The FCA's Financial Promotions Regime and Social Media: A Practical Guide for 2025

If you work in financial services and use social media, you already know the vague sense of dread. Every post feels like it might be the one that triggers a compliance issue. Every Instagram story, every LinkedIn article, every reply to a comment on Twitter sits somewhere on a spectrum between perfectly fine and regulatory breach.

The frustrating part is that the rules aren't new. The financial promotions regime has been around since 2000. But social media has changed how those rules apply in ways that many firms still haven't properly grappled with. The FCA has noticed, and they're not being subtle about it.

This guide is an attempt to lay out the full picture: the law, the rules, the enforcement trends, and what it all means in practice when you're staring at a blank post trying to decide whether you need a risk warning or not.

The Legal Framework: Section 21 FSMA

Everything starts with Section 21 of the Financial Services and Markets Act 2000. The principle is straightforward. A person must not, in the course of business, communicate an invitation or inducement to engage in investment activity unless they are an authorised person or the content has been approved by one.

Breach of Section 21 is a criminal offence. Not a slap on the wrist, not a strongly worded letter. It carries a maximum sentence of two years' imprisonment and an unlimited fine. That's worth sitting with for a moment, because it colours everything else.

The scope is deliberately broad. "Communicate" covers any medium. "Invitation or inducement" catches anything that could reasonably lead someone towards a financial product or service. And "in the course of business" has been interpreted widely enough to include most things posted by a firm or its representatives, even personal accounts where the person is identifiable as working in financial services.

The Treasury has carved out various exemptions in the Financial Promotions Order 2005, and some of these are relevant to social media. The high net worth and sophisticated investor exemptions, for instance, or the exemption for follow-up communications. But relying on exemptions requires proper documentation and process. You can't just assume they apply.

COBS 4: The Conduct Rules

If Section 21 is the criminal law backstop, the FCA's Conduct of Business Sourcebook (COBS 4) is where the day-to-day regulatory requirements live. This is what your compliance team is actually working with.

COBS 4.2 sets out the overarching requirement: financial promotions must be fair, clear, and not misleading. Three simple words that contain multitudes.

Fair means the promotion doesn't emphasise benefits without also giving proper weight to risks. It means not cherry-picking performance data or using time periods that paint an unrealistically rosy picture.

Clear means an average member of the target audience can understand it. Not a compliance officer, not a financial planner, but the people you're actually trying to reach. This has real implications for how you write social media content.

Not misleading covers both active deception and misleading omissions. Leaving out material information can be just as problematic as stating something false. If your Instagram post about a pension product doesn't mention that the value can go down, the post is misleading by omission.

COBS 4.5 through 4.11 then layer on specific requirements for different product types. Investment funds, insurance products, pension transfers, and more each have their own additional rules about what must be included in a promotion. Knowing which set of rules applies to your content is step one of compliance, and it's a step that social media's informal tone can cause people to skip.

COBS 4.10 deserves particular attention. It covers communications relating to certain investments and requires that promotions be identifiable as such. On social media, where the line between personal opinion and professional advice is often invisible, this matters enormously.

The Consumer Duty Overlay

Since July 2023, the Consumer Duty has added another layer to the financial promotions regime. It doesn't replace COBS 4 or Section 21. It sits on top, applying a higher standard focused on outcomes rather than just technical compliance.

Under the Duty, firms must act to deliver good outcomes for retail customers. For financial promotions, this translates into several practical requirements.

Communications must support informed decision-making. That means giving people the information they need, at the point they need it, in a way they can actually use. A compliant risk warning buried in tiny text at the bottom of an image doesn't meet this standard, even if it technically ticks the COBS 4 box.

Target market considerations must be front and centre. If your social media post about a complex structured product reaches a general audience of retail investors, you've got a problem regardless of what the post says. The Duty requires you to think about who is likely to see your content and whether it's appropriate for them.

The Duty also requires firms to monitor outcomes. For social media, that means tracking whether your posts are leading to complaints, whether vulnerable customers are responding, and whether the overall pattern of your communications supports good outcomes. This is an ongoing obligation, not a one-off review.

How the FCA Monitors Social Media

There's a common misconception that the FCA isn't really paying attention to social media. This is dangerously wrong.

The FCA has invested significantly in its ability to monitor online financial promotions. They use web scraping technology to scan websites, social media platforms, and search engine results for potentially non-compliant content. The ScamSmart programme, originally focused on pension scams, has expanded into broader social media monitoring.

In practical terms, the FCA's approach involves automated scanning for specific keywords and patterns, combined with human review of flagged content. They also act on reports from consumers and from firms reporting their competitors.

The numbers tell the story. In 2024, the FCA issued 1,882 consumer alerts about potentially unauthorised or non-compliant financial promotions. They took action to amend or withdraw over 10,000 financial promotions. A substantial number of these originated on social media.

The FCA has also been willing to use its newer powers under the Online Safety framework and the financial promotions gateway introduced in 2023, which requires unauthorised firms to have their promotions approved by an authorised person before publication. This has created a bottleneck for crypto firms and other sectors, but the ripple effects touch everyone.

Recent enforcement actions worth noting include several cases where individuals were fined for social media posts that constituted unapproved financial promotions. In one case from late 2024, an appointed representative was fined for a series of Instagram posts promoting high-risk investments without adequate risk warnings or fair balance. The total fine was relatively modest at £23,000, but the reputational damage and the cost of remediation dwarfed that figure.

Practical Requirements for Social Media Posts

Knowing the rules is one thing. Applying them to a 280-character tweet or an Instagram story is another. Here's what compliance actually looks like in practice.

Risk Warnings

Any post that constitutes a financial promotion must include appropriate risk warnings. For investments, the baseline is: "The value of investments can go down as well as up, and you may get back less than you invest." For pensions, there are additional requirements around access restrictions.

The risk warning must be prominent. Not hidden in a comment. Not in a follow-up post. Not in a link-through that most people won't click. It needs to be in the post itself, visible without additional action by the reader.

Fair Balance

This is where social media gets genuinely difficult. Fair balance means that the benefits and risks of a product or service are given roughly equal weight. On a website or in a brochure, you have space to achieve this. On Twitter or an Instagram story, you often don't.

The FCA's position is that if you cannot achieve fair balance within the constraints of a platform, you should not make that promotion on that platform. This is a hard pill for marketing teams to swallow, but it's the regulatory reality.

Target Market

Every financial promotion should be directed at an appropriate target audience. Social media's open nature makes this challenging. Your LinkedIn audience of professional connections is different from your TikTok followers, and content appropriate for one may not be appropriate for the other.

Firms need to think carefully about platform demographics. Promoting a complex derivative product on a platform whose user base skews towards under-25s is asking for trouble, regardless of how accurate the content is.

Approval Processes

COBS 4.10.2R requires that firms establish and maintain appropriate procedures for approving financial promotions. For social media, this means having a clear sign-off process that can work at the speed social media demands.

The approval process needs to cover who can approve, what criteria they use, how the approval is documented, and what happens when something needs to change. Many firms use a pre-approved content library, where compliant posts are created and approved in advance, then scheduled for publication. This works well for planned content but doesn't address reactive posts, comments, or reposts.

Record-Keeping

Every financial promotion must be retained for at least three years from the date it was last communicated. For social media, this means screenshots, metadata, approval records, and any amendments. If you edit a post, you need to keep the original version too.

The ephemeral nature of social media content (stories that disappear after 24 hours, deleted tweets, edited posts) creates a real compliance headache. Firms need systems that capture content at the point of publication, not after the fact.

Platform-Specific Challenges

Character Limits

Twitter's 280-character limit is the obvious challenge, but it applies across platforms. Even LinkedIn, with its longer format, encourages brevity. Including a meaningful risk warning, maintaining fair balance, and making a compliant promotion within tight character limits is genuinely hard.

One approach is to use the main post for general, non-promotional content and link to a compliant landing page for anything that constitutes a promotion. But this only works if the post itself doesn't cross the line into promotion territory. "Click here to learn about our amazing pension solutions" is still a financial promotion, even if the risk warning is on the landing page.

Ephemeral Content

Instagram and Facebook stories, Snapchat, and similar formats pose unique problems. Content that disappears after 24 hours still needs to comply with the full promotions regime while it's live. And you still need to keep records of it for three years after it vanishes.

Comments and Replies

When someone comments on your post asking for specific advice, your reply could constitute a financial promotion or even personal advice. Firms need clear policies about who can respond to comments, what they can say, and how those responses are recorded and reviewed.

User-Generated Content and Reposts

Sharing or reposting client testimonials, positive reviews, or third-party content can turn you into the communicator of a financial promotion you didn't create. If you repost a client saying "Best pension advice I ever got, doubled my retirement fund!", you've just communicated a promotion that lacks fair balance, risk warnings, and probably breaches testimonial rules.

Building a Compliant Social Media Policy

The firms that handle this well tend to share certain characteristics. They have a written social media policy that everyone understands. They train staff regularly. And they use a combination of pre-approval, monitoring, and rapid response to manage risk.

A solid social media policy should cover:

Scope. Who does it apply to? All staff, or just those posting on behalf of the firm? What about personal accounts where the individual is identifiable as working for the firm?

Pre-approval requirements. Which types of content need sign-off before posting? A useful framework is to categorise content as promotional (always needs approval), educational (review against promotion criteria), or general (team news, events, no approval needed).

Platform-specific guidance. What can and can't be posted on each platform, given the format constraints? Some firms simply prohibit certain types of promotion on platforms where compliance is too difficult to achieve.

Comment and response protocols. How should staff handle questions, complaints, or requests for advice that come through social media?

Monitoring and review. How frequently is published content reviewed? Who does the reviewing? What triggers a deeper investigation?

Breach procedures. What happens when something non-compliant gets posted? Speed matters here. Having a clear takedown and remediation process can limit both regulatory and consumer harm.

Record-keeping. How are posts captured, stored, and indexed? Manual screenshots are unreliable. Automated tools that capture content at publication are far better.

On that last point, this is exactly the sort of ongoing monitoring challenge that tools like PostGuard are designed to address. Rather than relying on manual review of every post across every platform, automated compliance checking can flag potential issues before they become regulatory problems.

Getting This Right

The financial promotions regime is not going to get simpler. The FCA has signalled repeatedly that social media compliance is a priority, and the Consumer Duty has raised the bar further. Firms that treat social media compliance as an afterthought are taking a risk that grows with every post.

But it's also worth keeping perspective. The regime isn't designed to stop financial advisers from using social media. The FCA has been explicit about this. They want good communication between firms and consumers. They just want it done properly.

The firms that thrive on social media tend to be the ones that invest in understanding the rules, build sensible processes, and use technology like PostGuard to maintain oversight without slowing everything down. Compliance doesn't have to mean silence. It means knowing where the lines are and staying on the right side of them.

That's achievable. It just takes a bit more thought than hitting "post" and hoping for the best.