Compliance Considerations for Financial Advisor Websites on Squarespace
Introduction
Building a professional financial advisor website is essential in today's competitive financial services industry. However, a well-designed site is only half the battle. If you're a regulated financial advisor in the UK, operating under FCA (Financial Conduct Authority) oversight, or in the US under SEC/FINRA regulation, your website becomes a compliance liability if it doesn't meet strict regulatory standards.
Your website isn't merely a marketing tool—it's a regulated communication channel. Every page, form, disclaimer, and data collection mechanism must align with financial promotion rules, data protection legislation, and regulatory guidance. For advisors using Squarespace, understanding platform capabilities and limitations is crucial to building a website that meets compliance financial advisor website squarespace requirements without incurring regulatory penalties.
This guide covers both UK FCA and US SEC/FINRA compliance frameworks, explaining what you must include on your financial advisor website, how Squarespace supports compliance needs, and providing a comprehensive 25-item compliance checklist to ensure nothing falls through the cracks.
Key Takeaways
Regulated financial advisor websites must comply with FCA (UK) or SEC/FINRA (US) regulations; non-compliance can trigger enforcement action and substantial penalties
FCA Handbook references COBS 4 and PRIN outline financial promotion approval, clear risk warnings, and identification of regulated status requirements
US financial advisors must comply with SEC Regulation S-P, Form ADV Part 2A requirements, and FINRA communications rules
GDPR compliance is mandatory for any UK-regulated advisor processing EU personal data; CCPA/CPRA applies to US advisors handling California resident data
Squarespace provides foundational compliance features (SSL encryption, cookie consent tools, GDPR-aligned data handling) but requires careful configuration and supplementary elements
A 25-item compliance checklist covering risk warnings, disclaimers, regulatory disclosures, privacy policies, and financial promotion approval should guide website implementation
Financial promotion rules require pre-approval by compliance before publication; your website content should never imply guaranteed returns or understate risks
Understanding FCA Compliance for Financial Advisor Websites
FCA Handbook: COBS and PRIN Requirements
If you're FCA-regulated, your website must comply with two primary FCA Handbook handbooks: the Conduct of Business sourcebook (COBS) and the Principles for Businesses .PRIN establishes eleven principles that all FCA-regulated firms must observe. Principle 6 requires firms to pay regard to the interests of customers and treat them fairly. Your website communications must not mislead customers about your services, qualifications, or track record. This principle underpins all financial promotion requirements.
COBS 4 specifically governs financial promotions. Under COBS 4.2R, every financial promotion must be clear, fair, and not misleading. Your website must not exaggerate past performance, imply guaranteed returns, or downplay risks. COBS 4.2.5R requires that if you make a financial promotion about an investment, you must ensure a client can access sufficient information to make an informed decision.
A critical requirement under COBS 4 is that financial promotions—including website content—must be approved by a compliance-qualified person before publication. This approval obligation extends to all promotional material, including blog articles about investment opportunities, case studies mentioning specific investments, and testimonials from clients.
Clear Identification of Regulated Status
COBS 4.5 requires that financial promotions include information identifying you as an FCA-regulated firm. Your website footer, contact page, or dedicated compliance page must clearly state:
Your FCA registration number
That you are regulated by the FCA
Your firm's registered address
Contact details for complaints
The FCA Financial Services Register (available at register.fca.org.uk) must list your firm. Consider including a direct link to your FCA register entry, which builds trust and provides transparency.
Financial Promotion Rules: What You Cannot Say
COBS 4.2 includes specific prohibitions on financial promotion content. On your website, you must not:
State or imply guaranteed returns on investments
Suggest past performance will continue into the future without prominent caveats
Understate risks or overstate benefits
Use language creating false impressions of exclusivity or scarcity
Include client testimonials suggesting investment results without approved disclaimers
Common website violations include performance tables showing Average annual returns: 8% without appropriate risk warnings, testimonial sections stating I made £50,000 with this advisor, or headlines implying guaranteed wealth accumulation.
US SEC and FINRA Requirements
SEC Regulation S-P and Form ADV Part 2A
In the United States, investment advisors registered with the SEC or state regulators must comply with Regulation S-P (Privacy of Customer Information) and provide Form ADV Part 2A (Brochure) to clients.
Form ADV Part 2A requirements mandate that your website include or provide easily accessible:
A description of your advisory services and fees
Information about conflicts of interest
Your education and business experience
Any disciplinary history (if applicable)
Information about affiliated entities
Many advisors provide a direct download link to their Form ADV Part 2A on their website, fulfilling this transparency requirement. SEC guidance requires that this brochure be delivered before or at the time you enter an advisory agreement with a client.
FINRA Communications Rules (Rules 2210 and 2214)
FINRA-registered representatives must comply with FINRA Rules 2210 (Communications with the Public) and 2214 (Advertising). Key requirements include:
All communications must be fair, balanced, and not misleading
Performance claims must be substantiated
Hypothetical examples must be clearly labeled and based on reasonable assumptions
Risk disclosures must be presented clearly and conspicuously
Any communication about past performance must include a prominent disclaimer
FINRA Rule 2210(d)(1) requires that for every claim, a firm must maintain a reasonable basis for that claim. If your website states We have successfully helped 500+ clients build diversified portfolios, you must maintain documentation supporting this claim.
SEC Investment Adviser Marketing Rule (Rule 206(4)-1)
The SEC's updated Marketing Rule (effective February 2021) requires investment advisers to:
Present performance information in a standardised format on websites
Disclose material conflicts of interest prominently
Include specific risk disclosures alongside performance claims
Obtain compliance approval before communicating performance
The rule explicitly applies to websites, social media, and all digital communications.
GDPR and Data Privacy Obligations
GDPR Compliance for UK and EU Data Subjects
If your financial advisor practice serves UK or EU clients, or processes any personal data of residents in those jurisdictions, GDPR compliance is mandatory. GDPR governs how you collect, store, process, and delete personal data.
Key GDPR obligations for financial advisor websites:
Privacy Policy: You must publish a clear, transparent privacy policy explaining how you collect and use data. This policy must be prominently linked on your website (usually footer or top navigation).
Lawful Basis: You must establish a lawful basis for processing personal data. For financial advisors, this typically includes:
Contractual necessity (processing client financial information to deliver advisory services)
Legal obligation (AML/KYC requirements under financial services legislation)
Legitimate interests (providing tailored advisory services)
Consent (where you collect data beyond contractual or legal requirements)
Consent for Marketing: If you capture email addresses via website forms for marketing communications, you must obtain explicit opt-in consent. Pre-ticked consent boxes are prohibited; users must actively opt in.
Cookie Consent: Website analytics, tracking cookies, and non-essential cookies require prior consent. Squarespace allows configuration of cookie consent banners, which we'll address in the Squarespace section.
Data Subject Rights: Your policy must explain how clients can access, correct, delete, or export their personal data. You should designate a process for handling these requests.
Data Processing Agreements: If Squarespace or other third parties process personal data on your behalf, you must have data processing agreements (DPAs) in place. Squarespace's terms include DPA provisions.
CCPA and CPRA for US Advisors
In the US, the California Consumer Privacy Act (CCPA) and its updated version (CPRA) impose obligations on businesses collecting personal data from California residents. Requirements include:
A privacy policy disclosing categories of personal data collected
Opt-out rights for data sales or sharing
A Do Not Sell or Share My Personal Information link
Annual privacy impact assessments
While the CCPA targets larger enterprises, financial advisors with California clients should implement these protections to avoid future exposure.
Squarespace Compliance Capabilities and Limitations
What Squarespace Provides
Squarespace offers foundational compliance features that support regulatory requirements:
SSL Encryption and Secure Data Transmission: All Squarespace websites include SSL/TLS encryption, ensuring data transmitted between your website and clients is encrypted. This meets basic cybersecurity requirements.
Cookie Consent Management: Squarespace allows configuration of cookie consent banners through the Settings panel. You can enable a banner requiring visitors to consent before non-essential cookies are set. However, the default configuration is minimal; you'll need to customise messaging to explain which cookies are essential versus optional.
GDPR-Aligned Data Handling: Squarespace has updated its terms to comply with GDPR. Their data processing agreement is available in your account settings and outlines how they process personal data you collect.
Form Privacy Integration: Squarespace forms can be configured to collect data with privacy notice integration, though the interface for this requires careful configuration.
Email Campaign Compliance: If you use Squarespace Email Campaigns for client communications, the platform includes list management tools supporting unsubscribe functionality (legally required under GDPR and CAN-SPAM in the US).
Squarespace Limitations for Financial Compliance
Whilst Squarespace provides these foundations, the platform has significant limitations for highly regulated financial services:
No Pre-Built Financial Promotion Approval Workflow: Squarespace doesn't include version control or approval workflows specifically designed for financial promotion compliance. You must implement external approval processes before publishing content.
Limited Regulatory Disclosure Features: Creating prominent regulatory disclosure sections (FCA register information, risk warnings, Form ADV Part 2A links) requires custom code or careful page layout design; there's no template specifically for financial regulatory disclosures.
No Built-In Performance Calculation Tools: If you want to display performance figures (which trigger strict regulatory requirements), you'll need external calculation or data integration tools.
Basic Cookie Configuration: Squarespace's cookie consent tool is functional but basic. For complex cookie audits required by some financial firms, you may need supplementary tools like CookieBot or OneTrust.
No AML/KYC Verification Integration: Anti-Money Laundering (AML) and Know Your Customer (KYC) verification—essential for some financial services—aren't natively integrated into Squarespace.
Practical Squarespace Setup for Compliance
To maximise Squarespace for compliance, implement these strategies:
Create a Dedicated Compliance Page: Use a standard page to centralise regulatory disclosures, including FCA register information, your firm's address, complaints procedure, and risk warnings.
Configure Cookie Consent Properly: In Settings > Website > Privacy, enable the cookie consent banner and customize the message to explain analytics cookies and optional marketing cookies.
Use Password-Protected Pages for Sensitive Documents: If delivering Form ADV Part 2A or other confidential documents to clients, use Squarespace's password protection feature to restrict access.
Implement Custom Code for Disclaimers: Use Squarespace's code injection feature to add persistent disclaimer headers to investment content pages.
Establish External Approval Process: Document a formal approval workflow in your compliance manual, ensuring all website changes—especially content about investments or performance—undergo compliance review before publication.
Risk Warnings, Disclaimers and Financial Promotion Approval
Mandatory Risk Warnings
FCA and SEC regulations require conspicuous risk warnings on all investment-related website content. These aren't optional legal boilerplate; they're mandatory communications that must be:
Clear and Prominent: Risk warnings should appear in contrasting font colour, bold text, or visual boxes ensuring they cannot be missed.
Pre-Investment: Warnings must appear before clients make decisions, not buried in footer terms.
Specific to the Asset Class: Generic warnings stating investments can fall in value are insufficient. Specify risks relevant to the investments you promote.
Example FCA-compliant risk warning:
Past performance is not indicative of future results. Investment values can fall as well as rise. You may receive back less than invested. The value of investments denominated in foreign currencies will fluctuate with currency movements. Derivatives and leveraged investments carry higher risk and may not be suitable for all investors. Please consult an adviser before investing.
Financial Promotion Approval Process
COBS 4.2.3R requires that every financial promotion be approved by a compliance-qualified person before publication. This process must include:
Initial Draft: Your marketing or advisory team drafts website content, blog articles, or case studies involving investment recommendations.
Compliance Review: A designated compliance officer or external compliance consultant reviews the content against COBS 4 requirements, checking for misleading claims, adequate risk disclosure, and factual accuracy.
Approval Documentation: Document approval in writing (email is acceptable) with a date and signature. Retain this approval as evidence of compliance.
Publication: Only after written approval is content published to your Squarespace website.
Regular Audits: Periodically audit published content to ensure it remains compliant as markets change or regulations evolve.
Common Compliance Pitfalls to Avoid
Overstating Expertise: Avoid language like We guarantee 8% returns or Our strategy beats 95% of advisors. Substantiate any comparative claims with audited data.
Underrepresenting Risk: Client testimonials stating I tripled my money must include disclaimers explaining past performance and individual results vary.
Hidden Terms: Placing important disclaimers in tiny font or footer links violates regulations. Terms must be equally prominent as marketing claims.
Testimonial Misuse: Client testimonials require written approval from the client and compliance before publication. Ensure testimonials don't imply guaranteed returns.
Outdated Information: If you display performance data, firm credentials, or compliance information, establish a review schedule (quarterly minimum) to ensure information remains accurate.
Financial Advisor Website Compliance Checklist
Use this 25-item checklist to ensure your Squarespace website meets regulatory requirements:
FCA Registration and Identification
FCA registration number prominently displayed
Website clearly identifies your firm as FCA-regulated
Direct link to your FCA Financial Services Register entry
Firm's registered address displayed consistently across site
General contact email and phone number for inquiries
Financial Promotion Content
All investment-related content approved by compliance before publication
Risk warnings present on every page discussing investments or returns
Past performance disclaimers accompany any historical performance data
No claims of guaranteed returns or outcomes
Performance claims substantiated with audited or verified data
Language avoids misleading comparative statements
Disclaimers and Risk Disclosure
Master disclaimer page accessible from main navigation
Specific risk warnings for each asset class or investment type you discuss
Clear explanation of conflicts of interest (if applicable)
Volatility or market risk information displayed prominently
Suitability and personal advice disclaimers on advisory service pages
Client Data and GDPR Compliance
Privacy policy published and linked prominently
Privacy policy explains lawful basis for data processing
Explanation of cookie use and consent mechanism
Cookie consent banner configured and functional
Data subject rights (access, correction, deletion) explained
Unsubscribe links functional on all marketing communications
Contact form includes privacy notice before submission
Regulatory Disclosures (US Advisors)
Form ADV Part 2A available for download or accessible to clients
SEC or state registration status clearly stated
FINRA rules compliance displayed (if applicable)
Information about advisory fees and fee structure transparent
Website Security and Privacy
SSL certificate active (HTTPS throughout site)
Contact forms use secure submission (not plain text email)
Data processing agreement in place with Squarespace (if using their form storage)
Backup and disaster recovery policy documented
Content Management and Approval
Documented approval workflow for all website changes
Version control maintained for major content updates
Compliance calendar with quarterly content audit dates
Accessibility and Transparency
Website accessible to users with disabilities (WCAG 2.1 AA standards)
No auto-playing videos or audio
Clear navigation structure allowing users to find compliance information easily
-
Your FCA-regulated website must include your FCA registration number, clear identification as an FCA-regulated firm, and a direct link to your FCA register entry. You must also publish terms of business, privacy policy, complaints procedure, and information about your regulatory status. All financial promotion content (anything discussing investments or returns) requires pre-publication compliance approval and must include appropriate risk warnings. COBS 4 is your primary reference; consult FCA guidance for specific sector requirements.
-
Risk warnings must be specific to the investments or services you promote. General statements ("investments carry risk") are insufficient. Instead, explain specific risks: "Equity investments can experience annual volatility of 15-30%," "Derivative positions can result in losses exceeding your initial investment," or "Currency fluctuations can materially affect international investment values." Place warnings prominently (bold, contrasting colour, visual boxes) before clients can make decisions. Complex products require more detailed warnings; passive fund strategies require simpler warnings.
-
Squarespace has GDPR compliance features including SSL encryption, cookie consent tools, and a data processing agreement. However, Squarespace is a platform tool, not a compliance system. You must configure GDPR features correctly: enable cookie consent, publish a comprehensive privacy policy explaining your data use, and establish lawful basis for processing. If you collect client data via Squarespace forms, ensure that data is processed securely and that clients understand how their data will be used. Consider supplementary privacy tools for more granular control over data retention and processing.
-
Client testimonials are permitted but heavily regulated. Before publishing any testimonial, obtain written consent from the client. Ensure testimonials don't imply guaranteed returns, overstate results, or suggest the client's experience is typical. Include a disclaimer stating "Results and experiences vary; past performance is not indicative of future outcomes; individual outcomes depend on personal circumstances and market conditions." Have your compliance officer approve testimonials before publication. Consider anonymising client names or using initials to protect privacy.
-
The FCA (UK) regulates financial firms under COBS and PRIN principles, requiring financial promotion approval before publication and clear risk warnings. The SEC (US) requires investment advisers to provide Form ADV Part 2A, comply with the Marketing Rule, and substantiate all performance claims with standardised presentation. FINRA (US) rules impose additional requirements on registered representatives regarding advertising, communications, and sales practice standards. If you operate in both jurisdictions, you must meet both standards; UK compliance doesn't automatically satisfy US requirements, and vice versa.
-
Conduct a quarterly compliance audit reviewing all website content for accuracy, regulatory compliance, and timely disclosures. If market conditions change significantly or you modify service offerings, conduct an immediate audit of relevant pages. If regulations change (FCA guidance updates, new SEC rules, etc.), reassess compliance status within 30 days. Maintain a compliance calendar documenting audit dates and any corrective actions taken. Some firms perform annual external compliance audits by specialist advisors to identify gaps.
-
Not necessarily, but you must ensure content is compliant with both regulatory regimes. A single website satisfying both FCA and SEC requirements is permissible if your content meets the higher standard on each point. However, some firms create region-specific pages or use geo-targeting to present jurisdiction-appropriate disclaimers or product information. Evaluate whether creating separate sites would improve clarity and compliance; single sites are acceptable if carefully managed.
-
Regulatory breaches can result in warnings from the FCA or SEC, substantial fines (often 10-20% of affected revenues), orders to cease certain communications, and reputational damage. In severe cases, regulatory action can lead to withdrawal of authorisation. Squarespace has no responsibility for your compliance; as the regulated firm, you bear full liability. Therefore, proactive compliance management—including external compliance review, documentation of approval processes, and regular audits—is essential to protect your firm.
From custom website design to SEO strategy, we help businesses launch a site that looks professional and performs better.
About Author
I'm Walid Hasan, a Certified Squarespace Expert and Squarespace Circle Platinum Partner with over 12 years of hands-on experience designing and optimizing high-performing websites. Over the years, I've had the privilege of building more than 2,000 Squarespace websites for clients around the world, always focusing on clean design, strong user experience, and conversion-driven results.
