Frequently Asked Questions
What is Mirror and what does it do?
Mirror is your first line of defence against fraud, terrorist financing and money laundering. We provide businesses with a comprehensive all-in-one system for KYC and AML, verifying their client's identity and address at source. This is known as Electronic ID and Verification (EIDV).
In addition, Mirror will provide additional searches where required, checking against databases to identify a client who is a risk according to the Anti Money Laundering Regulation 2012 (AML 2017) or that the person has not provided false or inaccurate information such as their registered address.
Mirror provides a regulated business with the technology to know their clients (KYC) and perform the required AML checks simply and efficiently.
What is Client Due Diligence (CDD)?
Client Due Diligence (CDD) describes the steps regulated businesses take to understand and identify who they’re dealing with. Law firms are one example of a regulated business who may have to undertake elements of client due diligence.
CDD is made up of two parts: Know Your Client (KYC) and Anti-Money Laundering (AML) checks. KYC involves verifying your client's identity and address, usually by obtaining identity documents and proof of address from your client. KYC aims to understand who your client is, and if the identity and address they’ve provided to you is genuine and pertains to them. AML checks form the latter part of CDD. These involve checking your client’s provided name (and/or address) against public watchlists, sanctions list and other databases. The result of an AML search is only useful if it’s conducted on the right person, so getting your client’s identity and address verified to a high standard is crucial.
Regulatory bodies like the Solicitors Regulation Authority (SRA) are aware of the many electronic ID and verification (EIDV) tools on the market. There are guidelines available to help law firms select such tools. Mirror is an EIDV tool approved for use in the UK market, evaluated by QC Gregory Treverton-Jones (co-author of The Solicitor’s Handbook, 2019) as ‘superior to traditional methods of verification’. Regulated businesses can confidently use Mirror for both KYC and AML as part of their CDD process, in compliance with UK MLR 2019. Enhanced due diligence (EDD) may include further checks, for example tracing the source of wealth, or source of funds of your client to ensure the money is ‘clean’ and usage legitimate.
Mirror can validate the authenticity of digital documents (like bank statements) used within the EDD process, but we don’t provide a complete EDD solution as of now.
Who needs to undertake CDD and why?
In short, any business subject to the UK’s Money Laundering Regulations (MLR) 2019. A non-exhaustive list of examples includes businesses such as:
• Solicitors, lawyers and conveyancers
• Property dealers including real estate agents
• Accountants and those providing financial or tax advice
• Financial institutions (banks, insurers, reinsurers, payment providers, pension providers)
• Other financial services providers (stock trading apps, cryptocurrency exchanges, investment and banking apps)
• High value dealers (jewellers, watch sellers, art dealers)
The scope of MLRs continues to expand. The UK MLR 2019 implement the EU’s Fifth Money Laundering Directive in the UK (Directive (EU) 2018/843, 5MLD) and now include businesses not previously regulated, such as:
• Tax advisors
• Lettings and Real Estate Agents
• Art market participants (high value dealers selling goods worth €10,000 or higher and their customers)
• Cryptoasset exchange providers
• Custodian wallet providers (for example smartphone-based wallets that safeguard and administer either cryptoassets or private cryptographic keys to hold, store and transfer cryptoassets)
As for ‘when to conduct CDD’, this is a broad question typically evaluated by a compliance expert within a regulated business and CDD is conducted in line with internal compliance policies and the MLRs.
At Mirror, we encourage basic CDD (i.e. identity and address verification) to be completed before a firm enters into a new business relationship. This is for two reasons: firstly it’s simple and affordable enough to use at scale, so you may as well offer your firm the additional protection. Secondly, AML PEP and sanctions screening is only useful if it's run on the right person, so it pays off to get KYC (ID and address) correct as a first line of defence.
What is Electronic Identity and verification (EIDV)?
Electronic identity and verification (EIDV) tools exist to help a firm with KYC and AML as part of CDD. For the most part, they check the authenticity and genuineness of identity and address documents, and whether these pertain to your client.
The SRA defines three main ‘categories’ of EIDV tools:
1) Electronic means to help legal practices verify an individual’s identity
2) Corporate Registry and Beneficial Ownership checkers
3) Electronic tools to screen clients against sanctions, PEP and Adverse Media watchlists
Mirror fits into the first and third categories, but we do not provide enhanced source of wealth and source of funds checks, nor do we provide corporate registry and beneficial ownership checks for clients. Mirror can of course be used for individual PSCs, UBOs and shareholders insofar as verifying their identity and address (this can be an individual or business address). The SRA still holds firms ultimately responsible for their choice of EID&V tool. We know it can be supremely difficult assessing whether a tool actually does what it says on the box, so we have engaged in an independent legal review of Mirror’s dashboard and app platform. QC Gregory Treverton-Jones (co-author of The Solicitor’s Handbook, 2019) reviewed Mirror as ‘superior to traditional methods of verification’ and appropriate for use in the UK. Your firm can rest assured knowing Mirror will spot fraudulent identity and address documents, and run comprehensive AML PEP and Sanctions screening.
What is an AML search?
An AML search is an online check against specific databases, e.g. watchlists and sanctions lists. The purpose of this search is for a regulated business to gain a deeper understanding of their client. Usually, AML searches will look for information relating to:
• Whether your client is a politically exposed person (PEP), the level of exposure they have (e.g. mayor, prime minister, party leader), or if they are relatives or known close associates of PEPs
• Whether your client has sanctions applied to them, or comes from a sanctioned geographic region
• Whether your client has a criminal record
• Additional proof points around your client’s address
At Mirror, we have two types of AML searches available. We have comprehensive PEP and sanctions screening, which is included in all basic CDD searches. We also have ‘third-party’ searches on a client’s credit file, which are primarily used as additional proof points for your client’s address.
While some firms rely entirely on third-party searches (e.g. via SmartSearch, Veriphy) as proof of address, we strongly advise against doing so. These checks merely prove your client is affiliated with an address on other third-party databases with unknown standards – but they don't actually prove your client resides at the address they've given your firm. Mirror’s address verification solution is robust, verifying data at source, vs. comparing that several companies have the same address on file for your client. AML searches do not leave a mark on your client's credit history or report.
Why should I use EIDV?
The simplest answer is that human lawyers, accountants or insurers cannot spot fraudulent identity and address documents as accurately as electronic systems can (if at all). Using EIDV tools eliminates the possibility of human error, both in simple mistakes and in accepting fraudulent documents. These days, even unsophisticated fraudsters can easily provide genuine looking IDs and utility bills. Mirror eliminates the possibility of your firm accepting fraudulent identity documents through biometric verification, usually including an NFC chip scan. This elevates the barrier for fraudsters from PhotoShopping a convincing looking document, to forging a biometric chip – it makes it almost impossible for a fake to get through.
In terms of address verification, Mirror greatly improves security through electronic document validation. We ensure a document is genuine, comes from the expected source (e.g. a utility company, or bank statement) and that it pertains to your client (this is ensured via live login to the proof of address provider). We do all of this in a simple app, ensuring your client can complete end-to-end ID and address verification in under five minutes.
Using EIDV tools also helps safeguard your client's data: firms accepting passport scans or bills over unsecured channels like email run the risk of cyberattacks where client data could be stolen. By getting the client to verify themselves electronically, you also reduce the risk that their documents could be intercepted on their way to you.
Additionally, AML checks performed are only useful if they're performed on the right person, i.e. the identity is correctly verified. By ensuring the ID and address checks are foolproof, Mirror elevates fraud protection even before PEP and sanctions screening, or third-party checks are run.
Why is using Mirror better than checking documents myself?
There is simply no way a human being looking at a document can ensure the document is genuine, pertains to the client, and was not tampered with. Our goal is to elevate compliance standards across the industry, so we rely on electronic verification of data at source. For identity documents, Mirror conducts biometric verification including a liveness check and (usually) an NFC chip scan. Most identity documents contain a biometric chip, which is incredibly difficult to forge convincingly. This elevates the barrier to fraud greatly, and ensures a document is genuine, and has not been tampered with. When we combine chip scans with traditional biometric verification, we ensure the document is in your client's possession and pertains to them.
Mirror also elevates the security of address verification. In today's world, digital documents are commonly the original, so clients often end up sending PDFs of a utility bill or bank statement to their lawyer, or accountant. Unfortunately, this outdated system means a lawyer or accountant has no way of knowing if the provided document is genuine. Mirror electronically verifies the origin of a document, ensuring the domain is as expected and that this domain is tied to a real-world address. We also ensure documents pertain to your client through secure live login. In simple English, this means when your client provides a utility bill from Thames Water, Mirror has electronically verified that the bill comes from Thames Water, and your client legitimately has access to this document via their online account.
How does Mirror save me time and money?
Two ways. For one, we work to actually reduce the risk of fraud, thus saving you from fines, reputational damage and regulatory scrutiny. Second, Mirror's service effectively sells your time back to you at a discounted rate.
Firstly, we automate the process of requesting CDD from your clients (and reminding them about this request), which frees up valuable time that would otherwise be spent emailing back and forth. Secondly, we automate the actual process of checking documents both for identity and address verification. This is far more secure, but creates an incidental cost saving for your business as you do not need personnel physically present, checking documents either in person or via Zoom.
Mirror also saves valuable time at the audit stage. We give you a full automated audit trail that’s always up to date. Mirror can thus pass randomly selected transactions directly to your auditor or regulatory body, and these can be split per business area (e.g. split by departments in the business, or by fee earners). Our automated audit trail also saves you time during internal reports, as no ‘guesstimating’ statistics is required: you know exactly what documents are submitted for ID and address checks, your clients’ average time to completion of CDD, the percentage of results you get that pass instantly vs. require input.
Finally, Mirror does not lock you into long-term contracts lasting several years. We believe once firms have used Mirror, there is no going back to traditional ‘broken’ compliance systems, so we price per check and via monthly subscription. This makes implementing Mirror an easy decision, since you can step away from the service if it stops adding value for your firm.
What technology does my firm need to use your compliance suite?
A decent internet connection and a computer, with access to a browser (Internet Explorer, Google Chrome, Safari).
There is nothing your business needs to install ahead of using Mirror. You may see the need for custom integrations, for example with your internal case management or storage systems. In this case, please speak to our team at email@example.com.