Approval, dissemination, and archive linkage

This requirement is simple to state and easy to fail in practice: the version you approved must match the version you distributed, and your books-and-records file must show that linkage without heroic reconstruction. For SEC-registered investment advisers, advertising review is not just about pre-use signoff; it is about evidence. Examiners commonly test whether firms can produce the “final as disseminated” advertisement, the approvals tied to that exact version, and the documents that support the claims inside it. Your process has to work across channels where marketing changes fast (web, social, pitch decks, third-party platforms) and where dissemination evidence is messy (dynamic webpages, A/B tests, platforms that overwrite content).

Operationalizing the approval, dissemination, and archive linkage requirement means you treat each advertisement like a controlled record: assign an identifier, control versioning, capture approvals with timestamps, capture what was actually sent or posted, and file it with the substantiation package. Done well, this reduces regulatory risk and shortens exam response time because you can answer the question, “Show me what you ran, who approved it, and what you relied on,” with one export.

Regulatory text

Requirement (SECMKT-12): “Link final disseminated advertisements to approvals and retained records.” (17 CFR 275.206(4)-1)

Records overlay: Investment advisers must also maintain required books and records relating to advertisements and related materials under the adviser recordkeeping rule. (17 CFR 275.204-2)

Operator interpretation (plain English):

• “Final disseminated” means the exact content that the public or prospects received (the PDF that was emailed, the final webpage state, the exact video cut, the exact social post text and image).
• “Approvals” means evidence of who approved that final content, when, and under what conditions (including required edits and any exceptions).
• “Retained records” means the supporting package you keep under your recordkeeping obligations, including substantiation for claims and performance, and any other materials your policy requires to evidence compliance. (17 CFR 275.204-2)

Your job is to make those three items inseparable in practice: if an examiner picks any ad, you can retrieve the final as-disseminated version and show linked approvals and linked support in one chain.

Plain-English requirement: what success looks like

You pass this requirement when:

1. Every advertisement has a unique identifier and a controlled “final” state.
2. Approvals reference that identifier and exact version (not “looks good” in an email thread).
3. Distribution evidence is captured so you can prove what was actually disseminated and when.
4. The archive record ties everything together (final file + approval record + substantiation packet + key metadata).

Failure modes are predictable:

• A deck gets approved, then a salesperson “fixes a typo” before sending it.
• A webpage is updated without compliance review, overwriting what was previously posted.
• The archive contains drafts, but you cannot prove which one was used.
• The approval lives in a ticketing tool, the ad lives in email, and the substantiation lives in a shared drive, with no common key.

Who it applies to (entity and operational context)

Primary scope: SEC-registered investment advisers creating or disseminating advertisements, including firms using third parties to create, publish, or distribute marketing content. (17 CFR 275.206(4)-1)

Operational scope (where this control must work):

• Marketing-created content: pitchbooks, fact sheets, websites, social posts, videos, comment letters, newsletters.
• Sales-created content: “one-off” decks, email templates, RFP language blocks.
• Third-party channels: consultant databases, placement agents, marketing agencies, web developers, social media managers, distribution platforms.
• Dynamic content: webpages, calculators, interactive tools, A/B tests, and templated content that renders differently by audience.

What you actually need to do (step-by-step)

Step 1: Define the record object and minimum metadata

Create a required metadata schema for each advertisement record. Minimum fields:

• Ad ID (unique, immutable)
• Title / campaign / product strategy
• Channel (web, email, social, deck, video)
• Audience (retail/institutional, jurisdiction if applicable)
• Owner (marketing) and accountable reviewer (compliance)
• Status (draft, in review, approved, disseminated, retired)
• Approval timestamp(s) and approver(s)
• Dissemination timestamp(s) and method(s)
• Archive location pointer and retention classification (17 CFR 275.204-2)

Step 2: Control versioning and lock the “final”

You need a mechanism to ensure the file disseminated is the file approved:

• Store drafts in a versioned repository (DMS, GRC workflow, or controlled drive with check-in/out).
• When approved, generate a final, locked artifact (PDF export of deck; WORM-style capture for web; final video file checksum).
• Assign or confirm the Ad ID on the face of the document (footer) when feasible, or embed it in metadata for formats that support it.

Practical tip: require that dissemination can only occur from the controlled repository (not from someone’s desktop).

Step 3: Capture approvals as structured evidence (not informal messages)

Approvals should be:

• Explicit (approve/reject) with required changes tracked
• Dated and attributable to a person/role
• Tied to the exact version (file hash, version number, or system revision)

If you must accept approvals via email in edge cases, require:

• The Ad ID in the subject line
• The approved file attached or a link to the controlled repository version
• A rule that the email is ingested into the archive record for that Ad ID

Step 4: Capture dissemination evidence (the missing link in many programs)

For each channel, define what “proof of dissemination” means:

• Email: distribution list, send date/time, and the exact attachment/body content as sent.
• Web: published URL + publish date/time + captured rendered page (screenshot alone is weak; pair with HTML/PDF capture where possible).
• Social: post URL/permalink + timestamp + exported content (text, image, video).
• Decks shared in meetings: meeting date, recipients/attendees, and the exact deck file distributed.

Third-party distribution: require the third party to provide the dissemination record (export, posting confirmation, or platform report) mapped to your Ad ID.

Step 5: Build the archive linkage (one-click retrieval)

For every Ad ID, your archive record should contain or link to:

• Final as-disseminated artifact
• Approval record(s)
• Substantiation packet (calculations, source documents, assumptions, backup for performance-related content where applicable)
• Change log (what changed from draft to final, and after final if updates occurred)
• Dissemination evidence

Design your storage so you can respond to: “Give me all ads disseminated in the period, plus approvals and support” without manual searching.

Daydream fit (earned, not forced): teams use Daydream-style workflow to keep the Ad ID, approval workflow, and retention pointer in one place, so marketing cannot disseminate an unlinked final and compliance can export a complete exam packet by ad, channel, or time period.

Required evidence and artifacts to retain

Keep artifacts that prove linkage, not just existence:

• Advertisement master record with Ad ID and metadata (owner, channel, dates)
• Final disseminated copy (exact file or captured page state)
• Approval evidence (system approval log or archived approval email) tied to the final version
• Substantiation/backup supporting material claims and performance content, retained as required under your program and recordkeeping rule (17 CFR 275.204-2)
• Dissemination evidence (per-channel proof described above)
• Exception record for emergency postings or corrections, including remediation and post-use approval if your policy allows it

Common exam/audit questions and hangups

Expect these:

• “Show me the final version as disseminated for this ad, and show me who approved it.” (17 CFR 275.206(4)-1)
• “How do you prevent a rep from editing after approval?”
• “How do you capture what was on your website on a specific date?”
• “Where is the backup for each material claim in this ad?” (17 CFR 275.204-2)
• “Prove this third party posted exactly what you approved.”

Hangups:

• Content hosted on platforms that overwrite prior versions.
• Informal approval trails in chat tools with no retention controls.
• Multiple “final” PDFs in different folders with the same name.

Frequent implementation mistakes and how to avoid them

1. Approving a draft, disseminating a different file.
   Fix: require dissemination from the approved repository and lock the final artifact.

2. No common identifier across systems.
   Fix: Ad ID is the join key across ticketing, storage, and distribution evidence.

3. Web content not captured at publish time.
   Fix: publish workflow must trigger an archive capture and store it under the Ad ID.

4. Third-party marketing activity not pulled into your recordkeeping.
   Fix: contract and procedures must require the third party to provide posting proofs mapped to your Ad ID.

5. Substantiation stored separately with no linkage.
   Fix: package substantiation as an attached bundle within the same record or a linked folder with controlled naming keyed to Ad ID.

Enforcement context and risk implications

No specific public enforcement cases were provided in the source material for this requirement. The risk is still concrete: if you cannot link what you ran to what you approved and retained, you lose credibility fast in an exam and may trigger deeper testing of your advertising program and recordkeeping controls under the Advisers Act rules. (17 CFR 275.206(4)-1; 17 CFR 275.204-2)

Practical 30/60/90-day execution plan

First 30 days (stabilize and stop the bleeding)

• Inventory all ad channels and where “finals” currently live.
• Stand up an Ad ID convention and require it for new work.
• Define minimum metadata and approval evidence requirements.
• Add a “no dissemination outside repository” rule for the highest-risk channels (website and pitch decks).

Next 60 days (build repeatable workflow)

• Implement a single intake-and-approval workflow (ticketing or GRC), with version control.
• Add dissemination capture steps per channel (email, web, social, decks).
• Update third-party contracts/SOWs to require dissemination proof and content/version controls.
• Pilot retrieval drills: pick recent ads and test one-click production of final + approval + substantiation + dissemination proof.

Next 90 days (operationalize and test)

• Expand workflow to all channels, including sales “one-offs.”
• Add QA checks: periodic sampling to confirm “approved = disseminated.”
• Train marketing, sales, and any third party publishers on the Ad ID and repository rules.
• Run a mock exam request and time how long it takes to produce a complete packet per ad.

Frequently Asked Questions

What counts as the “final disseminated advertisement” for a webpage that changes often?

Treat the final disseminated version as the rendered page state at the time of publication. Your process should capture that state at publish time and file it under the Ad ID with the approval and backup. (17 CFR 275.206(4)-1)

Can we rely on email approvals or chat messages as approval evidence?

You can retain them as evidence if they clearly identify the Ad ID and the exact version approved, and they are retained in your recordkeeping system. A structured approval workflow is easier to defend and retrieve. (17 CFR 275.204-2)

How do we handle last-minute typo fixes after approval?

Require re-approval for any change after the approval checkpoint, even “minor” edits, unless your written procedures define a narrow exception process with documentation and post-change review. The control objective is that disseminated content matches approved content. (17 CFR 275.206(4)-1)

What if a third party posts on our behalf in their own platform?

Contractually require that the third party use your approved final artifact and provide a posting confirmation (permalink, timestamp, exported copy) mapped to your Ad ID. Store that proof with the approval and retained records. (17 CFR 275.204-2)

Do we need to link substantiation to the ad even if the ad is “brand only”?

Yes, link the ad to its approval and retained record file as a standard practice. The substantiation package may be small for brand-only content, but the archive linkage is what proves the control works consistently. (17 CFR 275.204-2)

What’s the minimum we should be able to produce in an SEC exam for one ad?

Produce the final as disseminated copy, the approval record tied to that exact version, and the retained backup/supporting materials for any claims, plus proof of dissemination for the channel. Keep it packaged under a single Ad ID. (17 CFR 275.206(4)-1; 17 CFR 275.204-2)