A digital agency built on thinking, for the global financial services industry.

The Right Way to Gate an Investment Website

Investor gates are an ever-present feature of asset management and investment management sites. They are more than a compliance requirement, though; they are an opportunity to make or break your search and UX performance.

A cube sitting in a financial city district (AI generated image)

If you work in, on, or with any website that deals with investment products, you’ll likely be familiar with the concept of investor attestation.


Asset managers and fund managers, prior to granting access to their website, routinely present what’s often referred to as an attestation gate, or an investor gate, to visitors.

These ‘gates’ are typically full-screen affairs or sometimes ‘popups’ overlaying a page. Crucially, they block visitor access to protected content until the visitor attests to who they are.

The attestation usually requires three things:

  1. The visitor’s location (country/jurisdiction)

  2. Investor type; whether they are professional or retail

  3. A term’s disclaimer to accept (or reject)

Over the course of the past week, working with a client, I’ve spent time reviewing the methods available to asset management firms in applying an attestation gate.

Importantly, I’ve looked at how an attestation gate can achieve three things:

  1. Meet compliance requirements (regulatory)

  2. Provide as unobtrusive a user experience as possible (UX)

  3. Facilitate search crawler access (SEO/GEO)

Here’s what I found.

The separation of scope and mechanism

My first finding is that in order to apply an attestation gate successfully, it’s important to separate the scope of the gate from the mechanism to apply it.

The attestation scope

Firstly scope. An attestation gate essentially ‘blocks’ access to some or all of an otherwise public website. The decision a firm must make is this: should the gate block access to the entire website, or should its scope remain only the protected, regulated fund content?

In the former, the attestation gate will apply at the very top level of the website. In order to view anything, a visitor must attest. Only then do they access the website.

The latter is more nuanced. The scope is set to a subset of ‘protected’ pages. To access these, a visitor must attest. A visitor accessing marketing and brand content, however, will be able to do so without attestation.

The correct decision will depend entirely on a firm’s own requirements.

In the case of the client I am working with, it makes sense to set the scope as sitewide. Not doing so would create a regulatory ‘grey area’ that means that everything published in a non-attested portion of the site will require explicit legal review prior to publication. This isn’t easily scalable, so by applying attestation at the top, all content is ‘protected’ to some degree, and the admin overhead for the firm is reduced.

For other firms, this won’t be a challenge, and maintaining a public portion of the site, outside of attestation, will work suitably.

Setting the attestation mechanism

The mechanism of attestation is a technical challenge and can have a profound influence over how a brand is represented in online search (SEO) and across AI chat tools (GEO).

There are two mechanisms a firm can elect to use:

A soft overlay

Put simply, a soft overlay is an attestation pop-up or screen that is shown to a visitor of a website, but can be bypassed by a search bot/crawler.

The explanation for this is in how the attestation form is implemented. Technically, when using a soft overlay, the content of a webpage exists at the code level. Despite being there, the visitor cannot see it because the attestation form shows up first and needs to be cleared before the content is revealed.

Behind the scenes, a search bot/crawler can read the code of the page and therefore access the content. This means the search bot/crawler can use said content to index the page in search results.

This is the cleanest approach for SEO (search engine optimisation) and GEO (generative engine optimisation).

There is an important compliance consideration to make. When using a soft overlay, the protected content is technically still served, regardless of attestation. This means that, if compelled, a visitor could use the code view to access the content. This is a consideration for your legal team to assess.

In my research, the majority of asset managers I reviewed as part of my project utilise a version of the soft overlay approach.

A hard wall

A hard wall approach to attestation is, as the name suggests, a hard block on the content pending attestation.

When using this approach, no content is served at the code level until attestation is cleared. The attestation works at the server level, and only when cleared does the server respond and provide the content.

It means that neither visitor nor search bot/crawler can ever access information until successful attestation.

From a compliance perspective, this leaves no room for error; however, it effectively wipes content from search altogether.

The hybrid approach

A bonus third option is to employ a hybrid approach, using a soft overlay on low-risk content and a hard wall on high-risk information.

Which mechanism is right?

In my client’s case, I’ve recommended the soft overlay. It provides the right balance between three competing requirements: it offers a clean user experience, it supports a healthy search presence, and it protects content.

International versus global

Attestation is most often about ensuring protected content is served only in the appropriate jurisdiction. It means that users in a particular country can access only the information that your firm is permitted to communicate to them.

It means that funds are marketed in the correct locations. Likewise, it means that visitors see company details for the legal entity that serves them (ie, your firm’s regional offices/vehicles).

A common example may be that your firm’s fund offering and legal entity is very different between the EU and the US. In such cases, your website needs to offer up an entirely different fund list and legal entity disclaimer depending on the attestation.

Some firms opt for international variants of their website.

This, in my view, is a trap. Creating a “/eu” and a “/us” version of your website may seem the reasonable step to take, but doing so presents a number of fiddly issues relating primarily to search.

When creating more than one version of your site, content usually gets duplicated with small details (e.g. a footer-based disclaimer and legal name) changed. Search engines, despite their best efforts, in my experience, struggle with this scenario.

You end up with scenarios like this:

  • A partner website links to the incorrect jurisdiction website

  • Search engines index the incorrect jurisdiction version of a page

  • Domain authority (the concept of ranking power that flows through a website) is diluted

The better solution in many cases is to use on-page filtering to display content based on user attestation.

Instead of duplicating a page and editing it for international audiences, you should have a single page that is built to filter funds lists, information, and legal entity details based on what the user has already told you via attestation.

It’s better for search; there’s less chance a user ends up in the wrong place, and it still serves the compliance requirements effectively.

Attestation that degrades gracefully

A good system expects error and deals with it before it happens. In the case of attestation, failure occurs when either:

  1. A visitor selects a country and/or investor role that isn’t permitted entry

  2. A visitor declines your terms and conditions

In both cases, visitor frustration can be avoided by providing a ‘safe’ landing page. A page that provides a company overview, information on why they can’t see more, and information on how to see more, if permitted.

Balancing search, UX, and compliance

Investor attestation is more than a compliance challenge. I’ve spent time over the course of this week looking at the challenge from three perspectives: compliance, UX, and search.

Even a short pass at some of the asset managers in the wild tells me that not everyone has given compliance, UX, and search a balanced review. The stakes with getting this wrong are no joke. Firms mustn’t expose themselves to legal failings; equally, they mustn’t become so protected that nobody can find them.

The simple investor attestation is, in our world at least, one of the most fascinating parts of an asset manager’s digital estate.