FinProm Compliance: The Complete 2026 UK Guide

Looking for the latest FCA enforcement themes and what changed in the last 18 months? See the companion piece, Financial Promotions Rules 2026: The State of Play. This pillar is the comprehensive evergreen reference; the State of Play tracks the live regulatory landscape.

A financial promotion (or “FinProm”) is, in the words of section 21 of the Financial Services and Markets Act 2000, “an invitation or inducement to engage in investment activity” communicated in the course of business. FinProm compliance is the structured discipline of making sure every promotion a UK regulated firm publishes — advertisements, websites, social posts, emails, app screens, partner-channel content, finfluencer videos — meets the FCA's financial-promotions regime before it goes out, and stays compliant after. In 2024, the FCA caused 19,766 financial promotions to be amended or withdrawn, a 97.5% increase on 2023.

This guide is the definitive 2026 UK reference: what a financial promotion is in regulatory terms, the section 21 restriction and the new section 21 Gateway, the COBS 4 substantive rules, Consumer Duty obligations, the high-risk-investment framework, the crypto financial-promotions regime, the workflow a modern compliance team runs, recent FCA enforcement, software buyer's guide, and a comprehensive FAQ.

What Is a Financial Promotion?

In UK law, a financial promotion is any communication that constitutes an invitation or inducement to engage in investment activity, communicated in the course of business. The definition is deliberately broad. It captures the obvious things — paid advertising for an investment product, a brokerage's acquisition campaign, a savings account promotion — and a great deal that firms initially assume is out of scope: a customer-acquisition landing page, a sponsored social-media post, an app screen, an explanatory video, an outbound email, a chatbot reply that nudges a customer toward a product, a podcast advertisement, a finfluencer's TikTok video.

If the communication invites or induces a person to engage in investment activity, and it was made in the course of business, it is a financial promotion subject to the regime. The medium does not matter. The format does not matter. The cleverness of the framing does not matter.

Why “FinProm” and Not Just “Marketing”?

The UK regime is distinct from generic marketing compliance because it is enforced through a single statutory restriction (section 21 of FSMA) layered with rules across multiple FCA Handbook sourcebooks (COBS, ICOBS, MCOB, BCOBS, CONC) and overlayed by the Consumer Duty. Most other jurisdictions regulate marketing communications through a combination of sector-specific advertising rules and general truth-in-advertising statutes. The UK does both, with the section 21 restriction sitting on top — meaning a non-compliant financial promotion is not just regulator-actionable but potentially a criminal offence under section 25 of FSMA.

For a wider treatment of how marketing compliance works across jurisdictions, see Sedric's pillar on marketing compliance.

Why FinProm Compliance Matters in 2026

UK financial-promotions enforcement has accelerated sharply since 2023, and the trajectory is steepening. A few data points anchor the picture:

• 19,766 financial promotions amended or withdrawn in 2024. Up 97.5% year on year.
• The Section 21 Gateway in force. Since February 2024, an FCA-authorised firm must now obtain explicit FCA permission before approving the financial promotions of any unauthorised business.
• Finfluencer enforcement. In 2024 the FCA interviewed 20 finfluencers under caution, authorised criminal proceedings against three individuals, made three arrests, issued seven cease-and-desist letters, and published 50 warning alerts.
• Crypto in scope. Since October 2023, qualifying crypto-asset promotions are subject to the financial-promotions regime.
• CMC promotions. Since January 2024, the FCA has caused more than 800 misleading adverts by FCA-regulated claims-management companies to be removed or amended.
• Consumer Duty in force. Since July 2023, Principle 12 obliges firms to deliver good outcomes for retail customers in their communications.

Who Is in Scope?

Section 21 of FSMA applies broadly. In practice, any of the following businesses needs a formal FinProm compliance program: FCA-authorised firms (banks, building societies, asset managers, wealth managers, investment advisers, brokers, trading platforms, insurance firms, payment institutions, e-money issuers, consumer credit lenders, mortgage providers, claims-management companies, crypto-asset firms registered under the MLRs); unauthorised firms communicating to UK persons (subject to FPO exemptions or s.21 approval by a Gateway-permission holder); affiliates, finfluencers, and partner publishers; group affiliates communicating on the firm's behalf; and crypto-asset platforms with UK customer reach.

For a deeper treatment of how partner content fits into the broader picture, see Sedric's pillar on partner and affiliate compliance.

The Section 21 Restriction

Section 21(1) of FSMA states the restriction in stark terms: a person must not, in the course of business, communicate an invitation or inducement to engage in investment activity. The exceptions are narrow: the communicator is an authorised person, the content has been approved by an authorised person holding the Section 21 Gateway permission, or the communication is exempt under the Financial Promotion Order 2005.

Breach of section 21 is a criminal offence under section 25 of FSMA, punishable by up to two years' imprisonment, a fine, or both. The agreement or transaction that follows an unlawful promotion is also unenforceable against the customer under section 30 FSMA.

The Section 21 Gateway (2024)

Until early 2024, any FCA-authorised firm could approve a financial promotion for an unauthorised business. The Financial Services and Markets Act 2023 changed that. Since 7 February 2024, an FCA-authorised firm must obtain explicit FCA permission to act as a section 21 approver, applying through a new permission gateway and demonstrating it has the systems, controls, and competence to do the job.

The practical consequences for the UK market are material: the universe of approvers has contracted sharply; approvers carry an elevated regulatory profile and have already become FCA examination targets; unauthorised firms relying on s.21 approval face longer lead times, higher fees, and tighter conditions; and the Gateway permission carries ongoing reporting and supervisory obligations including continuing monitoring of approved promotions.

COBS 4: The Substantive Rules

The FCA Handbook's Conduct of Business Sourcebook, Chapter 4 (COBS 4), sets the substantive rules every financial promotion must satisfy. Fair, clear and not misleading. Balanced presentation of benefits and risks. Identifiable as a marketing communication. Sufficient information for an informed decision. Layered on top are product-specific and audience-specific rules across COBS 4's numbered subsections, plus parallel regimes in ICOBS (insurance), MCOB (mortgages), BCOBS (banking), and CONC (consumer credit).

Consumer Duty: The Overlay That Changes Everything

The Consumer Duty has been in force since 31 July 2023. Principle 12 requires firms to act to deliver good outcomes for retail customers. In financial promotions, this overlays COBS 4 with a substantive good-outcomes test. The consumer-understanding outcome requires communications be timely, clear, and capable of being understood by the audience. The FCA has been explicit that this is a higher bar than “not misleading”: a promotion can technically comply with COBS 4 and still fall foul of Consumer Duty if the audience would predictably misunderstand it.

High-Risk Investment Rules (PS22/10)

In February 2023 the FCA brought the bulk of its strengthened high-risk-investment rules into force through PS22/10. The framework distinguishes between readily realisable securities (lighter regime); Restricted Mass Market Investments (RMMIs) including non-mainstream pooled investments, some peer-to-peer agreements, and qualifying crypto-assets (cannot be promoted to ordinary retail customers without categorisation steps and personalised risk warnings); and Non-Mass Market Investments (NMMIs) where promotion to ordinary retail customers is prohibited outright.

Crypto Financial Promotions (October 2023)

Since 8 October 2023, qualifying crypto-asset promotions are within the section 21 financial-promotions regime, treated as RMMIs. Communications to UK persons must satisfy section 21 and the RMMI-specific COBS 4 rules: specific risk warnings, client categorisation, personalised risk warnings, a 24-hour cooling-off period, no incentives. The regime captures non-UK issuers if the communication is capable of having an effect in the UK. Sedric covers this surface explicitly in its compliance platform for crypto platforms and exchanges.

What a Modern FinProm Compliance Workflow Looks Like

A defensible FinProm compliance program is a documented end-to-end workflow connecting intake, classification, review, approval (and where required, s.21 Gateway approval), publication, and ongoing monitoring. The shape is consistent across UK regulated firms; only the substantive rules vary by sector.

Stage 1: Intake and Classification. Every asset enters a single intake queue. Classification by promotion type, audience category, product class, and channel determines which regime applies.

Stage 2: Content Review. Reviewers apply the substantive rules: clear-fair-not-misleading, balance, identifiable-as-marketing, sufficient-information, product-specific risk warnings, audience-appropriate framing. Reviewers also run the Consumer Duty consumer-understanding test.

Stage 3: Risk Warnings and Categorisation Mechanics. Required risk warnings are added or verified. For RMMI and NMMI promotions, the prescribed risk-warning language, prominence requirements, and categorisation gates apply.

Stage 4: Approval. An appropriately qualified individual within the firm signs off — typically a senior manager or designated compliance officer. Where the firm holds a Gateway permission, the s.21 approval is a separate, documented act.

Stage 5: Publication and Recordkeeping. The approved version is the only version that goes live. The full record is captured in a tamper-evident archive. SYSC 9 sets the high-level record-keeping rule; chapter-specific rules set the retention period.

Stage 6: Ongoing Monitoring. For section 21 approvers, the FCA expects continuing monitoring of approved promotions for as long as the promotion is capable of having an effect. Drift between the approved version and the live version on a partner's page is the most common failure pattern.

Stage 7: Withdrawal and Notification. Where a promotion ceases to be compliant, the workflow must trigger withdrawal of approval, removal from the channels where the promotion appeared, and notification to the regulator where required.

For a treatment of the cousin discipline, see Sedric's pillar on marketing review.

The FinProm Compliance Checklist

A working checklist a UK regulated firm can run against every promotion before it goes live. Sector-specific overlays (ICOBS, MCOB, CONC, MiFID II, the RMMI/NMMI rules) layer on top of these.

1. Section 21 status. Who is communicating? If unauthorised, has the promotion been approved by an FCA-permissioned s.21 approver, or does an FPO exemption apply?
2. Audience category. Retail, professional, eligible counterparty, high-net-worth, certified sophisticated?
3. Product class. Readily realisable, RMMI, NMMI, qualifying crypto, banking, mortgage, consumer credit, insurance.
4. Fair, clear, not misleading. No misleading impressions, no exaggerated claims, no implied guarantees.
5. Balanced presentation. Benefits and risks presented with comparable prominence.
6. Risk warnings. Product-specific risk warnings present, prominent, and in the prescribed form.
7. Identifiable as marketing. Sponsored / paid content labelled as such.
8. Consumer Duty test. Would the audience predictably understand? Vulnerable-customer characteristics considered?
9. Categorisation gates. For RMMIs and NMMIs, the 24-hour cooling-off period and personalised-risk-warning workflow applied.
10. No prohibited incentives. No inducement to invest in restricted mass-market investments.
11. Direct-offer requirements. If the promotion is a direct offer, COBS 4.7 applied.
12. Approval recorded. Internal approval documented; s.21 approval (if applicable) documented separately.
13. Recordkeeping. Original draft, revisions, comments, approved version, and final published version captured.
14. Monitoring trigger set. Promotion enrolled in continuous monitoring; drift detection active.
15. Partner / finfluencer supervision. Where a third party publishes on the firm's behalf, contracts, training, and oversight are in place.
16. Withdrawal procedure. A defined process to withdraw the promotion if circumstances change.

Common FinProm Violations That Trigger FCA Action

The 19,766 promotions intervened in by the FCA in 2024 cluster around a small set of recurring failure patterns: buried or insufficiently prominent risk warnings; promotion of restricted products to ordinary retail customers; unapproved third-party communications; failure to label paid social and influencer content; Section 21 Gateway gaps; CMC promotions that mislead about claim viability; crypto promotions without UK regime compliance; and stale promotions left live after products change.

Manual vs Automated FinProm Compliance

Most UK regulated firms still review promotions manually. Average end-to-end review time across UK firms is in the three-to-seven-day range. Volume is bottlenecked by reviewer headcount. Coverage of social, partner, and finfluencer content is partial at best.

Automated FinProm compliance changes the baseline. A modern platform applies the firm's policy library to every asset the moment it arrives, flagging issues with rationale tied to the specific rule. Cycle times drop from days to minutes. The FCA, like the SEC and FINRA, expects firms to govern AI tooling with the same rigour they apply to any other compliance control.

FinProm Compliance Software: A Buyer's Guide

If you are evaluating FinProm compliance platforms, the criteria below separate the platforms genuinely built for the UK regime from generic marketing-review tools.

1. Native COBS 4 coverage, with the sector overlays — COBS 4, ICOBS, MCOB, BCOBS, CONC and the RMMI/NMMI rules as a structured rule library.
2. Consumer Duty integration — substantive consumer-understanding test, not a presence test.
3. Section 21 Gateway workflow — due-diligence, monitoring, withdrawal supported.
4. Multi-jurisdiction support — also handles MiFID II, FINRA 2210, SEC Marketing Rule.
5. Post-publication monitoring — continuous monitoring of every channel.
6. Partner and finfluencer coverage — paid creator content, affiliates, comparison sites.
7. Audit-ready by default — every review captured automatically.
8. Explainability of every flag — rationale tied to the specific FCA Handbook provision.
9. Speed — minutes for low-risk promotions, hours for high-risk ones.
10. Reference customers in UK regulated categories.

FinProm Compliance by UK Sector

The framework above applies across UK financial services, but each sector has nuances. Banks, building societies, and payment firms: BCOBS plus PSD2/PSRs. Wealth managers, asset managers, investment advisers: COBS 4 in full plus the MiFID II conduct overlay; see Sedric's compliance platform for trading and securities firms. Insurance firms: ICOBS plus product-information-document requirements. Mortgages and consumer credit: MCOB and CONC respectively. Crypto-asset firms: the qualifying-crypto regime in force since October 2023; Sedric's crypto compliance platform covers it. Claims-management companies: specific CMC-targeted FCA expectations following the post-2024 enforcement sweep.

How Sedric Helps UK Firms

Sedric is an AI compliance platform built for regulated marketing and communications, with the UK financial-promotions regime as a first-class supported framework. The marketing compliance product sits across the workflow described above and applies a regulator-tuned policy engine to every asset.

For UK firms specifically, Sedric encodes the COBS 4 framework, the sector-specific overlays (ICOBS, MCOB, BCOBS, CONC), the high-risk-investment rules from PS22/10, the qualifying-crypto regime, the Consumer Duty consumer-understanding test, and the section 21 Gateway approver workflow. Every flag carries a rationale tied to the specific FCA Handbook provision and the specific text in the promotion that triggered it.

Sedric's broader platform extends the same approach to communications surveillance (recordkeeping under SYSC 9, MAR market-abuse monitoring, MiFID II Article 16(7) recording) and partner-channel content (finfluencer monitoring, affiliate program supervision). For a closer look at the underlying engine, see the AI Reviewer.

Visit the UK page for vertical-specific case studies, or book a 30-minute demo and we will review your own promotions, map findings to your specific FCA Handbook obligations, and show you what a 5-minute clearance pipeline looks like end-to-end.

FinProm Compliance FAQ

What is FinProm compliance?

The discipline of ensuring every financial promotion issued by a UK regulated firm meets the section 21 FSMA restriction, the substantive COBS 4 rules (and the sector-specific overlays in ICOBS, MCOB, BCOBS and CONC), the Consumer Duty consumer-understanding outcome, and the high-risk-investment rules from PS22/10 — before publication and on an ongoing basis.

What is a financial promotion under UK law?

Section 21(1) of FSMA defines it as a communication that constitutes an invitation or inducement to engage in investment activity, communicated in the course of business. The definition is medium-neutral.

What is the Section 21 Gateway?

The new permission regime, in force since February 2024, requiring FCA-authorised firms to obtain explicit FCA permission before approving the financial promotions of unauthorised businesses.

What is COBS 4?

The Conduct of Business Sourcebook chapter on financial promotions in the FCA Handbook. Contains the substantive rules: fair, clear and not misleading; balanced presentation; identifiable as marketing; sufficient for informed decisions.

Who can approve a financial promotion for an unauthorised firm?

Only an FCA-authorised firm holding the new section 21 Gateway permission.

Does the financial-promotions regime apply to crypto?

Yes. Since October 2023, qualifying crypto-asset promotions are within the section 21 regime, treated as restricted mass-market investments (RMMIs).

Does Consumer Duty apply to financial promotions?

Yes. Principle 12 of the Consumer Duty requires firms to act to deliver good outcomes for retail customers, including in their communications.

How long must financial promotions records be kept?

SYSC 9 sets the general rule; specific retention periods vary by sector. Commonly five years from last use, with seven years for MiFID-business records.

What happens if a promotion is found non-compliant?

Consequences range from FCA-prompted amendment or withdrawal (the most common outcome — 19,766 in 2024), to civil penalties, to criminal liability for individuals under section 25 FSMA. The underlying transaction is also unenforceable against the customer under section 30 FSMA.

Are finfluencers subject to the financial-promotions regime?

Yes. A finfluencer's promotional content for a regulated product is a financial promotion under section 21 and must satisfy the regime. The FCA's 2024 enforcement includes 20 finfluencer interviews under caution, three arrests, and ongoing criminal proceedings.

Can AI run FinProm compliance on its own?

No, and the FCA is explicit on this point. AI can accelerate review and apply the FCA Handbook more consistently than human teams, but human-in-the-loop oversight, qualified-person approval, model governance, and explainability are non-negotiable.

What is the difference between FinProm compliance and marketing compliance?

FinProm compliance is the UK-specific discipline focused on the section 21 FSMA restriction and the FCA Handbook framework. Marketing compliance is the broader cross-jurisdiction discipline that includes FinProm but also covers FINRA Rule 2210, the SEC Marketing Rule, CFPB UDAAP, NAIC, FTC endorsement guides, and the equivalent regimes in other jurisdictions.

How do I prepare for an FCA financial-promotions supervisory visit?

Run a self-exam against the questions the FCA will ask: produce the written policies and procedures, the substantive policy library, the approval records for a sample of recent promotions, the post-publication monitoring evidence for live partner content, the metrics summary, and the documented withdrawal procedures.

The Bottom Line

UK FinProm compliance has moved from a periodic-review back-office function to a front-line operational risk function, and the trajectory steepens every quarter. The firms that handle it well in 2026 have a documented workflow, a codified policy library across COBS 4 and the sector overlays, continuous post-publication monitoring, defensible recordkeeping by default, and the technology to apply that machinery at the speed of modern UK marketing.

FinProm compliance is, in the end, the UK firm's answer to a single FCA question: show us how you make sure your retail customers are not misled. Sedric is built for the firms that intend to answer that question well.