SEC Examinations Issues Marketing Rule Risk Alert: New Compliance Observations for RIAs

The SEC Issues a Marketing Rule Risk Alert—What RIAs Should Do Now

On December 16, 2025, the SEC’s Division of Examinations published a new Risk Alert: “Additional Observations Regarding Advisers’ Compliance with the Advisers Act Marketing Rule.” SEC

This update is narrowly focused, but high impact: it highlights exam observations tied to (1) testimonials and endorsements and (2) third-party ratings under Advisers Act Rule 206(4)-1 (the “Marketing Rule”).

The SEC is essentially reminding advisers that “marketing” isn’t a creative function you approve once. It’s a supervisory control surface. And if your program can’t produce a clean, repeatable record of what was reviewed, what was disclosed, and how you supervised promoters and ratings, you’re carrying avoidable regulatory risk.

Note: As with other Risk Alerts, this reflects staff observations and “has no legal force or effect.”

Why this matters for compliance leaders

Marketing Rule compliance is no longer just about “what the ad says.” It’s about whether your firm can show, on demand:

• the right disclosures were delivered at the right time
• your team exercised reasonable oversight
• you kept books-and-records quality documentation
• your policies were implemented, not just updated

This theme has been building across prior SEC Risk Alerts (2022, 2023, 2024).
The 2025 alert is the next step: more specificity, more operational expectations, more focus on the edges—social media, “d/b/a” websites, lead-gen networks, and referral mechanics.

What the SEC observed: Testimonials and endorsements

1) Disclosures weren’t delivered when the endorsement/testimonial was disseminated

The staff’s most common issue: required disclosures weren’t provided at the time the testimonial/endorsement went out.

Where this shows up in the real world:

• testimonials on adviser sites (including “d/b/a” sites)
• social media influencers and referral networks
• “refer-a-friend” programs where compensation is viewed as “small” or informal

2) “Clear and prominent” didn’t mean what some firms treated it as

The staff flagged disclosure practices that didn’t appear “clear and prominent,” including:

• relying on hyperlinks instead of including disclosures with the testimonial/endorsement
• using smaller/lighter font or otherwise burying disclosures

3) Compensation and conflicts were disclosed too generically—or not at all

The Risk Alert calls out missing disclosure of:

• the material terms of compensation arrangements
• material conflicts tied to promoter relationships and compensation structures

This is especially relevant in influencer and lead-gen contexts, where “referrals” and “promotion” can blur quickly without disciplined oversight and documentation.

4) Oversight expectations: “reasonable basis” + written agreements (and proof)

The SEC also observed gaps around:

• demonstrating a reasonable basis for believing promoter disclosures were handled properly
• maintaining written agreements with paid promoters (when required)
• documenting supervision in a way that actually supports the “reasonable basis” standard

5) Watch the de minimis trap

The alert highlights situations where advisers treated compensation as “de minimis” because each payment was under $1,000—while total compensation exceeded $1,000 over the prior 12 months.

What the SEC observed: Third-party ratings

Third-party ratings remain a common marketing lever—awards, badges, “Top Adviser” lists, platform reviews. The SEC’s message is straightforward: if you use them, you own the diligence and the disclosures.

1) Due diligence wasn’t complete enough to support a “reasonable basis”

The staff described common diligence steps advisers used (e.g., reviewing published methodology, obtaining questionnaires/surveys, seeking representations).

But it also observed advisers who couldn’t demonstrate enough information about how questionnaires/surveys were designed or structured—often without clear policies/procedures or documentation (including copies of questionnaires/surveys).

2) Disclosures weren’t consistently clear, complete, or prominent

The Risk Alert highlights recurring issues, including:

• not clearly identifying the date of the rating and the time period it covered
• misaligned “award year” references (e.g., listing a year the adviser didn’t receive the award)
• using rating logos without clearly identifying the third party who created/tabulated the rating
• failing to disclose compensation connected to obtaining/using ratings (including payments for “enhanced exposure,” priority placement, logo use, or referrals)

And again: disclosures placed via hyperlinks, small text, or far from the rating itself were flagged as not meeting the “clear and prominent” expectation.

What to do now: a practical Marketing Rule control checklist

If you’re a CCO, marketing principal, or supervision lead, here’s a defensible, exam-oriented way to respond:

A. Inventory + classify

• List every place testimonials/endorsements appear (website pages, “d/b/a” sites, social profiles, pitchbooks, newsletters).
• List all promoters: influencers, solicitors, referral partners, lead-gen vendors, “refer-a-friend” participants.

B. Standardize “clear and prominent” execution

• Put required disclosures with the testimonial/endorsement (not just behind a link).
• Ensure disclosures are as noticeable as the claim/statement they relate to.

C. Lock compensation + conflict disclosures

• Require specific disclosure of material terms (not vague “we may compensate…” language).
• Map conflicts to the promoter relationship and compensation structure.

D. Written agreements + ineligible person checks

• Centralize promoter agreements where they’re easy to retrieve in an exam.
• Build an eligibility check workflow for promoters/endorsers.

E. Third-party rating due diligence package

• Retain rating methodology, criteria, and—where applicable—questionnaires/surveys.
• Confirm you can evidence the “reasonable basis” for using the rating.

F. Evidence exports (the exam reality)

• Be able to produce: what was published, what disclosures were shown, who approved, when it went live, and what supporting documentation substantiated the approach.

The SEC explicitly encourages firms to assess and strengthen training, supervisory, oversight, and compliance programs based on these risks.

Where Hadrius fits: purpose-built controls for testimonials/endorsements + third-party ratings

The SEC’s Risk Alert is laser-focused on two things: (1) disclosures that are actually delivered “clear and prominent” at the time the testimonial/endorsement or rating is presented, and (2) whether advisers can evidence reasonable oversight and due diligence—fast—during an exam.

Hadrius supports that reality with workflows and documentation designed specifically for these two Marketing Rule pressure points:

Testimonials & endorsements: make disclosures inseparable from distribution

Hadrius helps teams operationalize the Risk Alert’s themes by:

• Packaging required disclosures with the asset (social post, web module, PDF, email) so teams don’t rely on “link-only” disclosure patterns that often break “clear and prominent” expectations.
• Enforcing pre-publish checks for promoter compensation and conflict disclosures, and flagging when “de minimis” compensation thresholds may be at risk based on cumulative activity.
• Maintaining a regulator-ready evidence trail: what was approved, what disclosures were included, where it was used, when it went live, and who signed off—so “reasonable basis” isn’t just policy language, it’s provable execution.

Third-party ratings: diligence + disclosure you can prove

For ratings, Hadrius helps teams stay defensible by:

• Centralizing a ratings due diligence package (rating source, methodology/criteria, time period, questionnaires/surveys when applicable, and documentation of the firm’s reasonable basis).
• Requiring standardized, complete rating disclosures (date/time period, identity of the rating provider, and compensation connected to obtaining/using the rating—where applicable) at the point of use.
• Preserving a clean books-and-records style record showing the exact rating claim used, the disclosures displayed alongside it, the supporting diligence artifacts, and the approval history—so you can respond confidently when exams ask “show me.”

Bottom line: Hadrius isn’t “AI for marketing.” It’s AI-native marketing rule supervision, built to reduce manual lift while producing the repeatable, exam-ready proof the SEC’s Risk Alert is pushing firms toward.