Customer Risk Rating & Due Diligence Policy For the website www.getfirekirin.com
MC Data Solutions LLC
(Covers the Get Fire Kirin and Easy Street gaming platforms)
Effective Date: October 25, 2025compliance@getfirekirin.com
Summary This policy explains how MC Data Solutions LLC evaluates and manages risk across all player accounts and partners. Every customer is assigned a risk score based on identity, location, payment methods, and activity patterns. High-risk accounts receive extra review before any payout. These steps help protect our players and ensure full compliance with the Bank Secrecy Act (BSA), OFAC rules, and processor requirements.
1. Purpose To establish a risk-based framework for identifying, classifying, and managing customers and partners on Get Fire Kirin and Easy Street. Our goal is to detect potential fraud, money laundering, or sanctions risk while maintaining a secure and fair player environment.
2. Scope Applies to:
All player accounts and transactions (Gold Coins and Sweeps Coins). All payout channels through Simple 8 Wallet (MassPay). Affiliates, vendors, and partners providing marketing or payment services. Compliance tools (SEON fraud and behavioral monitoring / Veriff KYC verification). 3. Regulatory Framework Aligned with:
Bank Secrecy Act (31 U.S.C. Β§5311β5332) FinCEN Customer Due Diligence Rule (31 CFR Β§1010.230) OFAC Sanctions Regulations (31 CFR Β§500 et seq.) ISO 37301 Compliance Management Standard NIST SP 800-53 Security Framework Texas Business and Commerce Code Quarterly Legal Memoranda and annual audits ensure ongoing compliance.
4. Risk Scoring Model Each player receives a dynamic risk score (0 β 100) calculated by SEON and internal systems.
Category Weight Description Identity Integrity (KYC) 20% Veriff results, ID match, duplicate checks Geolocation 20% Player location, state eligibility, VPN/proxy usage Payment Behavior 15% Card ownership match, chargebacks Device/IP Risk 15% SEON fingerprint, velocity, multi-device logins Transaction Volume 15% Frequency and value of purchases / payouts Gameplay Pattern 15% Natural play vs. exploitative activity
Risk Tiers Low (0β49): Standard monitoring Medium (50β74): Heightened review / payout limits High (75β100): Enhanced Due Diligence (EDD) + manual approval 5. Identity Verification and Screening SEON pre-KYC screens device, IP, and email before account creation. Veriff performs full ID and age check (21+) before payout. Failed or inconsistent data β temporary account hold pending resolution. All records retained for five (5) years. 6. Politically Exposed Persons (PEP) and Adverse Media PEP and adverse media screening conducted automatically through SEON. Confirmed matches increase risk score (+20) and trigger EDD. EDD requires occupation, employer, and source-of-income validation. 7. Source of Funds (SoF) and Source of Wealth (SOW) When required, players must provide:
Redacted bank or crypto wallet statements. Pay stubs or tax documents. Signed SoF declaration. All documentation is reviewed by Compliance before payout release. 8. Enhanced Due Diligence (EDD) EDD is initiated for:
Crypto payouts β₯ $10,000. Cross-border or high-risk activity. Repeated chargebacks or structuring patterns. Adverse media or PEP alerts. EDD Process SEON flag β Analyst review within 24 hours. Document request (SOF/SOW) β Player response within 5 days. Compliance Officer approval within 10 business days. Unverified accounts remain suspended until cleared.
9. Ongoing Monitoring Monthly re-scoring of all accounts. Event-driven reviews upon device change, large payout, or new funding method. High-risk accounts re-evaluated weekly. Automated alerts sent to Compliance when risk score β₯ 70. 10. Vendor and Affiliate Due Diligence All vendors and affiliates undergo KYB (Know Your Business) verification. Must disclose beneficial owners (β₯ 20%). Subject to OFAC, PEP, and adverse media screening. Audited annually and certifications retained for seven (7) years. 11. Geolocation and Jurisdiction Controls Gameplay and payouts are blocked in these U.S. states:
Arizona, Arkansas, California, Connecticut, Delaware, Hawaii, Idaho, Louisiana, Maryland, Michigan, Mississippi, Montana, Nevada, New Jersey, New York, Pennsylvania, Virginia, Washington.
SEON geofencing and proxy/VPN detection prevent restricted access.
12. Recordkeeping & Data Protection Record Type Retention Access Control Risk Scores / SEON Logs 5 years Compliance Team EDD / KYB Files 7 years Encrypted Archive PEP / Adverse Media Results 7 years Compliance Only Training Records 5 years HR + Compliance
All data is encrypted (AES-256 at rest / TLS 1.3 in transit) and handled per Policy #5 and Policy #6.
13. Training and Awareness All employees receive annual risk assessment and due diligence training. Focus on identifying structuring, PEP connections, and funding anomalies. Minimum passing score 90%; records retained five years. 14. Program Effectiveness Review Quarterly metrics include:
Distribution of risk tiers (Low/Med/High) Number of EDD reviews and turnaround times False-positive ratio SAR referrals to AML team Results are reviewed by Compliance and Legal and included in the Annual Compliance Report.
15. Cross-Policy Integration This policy connects directly with:
Policy #1: BSA / AML & OFAC Compliance Policy #2: Responsible Gaming & Fair Play Policy #3: Transaction Monitoring & Reporting Policy #5: Information Security & Data Protection Policy #6: Privacy Policy Policy #7: Terms of Service & Conditions Contact MC Data Solutions LLCcompliance@getfirekirin.com