Performance advertising controls

The performance advertising controls requirement means you must place documented, repeatable controls over how you calculate, present, approve, and retain support for any performance shown in advertising, so it is not misleading and includes the right disclosures. Operationalize it by routing all performance-related marketing through a substantiation and disclosure check before dissemination, with records retained under the SEC books-and-records rule. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

Key takeaways:

• Treat any performance statement as a controlled output: defined inputs, approved calculations, required disclosures, and pre-use review. (17 CFR 275.206(4)-1)
• Keep “exam-ready” substantiation: backup data, calculation workpapers, approvals, final versions, and distribution lists. (17 CFR 275.204-2)
• Align marketing workflow, portfolio data sources, and third-party marketers under one evidence-backed control set.

Performance advertising is one of the fastest ways an SEC-registered investment adviser can create a misleading impression, even without intent. A single chart, a model return, a testimonial next to a performance number, or an oversimplified “since inception” claim can trigger questions about methodology, time periods, fees, benchmarks, and who actually received the stated results. Your job as a CCO or GRC lead is to turn this into an operational system that prevents errors and produces audit-grade evidence.

This page translates the performance advertising controls requirement into a buildable control standard: what content is in scope, who must follow the workflow, which checks must happen before dissemination, and what you must retain to defend the claim later. The guiding idea is simple: if you cannot substantiate a performance statement quickly and consistently, you should not publish it.

Where teams get stuck is not in writing a policy, but in integrating marketing, portfolio reporting, and compliance review so that each performance claim has a known source of truth and a permanent record. The steps below are designed to get you there. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

Requirement: performance advertising controls requirement (plain-English)

You must apply controls over performance presentation and disclosures in advertising. That means you (1) control how performance is calculated and displayed, (2) verify that the claim is accurate and not misleading, (3) include disclosures that a recipient needs to understand the performance fairly, and (4) maintain records showing what you advertised and why it was supportable. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

What “performance advertising” includes in practice

Treat these as in-scope unless counsel clearly documents an exclusion:

• Gross or net returns, “since inception” returns, annualized returns, cumulative returns
• Model, hypothetical, backtested, or simulated performance
• Extracted performance (a subset of accounts, a single sleeve, a strategy carve-out)
• Benchmark comparisons, alpha/outperformance claims, ranking/awards tied to performance
• Performance shown in pitch decks, one-pagers, DDQs, RFPs, website pages, social posts, emails, webinars, and third-party platform profiles

Regulatory text

Regulatory excerpt: “Apply controls over performance presentation and disclosures.” (17 CFR 275.206(4)-1)

Operator translation: You need a documented control environment that prevents misleading performance advertising by requiring substantiation and disclosure checks before any performance content is disseminated, and by retaining the books-and-records evidence that supports what was shown. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

Who it applies to (entity and operational context)

Primary applicability: SEC-registered investment advisers and their supervised persons who create, edit, approve, or distribute advertisements containing performance. (17 CFR 275.206(4)-1)

Operationally, include these teams and channels:

• Marketing/IR teams producing pitchbooks, factsheets, website content, social content
• Portfolio/analytics teams generating performance reports or calculation files
• Compliance reviewing advertisements
• Sales teams sending performance materials to prospects
• Third parties acting on your behalf (e.g., placement agents, marketing consultants, platform profiles) where your performance is presented

What you actually need to do (step-by-step)

1) Define “performance content” and route it through one workflow

Create a simple intake rule: if the content contains any performance number, chart, ranking tied to performance, or benchmark comparison, it must enter the “performance ad review” workflow before distribution. (17 CFR 275.206(4)-1)

Practical control: Add a required checkbox in your marketing request form: “Contains performance?” If yes, the request cannot be marked complete without compliance approval.

2) Standardize performance calculation sources and ownership

Pick a “system of record” for each performance type (composites, account-level, fund-level, model) and document:

• Data source (portfolio accounting, admin statements, data warehouse)
• Calculation owner (role, not person)
• Calculation methodology reference (internal spec/work instruction)
• Version control rules for calculation files

This reduces ad hoc spreadsheets that cannot be defended during an exam. Retain the underlying inputs and calculation workpapers as records. (17 CFR 275.204-2)

3) Build a pre-dissemination substantiation checklist

For every performance claim, require the submitter to attach substantiation. Minimum checks to operationalize:

• Traceability: Can you tie every shown figure to a source report or calculation file?
• Time period integrity: Are start/end dates clearly defined and consistently applied?
• Fee/expense treatment: Is it clear whether performance is gross or net, and is the presentation consistent with the disclosure?
• Benchmark integrity: Is the benchmark named and appropriate for the strategy, and is the comparison methodology clear?
• Cherry-picking risk: If results are extracted or subsetted, is the selection basis documented and not misleading?
• Portability across formats: Does the same number appear consistently across deck, factsheet, and website?

Make the checklist a required attachment in your review tool so you can prove the control operated. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

4) Build a disclosure checklist tied to your common performance scenarios

Create a disclosure library you can reuse. Your reviewers should not write new disclosure language from scratch each time.

Examples of disclosure “modules” to maintain:

• Gross vs net performance explanation
• Material assumptions for hypothetical/model/backtested performance
• Limitations of extracted performance and selection criteria
• Benchmark definition and comparison limitations
• Material risks and strategy limitations that affect interpretation

Store approved language centrally and lock edits to compliance-controlled users.

5) Enforce “no approval, no publish” with a gating control

Operationalize the rule with a hard gate:

• Marketing cannot publish to the website without an approval ID
• Sales cannot send performance materials externally without a final, approved PDF and approval ID
• Third parties cannot post performance unless you provide the approved content package

Daydream can help by acting as the system of record for (a) the approved version, (b) the substantiation package, and (c) the review evidence trail, so you can respond quickly to exam requests without re-creating history. (17 CFR 275.204-2)

6) Control third-party distribution and re-use

Performance advertising failures often happen when content leaves your environment. Implement:

• Approved content repository for external sharing (one canonical file per approved item)
• Expiration/refresh rules for performance materials (use a “valid through” date on the document)
• Contractual expectations for third parties: no edits, no reposting without approval, prompt takedown on request
• Periodic spot checks of third-party websites/platform pages for outdated performance

Retain monitoring evidence and takedown requests as records. (17 CFR 275.204-2)

7) Recordkeeping: retain what the SEC will ask for

The books-and-records expectation is not just “keep the final deck.” Keep enough to prove the claim was supportable at the time it was used. (17 CFR 275.204-2)

Required evidence and artifacts to retain (audit-ready list)

Maintain a packet per advertisement/version:

• Final approved advertisement (PDF, screenshot, web archive capture) and publication date (17 CFR 275.204-2)
• Distribution list or channels used (email send record, website URL, platform posting reference) (17 CFR 275.204-2)
• Performance substantiation file set: source reports, calculation workbook, data extracts, and reconciliation notes (17 CFR 275.204-2)
• Disclosure checklist completed, with required modules attached (17 CFR 275.206(4)-1)
• Compliance approval record: approver, date/time, required conditions, approval ID (17 CFR 275.204-2)
• Change log and prior versions where performance changed (17 CFR 275.204-2)
• If third parties distributed: the exact file provided to them and any monitoring/takedown evidence (17 CFR 275.204-2)

Common exam/audit questions and hangups

Expect questions that force you to show both design and operation:

• “Show me how you ensure performance advertising is reviewed before use.” (17 CFR 275.206(4)-1)
• “Provide support for these performance numbers and explain the calculation methodology.” (17 CFR 275.204-2)
• “How do you control extracted performance or subset presentations?” (17 CFR 275.206(4)-1)
• “Who can change performance figures, and how is that change controlled?” (17 CFR 275.204-2)
• “How do you supervise third-party marketers or platform profiles that display your performance?” (17 CFR 275.206(4)-1)

Hangup to plan for: If your performance calculation is owned outside compliance (common), the exam will still expect compliance to evidence oversight through defined controls and retained substantiation. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

Frequent implementation mistakes (and how to avoid them)

1. Approving “design” but not “math.” Reviewers read disclosures but never tie numbers back to source reports. Fix: require a trace-to-source step and attach the workpaper. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)
2. One-off spreadsheet performance. Analysts compute “marketing returns” outside controlled systems. Fix: designate systems of record and restrict who can produce publishable numbers. (17 CFR 275.204-2)
3. Website drift. The PDF deck is updated, but the website chart is not. Fix: treat each channel as a separate ad instance with its own evidence capture. (17 CFR 275.204-2)
4. Third-party edits. A platform truncates disclosures or reformats a chart. Fix: provide locked files, monitor postings, and retain proofs. (17 CFR 275.204-2)
5. No versioning. Teams cannot show what a prospect saw last quarter. Fix: enforce version control and retain prior versions with distribution context. (17 CFR 275.204-2)

Enforcement context and risk implications

No public enforcement cases were provided in the supplied source catalog for this requirement, so this page focuses on exam defensibility and control design expectations grounded in the rule and recordkeeping requirements. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

Practically, weaknesses in performance advertising controls drive two concrete risks:

• Regulatory risk: inability to substantiate performance statements promptly and consistently, which creates exposure under the marketing rule framework. (17 CFR 275.206(4)-1)
• Operational risk: rework, inconsistent numbers across channels, and loss of institutional memory when staff change, which shows up as missing records. (17 CFR 275.204-2)

Practical execution plan (30/60/90-day)

You asked for quick operationalization; use this phased plan. Timelines are presented as phases; adjust to your release and reporting calendar.

First 30 days (stabilize and stop uncontrolled publication)

• Inventory all active performance-containing materials and channels (pitchbooks, factsheets, website pages, platform profiles). (17 CFR 275.204-2)
• Implement an interim gate: no new performance materials go out without compliance sign-off and a stored substantiation packet. (17 CFR 275.206(4)-1)
• Publish a one-page “performance ad intake” rule for marketing and sales: what triggers review and where to submit. (17 CFR 275.206(4)-1)
• Stand up a centralized repository (or Daydream workspace) for approved versions and evidence packets. (17 CFR 275.204-2)

Next 60 days (standardize calculations and review checklists)

• Document systems of record and owners for each performance type; eliminate ad hoc sources for publishable figures. (17 CFR 275.204-2)
• Build two required checklists in your workflow tool: substantiation checklist and disclosure checklist, with mandatory attachments. (17 CFR 275.206(4)-1)
• Create a disclosure library with compliance-controlled language modules for your recurring scenarios. (17 CFR 275.206(4)-1)
• Train marketing, sales, and performance teams on “what good looks like” by walking through one real approved piece end-to-end.

Next 90 days (operationalize supervision and monitoring)

• Extend controls to third parties: approved content packages, no-edit terms, monitoring, and takedown process. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)
• Implement periodic spot checks of high-risk channels (website and third-party profiles) and retain evidence of the review. (17 CFR 275.204-2)
• Run a mock exam request: pick a published item and produce the full packet within the same business day, including substantiation and approvals. (17 CFR 275.204-2)

Frequently Asked Questions

Does this apply only to advertisements meant for retail investors?

No. The control expectation is tied to advertising under the SEC marketing rule framework, which can include institutional materials like pitch decks and DDQs if they contain performance. (17 CFR 275.206(4)-1)

What’s the minimum “substantiation” you should keep for a performance number?

Keep the source report or dataset, the calculation workpaper showing how the figure was derived, and the final approved content that displays it. Also retain the approval record and distribution context. (17 CFR 275.204-2)

Can marketing make formatting edits after compliance approval?

Treat any edit that could change meaning as requiring re-approval, especially edits to performance figures, time periods, benchmark labels, or disclosures. Your workflow should make “post-approval edits” visible and controllable. (17 CFR 275.206(4)-1) (17 CFR 275.204-2)

How do we control performance shown on third-party platforms?

Provide a locked, approved content package and prohibit edits without written approval. Monitor postings periodically and retain screenshots or platform exports as evidence. (17 CFR 275.204-2)

We have multiple performance sources (admin, portfolio accounting, analytics). Which one wins?

Pick a designated system of record per product/strategy and document it. If you must reconcile multiple sources, retain the reconciliation notes with the substantiation packet. (17 CFR 275.204-2)

Where does Daydream fit without adding process overhead?

Daydream works best as the evidence backbone: one place to store approved versions, substantiation attachments, checklist completion, and an immutable approval trail. That reduces scramble during exams because the packet is already assembled. (17 CFR 275.204-2)