SEC-Enforcement Client Communication Standards and Approval Requirements

To meet the sec-enforcement client communication standards and approval requirements requirement, you must (1) restrict business communications to approved, supervised channels, (2) capture and retain in-scope messages, and (3) implement provable pre-use review/approval for client-facing advertisements so nothing false or misleading is disseminated under the SEC Marketing Rule. Tie every approval to the exact version that was sent.

Key takeaways:

• Treat “client communications” as a supervised system: channels, content rules, approvals, and retention must work together.
• Examiners will ask for proof that what you approved is exactly what went out, and that off-channel messaging is prevented or detected.
• Build controls around the Marketing Rule’s “no untrue or misleading advertisement” standard and document the workflow end-to-end. ¹; ²

This requirement shows up in exams as a simple question with a hard operational answer: “How do you control what your employees say to clients and prospects, and can you prove it?” For Registered Investment Advisers (RIAs), the SEC’s Marketing Rule prohibits disseminating advertisements that include untrue statements of material fact or are otherwise false or misleading. ¹ The fastest way to fail this requirement is to treat it as a policy-only exercise, while teams continue to communicate through unapproved channels, or approvals happen informally without a preserved record of the exact message that was published.

Operationalizing this requirement means you define “in-scope communications,” set approved channels, harden those channels with technical controls where feasible, route advertising through a documented approval process, and retain records that let you reconstruct what happened during a review, exam, or investigation. The SEC has stated it will focus on Marketing Rule compliance in examinations. ² Your goal is to make compliance the default: employees can do their job, and your firm can evidence supervision without scrambling.

Regulatory text

Regulatory excerpt (Marketing Rule): “It shall constitute a fraudulent, deceptive, or manipulative act, practice, or course of business… for any investment adviser to disseminate any advertisement that includes any untrue statement of a material fact, or that is otherwise false or misleading.” ¹

What the operator must do (plain English):

1. Prevent false or misleading advertising content from being disseminated. That requires clear content standards and a review process that catches issues before distribution. ¹
2. Supervise business communications that can function as “advertisements.” In practice, client and prospect messages, pitch decks, fact sheets, website content, social posts, and some one-to-one outreach can be treated as marketing content depending on context and distribution. Your program must identify what is in-scope and control it.
3. Prove what happened. Examiners test supervision using real records. If approvals are informal (chat approval, hallway approval, “looks good” without artifacts), you will struggle to show that the reviewed version equals the disseminated version. ²

Plain-English interpretation of the requirement

This requirement is about controlled client communications: you decide which channels can be used for business; you monitor and retain communications that must be kept; and you enforce pre-use approvals for advertising so the firm does not send false or misleading statements. ¹ The “approval” part is not generic sign-off. It is version-specific approval with an audit trail.

Who it applies to (entity and operational context)

Primary scope: Registered Investment Advisers and their supervised persons involved in marketing, business development, investor relations, client service, portfolio communications, and any function that sends content that could be considered an advertisement. ¹

Operational scope (where this breaks in practice):

• Employees and contractors using mobile texting, personal email, or collaboration apps for client/prospect discussions.
• Marketing publishing workflows for website updates, pitch decks, factsheets, and social media.
• Client service sending performance commentary or “market updates” that reference strategies or results.
• Third parties creating or distributing content on your behalf (PR firms, placement agents, solicitors, web agencies). Treat them as in-scope communications actors and bind them to your approval and retention expectations contractually.

What you actually need to do (step-by-step)

1) Define in-scope communication types and map owners

Create a short “communications inventory” that classifies:

• Advertising/marketing content: pitch decks, websites, social, factsheets, emails to prospects, mass client communications.
• Non-marketing operational communications: service tickets, billing notices, routine account administration.
  Assign an accountable owner for each category (Marketing, IR, Client Service, Compliance).

Deliverable: a one-page scope matrix that states what must be pre-approved, what is sampled post-use, and what is out of scope.

2) Set approved channels and restrict everything else

Write a channel standard that answers: “Where may business be conducted?”

• Approved examples: corporate email, recorded lines (if applicable), approved messaging platform with capture, approved video meeting tools with configured retention (as needed).
• Disallowed examples: personal email, consumer messaging apps, unrecorded direct messages used for business.

Then add technical enforcement where feasible:

• Mobile device management to separate work/personal profiles.
• Blocking auto-forwarding rules from corporate email to personal accounts.
• Conditional access to prevent logging into corporate mail from unmanaged devices.
• Explicit exception process for edge cases (documented, time-bound, compensating controls).

Deliverable: Approved Channels Standard + exception log.

3) Implement capture and retention for in-scope electronic communications

You cannot supervise what you cannot retrieve. Implement capture for:

• Email (journaling/archiving),
• Approved chat/collaboration,
• Mobile messaging if permitted for business.

Decide what “retention-ready” means for your firm: searchable, immutable storage, and the ability to produce records promptly for exams and internal reviews. Keep retention aligned with your broader books-and-records obligations (coordinate with counsel as needed).

Deliverable: Retention architecture diagram + system configuration evidence + periodic testing results.

4) Build a marketing/advertising approval workflow that is version-locked

Design a workflow that always yields:

• Unique ID per piece (or campaign),
• Final, approved version attached (PDF/rendered copy plus editable source),
• Approver identity, date/time, and approval conditions,
• Distribution record (where posted/sent, by whom, and when).

Practical options:

• Ticketing system with attachments and mandatory fields,
• Document management with approval states,
• A GRC workflow.

Key control: once approved, the artifact becomes read-only; edits require re-approval.

Deliverable: Marketing review SOP + sample approval packets.

5) Operate supervisory sampling with documented escalations and remediation

Even with pre-approvals for ads, you still need oversight of day-to-day communications:

• Sample emails/messages for prohibited statements or unapproved claims.
• Focus sampling on high-risk teams (sales/IR), high-risk products, and new hires.
• Track issues through remediation: correction, training, disciplinary actions, and control tuning.

Tie this to the SEC’s exam focus on Marketing Rule compliance. ²

Deliverable: Supervision testing plan + sampling logs + findings register + remediation tickets.

6) Manage third parties who create/distribute client communications

If a third party drafts or posts content:

• Contractually require use of your approved channels and review workflow.
• Require them to deliver final copies for retention.
• Audit a sample of their outputs against your approvals.

Deliverable: Third-party communication addendum + attestations + sample reviewed artifacts.

Required evidence and artifacts to retain (exam-ready list)

Use this as your “request list” checklist:

• Approved Channels Standard and employee acknowledgement.
• Communications inventory/scope matrix (what is an advertisement; what needs pre-approval).
• Marketing/advertising review SOP (roles, SLAs, escalation path).
• Approval packets showing version control (drafts, final, approvals, distribution evidence).
• Archive/capture configuration evidence for email and messaging; retention testing results.
• Exception register for off-channel approvals or channel exceptions, with compensating controls.
• Supervisory sampling methodology, results, escalations, and remediation tracking.
• Training materials and completion records for marketing/communications rules.
• Third-party contracts/addenda and any required attestations.

Common exam/audit questions and hangups

Expect questions like:

• “Show me your last set of approved advertisements and the evidence they were approved before use.” ¹
• “What channels are permitted for client communications, and how do you prevent texting/personal email?”
• “Demonstrate you can retrieve messages for a named employee across email and chat.”
• “How do you verify the approved version equals the distributed version?”
• “How do you supervise one-to-one outreach that could be marketing in substance?” ²

Hangups that slow teams down:

• No clean definition of “advertisement” for internal operations.
• Approvals stored in email threads without the final attachment.
• Archiving exists for email but not for chat/mobile used by revenue teams.

Frequent implementation mistakes (and how to avoid them)

1. Policy-only channel rules. Fix: pair policy with technical controls and an exception workflow.
2. Approvals without version control. Fix: require a locked “final” artifact and store a hash or immutable PDF.
3. Sampling without documented rationale. Fix: write a short sampling plan that explains risk-based selection and escalation rules.
4. Third parties outside the process. Fix: bind agencies and placement/solicitation partners to your approval and retention requirements before they publish anything.
5. No proof of distribution. Fix: retain screenshots, send logs, website publishing records, or platform export files tied to the approved artifact.

Enforcement context and risk implications

The SEC’s prohibition is framed as a fraudulent, deceptive, or manipulative act when an adviser disseminates advertisements that are untrue or misleading. ¹ That framing drives two risks you should plan for:

• Substantive content risk: claims, performance discussions, and statements of fact must be supportable.
• Supervisory process risk: weak controls (off-channel communications, missing approvals, poor retention) can convert isolated mistakes into a program-level supervision failure during an exam.

The SEC has publicly stated it will focus on Marketing Rule compliance in examinations. ² Treat this as a readiness requirement, not a “later” backlog item.

Practical 30/60/90-day execution plan

Days 0–30: Define scope and stop the bleeding

• Publish an interim approved channels memo; require acknowledgment.
• Inventory communication channels and identify off-channel usage hotspots (Sales/IR/Client Service).
• Stand up a basic marketing approval intake (ticket + required attachments + compliance sign-off).
• Select retention owners (IT + Compliance) and document current-state capture gaps.

Days 31–60: Implement core controls and evidence

• Deploy or tighten technical restrictions (MDM/conditional access/email controls) where feasible.
• Configure and test message capture for approved chat and mobile (if permitted).
• Formalize the marketing review SOP with version-locking and distribution evidence requirements.
• Launch a supervisory sampling program; start with targeted reviews and documented escalations.

Days 61–90: Operationalize and harden

• Expand sampling coverage; tune lexicons/flags based on findings.
• Close gaps with third parties: contract addenda, approval routing, retention handoffs.
• Run an internal “mock exam” production test: retrieve a set of communications and approval packets end-to-end within a short timeframe.
• Adopt a system-of-record approach (this is where Daydream fits naturally): Daydream can centralize approval workflows, evidence collection, exception tracking, and audit-ready exports so your supervision story stays consistent across teams.

Frequently Asked Questions

Do all client emails need pre-approval?

No. Focus pre-approval on advertisements and marketing materials, then supervise the rest through documented sampling and escalation. Your scope matrix should clearly separate “pre-use approval required” from “post-use supervision.”

What counts as an “advertisement” under this requirement?

The rule text addresses advertisements that are untrue or misleading. ¹ Operationally, treat any client/prospect communication that promotes advisory services, strategies, or results as a candidate for marketing controls, and document your internal classification.

How do we prove the approved version is what was sent?

Store an immutable “final” artifact in the approval packet and retain distribution evidence that points to that exact artifact (file ID, publish record, or platform export). Avoid approvals that live only as “LGTM” in chat with no attachment.

We allow texting for client service. What’s the minimum viable control set?

Restrict texting to an approved platform that supports capture and retention, document the business justification, and include texting in supervisory sampling. If you cannot capture it, treat it as a prohibited channel for business.

How should we supervise communications on collaboration tools like chat?

Define which workspaces are approved for business communication, enable capture/retention, and sample for policy violations and misleading statements. Maintain an exception and remediation process for violations.

Does the SEC care about Marketing Rule controls right now?

The Division of Examinations stated it will focus on compliance with recently adopted SEC rules including the Marketing Rule. ²

Related compliance topics

• 2025 SEC Marketing Rule Examination Focus Areas
• Arizona Investment Adviser Advertising Rules and Disclosure Requirements
• Best Execution: 2025 Standards (SEC Trend)
• Best Execution: Fiduciary Duty (SEC 206)
• Best Execution: Trade Allocation (SEC 206)

Footnotes

1. 17 CFR 275.206(4)-1, 2021

2. 2025 Exam Priorities, 2024