Industry Insight

Avoiding Social Media Advertising and Marketing Compliance Missteps

August 02, 2023by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing

Social media platforms have become popular for financial services firms and investment advisers to engage with clients, prospective clients and investors. But failing to understand the regulatory rules as they apply to social media marketing and advertising practices could open the firm to compliance risk and reputational damage.

Featured Social Quick Hit 650x330


In our recent webinar, Compliance Quick Hits – Social Advertising in 20 Mins, our industry experts discussed key requirements and prohibitions under the SEC’s Marketing Rule and FINRA’s Advertising Rule; and how to avoid common compliance missteps regarding social media marketing and advertising practices.

Below is a summary of critical points from that discussion.

Social media advertising and marketing rules

Annie Kong, senior managing director at regulatory compliance consulting group IQ-EQ, said she has seen a “monumental shift” in how firms and advisers engage with prospective clients and investors, specifically as it applies to social media.

Additionally, more firms are using social media platforms like TikTok and YouTube for marketing purposes, creating promotional videos of themselves and the firm, or highlighting various aspects of their business.

The SEC’s Marketing Rule, which entered into force in November 2022, is the main rule that governs investment advisers’ marketing communications testimonials and endorsements in advertisements. Under the rule, all advertisements containing testimonials much include a disclosure stating if the promoter is a client and whether they were compensated. The Marketing Rule further prohibits advisers from displaying performance results in an advertisement unless certain requirements are satisfied.

Kong noted that the Marketing Rule has prompted many questions not only from firms who want to understand its implications better but also from the SEC during exams. The SEC wants to know how firms have revised their marketing and advertising policies, procedures, and practices.

Firms also have certain books and records obligations, including digital communications on social media platforms. SEC Rule 204-2 specifies what written communications investment advisers must retain and be able to produce upon request during an SEC exam, while FINRA has its own rules governing social media communications.

Advisers should read and understand these rules and tailor them to their firm. Also, firms must be able to substantiate any claims they make in the marketing materials they produce and distribute.

Firms must also implement supervisory controls for static content versus interactive communications. Static content is content that doesn’t change often—for example, a description of the business or the services the firm provides. Interactive content, on the other hand, typically occurs in real-time and applies to things like social media activities for engagement purposes, such as videos with live feeds.

Tiffany Magri, a regulatory advisor at Smarsh, noted that, “It’s important that firms understand the difference and that the review and supervision process will look slightly different for static content compared to interactive content.” Under FINRA rules, static content must be approved by a registered principal prior to use and sometimes may be required to be filed with FINRA.

Social advertising best practices

Define the business goal of social media usage

Compliance should understand the use case for why the firm wants to use social media, how advisers are interacting with customers and investors, and what kind of social media platforms the firm uses or would like to use. Answering those questions will help put a compliance lens around the firm’s social media activities.

Create social media policies and procedures

Create social media policies and procedures defining how digital communications will be managed from a supervision standpoint. Also, consider how the firm’s marketing and investor relations teams, often responsible for creating and posting this material, interact with compliance.

Build rapport across the business

“In order to have effective and tailored compliance policies and procedures, compliance needs to have that rapport with the various team members and the stakeholders that have a part in this,” Kong said. “It’s an ongoing iterative process that involves compliance, but also the rest of the organization’s buy-in and input.”

Some firms have created a social media task force to achieve this, Magri noted. The IT team should also be looped in because certain applications may have functionalities that require IT approval, or IT may be involved in implementing a new application to improve monitoring or supervision of social media postings.

The IT team may also need to be involved with record retention. Where are you storing digital communications? How are you screen grabbing posts?

Be aware of the social media platform’s features

Be aware of the type of features each social media platform offers and what supervisory controls need to be put in place based on how the firm wants to utilize those features. With many of these features, “if you can’t comply with the rules, if you can’t capture and retain them and supervise them, you can’t use them,” Magri said. The firm should understand whether certain features can be turned off and whether a new policy should be in place prohibiting using certain features.

A common compliance misstep is when a firm’s compliance department approves a particular social media post on a specific social media platform, which the firm then reposts on a different platform.

“That platform might not have the same features or might look different to the viewer or the receiver,” Kong said. Those sorts of communication measures need to be considered from a compliance perspective.

Train employees

Guiding employees on understanding the rules of the road on what they are and are not allowed to post is another important consideration. Having that message come from leadership and getting senior leadership buy-in to ensure everyone is on the same page is equally important.

Stay apprised of new technology features

Remaining informed and well-versed in new features — or updates to features that may be added to a social media platform — ensures the firm continues to utilize the platform compliantly. For example, if an application has a new chat feature through which employees receive messages from clients, those conversations will need to be archived. If those communications aren’t being archived, how can those conversations be moved to where they can be archived? And do employees need to be retrained on those new features?

Stay on top of regulatory guidance

Firms seeking additional guidance on compliant social media advertising and marketing practices should keep watch for updated regulatory guidance, such as the SEC’s Frequently Asked Questions on the Marketing Rule or FINRA guidance related to social media practices.

Compliance and legal counsel can provide additional feedback, as they often engage with the SEC and can offer insight on what they are observing while sitting in on SEC and FINRA exams.

Court decisions may signal additional forewarnings about where potential regulatory risks might lurk. For example, the U.S. District Court of the Southern District of New York found that the use of certain emojis—such as the rocket ship, the stock chart and the money bags emojis—“objectively mean one thing: a financial return on investment.” From an enforcement standpoint, certain emojis may constitute a securities law violation and should also be supervised from a compliance standpoint.

While social media platforms are great for reaching audiences and building credibility, the space is filled with landmines of risk. Expect regulators to continue refining guidelines and handing out hefty fines to offenders. Moving forward, the best way to avoid non-compliance and mitigate risk is to pay close attention to evolving regulations, choose your technology partners wisely, and frequently update policies and training.

Share this post!

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.