Resource Hub
Insights
Last updated:
July 10, 2026
Share Article:

FG24/1: What the FCA Social Media Rules Actually Require

A blurry image of office workers with the title of this blog in bold on top - "AI in Compliance Review: Signal vs Hype"

When the FCA published FG24/1 in March 2024, replacing the decade-old FG15/4, it closed the gap between what social platforms make easy to post and what the regulator expects you to be able to evidence. For marketing leads, compliance heads, and growth teams running paid and organic social at UK financial firms, the guidance did two very concrete things. It put affiliates and finfluencers squarely inside the promotions regime, and it removed "that's just how the platform works" as a defence for a risk warning that gets truncated or buried.

Here is what the rules actually require in practice, where social compliance most reliably fails in the field, and how to build a workflow that lets marketing move at social speed without stacking up regulatory debt.

The speed and defensibility tension

Marketing teams operate in hours. Compliance operates in days. Social media is the surface where that mismatch is most visible, and where the cost of getting it wrong compounds fastest. One marketing operations lead put the current state plainly: "We're manually checking Facebook and TikTok for 40 hours a month." That is a team doing the work the workflow should be doing.

The theme underneath it is partner, affiliate and influencer monitoring. Regulators are no longer only checking whether a PDF is accurate. They are scraping social platforms in something close to real time. That changes what "compliant" has to mean in practice.

What FG24/1 actually requires

The substantive requirements sit in four buckets.

Risk warnings must be visible throughout the promotion, and "throughout" means continuously. Not in link-in-bio, not only in the replies, not only after a swipe. If the platform's design truncates the warning, the promoter is still responsible for it.

Affiliates and finfluencers are in scope. If someone is paid to promote a regulated financial service, the firm paying them is accountable for the content they publish. Disclosure is required, substantiation is required, and monitoring is required.

Testimonials and before-and-after claims must be typical and must disclose material risk. Cherry-picking the best outcome is treated as misleading.

Record-keeping is not optional. Every piece of social creative needs an approval chain you can produce on demand, which is where the financial promotions audit trail does the heavy lifting.

A useful reframe sits under all of it. The FCA is not asking whether your firm intended to mislead. It is asking whether a reasonable reader would understand a post as a promotional claim. Intention is not the test. Perception is.

What good monitoring looks like

Post-publication monitoring is the single most labour-intensive compliance activity still being done by hand at most firms. In one deployment, manual oversight of Facebook, X, TikTok, websites and app stores was consuming around 40 hours a month before automation. A single automated pass scanned more than 1,200 sites and surfaced 23 actionable issues straight away.

The shift is not from manual monitoring to no monitoring. It is from manual monitoring to exception-based review. Automation does the scanning, and people make the judgement calls on the issues it surfaces. That is the only operating model that scales across the channels the FCA is now watching, which is why post-publication monitoring is built around exceptions rather than brute-force checking.

Platform by platform: where things actually break

LinkedIn. The FCA actively monitors it. Organic posts from regulated individuals are generally lower risk. The exposure sits in sponsored content, reshared finfluencer content, and employee advocacy programmes that push product claims without the disclaimer discipline of a paid ad.

Instagram, Reels and Stories. The platform's grammar works against you. Stories expire, Reels prioritise visual pace over text overlays, and carousels hide the last frame that most readers never reach. The operating move is to pin the risk warning as the first slide, use native captioning rather than image overlays, and treat link-in-bio as navigation, not disclosure.

TikTok. The most hostile platform for FG24/1 compliance. Fifteen seconds of video with native prompts like "Shop Now" and "Apply Now" that routinely cover the lower third of the frame, which is exactly where a risk warning sits. A firm remains responsible even when the platform UI obscures the warning, so a "Shop Now" button covering the disclaimer is the firm's problem, not TikTok's. The fix is to approve content in a native preview, as it appears on a real screen, and to treat TikTok as awareness and traffic rather than a channel for complex product claims.

X and Threads. Real-time commentary is the exposure. A quote-repost strips context and leaves a regulated claim floating without its risk warning. The controls that matter are writing risk warnings into the primary post text rather than a reply, monitoring quote-reposts, and having an explicit takedown protocol for out-of-context reshares.

Building a workflow that actually works

Start by mapping the promotion scope. Every product against every platform against every asset type, in one matrix. The map exposes the affiliate coverage gap more reliably than any audit.

Build platform-specific templates with the disclosures baked in, so every template carries the prescribed risk warning, the correct disclosure frame, and a pre-approved claim set. Then tier your review by source. Content from regulated employees on approved templates gets a lighter touch. Content from external parties, meaning affiliates, finfluencers and agencies, gets full substantiation review.

Put signed affiliate terms in place before anyone posts, covering required disclosures, permitted claims, mandatory risk warnings, the substantiation standard, audit rights and takedown obligations. No contract, no posting. Run monitoring on an exception basis, with automated scanning across your brand, products and partner handles and human review only on the issues that surface. When a regulated brand expands into community channels like Discord, the same discipline applies, with pre-approved copy, real-time flagging and clear escalation paths making those channels governable rather than a blind spot.

Finally, audit against FG24/1 each quarter. Sample live posts, document findings, track remediation. That is what creates the "reasonable steps" evidence the regulator expects to see.

"We review partners manually"

It is the most common response when the partner count is still in single digits. Where it breaks is usually visible in the deal data. A firm running 200 to 300 promotions a month with active oversight on only the top ten affiliates, while paying commission to fifty, a hundred or more, has a gap it cannot see. Manual review at that volume means escalation SLAs slip to three or four days, which is longer than most social windows stay open.

The fix is not another reviewer. It is routing affiliate posts through the same pre-submission review layer the internal team uses, and monitoring live partner activity by exception.

What exception-based monitoring actually touches

The part marketing teams underestimate is how broadly FG24/1 defines "the promotion." It is not just the paid ad. It is every derivative asset that comes from it, every partner handle carrying the claim, and every community channel where the product is discussed by people who would not pass as independent.

A mature scan covers brand and product handles across LinkedIn, X, Instagram, TikTok, Threads, YouTube and Facebook, including saved Stories and Reels that stay discoverable after the first 24 hours. It covers every paid affiliate, ambassador and finfluencer handle tied to a live commercial agreement, not just the top earners. It covers the community channels the firm controls, like Discord servers, Telegram groups and a branded Reddit presence, where an employee or moderator could post something that reads as endorsed. It covers app store listings and developer blogs, since FG24/1 treats the screen a user sees before install as part of the promotion. And it covers legacy creative still live on partner sites long after a campaign ended, which is the single most common source of a "we didn't know that was still out there" letter.

The finfluencer edge

The FCA's October 2024 action set the enforcement tone, with 20 finfluencers interviewed under caution and 38 alerts issued against social media accounts. The June 2025 escalation confirmed the direction, when the FCA led a coordinated week of action with nine regulators worldwide that produced more than 650 takedown requests and saw three people charged in the UK. A firm's enforcement risk now includes the content a paid partner publishes, even if the firm never saw it before it went live.

The defensible position is pre-approval of claim sets, live monitoring of partner handles, and a documented takedown protocol for when an out-of-line post appears. The firm that cannot evidence those three is the one the regulator writes to.

How Adclear helps

Adclear reviews social creative natively, including Stories, Reels, carousels, video with platform-specific previews, and finfluencer content submitted by partners through controlled links. The system scans, flags, and logs the approval chain for the audit trail, so marketing can move at social speed while compliance keeps the evidence the FCA expects. If you want to see how the monitoring and native review work in practice, book a product tour.

FAQ

Does FG24/1 apply to general financial education content? Not as a rule. Genuinely general education is not a financial promotion. The line is crossed the moment a specific product or provider is attached.

Are we liable for what finfluencers say? Yes, where you pay them or otherwise control the promotional arrangement. Authorship does not transfer liability.

What counts as "throughout the promotion"? Material risk information must be visible without extra clicks, scrolls or taps. A warning in link-in-bio does not satisfy it.

Which is the highest-leverage thing to fix first? Affiliate documentation and monitoring. Pull every paid partner, review their last 30 days of posts against FG24/1, update the contracts, and switch on automated monitoring of their handles. That single move closes the largest open liability on most firms' social estate.

How does Adclear review social creative? Natively, across Stories, Reels, carousels, video with platform-specific previews, and finfluencer content submitted through controlled links, with every decision scanned, flagged and logged to the audit trail.

Contents
Book a product tour with our Co-Founder, Doni

Once you're booked in, we'll send you a free playbook on Financial promotions compliance for FinTechs.