BlogRIA
SEC Marketing Rule Email Compliance Guide for RIAs

SEC Marketing Rule Email Compliance Guide for RIAs

11 September 2025

Advisory firms that want to grow without getting smacked by enforcement are finding out the hard way that email marketing compliance is kind of a big deal now.

So here are some numbers that might make you pay attention. RIAs are managing $128.4 trillion across 56.7 million clients right now. The average firm spends about $15,900 a year just trying to stay visible. If you actually have a marketing strategy (and I mean a real one), you're pulling in 168% more leads and getting 50% more clients than firms that don't.

But the risks went up too. The SEC hit investment advisers with 97 enforcement actions in 2024. A lot of those were about emails and marketing that used to be fine.

When Your Email Becomes an "Advertisement"?

The old rules about what counts as advertising? Pretty much gone. The SEC decided to cast a really wide net, and honestly, it catches almost everything now.

There are two main ways your email gets flagged. First one is if you send it to more than one person and you're trying to get business. Mass emails, newsletters, those auto-responder things. Even if you send a one-off email but include some hypothetical performance data (like backtesting results), boom, that's advertising now.

Second way is if someone got paid to say nice things about you. Doesn't matter if it's cash, a gift card, or just a nice dinner. If compensation happened and you're using their words, you're in advertising territory.

Some examples that might surprise you. Email signatures with award logos or catchy taglines. Newsletters that say "call us for a free consultation." Any bulk email that pretends to be personal but really goes to hundreds of people.

And those one-on-one emails you thought were safe? Well, not if they have hypothetical performance data that nobody asked for specifically.

The compliance requirements kick in for all of this stuff. Documentation, substantiation of claims, the whole nine yards. If you're using template emails or big mailing lists without checking everything first, you're probably setting yourself up for problems.

Want to know how serious this got? In 2024, 90% of the big RIAs (over $100 billion AUM) said they were doing at least one marketing thing covered by the new rule. But only 31.6% of smaller firms said the same thing. Which probably means the little guys are just avoiding email marketing for financial advisors altogether because compliance got too complicated.

Testimonials and Third-Party 

So you can use testimonials and endorsements now, which is new. But there are strings attached. A lot of them.

If someone says something nice about you in an email, you have to tell people whether they're a client, how much you paid them (even small amounts), and any conflicts of interest. And this information can't be buried in some footnote or hidden behind a "click here" link. It has to be right there in the email where people can actually see it.

Even buying someone coffee as a thank-you counts as compensation that needs to be disclosed. For bigger payments, you need written contracts and you have to do background checks on these people to make sure they're not banned from the industry or anything. And you have to keep checking because someone who was fine six months ago might not be now.

Third-party ratings (like "Best Wealth Manager" awards) are allowed, but you have to prove the survey was fair. You need to disclose when the rating happened, who gave it, what time period it covered, and whether you paid for it.

The SEC's first big enforcement case under the new rule (August 2023) was Titan Global. They got fined for claiming "2,700% annualized" returns based on just three weeks of data. Plus they hid all the important details behind links that nobody was going to click on.

Performance Numbers in Emails

This is where most people mess up. They think some clever disclaimer will save them.

If you show gross performance, you have to show net performance too. Same size font, same place in the email. You need 1-, 5-, and 10-year numbers (unless you only do private funds). No picking just the good periods.

Hypothetical performance is tricky. You can't blast it out to everyone. It only goes to specific people where you can document why it's relevant to them. The SEC went after 14 firms in 2023 and 2024 for sending hypothetical returns in mass emails without proper policies.

Case studies where you highlight one successful investment? You can't just show that one winner. You have to include the overall portfolio performance for the same time period. The SEC changed their mind about this in March 2025 and said you can show gross-only extracted performance, but only if you also show the full portfolio's gross and net returns.

Here's what not to do: "Our strategy returned 12% last year!" with tiny footnote text saying net was actually 9.8%.

Here's what you should do: "Our strategy returned 12% gross and 9.8% net last year. Net is after all fees."

Most advisers say figuring out what needs to be shown "net of fees" is their biggest headache. That's why the SEC put out those March 2025 FAQs to try to clear things up.

What's Actually Happening with Enforcement?

SEC exam teams have been paying a lot more attention to emails lately. If you work in compliance or advise RIAs, you've felt it.

Marketing rule enforcement doubled between 2023 and early 2024. They opened 42 investigations just in Q1 of 2024 related to the marketing rule and Reg BI. That's the highest quarterly number since the rule started. About a third of those specifically mentioned "email campaigns with performance, testimonials, or endorsements."

Examiners want to see documentation of every marketing piece (not just website ads, but emails, templates, newsletters), proof that disclosures were actually prominent, how you check testimonials and performance numbers, whether your third-party ratings are legit, and whether you're really restricting hypothetical performance or just sending it to everyone.

It's not just the big firms getting hit. The SEC's March and April 2024 risk alerts called out smaller RIAs and regional firms as frequent violators. 68% of the firms that got dinged said they were confused about when an email is "single client" versus advertising. According to a 2024 SEC report, mass emails and repeated templates count as advertising no matter how personalized they look.

Some recent enforcement examples:

August 2023: Digital RIA paid $850,000 for emailing hypothetical returns to thousands of prospects without proper disclosures.

January 2024: Chicago firm had to recall hundreds of client emails because their testimonial quotes didn't mention compensation.

May 2024: Several advisors got cited for putting third-party awards in mass emails without saying they paid for them.

Regulators are looking at automated emails, template systems, even signature blocks. It's a lot.

A bunch of compliance teams are switching to AI review tools (Luthor included) because manual review takes forever and misses too much when you're dealing with high-volume outreach. Modern AI CCO tech can help quite a bit with these workflows.

Setting Up Your Review Process

The SEC wants proof that your system actually works, not just that you wrote some policy nobody follows. A solid compliance review process matters a lot here. The April 2024 SEC Risk Alert laid out what they consider best practices:

Keep everything. Every version of every marketing piece gets saved. Email templates, newsletter drafts, campaign reports. Not just the final version. Some firms run automated systems that backup marketing folders daily.

Get signoffs before sending anything. CCO, general counsel, compliance analyst, whoever. But document the approval with timestamps and reviewer names. Examiners ask for this stuff specifically.

Build a file for every claim you make. Performance calculations, testimonial compensation records, promoter contracts and background checks. Keep it organized because you'll need to find things quickly during exams.

Test whether your disclosures are actually visible. Run every mass email through a "plain text" version to see if the important stuff shows up without formatting. Understanding RIA compliance requirements helps make sure these tests mean something. (Luthor automates this now, which saves time.)

Track who gets what emails. For hypothetical performance especially, the SEC wants signed attestations or pre-qualification records for each recipient.

Do annual spot-checks of your actual process. Not just whether you wrote good policies, but whether they caught problems in practice. Some firms randomly sample client emails and run them through compliance review to see what happens.

Document exceptions clearly. If you ever claim an email isn't advertising (like a truly custom single-client message), write down why and keep that explanation with your records.

In the 2023-2024 marketing rule sweeps, 44% of midsize RIAs said they couldn't properly archive emails or could only recreate their history "with difficulty." More than a quarter couldn't prove they reviewed everything before sending.

This is where tools like Luthor make sense. Automated archiving, real-time review, one-click compliance documentation. Getting ready for exams becomes way less stressful. RIA compliance software is pretty much essential now if you want to scale marketing without compliance headaches.

Where Things Stand Now?

The Marketing Rule felt overwhelming when it first came out. But now that we've seen how enforcement works, it's clear that email isn't some compliance loophole anymore. Your inbox and outbox are marketing channels, and examiners treat them that way.

We're talking about $130 trillion in managed assets under rules that require substantiation for every claim, proper disclosure for every testimonial, and clean documentation for every third-party rating. There's not much room for error.

Most compliance teams are stretched thin. Everyone struggles with archiving, review processes, and evidence gathering, especially when marketing moves fast and reaches hundreds or thousands of people. You can hope nothing goes wrong, or you can get smarter about how you handle this stuff.

If you want to see how AI can catch things manual review misses, check out Luthor. Demo access is free and confidential: Request demo access.

Table of Contents
Table of Content 1
Want to see how Luthor increases your team's marketing output while staying fully compliant?
Request a Demo

Related Articles

Banking and Finance
Guides
June 16, 2025

RIA Compliance: Rules for Registered Investment Advisers

Navigate SEC regulatory requirements for registered investment advisers. Learn RIA compliance and how to stay compliant.

Read More

Software and Tools
Guides
June 11, 2025

RIA Compliance Software: Best Solutions For Investment Advisors

RIA compliance software solutions for registered investment advisors. Can they really streamline SEC compliance tasks?

Read More

Banking and Finance
Guides
July 1, 2025

New FInCEN AML Rule: Here's What RIAs Need to Know

FinCEN's 2026 AML Investment Adviser Rule clarifies exempt reporting requirements for financial institutions.

Read More

RIA
Guides
September 11, 2025

SEC Marketing Rule Email Compliance Guide for RIAs

SEC Marketing Rule email compliance guide for RIAs. Learn requirements, avoid violations, build defensible workflows.

Read More

RIA
Guides
July 31, 2025

Choosing Your RIA Custodian: Advisor's Guide to RIA Custody

This guide helps RIA firms understand the role of an RIA custodian & safeguard investment into advisor's tech stack

Read More

RIA
Guides
July 15, 2025

RIA Compliance Requirements: A Guide to Compliance for RIAs

RIA Compliance Requirements: guide for investment advisers firms to understand regulatory guidelines & avoid violations.

Read More

Luthor logo
Outsourced CCO, Reimagined with AI.
info@luthor.ai
128 King St Unit 300
San Francisco, CA 94107
Links
Case StudiesOur SolutionsTestimoniesWhy UsHomeFAQ
© 2025 Luthor, Inc. All rights reserved
GuidesTerms and ConditionsPrivacy PolicyLinkedIn logoX Social Media Logo