VelisAds Network

Payment Policy

Effective date: February 17, 2026 | Version: 2026.02-global

This Payment Policy defines controls for balances, payouts, refunds, chargebacks, and financial risk handling to protect publishers, advertisers, and platform operations.

Financial operations may vary by jurisdiction and payment provider constraints.

Scope and Applicability

  1. Applies to all earnings, invoice adjustments, payout requests, and settlement records.
  2. Applies to advertiser charges and publisher disbursements across supported markets.
  3. Applies to payment method onboarding, verification, and method changes.
  4. Applies to anti-fraud checks, sanctions screening, and suspicious transaction review.
  5. Applies to chargeback handling, dispute resolution, and refund workflows.
  6. Applies to third-party payment processors used for fund collection or payout.

Mandatory Requirements

Settlement and Reconciliation

  • Payout-eligible earnings must reconcile with validated impression and click records.
  • Settlement schedules and cutoffs must be clearly documented.
  • Manual ledger adjustments require approval and written reason codes.
  • Pending balances remain subject to fraud and compliance review.

Payout Method Security

  • Payout account holder details must match verified account identity.
  • Bank or UPI changes require step-up verification before activation.
  • Sensitive payment data must be masked or tokenized in user interfaces.
  • Default payout methods must be visible and revocable by account owners.

Fraud and Financial Crime Controls

  • Payment activity must be monitored for anomalies and abuse signals.
  • Sanctions and restricted-party screening applies where legally required.
  • Suspicious transactions may trigger temporary payout holds.
  • Chargeback trends must be tracked with threshold-based escalation.

Prohibited Practices

  1. Using stolen payment credentials or unauthorized third-party payout accounts.
  2. Submitting false identity, tax, or banking information.
  3. Manipulating traffic metrics to inflate payable balances.
  4. Routing funds through prohibited entities or sanctioned channels.
  5. Attempting duplicate withdrawals through UI or API abuse patterns.
  6. Tampering with financial records to hide improper adjustments.
  7. Refusing required cooperation in dispute or fraud investigations.
  8. Bypassing required approval controls for high-risk payment actions.

Governance, Monitoring, and Enforcement

  1. Finance, risk, and security owners jointly review critical payment controls.
  2. Segregation of duties is required for initiation, approval, and reconciliation tasks.
  3. Payment-method changes and payout events must be fully audit logged.
  4. High-risk payout requests require enhanced due diligence before release.
  5. Material incidents trigger holds, investigation, remediation, and formal closure records.
  6. Policy exceptions require written approval, compensating controls, and expiry dates.
  7. User-facing status updates must communicate payout state and resolution path.
  8. Policy updates are versioned and announced before enforcement where feasible.

Global Source Links and Standards

  1. PCI SSC Document Library
  2. EU PSD2 Directive (EU) 2015/2366
  3. FATF Recommendations
  4. OFAC Sanctions Programs
  5. Basel Committee Publications
  6. SWIFT Customer Security Programme
  7. ISO 20022 Financial Messaging
  8. IFRS Standards Resources

Operational Interpretation and Regional Mapping

These requirements should be interpreted as global baseline controls for a live ad operations platform. Teams must map each requirement to local legal obligations, contractual duties, and traffic-source constraints before enabling production delivery at scale.

When regional regulations impose stricter standards, the stricter standard applies. Where legal ambiguity exists, operations should default to least-risk handling and documented escalation to legal or compliance owners.

Policy-to-Workflow Mapping

  • Map each policy control to one concrete workflow checkpoint.
  • Define accountable owner, review cadence, and evidence source.
  • Link policy failures to clear remediation and rollback actions.
  • Track policy exceptions with expiry and approval metadata.

Evidence and Audit Quality

  • Keep verifiable logs for approvals, enforcement, and account state changes.
  • Maintain immutable records for policy acceptance and version changes.
  • Preserve incident evidence with timestamp accuracy and actor context.
  • Support regulator and partner audits with structured evidence retrieval.

Release and Change Governance

  • Run policy impact review before major workflow or billing changes.
  • Gate high-risk releases behind compliance and security readiness checks.
  • Document rollback criteria for policy or abuse regressions.
  • Communicate material policy updates with effective-date clarity.

Extended Compliance Checklist

  1. Confirm access controls for admin, publisher, advertiser, and support roles.
  2. Verify domain ownership, sitemap coverage, and install-code integrity before launch.
  3. Validate ad creatives, landing behavior, and category eligibility rules.
  4. Ensure budget, spend, and settlement paths align with billing model selection.
  5. Run fraud and abuse controls for both ad-serving and click attribution pathways.
  6. Confirm user data handling for consent, retention, and rights-response timelines.
  7. Check payout safeguards, webhook integrity, and transaction audit visibility.
  8. Review security events, incident triage flow, and postmortem documentation quality.
  9. Ensure policy pages remain reachable, indexable, and version-consistent in sitemap.
  10. Require periodic policy refresh training for operational and support teams.

Policy FAQ for Operations Teams

How often should this policy be reviewed?

Review before each major release and at recurring governance intervals, especially when billing logic, targeting controls, or verification workflows change.

What happens if live behavior conflicts with policy text?

Live enforcement should default to safer behavior immediately, then trigger incident review and documented correction to either implementation or policy wording.

How should teams handle partner-specific requirements?

Apply partner requirements as stricter overlays where needed, while preserving baseline platform controls and maintaining auditable policy-to-process mapping.