Compliance of affiliates and partners

1) Purpose and area

Ensure that any external traffic and marketing activity through affiliates, streamers, agencies, and media comply with the law, licenses, and our internal standards (age/advertising/RG/AML/data/brand). Coverage: partner subscriptions, creatives, channels and targeting, UTM/postbacks, payments and tax forms, complaints and incidents, audits.

2) Roles and RACI

Head of Affiliates (Owner) - strategy, partner catalog, KPI, escalation. (A)

Compliance/Legal - politics, contractual clauses, disputes, regional bans. (R/A)

RG Lead - suppression for the vulnerable, compatibility with limits/SE. (C)

Brand/Creative - white list of formulations, checking layouts. (R)

Performance/Tracking - UTM, postbacks, creative/version hash, anti-fraud signals. (R)

InfoSec/DPO - DPIA, data processing and exchange, DPA/SSC. (C)

Finance - acts/invoices, deductions, clawback. (R)

Internal Audit - Selections, compliance checks, and CAPAs. (C)

3) Partner onboarding (KYB/Due Diligence)

• Registration data, UBO/ownership structure, tax status.
• Sanctions/REP/negative media (screenings), geo-coverage, site portfolio.
• Politicians: advertising, RG, privacy, moderation of second-level affiliates.
• Traffic sources (performance/content/streams/social networks/retargeting/ASO/SEO/branded PPC).
• Responsible contacts (compliance/tech/finance).
• Test layouts and examples of creatives.

Risk classification: Low/Med/High → verification depth, review period (12/6/3 months).

4) Key contractual clauses (excerpt)

1. Age/targeting: mandatory filters 18 +/21 +; unknown age = exclude.
2. WP-bans: suppression of players with SE/timeout/high risk/affordability-check.
3. Advertising standards: prohibition "no risk/easy money/guaranteed winnings," honest disclaimer, lack of youth aesthetics.
4. Brand and PPC: banning brand-bidding and grooming requests; list of negative keys; SEO-Antidors.
5. Version of offers: the partner is obliged to use the official summary box and terms-hash, changes - only through the new version.
6. Creatives: whitelist catalogue only; any edits require pre-approval.
7. Traffic source: incident traffic, bots, mis-leading prelanders, cookie-stuffing, forced clicks, iFrame/iframe redirects without consent are prohibited.
8. Sub-affiliates: only with written permission and full transparency of sites; the partner is jointly and severally liable.

9. Data and privacy: DPA, minimization, prohibition of the transfer of personal data of players without legal grounds, prohibition of "vulnerability segments."

10. Audit and logs: the right to audit creatives/sites/logs; providing screenshots, stream recordings, screenshots.
11. Clawback/deductions: right to withhold/return remuneration for violations/fraud/fines of the regulator; post-termination obligations.
12. Takedown SLA: disabling problematic creativity ≤ 2 hours on notice.
13. Yur. compliance: responsibility for local advertising norms, sponsorship and influencer notes, # ad/18 +, etc.

5) Rules of channels and creatives

Paid advertising: age filters, exceptions for youth audiences, Look-Alike's ban on "youth" segments.
Content/SEO: prohibition of clickbait, false comparisons "official site," unmarked purchase reviews.
Social networks/streams: honest gameplay (including losses), advertising/18 +, prohibition of "deposit races" and provocations.
E-mail/Push: sender and unsubscribe; consistency of conditions with landing and terms-hash.

6) Technical requirements and attribution

• `click_id, partner_id, sub_id, offer_id, terms_hash, creative_hash, ts, geo, device, channel, placement_url`.
• События: `registration`, `ftd`, `qualified_deposit`, `wr_progress`, `se_activated`, `rg_suppression_applied`, `refund/chargeback`.
• Validations: click_id deduplication, anti-spoofing with a signature, attribution timeout, deduplication between networks.
• Catalogs: versions of offers/creatives with hash and publication dates.

7) Antifraud and source control

Anomalies: high CRs from "forbidden" geo/hours, surge in new devices/UAs, "zero" engagement, massive cancel within.
Connectivity: IP/UA/device/payment matches, graph analysis.
Test buys/views: selective traffic purchases and recording streams.
Sandbox clicks: cookie-stuffing/hidden redirects traps.
Reaction algorithm: flag → hold payments → investigation → clawback/break → report to partner/affiliate.

8) Payments and deductions

Model: CPA/RevShare/CPL/Hybrid - transparent formulas, mouthguards, post-back rules.
Hold/Reserve: for High-risk partners or when racing - reserve X% on T + N.
Clawback: fraud/violations/regulatory fines/chargeback - FIFO hold.
Invoice/documents: tax forms (by jurisdiction), reconciliation with reports and GL.

9) Privacy and data exchange

Minimization: in postbacks - only technical data, without player PII.
DPA/SSC: agreed provisions, storage localization, prohibition of secondary sale of segments.
Data incidents: SLA notifications, evidence corridor, CAPA; disallowing the transmission of biometrics/sensitive attributes.

10) Complaints and incidents

Channels: CS/Trust & Safety + Partner Advertising Complaint Form.

SLA: receipt ≤ 24 hours, investigation ≤ 10 days

Measures: Takedown, adjustments, clawback, lists of "black sites."

Reports to the regulator: according to local rules, with the application of artifacts.

11) KPI/KRI and dashboard

Compliance Pass Rate: the proportion of verified partners without comments.
Creative Version Match: matching creatives/terms-hash from partners.
Complaint Rate/Reg Findings: complaints/comments on 1k clicks.
Takedown SLA: Median time off creative.
Fraud/Clawback Ratio: deductions to payments.
RG Suppression Integrity:% of players with RG flags who received partner promo (= 0).
Affiliate Consistency: compliance of offers/UTM/geo rules.

12) Checklists

A) Partner onboarding

• KYB/UBO/sanctions/PEP checked, risk class assigned.
• Contract, DPA, sub-affiliate clause signed.
• Approved list of sites/channels, brand and PPC rules.
• Access to creative catalog, summary box and terms-hash.
• Postback test passed (signature/dedup/versioning).

B) Pre-flight campaign

• Age filters and RG-suppression are enabled.
• Whitelisted creatives; ID/creative_hash/terms-hash are affixed.
• Geo/time market constraints considered.
• Sub-affiliates are registered/approved.

C) Operations

• Monitor traffic anomalies and complaints.
• Weekly sampling of landings/streams and comparison of texts.
• Hold/clawback payments; investigations documented.

D) Audit

• Quarterly sampling of partners and sites.
• UTM/terms-hash/creative_hash/lending reconciliation.
• Repeated violation CAPAs.

13) Templates (quick inserts)

A) Clause "Version of conditions and creatives"

B) "Sub-affiliate" clause

C) Takedown

D) Streamer brief (shutter speed)

Mark # ad and 18 +/21 +.
Banning "no risk/easy money" promises.
Honest gameplay, no calls to bypass limits/SE.
Link to the offer with the same version of the conditions ('terms _ hash').

14) Data model (minimum)

partner_id, risk_class, kyb_status, ubo[], sanctions_status, markets[],
approved_channels[], site_list[], sub_affiliates[],
dpa_signed_at, contract_signed_at,
creative_whitelist[], blocked_placements[],
offer_version{terms_hash, summary_box_url},
takedown_sla_hrs, rg_suppress_required,
payout_model{cpa    cpl    revshare    hybrid}, caps, hold_percent, reserve_days,
postback{secret, allowed_ips[], required_params[]},
audit_artifacts[], last_review_at, status{active    hold    terminated}

15) Incident-process (short)

1. Signal (complaint/alert/audit) → 2) Temporary hold of payments and partner notification → 3) Collection of artifacts (screenshots, logs, records) → 4) Decision (takedown, edits, clawback/termination) → 5) Report/regulator, if necessary → 6) CAPA.

16) Regional profiles (framework)

Market: ______
Forbidden channels/time windows:...
Required Disclaimers/Icons:...
Age threshold: 18 +/21 +
Bonus restrictions in advertising:...
Terms of notifications to the regulator:...
Special rules for influencers/offline:...

17) 30-day implementation plan

Week 1

1. Approve policy, inhibition matrix and contract/DPA templates.
2. Set up BCL/sanction/POP screenings and risk classes.
3. Release a catalog of approved creatives and formulations.

Week 2

4. Implement postbacks (signature, required params, terms/creative-hash).
5. Enable RG/age-suppression in tracking and CRM.
6. Prepare checklists and notification macros (takedown, violations).

Week 3

7. Pilot with 5-10 partners: KPI/KRI monitoring, hold/clawback test.
8. Audit 10 random landings/streams and check hashes/versions.
9. Training of account managers and CS (1 hour).

Week 4

10. Full release; weekly reports and quarterly audits.
11. Incident/Complaint CAPA updating whitelists/blacklists.
12. Plan v1. 1: auto-scanner partner pages, ML anomaly signals, "panic-button" for instant shutdown.

• Advertising standards and prohibitions
• Transparency of bonus conditions
• Age verification and age filters
• Responsible play and limits/Self-exclusion and account blocking/Reality Checks
• AML Policy and Transaction Control/KYC Procedures
• Compliance Dashboard and Monitoring/Regulatory Reports and Formats
• Internal/external audit and audit checklists