNs) associated with a subject. The tool also includes critical safeguards, such as identity red flags, which highlight potential issues like SSNs linked to multiple individuals or a subject having multiple SSNs.
A standout feature of ID Confirm is its transparency. Users can see exactly where SSNs originate, and which sources are verifying them. This level of visibility empowers banks and credit unions to not only append SSNs but also identify and resolve issues tied to that SSN and/or individual.
CLEAR Risk Inform is the second, equally powerful step in the process. This configurable risk scoring tool distills our comprehensive collection of public records into actionable insights. It includes a synthetic identity category that cross-references key identity metrics to detect inconsistencies—such as duplicate personally identifiable information, or a thin public records profile—helping to prevent synthetic identities and identity theft during onboarding.
By using both ID Confirm and Risk Inform, institutions gain a comprehensive solution: the ability to surface and verify TINs/SSNs while proactively identifying red flags. It’s a one-two punch in the CIP process—enhancing identity verification and fraud prevention in one seamless workflow.
Connecting the dots
The July 2025 CIP exemption doesn’t reduce the need for due diligence—it raises the bar. If your institution is relying on third-party data to verify identity, then your data partner becomes your compliance partner.
Final thoughts
As the regulatory landscape evolves, so must your approach to identity verification. With Thomson Reuters, you can meet the new CIP requirements with confidence—knowing that your data is current, precise, and transparent.
Get the vital information you need for your investigation with Thomson Reuters CLEAR.
Disclaimer
Thomson Reuters is not a consumer reporting agency, and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.
