Blog

RILAs, Social Media Influencers, and FINRA 2220 

What is the difference between FINRA Rule 2210 and Rule 2220? 

At a glance, FINRA Rule 2210 governs all communications with the public, whereas 2220 is a specialized rule that applies directly to options communications. This helps to add extra content and approval requirements specific to options products. 

FINRA Rule 2210, or the Communications with the Public rule, describes 3 categories of written communications. 

  • Correspondence
  • Retail Comms
  • Institutional Comms

(We go more in-depth with what to look out for if you’re a new firm in this blog on FINRA 2210.) 

Rule 2220, the Options Communication Rule, oversees firms' communications with the public when it comes to options. It’s like a niche-down version of 2210.

In its 2025 Annual Regulatory Oversight Report, FINRA highlighted several areas where firms continue to fall short in their communications and supervision practices. Overall, it showed that many retail communications about Registered Index-Linked Annuities (RILAs) poorly explain how the products & their key terms work, lack clear and prominent risk/fee disclosures, use exaggerated or misleading claims, and present improper hypothetical illustrations that go beyond simply showing how RILAs function. (A big no-no.)

What FINRA found in their 2025 Annual Regulatory Oversight Report

Let’s break down what FINRA found in a digestible way. FINRA discovered: 

  • Inadequate Supervision of Firms’ Social Media Influencers. Firms either didn’t establish or didn’t enforce any systems to supervise influencer’s that were acting on the firm’s behalf. The example FINRA provided was that firms weren’t reviewing any of the influencers videos before they posted them on social media platforms. In other instances, they didn’t retain those videos - going back to the whole if it’s stated to the public, it needs to be archived.

  • False, Misleading, and Inaccurate Information in Mobile Apps: 
    • Misstating or failing to disclose the risk of loss associated with specific options transactions.
    • Distributing false or misleading promotions via social media, such as those annoying push notifications on apps that made promissory claims. Others omitted material info.
    • Within the mobile apps, firms failed to clearly and prominently disclose the risks associated with:
      • Options trading
      • Using margin
      • Crypto assets

Emerging Trend: Retail Communications Focused on RILAs 

  • FINRA’s recent retail communications findings related to RILAs, include:
    • Not explaining how RILAs actually work;
    • Glossing over key RILA terminology (like cap rates or buffers).
    • Not including risk disclosures
    • Leaving out disclosures about fees or how they may change.
    • Using exaggerated or misleading claims. For example, calling buffers “downside protection” in a way that over-hypes safety.
    • Misusing hypothetical illustrations.  FINRA found that firms showed future-looking performance, not the mechanics of how the product worked. 

If you need a refresher on how RILAs work, you can access FINRAs Annuities Securities Products page

Effective Practices suggestions:

FINRA also highlighted some “what good looks like” practices. Here’s the easy version:


Clear Procedures for Apps:


Firms need to have processes in place to ensure:

  • The info shown in the app is accurate, and
  • Any tools or features must comply with FINRA rules before being pushed to customers.

Mobile apps count as communications with the public, so everything in them must follow 2210 and any other applicable rules.

Better Oversight of Digital Comms

Firms should have reasonably designed, enforceable procedures for supervising all digital channels. That includes:

Monitoring New Tools & Features

Stay on top of new channels (like new social platforms, app features, or messaging tools) that reps or customers could use.

Tailored Supervision

Supervision shouldn’t be one-size-fits-all. Reviews should match the specific risks and features of each channel/app.

Rules for Video Content

Develop policies for live streams, recorded presentations, video blogs, etc. These must be reviewed and supervised like any other public appearance.

Training

Provide mandatory training before reps can access approved digital channels—covering what they can say, how they can say it, and which features are allowed.

Disciplinary Action

If reps violate communication rules, firms should:

  • Limit their access,
  • Require retraining, or
  • Block certain channels or features until compliance improves. (But, from a realistic perspective, banning apps doesn’t typically have the intended consequences.) 

Using Generative AI (Gen AI) Technology:

FINRA also addressed the growing use of AI in communications. Firms should:

Review any AI-assisted content to make sure it follows all securities laws and FINRA rules. (Let’s be real, ChatGPT is our friendly neighborhood hallucinator when it comes to regulations and rules.)

Properly supervise AI chatbots used with investors and retain transcripts as required.

Be accurate when talking about AI tools. Don’t oversell what AI can do, and always balance benefits with risks. If you’re curious about Comma’s perspective on AI, you can reference our blog that Sasha wrote here - but suffice it to say we want to ensure that AI is used in a smart way.  It’s called artificial intelligence, not artificial common sense. 

Communications About Securities Lending Programs

When promoting things like fully paid securities lending programs, firms must clearly explain:

  • How the program works,
  • What customers earn,
  • Any fees or conditions, and
  • The actual terms of the income or sharing arrangement.

No vague or incomplete descriptions. Investors need to understand what they’re signing up for.

The themes in FINRA’s report paint a clear picture: investor communications are becoming more digital, more dynamic, and more complex and supervision has to evolve right alongside them. RILAs, influencers, mobile apps, and AI may seem like separate issues, but they all point to the same underlying challenge: firms need communication programs that are flexible, technology-aware, and built to scale. 

That’s exactly where Comma Compliance comes in. We help firms modernize their communications oversight by combining practical compliance expertise with tools designed for the way people actually communicate today - across social platforms, apps, videos, and emerging AI technologies. Whether you’re refining your 2210/2220 processes, tightening your review workflow, or building policies for new digital channels, Comma provides the structure, support, and clarity you need to stay compliant without slowing down your business. 

See how Comma Compliance simplifies exam prep. Book a demo today.

Read More

compliance coverage

Open‑Sourcing WhatsApp & Signal Capture Code for True Compliance

Discover how Comma Compliance lifted the veil on message capture—publishing our WhatsApp & Signal connectors on GitHub for full auditability, security, and control.
Jeremiah
July 16, 2025
3
min read
Business

House WhatsApp Ban: FOIA Risk & Compliance Fixes

The U.S. House bans WhatsApp, citing FOIA record-keeping gaps. Learn why end-to-end encryption alone fails compliance and how to archive WhatsApp securely.
Jeremiah
June 23, 2025
2
min read

Why Messaging Compliance is Critical for Financial Firms

Financial firms must prioritize messaging compliance to avoid fines, build trust, and future-proof their business in the face of increasing regulatory scrutiny.
Sasha
July 26, 2023
3
min read

The Future of AI in Compliance: Opportunities and Risks

AI offers financial firms unparalleled compliance efficiency and scalability while requiring careful management of data security, biases, and human oversight. And...exactly what is regtech?
Jeremiah
July 12, 2023
5
min read
View all

Schedule a call with us here