A meaningful share of the people trying to open an account with you are real, eligible customers who fail your first identity check. They are not fraudsters. They are recent movers, younger adults, newcomers to the UK, and people who simply do not show up well in credit reference data. When a check returns no match, they get pushed into document uploads and selfie capture, or they give up and go elsewhere. Either way, you lose revenue at the exact moment you were closest to winning it.
KYC Match exists to recover those customers. It runs a second pass over the records that failed first time, checking identity against data sources well beyond the credit reference agencies. The result is a higher verified pass rate, fewer good customers lost to friction, and stronger evidence behind every approval. This page explains what KYC Match is, how the “2+2” check works, what data it draws on, what it returns, and how to test it against your current provider for free.
What is KYC Match?
KYC Match is an electronic identity-matching service that confirms a customer’s name, address and date of birth against multiple independent, reliable data sources. It returns a configurable count of source matches so you can meet, and exceed, the KYC “2+2” benchmark. It runs in real time during onboarding or in bulk across an existing dataset, and it reaches data the credit reference agencies do not hold.
A Head of Product or growth lead reads this as recovered onboarding. An MLRO reads it as broader, higher-quality match evidence on file. Both get the same outcome: more real customers verified, and each approval resting on stronger proof.
What is the KYC 2+2 rule, and how do you meet it?
“2+2” is an industry convention, not a rule written into law. The Money Laundering Regulations 2017 require firms to verify a customer’s identity using information from a source independent of the customer (Regulation 28). In practice, electronic verification satisfies that requirement by matching at least two identity attributes against at least two independent, reliable data sources. That is the “2+2” convention.
The two common ways to satisfy it are matching name and address across two separate sources, or matching name and address from one source and name and date of birth from another. HMRC’s guidance is the benchmark here: an electronic check should draw on data from more than one source, and a single-source check is not normally enough on its own (HMRC ECSH33357). JMLSG industry guidance sets the same expectation. KYC Match is built around this standard, and lets you configure the number of matching sources you require.
What data sources does KYC Match use beyond credit reference agencies?
Credit reference data is one input, not the whole picture. Many legitimate customers have thin credit files or no footprint at all, so a CRA-only check misses them. KYC Match widens the net to find the people who are genuinely there but invisible to a single dataset.
It matches identity attributes across:
- UK banks
- Mobile network operators
- Insurance policy and claims data
- Public sector records
- Finance and credit applications
- Credit reference agencies
You choose which sources to include and in what combination. Adding independent sources beyond the CRAs is what raises the chance of hitting 2+2 on the customers a standard check leaves behind.
What does KYC Match return?
KYC Match returns match counts rather than a single pass or fail flag, so you can see exactly how strong each result is and apply your own threshold. It reports how many sources confirmed each combination of attributes, plus a distinct count of matches across all sources. This gives compliance teams defensible, explainable evidence and gives product teams a clear basis for setting their own pass rules.
The return values are:
|
Return value
|
What it confirms
|
Plain meaning
|
|
NAD
|
Name, address and date of birth
|
The fullest match. All three attributes confirmed at the source.
|
|
NA
|
Name and address
|
Two attributes confirmed, without date of birth.
|
|
ND
|
Name and date of birth
|
Two attributes confirmed, without address.
|
|
Distinct count
|
Unique matches across all sources
|
The total number of independent sources that returned a match, used to judge 2+2.
|
You set the threshold that counts as a pass for your risk appetite. A high-assurance flow might require two or more NAD matches; a lighter check might accept a distinct count that clears 2+2. That configurability is what lets the same service support different sectors and risk tiers without changing the integration.
What is a second wash or data wash, and when do you need one?
A “data wash” is a second pass over the records that failed first time, checked against additional independent sources to find the matches the first check missed. “Data wash” and “second wash” are terms used by us and across the industry rather than regulatory language. The formal concept is batch screening or KYC remediation. It is not a regulator-recognised process in itself, so treat the names as plain description rather than a compliance label.
You need a second wash in two situations. The first is at onboarding, when a customer fails a CRA-only check but is almost certainly genuine, and you want to recover them before escalating to document capture. The second is across an existing book, when you want to re-check customers who were onboarded on thinner evidence, or fill gaps ahead of an audit. KYC Match supports both, which is where its two delivery modes come in.
API or batch: how is KYC Match delivered?
KYC Match comes in two delivery modes: a real-time API and a batch data wash. It runs alongside bank-based verification, or on its own as the KYC Match Data Service using customer-supplied data. The data service suits firms that cannot use bank authentication, need to verify at volume, or want to strengthen an existing KYC and AML process.
One mode is a real-time API. It fits into your onboarding flow and runs a second wash the moment a customer fails the first check, so recovery happens inside the same session. The customer experience stays quick. The person on the other end taps through, the additional check runs in the background, and they are onboarded without being sent off to photograph a passport.
The other is a batch data wash. You send a file of records and receive the match counts back across the whole set. This is the mode for bulk remediation, periodic re-checks, and the free comparison described at the end of this page. It uses the same matching engine and the same return values, just at a larger scale.
Proof: a Tier-1 gaming operator recovered around half its failed customers
A Tier-1 gaming operator was failing CRA-only 2+2 on almost 30% of new customers. That is a large group of would-be players blocked or pushed into friction at registration, in a sector where conversion at onboarding is hard-won.
A second wash on those failures found data on 55% of the sample: 25% matched to one source, 15% to two, and 15% to three or more. The remaining 45% had no footprint at all, the genuinely high-risk segment that can include synthetic or under-age applicants, exactly the group a compliance team wants to isolate. Around half of the previously failed customers were then onboarded, an overall 15% uplift in new-customer onboarding. The operator recovered real revenue and got a sharper view of the risky minority at the same time.
This is OneID’s own case study, kept anonymous at the operator’s request.
KYC Match is part of OneID, a digital verification services provider certified under the UK’s Digital Verification Services Trust Framework. It works as an optional add-on across OneID’s identity products, so the second-wash capability sits inside the same integration you use for verification rather than bolting on as a separate system.
Who is KYC Match for?
KYC Match suits regulated, high-volume onboarders where thin-file and no-footprint customers strain a CRA-based check. Gambling and fintech are the clearest fit, alongside crypto, lending and any business that loses good customers at the identity step.
In gambling, licensees must verify name, address, date of birth and age before a customer can deposit or play (LCCP 17.1.1), and financial vulnerability checks lean on credit-style data (LCCP 3.4.4). Thin-file players strain both, so a second wash recovers eligible players without weakening the controls. In fintech and lending, the same pattern shows up with younger and newer-to-country customers. The thin-file population is not a fringe case: gov.uk and FCA financial-inclusion work estimates around 7.1 million UK adults are financially excluded, roughly one in seven, which is a large pool of potentially good customers a single dataset cannot see.
Does KYC Match cover all of your customer due diligence?
KYC Match performs the identity-matching step. It is not a substitute for your full customer due diligence. Your firm keeps responsibility for risk assessment and ongoing monitoring, plus source of funds where required, and remains liable for meeting its obligations.
This matters under the current framework. The gov.uk guidance on using digital identities with the Money Laundering Regulations (26 February 2026) confirms that a certified Digital Verification Services provider is a reliable, independent source for the identity step. The firm still owns the rest of CDD. KYC Match gives you stronger, more defensible evidence for the part it covers, and slots into the wider process you already run.
How can I compare KYC Match against my current provider for free?
You can run 1,000 records through KYC Match for free and compare the results directly against your existing provider. Send the name, address and date of birth for the records you want tested. You get back the match counts across the configured sources, set against your current pass rate, so you can see in plain numbers how many more customers KYC Match would recover.
It is a low-risk way to find out what a second wash is worth on your own data before you commit to anything. The records that failed your current check are the most revealing test, because that is where recovery happens. To set it up, contact OneID and ask for a free 1,000-record comparison.
Frequently asked questions
What is KYC Match? KYC Match is an electronic identity-matching service that confirms a customer’s name, address and date of birth against multiple independent data sources beyond the credit reference agencies. It returns a configurable count of source matches so you can meet and exceed the 2+2 benchmark, in real time or in bulk.
Is the KYC 2+2 rule a legal requirement? No. 2+2 is an industry convention, not a term written into law. The Money Laundering Regulations 2017 require identity verification against a source independent of the customer (Regulation 28). The 2+2 convention is how electronic checks meet that in practice, matching two attributes across two independent, reliable sources, in line with HMRC and JMLSG guidance.
How is KYC Match different from a credit reference agency check? A CRA check uses credit data from a single category of source, so it misses thin-file and no-footprint customers. KYC Match matches identity across banks, mobile networks, insurance, public sector and finance data as well as CRAs, which recovers genuine customers a CRA-only check cannot find.
What is a KYC data wash? A data wash, or second wash, is a second pass over records that failed the first check, run against additional independent sources to find the matches that were missed. It can run in real time at onboarding or as a batch over an existing dataset. The names are industry terms; the formal concept is batch screening or KYC remediation.
What does NAD, NA and ND mean in a KYC Match result? NAD means name, address and date of birth all matched at a source. NA means name and address matched. ND means name and date of birth matched. A distinct count shows how many independent sources returned a match, which is what you read against the 2+2 benchmark.
Does KYC Match meet all my AML obligations? No. KYC Match covers the identity-matching step. Your firm keeps responsibility for risk assessment and ongoing monitoring, plus source of funds where required, and stays liable overall. A certified Digital Verification Services provider is a reliable, independent source for the identity step under current gov.uk guidance.
How do I test KYC Match on my own data? Contact OneID and ask for a free 1,000-record comparison. You send name, address and date of birth for the records you want checked, and you get back the match counts against your current pass rate, so you can see how many more customers KYC Match would recover.
- The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 28 (customer due diligence measures).
- HMRC Economic Crime Supervision Handbook, ECSH33357 (electronic verification and use of multiple data sources).
- gov.uk, “Using digital identities with the Money Laundering Regulations” (26 February 2026).
- gov.uk and FCA financial inclusion data (financially excluded UK adults, approximately 7.1 million / one in seven).
- Gambling Commission, Licence Conditions and Codes of Practice (LCCP) 17.1.1 (identity, address, date of birth and age verification before gambling) and 3.4.4 (financial vulnerability checks). Recheck thresholds current at publish.
