FINRA Rules on Advertising: A Guide for Fintechs
·
20 min read
FINRA rules on advertising are among the most scrutinized and misunderstood areas of compliance in the financial services space.
For broker-dealers, fintech startups, and hybrid models blending traditional and digital products, these rules shape how firms communicate with customers, and how regulators evaluate those communications.
This article breaks down what the rules say, how they apply in digital environments, which common marketing tactics create risk, and how to build an effective advertising compliance process from day one.
At InnReg, we help broker-dealers and fintechs design, review, and manage advertising compliance under FINRA Rule 2210. From registration and policy development to ongoing supervision and recordkeeping, our team supports marketing teams operating in regulated environments.
What Are FINRA Rules on Advertising?
The Financial Industry Regulatory Authority’s (FINRA) rules on advertising govern how broker-dealers and related entities communicate with the public about financial products and services. They define what’s considered a communication, set the standards for what you can and cannot say, and outline who must review and approve these materials before they’re published.
The main goal is to protect investors from misleading, unbalanced, or incomplete information. That includes not only traditional ads but also websites, social media, mobile apps, and investor presentations. Anything that promotes a product or influences how a firm is perceived may fall under these rules.
If a firm markets investment products, whether through paid placements, social media, or push notifications, it operates within FINRA’s jurisdiction. For fintech firms that move fast, launch frequently, and push into new formats, these advertising rules are a part of daily operations.
Why They Exist and Who They Are Meant to Protect
FINRA’s advertising rules are grounded in investor protection. They exist to prevent firms from overstating benefits, downplaying risks, or omitting information that investors need to make informed decisions.
These rules do not target innovation but misrepresentation. Whether a firm is marketing a basic brokerage account or a hybrid product involving crypto or derivatives, the message has to be accurate, balanced, and complete.
It is not just about checking a box. It is about credibility. If a firm is promoting financial services to the public, regulators want to know that what’s being said holds up under scrutiny.
How Fintech Should Approach FINRA Rules on Advertising
Traditional financial firms tend to treat marketing compliance as a routine legal review. Fintech companies do not have that luxury. They move faster, experiment more often, and tend to communicate through non-traditional channels.
That pace and style come with added risk. FINRA does not make exceptions for startups, and creative marketing that skips a required disclosure or implies performance can quickly draw regulatory attention.
The smartest fintechs treat FINRA rules on advertising as an early design constraint, not a last-minute filter. That means pulling compliance into the content planning stage, not just reviewing drafts before launch. It also means documenting every approval, every disclosure, and every communication that could influence an investment decision.
Firms that have worked with an outsourced compliance team like InnReg have found that this upfront coordination often saves time and rework. When advertising compliance is baked into workflows from the start, it’s much easier to scale without backpedaling later.
See how InnReg helps fintech build advertising and marketing compliance programs →
Who Needs to Follow FINRA’s Advertising Rules
FINRA’s advertising rules apply broadly across the financial services industry. Before diving into how the rules define advertising, it’s important to understand which firms and individuals are subject to these requirements, and why many fintechs operating under or alongside broker-dealer licenses are included.
Covered Firms and Personnel
FINRA’s advertising rules apply to all member firms, regardless of business model, size, or product focus. That includes traditional broker-dealers, clearing firms, and digital-first platforms offering securities through licensed entities.
Fintech companies often fall under these rules through direct registration or partnerships with regulated intermediaries. Even if a startup does not hold its own FINRA membership, its marketing activity may still be subject to review if it is promoting services that rely on a broker-dealer relationship.
The rules also extend to individuals. Registered reps, supervisory principals, and anyone associated with the firm are within scope. Any content promoting regulated services to the public is fair game: posts on social media, scripted videos, sales presentations, and even event panel appearances.
What Counts as a “Communication” Under the Rules
Under FINRA Rule 2210, the term “communication” is intentionally broad. It covers any public-facing content that promotes a firm’s products, services, or brand, whether written, visual, or spoken.
The format does not matter. The intent does. If a message is designed to attract clients, encourage investment activity, or shape how the firm is perceived, FINRA likely considers it a communication subject to advertising rules. That includes content created internally or by third parties acting on the firm’s behalf.
FINRA Rule 2210: Core Requirements and Definitions
Rule 2210 is FINRA’s foundational advertising rule. It defines how communications are categorized, reviewed, and regulated, especially those aimed at retail investors. For any firm operating under a FINRA license, this is the rule that shapes the compliance process around advertising.
Category | Audience/Scope | Examples | Review Requirements |
|---|---|---|---|
Retail Communication | More than 25 retail investors within 30 days | Social posts, landing pages, newsletters, marketing emails | Pre-use principal approval; some require FINRA filing |
Correspondence | 25 or fewer retail investors within 30 days | Investor emails, DMs, text replies | No pre-approval; subject to supervision and periodic review |
Institutional Communications | Banks, insurance companies, registered investment advisors | Market updates, pitch decks for institutions, investor memos | No pre-approval; must be supervised under written procedures |
Static Content | Public-facing content that persists (e.g., websites, app stores) | Website copy, LinkedIn bios, app store listings | Pre-use principal approval required |
Interactive Content | Real-time communication (e.g., replies, live chats) | Comment replies, webinars, live Q&A sessions | No pre-approval; must be monitored and supervised |
FINRA Filings Triggers | Specific content types outlined in Rule 2210 | New member retail content, mutual fund ads, options promotions | Pre-use or post-use FINRA filing, depending on firm status and product type |
See also:
Retail, Institutional, and Correspondence Communications
FINRA divides communications into three types: retail, institutional, and correspondence. The category determines how the content must be reviewed, supervised, and stored.
Retail communications are sent to more than 25 retail investors within a 30-day period. This includes social media posts, newsletters, landing pages, and marketing emails. These materials require pre-use approval by a registered principal and, in some cases, must also be filed with FINRA.
Correspondence refers to one-on-one or small-group messages (25 or fewer retail investors in 30 days). Think individual investor emails, text replies, or direct messages. These don’t require pre-approval, but they must be supervised through spot checks or periodic review.
Institutional communications are meant for professional audiences (think banks, insurance carriers, and registered investment advisors). They are not subject to pre-approval, but that does not mean they go unchecked. Firms are still expected to have clear, written procedures in place to monitor them. And even though these audiences are more financially experienced, the messaging still has to be fair and accurate.
Need help with broker-dealer compliance?
Fill out the form below and our experts will get back to you.
Static vs. Interactive Content
FINRA also categorizes content as either static or interactive, which directly impacts approval and supervision requirements.
Static content is fixed and viewable over time, like website copy, app store listings, or a firm’s LinkedIn “About” section. Because this content persists and can influence a broad audience, it generally requires principal approval before first use.
Interactive content involves real-time engagement, such as replying to social media comments, participating in live webinars, or responding to investor questions on messaging platforms. This content does not require pre-approval, but firms must still monitor it for compliance risks.
The difference between static and interactive content changes how firms handle reviews. Static materials typically go through a structured approval process, while interactive posts call for strong supervision, ongoing training, and a clear escalation path.
InnReg supports fintechs by helping them establish supervision processes across their platforms →
What Triggers Filing and Principal Review
FINRA Rule 2210 outlines two separate layers of oversight: internal approval by a registered principal and, in some cases, external filing with FINRA.
Principal approval is required for most retail communications before they go live. This includes static content like paid ads, one-pagers, and mobile onboarding flows. Firms must document these approvals and archive the reviewed version.
Some established firms are allowed to file certain materials with FINRA after publication, usually within 10 business days. For firms with frequent releases or multi-channel campaigns, keeping track of these deadlines is essential to avoid gaps in compliance.
FINRA Advertising Rules for Digital Channels
Rule 2210 applies to digital content the same way it does to traditional formats, but the pace and visibility of digital channels raise the stakes. Fintech firms pushing content across social media, apps, and web platforms often face more scrutiny simply because of how fast and wide their messages travel.
Whether it’s a homepage call-to-action, an app store description, or a short social media caption, if the content promotes a regulated product or firm, it counts. Compliance reviews need to account for how the content will be consumed, not just how it’s written.
Core digital formats typically covered under Rule 2210 include:
Social media: Everything from one-off tweets to full campaign assets: bios, comments, pinned posts.
Web and landing pages: The front door of most fintech platforms: product overviews, pricing, FAQs, and investor content.
App environments: Mobile copy, nudges during onboarding, and how the firm presents itself in app stores.
Email and blogs: Recurring newsletters, marketing blasts, and written articles used for education or lead capture.
A post being short or published quickly does not reduce the compliance burden. Digital communications are held to the same expectations as a printed brochure or a scripted pitch. That means teams need consistent controls in place, regardless of format.
How FINRA Rules Apply to Fintech Marketing in Practice
Products that combine brokerage, payments, or crypto are not unusual in fintech. What draws attention is not the stack. It’s how those products are described in public-facing materials.
Embedded Finance, Crypto, Hybrid Models
Products that blend brokerage with banking, crypto, or payments often fall into regulatory gray zones. FINRA does not regulate the product itself. It evaluates how that product is marketed under Rule 2210.
That means if a firm offers fractional shares through a rewards card or promotes crypto trading alongside securities, the advertising must clearly state what is and isn’t regulated, which entity is responsible for each component, and whether protections like SIPC coverage apply.
The more complex the structure, the more important it is that marketing teams collaborate closely with compliance. Overlooking a disclosure or implying protections that don’t exist is one of the fastest ways to draw regulatory attention.
Third-Party Vendors, Embedded Content, and Marketing Partnerships
In FINRA’s view, involvement is what creates responsibility. Sharing, funding, or revising a third-party ad can place the burden on your firm, even when the original version came from outside.
Scenarios that often trigger this include:
Co-branded campaigns with partners or affiliates
Sponsored articles or videos produced by outside vendors
Influencer posts tied to your product or brand
Embedded calculators or widgets that relate to investment offerings
Once the firm is involved, the same advertising standards apply. That means supervising the content, documenting any approvals, and filing with FINRA when required.
Learn how InnReg helps fintechs manage and mitigate vendor risks →
See also:
Common Fintech-Specific Problem Areas
Trouble often starts when a firm markets a hybrid product without clearly stating which parts are regulated.
Performance stats can add to the confusion, especially if they are framed without proper context. Even casual posts from a founder can create exposure if they’re seen as promoting investment services.
These are not rare mistakes. They show up often in fast-moving teams trying to get to market quickly.
Content Standards Under FINRA Rules on Advertising
At the heart of FINRA’s advertising rule is a clear expectation: firms must communicate in a way that’s fair, balanced, and not misleading. But turning that principle into practice, especially in fast-moving digital campaigns, is rarely straightforward.
Fair, Balanced, and Not Misleading
It is fine to talk about what makes a product valuable. However, when showing the upside, firms also have to talk about the risks. And if the performance is included, it should be represented within a context that tells a complete story.
Statements that omit material facts, rely on vague comparisons, or overemphasize upside without balancing downside can all cross the line. Being “balanced” doesn’t just mean adding fine print. It means writing in a way that allows the audience to make an informed decision.
This standard applies regardless of format. Whether it is a tweet, a video, or a landing page, the message needs to hold up under regulatory scrutiny.
Risk Disclosure Placement and Clarity
Disclosures are only effective if people actually see and understand them. Burying a risk statement at the bottom of a page or cramming it into a footnote does not meet FINRA’s standards. This is especially true when the rest of the message is bold, simplified, or emotionally charged.
To be compliant, disclosures should be clear, readable, and placed close to the claim they explain. That includes font size, contrast, and timing. In short-form content, like social posts or app screens, this often means striking a balance between brevity and visibility.
The goal is to give the reader a fair shot at understanding what they’re looking at before they act on it.
Misleading by Omission
Leaving out key facts can be just as risky as making a false claim. If a piece of content creates a positive impression but skips details that would change how someone interprets it, that is a problem under Rule 2210.
This often shows up when performance is highlighted without context, or when product risks are left out entirely. Even if everything stated is technically true, omitting relevant information can still mislead investors, especially in short-form formats like emails or in-app banners.
Compliance reviews should focus not only on what’s being said, but also on what’s missing. If a reasonable investor would need additional details to understand the offer, it belongs in the communication.
Use of Graphics, Charts, and Visual Emphasis
Visuals can amplify a message, but they can also distort it. Charts that zoom in on performance, graphics that highlight upside without mentioning risk, or layouts that downplay disclosures all raise red flags.
The concern is not about using visuals. It is about how they influence interpretation. If a design choice leads a reasonable investor to walk away with a skewed view of the product, it is likely noncompliant.
Compliance teams should look at how the layout, emphasis, and visual hierarchy work together, not just the words.
What’s Not Allowed in FINRA-Compliant Advertising
Some marketing tactics that work well in consumer tech fall flat under FINRA rules. The issue is compliance, not creativity. When a message overreaches, skips a key disclosure, or leans too hard on comparisons, it can violate Rule 2210.
Below are common pitfalls fintech teams should actively avoid:
Promissory or Exaggerated Claims
Promising results, outcomes, or certainty in marketing copy is one of the fastest ways to trigger a violation. FINRA does not expect firms to strip out every positive statement, but the tone must be grounded, and the claims must be supportable.
Phrases like “you can’t lose,” “guaranteed income,” or “top-tier returns” raise red flags. Even softer language, like “safe” or “best in class”, can be problematic if it implies a level of assurance that isn’t backed by data and properly disclosed.
The standard is simple: if the message could reasonably lead someone to overestimate the benefit or underestimate the risk, it’s likely noncompliant.
Download our free Compliance Glossary for Fintech Marketing to identify high-risk language and use regulator-friendly alternatives with confidence →
Performance Projections
Stating or implying future returns is a common area of noncompliance, especially in fast-paced fintech marketing. Even if performance modeling is part of the product, FINRA rules limit how projections can be presented.
Forward-looking statements must be clearly labeled as hypothetical. They should include assumptions, risks, and a clear explanation that actual results may differ. Leaving out those elements, even in a chart or visual, can make the content misleading.
This is not about avoiding data altogether, but how the numbers are framed. If the projection could be mistaken for a promise or prediction, it needs a closer look.
Testimonials Without Disclaimers
Testimonials carry weight, especially when they come from early users, founders, or influencers. But under FINRA rules, using testimonials without context or proper disclaimers can lead to serious compliance issues.
If a testimonial mentions a specific result or experience, the firm must clearly state that outcomes may vary. If there is a material relationship, like compensation or affiliation, it needs to be disclosed. The same applies whether the testimonial is in a video, on social media, or embedded in a landing page.
Endorsements aren’t off-limits, but they come with strings attached. Without disclosures that explain the connection and scope, even a short quote can cross the line.
Problematic Comparative Claims
Comparative marketing is allowed under FINRA rules, but only if handled with precision. Any comparison must be accurate, balanced, and complete, not framed in a way that exaggerates advantages or downplays relevant facts.
A firm that markets itself as “better,” “cheaper,” or “faster,” must back up those claims with reliable, up-to-date data. Selective metrics or vague references can mislead, even if unintentionally.
FINRA looks beyond the headline. If a comparison leaves out material information or creates an unfair impression, it may be deemed noncompliant. Every comparative claim should be evaluated not only for accuracy but for how the intended audience might interpret it.
FINRA and Paid Influencer or Testimonial Campaigns
Fintech teams are turning to influencer and testimonial campaigns more often. Those efforts still fall under Rule 2210. When third parties promote a firm’s services, the responsibility does not end with the post. Oversight, disclosure, and involvement all factor into compliance.
If the message promotes a regulated product or firm, and the firm had any role in shaping, funding, or distributing it, the communication may be subject to the same standards as in-house marketing.
Adoption and Entanglement | Disclosures for Paid Promotions | Supervision of Social Partnerships |
|---|---|---|
If a firm republishes, links to, edits, or funds third-party content, it is responsible for compliance. This includes a full review, disclosure, and recordkeeping. | Paid relationships must be clearly disclosed near the promotional content. Profile disclaimers or buried links are not sufficient. | Firms must review, monitor, and archive influencer content that promotes regulated services. Escalation procedures are expected for off-script or risky posts. |
Examples of Advertising That Can Trigger Regulatory Scrutiny
Marketing risk is not always about what is said. It is about how and when. When review cycles are skipped or shortened, things slip through. And those gaps often surface in FINRA reviews.
Common areas that continue to draw scrutiny include:
Crypto-as-cash comparisons: Suggesting digital assets are as stable or protected as traditional cash or insured accounts, without disclaimers.
“Zero-risk” investing claims: Promises of safety or guaranteed returns, often embedded in gamified user flows.
Gamified interfaces that drive behavior: Badges, streaks, or push notifications that encourage frequent trading or impulsive actions.
Charts or graphics without full context: Highlighting returns without showing the time period, risk profile, or relevant disclaimers.
These are common patterns, not edge cases. A robust marketing-compliance process is key to avoiding them.
Recordkeeping and Retention
FINRA’s advertising requirements extend beyond message content and disclosure. Firms are also expected to maintain complete records of communications, including internal approvals, external filings, and supervisory documentation. This applies to material produced in-house as well as anything third parties develop or distribute.
Rule 2210 ties directly into FINRA Rule 4511 and SEC Rule 17a-4, which set clear expectations for recordkeeping. These rules require firms to preserve communications for at least three years, with the first two years readily accessible.
In practical terms:
Marketing emails, social media posts, and app screens that reference a regulated product must be archived.
Firms are required to retain documentation showing who approved the material, what changes were made, and whether a filing was submitted.
Communications that occur off official platforms, such as text messages or unsanctioned chat apps, may create compliance risk if they are not properly monitored or stored.
Recordkeeping is not a formality. It is fundamental to how FINRA evaluates a firm’s advertising compliance program.
SEC Rule 17a-4 and FINRA Rule 4511
Two core rules shape how a firm must retain advertising records: SEC Rule 17a-4 and FINRA Rule 4511. These are the baseline obligations for any firm covered by FINRA’s advertising requirements.
SEC Rule 17a-4 sets the technical requirements for storage:
Communications must be preserved in a non-erasable, non-rewritable format (WORM-compliant).
Records must be kept for at least three years, with immediate access for the first two.
The rule covers both internal and external communications, including digital formats.
Learn more about SEC Rule 17a-4 →
FINRA Rule 4511 reinforces that recordkeeping must align with applicable SEC rules and FINRA procedures. It also requires firms to have written policies governing how records are maintained and supervised.
Together, these rules mean that ads, emails, social posts, app copy, and approval records must be archived, and that archive must be searchable, accessible, and secure. It’s not enough to store screenshots or PDFs; retention systems must meet technical and procedural standards.
See also:
What Fintechs Must Archive
Advertising compliance is not only about pre-launch review but also about what the firm can prove after the fact.
To meet FINRA and SEC expectations, firms must maintain a full record of communications and related approvals, even when content is digital, short-form, or distributed by third parties.
This includes:
Final versions of all marketing materials, including websites, landing pages, emails, paid media, mobile copy, and app store listings.
Records of internal approvals, including who signed off, when, and what version was approved.
Any communication with FINRA, such as filings under Rule 2210, reviewer comments, and revisions.
Associated disclosures, disclaimers, and risk language that support the marketing content.
Third-party content that the firm funds, edits, republishes, or is otherwise entangled with, including influencer posts, co-branded campaigns, and embedded tools.
Merely saving screenshots or storing files on shared drives is not sufficient. Records must be archived in a way that satisfies WORM (write once, read many) requirements and must be readily accessible during the required retention window.
How Off-Channel Messages Create Risk
Some of the highest-risk activities do not occur in planned campaigns. It happens in everyday communication. When employees use channels that are not monitored or archived, problems tend to go unnoticed until it is too late.
Private messaging apps, personal inboxes, and unsanctioned posts on social media can all raise red flags. If they include product references, performance claims, or suggest affiliation with the firm, they fall within scope.
The firm’s intent is not the issue. The issue is the firm’s lack of oversight, documentation, and archiving. Regulators expect firms to control how their brand and services are discussed, even in fast-moving formats.
Building a FINRA-Compliant Advertising Review Process
Fast-moving teams need a process that keeps up with publishing speed without sacrificing compliance. That means building workflows that catch issues before content goes live, track what was approved, and retain what was published.
Pre-Use Checks
Marketing content should not be published until it has gone through a full internal review. This includes assigning the appropriate principal, checking for required disclosures, and documenting who approved it and when.
A well-built process provides a full record of changes, decisions, and sign-offs; especially important for static or evergreen content aimed at retail audiences.
Filing Triggers
Filing requirements under Rule 2210 do not apply to every piece of content, but when they do, timing matters. Some materials (e.g., options ads, fund promotions, or retail communications during a firm’s first year) trigger specific obligations.
Firms should build workflows that flag these items early. Some content must be filed before launch, while others fall under a post-use deadline. Either way, guessing or filing late is not a strategy.
Disclosure Verification
Disclosures are a key part of what regulators examine. Each communication should be reviewed to confirm that required disclaimers are accurate, clearly worded, and placed near the claim they support.
This includes font size, readability, and how the disclosure interacts with other visual or emotional elements in the design.
Weak placement or unclear wording can render the disclosure ineffective, even if technically present.
Archiving and Supervision
Once content is approved and distributed, the compliance responsibility does not end. Firms must archive final versions along with supporting materials, including the approval chain, any edits, and the date of distribution.
These records must be retained in a compliant format (WORM-compliant if required), with secure, searchable storage. Supervision continues post-publication as well. Teams should have procedures in place to review ongoing campaigns, catch potential issues, and escalate concerns as needed.
—
FINRA’s advertising rules are not built to slow down innovation; they are built to keep investor communications grounded, clear, and complete.
For fintech firms operating at speed, compliance must be part of the design, not just a final check before launch.
The more complex the product, the more critical it is to document what is said, how it is said, and where it is distributed.
Teams that treat Rule 2210 as a strategic input, rather than an afterthought, are better positioned to scale without running into avoidable regulatory problems.
FAQs About FINRA Rules on Advertising
What Are the Rules for Advertising?
FINRA lays out its advertising requirements in Rule 2210. The rule focuses on making sure firms communicate in a way that is clear, fair, and not misleading. It also outlines who is responsible for reviewing content, when filings are required, and how long firms must retain their records. These standards apply across both digital and traditional formats: websites, emails, apps, and social media included.
What Is the 5% Rule in FINRA?
The “5% Rule” is an older guideline, not part of Rule 2210, that relates to markups, markdowns, and commissions charged by broker-dealers. It suggests that firms should not charge more than 5% on trades, though it is not a strict limit. Instead, FINRA expects firms to consider a range of factors to determine whether a charge is reasonable and fair. This guideline is often confused with advertising rules, but relates to pricing conduct.
What Is the FINRA Rule 3210 Requirement?
Rule 3210 governs accounts opened by associated persons of FINRA member firms. It requires employees to obtain written authorization from their employing Member Firm and provide written notification to the executing firm when opening personal brokerage accounts. While not directly tied to advertising, it reflects FINRA’s broader concern with transparency and supervision, principles that also apply to how employees promote firm services or products.
Are Financial Advisors Allowed to Advertise?
Yes, but there are strict limits on what they can say and how they say it. Advisors affiliated with FINRA member firms must follow Rule 2210. That means obtaining required approvals, using compliant disclosures, and avoiding misleading claims. Even personal social media accounts can fall under these rules if they are used to promote the firm or its services.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with broker-dealer compliance, reach out to our regulatory experts today:
Related Articles
Featured LinkedIn Posts
