Under section 21 of the Financial Services and Markets Act 2000, communicating unauthorised financial promotions is a criminal offense punishable by imprisonment, unlimited fines, or both.

The FCA's guidance makes this crystal clear: "A breach of s21 is a criminal offence which is punishable by up to 2 years imprisonment, the imposition of an unlimited fine, or both." Yet most non-regulated companies have no idea they're potentially breaking the law every time they post about their business.

What counts as a Financial Promotion?

A Financial Promotion is any communication that invites or encourages someone to engage with financial services or investment activity. The definition is deliberately broad and covers far more than the obvious investment ad.

That LinkedIn post explaining how your payments platform works? Potentially a financial promotion. The Instagram story showing your app's new features? Could be illegal if you haven't followed the rules. Even memes can constitute financial promotions, particularly in the crypto space where the FCA has seen widespread non-compliance.

The test isn't whether you're directly selling something. It's whether your communication contains an "invitation or inducement to engage in investment activity." This catches many companies off guard because they think they're just doing content marketing or PR.

The criminal vs. non-compliant distinction

The FCA explains two types of problematic financial promotions. Illegal promotions are those communicated without proper authorisation, which constitute criminal breaches of section 21. Non-compliant promotions have been lawfully communicated but breach other FCA rules.

Both can result in enforcement action, but only illegal promotions carry criminal penalties. An unauthorised influencer promoting a financial service without approval commits a criminal offense. An authorised firm posting a compliant promotion that obscures required risk warnings commits a regulatory breach.

This distinction matters because it determines whether you're looking at criminal prosecution or regulatory enforcement. Neither is pleasant, but prison sentences tend to focus the mind differently than fines.

The business test reality check

Many companies assume they're safe because they're not directly paid to promote financial services. This doesn’t take into account how the "in the course of business" test works. The FCA considers any level of commercial interest sufficient, even if it's indirect.

If you run a business and post content that could drive revenue, you're likely operating "in the course of business." This includes building your brand to negotiate better partnerships, earning revenue through platform monetisation features, or promoting your company's services to attract customers.

The FCA provides specific examples of when influencers would be acting "in the course of business," including promoting services to generate future revenue, increasing followers to get higher fees in future deals, or using affiliate links for commission payments. The same logic applies to companies promoting their own services.

Standalone compliance: Every post must tell the whole story

Each post must comply with the rules independently. You cannot rely on having complete information elsewhere, like your website's terms and conditions. Every X post, Instagram post, and LinkedIn article needs to provide a balanced view of benefits and risks.

This creates practical challenges on character-limited platforms. The FCA acknowledges these constraints and allows for shortened warnings or including information in images. However, the fundamental requirement remains: people should understand both opportunities and risks from each individual piece of content.

For platforms that truncate text behind "see more" links, companies should ensure as much required information as possible is visible without clicking through. The FCA specifically states that prescribed risk warnings for high-risk investments should not be truncated at all.

When prominence actually matters

If your business requires specific risk warnings, they must be prominent and clear. The FCA has seen too many promotions that highlight benefits in video content while burying risk information in barely visible captions.

Prominence means the information should be easily identified and understood by consumers. On Instagram stories, warnings need to appear on every slide containing the promotion. On live streams, they must be visible throughout any promotional content. On short-form videos, risk information should be displayed prominently across the screen, not just mentioned in dialogue.

The FCA provides detailed guidance on what prominence looks like across different social media formats. The key principle is that required information should not be obscured by design features of the platform or given less prominence than promotional benefits.

Recognising when social media isn't suitable

Sometimes the answer is that social media simply isn't appropriate for your promotional content. If your product has complex features that cannot be adequately explained in a social post while remaining fair, clear, and not misleading, don't force it onto these platforms.

The FCA specifically notes that debt counselling services are unlikely to be suitable for social media promotion due to their complexity. The same logic applies to other complicated financial products where character limits or visual formats prevent balanced communication.

Consider using social media to direct people toward appropriate channels where comprehensive information can be provided, as long as the initial promotion remains standalone compliant.

The influencer compliance challenge

Working with influencers creates additional compliance risks because you remain responsible for ensuring their content follows the rules, even if they deviate from agreed scripts. This requires robust monitoring and control systems, not just contractual obligations.

The FCA emphasises that influencers themselves often operate "in the course of business" even without direct commercial relationships with financial services companies. Building personal brands for future monetisation, earning platform revenue, or using affiliate links all potentially bring influencer content within scope of the financial promotion rules.

If an unauthorised influencer communicates a financial promotion without proper approval, they commit a criminal offense. Companies that cause such communication to be made share responsibility for compliance.

Practical compliance steps

• Start by auditing existing social media content to identify potential financial promotions. Review company posts, employee communications, influencer partnerships, and affiliate marketing arrangements. Many companies discover they've been making unauthorised financial promotions for months or years.
• Establish clear guidelines about what content requires approval before posting. Create processes for reviewing and recording social media posts. Ensure your team understands that routine marketing content might constitute regulated financial promotions.
• If working with influencers or affiliates, implement proper contracts and ongoing monitoring systems. Don't assume they understand the rules or will stick to approved messaging. The FCA expects firms to take "proactive responsibility" for affiliate marketing communications.

The international reach problem

The financial promotion rules apply to any communication "capable of having an effect in the UK," regardless of where it originates. This broad territorial scope catches many international companies by surprise. If UK consumers can view your social media content and potentially act on it, you're likely within scope of UK rules. Geographic location of your company or intended audience doesn't determine applicability.

Geo-blocking can help but isn't foolproof. Clear statements that content isn't intended for UK consumers might be useful as part of broader compliance strategies, but the FCA warns these alone are insufficient if UK consumers can still access and act on the content.

Managing group entity complications

Companies with international structures face challenges when different group entities share social media accounts. The FCA has seen consumer harm where UK consumers click links in promotions thinking they're engaging with regulated firms but are directed to unregulated overseas entities.

The guidance suggests either having UK authorised entities approve all shared account content or creating separate UK-specific accounts with clear direction for UK consumers. Whatever approach you choose, proper systems and controls are essential to prevent regulatory breaches.

The compliance mindset shift

The FCA isn't trying to eliminate social media marketing for financial services. They just want communication that enables informed consumer decisions. The key is providing balanced information about benefits and risks in ways appropriate for your audience and channel.

This doesn't require boring or overly cautious content. It requires honesty and completeness in presenting products and services. It means carefully considering whether social media is appropriate for particular messages and implementing proper systems to ensure consistent compliance.The financial promotion rules exist to protect consumers from poorly informed decisions about products that could significantly impact their financial lives.

The stakes are real: up to two years in prison and unlimited fines for getting this wrong. But the path to compliance is clear once you understand what's required and take the rules seriously from the outset.

---

For more information: Finalised guidance on financial promotions on social media