top of page
Search

The True Cost of Compliance: You Made a Video – Now It’s a Compliance Record | Part 5 of 5

  • Writer: Corrie Scoby
    Corrie Scoby
  • Dec 17, 2025
  • 7 min read

By Corrie Scoby • Chief Consultant & Owner, Three Lumos Consulting, LLC


The 5-Part Compliance Cost Series

Welcome back to our True Cost of Compliance series for independent Registered Investment Advisers (RIAs). In Part 4, we explored why your CRM, file system, and website need to speak the same language to prevent data silos, reduce risk, and improve audit readiness. Now, in Part 5, we turn our attention to a rapidly growing part of every advisory practice: video communication.



From Zoom client meetings to webinar replays to recruiting videos to YouTube content, RIAs are producing more video than ever. And with that growth comes a compliance reality that many firms underestimate:


The moment you hit “record,” you may be triggering a recordkeeping requirement.




In this final installment of the series, we’ll break down why that’s the case, how regulators expect RIAs to handle video archives, and how to build a practical and defensible workflow — without drowning in gigabytes.

Quick navigation:

The Moment You Hit “Record”: Why Videos Are Books & Records



Video content is no longer optional for most advisory firms. Clients expect remote meetings, on-demand explanations, and virtual events. But RIAs must remember that recordings are communications — and communications are records.






Under SEC Rule 204-2(a), advisers must preserve all records related to:

  • Advice given

  • Communications distributed to clients or prospects

  • Materials that support disclosures, recommendations, or marketing content

  • Any version of an advertisement, including digital media, video, and website content[1][2]


The SEC’s 2021 Marketing Rule explicitly includes “video and audio content” as advertisements when used for marketing or educational purposes[3]. And even if a video is not “advertising,” it frequently contains:

  • Investment commentary

  • Recommendations

  • Advisory processes

  • Client-specific discussions

  • Training that impacts client servicing


If regulators could reasonably deem the content reviewable, it must be retained.


This means: If your firm records a Zoom meeting, webinar, training, demo, or short-form marketing clip, you must assume it is a compliance record until proven otherwise.

If regulators could review it, you must retain it. Video is no exception.

What Must Be Kept: Original Files, Edits, Metadata & More

Videos create unique compliance obligations because they generate multiple artifacts, not just the file itself.

According to SEC recordkeeping requirements and guidance on digital media preservation, RIAs should retain[1][3][4]:

✔ The original recording

Unaltered, unedited, unenhanced — the true source file.

✔ Any edited or publicly posted versions

If the video is published on YouTube, your website, or a client portal, that version is a distinct advertisement requiring retention.

✔ Transcripts or AI-generated summaries

If used to document meetings, create notes, or communicate with clients, these become records of advice.

✔ Slides and speaker notes

If displayed or referenced during a recording, they become part of the communication.

✔ Reviewer logs and timestamps

SEC exams increasingly request evidence of review and supervision, not just the video itself[4][5].

✔ Metadata

Timestamps, version history, and user access logs help demonstrate chain of custody and prove records haven’t been altered.


The SEC has emphasized repeatedly — including in recent exam guidance — that records must be complete, accurate, and easily retrievable[4]. If your workflow includes edits, captions, overlays, or shortened versions for marketing distribution, each version must be archived.

Edits are optional — but archiving the original is mandatory.

Videos Are Storage Hogs: The Real Cost of Archiving

Unlike email, PDFs, and CRM notes, videos come with a unique challenge:


They’re massive.


A single one-hour HD Zoom meeting can range from 200 MB to 1.5 GB, depending on settings. Multiply that by weekly client calls, quarterly webinars, internal training, and marketing clips — and an RIA’s archive can quickly balloon.


This storage volume matters because:

1. Cloud archiving vendors often charge by the gigabyte

Industry averages continue to rise as video becomes common in business communication[6].

2. Reviewer time is expensive

Regulators expect “effective supervision,” and for many firms, that means reviewing videos regularly[4][5].

3. Retrieval time during exams is non-negotiable

SEC exam teams expect timely delivery — you can’t fumble through storage systems trying to find files.


To address these issues, RIAs should ensure their archiving platform includes:

  • Timestamped annotations

  • Reviewer activity logs

  • Searchable transcripts

  • Exportable audit trails

  • Immutable (write-once) storage options


These features dramatically reduce compliance lift — and support defensible audit outcomes

Video may be the heaviest file type you store — and the riskiest to lose track of.

Control Access: Configuring Zoom, Teams & Portals for Compliance

Most compliance failures begin with improper access controls — not with the recording itself.

Platforms like Zoom, Microsoft Teams, Google Meet, and Vimeo include extensive administrative controls, but RIAs often rely on default settings. Regulators expect firms to configure platforms intentionally, especially when they are used for business communications[4][5].


Best practices for access management include:

  • Restrict who can initiate recordings

  • Restrict who can download recordings

  • Require recordings to auto-save to firm-controlled storage

  • Disable personal-device storage

  • Block public sharing unless explicitly reviewed and archived

  • Restrict access to firm email domains

  • Ensure meeting hosts cannot delete recordings


Why does this matter?

Because deleted or inaccessible videos are considered missing records — a top exam deficiency in recent SEC sweeps involving electronic communications[5][7].


When users control their own recording permissions, inconsistencies proliferate and compliance breaks down. Central control prevents accidental deletion, unauthorized sharing, or inconsistent review practices.

If your platform settings aren’t intentional, your compliance outcomes won’t be either.

Building a Practical, Defensible Video Compliance Workflow

RIAs don’t need Hollywood-level production processes — but they do need repeatable supervisory workflows.

Here’s a simple model aligned with SEC expectations for oversight and recordkeeping:


Step 1 — Decide When Recording Is Permitted

Not all internal meetings should be recorded. Define permissible uses:

  • Client meetings

  • Webinars

  • Advisor training

  • Marketing content

  • Investment updates


Step 2 — Auto-Upload to Controlled Storage

Videos should never sit on local devices. Use admin-level settings so recordings automatically route to:

  • A designated SharePoint, OneDrive, or Google Workspace folder

  • A compliance-approved cloud archive

  • Your record retention platform


Step 3 — Supervisory Review

SEC expects “effective supervision,” including review of electronic communications[4][5].For videos, this may mean:

  • Reviewing the first 5–10 minutes

  • Reviewing selected timestamps

  • Reviewing transcripts for key phrases

  • Reviewing all externally distributed videos (webinars, YouTube, etc.)

Document:

  • Who reviewed

  • What they reviewed

  • What they approved

  • When they completed the review


Step 4 — Approve or Revise

If the video will be posted publicly, it must be reviewed under the SEC Marketing Rule’s standards for:

  • Fair and balanced presentation

  • No unsubstantiated claims

  • Proper disclosures

  • Anti-fraud principles[3]


Step 5 — Archive Everything

Retain:

  • Original recording

  • Edited/public version

  • Transcript

  • Slides & speaker notes

  • Review logs

  • Metadata

Retention period: not less than five years per Rule 204-2[1][2].

Your archive is your source of truth. Without it, you have no defensible compliance position.

Conclusion

Videos are powerful communication tools — but they’re also compliance records that must be reviewed, preserved, and supervised with the same diligence as any other regulated communication. As RIAs increasingly rely on digital meetings, webinars, and multimedia content, the firms that build intentional, repeatable workflows for video supervision and archiving will stay ahead of regulatory expectations while protecting themselves from unnecessary risk.



And with this post, we officially conclude our five-part True Cost of Compliance series — a journey through the most overlooked operational and financial realities that shape a modern RIA’s compliance program.





Across the series, we explored the full spectrum of costs and responsibilities that RIAs navigate every day:

Where we examined the difference between the “headline” price of compliance and the hidden burdens — time, staffing, inefficiencies, and reactive clean-up — that quietly erode capacity.

We highlighted why your ability to move, export, and reclaim your own data is not just an IT concern but a core regulatory and business requirement, especially in the event of vendor transitions or technology upgrades.

Part 3: Back-Up vs. Archive

We clarified the critical difference between operational backups (for disaster recovery) and compliant archives (for regulatory retention), emphasizing why RIAs need both — and why one cannot substitute for the other.

Part 4: Platform Integration

We showed how connected systems reduce compliance risk, eliminate data silos, strengthen audit readiness, and ultimately decrease the cost of maintaining compliant books and records.

Part 5: Video Recordkeeping

And today, we addressed one of the fastest-growing categories of digital recordkeeping — videos — and the supervisory, archiving, and workflow challenges they create for every RIA, regardless of size.


Together, these five pillars illustrate a simple truth:

The real cost of compliance isn’t just monetary — it’s operational alignment, technological readiness, and the discipline to build systems that scale with your firm.


When RIAs understand these dimensions and design their systems accordingly, compliance stops being a constant source of friction and becomes a structural advantage: more efficiency, fewer surprises, and far less stress during examinations.


Thank you for following this series. And if you’d like support translating these concepts into practical workflows tailored to a small RIA, Three Lumos Consulting offers hands-on compliance assistance so you can spend less time on oversight and more time serving your clients. Click the image below to schedule a discovery call.


Corrie Scoby

Chief Consultant & Owner, Three Lumos Consulting, LLC

We guide RIAs with clarity, integrity, and partnership—so you can spend less time on compliance and more time serving clients.


Note: This article provides general information and does not constitute advice. Consult your compliance team for guidance specific to your firm.

Sources

[1] SEC – Books and Records Requirements for Investment Advisers (Rule 204-2)

[2] SEC Division of Investment Management – Information for Newly Registered Advisers

[3] SEC – Investment Adviser Marketing Rule: Small Entity Compliance Guide (2021)

[4] Envestnet – The Essentials of SEC Exams for RIAs (2023)

[5] SEC Division of Examinations – Risk Alert: Observations from Investment Adviser Examinations (2021–2024)

[6] CIO.comThe Hidden Costs of Storing Rich Media (2022)

[7] InvestmentNews – SEC fines advisers $63M for recordkeeping failures (2025)

bottom of page