Compliance Guide · May 2026

Social Media Compliance for Professionals:
What Accountants, Attorneys, and Consultants Need to Know

A plain-language reference to the ABA, AICPA, FINRA, SEC, and FTC rules that shape what regulated professionals can publish on social media, plus a practical workflow for reviewing AI-drafted posts before they go live.

Start Your Free Trial →

No credit card required · 7-day free trial · Plans from $19/mo

Professional in a suit reviewing and signing documents at a desk, illustrating compliance review of social media content

Key Takeaways

✓ The professional is the publisher. The regulator does not care whether a post was written by you, a marketing agency, or an AI tool. The licensee remains responsible.
✓ Attorneys work within ABA Model Rules 7.1 (no false or misleading statements), 7.2 (advertising), and 7.3 (solicitation), interpreted by each state bar.
✓ CPAs are governed by the AICPA Code of Professional Conduct, including sec. 1.400 (Acts Discreditable) and interpretation 1.400.090 on solicitation and advertising.
✓ Financial advisors must meet FINRA Rule 2210 communications standards and, for investment advisers, the SEC Marketing Rule under Investment Advisers Act 206(4)-1.
✓ AI does not change the rules. It changes the volume of content moving through your workflow, which makes a written approval process more important rather than less.

Do Professionals Really Need to Worry About Social Media Compliance?

For an accountant, attorney, financial advisor, or consultant, every public-facing communication about your practice is potentially regulated. Social media posts are no exception. Bar associations, the AICPA, FINRA, and the SEC have each issued guidance confirming that posts on LinkedIn, X, Facebook, and other platforms are treated as professional communications, subject to the same advertising, solicitation, and recordkeeping rules that apply to a website page or a brochure. A post written or drafted by AI carries the same obligations as a post you typed yourself.

The compliance question is rarely whether you can post at all. It is whether your workflow can show, after the fact, that your posts met your regulator's standards and that you retained the records you are required to keep. That is a process problem more than a content problem, and it is the part most professionals underestimate when they begin publishing on social media. The sections below summarize the rules that apply to each category of licensee and outline a workflow that lets you publish consistently without taking on avoidable risk. If you advise clients in financial services, our companion article on social media for financial advisors covers the FINRA-specific content rules in more depth.

Social Media Rules for Attorneys

For attorneys, social media activity is governed by the rules of professional conduct adopted by the state bar in each jurisdiction where the lawyer is admitted. Most states base their rules on the ABA Model Rules of Professional Conduct, and three rules are particularly relevant to social posts. Model Rule 7.1 prohibits false or misleading communications about a lawyer or the lawyer's services, including statements that create unjustified expectations about results or that compare services in ways that cannot be factually substantiated. Model Rule 7.2 covers advertising and requires that any communication identify at least one lawyer or law firm responsible for its content. Model Rule 7.3 addresses solicitation of clients and limits direct in-person, live telephone, or real-time electronic solicitation of prospective clients with whom the lawyer has no prior relationship.

In practice, this means a post that says you obtained a specific dollar settlement in a recent case must be careful not to suggest similar results are likely for prospective clients. A post that praises your own expertise or compares your firm favorably against named competitors invites scrutiny under Rule 7.1. A direct message to someone you do not know, offering legal services about a problem you learned about through their public posts, can implicate Rule 7.3 depending on the jurisdiction. Many state bars also require attorneys to keep copies of social media advertising content for a retention period, often two or three years, and some require firm name and office identification on lawyer advertising. Our guide on social media for law firms covers post formats designed to stay safely within these limits.

What counts as advertising on social media is broader than many attorneys assume. A LinkedIn post that describes the type of work you do, the industries you serve, and how to engage your firm is advertising under most state bar interpretations, regardless of whether you intended it that way. The threshold question is whether a reasonable reader would understand the post as a communication about the availability of legal services. If the answer is yes, the post is subject to your jurisdiction's lawyer advertising rules and should be drafted accordingly.

Social Media Rules for CPAs and Accountants

CPAs are governed by the AICPA Code of Professional Conduct as well as the rules adopted by their state board of accountancy. Several sections of the Code touch on social media activity. Section 1.400 (Acts Discreditable) prohibits members from making false, misleading, or deceptive statements in marketing. Interpretation 1.400.090 specifically covers solicitation and advertising and confirms that the standard applies regardless of medium. Section 1.510 (Contingent Fees) and section 1.520 (Commissions and Referral Fees) restrict certain types of fee arrangements that may surface in promotional posts. Section 1.400.200 addresses the use of client testimonials and endorsements, an area where CPAs face tighter restrictions than many other professions.

For most CPAs in private practice, the practical compliance issues on social media are these. Statements about tax savings, audit outcomes, or financial strategies should be presented as general information rather than specific advice and should avoid quantitative claims that cannot be substantiated. Testimonials are not banned, but a CPA cannot use a client testimonial in a way that misleads or creates an unjustified expectation, and certain audit and attest clients are off-limits for endorsement purposes because of independence rules. Posts about tax planning frequently include a disclaimer noting that the content is general information rather than advice specific to a reader's circumstances. Our guide on social media for accountants walks through compliant post formats and gives example disclaimers.

State boards of accountancy add another layer. Some states impose specific advertising rules and recordkeeping requirements that go beyond the AICPA Code. A CPA licensed in multiple states should confirm the more restrictive of the applicable rules before publishing. The same content can be permissible in one state and problematic in another, especially when the CPA crosses into financial planning or wealth management activities that may overlap with FINRA or SEC jurisdiction.

Social Media Rules for Financial Advisors

Financial advisors face the most heavily prescribed social media regime of any professional category. Broker-dealers and their registered representatives are governed by FINRA Rule 2210 (Communications with the Public), which categorizes communications into three buckets: retail communications (distributed to more than 25 retail investors within any 30 calendar-day period), correspondence (distributed to 25 or fewer retail investors), and institutional communications (limited to institutional investors). Most social media posts published to a public feed are retail communications and generally require principal pre-approval before use, along with FINRA filing in certain product categories. The content standards in Rule 2210 prohibit false, exaggerated, or misleading claims, predictions of investment returns, and material omissions.

Investment advisers registered with the SEC are governed by the SEC Marketing Rule under Investment Advisers Act 206(4)-1, which took effect in its current form in November 2022. The Marketing Rule modernized the previous advertising and cash solicitation rules and now permits testimonials and endorsements with required disclosures, including the existence of any compensation, material conflicts of interest, and whether the person providing the testimonial is a client. The SEC has also issued staff guidance on social media use that addresses how third-party sites should be treated, when liking or sharing content becomes an adoption or entanglement issue, and how investment advisers should preserve and review social media communications.

Pre-approval workflow is the practical center of compliance in this category. A registered representative cannot simply publish a LinkedIn post about market commentary or a tax-deferred annuity feature without principal sign-off if the post qualifies as a retail communication. The same logic applies to AI-drafted content. The use of an AI tool to generate the first draft does not remove the pre-approval requirement, and the firm remains responsible for records of every post. For more detail on the FINRA framework and compliant post examples, see our companion article on social media for financial advisors.

What AI-Generated Posts Can and Cannot Do for Compliance

AI is useful for drafting consistent, on-brand content at a pace that a busy practitioner cannot match by hand. It does not change the underlying compliance rules. An AI tool can draft a LinkedIn post about a recent tax court decision in under a minute, but the post is still subject to the same Rule 7.1 standard for an attorney, the same section 1.400 standard for a CPA, and the same Rule 2210 standard for a registered representative. The licensee, not the tool, is responsible for what appears under their name.

There are several things AI does well in a compliance context. It can apply a consistent disclaimer to every post in a category. It can flag posts that contain claims about specific returns, settlements, or outcomes for additional review. It can produce drafts that match a written voice guide, which reduces the chance that a one-off promotional flourish slips into a post. There are also things AI cannot do. It cannot verify whether a specific factual claim is accurate for your jurisdiction. It cannot apply your state bar or board's interpretation of a rule to a borderline post. It cannot replace the principal pre-approval that FINRA Rule 2210 requires for retail communications. The right way to use AI in a regulated practice is as a drafting assistant inside a documented review workflow, not as a replacement for the workflow itself. Our guide to setting up an AI brand voice walks through how to capture your guardrails before generating content.

The Key Compliance Principle in One Paragraph

Across every regulator that governs the work of accountants, attorneys, financial advisors, and consultants, the core compliance principle for social media is the same: the licensee is the publisher, and the licensee is responsible. Whether a post was hand-written, ghost-written by a marketing agency, or drafted by an AI tool, the professional whose name appears on the post answers to their bar, the AICPA, FINRA, the SEC, or the FTC for its accuracy, fairness, and compliance with the rules that govern advertising, solicitation, testimonials, and recordkeeping. A workflow that documents review, approval, and archiving converts that responsibility from a hidden risk into a routine process. AI tools change the volume of content moving through that workflow. They do not change the responsibility at the center of it.

How to Build a Compliant Approval Workflow

A compliant social media workflow does not need to be complicated. It needs to be written down, repeatable, and capable of producing a clean record for an auditor or regulator who asks how a specific post made it to publication. The five steps below scale from a solo practitioner to a multi-partner firm and apply across all four professional categories covered in this guide.

1
Define your content guardrails in writing. Document a social media policy that lists prohibited topics, mandatory disclaimers, testimonial rules under your applicable regulator, and the categories of content that require principal or compliance review before publishing.
2
Draft posts inside an approval queue. Generate or write posts in a system that holds them in an approval queue rather than publishing on creation. Every post should be reviewable before it is scheduled or sent to a platform.
3
Apply principal or compliance officer review. For FINRA-registered persons, retail communications generally require principal pre-approval under Rule 2210. For attorneys and CPAs, the firm's compliance officer or a designated reviewer should sign off on any post that could be construed as advertising or solicitation.
4
Archive every approved and published post. Retain copies of every published social media post, including platform variants, timestamps, and the reviewer who approved them. Many state bars and FINRA require retention for three years or longer.
5
Audit the workflow on a recurring schedule. Review your published content against your written policy at least quarterly. Update prohibited topics, disclaimer language, and approval thresholds as regulatory guidance changes.

A tool that supports approval queues, scheduled publishing, and a clean export of past posts is a good fit inside this workflow. SocialBotify holds AI-generated posts in an approval state by default, lets you edit before publishing, and keeps a permanent history of what went out and when. You can see how this works on the social media automation overview and on the pricing page.

The 3 Compliance Risks Professionals Most Often Miss

Forwarded and shared content carries the same exposure as original posts. A registered representative who reshares a third-party article on LinkedIn with their own commentary may have adopted the underlying content. The SEC has discussed adoption and entanglement theory in its staff guidance on social media. An attorney who reshares a client review may have created an advertising communication subject to state bar rules. The act of sharing is not neutral. Anything that appears under your professional account should be reviewed with the same care as content you drafted.

Material connections require disclosure under the FTC Endorsement Guides. Beyond the profession-specific rules, the FTC Endorsement Guides under 16 CFR Part 255 require clear and conspicuous disclosure of any material connection between an endorser and a marketer. If a vendor gives you a free product, comps you a service, or pays you to promote a tool, that connection has to be disclosed in the post itself, not buried in a profile bio. The FTC has signaled that "clear and conspicuous" means in the post and easy to notice on mobile, not in a comment thread or a separate page.

Recordkeeping obligations apply to platform-level data, not just the post text. If a state bar audit asks for your social media advertising for the past three years, exporting screenshots of the visible posts may not be enough. Retention often includes the post in context: the platform it appeared on, the time of publication, the audience targeting if any, comments that you responded to, and any edits made after publication. Build the export capability into your workflow from day one. Recovering this information after a platform has deleted or modified content is often impossible.

How SocialBotify's 70/20/10 Framework Naturally Reduces Compliance Risk

The 70/20/10 content mix that SocialBotify uses by default allocates 70% of posts to educational content, 20% to professional perspective, and 10% to promotional or service-focused content. This ratio was developed for engagement reasons rather than compliance reasons, but it produces a content mix that is materially safer for regulated professionals than a feed dominated by self-promotion. Educational posts about a recent regulatory change, a common client mistake, or an explainer of a complex topic are the lowest-risk category for almost every regulator. They share information rather than make claims about the licensee's services, which keeps them outside the heart of the advertising and solicitation rules.

Posts in the 20% perspective category, where you share an opinion on an industry development or push back on a common assumption, are also typically lower risk than direct service promotion, although they can introduce statements that need verification. Posts in the 10% promotional category are where compliance attention concentrates. By limiting promotional content to a small fraction of total output and routing it through an approval queue, you keep the highest-risk posts under the closest review. The framework is not a substitute for your written policy, but it pairs naturally with one. Pricing and plan details are on the pricing page if you want to see how the approval queue is included by tier.

Photo by advogadoaguilar on Pixabay

Frequently Asked Questions

Yes, attorneys can use AI to draft social media posts, but the final content is still governed by ABA Model Rule 7.1, which prohibits false or misleading communications about a lawyer's services. The attorney is responsible for reviewing every AI-generated post for accuracy, jurisdictional appropriateness, and compliance with state bar advertising and solicitation rules before it publishes. AI is best used as a drafting assistant inside a written approval workflow.

FINRA Rule 2210 does not prohibit AI-generated content. It governs communications with the public regardless of how the content was drafted. Retail communications still require principal pre-approval, recordkeeping, and adherence to content standards. The use of AI does not change the underlying obligations, and the registered firm remains responsible for every post that appears under a representative's account.

There is no blanket AICPA requirement for a disclaimer on every social post, but the AICPA Code of Professional Conduct expects communications to be accurate and non-misleading under sec. 1.400. Posts that discuss tax positions, audit outcomes, or financial strategies are typically accompanied by a disclaimer that the content is general information rather than specific tax advice for the reader's circumstances. State boards of accountancy may impose additional requirements depending on jurisdiction.

LinkedIn is generally the most compliance-friendly platform for regulated professionals because its norms favor educational content over personal endorsement, and the audience is professional rather than consumer-focused. Twitter or X carries higher risk because brevity makes disclosures harder to fit. Any platform can be used compliantly with the right approval and archiving workflow, but the volume and informality of certain platforms makes consistent review harder to sustain.

Yes. A solo practitioner can automate scheduling and drafting while still acting as their own reviewer. The compliance principle does not require multiple people, only documented review and recordkeeping. Solo attorneys, CPAs, and consultants commonly use automation tools to draft and schedule posts, then personally approve each post before it publishes and archive copies for the required retention period. For FINRA-registered solo advisors, principal review still applies and is typically handled by the supervising firm.

Publish Consistently Without Skipping Review

SocialBotify drafts posts in your voice, holds them in an approval queue, and keeps a clean record of what was published. The workflow that compliance teams want is built in.