SEC-Enforcement Client Communication Standards and Approval Requirements

For SEC-registered investment advisers, client communications and marketing content can trigger Marketing Rule obligations and antifraud risk if statements are untrue, incomplete, or presented in a misleading way. The operational problem is rarely the rule text; it’s execution: different teams send different messages across email, messaging apps, pitch decks, newsletters, DDQs, and website updates, and “approval” often happens in hallway conversations or untracked edits.

This requirement page converts the SEC’s standard into an implementable program: define in-scope communications, set channel standards, build an approval workflow that proves what was approved, and retain the evidence exam teams ask for. It also addresses a consistent failure mode in real firms: business communications move to unapproved channels where compliance cannot supervise or retain records. The SEC Division of Examinations has stated it will focus on compliance with rules including the Marketing Rule ¹. That makes your communication controls a practical exam-readiness issue, not a theoretical one.

Regulatory text

What the SEC says (excerpt): “It shall constitute a fraudulent, deceptive, or manipulative act… for any investment adviser to disseminate any advertisement that includes any untrue statement of a material fact, or that is otherwise false or misleading.” ².

Operator interpretation:
You must prevent the firm from sending or publishing advertisements that are false or misleading, and you must supervise the process so you can show (a) how content was reviewed, (b) who approved it, and (c) what exact version went out. The rule is content-focused, but your control system must be evidence-focused because exams test what you can prove.

Plain-English interpretation of the requirement

This requirement means: business communications to prospects/clients that function as marketing must be accurate, not misleading, reviewed under defined standards, distributed only through approved channels, and retained with an audit trail. If you cannot reliably capture the communication, you cannot credibly supervise it, and you may not be able to rebut an allegation that the content was misleading.

Who it applies to

Entity scope

• SEC-registered investment advisers (RIAs) and their supervised persons, to the extent they disseminate “advertisements” under the Marketing Rule ².

Operational scope (where this shows up in practice)

• Marketing and investor relations content (web, newsletters, pitch decks, fact sheets).
• One-to-one and one-to-many communications that include performance, strategy descriptions, claims, testimonials/endorsements, or comparisons.
• RFP/RFI responses, DDQs, and sales emails when they include marketing claims.
• Social media and collaboration tools used for business messaging.
• Third parties acting on your behalf (PR, placement agents, digital marketing firms) when they draft, post, or distribute content for you. Treat them as in-scope because their output can become your “advertisement.”

What you actually need to do (step-by-step)

1) Define “in-scope communications” and categorize them

Create a short taxonomy your business can follow without a law degree. Minimum categories:

• Advertisement / Marketing content: intended to solicit investors or retain clients; includes statements that could be materially relied upon ².
• Client service communications: operational updates, account servicing, meeting follow-ups; still supervised records if business-related.
• Purely personal / non-business: out of scope for supervision, but your policy must state the boundary.

Deliverable: a one-page decision tree embedded in policy and training.

2) Establish channel standards (approved vs prohibited) and enforce them

Your policy should list:

• Approved channels for business communications (e.g., corporate email, recorded phone lines, approved collaboration platforms configured for retention).
• Prohibited or restricted channels (e.g., personal email, consumer messaging apps) unless explicitly approved with capture controls.

Then add technical enforcement where feasible:

• Mobile device management (MDM) profiles and containerized messaging for corporate accounts.
• Blocking auto-forwarding to personal email where feasible.
• Retention-enabled connectors/integrations for collaboration tools used for client communications.

Why this matters: off-channel communications are a primary risk factor because they are not supervised or captured for retention ³.

3) Build an approval workflow that ties to the exact version distributed

Your approval process must answer one exam question cleanly: “Show me what was approved, who approved it, and what was ultimately sent.”

Practical design pattern:

• Store drafts in a controlled system (document management, marketing compliance tool, or ticketing workflow).
• Require reviewers (Compliance, Legal as needed, Marketing owner) to approve within the tool.
• Lock the approved artifact (PDF hash/version, final HTML, or captured email template) so you can demonstrate integrity.

Avoid “approval via Slack” or “verbal ok.” A second risk factor is informal supervision that cannot be tied to the exact message version that went out ³.

4) Standardize content checks that prevent “misleading” outcomes

Create a repeatable checklist for reviewers. Include at least:

• Material accuracy: factual statements supported by internal source data.
• Balanced presentation: risks/limitations not buried; avoid cherry-picked examples that change the net impression.
• Performance and claims governance: ensure figures, time periods, and assumptions are documented internally even if not fully disclosed in the piece.
• Consistency: numbers and descriptions match the firm’s official materials and client reporting.

This is where most teams save time: reviewers don’t re-litigate style; they validate substantiation and net impression.

5) Implement capture and retention for in-scope electronic communications

You need defensible records for:

• Content distributed (final version).
• Date/time and distribution method.
• Audience segment or recipient list, when applicable.
• Underlying substantiation (backup files, calculations, source reports).

Capture matters because you cannot supervise what you cannot reconstruct during an exam. Prioritize capture of mobile and collaboration platforms used for business communications ¹.

6) Monitor and test: supervisory sampling with escalation and remediation

Operate supervision like a control, not a policy:

• Periodic sampling of sent communications across teams and channels.
• Exception log for findings (off-channel use, unapproved materials, unsupported claims).
• Documented remediation (takedown, corrective communication, retraining, disciplinary steps when appropriate).
• Trend reporting to the CCO/GRC lead.

Sampling should cover higher-risk populations: senior rainmakers, new joiners bringing old habits, and teams that frequently send investor updates.

7) Extend controls to third parties who communicate on your behalf

For third parties (PR firms, digital agencies, placement agents):

• Contract clauses requiring pre-use approval, use of approved channels, and record retention.
• Operational access controls (who can post to your website/social accounts).
• Deliverable and version control (final copy must be stored in your system of record).

If a third party can publish for you, treat them like an extension of your communication process.

Required evidence and artifacts to retain

Keep these in an exam-ready folder structure by quarter/campaign:

• Client communication & marketing policy (definitions, channels, approval rules).
• Approved channel inventory and technical configuration evidence (e.g., retention settings screenshots/export, MDM policy settings).
• Approval workflow records: reviewer names, timestamps, comments, final approved artifact.
• Substantiation files: source data for claims, performance calculation support, assumptions, and internal sign-offs.
• Distribution evidence: email sends, website publication logs, social posting logs, audience lists where applicable.
• Supervisory review evidence: sampling plan, review results, exception log, remediation tickets, disciplinary documentation (as appropriate).
• Training evidence: completion logs, attestations, targeted training for repeat offenders.

Common exam/audit questions and hangups

Expect to be asked:

• “What channels do you allow for business communications, and how do you enforce it?”
• “Show me the approval for this specific piece of marketing and the exact version that went out.”
• “How do you detect and remediate off-channel business messaging?”
• “How do you substantiate statements that could be material to an investor’s decision?” ².
• “What testing do you perform to confirm the process operates as designed?” ¹.

Hangups that slow teams down:

• No clean system of record for “final” materials.
• Performance/claims substantiation lives in spreadsheets on personal drives.
• Approvals exist, but they are not linked to the distributed version.

Frequent implementation mistakes (and how to avoid them)

1. Policy lists approved channels, but the firm doesn’t enforce them.
   Fix: add technical blocks where feasible and monitoring where blocks are not possible.

2. Approvals are real, but not auditable.
   Fix: route approvals through a tool that preserves version history and reviewer identity.

3. Teams treat “advertisement” as only public website content.
   Fix: include pitch decks, DDQs, newsletters, and templated investor emails in scope where they solicit or retain clients ².

4. Substantiation is an afterthought.
   Fix: require a “backup packet” before approval. If support is missing, the claim gets removed or rewritten.

5. Third parties publish without the same controls.
   Fix: contract + access + workflow. If the third party cannot comply, they cannot post.

Enforcement context and risk implications

This requirement sits inside the SEC’s antifraud framework for investment adviser advertising ². Your operational risk is twofold:

• Content risk: a statement is untrue or creates a misleading net impression.
• Supervision/records risk: you cannot show review, approval, or what was sent because it happened off-channel or outside retention.

The SEC Division of Examinations has stated it will focus on Marketing Rule compliance ¹. That increases the likelihood your communication governance will be tested through samples of real artifacts, not just policy review.

Practical 30/60/90-day execution plan

First 30 days: establish control boundaries and stop obvious gaps

• Publish an approved channel standard and prohibition list for business communications.
• Inventory where client/prospect communications happen (email, SMS, WhatsApp, Slack/Teams, social, personal devices).
• Freeze and centralize “active” marketing materials into a single repository with owners.
• Implement a basic approval intake: no new outbound marketing without a tracked request and final artifact saved.

Days 31–60: make approvals and retention provable

• Implement version-controlled approval workflows for common artifacts (pitch deck, fact sheet, newsletter, website updates).
• Turn on retention/capture for in-scope channels and validate retrieval with a test export.
• Launch targeted training for high-risk groups (sales, IR, portfolio leaders) with clear do/don’t examples tied to your channel standards.

Days 61–90: supervise, test, and operationalize remediation

• Start supervisory sampling and build an exception log with root cause categories.
• Run an off-channel detection exercise (attestation + technical signals you have available) and document remediation.
• Extend the program to third parties: contract updates, access changes, and workflow requirements.
• Package an exam-ready evidence binder: policy, workflows, sample approvals, retention proof, sampling reports, and remediation records.

Where Daydream fits (practically): if you need one place to intake communications for review, bind approvals to versions, and produce an audit-ready trail on request, Daydream can serve as the workflow layer that turns “we reviewed it” into evidence you can export during an exam.

Frequently Asked Questions

Do all client emails require pre-approval by Compliance?

No. Pre-approval is usually reserved for advertisements/marketing content and high-risk templates. For day-to-day client service emails, focus on approved channels, retention, training, and supervisory sampling to detect problematic claims.

What counts as “off-channel communications” in this context?

Any business communication conducted in a channel you have not approved, cannot supervise, or cannot capture for retention. The core issue is supervisory and recordkeeping failure tied to marketing and client communications risk ¹.

How do we prove the “exact version” that was approved is what went out?

Store the final artifact in a controlled repository, lock the version (or preserve immutable history), and link distribution evidence back to that artifact. Avoid approvals over chat or email threads that do not preserve final-form content.

Our team uses collaboration tools for quick investor updates. Can we allow that?

Yes, if the tool is approved, retention is enabled, and supervision can sample and retrieve messages on request. If you cannot capture and produce records, treat it as prohibited for business messaging.

What should we do if we discover unapproved marketing content was sent?

Triage for potential misleading statements, document the finding, and determine remediation (corrective communication, withdrawal/takedown, retraining, and disciplinary action where appropriate). Track the incident to closure with root cause notes and control improvements.

How do we manage third parties (PR or placement agents) who draft or distribute communications?

Require pre-use approval and record retention in contracts, restrict posting permissions, and route their drafts through the same versioned approval workflow you use internally. If they cannot operate inside your controls, limit their activities to drafting only.

Related compliance topics

• 2025 SEC Marketing Rule Examination Focus Areas
• Arizona Investment Adviser Advertising Rules and Disclosure Requirements
• Best Execution: 2025 Standards (SEC Trend)
• Best Execution: Fiduciary Duty (SEC 206)
• Best Execution: Trade Allocation (SEC 206)

Footnotes

1. 2025 Exam Priorities, 2024

2. 17 CFR 275.206(4)-1, 2021

3. 17 CFR 275.206(4)-1, 2021; Source: 2025 Exam Priorities, 2024