Annual Review of Marketing Compliance

You must run and document an annual review of your marketing compliance policies and procedures to confirm they are adequate and working in practice, and to identify and implement needed changes. For SEC-registered investment advisers, this means testing your marketing program end-to-end (review/approval, performance advertising, testimonials/endorsements, and recordkeeping) and retaining evidence of both the review and resulting remediation.

Key takeaways:

• The requirement is an effectiveness review, not a policy refresh, and it must be performed at least annually. (17 CFR § 275.206(4)-7)
• Your review scope should cover the full marketing lifecycle: creation, substantiation, approval, dissemination, and retention.
• Examiners expect traceable evidence: a written plan, testing results, issue log, remediation, and records that prove the process operated as designed.

An “annual review of marketing compliance” is the practical work of proving your marketing controls are (1) designed appropriately and (2) actually functioning. The SEC’s Compliance Rule requires investment advisers to review their compliance policies and procedures at least annually for adequacy and the effectiveness of their implementation. (17 CFR § 275.206(4)-7) Marketing is a recurring exam focus because it touches investor decision-making, performance presentation, and third-party promotion channels where errors compound quickly.

Treat the annual review as a structured program assessment with testing. You are not writing a memo that says “we reviewed marketing.” You are re-performing key controls, sampling outputs (ads, decks, websites, social posts, factsheets), validating substantiation, checking performance calculations and disclosures, reviewing testimonial/endorsement workflows, and confirming recordkeeping is complete.

This page gives you requirement-level implementation guidance you can execute quickly: who owns what, what to test, how to document results, what artifacts to retain, and what tends to break during SEC exams. Where helpful, it also describes how teams use systems like Daydream to keep approvals, substantiation, sampling, and audit trails organized across channels and third parties.

Regulatory text

Requirement (excerpt): “Investment advisers must review their marketing compliance policies and procedures at least annually for adequacy and the effectiveness of their implementation.” (17 CFR § 275.206(4)-7)

What the operator must do

You need a repeatable, at-least-annual process that:

1. Evaluates adequacy (design): Are your marketing policies and procedures appropriately scoped to your actual marketing activities (channels, products/strategies, audiences, geographies, third parties)?
2. Evaluates effectiveness (operation): Did the controls work in practice (approvals happened, substantiation exists, calculations are accurate, required disclosures appeared, records were retained)?
3. Produces changes: Identifies gaps and drives remediation (policy updates, workflow fixes, training, tooling, oversight enhancements).
4. Creates evidence: Leaves an audit trail that proves the review happened and was meaningful.

Plain-English interpretation of the requirement

Run a yearly “health check” of your marketing program that tests reality, not intent. If you publish performance, you validate the numbers and the backup. If you use testimonials or endorsements, you validate the onboarding, disclosures, and monitoring. If you have an ad review process, you verify that ads in the wild match approved versions and that required records exist. The output is a documented assessment plus a tracked remediation plan.

Who it applies to

Entity scope

• Investment advisers (including advisers managing private funds or registered funds) that maintain marketing compliance policies and procedures subject to the SEC Compliance Rule. (17 CFR § 275.206(4)-7)

Operational contexts that increase scope and testing depth

• Multi-channel marketing (website, email, pitchbooks, webinars, social, third-party platforms)
• Performance advertising (gross/net, composites, model/hypothetical, extracted performance)
• Use of third parties in marketing (placement agents, solicitors, referral partners, influencers, sub-advisers distributing your materials)
• Rapid change (new products, new strategies, new regions, M&A, new CRM/content tooling)

What you actually need to do (step-by-step)

1) Define the review perimeter (what “marketing” means at your firm)

Create a simple inventory:

• Channels: website pages, blogs, podcasts, webinars, social accounts, emails, pitchbooks, DDQs/RFP responses, factsheets, portals.
• Content types: performance materials, case studies, awards/ratings, testimonials/endorsements, forward-looking statements.
• Actors: marketing, IR/sales, portfolio/PMs, compliance, legal, finance/performance team, and any third parties who publish or distribute.

Practical tip: If you can’t list where marketing lives and who can publish it, you can’t credibly test effectiveness.

2) Map the control objectives to the marketing lifecycle

Document “control points” with owner and evidence:

• Creation: substantiation requirements, templates, required disclosures.
• Review/approval: pre-use review, required approvers, escalation triggers.
• Publication/distribution: how you ensure only approved versions go live.
• Ongoing monitoring: spot checks, complaint intake, takedown process.
• Recordkeeping: what is retained, where, and who is responsible.

If Daydream (or your GRC/workflow tool) is in scope, this is where you confirm the system enforces routing, retains prior versions, and preserves approval timestamps and reviewer comments.

3) Perform targeted testing (sample-based, risk-weighted)

Your testing should align to the rule’s “adequacy and effectiveness” standard. (17 CFR § 275.206(4)-7)

Use a risk-weighted sampling approach:

• Prioritize materials with performance, testimonials/endorsements, or broad public distribution.
• Include “in the wild” captures (screenshots/archives) to verify what was actually disseminated.

Testing checklist (minimum set):

• Approval workflow test: For each sampled piece, confirm the approved version exists, approvals occurred before use, and required reviewers signed off.
• Substantiation test: Confirm substantiation files exist for material claims and performance statements.
• Performance accuracy test: Reconcile advertised performance figures to the official performance source and calculation support.
• Testimonial/endorsement governance test: Verify required disclosures were present in the distributed content and the relationship was tracked through onboarding and monitoring.
• Recordkeeping test: Confirm retention of final materials, drafts where required by your procedures, approvals, and distribution evidence.

4) Review program change drivers

The annual review must consider what changed. (17 CFR § 275.206(4)-7) Pull a short list of “change inputs”:

• New products/strategies
• New channels (new social account, new website CMS, new email platform)
• New third parties that market you
• Process changes (new approval matrix, new performance vendor)
• Known issues from the year (exceptions, complaints, near-misses)

Then decide: do policies still fit, and do controls still work?

5) Document findings and severity, then assign remediation

Convert testing results into an issue log:

• Finding statement (what happened)
• Root cause (workflow gap, training gap, unclear policy, tooling gap)
• Risk (investor harm, misleading statement risk, books-and-records exposure)
• Corrective action, owner, due date, validation method

Operator standard: If you cannot show closure evidence, assume it will be treated as not fixed.

6) Update policies/procedures and training based on results

Make changes targeted and trackable:

• Update marketing review procedures and checklists.
• Tighten substantiation standards (what files, who signs off).
• Refresh performance advertising SOPs and handoffs with finance/performance teams.
• Train relevant staff and confirm completion.

7) Produce the annual review package for exam readiness

Bundle the results so you can hand it to exam staff quickly:

• Review plan and scope
• Testing methodology and sample list
• Findings, issue log, remediation status
• Updated policies/procedures
• Evidence index (where artifacts live)

Required evidence and artifacts to retain

Maintain an “Annual Marketing Compliance Review” folder (system folder or GRC record) with:

• Annual review charter (scope, period covered, owners, testing approach) (17 CFR § 275.206(4)-7)
• Marketing inventory (channels, content types, third parties)
• Sampling plan + sample list (what you tested and why)
• Testing workpapers (checklists, tie-outs, screenshots, substantiation confirmations)
• Performance support files used to verify advertised figures
• Approval evidence (routing, timestamps, comments, final approvals)
• Issue log and remediation tickets with closure evidence
• Policy/procedure updates and approval of those updates
• Training materials and completion records
• Management reporting (CCO/Compliance Committee readout)

Common exam/audit questions and hangups

Expect questions like:

• “Show me your annual review deliverable and how marketing was covered.” (17 CFR § 275.206(4)-7)
• “How did you test effectiveness, not just policy existence?”
• “How do you know only approved materials were distributed?”
• “Where is the substantiation for this claim on your website/pitchbook?”
• “Walk me through performance calculation support for this figure.”
• “How do you oversee third parties who promote you, and what records do you keep?”

Hangups that slow teams down:

• Marketing content scattered across drives, inboxes, and CMS tools with no single evidence index.
• “Approval” exists, but there is no proof it happened before first use.
• Firms test internal approvals but fail to test what was actually published externally.

Frequent implementation mistakes and how to avoid them

1. Mistake: Treating the annual review as a narrative memo.
   Fix: Build workpapers with sampling, tests performed, and pass/fail results tied to control objectives. (17 CFR § 275.206(4)-7)

2. Mistake: Testing only flagship pitchbooks.
   Fix: Include website pages, social posts, emails, webinar decks, and third-party distributed materials, based on risk.

3. Mistake: Weak substantiation discipline.
   Fix: Require substantiation at creation time, stored with the content record. Daydream can help by attaching substantiation and forcing completion before routing for approval.

4. Mistake: Performance review siloed from marketing review.
   Fix: Make performance tie-outs a required test step in the annual review scope and schedule time with the performance/finance owner. (17 CFR § 275.206(4)-7)

5. Mistake: No closure evidence.
   Fix: Track remediation like audit issues, with owners, dates, and validation artifacts.

Enforcement context and risk implications

The SEC Compliance Rule frames the annual review standard: adequacy of policies and the effectiveness of implementation. (17 CFR § 275.206(4)-7) Marketing failures tend to create two compounding risks:

• Investor protection risk: misleading or unsupported claims, inaccurate performance presentation, or unclear third-party relationships.
• Supervisory and books-and-records risk: inability to demonstrate review/approval, substantiation, and retention.

Even without citing specific cases here, operate as if an examiner will pick a live marketing claim and ask you to prove: who approved it, what it was based on, when it went out, and where you retained the backup.

A practical 30/60/90-day execution plan

First 30 days (stabilize and scope)

• Name an annual review owner (often Compliance) and define stakeholders (Marketing, IR/Sales, Performance/Finance).
• Build the marketing inventory and third-party promoter list.
• Confirm where evidence will live (GRC/workflow repository) and standardize naming/versioning.
• Draft the review charter: scope, testing approach, and deliverables. (17 CFR § 275.206(4)-7)

Days 31–60 (test and document)

• Execute sampling and testing across channels.
• Reconcile performance advertising samples to supporting calculations.
• Validate testimonial/endorsement governance and disclosures for sampled items.
• Start the issue log and open remediation tickets as findings emerge.

Days 61–90 (remediate and publish the annual review package)

• Finalize remediation actions and collect closure evidence.
• Update policies/procedures and marketing checklists where gaps were found.
• Deliver training targeted to the failure modes you saw (not generic refreshers).
• Publish the annual review package with an evidence index for exam readiness. (17 CFR § 275.206(4)-7)

Frequently Asked Questions

Does “annual review” require a specific format or template?

The rule requires a review for adequacy and effectiveness, not a specific template. Your deliverable should still show scope, testing performed, results, and remediation in a way that is easy to evidence. (17 CFR § 275.206(4)-7)

Can we combine the marketing annual review with the firm-wide annual compliance review?

Yes, if marketing is explicitly scoped, tested, and documented within the firm-wide review package. Examiners will still expect marketing-specific testing and evidence, not a generic statement. (17 CFR § 275.206(4)-7)

What’s the minimum testing we should perform?

Test the approval workflow, substantiation, performance accuracy for performance materials, testimonial/endorsement governance where used, and recordkeeping for a risk-weighted sample. The “effectiveness” standard requires more than checking that policies exist. (17 CFR § 275.206(4)-7)

How do we handle third parties that distribute our marketing materials?

Include them in scope: confirm contractual expectations, content control (what they can use), and your monitoring approach. Your annual review should test samples of third-party distributed content and retain evidence of oversight. (17 CFR § 275.206(4)-7)

If we found no issues, what should we document?

Document the scope, sampling approach, tests performed, and the evidence reviewed, then clearly record the result as “no findings” with supporting workpapers. A “no issues” conclusion without workpapers reads as a non-review. (17 CFR § 275.206(4)-7)

How can software like Daydream help without weakening compliance judgment?

Use Daydream to standardize intake, enforce required fields (substantiation, disclosures), route approvals, and keep immutable audit trails and version history. Compliance still sets the standards and performs the testing; the system keeps execution consistent and evidentiary.