The fair-dealing baseline that applies across all five markets
Before the market-specific rules, there is a common principle that every financial regulator in this group applies under different names: marketing must not mislead, and risk disclosures must be given prominence at least equal to benefit claims.
The practical implication of this across channels:
- A 6-second bumper ad that leads with a benefit claim and points to risk disclosures in a landing page footnote is not compliant in most of these markets.
- A social short-form video is subject to the same rules as a print ad. Saying "social media doesn't count" is the compliance failure mode that ASIC enforcement actions in 2024 and 2025 specifically addressed.
- Comparative claims (we have better rates than X) require substantiation in all five markets. The comparison must be current, like-for-like, and documented before the campaign runs.
Common claim failures
The claims that most frequently trigger regulatory scrutiny across all five markets: "no fees" statements when any fee exists in any form; implied or projected returns on investment products without required risk caveats; sandbox or limited-licence status not disclosed in advertising materials; and customer testimonials that omit material limitations on the experience described.
| Market | Primary regulator | Key framework | AI copy rule | Crypto ad rule |
|---|---|---|---|---|
| Singapore | MAS | PS Act 2019, FAA-N02, FAA-N16 | FEAT Principles; same fair-dealing standard applies | Requires MAS licence for DPT services; unlicensed entities cannot advertise |
| Australia | ASIC | RG 234, DDO (Corporations Act 2001) | Same rules; ASIC enforcement covers all ad formats including social video | Crypto that is a financial product: ASIC rules apply. Non-financial-product crypto: ACL misleading conduct applies |
| Malaysia | BNM | FTFC policy (s.8 advertising), FSA 2013 | RMiT covers AI tools in customer-facing advertising when material | No licensed crypto exchange framework under BNM currently; Securities Commission Malaysia regulates digital asset exchanges |
| United States | CFPB, FINRA, SEC | UDAAP, FINRA 2210, Regulation Z | FINRA RN 24-09 (June 2024): Rule 2210 applies to AI-generated communications equally | SEC/CFTC jurisdiction depends on asset type; all platforms require crypto advertiser certification |
| Canada | FCAC, FINTRAC, OSFI, provincial | FCPF, B-13 Guideline, Quebec Law 25 | OSFI B-13 covers AI in customer-facing tools for federally regulated institutions | FINTRAC MSB registration for crypto money services; provincial securities rules vary |
Singapore: MAS frameworks for fintech marketing
Singapore's fintech marketing compliance operates across three frameworks depending on the product category.
Payment services: The Payment Services Act 2019 is the foundational legislation for payments, e-money, digital payment tokens, and cross-border money transfer. The PS Act does not enumerate marketing rules directly but establishes a fair-dealing duty. MAS' general expectation is that licensees' promotional communications do not mislead on product features, fees, or risks. This duty applies to all channels including paid social and influencer partnerships.
Investment-adjacent products: MAS Notice FAA-N02 (advertising rules under the Financial Advisers Act) applies when a specific investment product is named or when advertising could constitute a personal recommendation. The line between general brand advertising and a personal recommendation is not bright for algorithmically-personalised ads served to individual users based on financial profile data. Until MAS clarifies this for AI-personalised ad delivery, the safer approach is to treat any ad personalised on financial behaviour data as in scope for FAA-N02.
Digital token advertising: Entities advertising digital payment token services in Singapore must hold the relevant MAS licence under the PS Act. MAS has issued prohibition orders against several overseas exchanges that advertised to Singapore consumers without a licence. The prohibition on advertising applies to social media posts, paid placements, and influencer content. Unlicensed entities cannot run DPT advertising to Singapore users through any channel.
Sandbox status disclosure
Fintechs operating under the MAS Regulatory Sandbox, Sandbox Express, or Sandbox Plus must disclose their sandbox status clearly in all marketing and customer-facing materials. The sandbox caps the customer base (typically 5,000 users) and the product scope. Marketing that implies full licensed operational status for a sandbox entity is a material compliance failure.
The MAS FEAT Principles (Fairness, Ethics, Accountability, Transparency in AI and Data Analytics) and the Veritas Toolkit apply to AI systems that drive customer decisions. Industry interpretation extends this to AI-personalised marketing and algorithmic targeting. Fintechs using AI for audience segmentation or content personalisation should document the AI decision logic and build transparency into customer-facing disclosures consistent with the FEAT framework.
Australia: ASIC RG234 and Design and Distribution Obligations
Australian fintech marketing sits at the intersection of ASIC Regulatory Guide 234 and the Design and Distribution Obligations framework. Both carry enforcement teeth that have been actively used.
ASIC Regulatory Guide 234 ("Advertising financial products and services including credit") requires that headline claims cannot mislead by omission, risk disclosures must have equal or greater prominence than benefit claims, and comparative claims must be substantiated with a documented basis of comparison. ASIC enforcement actions in 2024 and 2025 confirmed that short-form social video formats are in scope. A 15-second Instagram or TikTok ad is not exempt.
The Design and Distribution Obligations under the Corporations Act 2001 (effective October 2021) add a targeting dimension. Issuers and distributors must define a Target Market Determination for each financial product. The DDO obligation means that programmatic audience expansion, look-alike targeting, or interest-based targeting that routes a financial product ad to a consumer outside the approved target market creates direct DDO exposure for the issuer and potentially for the distributor (media agency or advertiser account holder).
DDO and programmatic targeting: the ignored risk
When a fintech's programmatic campaign uses look-alike audiences built from existing customers to expand reach, the expanded audience may include consumers who do not meet the Target Market Determination criteria for the product. This is a DDO violation. Most fintechs that deploy programmatic targeting have not built Target Market Determination checks into their audience configuration workflows. This should be a standard campaign checklist item for Australian fintech marketers.
Malaysia: BNM Fair Treatment of Financial Consumers
BNM's Fair Treatment of Financial Consumers (FTFC) policy document, in force since November 2019, is the operative advertising rule for licensed financial institutions in Malaysia. Section 8 covers advertising specifically: risks must be presented with equal prominence to benefits; comparative claims must be substantiated; and marketing must not exploit customer vulnerability or create false urgency.
The BNM Financial Services Act 2013 and Islamic Financial Services Act 2013 set the consumer protection baseline. For Islamic financial products, marketing must not misrepresent the Shariah compliance status of the product, and the basis of Shariah compliance should be clearly stated.
Malaysia's five licensed digital banks (GX Bank, AEON Bank, Boost Bank, KAF Digital Bank, and Ryt Bank) each operate under BNM's digital banking framework with marketing constraints tied to their licence scope. Verify each institution's current operational status against BNM press releases before any co-marketing or affiliate arrangement.
BNM Risk Management in Technology (RMiT) policy document (updated June 2023) covers AI tools used in customer-facing activities when material. Fintechs using AI for ad targeting, content generation, or customer communication should assess whether their AI deployment is material enough to require documentation under RMiT. The threshold is not precisely defined but generally applies when the AI tool makes decisions affecting a meaningful portion of the customer base.
Digital asset exchanges in Malaysia fall under the Securities Commission Malaysia, not BNM. SCM regulates digital asset exchanges and applies separate advertising restrictions; confirm the applicable rules with the SCM before running crypto advertising in Malaysia.
United States: CFPB, FINRA, and the AI-generated copy question
US fintech marketing compliance is divided by product type across the CFPB, FINRA, and the SEC, with state-level rules adding an additional layer.
CFPB and UDAAP: The Consumer Financial Protection Bureau enforces the UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) standard. UDAAP is the principal federal check on fintech marketing claims for consumer financial products. The CFPB Interpretive Rule on Buy Now Pay Later (issued 22 May 2024) confirmed that BNPL products are credit cards under the Truth in Lending Act (Regulation Z). The practical marketing consequence is immediate: TILA-style fee disclosure boxes are required, and "no fees" claims are non-compliant for any BNPL product with late fees, foreign transaction fees, or account fees.
FINRA Rule 2210 and AI-generated copy: FINRA Rule 2210 governs all communications with the public for broker-dealers, including trading apps. It requires pre-approval by a registered principal for retail communications, and requires fair balancing of risk versus reward claims. FINRA Regulatory Notice 24-09 (published 27 June 2024) explicitly confirms that Rule 2210 applies equally to AI-generated and human-written marketing communications. The supervisory system under Rule 3110 must cover AI tools used in marketing. There is no AI exemption in FINRA's framework.
CFPB Circular 2022-03: AI and adverse action notices
CFPB Circular 2022-03 establishes that AI-driven credit decisions must still deliver specific and accurate denial reasons to applicants. When AI is used in underwriting or credit decisioning, the denial notice must articulate the specific factors the AI weighed, not just a generic statement about creditworthiness. Marketing teams building funnel communications around the credit application process should ensure the adverse-action notice content is accurate and specific before launching campaigns that drive application volume.
Crypto advertising: Crypto asset advertising in the US sits across SEC jurisdiction (for securities), CFTC jurisdiction (for commodities), and state money transmitter licence requirements. All major ad platforms (Google, Meta, TikTok) require crypto advertisers to complete a certification process before running ads in the US. The certification requirements and permitted ad content differ by platform and change periodically.
Canada: FCAC, FINTRAC, and Quebec Law 25
Canada's fintech marketing compliance has a federal-provincial structure that creates different obligations depending on the institution type and target province.
Federally regulated banks: The FCAC Financial Consumer Protection Framework (in force 30 June 2022) governs marketing practices including claims, disclosures, and how complaints are handled. Marketing materials for federally regulated bank products must accurately represent product terms and must not exploit information asymmetry.
Fintechs offering money services: Fintechs providing money transfer, crypto, or payment services that qualify as Money Services Businesses must register with FINTRAC under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. This registration covers the operational side, but it is also relevant to marketing: FINTRAC-registered MSBs must not market to sanctioned jurisdictions and should ensure their marketing funnel does not inadvertently onboard customers from prohibited categories.
AI and technology risk: OSFI Guideline B-13 (Technology and Cyber Risk Management, effective 1 January 2024) applies to federally regulated financial institutions. It governs AI tools used in customer-facing activities, including marketing. Institutions must manage the risks of AI in marketing channels the same way they manage other technology risks under B-13.
Quebec Law 25: Quebec Law 25 (fully in force September 2023) imposes data-collection consent requirements, automated-decision disclosure obligations, and breach-notification timelines. For fintechs marketing into Quebec, this means: consent flows must cover the use of personal data for marketing personalisation; if an AI tool makes a significant automated decision about a customer (such as credit eligibility), the customer has the right to know and to request human review. Build this into your consent and communication design for Quebec-facing campaigns.