Marketing Compliance Policies and Procedures

To meet the marketing compliance policies and procedures requirement, an investment adviser must adopt and implement written controls reasonably designed to prevent Marketing Rule violations, including a defined review and approval process for advertisements, plus supporting recordkeeping and training. Your goal is operational proof: every ad is governed, reviewed, approved, and retained under a repeatable workflow. (17 CFR § 275.206(4)-7)

Key takeaways:

• Written marketing policies are mandatory, but exam readiness comes from an implemented workflow with clear owners and evidence. (17 CFR § 275.206(4)-7)
• Your procedures must cover the full marketing lifecycle: content intake, substantiation, performance processes, testimonials/endorsements oversight, approvals, recordkeeping, and training. (17 CFR § 275.206(4)-7)
• Annual review is required; treat it as a control test of what actually happened versus what the policy says should happen. (17 CFR § 275.206(4)-7)

“Marketing compliance policies and procedures” is not a generic policy requirement. Under the SEC’s Compliance Rule, you need written policies and procedures reasonably designed to prevent violations of the Marketing Rule, and you must implement them in day-to-day marketing operations. (17 CFR § 275.206(4)-7)

For a CCO or GRC lead, the practical challenge is controlling a fast-moving content engine: emails, pitch decks, website updates, social posts, DDQs, one-pagers, fact sheets, RFP responses, and third-party placements. The requirement becomes operational when you can show (1) which communications are treated as advertisements under your program, (2) how they are reviewed and approved before use, (3) how you substantiate claims and performance, and (4) how you retain the books-and-records trail that ties each distributed item to its approval and support.

This page gives you requirement-level implementation guidance you can put into production quickly: scoped applicability, a step-by-step build, specific evidence to retain, common exam questions, and a practical execution plan. It is written for SEC-registered investment advisers and similar firms subject to the Marketing Rule and the Compliance Rule. (17 CFR § 275.206(4)-7)

Regulatory text

Requirement (operator view): Investment advisers must adopt and implement written policies and procedures reasonably designed to prevent violations of the Marketing Rule, including review and approval processes for advertisements. (17 CFR § 275.206(4)-7)

What the operator must do:
You need a written marketing compliance program that is actually used. That program must map to your real marketing channels, define what counts as an “advertisement” in your firm context, establish review/approval gates, and include procedures for performance methodologies, testimonial/endorsement oversight, recordkeeping, and training, with at least annual review for adequacy. (17 CFR § 275.206(4)-7)

Plain-English interpretation

You must be able to answer three questions with documentation:

1. What marketing content do we allow and under what rules? Your policies set standards for claims, performance presentation, third-party statements, and required disclosures.
2. How do we control it before it goes out? Your procedures define intake, review, escalation, approval, and publication/distribution controls for advertisements.
3. How do we prove we did it? Your records show each ad, who approved it, what substantiation supported it, and what training people received.

A policy that reads well but is not used in practice will fail the “adopt and implement” expectation. (17 CFR § 275.206(4)-7)

Who it applies to (entity and operational context)

Entity scope: Investment advisers and fund managers operating as investment advisers. (17 CFR § 275.206(4)-7)

Operational scope: Any function that creates, edits, approves, distributes, or pays for marketing content, including:

• Marketing/IR teams producing decks, factsheets, websites, and campaigns
• Portfolio/strategy teams contributing performance narratives and attribution
• Sales teams sending one-off “custom” materials to prospects
• Compliance/Legal reviewers and delegated approvers
• Operations teams maintaining books and records
• Third parties creating or placing content (design firms, PR agencies, placement agents, influencers, consultants)

Content scope (practical): Treat the following as “in-scope until excluded by policy”: websites and landing pages, pitchbooks, fact sheets, presentations, RFP/RFI responses, emails sent to multiple recipients, social media posts, blog articles, videos/webinars, and third-party distributed materials bearing your name or promoting your advisory services.

What you actually need to do (step-by-step)

1) Write the policy so it matches how marketing really happens

Build a single “Marketing Compliance Policy & Procedures” document (or a short suite) that includes, at minimum: advertisement review/approval workflow, performance methodology governance, testimonial/endorsement oversight, recordkeeping, and training. (17 CFR § 275.206(4)-7)

Practical drafting tips:

• Put definitions and scoping up front (what counts as marketing content, what requires pre-approval, what qualifies as a “material change” requiring re-approval).
• Use a RACI table so business users know who does what.

2) Stand up an advertisement inventory and intake process

Create a controlled intake channel for new and updated content. Minimum operational elements:

• A request form (ticket, workflow, or template) capturing: content type, audience, distribution channel, strategy/product referenced, performance included, and any testimonials/endorsements.
• A content register that assigns a unique ID to each “approved version” of an advertisement.

This is where many programs break: content moves in chat threads and shared drives. Your procedure must route it into a trackable system. (17 CFR § 275.206(4)-7)

3) Implement review and approval gates (pre-use)

Define mandatory reviewers and conditions that trigger specialist review. Common gating logic:

• Compliance review for all advertisements (baseline).
• Performance/finance review when performance is presented or implied, or when benchmarks, composites, or model performance appear.
• Legal review for material claims, new distribution agreements, third-party compensation arrangements, or novel disclosures.
• Supervisory/Business owner approval to confirm product accuracy and intended audience suitability.

Approval outcomes should be explicit: approved, approved with required edits, rejected, or approved for a limited use case.

4) Control performance presentation methodology

Your written procedures must address performance calculation methodologies. (17 CFR § 275.206(4)-7) Operationalize with:

• A documented “source of truth” for performance (approved data source, calculation owner, and change control).
• A checklist for performance claims (time periods, benchmark selection logic, whether data is actual or hypothetical, and required disclosures per your internal standards).
• A substantiation package attached to each performance-containing ad version (data extracts, calculation notes, assumptions, and reviewer sign-off).

5) Manage testimonials and endorsements with oversight

Your procedures must address testimonial and endorsement oversight processes. (17 CFR § 275.206(4)-7) At minimum:

• A pre-approval requirement for any testimonial/endorsement content or arrangement.
• A register of testimonials/endorsements used, including who provided them, where they appear, and whether compensation exists.
• A process to validate that statements are not misleading and are consistent with the approved version.

6) Build recordkeeping into the workflow (not after)

Recordkeeping procedures are part of the written program. (17 CFR § 275.206(4)-7) Require retention of:

• Final distributed advertisement (the exact version used)
• Approval evidence (who/when, comments, required edits)
• Substantiation (support for material statements and performance)
• Distribution context (channel, audience type, date range used)
• Third-party materials and approvals if a third party prepared or disseminated content for you

7) Train the people who create and send content

Training programs must be included in the marketing compliance policies. (17 CFR § 275.206(4)-7) Make it role-based:

• Marketing and IR: content rules, intake, version control, claims substantiation
• Sales: what requires pre-approval, how to handle “one-off” requests, prohibited ad-hoc edits
• Portfolio/strategy: performance narratives, benchmark language, and prohibited cherry-picking
• Executives: final approver responsibilities and escalation expectations

8) Run an annual review that tests reality

Your policies must be reviewed at least annually for adequacy. (17 CFR § 275.206(4)-7) Treat this as a control test:

• Sample distributed advertisements across channels
• Verify approvals occurred before use
• Confirm substantiation is present for objective claims and performance
• Identify root causes (training gaps, unclear definitions, broken intake)

Required evidence and artifacts to retain

Maintain an “exam binder” (digital is fine) organized by advertisement ID/version. Typical artifacts:

• Marketing Compliance Policy & Procedures (current and prior versions) (17 CFR § 275.206(4)-7)
• Advertisement inventory (register) with version history
• Completed review checklists and approval tickets
• Substantiation files for claims (supporting documents, calculations, source records)
• Performance methodology documentation (governance, owners, change log) (17 CFR § 275.206(4)-7)
• Testimonial/endorsement register and approvals (17 CFR § 275.206(4)-7)
• Training materials, attendance logs, and attestations (17 CFR § 275.206(4)-7)
• Annual review report, findings, and remediation tracking (17 CFR § 275.206(4)-7)

Common exam/audit questions and hangups

Expect reviewers to probe:

• “Show me your marketing policy and the last annual review.” (17 CFR § 275.206(4)-7)
• “How do you define an advertisement for your firm, and how do you ensure sales follows pre-approval?”
• “Pick three recent pieces from your website and three pitch decks. Show approvals and substantiation.”
• “How do you ensure performance figures in marketing match your official books and records?” (17 CFR § 275.206(4)-7)
• “What’s your process for testimonials/endorsements and any related compensation?” (17 CFR § 275.206(4)-7)

Hangups usually come from gaps between policy and practice: content posted without a ticket, “minor edits” made after approval, and performance slides copied forward without re-validation.

Frequent implementation mistakes and how to avoid them

1. Treating only formal pitchbooks as ads. Fix: define in-scope channels and require intake for web/social/email templates.
2. No version control. Fix: approve by version ID; require re-approval on material change.
3. Substantiation stored in personal folders. Fix: attach substantiation to the ad record in a controlled repository.
4. Sales “customizes” slides. Fix: provide approved modular slide libraries and require re-approval for edits.
5. Annual review as a paper exercise. Fix: sample real distributions and track remediation to closure. (17 CFR § 275.206(4)-7)

Enforcement context and risk implications

Even without citing specific public cases here, the risk is structural: marketing is high-volume, highly visible, and easy for exam staff to test by pulling live website pages and recent investor materials. A weak program creates misstatement risk, disclosure gaps, and inconsistent performance presentations. The Compliance Rule expectation is preventive design plus real implementation, so your control environment matters as much as your written standards. (17 CFR § 275.206(4)-7)

Practical execution plan (30/60/90-day)

No fixed timeline is required by the rule; use phases that drive operational readiness. (17 CFR § 275.206(4)-7)

First 30 days (Immediate stabilization)

• Assign accountable owners: Marketing owner, Compliance owner, Performance owner.
• Freeze uncontrolled publishing: require that new/updated ads route through a single intake path.
• Draft or refresh the Marketing Compliance Policy & Procedures with a clear approval workflow. (17 CFR § 275.206(4)-7)
• Stand up an advertisement register and start logging new approvals.

Next 60 days (Operationalize controls)

• Implement review checklists by ad type (website, deck, fact sheet, email template).
• Build the performance substantiation package format and require it for performance-containing materials. (17 CFR § 275.206(4)-7)
• Create testimonial/endorsement intake questions and a simple register. (17 CFR § 275.206(4)-7)
• Run role-based training for marketing and sales; collect attestations. (17 CFR § 275.206(4)-7)

Next 90 days (Test and harden)

• Perform a mini “annual review-style” sample test across channels; document findings and fixes. (17 CFR § 275.206(4)-7)
• Close the loop on third parties: contractually require pre-approval and record delivery for any marketing support.
• Automate evidence capture where possible (workflow approvals, immutable version storage).

Where Daydream fits naturally: If you struggle to keep an ad inventory, approvals, substantiation, and training evidence connected, Daydream can act as the system of record for marketing compliance workflows, so each distributed item has a traceable approval trail and supporting artifacts ready for examination.

Frequently Asked Questions

Do we need one marketing policy document, or can it be multiple procedures?

The rule requires written policies and procedures that are implemented; format is flexible if the set is complete and usable in practice. Keep it centralized enough that teams can follow it without hunting across documents. (17 CFR § 275.206(4)-7)

What counts as “implemented” versus just “written”?

“Implemented” means people actually use the workflow: content is routed for review, approvals occur before use, and records are retained showing what happened. Testing distributed materials against your approval logs is the fastest way to validate implementation. (17 CFR § 275.206(4)-7)

Do one-off emails from a salesperson need pre-approval?

Your policy must define what requires pre-approval; most firms treat repeatable templates and broadly distributed messages as in-scope for mandatory review, and require escalation for custom claims or performance excerpts. Document your triggers and enforce them consistently. (17 CFR § 275.206(4)-7)

How do we handle website changes made by an external agency?

Treat the agency as a third party operating under your controls: require intake, pre-approval, and delivery of final files and change logs for retention. Do not allow direct publishing without your approval evidence. (17 CFR § 275.206(4)-7)

What should the annual review produce?

Produce a dated report that describes the testing performed, exceptions found, root causes, and remediation status. Examiners look for evidence that the review assessed adequacy and drove fixes. (17 CFR § 275.206(4)-7)

Can we approve a “slide library” instead of every deck?

Yes if your procedure controls assembly rules, versioning, and prohibits unapproved edits; you still need a control to ensure final outputs only contain approved components and required disclosures. Keep evidence showing the library version approved and how decks are constructed from it. (17 CFR § 275.206(4)-7)