Marketing Compliance

Start with the baseline that applies to everyone: advertising must not be misleading. Your website, ads, decks, and social copy should be checked for misleading claims, unsubstantiated superlatives, and missing disclosures. In the EU this baseline sits in the Unfair Commercial Practices Directive (2005/29/EC); in the UK, the CAP/BCAP advertising codes enforced by the Advertising Standards Authority; in the US, the prohibition on unfair or deceptive practices in Section 5 of the FTC Act. Different regimes, same core rule: claims must be truthful and substantiated.

If you describe what your AI “does,” overstated or unsubstantiated capability claims are a live enforcement risk. “AI-washing” — exaggerating AI capabilities, or labelling something “AI” that isn’t — is being treated as misleading marketing, with real consequences:

• The US SEC announced its first AI-washing enforcement actions in March 2024, settling with two investment advisers over false or misleading statements about their AI capabilities, and has pursued further actions since.
• The US FTC launched “Operation AI Comply” on 25 September 2024, a sweep of enforcement actions against deceptive AI claims, and has continued it since.

The throughline: you must be able to substantiate every AI claim — explicit and implied — and be precise about how you actually use AI.

For fintech and digital-asset teams, ordinary-looking marketing can be a financial promotion — broadly, an invitation or inducement to engage in investment activity — and that pulls it into a stricter regime with risk-warning, approval, and content rules. Two concrete examples of how serious this is:

• UK — cryptoasset promotions. Since 8 October 2023, marketing qualifying cryptoassets to UK consumers (including by overseas firms) falls under the FCA’s financial-promotion regime. Promotions must be fair, clear and not misleading with a prescribed risk warning; there’s a ban on incentives to invest (monetary and non-monetary, e.g. “refer a friend” or new-joiner bonuses); and first-time investors get “positive frictions” — a personalised risk warning and a 24-hour cooling-off period. A promotion is only lawful through set routes — broadly, communicated or approved by an FCA-authorised person, or by an FCA MLR-registered cryptoasset business, or under an applicable exemption.
• EU — MiCA marketing communications. Under Article 7 of MiCA (Regulation (EU) 2023/1114), marketing for a public offer of crypto-assets must be clearly identifiable as marketing, be fair, clear and not misleading, be consistent with the crypto-asset white paper, carry the prescribed statement that no competent authority has reviewed or approved it, and not go out before the white paper is published.

A few recurring exposure points sit alongside the big regimes:

• Testimonials and influencers — endorsements generally need clear disclosure of any material connection or payment (for example, the FTC’s endorsement rules in the US, and advertising-code and unfair-practices rules in the UK and EU). Undisclosed paid promotion is a classic enforcement target.
• Email and cookies / ePrivacy — marketing email and cookie/tracking consent are governed by the ePrivacy Directive (2002/58/EC) alongside the GDPR’s consent standard. Get the consent mechanics right rather than assuming a pre-ticked box will do.

A one-off review fixes today’s materials; it doesn’t stop the next campaign re-introducing the same risk. The durable output is a forward-looking playbook your marketing team can actually use:

• Do/don’t rules for claims and comparisons, and approved language patterns for your AI, financial, or crypto messaging.
• A pre-publish checklist, plus escalation guidance for what needs a second look before it goes out.
• A prioritised risk report ranking current exposure, so you fix the highest-risk items first.

One honest limit worth building in: identifying and reducing risk is not the same as certifying marketing “legally compliant.” Where formal sign-off or an authorised approver is required — as with some financial promotions — that’s a separate step, and your guidelines should flag when to route to it.