Evaluating Affiliate Network Compliance: People, Process & Technology

David Naffziger Apr 23, 2013

The impending closure of the Google Affiliate Network (GAN) has forced a large number of advertisers to suddenly seek an alternate network. As we've spoken with our customers that are seeking another network, I've found myself providing guidance on what questions to ask networks about their compliance capabilities. While I may have sharpened my responses with each call, I always felt that I could have answered more crisply. That's why I'm writing this post.

Compliance is a particularly interesting challenge at the network level. If a network conducts compliance poorly, they are likely to make more money in the near-term. Conversely, they actually have to invest in people, process and technology to conduct compliance well. My experience suggests that network compliance has a meaningful fixed cost — there is a minimum investment required to protect the network at a basic level and it is almost independent of the size of the network. Large companies that run their programs entirely in-house seem to maintain a similar level of compliance investment as top networks do. The investment that allows you to capture one rogue affiliate typically allows you to capture the rest.

For advertisers, compliance is a multi-faceted issue. To really dig into the many aspects of compliance that might be relevant to your program, take a read through our 30-page guide to affiliate compliance. In my discussion below, I'll focus on the topics that I consider to be particularly important when evaluating network compliance: Paid Search, Software, Cookie-Stuffing, Malware/Adware and ensuring a “one account per affiliate” registration policy.

Effective compliance stands on three legs: People, Process & Technology. Strengths in some of those areas can make up for minor weaknesses in others. Similarly, a big weakness in one can destroy compliance entirely.



The people conducting compliance have a major impact on outcomes. I’ve certainly observed this many times. Some of the best compliance personnel have developed a fine-tuned sense for a rogue affiliate, and can quickly identify suspicious activity. Similarly, junior personnel can often be easily misled by an affiliate and may end up inadvertently helping rogue affiliates conduct more abuse.

I'd ask the network:

  1. Who is responsible for compliance in your network?

  2. How many people are there? Are they full-time or part-time? How many years experience do they have?

  3. Are they focused solely on compliance? If not, what other responsibilities do they share?

  4. I'd also ask about reporting and compensation structure.

Compliance is a very specialized skill set. It requires a strong technical background, a curious intellect and fairly relentless focus. I'd expect to see dedicated full-time personnel conducting network compliance. I'd want to see them organizationally independent from the publisher side of the business and no part of their compensation should be tied to advertiser or business performance. I'd expect the compliance personnel to possess meaningful seniority in the organization. I'd never want a situation to emerge where someone in the account management or publisher management function could overrule someone in the compliance department.

One network executive cheekily commented to me that his compliance team was "in the profit destruction business". He was happily trading off short-term profit for healthy long-term relationships, but his comment underscores some of the tension inherent in network compliance.

Some networks have their account managers conduct some aspects of compliance. This isn’t necessarily a problem (although I prefer dedicated personnel), but it does require you to understand more about the person or people that would be your account managers. The experience of individual account managers can vary widely. They are often the most junior staff at a network, sometimes hired into that role right out of college. I’ve also worked with seasoned affiliate account managers that have years of experience and can appropriately balance the conflicting demands of compliance and sales growth.

I expect many larger GAN advertisers had a relationship with at least one person from GAN's compliance team. I'd ask to meet someone from the team you'd be working with and have them walk you through their processes, policy and technology.


Process (& Policy)

Understanding the process and policy behind a network's compliance efforts requires digging into details, but it is incredibly worthwhile. Questions I'd ask:

  1. What is your network’s policy toward:
    -paid search policy abuse?
    -affiliate use of software?
    -cookie-stuffing, malware/adware and affiliates with multiple accounts?

  2. Under what circumstances will you remove an affiliate from the network (or from a program)?

I'd look for strong base of network policies with clear protocols for removing affiliates who are found to be in violation. Most networks will remove affiliates found violating their network policies, but are less likely to remove affiliates from the network if they are only found violating your own policies. A strong baseline of network policies gives you enhanced protection, because you know that once the affiliate has been caught by anyone (whether it’s the compliance team or another advertiser), the affiliate is likely to be removed from the network.

Also, what happens to affiliate links when an affiliate has been removed from the network (or from your program)? We've seen many rogue affiliates who, after being kicked out of networks, continue to promote programs for some time. Often, unsuspecting users get caught in the middle and end up clicking on a link that gives them an unexpected error. To be clear, I can see situations where you might want an error but most of my experience has involved circumstances where the broken link damaged the advertiser.

Along with asking the network about its policies, you’ll also want to know what specific steps the network takes to discover violations and ensure compliance. I’d suggest asking:

  1. Does your network proactively monitor for paid search abuse, software abuse, cookie-stuffing, and malware/adware?

  2. Who does the monitoring work? Is it advertiser specific?

  3. Do you proactively monitor on behalf of specific advertisers? Do you reactively investigate?

  4. What is your process for conducting the monitoring?

  5. Do you reach out and resolve abuse directly or simply provide reporting to advertisers?

  6. Under what circumstances will commissions automatically be reversed? How far back?

  7. What do you do to ensure that affiliates removed from the network are not readmitted or that affiliates only operate one account?

Generally speaking, you are looking for networks that proactively monitor for affiliates violating both their network policies and their advertisers’ specific policies. There is some natural tension here, since advertiser-specific policies can vary widely, but you’ll at least want to understand what the network monitors and what you’ll be expected to monitor.

I’d really dig into the monitoring process itself as well. Have them outline their processes. For example, when discussing software, I’d ask how often they test the software and whether they conduct that testing on versions submitted by the affiliate and/or versions they find in the wild. For paid search, if the network monitors on your behalf I’d ask how often they review collected data and engage with violating affiliates - daily, weekly or monthly. We’ve found that quick follow-up discourages repeat abuse.

Lastly, once the network has removed an affiliate, I’d really like to have some comfort that the affiliate can’t rejoin the network tomorrow. It is likely impossible to prevent this entirely but I’d like the affiliate to have meaningful barriers to rejoining the network.



I'm very conscious of my biases on this topic, so I'll keep it short. Detecting paid search abuse, cookie-stuffing, malware and software abuse requires meaningful, sustained investment in technology. Rogue affiliates are a creative and adaptive bunch and any technology that stands still will eventually be consistently outmaneuvered by affiliates.

Inevitably, a network will either build or buy technology to address those compliance challenges. We work with a number of networks that had once built an internal technology for paid search monitoring and to their credit, they were very quick to adopt a third party solution once they deemed it advantageous to their advertisers.

I'd ask what technologies they use and how they support those technologies. I'd drill down into service details. Using paid search as an example, I'd ask how many times a day they monitor to give a sense for how comprehensive the offering is. I'd also ask whether you will get access to the reporting details.


GAN's Compliance Strengths

GAN's compliance team was particularly strong in several core aspects. By no means were they the only network to excel in these areas, but as you consider moving networks, I might focus on these topics in particular to understand where you might experience additional exposure.

GAN was particularly good at ensuring affiliates had only one account.

I assume they dramatically improved on this dimension when they joined AdSense and Google Affiliate Network accounts. Of course, it was by no means bullet-proof—but GAN did a particularly good job preventing rogue affiliates from maintaining multiple IDs.

GAN had a relatively strong software policy.

They did not allow affiliates to bundle their software. In my own opinion, software bundling most frequently results in pernicious activity. Either users end up with affiliate software they didn't expect, or the software itself behaves more aggressively than the versions the affiliates made available to networks. Regardless, if you move to a network that allows software affiliates, you'll need to consider how their policies match up against GAN's and what additional abuse you may now be exposed to.

GAN also was incredibly proactive with malware and adware.

They conducted their own proactive monitoring and aggressively removed affiliates that they found taking advantage of malware and adware. They've also looked at malware abuse across other networks and they felt pretty strongly that they maintained one of the cleanest networks in this regard.


Don’t forget the advertiser’s role in compliance

While this discussion has focused entirely on network compliance, the advertiser plays a really important role in ensuring effective compliance. Their duties extend from developing clear, unambiguous policies and affiliate agreements all the way through to proactively utilizing data unavailable to the networks (such as chargebacks and fraud reports) to identify problems.

Despite everything the network can do for compliance on an advertiser’s behalf, the advertiser is ultimately responsible for ensuring program compliance to their standards. The affiliate networks can offer tremendous resources for compliance monitoring and management, but network compliance should not be a substitute for an advertiser’s own efforts. Read through our aforementioned compliance guide to more deeply familiarize yourself with the steps an advertiser should take to manage compliance.

And finally: what did I miss? I’m sure this is by no means comprehensive, so I welcome any feedback that you’d like to add.

Topics: affiliate marketing

Don't Miss Out

Get the latest insights on brand protection, compliance, and paid search delivered right to your inbox.

What you don't know will hurt you. Start monitoring and protecting your brand.