Marketing Compliance: What You Should Know.

In a simple definition,

Marketing compliance is ensuring that your company’s marketing, advertising, and sales content follows the rules and regulations set by government agencies.

This includes content across a wide variety of mediums, including the web, call centers, emails, messages, social media, and documents (including physical collateral, like direct mailers).

Some industries are more highly regulated than others, such as banks, financial institutions, mortgage, alternative lenders, credit cards, buy now pay later (BNPL), higher education, gig economy, and insurance. Some regulations are applicable across all industries (such as UDAAP), but each industry has its own unique regulations to follow. These industries are overseen by a number of regulatory agencies, such as the CFPB, FTC, FINRA, State Attorney Generals, and more.

No matter the industry, ensuring complete marketing compliance is essential to protecting consumers and your company’s reputation and bottom line.

Marketing Compliance: What You Should Know

What is Marketing Compliance?

Marketing compliance is ensuring that your company’s marketing, advertising, and content follow rules and regulations set by government agencies. These standards are put in place to protect consumers from being misled or deceived by businesses. In practice, marketing compliance is making sure that your content and copy are compliant with all applicable regulations—no matter where they end up. 

Whether these messages are on the web, in an email, communicated by phone or chat in call centers, over customer support in chat boxes, on social media, or in physical collateral pieces like direct mailers, your company is responsible for making sure the messaging is consistent and abides by those rules.


The Importance of Compliance

Certain regulations (such as UDAAP, for example) prohibit certain types of language, acts, and/or practices that can mislead or deceive consumers and lead to potential harm. If federal or state regulators find that your brand messaging isn’t abiding by regulations, they could open an investigation, file a lawsuit, and penalize your company.

From a reputational standpoint, your marketing materials can make or break the first impression that consumers get for your brand. If you make a bad impression, it weakens your relationship with potential customers and tarnishes your reputation. 


Marketing Compliance Challenges

Ever Changing Regulations

Now more than ever, it feels like new regulations are popping up everywhere, and existing ones are constantly changing and evolving—and that’s because they are. From both a federal and state level, keeping up-to-date on the latest regulatory obligations can be a challenge.


Marketing Content Approval

Marketing compliance means that there must be a working relationship between the marketing and compliance/legal/content controls departments. Aligning that relationship while getting collateral out promptly continues to be a struggle for many organizations.


Unknown Brand Placements

The internet can be a crazy place, and thousands of third-party websites could be using your brand’s name, logo, or content without your knowledge or permission. Or, even worse, they could be using them in a deceptive, non-compliant way, which could lead to much larger issues.. 


Bad Actors

As much as we all like to think that our partners have our best interest in mind, some might not. Much like other third parties, these partners could be using your brand’s name and logo for deceptive practices or could be failing to adhere to regulatory and brand guidelines.



To stay on top of all these other marketing compliance challenges, organizations have to ensure that they have enough bandwidth and headcount to meet their regulatory obligations. Many organizations, however, don’t have the extra budget to hire an additional headcount to find, monitor and review all placements to ensure 100% coverage.


Take The Steps Needed To Achieve Marketing Compliance

Technology can automate many steps of your compliance efforts. With the help of an automated platform, potential compliance issues can be automatically discovered, tracked, and escalated across all of those thousands of sources. PerformLine helps organizations of all sizes monitor their marketing and sales content across the web, emails, call centers, messages, social media, and pre-production documents for regulatory and brand compliance to mitigate risk and ensure brand safety. 

Sales Compliance

Sales compliance is ensuring that all of your organization’s sales communications follow the rules set by the government. These standards are put in place to protect consumers from being misled or deceived by businesses, especially financial institutions. In practice, sales compliance is making sure that communications are in line with regulations across all touchpoints in which you communicate directly with a consumer. Whether it be through email, social media, or on the phone, or via messages, organizations are responsible for making sure that messaging by their sales representatives is accurate, truthful, and abides by all applicable regulations.

Why Is Sales Compliance Important?

Sales communications are an extension of your marketing communications, but there are two main differences when it comes to compliance monitoring. First is that, with sales communications, a sales rep is typically communicating directly to only one or a few people, rather than a larger audience. Second, monitoring involves reviewing communications by many individual sales professionals as opposed to one central hub for marketing content. These communications are not immune to regulatory scrutiny, as they still fall under the same rules and regulations as any marketing materials would. Failure to meet these regulatory obligations could result in regulatory scrutiny and enforcement actions against your company.

For those in consumer lending, sales compliance is especially important. Mortgage loan officers and wealth advisors, for example, often work with consumers directly. It’s important that consumers are given accurate information. Under the Truth In Lending Act (TILA), this includes information like the amount financed, finance charges, payment schedules, a total of payments, annual percentage rates (APRs), and security interest disclosures. If any of these are not disclosed properly, the creditor is liable and will likely hear from the regulators.

Marketing Compliance Regulations

When it comes to the financial services industry, there’s an endless number of regulations, requirements, guidelines, acts, industry standards, and more set forth to protect consumers. Regulators, such as the CFPB, FTC, FINRA, and more establish these legislations and use them to help deter risky behavior and guide their enforcement actions.

While the complete list of legislation is extensive and many laws are unique to certain industries, there are a few important acts and regulations to be aware of.

Dodd-Frank Act (Dodd-Frank Wall Street Reform and Consumer Protection Act)

In response to the 2008 financial crisis, the Dodd-Frank Wall Street Reform and Consumer Protection Act was passed in 2010. This led to the creation of several new agencies, including the CFPB, who are tasked with overseeing the different components of the act, as well as the financial system. 

The aim of the Dodd-Frank Act is “to promote the financial stability of the United States by improving accountability and transparency in the financial system, to end ‘too big to fail,’ to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes.”

UDAAP (Unfair, Deceptive or Abusive Acts or Practices)

Under Dodd-Frank, UDAAPs (or unfair, deceptive or abusive acts or practices) by those who offer financial products and services to customers are illegal. This is also covered under Section 5 of the Federal Trade Commission Act (where it is referred to as UDAP, or Unfair or Deceptive Acts or Practices).  

Its purpose is to ensure that consumers have access to the information they need to choose the best product or service for their situations and needs. In practice, defining UDAAP can be a bit tricky, but there are several resources that can help. Learn more about UDAAP and how to best comply here.

TILA (Truth in Lending Act)

The Truth in Lending Act protects consumers against inaccurate and unfair billing and credit card practices. Under TILA, lenders must provide consumers with loan cost information so they can compare and make the best possible decision for their own needs.

CARD Act (Credit Card Accountability, Responsibility and Disclosure Act)

The CARD Act is an amendment to the Truth in Lending Act (TILA) “to establish fair and transparent practices relating to the extension of credit under an open-end consumer credit plan, and for other purposes.”

Essentially, the CARD Act is aimed to reduce unexpected fees for credit cards and improve the disclosure of costs and penalties.

As part of the CARD Act, the CFPB is required to prepare a bi-annual report for congress that details their findings regarding the cost of the availability of credit and innovations in the credit card marketplace. 

Map Rule (The Mortgage Acts and Practices Advertising Rule) and Regulation N

The MAP Rule, also known as Regulation N, was published by the CFPB and FTC in 2011 to implement requirements established by the CARD Act. This act’s purpose is to prohibit unfair or deceptive acts and practices regarding mortgage advertising and regulates how mortgage services are advertised.

TCPA (Telephone Consumer Protection Act)

The Telephone Consumer Protection Act was created to stop unwanted telemarketing calls to consumers by telemarketers, banks, debt collectors, and others through the use of autodialers or robocalls. TCPA limits the use of automatic dialing systems, pre-recorded messages, text messages, and fax machines.

An update in 2012 to TCPA by the FCC established the following requirements and conditions for telemarketers: 

  • To obtain prior express written consent from consumers before robocalling them
  • Telemarketers can no longer use an “established business relationship” to avoid getting consent from consumers 
  • Telemarketers must provide an automated, interactive “opt-out” mechanism during each robocall so consumers can immediately tell the telemarketer to stop calling.


Higher Education Act

The Higher Education Act is designed to strengthen the educational resources for college students and to provide assistance to post-secondary students. Supervision and enforcement of this act is administered by the U.S. Department of Education.

RESPA (Real Estate Settlement Procedures Act)

RESPA requires lenders, mortgage brokers or servicers of home loans to provide borrowers with “pertinent and timely disclosures regarding the nature and costs of the real estate settlement process.” Additionally, RESPA prohibits specific practices, such as kickbacks.

Federal Trade Commission Act

The Federal Trade Commission Act’s purpose is “to prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; seek monetary redress and other relief for conduct injurious to consumers; prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and make reports and legislative recommendations to Congress and the public.”

Nationwide Mortgage Licensing System and Registry (NMLS)

NMLS is a “web-based platform for regulatory agencies to administer initial license applications and ongoing compliance requirements.” and is used by mortgage lenders, money transmitters, money services, and more to process the applications of companies or individuals looking to apply, renew, surrender or amend licenses. 

With this, mortgage officers are assigned a unique identifying number (an NMLS number). For compliance purposes, both personal and company NMLS numbers must be available and easy to find on their website, social media profiles and others so that consumers can check up on their lenders. 

Fair Debt Collection Practice Act (FDCPA)

The FDCPA prohibits abusive, unfair or deceptive debt collection practices by collectors. Its purpose is to “eliminate abusive debt collection practices by debt collectors, to insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against debt collection abuses.” 


Marketing Channels to Monitor for Compliance

Call Centers

Calls coming in and out of your call centers must comply with regulations, including the Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rule (TSR), Customer Identification Programs (CIPs), mandated disclosures, and more. While there are some regulations specific to certain verticals, such as debt collection, there are rules that any organization must be aware of to stay compliant.

Mandated Disclosures 

Recorded Call Disclosure 

Under Federal Law, it must be disclosed to consumers that their phone call is being recorded. A recorded call disclosure is simply a statement letting the consumer know that the call will be recorded. Oftentimes for incoming calls, a recorded call disclosure is played before the caller gets on the phone with an agent. For outgoing calls, however, it is the agent’s responsibility to make this disclosure.

Mini-Miranda Disclosure

The Mini-Miranda disclosure requires debt collectors to advise the consumer that they are calling to collect debt, and that any information given in that call will be used to do so.

Prohibition of Unfair, Abusive or Deceptive Tactics

Contact center agents are prohibited from using any unfair, abusive, or deceptive tactics or language in sales calls, collections calls, customer service calls, and more. This is covered under a broad range of regulations, including the Telemarketing Sales Rule (TSR), Fair Debt Collection Practice Act (FDCPA), UDAAP, Federal Trade Commission Act (FTCA), Regulation Z and TILA.

Customer Identification Programs

Under the USA Patriot Act, the Customer Identification Program provision (CIP) requires that before any financial-related topics are discussed, agents must confirm the caller’s full name, date of birth, SSN, account numbers, email address, and more to confirm that they are who they say they are. In simplest terms, the agent must know who they are speaking with on the phone to fight against fraud. 



Under TCPA, any organization using autodialers (such as automatic dialing systems, pre-recorded messages, text messages, and fax machines) must have permission from the consumer to contact them via automated technologies. 

Many companies will use third parties for lead generation, and these third parties are required to make TCPA disclosures and confirm that their client is allowed to contact them. 

Dodd-Frank Provisions

Dodd-Frank requires contact centers to record calls and save them with timestamps. There is also some overlap between Dodd-Frank and unfair, abusive or deceptive tactics. 

Business-Specific Guidelines and Scripts 

Outside of regulatory requirements set forth by the government, agents should abide by brand guidelines and adhere to the scripts they are provided with. This will ensure that your agents are representing your brand correctly and servicing customers the way they should be.


Email communications are directly from your organization to the consumer, arguably making it even riskier than other channels, such as the web. Whether they’re emails sent to thousands or one-on-one consumer interactions, unmonitored communications can leave you exposed to tremendous risk. Emails must be truthful, non-deceptive and fulfill all regulatory obligations. Failure to do so can lead to costly penalties and damaged reputations.

This also includes third parties operating on your organization’s behalf. Sending messages with deceptive subject lines, not having an unsubscribe link, and not including an address can all put your organization at risk–even if you aren’t directly sending the email. Your organization assumes the risk of what third parties do and say on your behalf. Ensuring full compliance with all regulatory and brand guidelines by partners and third parties is an essential part of sound email marketing compliance.

Messaging, Chat & SMS

Different forms of messaging, such as text messages and chat boxes, are subject to regulation and enforcement by government regulators just as much as any other consumer communication channels. Similar regulations apply to text messaging as they do to call centers, including the Telephone Consumer Protection Act (TCPA). Ensuring that your messaging communications are compliant with regulations and are best serving your consumers is essential to an organization’s overall success. 

Text Messaging Compliance

SMS/text messaging is an excellent way to communicate with consumers and can be extremely effective. However, you must ensure that you have the correct permissions to contact consumers this way. Similar to phone calls, the FCC prohibits harassing, intrusive, illegal, and unwanted robotexts to cell phones and other mobile devices. All requirements that apply to phone calls under TCPA also apply to text messages.

Under TCPA, organizations are required to obtain prior express written consent from consumers before texting them. It’s important to note that an “established business relationship” is not enough to establish consent. This disclosure must be clear and conspicuous for consumers, and consumers must purposefully opt-in to these messages. Along with this, you must provide an automated, interactive “opt-out” mechanism.

Just as TCPA prohibits autodialed phone calls (robocalls) without consent, it also prohibits the use of autodialed text messages or “robotexting.”

Chat Compliance

When messaging consumers via chat boxes, whether automated or live, you must ensure that you are compliant with GDPR and all other data privacy laws. Simply put, you must handle consumer’s information legally.

Another important note about chat boxes is that these communications can be captured and saved, therefore posing an increased risk for your organization. If a customer has an unpleasant experience, they can easily capture and keep receipts of their interactions with your brand, which can ultimately lead to damaged reputations or proof of regulatory violations.

When it comes to chats, you want to monitor the quality of agents’ interactions with consumers based on professionalism and adherence to provided scripts. This way you can ensure that consumers are receiving the best customer service and have an overall positive experience.

Social Media

Social media content must comply with industry-specific regulations, such as those for financial services, as well as regulations specific to consumer protection. Just like any other consumer-facing channels, marketers using social media must understand these regulations and abide by compliance obligations.

The same regulations apply on social media as they would for the web, emails, call centers, and messages, such as UDAAP (Unfair, Deceptive or Abusive Acts and Practices). For financial institutions, this also includes those set forth by the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), the Financial Industry Regulatory Authority (FINRA), State AGs and other regulatory bodies. 

With the recent rise in popularity of social media, truth in advertising laws play a huge role in social media marketing compliance. Federal law says that ads must be truthful and not misleading, no matter where they appear. The FTC’s Endorsement Guides provide guidance on how to properly disclose material connections between advertisers and endorsers.

Even more recently, the FTC released a new guide, Disclosures 101 for Social Media Influencers, that outlines the dos and don’ts for those advertising on social media. A few key points:

  • Material connections include any financial, employment, personal or family relationships with the brand—any and all of these must be disclosed
  • Use clear and unambiguous language with proper hashtags (#sponsored, #ad)
  • Make disclosures hard to miss, i.e. “above the fold”

There are a few best practices that can help any organization remain compliant on social media while remaining authentic, creative, and spontaneous. Understanding regulatory guidelines, holding regular internal compliance training, and proactively monitoring social media posts and mentions are just a few things you can do to help with this. 

Pre-Production Documents and Physical Collateral

Marketing compliance shouldn’t just be reactive. The best way to prevent any compliance mishaps is with proactive review and approval of pre-production documents (think blogs, direct mailers, one-sheets) from compliance and legal teams before it’s published and sent out to consumers.

Just because something is a physical print doesn’t make it exempt from regulatory scrutiny. In fact, in October of 2020, the CFPB settled with nine separate mortgage lenders for deceptive advertising on direct mailers.

A best practice is to ensure that your marketing and compliance/legal teams have a standard process for getting approvals to get content out the door quickly. Your organization may opt for an automated compliance solution for quick review and approvals.

Tips for Marketing and Regulatory Compliance 

Keep your compliance efforts consistent across all of your consumer interaction channels

Whether you’re marketing to consumers across the web, on social media, or through email, the Federal Trade Commission (FTC) emphasizes that “all of the same consumer protection laws that apply to commercial activities apply online.” Using one digital platform over another does not exempt you from regulatory obligations, so take extra care when crafting your messages to ensure that they are compliant and non-deceptive across the board.

The same concept applies for call centers and messages—you want to monitor your reps’ interactions with consumers to make sure that they are adhering to both regulatory guidelines and brand standards. This will not only protect your organization from a regulatory compliance standpoint, but will help keep your brand’s messaging consistent, protect your brand’s reputation, and optimize your customer service function. 

Make the proper disclosures on your online marketing materials

These days, digital advertising is a staple in just about every organization’s marketing efforts. Any required disclosures must be clear and conspicuous, meaning easy to understand and difficult to miss for consumers. Some considerations for making your disclosures include:

  • Proximity to the claim
  • Prominence of the disclosure
  • If other parts of the ad distract from the disclosure
  • If the disclosure needs to be repeated in different places (such as on a website)

For a full list of considerations for your disclosures, check out the FTC’s .com Disclosures Guide.

Monitor your brand on social media

Social media is a powerful marketing tool that equips you with the potential to reach millions of consumers with minimal budget. However, with great reach comes great risk. Make sure you are on top of your brand across social channels, including Facebook, LinkedIn, Instagram, and YouTube. 

Some things to monitor for include:

  • Mentions of your brand to evaluate what partners or agents are saying—and remediate quickly if it’s out of compliance
  • Affiliates, bloggers, or influencers to ensure they’re making proper disclosures and accurate claims
  • Customer complaints, whether they’re left as comments on your page(s) or made on the consumer’s pages, and reach out to resolve their issues in a timely manner

Differentiate your native ads from other content

This popular form of advertising needs to be carefully monitored to ensure that it isn’t misleading. When publishing your native ad, the paid nature of the article must be made clear to consumers, because that typically affects the weight or credibility that consumers give it. These ads must not be deceptive in any way or appear to be a different message format than they actually are. 

Some examples of deceptive message formats that the FTC has gone after in the past include:

  • “Advertorials” that appeared as news articles of featured articles
  • Direct-mail ads that appeared as book reviews
  • Infomercials that appeared as regular TV or radio programming
  • Mortgage relief ads that appeared as solicitations from a government agency
  • Emails with deceptive headers that appeared to come from a consumer’s bank

Be sure to review and understand the FTC’s Policy Statement on Deceptively Formatted Advertisements for more information.

Don’t forget about real-time content  

Real-time content is a marketing technique allowing companies to publish content to live feeds and share their content faster than ever. Just as you keep your compliance efforts consistent across your different marketing channels, make sure you’re applying the same concept to different marketing content types too. 

To help reduce risk, plan ahead on the type of content you anticipate sharing. Consider creating a dos and don’ts list ahead of time to provide guidance when curating your real-time content. Then, develop and deploy a strategy to monitor them as they happen.

Craft a standard process to streamline the compliance approval process

A common complaint is that the compliance approval process causes a slowdown in the time needed to publish content. To avoid a slowdown, try creating an editorial calendar with built-in marketing, legal, and regulatory approval timelines. 

You can also develop a “brand governance checklist” that allows marketers to self-monitor their content creation efforts from start to finish. Finally, you can use an automated compliance monitoring platform to expedite the process of identifying and checking for potential compliance issues and providing the green light quickly if the content passes all checks.

Monitor consumer complaints

Monitoring consumer complaints is beneficial for a few reasons. 

Monitor complaints submitted to your own company, as well as to regulators (like the CFPB) to:

  • Resolve consumer issues quickly and maintain brand reputation
  • Mitigate your risk of enforcement actions from regulators like the CFPB, FTC, and State AGs
  • Identify root causes of any issues or other lapses in your compliance or customer service functions

Monitor complaints about your competitors and other organizations in your industry to:

  • Understand industry-wide trends and pain points to get out ahead of issues
  • Gain a competitive advantage over your competitors by understanding their weaknesses and adjusting your processes accordingly

Richard Cordray, former CFPB Director, emphasized the value of monitoring complaints submitted to the Bureau’s Consumer Complaint database saying:  

“The database is especially valuable, as the data provided gives you a window into what’s going on at other companies in their whole industry, as opposed to just hearing what your own customers are saying”

Keep the focus on your consumers 

It’s easy to get caught up in your own marketing efforts and lose sight of what’s most important. 

We live in a consumer-centric world, especially in the financial services industry. As an organization that provides products and services to consumers and is heavily regulated to ensure consumer protection, it’s critical to always cater to the needs of your customers by providing transparent and clear communication.

Here are some questions to consider as you’re drafting up content: 

  • Does this have the consumer’s best interest in mind?
  • Could this message be confusing for consumers?
  • Would regulators find this message unfair, deceptive, misleading, or abusive in any way?
  • Can I make this message any more clear or concise? 

Taking a step back to ask these questions will not only benefit the consumer, but it will help mitigate compliance risk and protect your organization from enforcement actions from the regulators.

Stay informed of current marketing compliance issues and regulatory trends

Staying informed of what’s happening within your industry is one of the easiest ways to avoid violations and hefty fines. Check the CFPB newsroom, FTC press releases, and PerformLine’s blog to stay up to date on the possible risks that are associated with changes to compliance policy and law. 

Consider setting up Google Alerts to be delivered to your inbox every morning with relevant keywords, regulations, or phrases relevant to your industry (that’s what we do!). Finally, keep an eye on recent enforcement actions to identify any trends.

Foster a culture of compliance within your marketing team and the rest of the organization

It’s more important than ever to focus on cultivating a compliant culture in your company. Developing proactive compliance programs, collaborating to deploy applications to close gaps in the first line of defense, and providing transparent communications with employees and customers are all ways to help promote a culture of compliance & collaboration. 

Check out this session from COMPLY where executives from BAI, Fifth Third Bank, and USAA share insights on how they are gaining momentum for great cultures of compliance at their organizations. 

Keep a close eye on your partners’ marketing messages – you are responsible for them!

Regulators are cracking down on deceptive marketing tactics used by partners and other third parties. Your company assumes all the risk of what these third parties say on your behalf. Once you’ve included clear and non-deceptive disclosures in your ads, make sure that your partners are doing the same. 

Informing your partners of these best practices and following up with them to check for cooperation is key to closing the compliance loop. We always recommend companies to adopt the use of a comprehensive compliance platform to stay on top of this 24/7.

Develop internal training programs

Your team can’t comply with regulatory requirements if they aren’t aware of their compliance responsibilities and how to handle them. Hold monthly or quarterly training sessions to help your staff understand expectations and their role in upholding compliance. These training sessions can also include any new or updated regulations, relevant articles, and important company and industry updates.

Implement a regtech platform to scale your compliance efforts

Short for regulatory technology, regtech is a set of technology that increases automation of compliance services, including communications monitoring. Consider looking into a regtech platform, like PerformLine, that can automate the discovery and monitoring  of your brand across all of your consumer interaction channels. This will take the burden off of your organization’s compliance teams, ensure that your partners and third parties are adhering to regulatory and brand requirements, and increase your speed-to-market.

The Bottom Line: Take The Steps Needed To Achieve Marketing Compliance

Technology can automate many steps of your compliance efforts. With the help of an automated platform, potential compliance issues can be automatically discovered, tracked, and remediated across all of those sources.

PerformLine helps organizations of all sizes monitor their marketing and sales content across the web, call, message, email, and social media channels for regulatory and brand compliance. We’re here to help your brand mitigate compliance risks and ensure brand safety.