Legal compliance of affiliates

1) The role of affiliate compliance

• allow only trusted partners to work;
• prevent illegal/unethical advertising;
• ensure transparent accounting of creatives and traffic sources;
• quickly identify and eliminate violations.

2) Principles

Legality by jurisdiction: we comply with local advertising rules, RG, e-commerce, privacy.
Brand responsibility: the operator bears the risk for the offers that are shown on his behalf.
Verifiability: we verify the partner, store evidence (screenshots, logs, versions).
Proportionality: graduated sanctions for violations.

Transparency of the offer condition: short terms next to CTA, without "small print."

3) Due Diligence

• Identification of Jurassic person, UBO (beneficiaries), contact persons.
• Sanctions/RAP screening, negative news, reputation.
• Portfolio of sites/channels (domains, social networks, streams, instant messengers), geo-coverage,% 18 + audience.
• Privacy policy and CMP (cookie consent) on landing pages.
• History of violations in iGaming/ads networks (if possible - references/recommendations).

Bottom line: Go/No-Go solution, assigning a risk level (Low/Med/High), creating a partner card in the registry.

4) Advertising requirements (minimum standard)

Age/target: 18 + (or 21 +); age-gating, banning child imagery.

Short terms next to CTA: WR, Max Bet, term, contribution/exclusions, geo, 18 +, "Play responsibly."

Consistency: creative = landing = offer; no "bait & switch."

Forbidden language: "guaranteed income," "no loss," closing debts with rates, FOMO pressure.
Content restrictions: no hyperbolized winnings without risk context; without native integration into children's/family content.
Advertising marking: according to the requirements of the site/law; Specify operator and rule references.

5) Privacy & data

Legal data regime: define the role of the parties (joint controllers/independent controllers/processor).
Documents: DPA (if affiliate - processor) or Data-Sharing Agreement (if independent controller/joint controllers).
Cookie/CMP: valid pixel consent/utm tracking; consent journal.
Minimization: prohibition to collect excess PDn; prohibition of "hidden" identifiers.
Rights of subjects: procedure for sending access/deletion requests to the operator.
Security: requirements for log storage, deadlines, encryption, access (RBAC).

6) Affiliate Agreement (key provisions)

1. Compliance with the law: local advertising/RG/privacy/e-commerce regulations.
2. Pre-clearance: all creatives/landing pages/scripts before launch.
3. Short terms/18 +/RG: mandatory in every placement, readable size, no hiding.
4. Geo-and age target: showing only in permitted geo, excluding minors.
5. Ban on mislead: no promises of profit; matching banner and landing page.
6. Data and cookies: consent, DPA/DSA, prohibition of data transfer to third parties without approval.
7. Attribution and transparency of sources: UTM/referrer, prohibition of "substitution" of the source/refspam.
8. Access for audit: the right of the operator to request screenshots/archives, to conduct kraul checks.
9. Sanctions: warning → pause of payments → withholding for violation → termination; clear scale.
10. Brand safety: lists of prohibited sites/topics, stop list of words.
11. Contractors/sub-affiliates: allowed only with written consent and the same obligations.
12. Shelf life of artifacts: creatives/screenshots/consent logs - at least X years.
13. Conflict of interest and compliance contact: SLA of responses, channel for urgent withdrawals.

7) Pre-clearance and release process

1. Offer brief → 2) Creative draft + short terms → 3) Legal/RG check → 4) Privacy check (CIW/consent) → 5) Approval of version → 6) Release → 7) Post-monitoring (crawl/brand-safety/complaints).

SLA: typical - up to 2 working days, influence/UN - up to 5.

8) Continuous monitoring

Autocraul: regular traversal of domains/landings; capturing screenshots/versions.
Brand-safety: stop lists of topics/sites; match alerts.
User/Ombudsman complaints: expedited check of placements, case log.
Quarterly: revision of short terms, landings compliance, report on violations and trends.
Secret purchases (mystery shopping): selectively - checking the UX transparency of the offer.

9) Sanctions and escalations (graduated scale)

10) Affiliate Risk Matrix (RAG)

11) KPIs and reporting

Share of compliant creatives (%).
Average time to correct violations.
Share of green RAG affiliates.
Complaints/ADRs on 1k registrations from affiliate traffic.
Share of creatives withdrawn/rejected.
Conversion from compliant landings vs non-compliant (for motivation).

12) Registries and artifacts (recommended structures)

12. 1 Register of Affiliates (YAML)

yaml affiliate_id: "AFF-00123"
entity: "Example Media Ltd"
ubo: ["John Doe 60%", "Jane Roe 40%"]
risk_level: "medium"
channels: ["seo","social","influencer"]
geos: ["UA","CA-ON","BR"]
age_gate: true privacy:
role: "independent_controller"  # or "processor" / "joint_controllers"
dpa_dsa_signed: true cmp_present: true consent_log_retention_months: 24 preclearance_required: true sanctions_screened_at: "2025-11-05"
status: "active"
owner: "Affiliate Compliance"

12. 2 Register of creatives

yaml creative_id: "ADV-2025-0201"
affiliate_id: "AFF-00123"
channel: "social"
geo: ["UA"]
short_terms: "WR 30x bonus      MaxBet 5      7d      slots 100%      18+ RG"
lp_url: "https://affsite. example/promo123"
rg_badge: true versions:
- v: "1. 0"
date: "2025-11-05"
status: "approved"
notes: "Legal/RG ok"
evidence:
screenshots: ["promo_v1_2025-11-05. png"]
crawl_hash: "a1b2c3..."

13) Contract section templates (fragments)

A. Advertising Standards

The Affiliate shall comply with local advertising regulations, age restrictions, the rules of responsible play and the Operator's requirements for the transparency of offers. Attached to each placement are brief terms: WR, maximum rate, term, contribution/exclusions, 18 + and a link to the full rules.

B. Pre-Moderation and Auditing

All creatives, landing pages and advertising scripts are subject to prior approval. The operator has the right to conduct checks (including automatic crawling) and request supporting materials, including screenshots and consent logs.

C. Data and privacy

The parties define their processing roles: [joint supervisors/independent supervisors/processor]. If necessary, the DPA/DSA is signed. The Affiliate shall provide CMP, keep a log of consents, and not transfer personal data to third parties without the Operator's consent.

D. Sanctions for violation

Graduated scale of measures is fixed: warning; Pause and hold payments for related traffic taking off creatives; termination. In case of targeting minors, promises of profit, substitution of a source or serious violations of privacy, the Operator has the right to immediately terminate the contract.

E. Sub-Affiliates

The engagement of subcontractors is possible only with the written consent and subject to the full dissemination of these requirements.

14) Operational playbooks (brief)

P-01 Quick removal of creativity: signal → confirmation → removal at the site/affiliate → notification → fix in the registry.
P-02 Regulator/Ombudsman complaint: urgent audit → report → corrective measures → updating contracts/guides.

P-03 Unauthorized geo-traffic: tracking block → request for logs → recalculation → sanctions. S2-S3

P-04 Privacy incident: localization, notifications, remediation plan, DPIA revision.

15) Pre-campaign compliance checklist

• Signed a contract with mandatory sections (advertising/RG/privacy/sanctions).
• Passed due diligence, sanctions/PEP screening, an affiliate card.
• Short terms checked, landing matches banner, there is 18 +/RG.
• Geo/age target configured (stop audiences excluded).
• CMP and consent log are active; DPA/DSA signed if necessary.
• Quick Creative Removal Channel tested; KPI owner assigned.

16) Mini-FAQ

Can I use sub-affiliates? Only with written consent and mirror obligations.
Short terms in video/stories? Yes, in the frame/description, the font size is readable, with a link to the full rules.
Who keeps cookies? The owner of the landing (affiliate) plus the operator stores evidence of traffic transfer by consent.
What to do when complaining? Immediately fix screenshots, freeze placement, notify the operator, send a log and corrections.

17) Block for inclusion in "Advertising Rules/Affiliates" (condensed)

18) Conclusion

Legal compliance of affiliates is not a "paper" checklist, but a living system: admission at the entrance, transparent rules of the game, strict fixation of evidence and predictable sanctions. Standardize contracts, keep registers and automate monitoring - and your affiliate channel will remain legal, ethical and risk-resistant.