Related Questions
.png)
A merchant applies with a well-structured business, clean corporate documentation, and a stated acquisition model built on affiliate and influencer partnerships. The affiliate agreement is attached. The onboarding file looks complete. For heads of merchant risk, compliance leaders, and program managers at acquiring banks, PSPs (payment service providers), and PayFacs (payment facilitators), the question that onboarding paperwork cannot answer is this: does the merchant actually control what those affiliates say to consumers, or does the agreement exist without any operational substance behind it?
In our experience, the gap between governance on paper and governance in practice is the primary source of affiliate-driven portfolio exposure.
Affiliate traffic is a risk model. The underwriting question is whether the merchant manages it.
Regulatory accountability has extended to third-party marketing channels.
The FTC (Federal Trade Commission) has been explicit in its Guides Concerning the Use of Endorsements and Testimonials (16 CFR Part 255): disclosure obligations, substantiation requirements, and accountability for consumer harm apply to the merchant regardless of whether an affiliate made the claim. Equivalent frameworks exist in the EU under the Directive on Unfair Commercial Practices and the Digital Services Act. For merchants in regulated verticals, vertical-specific marketing rules compound this exposure. Risk teams that accept "affiliates are responsible for their own content" as a governance answer are accepting a position regulators and card schemes do not share.
Card scheme monitoring programs surface merchant-level signals that trace to affiliate activity.
Chargeback reason code concentration in consumer dispute categories, such as not-as-described, unauthorized transaction, and subscription cancellation disputes, is one of the clearest indicators of affiliate-driven consumer harm. Scheme monitoring programs track these patterns at the merchant account level. The upstream source, an affiliate's deceptive claim or unapproved creative, does not change the merchant's exposure. Acquirers and PayFacs processing for merchants in affiliate-heavy verticals carry downstream portfolio risk when those merchants are not adequately governed. Ballerine's Merchant Monitoring is designed to track exactly these signals on a continuous basis.
The affiliate governance gap is structural, not incidental.
The incentive misalignment between merchants and affiliates is built into the performance model. Affiliates paid per conversion have a direct financial incentive to maximize conversion volume. When merchants set high commission rates without clawback provisions and without monitoring, they are funding that incentive without accountability mechanisms. The governance gap this creates does not require bad intent from the merchant. It requires the absence of governance structures that counteract it. For merchant onboarding teams, identifying that absence before processing begins is the core task.
Access the full affiliate underwriting framework →
The complete guide provides the full operational framework. The five dimensions that define whether a merchant's affiliate governance is verifiable are summarized here.
1. Governance Documentation: The Distinction Between Rules and Records
Affiliate agreements, approved creative libraries, and onboarding criteria for affiliates are the starting documents. They establish what the merchant's rules are. They do not establish whether those rules are followed.
The evidence standard we apply requires operational records alongside documentation: approval logs showing specific creatives reviewed before publication, with dates and reviewer identification; monitoring logs showing affiliate-facing content was audited at defined intervals; and enforcement records showing affiliates warned, suspended, or terminated for violations.
A merchant who can describe their affiliate governance process but cannot produce a single monitoring log or enforcement record has a documented program. They do not have a functional one.
Key insight: Ask for the enforcement log from the prior 12 months as a standard information request. A program running at material scale for over a year with zero enforcement records is not demonstrating a clean affiliate roster. It is demonstrating absent monitoring.
2. Claims and Compliance Controls: Whether Monitoring Is Operational
The claims gap, the difference between what a merchant approves and what affiliates publish, is where consumer harm originates. Pre-approval workflows without approval records, and monitoring policies without audit logs, are the same as no pre-approval or monitoring at all.
We look for: a documented pre-approval process with records of approvals and rejections; a defined monitoring approach with outputs and frequency; and a clear escalation and takedown process when violations are identified, not just a description of one.
Merchants who describe enforcement as "flagging it to the network" without direct contractual rights over affiliates have limited practical enforcement capability. That limitation is itself a risk factor, not a neutral characteristic.
Key insight: Ask specifically: "Can you show us a monitoring log or audit record from the past six months?" The presence or absence of that record is more informative than the affiliate agreement itself.
3. Incentive Structure and Sub-Affiliate Visibility
High flat conversion commissions without clawback provisions create structural incentive misalignment regardless of what the affiliate agreement prohibits. Commission structures tied to customer retention rather than raw conversions align affiliate behavior differently, because the affiliate's earnings depend on the consumer remaining a customer, not simply converting once.
Sub-affiliate layers are the most consistently underweighted risk factor in affiliate governance reviews. For programs operating through major networks, a material share of promotional activity may occur through sub-affiliates who have no direct contractual relationship with the merchant. The merchant's rights against the network may not extend to sub-affiliates. We verify whether sub-affiliate governance provisions exist, whether the network has documented compliance monitoring capability, and whether the merchant has any visibility into sub-affiliate identity and activity.
For partner oversight programs managing PayFac or marketplace structures where sub-merchant affiliate activity is relevant, this layer requires equally structured assessment.
Key insight: Ask: "Do you have direct enforcement rights over sub-affiliates, and can you identify who they are?" For programs operating through major networks, this question will often reveal a material gap.
4. Historical Complaint and Chargeback Data
Affiliate governance problems leave traces in consumer complaint and chargeback data before they surface in formal documentation reviews. Chargeback reason code distribution is more informative than aggregate chargeback rate. Reason codes concentrated in consumer dispute categories point toward acquisition-side problems. Codes concentrated in fraud or technical failure categories indicate different risk profiles.
For U.S.-facing merchants, the CFPB (Consumer Financial Protection Bureau) complaint database is a publicly accessible starting point. Complaint review platforms, state attorney general complaint filings, and processor-provided chargeback data provide supplementary signal.
A merchant who attributes elevated complaint or chargeback history in a prior program entirely to "a few bad affiliates we removed" warrants scrutiny on whether the governance structure has changed, not just whether specific affiliates were removed. The governance structure is what matters. The specific affiliates are a symptom.
Key insight: Ask for chargeback data segmented by acquisition channel. Merchants with affiliate monitoring infrastructure can typically provide this segmentation. Those who cannot likely do not have the monitoring infrastructure the program requires.
5. Traffic Arbitrage and Short-Cycle Risk Patterns
A distinct subset of affiliate-dependent merchants operate on a traffic arbitrage model: purchasing low-cost traffic, routing it through high-converting funnels, and extracting revenue before complaint accumulation reaches scheme thresholds. These programs sometimes rotate to new merchant accounts, descriptors, or domains before accountability mechanisms activate.
We observe this pattern in merchants with very short operating histories, high initial transaction volumes relative to company size, multiple descriptor or domain variations registered in close succession, and thin operational infrastructure, meaning no verifiable customer service function, no auditable supplier relationships, and no physical presence. This pattern is not reliably visible from onboarding documentation alone. Behavioral signals and digital footprint analysis are required inputs.
Ballerine's Merchant Underwriting platform surfaces these signals systematically, including cross-referenced descriptor and domain registration history, related entity mapping, and behavioral anomalies that standard document review cannot detect.
Key insight: Any combination of short operating history, descriptor variation, and high initial transaction volume should trigger a deeper affiliate structure and traffic sourcing review before onboarding proceeds.
Access the full affiliate underwriting framework →
The full guide provides a detailed benchmark. A merchant with verifiable affiliate governance will produce the following across all five dimensions:
This profile represents a program that has been built to function, not merely to document.
Access the full affiliate underwriting framework →
Accepting the affiliate agreement as the risk assessment. The agreement records what the merchant's rules are. It does not record whether those rules are monitored or enforced. Programs with well-drafted agreements and no operational follow-through are not meaningfully different from programs with no documentation at all. A review that stops at documentation is a review of paperwork, not of risk.
Missing the sub-affiliate layer. Risk teams that review the merchant's direct affiliate agreement without asking about network and sub-affiliate structure may be assessing a small fraction of actual traffic-driving activity. For programs operating through major networks, sub-affiliates may represent the majority of active promotional traffic. The governance coverage of the top-level agreement does not extend to them automatically.
Treating affiliate risk as a one-time onboarding check. Affiliate programs change. Affiliates join and leave. New channels open. Compliance standards in regulated verticals are updated. A governance assessment conducted at onboarding and not revisited is a snapshot of a previous state. For affiliate-driven merchants, ongoing monitoring structured around specific triggers, including sustained chargeback increases in consumer dispute categories, complaint volume changes, and new network relationships, is the minimum standard for active portfolio management.
Conflating marketing scale with compliance maturity. A merchant can operate a technically sophisticated affiliate program with professional attribution analytics, multi-touch tracking, and network management, while having no systematic oversight of what affiliates say. Marketing sophistication and compliance governance are separate capabilities. The presence of one does not indicate the presence of the other.
Not asking for enforcement history. This is the highest-signal question in affiliate governance review and consistently the least-asked. A merchant with a program running for more than a year who cannot produce a single example of an affiliate suspended or terminated for a violation is communicating something, whether or not they intend to. Zero enforcement history from a mature program is not evidence of a clean affiliate roster. It is evidence of absent monitoring.
This framework addresses the core discipline gap in affiliate risk assessment: the shift from documentation review to evidence-based governance verification.
For acquiring programs, demonstrating that affiliate governance is evaluated systematically, with documented evidence and consistent standards across the portfolio, is part of building the defensible operating posture that both scheme and regulatory scrutiny increasingly require. Ballerine's Mastercard MMSP Compliance framework is designed to support that standard with consistent, auditable evidence.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
