OneID® | News and Events

What is a KYC data wash (second wash), and when do you need one?

Written by The OneID Team® | 02/07/26 06:59

When a customer fails an identity check, the usual answer is to ask them for documents, or to turn them away. Both options carry a cost. Asking for documents slows onboarding and drops good people at the last step. Turning them away loses customers who were real and verifiable all along, just not against the one source you happened to check.

A data wash gives you a third option. You re-run the records that failed against more independent data sources, before you escalate or reject. Most of the time, a meaningful share of those “failures” match on the second pass. They are customers you would otherwise have lost. Those are customers you would otherwise have lost.

What is a KYC data wash?

A KYC data wash is a second pass over records that did not match first time, run against additional independent data sources to confirm identity. “Data wash” and “second wash” are industry and product terms, not regulatory ones. The formal idea behind them is batch KYC, sometimes called remediation: re-checking a set of records to bring identity coverage up to standard.

Is a data wash a regulatory requirement?

A data wash is a method, not a rule, and no regulation names it. The Money Laundering Regulations 2017 (Regulation 28) require you to verify identity against a source independent of the customer. A data wash is one practical way to do that well, by widening the sources you check against. The obligation sits with the firm, the wash is simply how you meet it more completely.

How is it different from a normal KYC check?

A standard electronic check runs each customer once, often against credit reference data alone. A data wash takes the records that did not pass and checks them again against a broader set of independent sources. Same customers, more data. HMRC guidance states that a single-source check is not normally enough on its own (HMRC ECSH33357), which is the gap a second wash closes.

When do you need a data wash?

You need one whenever a single-source check is rejecting customers you have reason to believe are genuine. Three situations make the case clearly.

  • Thin-file or no-footprint customers. Younger people, recent arrivals to the UK, and anyone with a light credit history often have no record at a credit reference agency, yet plenty of footprint elsewhere. Around one in seven UK adults is financially excluded, so this is a meaningful minority of any consumer book, not an edge case.
  • High first-pass failure rates. If a sizeable share of new customers fail your initial check, the problem is usually the breadth of the source, not the honesty of the customer. A second wash tells you which.
  • An existing back-book to clean up. Records gathered under older or narrower checks can be re-verified in bulk, so your historic data meets the same standard as new onboarding.

What does the end customer experience during a data wash?

Nothing at all. A data wash runs on the name, address and date of birth you already hold. The customer does not upload a document, scan their face, or repeat a single step. Someone who failed a first check at 2am is quietly re-verified against more sources and waved through, without ever knowing there was a question mark over their record.

What are the two ways to run a data wash?

There are two modes, and most firms use both. One handles new customers in the moment. The other handles existing records in bulk.

Real-time second pass at onboarding (API)

When a customer fails the first check during sign-up, an API call runs the second wash immediately, against your chosen additional sources. If they match, onboarding continues without interruption. The customer is not bounced to a document upload or a manual review queue. They simply pass, in the same session, in seconds.

Bulk batch over an existing dataset

For a back-book or a periodic clean-up, you submit a file of records and receive the match results in one batch. This suits firms that cannot use bank-based authentication, need to verify in volume, or want to bring older KYC data up to current standard. It is the form most people mean when they say “data wash”.

What does a second wash actually recover? A worked example

The honest answer is that it depends on your customer base, so here is a real split. A Tier-1 gaming operator was failing credit-reference-only checks on close to 30% of new customers. They ran a second wash on those failures against a broader set of independent sources.

Result of the second wash

Share of failed records

Matched to one independent source

25%

Matched to two independent sources

15%

Matched to three or more sources

15%

Total matched on the second pass

55%

No footprint found (treat as high-risk)

45%

Data was found on 55% of the records that had failed first time. The remaining 45% had no footprint at all, the profile you would expect from a high-risk, possibly synthetic or under-age applicant, which is exactly the cohort you want to hold back. Roughly half the previously failed customers were onboarded, an overall 15% uplift in new-customer onboarding.

The split is what makes the result usable. A second wash separates the genuine customers your first check missed from the records that deserve a closer look, rather than waving everyone through.

Does a data wash cover all your customer due diligence?

No, and it should not be sold as if it does. A data wash performs the identity-matching step: confirming the person is who they say they are, against independent sources. Your firm keeps the rest of customer due diligence, including risk assessment, source of funds where it applies, and ongoing monitoring. Certified digital verification services are a reliable, independent source for the identity step, but the firm remains responsible for the wider checks and ultimately liable (gov.uk, “Using digital identities with the Money Laundering Regulations”, 26 February 2026).

How the second wash widens your sources

A second wash is only as strong as the data behind it. KYC Match runs the identity-matching step across banks, mobile networks, insurance policy and claims data, public sector data, finance applications and credit reference agencies. You choose which sources, in any configuration, which is what lets a thin-file customer match somewhere even when a credit reference agency draws a blank. It returns counts, so you can see exactly how each record matched: name plus address plus date of birth, name plus address, name plus date of birth, and a distinct count across all the sources you used.

KYC Match is part of OneID, a digital verification services provider certified under the UK’s Digital Verification Services Trust Framework.

See what a second wash recovers on your own data

The quickest way to know what a data wash is worth to you is to run one. Send up to 1,000 of your records and run them through KYC Match for free, then compare the match results against your current provider’s pass rate. You see how many previously failed customers would have matched, on your own data, before changing anything. Contact OneID to set up your comparison.

Frequently asked questions

What is a KYC data wash? A KYC data wash is a second pass over records that failed an initial identity check, run against additional independent data sources to confirm identity. It is also called a second wash. The terms are industry and product language, describing the recognised practice of batch KYC or remediation.

What is the difference between a data wash and KYC remediation? They describe the same idea. Remediation is the formal term for re-checking records to bring identity coverage up to standard. “Data wash” and “second wash” are the everyday names for it, often used for a single batch run over failed or historic records.

Is a data wash required by the Money Laundering Regulations? No. The Money Laundering Regulations 2017 require identity to be verified against an independent, reliable source. A data wash is one practical method for meeting that requirement more completely by widening the sources checked.

Can I run a data wash without contacting my customers? Yes. A data wash uses the name, address and date of birth you already hold. The customer does not need to do anything, which is why it works for both real-time onboarding and bulk back-book checks.

Does a data wash replace full customer due diligence? No. It performs the identity-matching step. Risk assessment, source of funds where required, and ongoing monitoring remain the firm’s responsibility.