Ongoing Monitoring (Continuous Merchant Monitoring)

Ongoing monitoring (also known as continuous merchant monitoring) is the practice of regularly reviewing a merchant's activity, transaction behavior, and business profile after onboarding to verify continued compliance with card network rules, regulatory requirements, and acquirer risk policies throughout the merchant account lifecycle.

‍

Why Ongoing Monitoring Is a Challenge

‍

Merchants are not static entities. Post-onboarding changes introduce risk exposure that a one-time underwriting assessment cannot capture:

‍

Business model drift: A merchant approved to sell apparel may later add age-restricted products (vaping devices, CBD) or regulated financial services without disclosure.

‍

Ownership changes: Beneficial ownership transfers, management shifts, or mergers may introduce sanctioned individuals or entities with adverse histories.

‍

Volume and transaction anomalies: Sudden spikes in transaction volume, chargeback ratios, or cross-border activity may signal fraud, unauthorized use, or money laundering.

‍

Regulatory evolution: New compliance obligations (licensing requirements, AML regulations, consumer protection rules) may apply as the merchant's operations or jurisdictions expand.

‍

Reputational risk: Negative news, litigation, or regulatory enforcement actions can emerge after onboarding, changing the merchant's risk profile.

‍

Without continuous oversight, acquirers, payment facilitators (PayFacs), and marketplaces operate with incomplete visibility. The result is increased exposure to fraud losses, regulatory penalties, card scheme fines, and reputational damage.

‍

How to Implement Effective Ongoing Monitoring

‍

An effective ongoing monitoring program combines automated surveillance with periodic manual review. We recommend the following approach:

‍

1. Establish monitoring triggers and review schedules

‍

Define risk-based intervals for review (e.g., high-risk merchants reviewed quarterly, low-risk merchants reviewed annually). Set automated triggers for events such as:

‍

Chargeback ratio exceeds a defined threshold
Transaction volume deviates significantly from baseline
Negative news or adverse media mentions appear
Ownership or corporate structure changes detected
Website content changes (new product categories, prohibited goods)

‍

2. Automate transaction and behavioral surveillance

‍

Deploy systems that continuously analyze transaction data for patterns indicating elevated risk:

‍

Unusual transaction velocity or ticket size
Geographic shifts in transaction origin or customer base
Card-not-present (CNP) fraud indicators (e.g., multiple failed authorizations, BIN attacks)
Layering or structuring patterns consistent with money laundering

‍

Automated monitoring reduces manual workload while providing real-time detection of anomalies that require investigation.

‍

3. Refresh KYC/KYB (Know Your Customer/Know Your Business) data

‍

Periodic KYC/KYB refreshes ensure that merchant identity, ownership, and business structure data remain current. This includes:

‍

Re-verification of Ultimate Beneficial Owners (UBOs) and Key Management Personnel (KMPs)
Corporate registry checks to detect ownership transfers, directorship changes, or corporate restructuring
Screening against sanctions lists, Politically Exposed Persons (PEP) databases, and adverse media sources

‍

In jurisdictions with Customer Due Diligence (CDD) requirements under Anti-Money Laundering (AML) regulations, periodic KYC refreshes are not optional.

‍

4. Monitor website and digital presence

‍

Merchants' websites, social media channels, and online storefronts provide visibility into operational changes. We look for:

‍

Introduction of new product lines or services (especially regulated categories like age-restricted goods, financial products, or pharmaceuticals)
Changes in pricing structure, fulfillment terms, or customer complaint patterns
Domain or brand name changes that may indicate restructuring or attempt to evade prior enforcement actions

‍

Website monitoring tools can automate this process by flagging content changes for review.

‍

5. Conduct adverse media and litigation searches

‍

Negative news, regulatory actions, and legal proceedings can emerge after onboarding. Adverse media monitoring should include:

‍

Regulatory enforcement actions by financial authorities or consumer protection agencies
Criminal investigations or prosecutions involving the merchant, its owners, or key personnel
Civil litigation (e.g., class actions, consumer complaints, breach of contract claims)
Media coverage indicating reputational risk (fraud allegations, product recalls, unethical business practices)

‍

Automated adverse media screening tools can surface relevant alerts, but human review is required to assess materiality and context.

‍

Real-World Example

‍

An acquiring bank onboards a merchant approved to process transactions for dietary supplements. Initial underwriting confirms proper licensing and acceptable chargeback history.

‍

Six months later, ongoing monitoring detects:

‍

A 300% increase in transaction volume over a two-week period
Introduction of a new product line (prescription-style weight loss pills) not disclosed during onboarding
Multiple consumer complaints filed with regulatory authorities regarding unauthorized recurring charges

‍

Automated monitoring flags these changes. The risk team conducts a manual review, determines the merchant is operating outside its approved business model, and initiates corrective action: suspension of processing while the merchant provides updated documentation, revised terms of service, and evidence of regulatory compliance for the new product line.

‍

Without continuous monitoring, the acquirer would have remained unaware until chargeback losses, regulatory fines, or card scheme penalties materialized.

‍

Best Practices for Ongoing Monitoring Programs

‍

Risk-based segmentation: Apply monitoring intensity proportional to risk. High-risk merchants (e.g., those in restricted categories, those with prior violations) require more frequent review.

‍

Integration with case management workflows: Alerts from monitoring systems should feed into structured case management processes with defined escalation paths and resolution timelines.

‍

Clear remediation policies: Define the actions to take when monitoring detects issues (e.g., request additional documentation, increase reserve requirements, suspend processing, terminate the merchant).

‍

Audit trails and documentation: Maintain records of all monitoring activities, review decisions, and remediation actions to demonstrate compliance with regulatory obligations and card network standards.

‍

Cross-functional collaboration: Effective monitoring requires coordination between risk, compliance, operations, and legal teams. Establish clear ownership and communication protocols.

‍

Strategic Context: The Broader Impact

‍

Ongoing monitoring is a regulatory expectation in many jurisdictions. AML regulations (e.g., the Bank Secrecy Act in the United States, the Fourth and Fifth AML Directives in the European Union) require financial institutions to conduct ongoing due diligence on customers. Card networks (Visa, Mastercard) impose monitoring obligations through programs such as the Mastercard Merchant Monitoring Program (MMP), which mandates acquirers to monitor merchants for compliance with network rules.

‍

Failure to maintain adequate ongoing monitoring exposes acquirers and PayFacs to:

‍

Regulatory fines: Non-compliance with AML or consumer protection regulations can result in enforcement actions and financial penalties.

‍

Card network fines: Violation of network rules (e.g., allowing prohibited merchants to process transactions) can trigger substantial fines and potential loss of processing privileges.

‍

Fraud and chargeback losses: Undetected merchant fraud or misconduct results in direct financial losses through chargebacks, refunds, and reserve depletion.

‍

Reputational damage: Association with fraudulent or non-compliant merchants harms the acquirer's reputation and erodes trust with partners and customers.

‍

From a strategic perspective, ongoing monitoring is not merely a compliance checkbox. It is a risk management discipline that protects the acquirer's financial stability, preserves relationships with card networks and regulators, and ensures the integrity of the payments ecosystem.

‍

Ballerine's Approach to Continuous Merchant Monitoring

‍

Ballerine provides a unified platform for merchant monitoring that combines automated surveillance with risk-based manual review workflows. The platform continuously analyzes transaction data, website content, and external data sources (corporate registries, sanctions lists, adverse media) to detect changes in merchant risk profiles.

‍

When monitoring flags an issue, Ballerine's case management system guides risk teams through structured investigation and remediation workflows, ensuring that alerts are resolved efficiently and in compliance with internal policies and regulatory requirements. The platform maintains a complete audit trail of all monitoring activities, providing documentation for regulatory examinations and card network audits.

‍

As a certified Mastercard Merchant Monitoring Service Provider (MMSP), Ballerine meets the technical and operational standards required to support acquirers in fulfilling their Mastercard MMP compliance obligations. This certification ensures that the platform's monitoring capabilities align with card network expectations for continuous merchant oversight.

‍

By automating routine surveillance and focusing human effort on high-risk cases, Ballerine enables acquirers, PayFacs, and marketplaces to scale their merchant underwriting and monitoring operations without proportional increases in compliance headcount.

‍