The SEC’s Division of Examinations issued a new Risk Alert on December 16, 2025, offering additional observations on advisers’ compliance with the Investment Adviser Marketing Rule, specifically around testimonials, endorsements, and third-party ratings.
While the rule itself is not new, the findings are telling. Years after adoption, the SEC continues to observe many of the same deficiencies – not because advisers lack awareness, but because compliance breaks down at execution.
Below are five key takeaways compliance teams should focus on now.
1. Written policies are not enough
One of the most consistent themes throughout the Risk Alert is the gap between documented policies and implemented practice.
The SEC repeatedly observed advisers that:
- Updated written compliance policies to address the Marketing Rule
- But could not demonstrate that those policies were actually followed
In several cases, firms had policies on testimonials, endorsements, or third-party ratings, yet still disseminated non-compliant advertisements because oversight was informal, inconsistent, or undocumented.
Takeaway: Regulators are no longer satisfied with policy language alone. They are focused on whether advisers can demonstrate how marketing compliance is operationalized day to day.
2. Testimonials and endorsements continue to fail on basic disclosure requirements
The most common deficiency observed by the SEC was straightforward: required disclosures were missing or not clear and prominent at the time the testimonial or endorsement was disseminated.
Examples cited in the Risk Alert include:
- Disclosures placed behind hyperlinks
- Disclosures presented in smaller or lighter font than the testimonial
- Testimonials reposted from third-party sites without identifying whether the promoter was a current or former client
- “Refer-a-friend” programs and influencer arrangements that advisers did not recognize as endorsements
Takeaway: Marketing content often moves faster than compliance review. If disclosures are not embedded into the workflow at the point of use… firms remain exposed.
3. Oversight requires proof, not just review
Under the Marketing Rule, advisers must have a reasonable basis for believing that testimonials and endorsements comply with disclosure and eligibility requirements. The SEC found many advisers could not meet this standard.
Observed gaps included:
- No documentation supporting the adviser’s reasonable belief
- No written agreements with paid promoters (or agreements that lacked key terms)
- Failure to track cumulative compensation, resulting in mistaken reliance on the “de minimis” exemption
In other words, advisers may have believed marketing was compliant but could not prove it.
Takeaway: Oversight must be documented. Without a clear system of record, firms struggle to evidence compliance during exams.
4. Third-party ratings remain a major blind spot
The Risk Alert highlights persistent deficiencies in the use of third-party ratings, including:
- Failure to conduct or document due diligence on survey methodologies
- Missing or unclear disclosures about rating dates, time periods, or the rating provider
- Undisclosed payments for ratings, logos, enhanced placement, or referrals
In several cases, advisers relied on third-party websites to host disclosures without a reasonable basis for believing those disclosures were clear, prominent, or complete.
Takeaway: Awards, badges, and ratings are treated as advertisements under the rule. They require the same level of diligence, disclosure, and documentation as any other marketing content.
5. This is an execution problem — not a detection problem
Notably, the Risk Alert does not focus on how advisers review marketing content. It focuses on what advisers can demonstrate.
Many of the cited deficiencies cannot be solved by detection alone:
- Written agreements must exist
- Compensation must be tracked over time
- Due diligence must be documented
- Disclosures must be delivered at the right moment
Tools such as AI-based marketing review solutions can help identify risk. But the SEC’s findings make clear that identification is not the same as execution.
Takeaway: Compliance requires a system that operationalizes oversight, not just flags issues.
Where Skematic Fits
Skematic was built to address exactly the execution gaps highlighted in the SEC’s Risk Alert.
Rather than functioning as a standalone reviewer itself, Skematic acts as a compliance workflow system of record, helping firms:
- Manage marketing approvals and disclosures within structured workflows
- Document due diligence and maintain a defensible audit trail
- Evidence oversight across testimonials, endorsements, and third-party ratings
In short, Skematic helps turn Marketing Rule requirements into repeatable, auditable practice.
Want to See What Operational Marketing Compliance Looks Like?
If your firm is reassessing marketing oversight in light of the SEC’s continued focus, we’d be happy to show how Skematic supports end-to-end execution in a way static policies and point tools cannot.
