The FCA's financial promotions regime was designed for newspaper adverts and printed brochures. Section 21 of the Financial Services and Markets Act 2000 makes no mention of Instagram, Google Ads, or AI-generated landing pages. It doesn't need to. The restriction on communicating an "invitation or inducement to engage in investment activity" is technology neutral, and the FCA has made that neutrality the centrepiece of its enforcement strategy.
In 2024, the FCA intervened on 19,766 financial promotions – a 97.5% increase on the previous year, and roughly 3,500% more than in 2021. The overwhelming majority of those interventions concerned digital channels. The regulator scanned approximately 480,000 websites, reviewed over 3,700 social media platforms, and brought the first criminal prosecutions against social media influencers in the FCA's history. In March 2024, it replaced its decade-old social media guidance with FG24/1, a document that treats standalone digital compliance as a non-negotiable baseline.
This is not a regime that is loosening. For IFAs, compliance officers, and marketing managers at regulated firms, the question is no longer whether digital marketing falls within the financial promotions regime. It does. The question is how to build a workflow that keeps every social media post, every email campaign, every PPC ad, and every AI-generated draft on the right side of the rules.
What counts as a financial promotion online
The starting point is Section 21(1) FSMA. A person must not, in the course of business, communicate an invitation or inducement to engage in investment activity unless authorised, exempt, or approved by an authorised person. Breach is a criminal offence under Section 25: up to two years' imprisonment, an unlimited fine, or both.
The FCA's Perimeter Guidance Manual (PERG 8.3.1G) confirms the restriction covers "all forms of communication such as advertising, broadcasts, websites, e-mails and all other forms of written or oral communication." FG24/1 reinforces the point with a directness that leaves no room for ambiguity: "Our financial promotion rules are technology neutral and apply across all channels used to advertise, including social media."
The channels confirmed in scope include websites, social media posts (organic and paid), emails, PPC and banner ads, push notifications, private channels such as Discord and Telegram, and memes. FG24/1 explicitly brings all of these within the regime. Even content many firms would consider informal – a meme shared on Instagram, a message in a private Discord server – can constitute a financial promotion if it contains an invitation or inducement.
The boundary between information and promotion matters. PERG 8.4 establishes that a communication needs a "promotional element" to be caught – purely factual price listings and league tables based on pre-set criteria are not inducements. But the FCA notes that banner ads are "almost bound to be inducements" (PERG 8.22.6G), and that even a hypertext link can be a financial promotion if it uses promotional language encouraging investment. A blog post that educates is one thing; a blog post that nudges the reader towards a product is another. The test is objective: does the communication, by its nature, have a persuasive quality designed to lead someone towards investment activity?
For firms producing digital content, the practical implication is simple: assume everything your marketing team publishes about your products or services is a financial promotion unless you have a specific, documented reason to conclude otherwise.
Standalone compliance: the standard every digital promotion must meet
FG24/1 introduced a principle that has reshaped how regulated firms approach digital marketing. Every financial promotion must be standalone compliant – meaning it must meet the FCA's rules when considered on its own, without reference to any linked content, landing page, or terms and conditions elsewhere.
The FCA put it plainly: "We expect financial promotions to be standalone compliant. This means that each communication must comply with our rules when considered individually." The regulator explicitly rejected the argument, raised by several respondents during the consultation, that compliance should be assessed across the entire customer journey rather than at the level of individual communications.
This has immediate consequences for character-limited platforms. A Google Ads headline has 30 characters. An X (formerly Twitter) post has 280. An Instagram caption that exceeds a few lines is truncated behind a "see more" button. None of these constraints excuse non-compliance.
FG24/1 addresses this directly. Information required to be prominent must be displayed "without needing click-through or any other optional action to view it." A risk warning hidden behind "see more" is not prominent. A risk warning accessible only via a link is not standalone compliant. For prescribed risk warnings – those required by specific rules for high-risk investments, for example – the warning must be displayed for the full duration of the promotion and must not require click-through to access.
The FCA acknowledges the tension and offers a clear answer: "Social media will not always be an appropriate channel to communicate promotions. Some financial products and services have complex features and risks that can be hard for consumers to understand." If a platform's format cannot accommodate the required disclosures prominently, the platform is not suitable for that promotion. This is a compliance decision, not a marketing one.
For social media video content, the requirements are format-specific. Short-form video (TikTok, Instagram Reels) must display the risk warning clearly and prominently across the screen throughout the video – not in the caption, not at the end. Long-form video (YouTube) must display the risk warning on screen for the section involving the promotion. Carousel or story content must carry the risk warning on every slide. These are not suggestions; the FCA has already intervened on promotions that placed risk warnings only on the final slide of a carousel or only in the video description.
Past performance and digital formats
The COBS 4.6 requirements for presenting past performance data are extensive. Performance must not be the most prominent feature. It must cover complete 12-month periods for at least five years. It must carry the mandated warning that past performance is not a reliable indicator of future results, plus disclosures about charges, commissions, and currency. Including this information in a social media post is, for most practical purposes, impossible while maintaining standalone compliance. The FCA's preferred approach for character-limited formats is to use image advertising – which is subject to lighter requirements under COBS 4.3 – or to avoid performance claims in those formats entirely.
Dynamic content presents the same challenge in a different form. A website widget showing live fund performance must comply with COBS 4.6 at every point in time – every dynamically generated version must independently carry the required disclosures.
Who can approve, and what approval means in 2026
Since 7 February 2024, the ability of authorised firms to approve financial promotions for unauthorised persons has been restricted by the Section 21 approver gateway. The Financial Services and Markets Act 2023 introduced a new requirement (Section 55NA FSMA): firms must apply for specific "approver permission" before they can approve third-party promotions. This replaced the previous position where any authorised firm could approve promotions as long as they met competence requirements.
Three exemptions exist. Firms do not need gateway permission to approve promotions from their own Appointed Representatives (for permitted regulated activities), promotions from entities within their corporate group, or their own promotions that happen to be communicated by an unauthorised person.
For everyone else, the gateway applies. The FCA has required biannual reporting from s21 approvers, covering total approval volumes, complaints, and revenue from approval activity. The regulator has been active: it contacted "several approvers to reiterate expectations" following its review of biannual returns. Eighteen firms accepted voluntary requirements restricting their promotion or approval activity in 2024, and two were subjected to the FCA's own-initiative powers. One s21 approver was required to make its clients geoblock websites, social media pages, and mobile applications before it would continue approving their promotions.
For firms producing digital marketing content, the gateway changes the practical workflow. Marketing managers cannot assume that any FCA-regulated entity can sign off their content. The approving firm must hold the specific permission, and the approving individual must have "appropriate competence and expertise" (COBS 4.10.7R). The FCA does not prescribe a job title, but competence, expertise, and seniority are required.
What approval means for high-volume digital content
Approval is not a one-time event. COBS 4.10.2R(1A) imposes an ongoing monitoring obligation: for as long as a financial promotion is communicated, the firm must take "reasonable steps to monitor the continuing compliance of that financial promotion." An Instagram post from three years ago that remains visible on your profile is still a live financial promotion. An evergreen blog post is still communicable. The obligation does not expire.
For dynamic digital content – responsive ads, A/B test variants, programmatic display – the firm is responsible for every version that reaches the public. If a Google Ads responsive campaign generates thousands of headline-and-description combinations through machine learning, each combination must independently comply with the rules. The FCA has not published specific guidance on managing this, but the principles-based approach is clear: the firm must have systems and controls ensuring compliance of every communicated promotion.
Record-keeping requirements under COBS 4.11.1R require firms to retain adequate records of financial promotions. General promotions must be kept for three years; life and pension promotions for six years; pension transfer promotions indefinitely. The FCA recommends maintaining a record of why you were satisfied the promotion complied – not just the promotion itself, but the compliance reasoning behind it.
The Consumer Duty overlay
The Consumer Duty (in force for open products since July 2023, closed products since July 2024) creates requirements beyond "fair, clear and not misleading." FG24/1 is explicit: compliance with COBS 4.2 alone is not sufficient to meet the Duty.
What does this mean in practice for digital promotions? Three things.
First, the consumer understanding outcome. Firms must communicate in ways that "equip customers to make effective, well-informed decisions." This goes beyond disclosure – it requires firms to consider whether their target audience actually absorbs the information. If analytics show that users click "Invest Now" within seconds of seeing an ad, the firm may be failing the consumer understanding outcome regardless of whether the required disclosures were present.
Second, digital design standards. The FCA published "Digital design in customers' online journeys" in July 2025 (updated December 2025), its most targeted intervention on how Consumer Duty applies to digital channels. The review identified poor practices including exploiting behavioural biases through layout and choice architecture, using pre-selected defaults, insufficient positive friction, and failing to test customer journeys across devices. The FCA specifically warned against "using artificial intelligence, algorithms or machine learning which embed or amplify behavioural bias and lead to systematically worse customer outcomes."
Third, vulnerability. FG21/1 remains the primary guidance on consumers in vulnerable circumstances. The FCA's March 2025 review found that customers in vulnerable circumstances were "less likely than others to say their financial service provider's communication channels met their needs." Only 39% of firms had formal governance bodies overseeing vulnerable customer outcomes. FG24/1 raises the specific question of whether social media targeting tools might excessively target vulnerable consumers. Joint FCA/ICO guidance on vulnerability and data protection is expected in 2026.
Annual Consumer Duty board reports, required since July 2024, must evidence marketing outcomes. The digital channels that generate the most data are, logically, the channels where the FCA will expect the most granular evidence that outcomes are being monitored.
The enforcement signal
The FCA's trajectory on digital financial promotions is unambiguous, and three developments illustrate where it is heading.
The first is the criminal prosecution of social media influencers. In May 2024, the FCA brought charges against nine individuals for communicating financial promotions without authorisation on Instagram. This was the first time the FCA had used criminal powers against "finfluencers." Further criminal charges followed in September 2025. In June 2025, an international operation involving nine regulators across six countries resulted in three arrests in the UK, criminal proceedings against three individuals, and over 650 takedown requests globally. For regulated firms, the message is clear: if you use influencers or affiliates, you are responsible for every promotion they make or cause to be made on your behalf. FG24/1 confirms that a firm using an affiliate may be "causing" the communication even if the affiliate creates the content independently.
The second is platform scrutiny. The FCA publicly noted that X (formerly Twitter) and Discord "refused to remove unlawful content except in exceptional circumstances." TikTok was specifically cited for unauthorised debt advice promotions. The FCA removed over 50 fraudulent or unauthorised apps from app stores in 2024. The regulator is engaging directly with platforms, and where platforms do not cooperate, it is making that non-cooperation public.
The third is the cryptoasset financial promotions regime, which launched in October 2023 and serves as a test case for digital-first regulation. Its requirements – mandatory 24-hour cooling-off periods for first-time investors, personalised risk warnings, appropriateness assessments, a ban on referral incentives – were designed specifically for digital channels. The FCA's August 2024 compliance review found firms guiding consumers through appropriateness assessments, allowing unlimited retakes, and displaying risk warnings in small fonts with poor contrast. Full crypto regulation is coming: the gateway opens in September 2026, with the full regime commencing in October 2027. The requirements developed for crypto are likely to signal the FCA's direction for mainstream digital financial promotions – more friction, more personalisation of warnings, more evidence of consumer understanding.
Building a compliant digital workflow
The FCA has not published a step-by-step approval workflow. Its approach is principles-based: firms must have adequate systems and controls proportionate to the nature, scale, and complexity of their business. But the principles, combined with FG24/1's requirements and the enforcement trajectory, point to a clear operational framework.
Step 1: Channel suitability. Before creating content, assess whether the product can be fairly represented in the channel's format. If the required disclosures cannot be displayed prominently within a platform's constraints, that platform is not suitable for that promotion. This is the most important decision in the workflow, and the one most often skipped.
Step 2: Content creation with compliance built in. Marketing teams should draft against an internal checklist aligned to COBS 4.2: balance of benefits and risks, prescribed risk warnings for the product category, standalone compliance, target market alignment under the Consumer Duty. If using responsive or dynamic ad formats, identify the "worst-case" combinations of headlines and descriptions and verify each is independently compliant.
Step 3: Compliance review and sign-off. A designated individual with appropriate competence and expertise reviews the promotion against the applicable rules. For straightforward promotions, industry estimates suggest a 2–5 business day turnaround. Complex or high-risk promotions may require 5–15 business days. Social media content that requires near-real-time publication should use pre-approved templates with defined parameters for customisation.
Step 4: Post-publication monitoring. Verify live content matches what was approved. Monitor for platform-specific display issues (truncation, overlay by UI elements, mobile rendering). Review ongoing relevance – a promotion that was compliant when published may cease to comply as circumstances change. If content is no longer compliant, withdraw approval and remove or amend the content as soon as reasonably practicable.
For each promotion, maintain records of: the content as published, the approval sign-off and compliance reasoning, the approving individual, and any post-publication monitoring actions. Retain these records for the periods specified in COBS 4.11.1R.
AI-generated content: no special rules, no special defence
The FCA has not issued specific guidance on AI-generated financial promotions, and it has indicated it does not intend to. Nikhil Rathi confirmed in December 2025 that the FCA will not introduce AI-specific rules, relying instead on existing frameworks. The "Mills Review" into AI and retail financial services, launched in early 2026, will examine longer-term implications, but the current position is clear.
The technology-neutral principle means every AI-generated draft, every chatbot output, and every algorithmically assembled ad is subject to the same rules as content written by a human. The authorised firm bears full regulatory responsibility. There is no "AI defence" for a non-compliant promotion – the fact that a machine generated the content does not reduce the firm's obligation to ensure compliance before it is communicated.
For firms using AI in their marketing workflow, this means human review is not optional. Every AI-generated financial promotion must pass through the same compliance review as any other piece of content. The efficiency gains from AI are real, but they apply to the drafting stage, not the approval stage.
What this means for your firm
The financial promotions regime for digital channels is not ambiguous. The rules exist. The guidance exists. The enforcement trajectory is clear. What most firms lack is not knowledge of the rules but a workflow that applies them consistently to every piece of digital content, across every channel, at the speed that digital marketing demands.
The firms that get this right treat compliance as a design constraint, not an afterthought. They assess channel suitability before creating content. They build risk warnings into templates from the start, not as a last-minute addition. They monitor what is live, not just what was approved. And they recognise that the person reviewing a financial promotion needs the same depth of regulatory knowledge whether the promotion is a printed brochure or an Instagram Reel.
The regime was built for a different era. The rules have adapted. The question is whether your firm's workflow has kept pace. That requires someone who understands both the regulatory framework and the digital channels it now governs, and who has built compliant financial promotions long enough to know where the real risks sit.