A $400 compliance audit is only worth it if the analysis is defensible. This page documents exactly how your website is evaluated — what we read, what we cross-reference against your public filings, what we verify, and what every finding is grounded in.
It is a fair objection: if Claude or ChatGPT can read a webpage and know the Marketing Rule, what exactly are you paying for? The answer is four specific things a raw chat session cannot reproduce.
The analysis is driven by an instruction set written specifically for investment adviser websites. It encodes the severity policy — a missing Form CRS link, for instance, is treated as a blocker rather than a high-severity finding — the conditionality logic for when Form CRS and Reg S-P actually apply, the direction of Form ADV Item 5.L discrepancies, and a suppression rule that discards any finding that cannot quote the underlying page text.
A chat prompt will find surface issues. This system is tuned to find the issues an examiner would write up.
Every analysis ingests your Form ADV Item 5.L marketing declarations as structured data — which advertising practices your firm declared to the SEC it uses, and which it declared it does not. The system then reads your website to check whether the two are consistent, in both directions.
The asymmetry here is the signal: a chatbot cannot read your ADV as structured facts, only as text.
No report is delivered on the first pass. Every report passes through a deterministic integrity check (code, not AI) and an independent semantic review by a second model before it leaves the system.
This is the single largest thing you cannot reproduce by pasting a URL into ChatGPT.
Findings are not summaries. Each one is bound to a specific page, a specific quote, and a specific rule citation. A finding that cannot produce the underlying evidence is discarded, not softened. This is enforced structurally, not stylistically.
If a finding cannot be evidenced, it does not exist in the report.
Every report moves through four stages. Each stage has a specific job, a specific input, and a specific output.
We load your firm's public Form ADV data — including Item 5.L marketing declarations, fee structures, services described, and AUM — as structured input the analysis can reason over.
We crawl your public website, classify each page by type, and extract the text the analysis will read — bios, fee language, performance claims, testimonials, disclosures, third-party ratings.
The captured site is evaluated against eight compliance domains and reconciled against your filings — surfacing misalignment, missing disclosures, and marketing practices that diverge from what was declared to the SEC.
Every report passes through a deterministic integrity layer and an independent semantic review before it is delivered. Reports that fail either pass are returned for revision, not sent.
Each domain carries its own set of specific examinations, anchored to the rule text and informed by recent SEC Risk Alerts and enforcement actions.
Client testimonials and third-party endorsements are examined for the specific disclosures the rule requires — whether the person is a client, whether compensation was provided, and whether material conflicts are disclosed.
Any presentation of performance results is reviewed against the rule's structural requirements on net-of-fees, prescribed time periods, hypothetical performance, and the treatment of predecessor or related performance.
Any use of third-party rankings, awards, or ratings on the site is checked for compliance with the rule's specific disclosures — the date, the period covered, and compensation paid to receive or publicize the rating.
The rule's seven general prohibitions — including untrue statements, unsubstantiated claims, misleading implications, and cherry-picked references — are applied to superlatives, guarantees, and claims made across the site.
The claims your website makes are reconciled against the text of your Form ADV — services offered, fee schedules, conflicts, types of clients, and assets under management — to surface material inconsistencies in either direction.
For firms serving retail clients, the site is checked for the visibility and availability of Form CRS, proper disclosures of fiduciary status, and the presence of required regulatory links — with conditionality applied based on retail-client status.
The public-facing elements of your Regulation S-P posture are reviewed — privacy notice availability, content intake forms, opt-out language, and the site's basic technical hygiene around data handling.
Not a Marketing Rule domain, but included because accessibility suits against RIA sites have risen sharply. We scan for the WCAG 2.1 AA issues most commonly cited in complaints.
Form ADV Part 1A Item 5.L is a structured disclosure of how your firm advertises. Each line is a binary declaration: yes, we use testimonials; no, we do not present hypothetical performance; yes, we use third-party ratings. The most overlooked source of compliance exposure is the gap between those declarations and the actual content on your website.
We read Item 5.L as structured facts, not prose. The system ingests each declaration and then examines your site for the content that declaration implies — or for the content that declaration forbids.
The direction of the discrepancy matters. If your ADV declares you use testimonials but no testimonials appear on your site, the remediation is to update the filing, not to add content. If no testimonials are declared but endorsement-style language appears on a bio page, that is a different finding with a different remediation.
This is the single hardest check to reproduce manually. It requires parsing Part 1A, interpreting each Item 5.L sub-field against the Marketing Rule, and reading every page of the website with those sub-fields in hand as a live reference.
Getting the direction wrong is one of the easiest ways to produce a finding that makes an adviser more exposed, not less. The QA layer exists specifically to catch this.
A single-pass AI analysis will produce findings that look correct and are not. The QA layer exists to catch what the analysis pass misses, and to reject reports that fail either review.
Code-enforced rules that an AI cannot negotiate with. If a report violates one, it does not ship — it is sent back for revision.
A second, independent model reviews the generated report against the scraped site content. It is the check that catches the errors only another careful reader would see.
Every finding in your report carries the same structure — a category, a severity, a specific title, the evidence it is built on, the regulatory reference, and a concrete remediation. Here is a real finding from a generated report.
A titled issue on a named page, not a general category concern or a theme.
The exact text from your site that triggered the finding, quoted verbatim.
A concrete remediation your CCO or web team can act on in a single sitting.
A credible methodology has to be clear about its boundaries. These are the things we do not do — and that no automated analysis should claim to do.
Findings are indications of areas that may warrant review. They are analytical, not legal opinions. Every finding should be reviewed by your firm's compliance counsel or Chief Compliance Officer before action.
RIA Health Check is an independent service. It is not affiliated with, endorsed by, or sponsored by the U.S. Securities and Exchange Commission or FINRA. Public SEC data is used only as a cross-reference input.
The report is a tool that compresses weeks of manual website review into a structured, evidence-based artifact. It is input into your compliance program, not a substitute for it.
Only your public website is read — the surface that regulators, prospects, and the public already see. Client portals, intranets, and authenticated content are out of scope.
Start with a free scorecard to see your overall compliance risk and headline findings. When you are ready, the full report delivers the complete evidence, remediation, and cross-reference your CCO can act on.