Home  /  Answers  /  SEC marketing rule and AI — testimonials, endorsements, and Google reviews

SEC marketing rule and AI — testimonials, endorsements, and Google reviews

Last updated April 13, 2026 · By Isaiah Grant, Founder

The SEC marketing rule (Rule 206(4)-1 under the Advisers Act) permits testimonials and endorsements for the first time — with conditions. AI can help you collect, draft, and publish them compliantly. But AI-generated content is still advertising under the rule, which means every piece of AI-drafted marketing needs the same disclosures, substantiation, and review trail as anything your marketing team writes by hand.

What the marketing rule says about AI content

The rule does not mention AI specifically. It defines "advertisement" broadly: any communication to more than one person that promotes services. If AI drafted your blog post, your LinkedIn post, or your client testimonial response — it is an advertisement and the rule applies in full.

Testimonials and endorsements with AI

What AI cannot automate

How a proper installation handles this

The Compliance Reviewer workflow pre-screens every piece of outbound content — blog posts, emails, social posts, review responses — against the marketing rule before it ships. It flags performance claims, checks for required disclosures, and logs the review in a retrievable trail. The human approver still makes the final call, but the workflow catches 90% of the issues before they reach the approver's desk.

Practical Steps for Compliant Content Production

Compliant content production starts with a written policy that describes every step of the workflow: who drafts, who reviews, who approves, and where the approved version gets stored. The policy does not need to be long — two pages is usually enough — but it needs to be specific. "Content is reviewed before publication" is not a policy. "All outbound marketing content is drafted by the content lead, reviewed by the operations manager for factual accuracy, and approved by the CCO before publication" is a policy.

Once the policy exists, the execution framework follows. Every draft gets a unique identifier. Every edit is tracked. Every approval includes a date and the name of the approver. The published version is archived alongside the review trail. This documentation is not bureaucracy — it is the evidence that your process works, and it is exactly what an examiner will ask for during a routine review.

Common Mistakes That Trigger Examination Findings

The most common marketing rule finding is not a dramatic violation — it is a missing disclosure. A testimonial on the website without the required disclaimer. A case study that implies performance without showing the net-of-fee result. A social media post that links to a third-party article with performance claims the firm did not verify. These are not malicious acts. They are process gaps.

The second most common finding is inconsistency between the written policy and actual practice. The policy says all social media posts are pre-approved, but the firm's LinkedIn shows posts published outside the review schedule. The policy says performance advertising requires CCO sign-off, but the email campaign went out with only the marketing manager's approval. Examiners look for the gap between what the firm says it does and what it actually does. Closing that gap is more important than having a perfect policy.

Frequently asked

How do we document AI use for an SEC exam?

Keep a written generative-AI use policy, a list of which workflows touch client data, and a rolling log of human-review steps. The SEC's 2024 risk alert flagged 'AI washing' specifically — saying you use AI when you don't, or claiming a model is doing something a human is doing. Documenting the actual flow is the cleanest defense. Quiet Machines installs the policy template and the audit log as part of every engagement.

Does the SEC require us to disclose AI use to clients?

Not as a blanket rule, but yes when AI is making a recommendation that influences advice, or when client data flows through a third-party model. The safer practice is a one-line disclosure in your ADV Part 2A and a short client-facing note in onboarding. We give clients a sample disclosure that's been reviewed by RIA compliance counsel.

What's the biggest compliance mistake you see RIAs make with AI?

Letting marketing or admin staff paste client data into ChatGPT's free tier without realizing it goes into the training pool. Claude Team and ChatGPT Enterprise contractually exclude inputs from training — the free consumer plans do not. Switching plans is a 15-minute fix that closes 80% of the actual exposure.

Will my E&O insurance cover AI-driven mistakes?

Most current E&O policies are silent on AI specifically, which means it's covered until the carrier carves it out — and the carve-outs are starting in 2026 renewal cycles. We tell every client to ask their broker for a written confirmation that AI-assisted workflows are still covered, and to keep a record of the human review step on every advice-related output.

Quiet Machines installs an AI brain inside advisory firms in a 3-day on-site build. Free AI visibility audit →

Related answers

Go deeper

Sources