FINRA Rule 2210 Guide for Startups

‍

‍

Easy Tip: If you're planning to reuse the same pitch deck across many retail prospects over time, it's safer to assume you’ll hit the 25-person threshold within 30 days. File it proactively to stay compliant, so that you’re not twiddling your thumbs come June 30th after sharing it with your 25th retail investor, waiting for the next month to start over. 

What Counts as “Retail Communication”?

Under FINRA 2210(a)(5), retail communications include (but are not limited to):

• Websites
• Social media posts (Twitter, LinkedIn, Facebook, Instagram)
• Sales brochures and investor presentations
• Email blasts or newsletters to 25+ retail prospects
• Online videos, podcasts, and paid ads
• Product pitch decks (if sent broadly)
  
  

Example: Posting a YouTube video promoting your ETF? If you're in your first year, you must file it with FINRA 10 business days before it goes live.

Marketing Mistakes New Firms Make

Startups often try to stand out with bold claims. But compliance demands caution:

• Avoid promising returns or using unqualified superlatives ("best-performing fund").
• Don’t omit risks just to keep messaging clean.
• Link to BrokerCheck on all web pages with rep profiles.
• Don’t treat social media as informal; it's regulated content.

Bad: "Click now—this exclusive offer locks in zero-commission trades for life!"

Better: "Zero-commission trades are available to new accounts opened through August 2, 2025. See our fee schedule and disclosures for details."

‍

Recordkeeping 101 for Startups

Even if you're small, you must maintain a full audit trail:

• Copy of each communication
• Dates of first and last use
• Name and CRD# of approving principal
• Source of any performance data or rankings

Emerging Channel Checklist

Emerging platforms are where early adopters (and regulators) are paying attention.

‍70 % of Gen-Z investors say they discover products on video-first or chat platforms, and FINRA has formally said all social media is covered.

Comma Compliance archives off-channel conversations for you, but you still want to be aware of the emerging channel risks. The compliance “fix” for each platform is listed in case you decide to DIY manage these platforms. Whether you’re already a client or just here for the insight, the goal is the same: proactive, compliant communication wherever your team shows up.

Off-channel apps are hard to capture; purpose-built compliance software keeps you audit-ready with far less hassle.

Use this checklist to understand your exposure and learn how to manage it effectively.

‍

‍

If you’re using a new tech, how do you decide if a new app belongs on the grid? Ask yourself these questions:

• Can it reach more than 25 retail investors within 30 days? ⇒ very likely Retail Communication.
• Is the content hosted where you can’t lock it down (ephemeral, decentralized, or end-to-end encrypted)? ⇒ Record-keeping is your main gap.  
• Does the platform offer paid promotion or influencer programs? ⇒ You inherit the influencer’s statements. Pre-file and supervise.
  
  

If the answer to any of the above is “yes,” add the channel to your checklist and ensure you’re capturing everything -and filing with FINRA- before someone on the growth team presses “Publish.”

Comply or pay—no free ride with FINRA today.

Rule 2210 isn’t just about paperwork. It’s about earning trust. New firms are under a microscope, and staying compliant builds a strong foundation. If you follow this guide, you'll avoid rookie mistakes and show regulators and investors alike that you're here to do business the right way.

In March 2024, FINRA issued a fine of $850K to a single firm for the period between Jan 2020 and April 2023 for unapproved social media posts. The influencers made exaggerated or misleading claims, and the firm neither reviewed nor approved the content before it was disseminated. Furthermore, the firm failed to maintain records of these communications, thereby violating record-keeping requirements.

A penalty of $850,000 dwarfs typical compliance spend.

‍
By contrast, a dedicated compliance-archiving solution typically costs under $5,000 per year for a small firm. Even if you budget $10,000 annually for tooling and staffing, that’s <1.2% of the M1 Finance penalty. You can spend on a robust compliance program now, or exponentially more on enforcement actions later.

Hard savings numbers are easy to justify. What’s even more valuable, though? The soft ROI of consumer trust. For a new broker-dealer, protecting that hard-won credibility is priceless.

While M1 Finance was not in its first year, the case illustrates how seriously FINRA takes Rule 2210, and how breakdowns in communication oversight can lead to significant penalties, even for experienced firms.

Establishing robust compliance procedures from the beginning ensures that you’ll maintain a high level of trust with your clients, and keep you out of penalty jail.

‍Scaling Your Communication Strategy Over Time

You survived year one, filed what you needed, dodged your first FINRA comment letter, and maybe even slept through a whole night without waking with night sweats of “WAIT!? did I file that?!”

Now what?


Build. Start building internal policies that clearly define what constitutes correspondence, retail communications, and institutional communications. You don’t need a binder: even a Google Doc works. Just make it easy for team members to follow, whether it be investors or the marketing team. 

Create plug-and-play templates. The first time you write a client email, pitch deck, or social ad, it’s custom. And it probably took you hours to create. If you’re lucky, FINRA glanced over it and waved you along while you held your breath for 10 days. By the fifth time you wrote that social media ad? It should be standardized. Build templates that already include the compliance guardrails. Time=money. Getting push back from FINRA = time. 

Train early.  When new team members start posting on LinkedIn or building investor decks, they need to know what’s allowed before they hit “send.” A 30-minute walkthrough can prevent a painful audit later. Hand them your chart of filing requirements before they get any social media passwords.

After your first year: Some filing requirements get lighter, like the blanket pre-use filing for all retail communications, but don’t get lazy. The spotlight may dim, but the expectations don’t. Consider outsourcing your FINRA filings or bringing in a compliance lead as your volume increases. 

Growth isn’t just about doing more for more's sake. It’s about doing things smarter and better. A little structure now will save you from scrambling later when your team scales, your filings multiply, and the regulator still expects you to get it right.

What to Do If You Miss Something

Even with the best processes, mistakes happen. A social media post goes live before filing, a deck is sent to 27 prospects, or someone forgets to include a risk disclosure. What matters next is how you respond.

Here’s a simple escalation plan:

Flag it internally

Document what happened, who was involved, when it occurred, and whether it’s still live or in circulation. If using Comma Compliance, log your case directly to have all details and metadata tied in.
‍

Stop the bleeding

This is a no-brainer, but if the communication is still public or active, take it down. Immediately halt further distribution until it’s reviewed and corrected. If you’re able, you may even be the person to take it down BEFORE internal flagging.

Loop in your principal or compliance lead

If you are not the compliance lead, let them know. They’ll be able to assess the severity and whether it triggers a regulatory filing, amendment, or simply internal remediation.

Prepare to respond to FINRA
If FINRA notices the issue (or you self-report), be honest and show your process. FINRA often weighs intent and corrective action more heavily than the mistake itself. You know all those times I’ve mentioned in every blog that you really should record everything…? Regs want to see you tracked your mistakes, and you made changes.

Use it as a training moment.

Mistakes are inevitable. Repeat mistakes are not. Update your internal policies, templates, and team training to prevent recurrence.

Regulatory Horizon: One Workflow, Multiple Rulebooks

As your firm grows beyond U.S. borders or adds advisory services, you'll encounter more regulatory frameworks that overlap with FINRA Rule 2210. If you’re a U.S. fintech broker-dealer and an SEC-registered adviser, you live under both FINRA 2210 and the Marketing Rule. If you expand to Europe, MiFID II instantly adds a second compliance stack.

Think of FINRA Rule 2210, the SEC Marketing Rule, and MiFID II as concentric circles in the global advertising compliance landscape.

• FINRA 2210 governs broker-dealer communications in the U.S.
• The SEC Marketing Rule modernizes adviser advertising, especially for performance and testimonials.
• MiFID II sets a higher bar for transparency and investor protection in EU markets.

If your firm touches more than one jurisdiction, don’t duplicate effort. Instead:

Align your workflows once, and let your compliance platform (hey there, Comma Compliance) handle which disclosures, retention policies, and filing rules apply, based on audience and geography.

You’ll reduce rework and scale faster without regulatory friction while keeping yourself protected.

Why a 90-Day Countdown Matters

‍
‍Getting your first year of FINRA filings right isn’t a single to-do—it’s a journey. To keep you on track, here’s a visual roadmap that breaks your countdown into four manageable phases, each with its own review and filing tasks. Bookmark it, print it, or save it as your count-down compliance checklist.

‍

Staying compliant with FINRA Rule 2210 is crucial for startup broker-dealers, especially in your first year, when all retail-facing communications must be filed in advance. Avoiding common pitfalls like unfiled content and weak recordkeeping not only prevents costly penalties but also builds long-term trust with regulators and investors. By establishing clear workflows and providing early training, your firm can scale your marketing efforts confidently and responsibly - and make sure that your clients trust you the entire time.
‍

‍

¹ Communications sent to 25 or fewer retail investors within any 30-calendar-day period are classified as correspondence, not retail communication.

² Certain materials are exempt from filing, especially if they’re passive, factual, or already filed elsewhere (like SEC prospectuses). But even if something’s exempt, you still need to supervise and retain it.

³BrokerCheck: FINRA’s public tool to view the registration history and disclosures of financial professionals and firms. Required on rep profile pages.

⁴WORM storage “Write Once, Read Many” — a storage format required by regulators to ensure archived content can’t be altered later.

‍

This article is for informational purposes only and does not constitute legal or compliance advice.

‍

Glossary

Approved Principal

A person authorized to review and approve content before it goes live — typically a founder, CCO, or someone registered with FINRA.

AREF (Advertising Regulation Electronic Filing)

FINRA’s web portal for Rule 2210 filings; supports PDF, video, HTML, etc.

BrokerCheck

A FINRA tool that provides public background info on brokers and firms. Required to be linked on webpages with registered rep profiles.

Correspondence

One-on-one or small group communications sent to 25 or fewer retail investors in any 30-day period. Example: a personal email to a prospect. Requires internal review, not pre-filing.

CRD#

Central Registration Depository Number — a unique FINRA ID assigned to registered reps and principals. Used when logging or approving content.

SEC Exchange Act Rule 17a-4
SEC rule that details how broker-dealers must preserve electronic records in WORM format.

FINRA

Financial Industry Regulatory Authority — the U.S. self-regulatory organization that oversees broker-dealers and issues Rule 2210.

Rule 2210

FINRA rule that sets advertising and public-communication standards for broker-dealers (filing, content, record-keeping).

Rule 4530

FINRA rule that requires broker-dealers to promptly self-report certain violations or events.

Institutional Communication

Communication intended exclusively for institutional investors (e.g., pension funds, hedge funds). Requires internal approval, but not filing with FINRA.

Pre-filing

The act of submitting public-facing content to FINRA’s Advertising Regulation Department at least 10 business days before it’s used (mandatory in your first year).

Performance Claim 

Any statement—actual, hypothetical, or projected—about how an investment, strategy, or firm has performed or is expected to perform (e.g., past returns, back-tested or model performance, guarantees, targets, benchmarks). Under FINRA Rule 2210, a performance claim must be fair and balanced: it can’t omit material risks or fees, can’t promise results, and must disclose how the figure was calculated.

Retail Communication

Any content sent to more than 25 retail investors within a 30-day period. Examples: websites, Instagram ads, email newsletters, YouTube videos. Requires pre-filing with FINRA during your first year.

Registered Principal

 A FINRA-licensed supervisor (usually Series 24) who must review and approve communications, trading, operational, and sales activity; the person legally accountable for the firm’s compliance in those areas.

WORM Storage

“Write Once, Read Many” — a type of secure storage that ensures archived data (like communications or social media posts) can’t be altered after saving. Required for compliance.

‍