How Merchant of Record reduces your Legal & Compliance risk
Ishani Sahai
Legal & Compliance
Nov 17, 2025
|
6
min
Table of Contents
SaaS companies selling globally face a list of requirements: collecting the right taxes, issuing local invoices, honoring consumer-protection and refund rules, performing KYC checks, protecting data privacy, handling chargebacks, and potentially obtaining any necessary licenses.
A Merchant of Record (MoR) can shoulder many of these obligations. The MoR’s name appears on the customer’s invoice, and it legally takes on payment processing, tax remittance, invoicing, refunds and other regulatory duties.
What is a Merchant of Record?
A Merchant of Record for SaaS is essentially the company that officially sells your software or subscription to the end customer. Instead of your startup registering and remitting sales taxes in every country, the MoR registers as the seller, processes the payment, and handles the paperwork.
In this setup, two transactions occur: the customer pays the MoR, and the MoR then pays your company. As the legal seller, it takes on the responsibility for various financial and legal obligations, freeing up your team to innovate.
Where Legal & Compliance Risk Lives for SaaS Sellers
Even with a great product, SaaS founders often find that selling SaaS globally brings many hidden risks. For example:
Tax collection & remittance: Each country has its own rules for digital goods and services. The USA alone has 11,000 sales-tax jurisdictions. Not tracking these can lead to hefty fines.
Multi-jurisdiction invoicing: Many markets have strict invoice requirements. Issuing non-compliant invoices risks penalties or angry customers.
Local consumer-protection laws: Some regions require specific refund policies or disclosures. EU consumer law imposes mandatory withdrawal rights for digital subscriptions, which differ significantly from the U.S., where consumer-protection rules are more fragmented and state-specific
KYC or AML checks: Cross-border transactions may require verifying customer identity to prevent fraud or money laundering. Setting up global KYC/AML processes can be burdensome.
Data privacy and residency: Regulations like the EU’s GDPR or California’s CCPA restrict how customer data is stored and processed. In some countries, data must stay on local servers, complicating your architecture.
Chargebacks & fraud: International payments carry higher fraud risk. Chargeback disputes can be costly and time-consuming.
Licensing and restricted goods: If your SaaS involves regulated content, financial data tools, healthcare info, gambling, crypto, etc., you may need special licenses in certain countries.
How a Merchant of Record Handles Legal & Compliance
A Merchant of Record addresses these Compliance pain points.
Tax collection & remittance:
The MoR registers and files tax returns in the necessary jurisdictions. They calculate the sales tax or VAT at checkout and remit payments on time. Saving you hours of work and minimizing risk.
Invoicing & local receipts:
As the MoR is the seller on record, its name and address appear on the bill. This doesn’t usually impact the conversion rate, since the MoR provides an optimized checkout experience. It takes on compliance credibility, while you retain control over product pricing and marketing.
Data & privacy compliance:
Leading MoRs invest in data security and privacy programs. They typically maintain GDPR/CCPA compliance and PCI-DSS certification for payment data. This means when customers buy, the MoR’s systems automatically follow privacy laws.
Many MoRs also offer multi-region data storage to meet residency requirements. Still, you should clarify data ownership and access in your contract, ensuring you can export customer records and transaction logs on demand.
Chargebacks, refunds and disputes:
It also handles chargebacks, refunds, and billing disputes. If a customer disputes a credit-card charge, the MoR manages the entire process. Your team no longer has to fight dozens of disputes, the MoR’s compliance team deals with them using specialized expertise.
Jurisdictional Issues When Your MoR Is Registered Abroad
Working with a Merchant of Record based in another country introduces questions about governing law and cross-border compliance. Typically, your contract will specify a governing law and a dispute resolution forum.
However, even if the MoR is overseas, local customer protections or tax laws may still apply at the point of sale.
For example, an EU customer might still enjoy certain mandatory rights, like the right to withdraw from a purchase regardless of the MoR’s home-country rules. Likewise, tax authorities may still investigate if they think your product triggers a taxable presence.
Which laws apply:
Always review the contract’s governing-law clause. It should clearly state which country’s law governs transactions. Keep in mind that consumer-protection and tax laws often follow the customer, a court may enforce local rights even if the contract chooses a different jurisdiction.
How conflicts are resolved:
The MoR agreement should outline dispute resolution like, specifying international arbitration or local courts. Parties often agree that disputes go to arbitration or a particular court. Without a clear clause, courts use “choice of law” rules which can be unpredictable.
Red flags to watch:
Check if the MoR excludes any regions or products. Many MoRs prohibit sales in sanctioned countries (e.g. Iran, North Korea) or for regulated products (such as gambling, certain healthcare apps, or crypto services) that require special licenses.
Make sure the MoR’s coverage matches your target markets and product scope. If you plan to enter a high-risk jurisdiction, confirm the MoR’s compliance processes.
Contract Clauses to Require from Your Merchant of Record
When negotiating with a Merchant of Record, be explicit in your contract. Key clauses should include:
Tax Remittance Responsibilities:
The agreement should state exactly what taxes the MoR will collect and pay in each jurisdiction.
For example: Merchant of Record will register for, collect, and remit all applicable sales taxes and VAT for Covered Territories. As it takes responsibility for any sales tax liability on the transactions it handles.Indemnity and Liability:
Clarify who bears fines or legal penalties. Ideally, the MoR indemnifies you for any compliance failures on its part and covers any fines.
Conversely, you may need to indemnify the MoR for issues arising from your end (e.g. product-related regulatory violations).Data Ownership and Portability:
State that your company retains ownership of all customer and transaction data. The contract should ensure you can export or receive a full copy of data, like invoices, customer contacts, subscription logs at any time. If not, then an ending MoR partnership could lock you out of vital records.
Termination & Transition Assistance:
Require the MoR to help with a smooth transition if you end the relationship. For example, include that the MoR will transfer any recurring billing arrangements back to you or to a new provider, and will provide all billing and customer data in a usable format on termination.
Audit Rights and Reporting Cadence:
Include a contractual right to verify the MoR’s compliance, not as a threat, but as a routine check. The MoR must deliver regular reports.
You can also require the option to commission an independent third-party compliance or security audit if needed. These provisions create transparency and give you documented evidence that the MoR is meeting its obligations, rather than leaving compliance to assumption.
When an MoR Is Not Enough
A Merchant of Record is powerful, but it has limits. Scenarios where you may still need additional measures include:
Local presence triggers: If your company establishes significant local operations like hiring employees, renting servers, or simply hitting large revenue thresholds, you might create a “permanent establishment” for tax purposes.
Regulated products/services: Selling in certain industries (financial services, healthcare, legal, gambling, etc.) often requires special licenses or compliance programs.
An MoR typically handles standard SaaS transactions, but it won’t magically grant you a license to provide regulated advice or services. You’ll still need to manage industry-specific compliance.High-risk or restricted jurisdictions: Some countries have unique rules, like, China’s cybersecurity regulations or Russia’s data localization laws that go beyond an MoR’s scope.
Sanctioned or high-risk markets may even be off-limits for some MoRs. In these cases, you may need local legal advice or partnerships to safely operate.
Next Steps for SaaS Founders
Make a list of all countries and regions you sell to or plan to. Identify any local compliance needs in each.
If you already have an MoR, verify exactly which territories and responsibilities it covers. If not, vet MoR providers, do they handle sales tax in all your target markets? Do they support your currencies and payment methods?
Use the clauses above to frame your MoR agreement. Don’t accept a boilerplate, ensure you have tax, data, liability and termination terms that protect you.
Before fully committing, simulate a sale through your MoR in a couple of different markets. Check the invoice issued, confirm the tax amount and registration, and see how refunds and data exports work. This helps uncover gaps early.
Final Thoughts
A Merchant of Record can dramatically simplify your legal & compliance risk when selling SaaS globally. An MoR saves your business hours of manual work and removes risk.
That said, remember: using an MoR is not a license to ignore compliance entirely. You still need to ensure your own product and marketing comply with the law, and that your customer agreements are solid. The MoR simplifies many tasks, but ultimate accountability for your business remains yours.
This article reflects general principles and does not constitute legal advice. For guidance on your specific obligations, consult legal counsel in the relevant jurisdiction.
