When a customer fails an identity check, the usual answer is to ask them for documents, or to turn them away. Both options carry a cost. Asking for documents slows onboarding and drops good people at the last step. Turning them away loses customers who were real and verifiable all along, just not against the one source you happened to check.
A data wash gives you a third option. You re-run the records that failed against more independent data sources, before you escalate or reject. Most of the time, a meaningful share of those “failures” match on the second pass. They are customers you would otherwise have lost. Those are customers you would otherwise have lost.
A KYC data wash is a second pass over records that did not match first time, run against additional independent data sources to confirm identity. “Data wash” and “second wash” are industry and product terms, not regulatory ones. The formal idea behind them is batch KYC, sometimes called remediation: re-checking a set of records to bring identity coverage up to standard.
A data wash is a method, not a rule, and no regulation names it. The Money Laundering Regulations 2017 (Regulation 28) require you to verify identity against a source independent of the customer. A data wash is one practical way to do that well, by widening the sources you check against. The obligation sits with the firm, the wash is simply how you meet it more completely.
A standard electronic check runs each customer once, often against credit reference data alone. A data wash takes the records that did not pass and checks them again against a broader set of independent sources. Same customers, more data. HMRC guidance states that a single-source check is not normally enough on its own (HMRC ECSH33357), which is the gap a second wash closes.
You need one whenever a single-source check is rejecting customers you have reason to believe are genuine. Three situations make the case clearly.
Nothing at all. A data wash runs on the name, address and date of birth you already hold. The customer does not upload a document, scan their face, or repeat a single step. Someone who failed a first check at 2am is quietly re-verified against more sources and waved through, without ever knowing there was a question mark over their record.
There are two modes, and most firms use both. One handles new customers in the moment. The other handles existing records in bulk.
When a customer fails the first check during sign-up, an API call runs the second wash immediately, against your chosen additional sources. If they match, onboarding continues without interruption. The customer is not bounced to a document upload or a manual review queue. They simply pass, in the same session, in seconds.
For a back-book or a periodic clean-up, you submit a file of records and receive the match results in one batch. This suits firms that cannot use bank-based authentication, need to verify in volume, or want to bring older KYC data up to current standard. It is the form most people mean when they say “data wash”.
The honest answer is that it depends on your customer base, so here is a real split. A Tier-1 gaming operator was failing credit-reference-only checks on close to 30% of new customers. They ran a second wash on those failures against a broader set of independent sources.
|
Result of the second wash |
Share of failed records |
|
Matched to one independent source |
25% |
|
Matched to two independent sources |
15% |
|
Matched to three or more sources |
15% |
|
Total matched on the second pass |
55% |
|
No footprint found (treat as high-risk) |
45% |
Data was found on 55% of the records that had failed first time. The remaining 45% had no footprint at all, the profile you would expect from a high-risk, possibly synthetic or under-age applicant, which is exactly the cohort you want to hold back. Roughly half the previously failed customers were onboarded, an overall 15% uplift in new-customer onboarding.
The split is what makes the result usable. A second wash separates the genuine customers your first check missed from the records that deserve a closer look, rather than waving everyone through.
No, and it should not be sold as if it does. A data wash performs the identity-matching step: confirming the person is who they say they are, against independent sources. Your firm keeps the rest of customer due diligence, including risk assessment, source of funds where it applies, and ongoing monitoring. Certified digital verification services are a reliable, independent source for the identity step, but the firm remains responsible for the wider checks and ultimately liable (gov.uk, “Using digital identities with the Money Laundering Regulations”, 26 February 2026).
A second wash is only as strong as the data behind it. KYC Match runs the identity-matching step across banks, mobile networks, insurance policy and claims data, public sector data, finance applications and credit reference agencies. You choose which sources, in any configuration, which is what lets a thin-file customer match somewhere even when a credit reference agency draws a blank. It returns counts, so you can see exactly how each record matched: name plus address plus date of birth, name plus address, name plus date of birth, and a distinct count across all the sources you used.
KYC Match is part of OneID, a digital verification services provider certified under the UK’s Digital Verification Services Trust Framework.
The quickest way to know what a data wash is worth to you is to run one. Send up to 1,000 of your records and run them through KYC Match for free, then compare the match results against your current provider’s pass rate. You see how many previously failed customers would have matched, on your own data, before changing anything. Contact OneID to set up your comparison.
What is a KYC data wash? A KYC data wash is a second pass over records that failed an initial identity check, run against additional independent data sources to confirm identity. It is also called a second wash. The terms are industry and product language, describing the recognised practice of batch KYC or remediation.
What is the difference between a data wash and KYC remediation? They describe the same idea. Remediation is the formal term for re-checking records to bring identity coverage up to standard. “Data wash” and “second wash” are the everyday names for it, often used for a single batch run over failed or historic records.
Is a data wash required by the Money Laundering Regulations? No. The Money Laundering Regulations 2017 require identity to be verified against an independent, reliable source. A data wash is one practical method for meeting that requirement more completely by widening the sources checked.
Can I run a data wash without contacting my customers? Yes. A data wash uses the name, address and date of birth you already hold. The customer does not need to do anything, which is why it works for both real-time onboarding and bulk back-book checks.
Does a data wash replace full customer due diligence? No. It performs the identity-matching step. Risk assessment, source of funds where required, and ongoing monitoring remain the firm’s responsibility.