SEC 2025 Marketing Rule Risk Alert: Key Compliance Gaps and What Firms Must Do Now
TL;DR: The SEC’s 2025 Marketing Rule Risk Alert signals a shift from understanding the rule to proving execution, with examiners focused on consistent disclosures, supervision, and recordkeeping across all marketing channels.
Overview: What the SEC’s 2025 Marketing Rule Risk Alert signals
The SEC’s 2025 Marketing Rule Risk Alert marks a clear turning point in regulatory enforcement. Rather than revisiting the fundamentals of the Marketing Rule, examiners are now focused on execution — how firms apply requirements for testimonials, endorsements, and recordkeeping in real-world marketing activity.
The Risk Alert highlights repeat deficiencies observed across multiple examinations, signaling that regulators expect firms to demonstrate consistent, provable compliance across all marketing channels, including digital and third-party platforms. For financial services firms, the message is clear: understanding the rule is no longer enough. Firms must be able to show how compliance is operationalized, supervised, and documented.
Why it matters: The SEC’s shift from Marketing Rule awareness to execution
The SEC has made it clear that firms have had sufficient time to understand the Marketing Rule, and the focus has now shifted to execution and consistency. Marketing Rule failures are increasingly treated as baseline compliance breakdowns, not early implementation issues — particularly where digital and third-party marketing is involved. The SEC is no longer asking whether firms know the rule, but whether they can execute it and prove compliance in practice.
How the SEC Is examining Marketing Rule compliance in 2025
The SEC’s 2025 Marketing Rule Risk Alert is not an educational document. It is an assessment of how firms are performing during live examinations.
Rather than explaining what the Marketing Rule requires, the SEC is calling out where firms continue to struggle applying those requirements in practice. The scope is intentionally narrow, focusing on testimonials, endorsements, and third-party ratings — but the implications are broad.
From education to execution: The SEC’s shift in enforcement
The underlying message is that firms have had sufficient time to interpret the rule. What examiners are evaluating now is whether firms can apply it consistently and demonstrate compliance in a measurable, defensible way.
From an SEC perspective, marketing compliance execution means the ability to:
- Apply required disclosures correctly and consistently
- Supervise marketing activity across internal and third-party channels
- Retain and retrieve records showing how marketing content was reviewed, disclosed, and distributed
Common Marketing Rule compliance failures identified by the SEC
The Risk Alert reads less like guidance and more like a progress report. Across examinations, the SEC observed the same deficiencies years after the rule became effective.
Disclosure deficiencies and presentation issues
Examiners continue to find:
- Missing or unclear disclosures
- Disclosures that are not presented clearly and prominently
- Disclosures delivered separately from the marketing message or added after publication
Disclosures that are buried in links, obscured by design, or disconnected from the marketing content are unlikely to meet SEC expectations.
Misclassification of endorsements and influencer relationships
Another recurring issue is the misclassification of endorsements, particularly involving:
- Influencers and promoters
- Referral arrangements
- Lead generation firms and marketing partners
In many cases, firms failed to recognize when compensation, material connections, or promotional activity triggered endorsement requirements under the Marketing Rule.
Recordkeeping and evidence gaps during examinations
Perhaps the most consistent breakdown relates to recordkeeping. While many firms have written policies in place, examiners found that firms often could not produce records demonstrating:
- How marketing materials were reviewed and approved
- When and how disclosures were delivered
- How marketing content was retained in its original context
From an examiner’s perspective, policies alone are insufficient. If records cannot be retrieved and validated, compliance cannot be demonstrated.
Why the 2025 Marketing Rule Risk Alert matters for financial services firms
The Risk Alert reinforces a broader regulatory reality: marketing compliance is no longer separate from digital communications and supervision.
Marketing compliance is now a digital supervision issue
Examiners are not simply asking whether marketing materials were approved. They are assessing whether firms can show:
- When disclosures were delivered and to whom
- How third parties and advisors were supervised
- How marketing content was captured and retained across websites, social media, email, video, and external platforms
Why execution gaps are treated as control failures
Firms that rely on fragmented tools, decentralized workflows, or third-party platforms without consistent oversight face heightened risk. The SEC is increasingly treating execution gaps as core control failures — not isolated mistakes or documentation oversights.
What financial services firms should do now to reduce Marketing Rule risk
The most effective response to the Risk Alert is operational, not theoretical. Firms should focus on three immediate areas.
Gain visibility into all marketing and third-party activity
Identify where marketing activity actually occurs, including advisor-managed social media accounts, third-party review sites, influencer content, and lead generation programs. If compliance teams cannot easily access this content, regulators will view that as a supervision gap.
Ensure disclosures are delivered clearly at the point of distribution
Assess whether disclosures are applied clearly and consistently at the moment the marketing message is delivered. Disclosures that are delayed, buried, or separated from the content are unlikely to satisfy SEC expectations.
Strengthen marketing recordkeeping and evidence retention
Evaluate whether marketing communications, approvals, and disclosures can be captured, retained, and produced promptly during an examination. Records must be retrievable in their original context — not reconstructed after the fact.
Using checklists to operationalize Marketing Rule compliance
For higher-risk marketing activities such as testimonials, endorsements, and third-party ratings, firms should consider using rule-specific checklists.
A checklist translates dense regulatory requirements into a repeatable, defensible decision-making process. If a firm cannot walk through a checklist and demonstrate that each condition was met, it should think carefully before publishing the content.
How Smarsh can help
Smarsh helps financial services firms operationalize Marketing Rule compliance across digital communications and marketing channels.
With Smarsh, firms can:
- Capture marketing communications across websites, social media, email, messaging platforms, and third-party sources
- Supervise advisor and third-party marketing activity with consistent oversight
- Retain required records in their original context to support SEC examinations
- Demonstrate how disclosures were delivered, approved, and preserved
By centralizing visibility, supervision, and retention, Smarsh enables firms to move from policy-based compliance to execution-ready compliance — aligned with how the SEC is examining firms today.
From awareness to proof: What the SEC expects next
At Smarsh, we work with financial services firms navigating these exact challenges. The 2025 Marketing Rule Risk Alert reinforces what many firms are already experiencing: compliance risk increasingly stems from execution gaps in digital marketing and communications, not from a lack of regulatory awareness.
The SEC is no longer asking whether firms understand the Marketing Rule. It is asking whether they can prove compliance consistently, across channels, and at scale.
Firms looking to go deeper should examine how marketing communications are captured, supervised, and retained — particularly where third parties or advisor-managed platforms are involved.
Share this post!
- SEC 2025 Marketing Rule Risk Alert: Key Compliance Gaps and What Firms Must Do Now - December 30, 2025
- Beyond Email: Supervising Modern Communications - November 25, 2025
- Generative AI: What’s Next for Financial Services - November 24, 2025
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
More Resources
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing [email protected].
FOLLOW US