The four perimeter principles

VARA's marketing framework is built on four perimeter principles that apply to all licensees, regardless of activity category:

  1. Fair, clear and not misleading. The marketing standard is the same as in mature financial-services regimes — no statement may overstate, understate, omit a material qualification, or rely on a technical truth that creates a misleading impression.
  2. Risk warnings, prominent and proximate. Risk warnings must accompany the promotional content, in proximity, in legible form. They must not be hidden in a footer, dismissed by default, or rendered in a colour that fades into the background.
  3. Approval and traceability. Every piece of marketing communication must be traceable to a documented approval — a named approver, an approval date, and a defined retention period.
  4. No inducement-led promotion. Promotions that incentivise the client to take a position they would otherwise not take are tightly controlled — and in most categories, prohibited.

What "marketing communication" actually covers

The scope of "marketing communication" under the VARA framework is broad. It covers:

  • Owned content: website pages, blog posts, downloadable PDFs, product walkthroughs, video explainers.
  • Paid acquisition: search ads, display ads, sponsored content, programmatic placements.
  • Social media: organic posts, paid posts, influencer endorsements, ambassador programmes.
  • Earned media: press releases, podcast appearances, conference talks where the firm is named or branded.
  • Direct outreach: cold email, sales decks, RFP responses where forward-looking statements are made.
  • Customer-facing UI: in-product banners, push notifications, email campaigns where a product or asset is referenced.

The practical implication is that the marketing-approval workflow inside a licensed firm has to extend beyond the marketing team. Sales decks, RFP responses, in-product UI copy and influencer-driven content all sit inside the perimeter.

The risk-warning standard

VARA's risk-warning expectations are calibrated to the audience and the channel. The principles are constant — proximity, prominence, legibility, comprehensibility — but the implementation varies. Some practical positions:

  • Website pages. Risk warnings should appear above the fold on landing pages where a regulated activity is promoted, in body-text size, in the same colour-and-contrast band as the surrounding copy. Footer-only risk warnings are not defensible on a regulated landing page.
  • Social media. Risk warnings must appear within the post itself — not behind a "more" expander, not on the linked landing page only. For platforms with character limits, the firm must either choose a format that accommodates the warning or withdraw the post.
  • Video and audio content. Risk warnings must be both spoken and rendered as overlays at material moments, not buried in the closing credits.
  • Influencer and ambassador content. The firm is responsible for the influencer's content as if it were its own. The contract with the influencer must include the risk-warning standard, an approval workflow, and the right to compel removal.

The approval and traceability discipline

VARA expects every piece of marketing communication to be traceable to a documented approval inside the firm. The institutional standard is a Marketing Approval Register that records, at minimum:

  • The communication itself (or a stable archive link).
  • The named approver (a Compliance-function role).
  • The approval date and the publication date.
  • The retention period (typically aligned to the firm's recordkeeping policy — five years is standard).
  • Material amendments and re-approvals over the life of the communication.

For high-velocity channels (organic social, in-product UI), the approval workflow can be batched and template-driven — but the underlying traceability must hold. "We approve our marketing in principle" is not a defensible posture under inspection.

Inducements, free-token offers and acquisition incentives

The Version 2.0 rulebooks tightened the position on inducements and acquisition incentives. The general posture is:

  • Suitability-distorting incentives are tightly controlled. Any incentive that pushes a customer toward a position they would not otherwise take is treated as a material conduct risk and, in most categories, prohibited.
  • Promotional discounts and fee waivers are permitted within defined limits, subject to clear disclosure and a documented assessment that the promotion does not distort suitability.
  • Token airdrops and free-asset programmes require specific consideration of the underlying token's status, the eligibility criteria and the suitability implications. Generic "sign up and get X" promotions are increasingly seen as falling on the wrong side of the perimeter.
  • Affiliate and referral programmes remain permitted but are expected to operate within a documented framework with conflict-of-interest controls and a defined disclosure standard.

The five marketing remediation items most firms still owe their compliance leads

  1. A documented Marketing Policy covering scope, approval workflow, risk-warning standard, recordkeeping and the channels-in-scope list.
  2. A Marketing Approval Register in operation — not just a folder of PDFs, but a queryable record that an inspection team could be walked through.
  3. An influencer-and-ambassador contract template that bakes in the firm's risk-warning standard, the approval workflow, and the right to compel removal.
  4. A risk-warning style guide defining the typographic, layout and copy standards for risk warnings across web, social, video and in-product UI.
  5. A quarterly marketing-and-communications review by the Compliance function, with a defined sampling methodology and a board-reporting cadence.

How CASA helps

  • Marketing Framework Build — a fixed-fee build of the Marketing Policy, Approval Register, risk-warning style guide and influencer-contract template.
  • Marketing Sampling Review — quarterly retainer-based review of live marketing communications against the VARA standard, with prioritised remediation recommendations.
  • Inspection-Readiness Coaching for marketing and communications teams who will sit in front of supervisory questions on their content estate.

Want a 30-minute call on where your marketing perimeter sits against the VARA standard?

Brief our team

References: VARA Marketing Regulations; VARA Compliance and Risk Management Rulebook; VARA Version 2.0 activity-based Rulebooks (May 2025).

This briefing is general commentary by CASA and does not constitute regulated legal, financial or investment advice. Firms should confirm specific positions with retained counsel and the relevant supervisory authority.