SEC-Enforcement Client Communication Standards and Approval Requirements

To meet the sec-enforcement client communication standards and approval requirements requirement, you must (1) restrict client-facing business communications to approved, supervised, and retained channels, and (2) implement a documented pre-use approval and version-control process for advertisements and other in-scope client communications so nothing false or misleading is disseminated ¹. The SEC’s 2025 exam priorities keep Marketing Rule compliance in scope for examinations ².

Key takeaways:

• Treat “client communications” as a supervised, auditable system: channels, capture, review, escalation, and retention.
• Tie approvals to the exact final version sent externally; informal “looks good” approvals are hard to defend in an exam.
• Reduce exposure by technically enforcing approved channels and continuously testing compliance through supervisory sampling ².

This requirement is about controlling what your firm and its personnel say to clients and prospects, where they say it, and how you prove it was reviewed (when review is required). Under the SEC’s Investment Adviser Marketing Rule, it is a fraudulent, deceptive, or manipulative act for an investment adviser to disseminate an advertisement containing an untrue statement of material fact or that is otherwise false or misleading ¹. In practice, that standard forces you to operationalize two things: (1) content governance (what claims are allowed, and what substantiation is required), and (2) communication governance (which channels are permitted, captured, and supervised).

The operational failure mode exam teams repeatedly pressure-test is simple: business happens in real time, employees default to convenient tools (text, WhatsApp, personal email), and marketing content “drifts” after approval. If you cannot show (a) what was actually sent, (b) who approved it, and (c) that the approved version matches what went out, you are left defending intentions instead of controls. The SEC has stated it will focus on compliance with recently adopted SEC rules including the Marketing Rule ². Your implementation goal is exam-ready evidence, not just policy language.

Regulatory text

Operator standard: An investment adviser must not disseminate any advertisement that includes any untrue statement of a material fact, or that is otherwise false or misleading ¹.

What that means operationally

• You need a repeatable review/approval process for advertisements (and other in-scope promotional communications) that prevents false or misleading statements from being sent.
• You need communication channel controls so you can supervise business communications and retrieve records that show what was communicated and approved.
• You need traceability between the content reviewed and the content disseminated (final version control).

The SEC also signals ongoing exam focus: “The Division will focus on compliance with recently adopted SEC rules including the Marketing Rule” ². Treat this as an examination-readiness requirement, not a one-time policy update.

Plain-English interpretation (what the requirement is asking you to do)

For client-facing messages that function as advertising or marketing (broadly understood as promoting advisory services), you must:

1. Control the claims: Only allow statements you can support; avoid language that could mislead through omission, exaggeration, or lack of context ¹.
2. Control the workflow: Require review and sign-off before distribution when your policy calls for it; document who approved, what they approved, and when.
3. Control the channels: Limit business communications to approved systems that can be supervised and retained; detect and remediate off-channel activity.

Who it applies to

Entity types

• Registered Investment Advisers (RIAs) subject to the Marketing Rule ¹.

Operational contexts where this shows up

• Marketing collateral: pitch decks, fact sheets, website pages, social media posts, newsletters.
• Business development communications: emails or messages to prospects describing performance, strategies, fees, testimonials/endorsements, or differentiators.
• Client updates that cross into promotional framing (for example, “why our approach is superior” style commentary).

Functions involved

• Compliance (policy owner, approvals, testing)
• Marketing (content creation, distribution)
• Investor relations / client service (ongoing client communications)
• Portfolio team leadership (source of claims about strategy/performance)
• IT/Security (approved tools, capture/retention, access control)

What you actually need to do (step-by-step)

Step 1: Define “in-scope communications” and classify them

Create a short classification scheme your teams can apply quickly:

• Category A: Advertisements / marketing materials (highest control)
• Category B: Client communications with promotional claims (controlled templates or required review when claims change)
• Category C: Purely operational messages (meeting scheduling, administrative updates)

Write clear triggers for Category A/B review, such as:

• Any statement about performance, expected outcomes, rankings, comparisons, or “best” claims.
• Any new product/strategy description or material change to a prior statement.

Step 2: Publish an approved-channels standard (and enforce it)

Define which systems are permitted for business communications (examples: corporate email, approved CRM messaging, approved collaboration tools). Then do the hard part: enforce.

• Disable or restrict forwarding to personal email where feasible.
• Require mobile device management (MDM) enrollment for any device used for business messaging.
• Block unapproved apps on managed devices where possible.

Your goal is fewer places where “business talk” can happen without supervision or retention.

Step 3: Implement capture and retention for in-scope communications

For every approved channel, confirm:

• Capture: messages are ingested into an archive (email, mobile, collaboration platforms).
• Search: compliance can retrieve by person, date range, client name, and keyword.
• Integrity: records are immutable or have defensible audit logs.

If a channel cannot be captured reliably, it should not be an approved business channel.

Step 4: Build a pre-use approval workflow that is version-tight

Minimum viable approval workflow elements:

• Unique ID for each marketing item (deck, email template, web page).
• Version control (v1, v2, etc.) and a “final approved” status.
• Approver roles (Compliance required; Legal/Portfolio optional based on content).
• Distribution lock: only the approved file/link can be distributed (or distribution requires attaching the approved artifact).

Practical pattern: approve the exact PDF exported for distribution, not a draft PowerPoint that can be edited after approval.

Step 5: Substantiation and “claim files” for anything that could be misleading

For each material claim in an advertisement, maintain a “claim file” that includes:

• Source data (internal calculations, third-party reports if used)
• Assumptions and calculation methodology
• Required disclosures or context language (what must accompany the claim)

This is how you defend that the statement is not untrue or misleading ¹.

Step 6: Supervisory sampling, escalation, and remediation

Run ongoing testing across:

• Channel compliance: look for off-channel indicators (client mentions in texts, screenshots, calendar notes referencing WhatsApp, etc.).
• Content compliance: sample outbound communications for prohibited or unsupported claims.

Document:

• Findings
• Escalations (who was notified, when)
• Remediation (training, disciplinary steps, content takedowns, corrected communications)

The SEC has indicated it will focus on Marketing Rule compliance ². A living supervision program addresses that reality.

Step 7: Train and certify personnel (with teeth)

Train staff on:

• Approved channels and prohibited channels
• What must be pre-approved
• How to request review quickly
• Consequences for off-channel communications

Collect annual attestations tied to the policy, and treat repeat exceptions as a supervisory issue.

Required evidence and artifacts to retain (exam-ready)

Keep these artifacts organized by time period and business line:

Policy and governance

• Client communications / marketing policy with approved channels list
• Roles and responsibilities (Compliance, Marketing, Supervisors, IT)

Approvals and versioning

• Approval tickets/workflow logs with timestamps and approver identity
• Final approved artifacts (PDFs, screenshots of web pages, email templates)
• Change logs showing what changed between versions

Substantiation

• Claim files for marketing assertions (data, methodology, disclosures)

Records and retention

• Communications archive configuration evidence (systems in scope, retention settings)
• Access logs or audit trails showing Compliance retrieval capability

Supervision

• Sampling plans, review checklists, exception logs
• Escalation and remediation tracker
• Training completion records and attestations

Common exam/audit questions and hangups

Expect questions like:

• “Show me how a marketing piece moves from draft to approved to distributed. Where is the final approved version stored?”
• “How do you prevent employees from using personal texting or unapproved apps for client communications?”
• “Demonstrate you can retrieve all communications for a particular employee and client name.”
• “What testing do you do to detect off-channel communications or unapproved claims?”
• “How do you substantiate material statements so they are not false or misleading?” ¹

Hangups that slow exams:

• Approvals exist, but the firm cannot prove the approved version is what was sent.
• Retention exists for email, but not for mobile or collaboration tools.
• Marketing has a workflow; investor relations does not.

Frequent implementation mistakes (and how to avoid them)

1. Policy-only approved channels. Fix: add technical controls (MDM, app restrictions, archiving) and exception monitoring.
2. “Approval by email” with no version lock. Fix: route approvals through a system that stores the exact approved artifact and its hash or immutable record.
3. No claim substantiation package. Fix: require a claim file before approval is granted for any performance/strategy/fee-related statement.
4. Sampling without consequences. Fix: tie exceptions to remediation actions and supervisory follow-up; document closure.
5. Over-scoping everything as marketing. Fix: classify communications and focus pre-approval where risk is highest, while still supervising channels broadly.

Enforcement context and risk implications

Even without citing specific enforcement cases here, the risk is direct: if an advertisement is false or misleading, dissemination can constitute a fraudulent, deceptive, or manipulative act under the Advisers Act framework ¹. Separately, exam focus raises the probability that your controls are tested for design and operation, including whether your firm can evidence supervision and approvals in practice ². The operational risk includes regulatory findings, remediation mandates, and reputational exposure if inaccurate statements reach clients.

Practical 30/60/90-day execution plan

Days 0–30: Stabilize channels and approvals

• Publish the approved channels list and prohibited channels list; require leadership acknowledgement.
• Inventory all client communication tools in use (email, mobile, collaboration, social).
• Stand up a basic marketing approval workflow with version control (even if manual in a ticketing tool).
• Start a weekly exception log for off-channel reports and unapproved materials.

Deliverables: approved-channels standard; draft workflow; initial tool inventory; exception log template.

Days 31–60: Implement capture/retention + tighten version control

• Turn on archiving for approved channels; validate retrieval by running test searches.
• Require MDM enrollment for business mobile access; restrict unapproved messaging apps on managed devices where feasible.
• Convert common outbound communications into approved templates (emails, decks).
• Build claim file templates and require them for new/updated marketing items.

Deliverables: archiving evidence; retrieval test results; template library; claim file template and first completed files.

Days 61–90: Prove supervision works (and document it)

• Launch supervisory sampling across business lines; document findings and remediation.
• Run a “walkthrough drill” for an exam request: pick an employee, retrieve communications, show approvals and final versions.
• Update training and roll out attestations tied to the approved channels and approval rules.
• Add metrics that matter operationally (volume reviewed, exceptions found, time-to-approve) without turning it into vanity reporting.

Deliverables: sampling reports; exam-ready walkthrough packet; training logs; remediation tracker with closures.

Where Daydream fits (practically) If you are coordinating approvals, evidence, and exceptions across Marketing, Compliance, and IT, Daydream can serve as a system of record for the workflow, artifact storage, and audit-ready reporting. The main win is reducing the time you spend reconstructing who approved what and which version went out.

Frequently Asked Questions

Do all client emails need pre-approval under this requirement?

No. Focus pre-approval on advertisements and communications that make marketing claims or could be misleading ¹. Keep all business communications on approved, retained channels so you can supervise them.

What counts as an “advertisement” for our purposes here?

Treat communications that promote advisory services or include material claims about strategy, performance, or differentiators as in-scope for enhanced review ¹. If your team debates it, route it for review and document the decision.

How do we prove the approved version is the one that was disseminated?

Store the final approved artifact (for example, the exact PDF) in the approval system and require distribution from that stored version. Keep the approval log tied to the file/version identifier.

We allow texting with clients. What control is non-negotiable?

If texting is allowed, it must be on an approved platform that captures and retains messages in a searchable archive. If you cannot capture it, remove it from the approved channel list.

How much sampling is enough for supervisory reviews?

Set a risk-based sampling plan that covers each channel and each client-facing function over time, then adjust based on exceptions. Examiners care that supervision operates, produces findings when warranted, and results in remediation ².

Can we rely on a marketing agency or other third party to manage approvals?

A third party can support drafting and workflow, but you still need internal governance that prevents false or misleading advertisements and retains evidence of review ¹. Contract for cooperation on records, versioning, and substantiation artifacts.

Related compliance topics

• 2025 SEC Marketing Rule Examination Focus Areas
• Arizona Investment Adviser Advertising Rules and Disclosure Requirements
• Best Execution: 2025 Standards (SEC Trend)
• Best Execution: Fiduciary Duty (SEC 206)
• Best Execution: Trade Allocation (SEC 206)

Footnotes

1. 17 CFR 275.206(4)-1(a)(1)

2. 2025 Exam Priorities