Creative, attention-grabbing marketing is an art mastered by many fintech companies. However, federal financial and consumer protection regulators are ramping up scrutiny of marketing materials related to financial services, such as banking products, brokerage, or investment advice. Different regulatory frameworks may apply to different services, and fintech companies looking to expand across various types of services should proceed with caution in their advertisements and public-facing materials.

There are a growing number of pitfalls for the unwary, and the stakes can be high. Even apart from any direct supervision or immediate threat of action by a regulator, fintech companies may find that problematic marketing practices can create roadblocks for their strategic partnerships with banks, brokers, or other financial services companies—or simply confuse their customer base.

A thorough legal review of marketing materials, websites, mobile apps (and app store listings), and social media posts can help ensure that statements accurately frame activities, represent capabilities, and withstand heightened supervisory and regulatory attention.

The Regulatory Atlas

Depending on a company’s activities, regulation of marketing can come from many sources, including, among others, the following:

• For investment advisers and their fintech company partners, the Investment Advisers Act of 1940 (the Advisers Act), including the anti-fraud provisions and in particular Rule 206(4)-1 (the Marketing Rule). The Marketing Rule generally governs fraud in advertising and includes specific requirements for, among other things, performance advertising, endorsements and testimonials, and third-party ratings.¹
• For broker-dealers and their fintech company partners, the Securities Exchange Act of 1934 (the Exchange Act), rules adopted under the Exchange Act by the U.S. Securities and Exchange Commission (SEC) (including the SEC’s Regulation Best Interest), and rules promulgated by the Financial Industry Regulatory Authority (FINRA).
• For banks and their fintech company partners (such as certain neobanks and banking-as-a-service models) that offer deposit products, the Federal Deposit Insurance Act (FDIA) and its implementing regulations, the Truth in Savings Act and its implementing regulations, and the Interagency Guidance on Third-Party Relationships: Risk Management.² The Dodd-Frank Wall Street Reform and Consumer Protection Act also prohibits unfair, deceptive, or abusive acts or practices.
• For non-bank financial institutions and fintech companies that support how financial products are delivered, the laws enforced by the Federal Trade Commission (FTC). These include, for example, the FTC Act’s prohibitions on unfair or deceptive advertising practices and the Gramm-Leach-Bliley Act’s (GLBA) prohibition on obtaining or attempting to obtain a customer’s financial information by false pretenses.

These regulations are in certain ways consistent—all of them, for example, are concerned about financial services companies using false or misleading information, or otherwise engaging in fraudulent sales tactics. In other ways, though, they may differ substantially—for example, while client testimonials are treated skeptically under the Advisers Act, they are not subject to the same level of scrutiny in the context of banking services (so long as they are not deceptive or misleading). As part of their compliance with applicable regulations, fintech companies need to navigate these differences carefully.

Our interactive table outlines the types of marketing activities that can be implicated by various federal regulations applicable to advisers, broker-dealers, banks, and non-bank financial institutions. The interactive table serves as an easy-to-use guide, highlighting the key areas of regulatory focus and applicable guidance.

Practical Notes

Fintech companies, whether directly regulated themselves or indirectly regulated through their partnerships with regulated institutions, should be proactive and vigilant in ensuring that their marketing materials and public-facing statements are consistent with these rules. Marketing is a common area of enforcement for federal regulators of financial service providers, and the SEC, the FDIC and other federal banking agencies, the Consumer Financial Protection Bureau, and the FTC are actively enforcing their marketing regulations.

Fintech companies should also keep in mind the following practical considerations:

• Be mindful of social media posts: The same marketing rules apply to social media posts made by fintech companies and, in some cases, by third parties. Fintech companies should carefully evaluate their use of social media, particularly on platforms that do not permit subsequent editing of posts and may be required to retain records of social media communications for specified time periods.
• Caution with third-party communications: Content circulated by third parties may constitute marketing or advertising by a financial services company or its partner(s) even if it is made by unaffiliated third parties. For example, a third-party email that a fintech company partnering with a broker forwards to clients, or a third-party bank’s website content linked by a fintech to its own website, may be considered an ad by the fintech company. Similarly, a fintech company is responsible for what third parties say on its behalf—for example, if a company uses social media influencers to market its services, the company is potentially responsible for any violations of applicable law by those influencers.
• Establish comprehensive policies and procedures: Fintech companies should conduct periodic risk assessments and develop tailored policies and procedures that address advertising and other communications. This includes establishing a formal review and approval structure for all advertising content by a Chief Compliance Officer or equivalent and legal counsel to ensure full regulatory compliance.

[1] Following the adoption of the amended Marketing Rule, the Division of Examinations released a risk alert in 2022 and another in 2023 setting forth particular focus areas of the Marketing Rule for examinations.

[2] The Interagency Guidance on Third-Party Relationships: Risk Management provides banks with risk management guidance to follow when engaging with third-party partners, including fintech companies, and directs banks to evaluate whether they can appropriately mitigate risks associated with those third-party relationships. The FDIA and its implementing regulations require non-bank companies to support claims related to deposit insurance and provide certain disclosures when advertising deposit insurance.