At the tail-end of 2022, the Securities and Exchange Commission (SEC) brought into force long-awaited (60 years awaited, to be precise) amendments to Advisers Act Rule 206(4)-1. These amendments brought into effect wide-ranging changes to the way in which financial institutions can market and advertise their services and products. The amendments consolidated various rules into one overarching ‘Marketing Rule’ – one rule to rule them all.
In September 2022, ahead of the November 2022 implementation date, the SEC issued a Risk Alert which struck fear in the hearts of many ill-prepared compliance teams. This Risk Alert warned that the SEC would be conducting imminent thematic reviews to assess how well firms were complying with the new rules. Firms were not ill-prepared out of idleness, however, but because of a lack of clarity from the SEC – as well as myriad issues ranging from data access to data quality and beyond.
The rule came into force on November 4, 2022, and – as promised – the SEC has been conducting thematic reviews, chiefly focusing on:
- Policies and procedures
- Whether claims are substantiated
- Whether advisers are complying with the new rule
- Whether firms are keeping up with new books and records requirements
On June 8, 2023, the SEC published yet another Marketing Rule-related Risk Alert, this time confirming that, while it will continue to focus on the areas set out in its 2022 Risk Alert, it will now be upping the ante and focusing on three more areas:
- Testimonials and endorsements
- Third-party ratings
- Form ADV submissions
New rules for new tech
On the same day, the FCA published “tough” new rules for the marketing of cryptoassets. Though not strictly in the same league as the SEC’s Marketing Rule, the new rules are definitely in the same ballpark, and represent a wider regulatory concern about how financial institutions are selling and engaging with consumers.
The FCA’s new rules oblige crypto firms to “ensure that people have the appropriate knowledge and experience to invest in crypto”. As well as targeting misleading adverts, the regulator also wants to see clear risk warnings for crypto, and aims to ban investment incentives such as those that encourage investors to “refer a friend” or offer “new joiner bonuses”.
Crypto firms, the FCA says, will need “adequate due diligence” to ensure that any financial promotion is “fair, clear, and not misleading”. It is likely that they will new tools to ensure they are capturing any communications that take place.
New tools for new rules
In January, we suggested that the majority of individuals we spoke to were adopting a “wait and see” approach to new marketing rules. The SEC’s latest Risk Alert will likely change that approach.
Among the numerous amendments that have been made, recordkeeping emerges as a troublesome priority. September’s Risk Alert made this clear:
“Advisers Act Rule 204-2 (Books and Records Rule), as amended, will require investment advisers to make and keep certain records, such as records of all advertisements they disseminate, including certain internal working papers, performance related information, and documentation for oral advertisements, testimonials, and endorsements.”
Not only must firms implement new policies, procedures, and controls – not only must they ensure that claims can be substantiated – not only must they submit the right form at the right time – firms must also capture all of this information, and be ready to show the regulator when asked … and ask they shall.
This is no mean feat, as many will be aware. Compliance teams must engage with marketing teams, sales teams, the trading floor, and numerous other stakeholders to ensure that they are saying the right thing to the right people. As well as this, they will need to monitor every channel, from social media through to email, and even printed brochures. The list is long, and the potential for non-compliance is high.
Compliant communication technology may become a necessity here. Manual checks will not suffice, and legacy communication data storage methods may prove clunky or ineffective in the event of a thematic review.
Compliance teams should ask these five critical questions
- Are you confident that key stakeholders are aware of new compliance requirements and adapting their messaging accordingly?
- Are you capturing all external communications regarding products and services across all channels, and storing them in a secure, accessible archive?
- Are you able to continuously monitor communications to ensure that your compliance training is being heard and followed across key business lines?
- Do you have a system in place to flag risk where non-compliance looks likely?
- If the regulator came knocking, could you easily and quickly present them with clear communications data to demonstrate that you are adhering to new rules?