HomeTrainingFinancial Services Marketing › Module 2: FINRA & SEC Compliance for Marketers
RGM-FS-02 · Financial Services Marketing · Module 2 of 6
RGM° · Training

FINRA & SEC Compliance for Marketers

FINRA Rule 2210 and SEC 206(4)-1 are the master documents every finserv marketer needs to internalize. This module covers what they actually say, the recordkeeping and review workflow that makes a marketing function compliant, and the recurring enforcement patterns to learn from.

What you will learn in this module

  1. The four-document framework of FINRA Rule 2210
  2. The principal review and approval workflow
  3. Recordkeeping requirements under SEC 17a-4 and FINRA 4511
  4. The SEC Marketing Rule for RIAs (206(4)-1, revised 2022)
  5. Testimonials, endorsements, and influencer marketing under the new rules
  6. Performance advertising: GIPS, net-of-fees, and the hypothetical-performance trap
  7. Social media: rules for static vs interactive content
  8. Email marketing rules and the FINRA principal-approval requirement
  9. What triggers "filed" content vs. internal-only review
  10. Common enforcement patterns: the recurring fact patterns in AWC settlements
  11. Building a finserv-compliant marketing workflow

1. The four-document framework of FINRA Rule 2210

FINRA Rule 2210 is the master rule for broker-dealer communications with the public. It divides every piece of marketing material into one of three communication categories, each with its own review and filing requirement.

CategoryDefinitionReview requiredFiling
Retail communicationAny written or electronic communication distributed or made available to more than 25 retail investors in a 30-day periodPrincipal approval before first use (with limited exceptions)Filing with FINRA Advertising Regulation Department required for some categories (e.g., mutual funds, options, security futures, registered investment companies)
CorrespondenceWritten or electronic communication distributed or made available to 25 or fewer retail investors in a 30-day periodSubject to supervision and review per firm WSPs (Written Supervisory Procedures)Not filed
Institutional communicationWritten or electronic communication distributed or made available exclusively to institutional investorsSubject to supervision per WSPs; no individual approval requiredNot filed

The 25-retail-investor threshold is the trigger every marketer must memorize. A single LinkedIn post, in practice, is almost always retail communication. A targeted email to fewer than 25 retail clients can be correspondence.

Content standards under Rule 2210(d)

Beyond the procedural rules, Rule 2210(d) sets content standards. The headline requirements:

Anti-pattern: "Our strategy has historically delivered 12% annual returns." Even if true, this language implies future performance unless paired with required disclosures and the right comparison context. The same statement reframed as "Past results, as of [date], reflect a 12% annualized return; past performance does not guarantee future results" with required disclosures and benchmark context is defensible.

2. The principal review and approval workflow

Most retail communications require approval by a FINRA-registered principal (Series 24 license, or specialized licenses for options/research) before first use. The workflow:

  1. Marketing drafts the piece against an internal style guide and copy checklist.
  2. Marketing self-checks against the FINRA rule and prior enforcement patterns.
  3. Compliance / legal reviews and edits.
  4. A qualified registered principal documents approval (sign-off, timestamp, version captured).
  5. The approved piece, the approval record, and any subsequent edits are archived per recordkeeping rules.
Pro tip: Build a copy-deck template that includes a "compliance checklist" column next to every line of body copy. This pre-checks for the most common errors (forward-looking claims, missing disclosures, performance language, unsubstantiated rankings) before sending to the principal. It cuts review cycle time by 50 - 70% and reduces the number of "kicked back" approvals.

3. Recordkeeping under SEC 17a-4 and FINRA 4511

Every piece of marketing material that goes through principal approval must be retained, along with the approval record, for the period specified by the applicable rule:

RuleRetention periodFormat
SEC 17a-4(b)(4) — advertising3 years; first 2 readily accessibleWORM (write once read many) or equivalent
FINRA 4511 — general recordsPer applicable SEC rule (typically 3 - 6 years)Per SEC 17a-4 storage rules
Investment Advisers Act 204-25 years (first 2 in office)Books and records
FINRA 2210 communications3 years from last use; first 2 readily accessibleInclude approval record

The "WORM" storage requirement means you cannot use a generic content management system that allows edit/delete. Specialized vendors — Smarsh, Global Relay, Proofpoint, Hearsay — provide compliant archiving. If your firm uses Slack, Microsoft Teams, or LinkedIn for business communications, those must also be archived in compliant form.

4. The SEC Marketing Rule for RIAs (206(4)-1, revised 2022)

The SEC's revised Marketing Rule replaced the old "Advertising Rule" and "Cash Solicitation Rule" with a unified framework. It took effect November 4, 2022, with compliance required by November 4, 2022. The rule applies to registered investment advisers.

What is now an "advertisement"

The rule defines two types of advertisement:

  1. Direct or indirect communication made by an adviser to more than one person that offers advisory services or new advisory services to current clients with regard to securities.
  2. Any endorsement or testimonial for which an adviser provides cash or non-cash compensation directly or indirectly.

This is a much broader definition than the prior rule. A LinkedIn post, a podcast interview, a website page, an email blast, a referral arrangement, and an influencer post can all qualify.

Seven categories of prohibited conduct

The rule prohibits:

  1. Untrue statements of material fact or omissions that make a statement misleading.
  2. Unsubstantiated material statements of fact.
  3. Untrue or misleading implications or inferences.
  4. Statements that discuss benefits without providing fair and balanced treatment of associated risks.
  5. References to specific investment advice that are not presented in a fair and balanced manner.
  6. Inclusion or exclusion of performance results that is not fair and balanced.
  7. Otherwise materially misleading communications.

5. Testimonials, endorsements, and influencer marketing under the new rules

The biggest practical change in the 2022 rule is the explicit allowance — with conditions — of testimonials and endorsements. Conditions:

For influencer marketing specifically: any paid social media post by an influencer on behalf of an RIA is an advertisement under the rule and must include the required disclosures in a clear and prominent way within the post itself — not buried in a footer or linked-to disclosure page.

6. Performance advertising: GIPS, net-of-fees, and hypothetical performance

Performance advertising is the most heavily regulated area of finserv marketing. Three rules that matter:

Net vs gross of fees

If gross performance is presented, net performance over the same time periods must also be presented with at least equal prominence and on a calculation basis that reflects the fees, costs, and expenses the client would pay.

Time periods

If any performance is presented for a period less than one year, performance results for one-, five-, and ten-year periods (or the period since inception, if shorter) calculated as of the most recent calendar year-end must also be presented.

Hypothetical performance

Hypothetical performance (including back-tested, model, projected, or target returns) is prohibited unless the adviser adopts policies reasonably designed to ensure the performance is relevant to the intended audience, provides sufficient information to understand the criteria and assumptions, and provides information sufficient to understand the risks and limitations.

Anti-pattern: Marketing landing pages that show a "growth of $10,000" chart based on back-tested allocation models, without prominent disclosure of methodology, fees deducted, benchmark, and inception. This is one of the most common SEC examination findings for RIAs and one of the most common AWC fact patterns at FINRA.

7. Social media: rules for static vs interactive content

FINRA Regulatory Notice 17-18 and 10-06 (as updated) split social media into two categories:

The line is fuzzier in practice than in theory. A firm-account post that is "interactive" but boosted with paid media becomes retail communication. A registered rep's personal LinkedIn that discusses securities business is firm business and subject to firm WSPs.

8. Email marketing rules

Email blasts to more than 25 retail investors in 30 days are retail communications and require principal approval. The principal review must occur before first use of the template; subsequent personalization (merge fields, dynamic content) is acceptable if the personalization logic does not change the substance.

Dynamic content systems (Salesforce Marketing Cloud, Iterable, Braze) that allow conditional content blocks require careful policy: every possible rendered version must be in scope of the approved review.

9. Filed content vs. internal-only review

Some retail communications must be filed with FINRA Advertising Regulation:

FINRA charges per-filing fees and provides comment letters that often require revisions. Build filing time into product launch calendars.

10. Common enforcement patterns

If you read 50 FINRA AWC (Acceptance, Waiver, and Consent) settlements, the same fact patterns appear:

  1. Influencer or representative social media posts about products without disclosure, without principal review, and without archiving.
  2. Performance claims without required disclosures or comparison context.
  3. Forward-looking statements ("you can expect," "this will outperform") in retail communications.
  4. Cherry-picked time periods for performance.
  5. Inadequate supervision of registered representatives' outside communications.
  6. Inadequate archiving of business communications conducted on personal devices or apps.

FINRA publishes Examination and Risk Monitoring Reports annually; reading the marketing/communications section is the single highest-leverage compliance-prep activity for a finserv marketing leader.

11. Building a finserv-compliant marketing workflow

A working compliant workflow has six components:

  1. WSPs (Written Supervisory Procedures) that explicitly cover marketing — updated annually.
  2. A compliance-aware content management system with approval workflow, audit trail, and integration with the WORM archive.
  3. A compliant archive covering email, social, chat, and recorded calls.
  4. A copy checklist that pre-checks the recurring failure patterns.
  5. A registered principal (or panel) with capacity to review at the speed of the marketing roadmap.
  6. An annual training program for marketers covering FINRA rule updates, SEC Marketing Rule, fair-lending considerations, and the firm's WSPs.
How to use this module: Print the rule map in Section 1, the recordkeeping table in Section 3, and the prohibited-conduct list in Section 4. They are the daily reference for finserv marketing decisions.

Sources & further reading

Part of the Financial Services Marketing series · RGM Training