OneID® | News and Events

How to Reduce KYC False Positives (and the Bigger Problem: False Rejections)

Written by The OneID Team® | 17/07/26 09:33

Stop failing good customers at the identity check

In AML, a false positive is a screening alert, a sanctions, PEP or adverse-media name match that turns out not to be your customer. Reducing those is a screening job your firm keeps. The problem most onboarding teams actually feel is different: false rejections, where genuine customers fail the identity check because one data source has no record of them.

Both problems cost money. They cost it in opposite ways, and the fix for one does nothing for the other. Getting the two straight is the difference between tuning a screening system and recovering revenue you are losing at onboarding.

What is a KYC false positive?

A KYC false positive is a screening alert that, on review, is not a genuine match. Your screening system flags a new customer against a sanctions, PEP or adverse-media list, an analyst checks it, and the person turns out to be someone else who happens to share a name. The customer was always legitimate. The system over-flagged.

The management of these alerts sits at the centre of any sanctions screening control framework. Industry guidance treats whitelisting, the use of ancillary identifiers such as date of birth and nationality, and the discounting of weak name matches as core screening disciplines.

Why do false positives happen in AML screening?

Name-based screening is noisy by design. It is built to catch every plausible match, so it flags common names, transliterated names, and records that share only a partial identifier. The large majority of alerts on legitimate customers clear as no match once an analyst reviews them.

Every one of those alerts still has to be worked. That is the cost of a screening false positive: analyst hours spent confirming that a real customer is not a listed person. Reducing it is a matter of better screening logic, richer identifiers and disciplined whitelisting. It is a screening problem, and it stays with your firm.

False positive or false rejection: which problem do you actually have?

If your cost is analysts clearing alerts, you have a screening false-positive problem, and the answer is screening tuning. If your cost is genuine applicants dropping out at the identity step, you have a false-rejection problem, and the answer is how you verify identity. These are near-opposite failure modes. One over-flags people who should pass. The other under-passes people who should never have failed.

The table below separates them cleanly.

 

Screening false positive

Identity false rejection

What it is

A screening alert that is not a real match

A genuine customer wrongly failed

Where it happens

Sanctions / PEP / adverse-media screening

The identity-verification step

Failure mode

The system over-flags

The system under-passes

Typical cause

Common names, transliteration, thin identifiers

Single data source has no footprint for the customer

Who it hits

Legitimate customers sharing a listed name

Thin-file people: younger adults, recent movers, newcomers to the UK

The cost

Analyst hours clearing alerts

Lost good customers, needless manual review

The fix

Better screening logic, identifiers, whitelisting

Match across two or more independent data sources

Does KYC Match address it?

No, screening stays with your firm

Yes, this is what KYC Match does

Why do genuine customers get wrongly rejected at the identity check?

A false rejection happens when a real customer fails a check they should have passed. The most common cause is a verification design that relies on a single data source. If that source has no footprint for the customer, the check fails, regardless of the person being entirely genuine.

This hits thin-file and no-footprint customers hardest. A single credit reference agency check depends on the applicant having a record at that agency. Younger adults, recent movers and people newly arrived in the UK often do not, so they fail a single-source check despite being real, payable customers.

The scale of the underlying population is easy to underestimate. The FCA's Financial Lives 2024 survey found around 0.9 million UK adults were unbanked in 2024, and that 22% of the 15.3 million adults who applied for a regulated credit agreement in the two years to May 2024 were declined a product. A meaningful minority of legitimate customers carry a light data footprint, and a single-source check is where they fall out.

For the person applying, the experience is worse than a decline. They entered correct details, waited, and were told they could not be verified. Most do not try again. They go to a competitor whose check happened to find them.

How does multi-source matching reduce false rejections?

Matching a customer's name, address and date of birth across two or more independent data sources gives a genuine thin-file applicant more than one chance to be found. A customer invisible to one credit reference agency may be clearly present in mobile network, banking or insurance records. Checking several independent datasets recovers the real customers a single-source check wrongly failed.

This is also the standard the regulations point to. The Money Laundering Regulations 2017 require verifying identity from a reliable source that is independent of the customer, and HMRC guidance indicates a single-source electronic check is not normally sufficient on its own. In practice, firms meet this through the industry "2+2" convention: matching at least two identity attributes against at least two independent, reliable sources. Matching across more sources both satisfies the test and finds more genuine people.

The efficiency gain is distinct from screening. When good customers pass automatically at the identity step, fewer legitimate applicants land in manual review or enhanced due diligence queues. The saving comes from keeping real customers out of needless manual review, which is a different mechanism from clearing screening alerts. Keep the two efficiency stories separate, because they draw on different budgets and different teams.

Does reducing false rejections increase your risk?

No. Multi-source matching separates genuine thin-file customers, who are recoverable, from records that are genuinely absent or suspect, which are correctly failed. Recovering the first group does not mean passing the second.

In one Tier-1 gaming operator's data, a CRA-only 2+2 check failed almost 30% of new customers. A second pass across additional independent sources found data on 55% of those failures, while 45% still had no footprint at all. Around half of the previously failed customers were onboarded, and the records with no footprint were correctly not passed.

The point holds beyond gambling. Adding independent sources does not lower the bar. It finds the real people a narrow check was missing, while the genuinely unverifiable stay unverified.

Where does OneID KYC Match fit, and what stays with your firm?

KYC Match performs the identity-matching step. It returns a configurable count of independent data-source matches on name, address and date of birth, across banks, mobile networks, insurance data, public-sector data, finance applications and credit reference agencies, so you can run a second check on the customers a single source failed. It runs as a real-time API or as a batch data wash across a back-book.

It does not do sanctions or PEP screening, so it neither creates nor clears screening false positives. Your firm keeps the wider customer due diligence: risk assessment, screening, source of funds where required, and ongoing monitoring. KYC Match reduces false rejections at the identity step. It does not discharge the rest of your programme.

OneID is a digital verification services provider, certified under the UK's Digital Verification Services Trust Framework.

You can run 1,000 records through KYC Match for free and compare the results against your existing provider. Send the records, see how many previously failed customers a multi-source check recovers, and decide from the evidence. Contact OneID to set up the comparison.

FAQ

What does false positive mean in KYC/AML?

A false positive is a screening alert, a sanctions, PEP or adverse-media name match, that turns out not to be your customer once reviewed. The system flagged a legitimate person by mistake. Clearing these alerts is a screening task, separate from identity verification.

What is the difference between a false positive and a false rejection?

A false positive is a screening system flagging a legitimate customer as a possible match to a watchlist. A false rejection is the identity-verification step failing a genuine customer because the data source checked has no record of them. One over-flags, the other under-passes.

How do you reduce false positives in AML screening?

You reduce screening false positives through better screening logic, richer identifiers such as date of birth and nationality, alias tuning, and disciplined whitelisting of confirmed non-matches. This is a screening-configuration task. Identity-matching tools, including KYC Match, do not perform screening and do not affect these alerts.

Why are thin-file customers rejected by KYC checks?

Thin-file customers hold little or no record at the data source a single-source check relies on, typically one credit reference agency. Younger adults, recent movers and people new to the UK often have no footprint there, so a single-source check fails them despite being genuine, verifiable people.

Can multi-source identity matching reduce KYC false rejections?

Yes. Matching name, address and date of birth across two or more independent data sources gives a genuine customer more than one chance to be found. A customer invisible to one source may be present in mobile, banking or insurance data, so multi-source matching recovers customers a single-source check wrongly failed.

Does OneID KYC Match do sanctions or PEP screening?

No. KYC Match performs the identity-matching step only. It does not screen against sanctions, PEP or adverse-media lists, and it does not create or clear screening false positives. Your firm keeps screening, risk assessment, source of funds and ongoing monitoring.