AI Disclosure Requirements for Financial Institution Advertising
This document provides operational and compliance guidance for financial institutions and their marketing partners on the use of artificial intelligence in advertising. It is intended for informational and operational guidance purposes only and does not constitute legal advice. Financial institutions should consult qualified legal and compliance counsel regarding their specific circumstances and applicable requirements.
Revision Date: June 2026. This document is updated regularly to reflect the pace of change in AI regulation, platform policy, and enforcement activity. RAIN actively monitors guidance from the FTC, FDIC, Federal Reserve, OCC, and NCUA, as well as evolving state-level frameworks.
Executive Summary
The compliance standard for AI in advertising is not whether AI was used, but whether the resulting content could mislead a reasonable consumer. Financial institutions must evaluate all AI-generated content against existing advertising and consumer protection standards, including truth-in-advertising rules and Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) standards enforced by the FTC and banking regulators. No broad federal mandate requires disclosure simply because AI assisted in the creative process. The disclosure obligation activates when synthetic content could be perceived as a real person, real employee, or real financial experience.
RAIN generally avoids AI-generated imagery in client advertising creative unless approved by the client and reviewed under applicable platform and compliance requirements. When AI imagery is used, RAIN notifies the client and flags the creative to the relevant platform at the time of submission.
1. Are financial institutions required to label ads as AI-generated?
Generally, no. There is no federal mandate requiring disclosure when AI assists in the creative process. The threshold that triggers a disclosure obligation is consumer deception risk, not production method. RAIN actively monitors guidance from the FTC, FDIC, Federal Reserve, OCC, and NCUA, as well as evolving state-level frameworks, and updates this guidance as the regulatory landscape changes.
The practical classification breaks down as follows:
Risk Tier | Examples | Guidance |
|---|---|---|
Low Risk | AI-assisted copywriting, editing, proofreading, background optimization, automated bidding, campaign management tools | These are back-end production uses that do not affect the consumer representation. These uses generally present minimal consumer deception risk and are not typically treated as AI-generated consumer-facing content. |
Case-by-Case | AI-generated background imagery, stylized digital assets, generic conceptual visuals | The deciding question is whether the image implies a false product feature or financial representation. These decisions must be routed to the institution's compliance officer before the campaign runs. |
High-Risk Content | AI-generated people, synthetic employees, fabricated customer testimonials, fake member reviews, AI-synthesized voices presented as real individuals | These uses create heightened regulatory, reputational, and consumer protection risk and should be reviewed by compliance and legal stakeholders prior to publication. |
Sponsored and influencer content: For campaigns involving third-party creators or sponsored content, the FTC enforces strict rules requiring disclosure of both the commercial relationship and any material AI involvement in creating that content. Financial institutions running influencer programs should confirm disclosure requirements with compliance counsel before launch.
2. How do the major platforms handle AI-generated content?
Meta (Facebook and Instagram)
Meta uses a dual-track system. For organic content, automated classifiers scan for AI-generation signals including Coalition for Content Provenance and Authenticity (C2PA) metadata, IPTC digital source type, and Meta's own proprietary detection models. For advertising, the disclosure process is built into Ads Manager. Advertisers are required to check a disclosure box when creative contains AI-generated or AI-manipulated content. Failure to disclose can result in ad rejection, and automated detection systems may retroactively flag undisclosed AI content in running campaigns. Meta also runs detection models that infer synthetic origin from the content itself, independent of metadata, meaning stripped metadata does not guarantee that no label will be applied.
LinkedIn uses C2PA Content Credentials to label AI-generated content across certain image and video formats, including Sponsored Content, and parses embedded metadata to identify AI-origin signals, covering many common AI content credential standards and metadata formats.
Google (Search, Display, YouTube, Performance Max)
Google continues expanding its policies governing AI-generated content and synthetic media. Established rules are in place for political advertising, and Google's Misrepresentation policy covers deceptive use of synthetic content. Deepfake-style content depicting real people is prohibited, with immediate ad disapproval and potential account suspension for violations. Advertisers should monitor current Google Ads policy for disclosure requirements and restrictions applicable to their specific ad formats and industry.
StackAdapt and Other Programmatic DSPs
Meta, LinkedIn, and Google each handle AI detection and labeling automatically through their own systems. For those platforms, the labeling mechanism is platform-owned. The advertiser's obligation is accurate disclosure at submission; the platform applies and enforces the label from there. For programmatic DSPs, the dynamic is different. StackAdapt's Acceptable Use Policy requires that advertiser content include appropriate disclaimers, disclosures, or labels where required, but places compliance responsibility on the advertiser rather than the platform. Most DSPs do not run independent AI detection at the platform level, which means the advertiser retains full compliance ownership on those channels. As AI disclosure requirements continue to evolve, reputable DSPs have consistently adapted their policies to align with regulatory direction, the same pattern seen with Special Ad Category compliance frameworks.
Practical note: Some advertisers have encountered false positives where legitimate photography was labeled as AI because the exported file retained metadata from prior edits in professional creative tools. Metadata hygiene is now a compliance consideration, not just a technical one.
3. Does RAIN recommend labeling AI content?
Not as a blanket policy. When AI functions as a back-end production tool with no effect on the consumer representation, manual labeling adds friction without a compliance benefit.
RAIN's position:
Follow all platform-mandated disclosure toggles without exception. When a platform requires it, it is required, regardless of whether the underlying legal obligation has been independently resolved.
Apply explicit, conspicuous disclosure anytime AI creates a synthetic consumer narrative, a photorealistic human, or anything presented as a real employee or real financial experience.
Route all case-by-case situations to the institution's compliance officer before the campaign runs. That is the appropriate decision authority for a regulated institution.
Institutions should document AI tool usage within campaign workflows to support compliance review and regulatory examination.
4. What are the risks of non-disclosure, and who is responsible?
Detection of AI-generated content on major platforms is now largely automated. Meta, LinkedIn, and Google each apply labels or reject ads based on their own systems, independent of what the advertiser discloses. That automation does not shift the compliance obligation. The institution remains the responsible party. Platforms execute the mechanism; the advertiser owns the risk.
Regulatory Risk
The FTC has increased enforcement activity involving AI-related deception, endorsements, testimonials, and consumer protection matters. Banking regulators apply UDAAP enforcement on top of FTC authority. Banking regulators have emphasized that existing consumer protection, advertising, and UDAAP standards continue to apply to AI-enabled marketing activities. The FDIC, Federal Reserve, OCC, and NCUA have not issued standalone AI advertising rules. Institutions are examined under existing safety and soundness and consumer compliance frameworks, and AI use in marketing is evaluated within that context.
Platform Risk
Failure to disclose high-risk synthetic content when platform policy requires it can result in ad rejection, CPM increases, or account suspension. Because detection operates independently of metadata on several major platforms, attempting to avoid labeling through technical means is unreliable and creates additional risk.
Reputational Risk
In financial services, trust is the primary institutional asset. If a customer or member discovers that a testimonial or loan officer profile is a synthetic human, the reputational damage is disproportionate to any production efficiency gained.
5. What state regulations should institutions monitor?
California (SB 942 and AB 853)
California's AI Transparency Act is taking effect and will require large online platforms to detect and surface AI content metadata to users. The compliance obligation sits primarily with the platforms, not the advertiser. For financial institutions running geo-targeted campaigns in California, the practical effect is that C2PA metadata embedded in ad assets will become visible to users through the platform UI. Because requirements are phased and evolving, institutions should confirm current obligations with compliance counsel.
New York (SB 8420-A)
New York has enacted a synthetic performer disclosure law requiring advertisers to conspicuously disclose when AI-generated synthetic performers appear in any commercial advertisement. It applies to every paid advertising channel and to any ad shown to New York residents, regardless of where the advertiser is located. AI-generated product-only or background images containing no humans are not covered. Civil penalties scale across consecutive infractions.
Broader Trend
Georgia, Massachusetts, and other states have introduced similar legislation. The direction is consistent: mandatory disclosure for AI-generated humans in advertising is moving toward a national standard, driven by state action in the absence of federal legislation. Because state rules are changing quickly, financial institutions should confirm specific use cases with compliance or legal counsel rather than relying solely on this document.
Bottom Line
AI assistance in ad production does not trigger an automatic disclosure obligation. The obligation activates when a reasonable consumer could interpret a synthetic asset as a real person, real employee, or real financial experience. In those cases, disclosure may be required under applicable law, platform policy, or compliance guidance and should be reviewed by the institution's compliance team prior to publication. For all other uses, follow platform rules, document AI tool usage within the campaign workflow, and route gray-area creative through the institution's compliance team before launch. RAIN's default practice is to avoid AI-generated imagery in ad creative entirely. When it is used, clients are notified, platforms are flagged at submission, and the decision is documented.
Retrieval tags
AI disclosure artificial intelligence advertising AI labeling UDAAP FTC AI Meta AI label C2PA synthetic content deepfake California AB 853 New York SB 8420 financial institution advertising compliance bank advertising AI credit union advertising AI AI generated images compliance guidelines