Third-Party Ratings Requirements

To meet the third-party ratings requirements under the SEC Marketing Rule, you can only include a third-party rating in an advertisement if (1) you give specific, clear disclosures about the rating and (2) you have a reasonable basis to believe the rating’s questionnaire/survey was structured fairly. Your process must document both the “fair survey” diligence and the “clear and prominent” disclosures. (17 CFR § 275.206(4)-1)

Key takeaways:

• You need both disclosures and diligence; disclosures alone are not enough. (17 CFR § 275.206(4)-1)
• “Reasonable basis” means you must collect and retain support showing the questionnaire was not engineered to generate favorable outcomes. (17 CFR § 275.206(4)-1)
• Build a pre-publication review gate for any marketing content that mentions awards, rankings, “Top adviser” lists, or star ratings. (17 CFR § 275.206(4)-1)

Third-party ratings show up everywhere in adviser marketing: “Top RIA” badges, star ratings, “Best of” awards, list placements, and platform rankings. The SEC’s Marketing Rule allows the use of these ratings, but only if you can demonstrate two things: the audience receives key context through required disclosures, and you performed diligence to form a reasonable basis that the underlying questionnaire or survey is fair. (17 CFR § 275.206(4)-1)

For a CCO or GRC lead, the operational challenge is repeatability. Marketing teams move quickly, and ratings are often brokered through third parties that do not volunteer methodology details unless asked. Examiners will typically focus on whether you can evidence the diligence and whether the disclosures are clear, prominent, and complete for the specific ad format (website, pitchbook, social, email, video). (17 CFR § 275.206(4)-1)

This page translates the third-party ratings requirements requirement into an implementation playbook you can deploy: intake controls, diligence questions to send to ratings providers, approval workflows, disclosure language building blocks, and the evidence set to retain so you can defend the rating’s inclusion during an exam. (17 CFR § 275.206(4)-1)

Regulatory text

Rule requirement (excerpt). “An advertisement may not include any third-party rating unless the adviser provides certain disclosures and has a reasonable basis for believing the rating questionnaire is structured fairly.” (17 CFR § 275.206(4)-1)

Operator interpretation. If any advertisement references a third-party rating, you must do two things before publication:

1. Disclose required context clearly and prominently (at minimum: date/time period of the rating, identity of the third party, and any compensation provided). (17 CFR § 275.206(4)-1)
2. Document a reasonable basis that any questionnaire/survey used to produce the rating is structured to make it equally easy to provide favorable and unfavorable responses and is not designed to produce a predetermined result. (17 CFR § 275.206(4)-1)

Plain-English interpretation

A third-party rating is allowed only if it is not misleading by omission and not “rigged” by design. The SEC expects you to treat a rating like any other marketing claim: verify the basis for it, show your work, and provide the audience enough context to understand what the rating actually represents. (17 CFR § 275.206(4)-1)

Who it applies to

Entity types: Investment advisers and fund managers that publish advertisements referencing third-party ratings. (17 CFR § 275.206(4)-1)

Operational contexts where this triggers quickly:

• Website badges (“Rated #1,” “5-star,” “Top Adviser 20XX”)
• Pitchbooks and RFP responses that include rankings or awards
• Social posts celebrating placements on lists
• Email campaigns and newsletters with “as seen in” or “award winner” claims
• Due diligence decks for institutional prospects where ratings appear as credibility markers

If it’s an “advertisement” under the SEC Marketing Rule and it contains a third-party rating, treat it as in scope and route through your control. (17 CFR § 275.206(4)-1)

What you actually need to do (step-by-step)

1) Create a “third-party rating” identification trigger

Build a simple intake checklist for marketing and IR teams. Flag any content that includes: rating stars, “Top,” “Best,” “Ranked,” “#1,” “Award,” “List,” “Badge,” “Survey,” or the name/logo of a ratings provider.

Control: No publication until the item is classified as either (a) third-party rating content or (b) not a rating. Keep the classification record. (17 CFR § 275.206(4)-1)

2) Standardize diligence on the rating methodology (reasonable basis file)

You need a reasonable basis to believe the questionnaire is fair. Practically, that means requesting and retaining information from the ratings provider (or intermediary) about how responses are collected and scored. (17 CFR § 275.206(4)-1)

Diligence questions to send (minimum set):

• Provide the questionnaire/survey instrument and scoring rubric used to generate the rating. (17 CFR § 275.206(4)-1)
• Explain how the survey is structured to make it equally easy to provide favorable and unfavorable responses. (17 CFR § 275.206(4)-1)
• Confirm the survey is not designed to produce a predetermined result (and describe design controls supporting this). (17 CFR § 275.206(4)-1)
• Provide the time period covered by the rating and the date of issuance. (17 CFR § 275.206(4)-1)
• Describe eligibility criteria (who can be rated; any gating that might bias outcomes).
• Describe selection methodology (who receives the survey, how respondents are chosen, whether participation is opt-in).
• Disclose whether the adviser or affiliates provided compensation in connection with the rating (fees to participate, licensing fees to display a badge, event sponsorship tied to inclusion). (17 CFR § 275.206(4)-1)

Practical standard: If the provider refuses to share enough detail for you to assess fairness, treat that as a compliance stop. Your “reasonable basis” cannot be a shrug. (17 CFR § 275.206(4)-1)

3) Draft “clear and prominent” disclosures that match the ad format

Your disclosures must be in the ad itself and readable for the medium. At minimum, include:

• Date and time period of the rating
• Identity of the third party that issued it
• Any compensation provided in connection with obtaining or using the rating (including fees tied to participation or display) (17 CFR § 275.206(4)-1)

Format examples (adapt to your facts):

• Website badge hover text + adjacent footnote disclosure
• Pitchbook footnote on the same page as the rating, not buried at the back
• Social post: abbreviated disclosure in the post text plus a link to a landing page disclosure (ensure the post itself still contains core facts)

Review test you can apply: A reader should not need to hunt for who issued the rating, when it applies, or whether you paid for it. If they do, the disclosure is not “clear and prominent.” (17 CFR § 275.206(4)-1)

4) Put third-party ratings into your marketing review workflow

Operationalize this as a gating step in your ad review process:

1. Marketing submits proposed ad + rating source materials.
2. Compliance checks required disclosures are present and formatted appropriately. (17 CFR § 275.206(4)-1)
3. Compliance reviews the reasonable-basis file for fairness of the questionnaire/survey. (17 CFR § 275.206(4)-1)
4. Approve, reject, or approve with edits.
5. Archive the final ad and the supporting file.

If you use Daydream to manage third-party risk and due diligence documentation, treat ratings providers as third parties and store the diligence package, approval decision, and disclosure template in one place so you can reproduce your support quickly during an exam.

5) Monitor for drift (ratings expire; disclosures become stale)

Third-party ratings are time-bound. Your ads and webpages often are not. Create an ongoing check to confirm:

• The rating is still within the disclosed time period and not presented as current when it is historical. (17 CFR § 275.206(4)-1)
• Compensation disclosure remains accurate if your commercial relationship changes. (17 CFR § 275.206(4)-1)
• The badge or award mark is used per the provider’s license terms (a mismatch can create accuracy and supervision risk).

Required evidence and artifacts to retain

Maintain a “third-party rating substantiation packet” per rating instance (or per campaign, if the same rating is reused consistently). Include:

• Final versions of each advertisement that includes the rating (screenshots for web/social). (17 CFR § 275.206(4)-1)
• Disclosure text exactly as shown to the audience, with placement evidence (“clear and prominent”). (17 CFR § 275.206(4)-1)
• Ratings provider due diligence: questionnaire/survey instrument, methodology description, scoring approach, respondent selection approach, and your internal assessment notes mapping to fairness expectations. (17 CFR § 275.206(4)-1)
• Compensation record: invoices, contracts, licensing agreements, sponsorships, or emails confirming whether any compensation was provided. (17 CFR § 275.206(4)-1)
• Approval record: who reviewed, what changes were required, approval date, and the final approval outcome.
• Version control: if disclosures or the ad change, keep prior versions and the reason for change.

Common exam/audit questions and hangups

Expect these lines of inquiry:

• “Show me the backup for this rating and why you believe the survey was fair.” (17 CFR § 275.206(4)-1)
• “Where do you disclose the time period and who issued it?” (17 CFR § 275.206(4)-1)
• “Did you pay anything to participate, be considered, or display the badge?” (17 CFR § 275.206(4)-1)
• “How do you prevent stale ratings from staying on the website?”
• “Who approves ads, and how do you know all ads flow through the process?”

Hangup to avoid: producing a glossy award PDF without the underlying methodology support. That fails the “reasonable basis” expectation even if the award is real. (17 CFR § 275.206(4)-1)

Frequent implementation mistakes (and how to avoid them)

1. Treating badge licensing as “not compensation.” If you paid to obtain, participate in, or display the rating, capture it and disclose it as compensation. (17 CFR § 275.206(4)-1)
2. Relying on a provider’s reputation instead of diligence. “They’re well known” is not a documented reasonable basis about survey structure. Request the survey details. (17 CFR § 275.206(4)-1)
3. Disclosures in a separate document only. If the ad contains the rating, the ad should carry the disclosure in a clear and prominent way for that medium. (17 CFR § 275.206(4)-1)
4. Time period missing or vague. “2024 winner” without the covered period invites questions. Keep it precise and consistent. (17 CFR § 275.206(4)-1)
5. One-and-done approvals. Web content persists. Add a re-check trigger whenever the site is updated or when marketing renews a badge license.

Enforcement context and risk implications

No public enforcement cases were provided in the source catalog for this requirement, so this page does not cite specific actions. The risk is still concrete: a noncompliant rating can render an advertisement noncompliant under the Marketing Rule, creating exam findings, remediation demands, and broader questions about your marketing review controls and supervision. (17 CFR § 275.206(4)-1)

Practical execution plan (30/60/90-day)

Time-boxing is helpful, but you still need something your team can execute quickly. Use this phased plan.

First 30 days (Immediate stabilization)

• Inventory all live ads and webpages that mention awards, rankings, or ratings; triage which are third-party ratings. (17 CFR § 275.206(4)-1)
• For each live rating, confirm disclosures exist for date/time period, identity of the third party, and compensation. Remediate placements that are buried or missing. (17 CFR § 275.206(4)-1)
• Stand up a “no rating without a packet” rule: new marketing cannot publish a rating without a substantiation packet and compliance approval. (17 CFR § 275.206(4)-1)

Next 60 days (Build repeatable controls)

• Publish a third-party rating SOP: intake triggers, diligence questions, required disclosures, and approval workflow steps. (17 CFR § 275.206(4)-1)
• Create disclosure templates for common channels (website, pitchbook, social).
• Centralize evidence retention (a single repository). If Daydream is already your third-party system of record, store provider diligence and the ad approval record there for retrieval.

Next 90 days (Operational hardening)

• Add monitoring: periodic checks for stale ratings and disclosure accuracy, plus a change-management trigger for site refreshes. (17 CFR § 275.206(4)-1)
• Train marketing, IR, and senior leadership on the trigger words and the “no packet, no publish” rule.
• Test your process: select a sample rating and run a mock exam request to confirm you can produce the packet quickly and completely. (17 CFR § 275.206(4)-1)

Frequently Asked Questions

Does an “award” count as a third-party rating?

If the award reflects a third party’s evaluation, ranking, or survey-based outcome and you include it in an advertisement, treat it as a third-party rating and apply the disclosures and diligence requirements. (17 CFR § 275.206(4)-1)

What counts as “compensation” that must be disclosed?

If you paid the rating provider (or an affiliate) in connection with obtaining the rating or displaying it, capture that as compensation and disclose it in the ad. Keep invoices or contracts to support what you disclosed. (17 CFR § 275.206(4)-1)

The ratings provider won’t share the questionnaire. Can we still post the badge?

You need a reasonable basis to believe the questionnaire/survey is structured fairly. If you cannot obtain enough information to form and document that basis, you should treat it as a blocker to use in advertisements. (17 CFR § 275.206(4)-1)

Can we put the disclosures only on a separate “Disclosures” webpage?

The rule requires disclosures in connection with the advertisement. A separate page can support longer-form context, but the ad itself should still clearly and prominently state the required core disclosures. (17 CFR § 275.206(4)-1)

How do we handle social posts with tight character limits?

Put the required core disclosures in the post text in abbreviated form and link to a landing page for expanded disclosures, but do not omit the date/time period, identity of the third party, or compensation from the post itself. (17 CFR § 275.206(4)-1)

We reuse the same rating in multiple pitchbooks. Do we need a new diligence file each time?

You can reuse the same substantiation packet if the rating, time period, provider, and compensation facts are the same. You still need to retain each final ad version and confirm the disclosure placement works in that specific format. (17 CFR § 275.206(4)-1)