Executive summary
Moving the Veriff document checks (POA + IDV) from registration to first redemption is legally defensible and operationally tractable. The architecture has three gates: a light eligibility screen at the form step (age, state, self-exclusion); a behind-the-scenes Veriff AML screen plus payment / wallet checks at first paid purchase; and full Veriff document KYC at first redemption or AMOE submission. AMOE entrants have no payment-rail identity signal, so the full document flow is the equivalent identity gate to what paid users get through their card / wallet / 3DS data at Tier 1c. The framing is "silent AML at first purchase, full Veriff at redemption or AMOE, nothing user-visible at registration".
The registration form already collects name, date of birth and state between T&C acceptance and Veriff. That data is sufficient for an OFAC / sanctions name screen, a self-exclusion register lookup, a state-eligibility check and an age check, all without needing document verification. The form becomes the load-bearing identity layer at registration; Veriff's document checks move downstream.
SC cannot be won from GC gameplay. SC is only credited as a free bonus alongside a paid GC purchase. That means the free GC 10,000 sign-up bonus is entertainment-only value; a user with only the free GC can never reach a redemption attempt. This collapses several risks that would otherwise apply: there is no zero-purchase redemption path, no path for a sanctioned person or minor to extract value from the platform without first making a purchase (which triggers our payment-rail controls), and no straightforward bonus-harvesting model that ends in cash. The first real value-out moment is the first SC redemption, which is the natural Tier 2 trigger.
Because SC only enters via purchase, the moment a user buys their first GC pack is the moment they acquire redemption-capable currency. That is the operational equivalent of "value moving" on the platform: from this point forward the user holds SC that can ultimately be redeemed for cash. Tier 1c controls (BIN match, OFAC re-screen, state recheck for prohibited and SC-restricted states, Chainalysis wallet screen for crypto) need to fire at this step, not at redemption. By the time redemption is requested, the SC has already been issued.
Current state & proposed change
Current registration flow
Recommended target flow
Legal & regulatory framework
MetaWin.us sits between several overlapping regimes. Unlike a licensed gaming operator, we don't have a single prescriptive KYC-timing mandate from a gaming regulator. Instead, our obligations come from federal financial-crime law, state sweepstakes statutes, state consumer-protection (UDAP) law, IRS reporting rules, and our own contractual commitments to payment processors, card networks and Veriff. The table below maps each regime against KYC timing.
| Regime | Relevant authority | KYC timing requirement | Forces KYC at registration? |
|---|---|---|---|
| BSA / CIP | FinCEN · 31 CFR 1020 / 1021 | Not directly applicable. MetaWin.us is not a licensed casino under 31 CFR 1021. CIP attaches to financial institutions establishing formal account relationships. | No |
| AML (MSB-adjacent) | FinCEN · 31 USC 5311 et seq. | Risk-based programme required for any money-services-adjacent activity. SC redemption (value-out) is the strongest trigger; GC purchase (value-in) is the second. | Indirect |
| OFAC sanctions | OFAC · 31 CFR 500 series | Strict-liability prohibition on transactions with sanctioned persons/jurisdictions. Screening must occur before any value moves, not at redemption. | Pre-purchase |
| State sweepstakes law | CA B&P §17539.1 · NY GBL §369-e · FL Ch. 849.094 · others | Regulates disclosure, AMOE parity, odds, and prize fulfilment. Identity verification of winners is implicit but timing is operator's choice. | No |
| State UDAP statutes | State AGs · class actions | Prohibit unfair or deceptive trade practices. Risk arises if unverified users transact in fully prohibited states, if SC-restricted-state users are not correctly routed (no SC offered), or if minors are admitted. | Indirect |
| IRS reporting | IRC §6041 · W-9 / 1099-MISC | TIN collection triggered by prize award threshold ($600+ aggregate). Naturally redemption-gated. | No |
| FinCEN: virtual currency | 2019 CVC guidance · Travel Rule (≥$3,000) | Wallet-level risk screening on crypto purchase funding regardless of identity KYC timing. | Pre-purchase |
| State age & SC eligibility | State AGs · sweepstakes carve-outs · 13-state SC restriction list | Operator must not offer SC to residents of the 13 SC-restricted states (CA, CT, ID, IL, LA, MD, MI, MT, NV, NJ, NY, TN, WA), must not transact at all with residents of fully prohibited states, and must not admit minors. Needs age and geo signals at every value-moving step. | Every session |
| Card-network & processor rules | Visa / Mastercard / Worldpay / Nuvei / Trust | Contractually-imposed KYC and fraud thresholds. Some processors require verified customers as a condition of underwriting. | Contract-dependent |
| Self-exclusion & RG | SPGA standards · state-level RG requirements | Operator expected to honour self-exclusion lists. Unverified users can register under variant identities and evade. | Indirect |
No regime forces full identity verification at registration. Two regimes (OFAC and state age/geo) force some identity signal before any money moves. One regime (FinCEN CVC) forces wallet screening on crypto purchase funding. The rest are redemption-tolerant.
Where the change is defensible
Where risk concentrates
These are the risks that the working-group should treat as load-bearing in the design. They are ordered roughly by exposure severity. Each card identifies the specific failure mode and the mitigation that takes it from unacceptable to tolerable.
Veriff-specific considerations
Veriff currently runs three distinct checks at registration. The relocation question is not "all three at redemption"; it should be decomposed by check. Each line is independently movable, and the legal logic for each is different. Crucially, the registration form already collects name, DOB and state: exactly the inputs the AML check needs to run, whether it runs at registration or at first purchase.
| Check | What it verifies | Inputs needed | Recommended timing | Move to redemption? |
|---|---|---|---|---|
| AML | Sanctions / PEP / watchlist screening | Name + DOB (already captured in the form today) | Tier 1c (first paid purchase), runs silently as part of the payment authorisation flow. This is when SC (the only redemption-valuable currency) first enters the account. No user-visible step. | Moves to purchase |
| IDV | Government ID + liveness / similarity | Document upload · selfie · device camera | Move to Tier 2 (redemption) for the full document + liveness flow. Skipped entirely for users who never redeem. | Yes |
| POA | Proof of current residential address | Document upload (utility bill, bank statement) | Move to Tier 2 (redemption). POA has the weakest registration justification and the highest friction cost. | Yes |
Because SC only enters via paid purchase, the AML screen's strongest legal trigger is the purchase event, not registration. The full Veriff stack moves out of the registration flow entirely: AML runs silently at Tier 1c (first purchase) as part of the payment authorisation flow, POA + IDV run at Tier 2 (first redemption). Tier 1b at the form step uses internal systems (self-exclusion DB, age math, state list); no Veriff call required. Frame this as "run AML behind the scenes at first purchase, POA + IDV at first redemption, nothing at registration".
Recommended tiered model
The defensible architecture replaces a single, all-or-nothing Veriff gate at registration with three escalating tiers. Each tier collects the minimum identity signal required for the next type of activity, and full Veriff KYC sits at the redemption gate.
| Tier | Trigger | Controls | Vendor / system |
|---|---|---|---|
| Tier 0 Pre-form |
Sign-up → auth → T&Cs | Email confirmation · Age affirmation (21+) · Geolocation · Fully prohibited-state block · Device fingerprint capture · T&C / privacy / RG consent | Fingerprint · Geocomply / internal geo |
| Tier 1a Form (existing) |
Form step, already in flow | Self-declared name · DOB · state. No new tech required; this step already runs today. | MetaWin.us registration form |
| Tier 1b Light eligibility |
On form submission, before bonus credit | Age check (DOB-derived) · group-wide self-exclusion register lookup · state-of-residence eligibility check (block fully prohibited states; flag SC-restricted-state users for GC-only experience) · risk-model evaluation (initial). All silent / synchronous. Pass required before GC 10,000 bonus credits. No Veriff call at this stage. | Self-exclusion DB · internal risk model |
| Bonus gate Play-only value |
Tier 1b pass | GC 10,000 sign-up bonus credited. User can play. No redemption-valuable currency (SC) in account yet, only entertainment value. Until this gate passes, the bonus is not credited and play is not possible. | MetaWin.us platform · loyalty system |
| Tier 1c First purchase |
First GC purchase (card or crypto) | Behind-the-scenes Veriff AML / sanctions / PEP screen on form-captured name + DOB · BIN-to-billing match (card) / Chainalysis wallet risk screen (crypto) · 3DS · state recheck (block fully prohibited; suppress SC for SC-restricted) · re-evaluate risk model with payment data. All silent: no user-visible step beyond standard payment authorisation. This is the heavyweight gate for paid users because this is the moment redemption-valuable currency (SC) first enters their account. Payment-rail data (card, BIN, 3DS) supplies corroborating identity alongside the AML screen. | Veriff AML standalone (decomposed) · Chainalysis · processor 3DS · internal risk model |
| Tier 2 Redemption or AMOE |
First SC redemption or AMOE submission | Full Veriff POA + IDV + AML re-screen · TIN collection (W-9) · document liveness · source-of-funds questionnaire for higher tiers · withdrawal payment-method ownership check. AMOE submission triggers the full stack: AMOE entrants have no payment-rail identity signal, so the Veriff documents do all the identity work. SC is not issued via AMOE until Tier 2 clears. | Veriff full stack · IRS workflow · payment-rail KYC |
Why this structure
The gates align with the user's lifecycle. A light eligibility screen (Tier 1b) gates the play-only bonus; a behind-the-scenes Veriff AML screen plus payment / wallet checks (Tier 1c) fire at the moment a paid user purchases their first GC pack; and full document KYC (Tier 2) gates the moment a user attempts to extract value as cash via redemption, or to obtain SC via the AMOE path. AMOE submission triggers the same full Tier 2 stack as redemption because AMOE entrants have no payment-rail identity signal: the document KYC is the equivalent identity gate to what paid users provide through their card or wallet data at Tier 1c. The user experience at registration is unchanged from today (same form, same wait), but Veriff drops out of the registration flow entirely.
Optional early-KYC triggers (future)
The redemption gate is the load-bearing KYC moment in the model. It is the right default, and in most cases sufficient on its own. Over time we may want to introduce a small number of early-KYC triggers that pull full Veriff verification forward to before redemption when a user shows signals of risk. This section is a placeholder for that work, not a launch commitment. The capabilities are already in our stack or planned; what's missing is the policy framework, thresholds and counsel sign-off.
Candidate signals to develop into early-KYC triggers, all behavioural rather than spend-based:
- Fingerprint device / account-linkage signals. Cross-account links via device, wallet, payment method or email patterns. Hamhamgoat / Snniper-style bridge-account detection. Depends on the MET-4235 coverage fix landing.
- Risk-model output. Composite score from the MET-2529 layered model (MA / AS / VE / SS / WR signal groups). A score above an agreed threshold could trigger early Veriff.
- Chargebacks and payment disputes. Card-network and processor expectations point toward matching disputes to verified identities. Any chargeback could be a natural early-KYC trigger.
- Chainalysis wallet-risk escalation. If a previously-clean wallet flags into a high-risk Chainalysis category, that's a signal worth acting on before redemption.
- State-of-residence anomalies. Geo, IP and declared-address mismatch flags. Could indicate fully prohibited state circumvention or an SC-restricted user attempting to access SC.
- Velocity patterns. Multiple cards in a short window, rapid sequential purchases, account-takeover signatures. Common in card-testing and bonus abuse.
None of this is required for the v1 restructure. Redemption-gated full Veriff plus the Tier 1 / 1c controls already in scope are sufficient. Early-KYC triggers are a v2 conversation, sequenced after the launch has bedded in and we have telemetry on which signals actually correlate with bad outcomes at redemption. Thresholds, weightings and the cost of a Veriff pull all need to be quantified against real data, not picked in advance.
Open questions for counsel
The following questions should be put to external regulatory counsel before sign-off and used as the structure for the formal memo.
- UDAP risk per priority state. Does our Tier 1 control set (form + light eligibility gate + AML at first purchase) materially reduce the risk of a deceptive-practices claim in NY, CA, MI, PA, FL, TX, IL? Are there state-specific carve-outs we need to build in?
- State sweepstakes statute review. Are there any state sweepstakes statutes (or AG guidance) that read implicitly as a "verify at registration" mandate, even though they don't say so on the face of the text?
- OFAC perimeter. Confirm that running the Veriff AML / sanctions screen silently at first purchase (Tier 1c, inside the payment authorisation flow) is sufficient given that the play-only bonus GC cannot produce redemption-valuable currency without a paid purchase.
- Bonus as value transfer. Confirm: is the free GC 10,000 a "transaction" or "value transfer" for OFAC purposes, given that it has no redemption path on its own? Our expectation is no, but we want this in writing.
- AMOE consideration analysis (priority). The proposed model requires full Veriff (POA + IDV) at AMOE submission, while paid first-purchase only triggers a silent AML screen. The asymmetry is justified by identity-signal equivalence (paid users supply card / BIN / 3DS data; AMOE users supply none, so the document KYC is the equivalent identity gate). Confirm this reasoning holds across CA, NY, FL, TX, IL, PA, MI; flag any state where requiring documents from AMOE entrants but not paid entrants creates a consideration problem.
- SC withholding enforceability. Are our proposed T&C changes to permit withholding of SC where Tier 2 KYC later fails enforceable in our priority states? Any consumer-protection limits we should know about?
- Self-exclusion exposure. What is our liability if a self-excluded individual receives the free GC, plays for entertainment value, but never purchases? Is Tier 1b cross-checking adequate?
- Veriff & data-minimisation. Are there CCPA / CPRA implications of collecting full Veriff data at redemption from users who registered months earlier under a lighter privacy notice? Do we need a re-consent step at Tier 2?
- Card-network rules. Are there Visa / Mastercard scheme-rule positions on unverified customers transacting (especially for "high-risk" merchant categories) that override our legal analysis?
- Crypto on-ramp. What is the FinCEN / state-MSB position on unverified-identity crypto-funded purchases accompanied by Chainalysis wallet screening? Is the Tier-2-on-redemption identity model defensible on the crypto side as well as the fiat side?
- Marketing claims. Do our existing marketing claims ("verified", "safe", "secure") need to be revised if a meaningful proportion of accounts will be unverified for an extended period?
Once counsel responses are in, this document should be re-issued at v1.0 with the counsel positions inlined and the Tier 1 / Tier 2 control lists locked. From there it becomes the source-of-truth for the engineering scope and the input to a single Jira epic (proposed: MET-KYC-TIER) alongside the existing MET-2529 risk-model work.