TL;DR: The FDIC clarified that banks can use pre-populated customer information to satisfy CIP requirements, a shift Prove Identity says will reduce onboarding friction and improve fraud controls in digital account opening. The core issue is that identity verification should rely on trusted authentication and review, not manual data entry alone.
At a glance
What this is: The FDIC has clarified its supervisory approach so banks can use pre-filled customer data for CIP, changing how digital onboarding can balance friction, fraud prevention, and inclusion.
Why it matters: This matters because identity practitioners must now align customer onboarding, verification, and fraud controls around trusted data sourcing and confirmation rather than treating manual form entry as a security control.
By the numbers:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
👉 Read Prove Identity's analysis of FDIC guidance on pre-filled CIP data
Context
Digital account opening has always sat at the intersection of identity proofing, fraud control, and customer experience. When banks force customers to retype information that already exists in trusted data sources, they often create avoidable errors and slow down onboarding without materially improving assurance.
The FDIC's clarification changes the governance question for banking IAM teams. The issue is no longer whether data can be pre-filled in principle, but how institutions verify the person behind the transaction, preserve AML and sanctions screening integrity, and document the control rationale for regulators.
Key questions
Q: How should banks use pre-filled customer data without weakening CIP controls?
A: Banks should treat pre-filled data as a source of efficiency, not a source of assurance. The control must still prove who the applicant is through authentication, user confirmation, and evidenceable review. If the workflow cannot show that sequence, pre-fill improves experience but weakens governance rather than strengthening it.
Q: Why does manual data entry not make digital onboarding more secure?
A: Manual entry is not a security control because it only proves that information was typed, not that the actor is legitimate. In fraud scenarios, stolen or synthetic identity data can be entered by the wrong person and still pass superficial checks. Security teams should focus on authenticated confirmation and downstream screening integrity instead.
Q: What breaks when banks reuse legacy CIP assumptions in digital account opening?
A: Legacy assumptions break when the control model treats form completion as proof of identity or assumes that a previous verification step can be inherited without reassessment. That creates control reuse risk across account types and can leave AML and sanctions screening detached from the actual applicant.
Q: Who is accountable when pre-filled identity data leads to a bad onboarding decision?
A: The institution remains accountable because regulatory relief on data sourcing does not remove the need for a defensible control design. Banks must be able to explain how the applicant was authenticated, how populated data was confirmed, and how screening remained effective despite the reduced friction.
Technical breakdown
Trusted data sources versus manual entry in CIP workflows
Customer Identification Program workflows historically assumed that customers would provide their own identity data directly and that the quality of the control depended on the input step. In digital banking, that assumption breaks down because pre-existing trusted data sources can reduce error without reducing assurance, as long as the institution still performs independent confirmation and authentication. The critical distinction is between data provenance and identity verification. CIP is concerned with who the customer is, not whether a form was typed by hand or populated from a trusted source.
Practical implication: separate data sourcing controls from identity verification controls in onboarding design and audit evidence.
Why stronger authentication matters more than form friction
A pre-filled application does not remove the need to prove that the applicant is the rightful actor. The operational risk is not the use of third-party data itself, but treating that data as a substitute for authentication. In fraud-heavy environments, pristine but stolen identity data can satisfy basic data-entry checks while the real actor bypasses scrutiny. That is why the control stack must combine pre-fill, review, and step-up authentication rather than rely on knowledge-based or manual completion patterns.
Practical implication: pair pre-filled onboarding with step-up verification and clear user confirmation before account creation.
How pre-filled CIP affects AML and sanctions screening quality
The blog's key point is that better onboarding should improve, not weaken, downstream financial crime controls. If identity proofing is weak or based on easily abused data entry patterns, AML and sanctions screening may be triggered for the wrong person or miss the actual risk actor. Pre-fill can reduce false friction, but only if the institution preserves the sequence: authenticate, confirm, then screen. That sequencing matters because onboarding controls and financial crime controls are mutually dependent, not interchangeable.
Practical implication: review onboarding workflows for control sequencing so AML and sanctions screening operate on the verified applicant, not just the typed data.
Threat narrative
Attacker objective: The attacker aims to open an account under a clean identity profile and use that account to move funds or access financial services without triggering effective fraud controls.
- Entry occurs when an attacker uses stolen but plausible personal information during digital account opening or identity verification.
- Escalation occurs when weak onboarding checks accept the applicant based on data entry alone rather than verified authentication and trusted confirmation.
- Impact occurs when a fraudulent account is opened successfully and downstream AML or sanctions screening is applied to the wrong identity, weakening detection and compliance outcomes.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- ASP.NET machine keys RCE attack — 3,000+ exposed ASP.NET machine keys enabled remote code execution.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Pre-filled CIP is really a trust-routing problem, not a convenience feature. The blog is correct to move the debate away from where customer data comes from and toward how banks establish confidence in the applicant. In identity terms, the challenge is deciding which source of truth the control stack should trust at each step. Practitioners should treat this as an onboarding assurance design issue, not a UI preference.
Manual form completion was never a reliable security boundary. Typing data into a field does not prove identity, and it can create a false sense of control in fraud-heavy channels. This is especially relevant where stolen but valid identity data is abundant. The implication is that banks must separate friction reduction from assurance, because reducing effort is not the same as improving verification.
Inherited verification logic creates governance debt across account types. The article's discussion of legacy CIP interpretation shows how regulators and institutions can end up carrying old assumptions forward into new digital products. That pattern matters because control design often lags product architecture. Practitioners should recheck where verification is reused, inherited, or implicitly carried across products, then validate that the risk model still holds.
Authentication, not data origin, is the durable control primitive for digital onboarding. Strong identity proofing should answer whether the person behind the session is legitimate, not whether a dataset came from a bank, bureau, or application form. This aligns with broader IAM practice in which identity assurance, step-up authentication, and reviewable evidence matter more than the source label on the data. Practitioners should anchor CIP design to authenticated confirmation and downstream control integrity.
From our research:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, 38% have no or low visibility, and a further 47% have only partial visibility, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
- For a deeper view of lifecycle risk, see Ultimate Guide to NHIs , Key Research and Survey Results, where NHIMG tracks how confidence gaps persist across identity programmes.
What this signals
Pre-filled onboarding will force IAM teams to prove the difference between data provenance and identity assurance. Banks that treat data sourcing as a control will struggle to satisfy auditors once fraud patterns shift toward cleaner but stolen identity records. The governance challenge is not less verification, but better sequencing of authentication, confirmation, and screening.
With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, identity teams should recognise the same structural problem in adjacent programmes: trusting external data does not remove the need to govern what the control chain actually proves.
The broader signal is that customer identity and non-human identity programmes are converging on the same design question: what evidence is strong enough to carry trust forward? Banks that can answer that question cleanly will be better placed to reduce friction without eroding control integrity.
For practitioners
- Separate identity proofing from data population Document pre-fill as an efficiency control, not a substitute for CIP verification. Require explicit confirmation of populated fields and preserve evidence that the applicant reviewed the data before submission.
- Add step-up authentication before account creation Use stronger authentication before pre-filled data can be accepted, especially for new deposit accounts and other higher-risk onboarding paths. This reduces reliance on static identity data alone.
- Re-test onboarding fraud assumptions Review whether your current CIP workflow assumes that manual entry equals higher trust. Compare that assumption against synthetic identity fraud, stolen identity reuse, and other cases where clean-looking data still masks the wrong actor.
- Align onboarding with AML and sanctions sequencing Make sure financial crime screening runs on the verified applicant, not just the populated form. If verification and screening are out of sequence, you create a compliance gap even when the onboarding experience feels smooth.
Key takeaways
- The FDIC's clarification changes digital onboarding by allowing banks to use pre-filled customer data for CIP while still requiring identity confirmation.
- The real control issue is not whether data is populated automatically, but whether authentication, review, and screening remain tied to the verified applicant.
- Banks and IAM teams should redesign onboarding so convenience does not replace assurance, especially where stolen or synthetic identity data is a realistic fraud vector.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST SP 800-63, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while GDPR define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST SP 800-63 | SP 800-63A | CIP pre-fill and identity proofing map to identity proofing guidance. |
| NIST CSF 2.0 | PR.AC-1 | The article hinges on verifying identity before granting account access. |
| NIST SP 800-53 Rev 5 | IA-2 | Authentication before account opening is central to the control discussion. |
| GDPR | Art.32 | Identity data handling and verification workflows should preserve security of personal data. |
Review pre-fill processes under Art.32 to ensure identity data is protected during transfer and confirmation.
Key terms
- Customer Identification Program: A Customer Identification Program is the control process a bank uses to form a reasonable belief that a customer is who they claim to be. In digital banking, the programme must connect proofing evidence, authentication, and recordkeeping so convenience features do not dilute assurance.
- Pre-filled Data: Pre-filled data is customer information populated into an application from a trusted source before the user submits it. It reduces friction, but it does not by itself prove identity, so it must be paired with confirmation and authentication controls that establish the applicant's legitimacy.
- Identity Proofing: Identity proofing is the process of collecting and checking evidence to establish that a person is real and tied to the claimed identity. For financial services, the standard is not just accuracy of data, but whether the evidence chain can withstand fraud, synthetic identities, and regulatory review.
- Sanctions Screening: Sanctions screening is the control that checks whether a customer matches restricted-party or prohibited-activity lists. Its value depends on upstream identity confidence, because screening the wrong person, or a poorly verified identity, weakens both compliance and fraud detection outcomes.
What's in the full article
Prove Identity's full blog covers the operational detail this post intentionally leaves for the source:
- The exact FDIC language change and how Prove interprets its supervisory impact on CIP workflows.
- The way Prove Pre-fill® is positioned for deposit account opening and customer confirmation flows.
- The banking-specific fraud and inclusion arguments used to support pre-filled onboarding.
- The original public comment context, including the RFI timing and interpretive change history.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org