Blogs
>
Detecting Aggregator-Within-Aggregator: A Compliance Framework for Payment Processors

Detecting Aggregator-Within-Aggregator: A Compliance Framework for Payment Processors

Hidden nested aggregators create "blind spots" that lead to massive card scheme fines and regulatory scrutiny. This guide outlines a robust framework for identifying multi-layered merchant relationships, improving your KYB accuracy, and ensuring your risk monitoring covers every layer of the payment chain. Don't let sub-merchants hide in plain sight.
Ballerine team
Feb 2, 2026
Share:

Index

Heading
Related Tags
Compliance
Merchants
Risk Management

For payment service providers (PSPs, entities that enable merchants to accept electronic payments), acquirers, and compliance teams, hidden aggregator operations create a critical challenge: how do you distinguish merchants selling directly from those operating payment facilitation infrastructure when both present identical documentation during onboarding?

This is not primarily a fraud problem. It is a structural underwriting problem. Unlike traditional merchant categories where you verify business legitimacy and payment risk, potential aggregators require you to function as an infrastructure analyst, mapping payment flows and technical capabilities to identify whether the merchant crosses from direct operations to facilitating transactions for unvetted third parties.

The stakes: Card network rules require payment facilitators to register and hold processors accountable for unregistered facilitation operations. Missing these patterns exposes your institution to network fines, banking relationship termination, and regulatory action from the Financial Crimes Enforcement Network (FinCEN) and state money transmitter authorities.

What's Inside the Full Framework

Payout flow analysis

Onboarding infrastructure investigation

Terms of service review

Seller tools identification

Transaction monitoring protocols

Risk scoring methodology

Remediation workflows

Why This Matters Now

Card network enforcement intensifies

Visa and Mastercard require payment facilitators to register, implement sub-merchant underwriting programs, and report sub-merchant data. Operating as a de facto facilitator without registration triggers network fines that scale with transaction volume.

Your underwriting must identify facilitation patterns before merchants enter your portfolio to avoid regulatory exposure.

Hidden sub-merchants multiply portfolio risk

A single merchant relationship can expose you to numerous unvetted businesses when aggregator infrastructure operates behind clean business documentation. One compliance failure, fraud pattern, or regulatory violation by any hidden sub-merchant creates liability for your organization.

Traditional risk modeling assumes discrete business evaluation, not networks of unknown sellers.

Technical sophistication enables deception

Platforms split payments to multiple beneficiaries through backend configurations invisible during standard document review. Seller tools exist behind authentication walls. Sub-merchant onboarding happens on separate domains not disclosed during underwriting.

Legal structure gaming uses terms like "partners" or "collaborators" rather than "sellers" to avoid explicit aggregator language while enabling all the functionality.

Read the complete framework →

The Four-Pillar Assessment Framework

Essential verification breaks down into four core investigation areas:

1. Payout Flow Analysis

Payment flows reveal what business documentation conceals. We consider this the single most reliable indicator of hidden aggregation.

The framework shows how to identify systematic split payments, map multiple beneficiary accounts, recognize revenue share settlement logic, and analyze payment processor relationships. In our assessment, automated payment splitting to third parties indicates multi-party operations inconsistent with direct merchant models.

High-risk patterns include settlements flowing to different entities, payout logic based on seller identifiers, and the use of marketplace payment infrastructure like Stripe Connect or Adyen for Platforms.

2. Onboarding Infrastructure Investigation

The systems a platform builds reveal its true business model. Direct merchants need customer onboarding. Aggregators need seller onboarding.

Critical red flags include self-service seller registration, multi-entity information collection, tiered account structures with seller-specific roles, and integration with Know Your Business (KYB) providers for ongoing verification.

The framework provides testing protocols to identify hidden registration flows, methods to analyze user role structures, and documentation that proves single-entity versus multi-party operations.

3. Terms of Service and Legal Language

Terms of service drafters carefully avoid explicitly stating "we facilitate payments for sub-merchants". But legal documents must still describe what the platform actually does.

We look for seller provisions, commission structures, third-party liability disclaimers, seller performance policies, indemnification clauses protecting platforms from seller actions, and payment processing language that reveals facilitation operations.

References to "our sellers", commission or revenue share provisions, and three-party transaction structures are disqualifying red flags.

4. Seller Tools and Platform Capabilities

Platforms do not accidentally build sophisticated seller dashboards, inventory management systems, or order routing tools. These capabilities exist for specific purposes.

Critical capabilities that indicate aggregator operations include seller dashboards showing individual performance metrics, inventory management allowing different parties to control different products, order fulfillment routing to multiple entities, seller communication tools, payout and financial management per seller, and storefront customization options.

When customers need to contact specific sellers rather than the platform, those sellers are the actual merchants.

Read the complete framework →

Tangible Outcomes for Your Institution

Organizations that implement this framework can gain:

Regulatory compliance

Clear evidence that your underwriting validates card network registration requirements and FinCEN Customer Due Diligence obligations, reducing regulatory examination risk.

Risk portfolio integrity

Proper identification of facilitation operations before onboarding, preventing exposure to unvetted sub-merchant networks that undermine portfolio risk modeling.

Operational consistency

A systematic assessment protocol and documentation requirements that your team can apply uniformly, eliminating subjective evaluation and repeated underwriting failures.

Network relationship protection

Demonstrated due diligence that prevents card network fines, banking relationship termination, and enforcement actions when platforms are discovered post-onboarding.

Defensible decisions

Investigation methodology and documentation standards that demonstrate due diligence to card networks, regulators, auditors, and internal stakeholders when questions arise.

How Ballerine Helps

Ballerine's merchant underwriting platform automates aggregator detection through payout flow analysis, technical infrastructure mapping, and continuous monitoring. Risk teams use Ballerine to identify payment facilitation patterns during onboarding and maintain ongoing visibility into merchant operations. The platform integrates the four-pillar assessment framework into automated workflows, reducing manual investigation time while improving detection accuracy.

Guide

Access the Complete Framework

Get the full investigation protocol and assessment checklist.

  • Four-pillar verification methodology with risk scoring
  • Technical testing procedures and red flag thresholds
  • Practical guidance for underwriting, compliance, and risk teams

Schedule Demo

Related Questions

Reeza Hendricks

Share this blog

For payment service providers (PSPs, entities that enable merchants to accept electronic payments), acquirers, and compliance teams, hidden aggregator operations create a critical challenge: how do you distinguish merchants selling directly from those operating payment facilitation infrastructure when both present identical documentation during onboarding?

This is not primarily a fraud problem. It is a structural underwriting problem. Unlike traditional merchant categories where you verify business legitimacy and payment risk, potential aggregators require you to function as an infrastructure analyst, mapping payment flows and technical capabilities to identify whether the merchant crosses from direct operations to facilitating transactions for unvetted third parties.

The stakes: Card network rules require payment facilitators to register and hold processors accountable for unregistered facilitation operations. Missing these patterns exposes your institution to network fines, banking relationship termination, and regulatory action from the Financial Crimes Enforcement Network (FinCEN) and state money transmitter authorities.

What's Inside the Full Framework

Payout flow analysis

Onboarding infrastructure investigation

Terms of service review

Seller tools identification

Transaction monitoring protocols

Risk scoring methodology

Remediation workflows

Why This Matters Now

Card network enforcement intensifies

Visa and Mastercard require payment facilitators to register, implement sub-merchant underwriting programs, and report sub-merchant data. Operating as a de facto facilitator without registration triggers network fines that scale with transaction volume.

Your underwriting must identify facilitation patterns before merchants enter your portfolio to avoid regulatory exposure.

Hidden sub-merchants multiply portfolio risk

A single merchant relationship can expose you to numerous unvetted businesses when aggregator infrastructure operates behind clean business documentation. One compliance failure, fraud pattern, or regulatory violation by any hidden sub-merchant creates liability for your organization.

Traditional risk modeling assumes discrete business evaluation, not networks of unknown sellers.

Technical sophistication enables deception

Platforms split payments to multiple beneficiaries through backend configurations invisible during standard document review. Seller tools exist behind authentication walls. Sub-merchant onboarding happens on separate domains not disclosed during underwriting.

Legal structure gaming uses terms like "partners" or "collaborators" rather than "sellers" to avoid explicit aggregator language while enabling all the functionality.

Read the complete framework →

The Four-Pillar Assessment Framework

Essential verification breaks down into four core investigation areas:

1. Payout Flow Analysis

Payment flows reveal what business documentation conceals. We consider this the single most reliable indicator of hidden aggregation.

The framework shows how to identify systematic split payments, map multiple beneficiary accounts, recognize revenue share settlement logic, and analyze payment processor relationships. In our assessment, automated payment splitting to third parties indicates multi-party operations inconsistent with direct merchant models.

High-risk patterns include settlements flowing to different entities, payout logic based on seller identifiers, and the use of marketplace payment infrastructure like Stripe Connect or Adyen for Platforms.

2. Onboarding Infrastructure Investigation

The systems a platform builds reveal its true business model. Direct merchants need customer onboarding. Aggregators need seller onboarding.

Critical red flags include self-service seller registration, multi-entity information collection, tiered account structures with seller-specific roles, and integration with Know Your Business (KYB) providers for ongoing verification.

The framework provides testing protocols to identify hidden registration flows, methods to analyze user role structures, and documentation that proves single-entity versus multi-party operations.

3. Terms of Service and Legal Language

Terms of service drafters carefully avoid explicitly stating "we facilitate payments for sub-merchants". But legal documents must still describe what the platform actually does.

We look for seller provisions, commission structures, third-party liability disclaimers, seller performance policies, indemnification clauses protecting platforms from seller actions, and payment processing language that reveals facilitation operations.

References to "our sellers", commission or revenue share provisions, and three-party transaction structures are disqualifying red flags.

4. Seller Tools and Platform Capabilities

Platforms do not accidentally build sophisticated seller dashboards, inventory management systems, or order routing tools. These capabilities exist for specific purposes.

Critical capabilities that indicate aggregator operations include seller dashboards showing individual performance metrics, inventory management allowing different parties to control different products, order fulfillment routing to multiple entities, seller communication tools, payout and financial management per seller, and storefront customization options.

When customers need to contact specific sellers rather than the platform, those sellers are the actual merchants.

Read the complete framework →

Tangible Outcomes for Your Institution

Organizations that implement this framework can gain:

Regulatory compliance

Clear evidence that your underwriting validates card network registration requirements and FinCEN Customer Due Diligence obligations, reducing regulatory examination risk.

Risk portfolio integrity

Proper identification of facilitation operations before onboarding, preventing exposure to unvetted sub-merchant networks that undermine portfolio risk modeling.

Operational consistency

A systematic assessment protocol and documentation requirements that your team can apply uniformly, eliminating subjective evaluation and repeated underwriting failures.

Network relationship protection

Demonstrated due diligence that prevents card network fines, banking relationship termination, and enforcement actions when platforms are discovered post-onboarding.

Defensible decisions

Investigation methodology and documentation standards that demonstrate due diligence to card networks, regulators, auditors, and internal stakeholders when questions arise.

How Ballerine Helps

Ballerine's merchant underwriting platform automates aggregator detection through payout flow analysis, technical infrastructure mapping, and continuous monitoring. Risk teams use Ballerine to identify payment facilitation patterns during onboarding and maintain ongoing visibility into merchant operations. The platform integrates the four-pillar assessment framework into automated workflows, reducing manual investigation time while improving detection accuracy.

Guide

Access the Complete Framework

Get the full investigation protocol and assessment checklist.

  • Four-pillar verification methodology with risk scoring
  • Technical testing procedures and red flag thresholds
  • Practical guidance for underwriting, compliance, and risk teams

Related Articles

Managing ISO Risk: Operational Guidelines for Processors and Acquirers
Risk Management
Compliance
Ballerine team
Feb 3, 2026
Managing ISO Risk: Operational Guidelines for Processors and Acquirers

Understand how to move beyond manual oversight by implementing a structured framework that automates merchant risk assessment and simplifies complex compliance for Platform-as-ISO models.

Understanding Underwriting Models Across PSPs, PayFacs, and Acquirers
Merchants
Risk Management
Nicole Horne
Feb 2, 2026
Understanding Underwriting Models Across PSPs, PayFacs, and Acquirers

The merchant landscape is more diverse than ever, and so are the risks. While Payment Service Providers (PSPs), Payment Facilitators (PayFacs), and Acquirers all share the goal of enabling commerce, their approaches to risk assessment vary significantly based on their regulatory exposure and place in the payment flow. This guide breaks down the core differences in underwriting models, exploring how each entity balances automated speed with manual due diligence to manage fraud, credit, and compliance risks.

Managing ISO Risk: Operational Guidelines for Processors and Acquirers
Risk Management
Compliance
Ballerine team
Feb 3, 2026
Managing ISO Risk: Operational Guidelines for Processors and Acquirers

Understand how to move beyond manual oversight by implementing a structured framework that automates merchant risk assessment and simplifies complex compliance for Platform-as-ISO models.

Understanding Underwriting Models Across PSPs, PayFacs, and Acquirers
Merchants
Risk Management
Nicole Horne
Feb 2, 2026
Understanding Underwriting Models Across PSPs, PayFacs, and Acquirers

The merchant landscape is more diverse than ever, and so are the risks. While Payment Service Providers (PSPs), Payment Facilitators (PayFacs), and Acquirers all share the goal of enabling commerce, their approaches to risk assessment vary significantly based on their regulatory exposure and place in the payment flow. This guide breaks down the core differences in underwriting models, exploring how each entity balances automated speed with manual due diligence to manage fraud, credit, and compliance risks.