SBC Summit Americas: Why affiliate marketing is one misstep away from crisis

Hillary McAfee

19 May 2025 at 4:45pm UTC-4

Shutterstock.com

Email, LinkedIn, and more

Affiliate marketing still drives significant player acquisition, but its margin for error is shrinking fast. As more states enact their own privacy laws and regulators turn a sharper eye toward third-party performance marketing, the affiliate channel has become a minefield of risk for operators who treat it as plug-and-play.

At SBC Summit Americas, a panel of affiliate-marketing experts and data leaders made one thing clear: Affiliate oversight is no longer optional. It is a liability-management issue.

Article continues below ad

“Every state has different levels of requirements and compliance,” said Allan Stone, CEO of Acquire.bet. “We have an internal compliance officer. That’s their entire job. You need someone owning this across every jurisdiction you touch.”

According to the International Association of Privacy Professionals, more than 30 US states are actively working on privacy legislation. And for companies operating nationally or globally, that complexity multiplies.

“We apply three layers,” said Alberto Simões, Director at Clever Advertising. “Global policy, local rules, and then client-specific compliance. Ontario bans influencers. Brazil doesn’t allow welcome bonuses. Some clients read English law even when operating in Brazil. There’s no consistency.”

Article continues below ad

Worse, markets can disappear overnight.

“We don’t do one-year deals anymore,” Simões added. “In six months, a market could be banned. You have to build for change.”

For data providers, the stakes are even higher. TransUnion, a federally regulated agency, provides identity and behavioral data to operators and affiliates, but does so under strict oversight.

“We build everything to the most restrictive privacy standards,” said Tyler Blot, Client Development Lead for US Gaming at TransUnion. “Our identity graph is refreshed multiple times a day. If a consumer opts out at Equifax, we honor it across our network. It’s nonnegotiable.”

The message from the panel was blunt. Operators cannot afford to assume their affiliates or vendors are managing compliance. And most regulators still don’t understand how decentralized and opaque the affiliate space has become.

“The word ‘affiliate’ means a lot of different things,” said Stone. “It could mean a publicly traded company or a guy in Ohio with a Discord channel. But when something goes wrong, it’s the operator who pays the price.”

Simões agreed. “Regulators assume the operator is liable. So we explain what we do, but they don’t always have the resources to understand it.”

This lack of clarity and consistency has left the door open for fines, investigations, and unnecessary friction between performance and compliance teams. Panelists called for a more unified industry response, perhaps modeled after DISCUS in the alcohol industry, where self-regulation prevents external overreach.

“If we don’t self-regulate, we’ll get hit with rules made by people who don’t understand this business,” Stone said. “We’ve already lived that in the UK.”

Blot echoed the sentiment. “Regulatory scrutiny will continue to rise. Marketing is next. The companies building privacy-by-design systems today will be the ones still standing in three years.”

The affiliate channel may still be cost-effective, but it’s no longer low-maintenance. Operators need to invest in smarter onboarding, stricter tracking controls, and real-time audit tools. The cost of doing nothing is rising.

As Stone put it, “If compliance is an afterthought, you won’t be in business for long.”