Bank client's compliance requirement: every marketing email reviewed by Legal and Compliance teams before send. Previously, marketer screenshotted the draft, sent via Slack, waited for Legal to reply. Replies got missed. No audit trail when someone asked "who approved this?"
Content Builder Approval Workflow enforces the gate in SFMC itself. Built-in notifications, audit trail, rejection reasons recorded.
How Approval Workflow works
Enable Content Builder Approvals in account settings (available with most editions).
Once enabled:
Marketer creates email -> Submit for Approval
-> Approver gets notification
-> Approver reviews email in SFMC UI
-> Approve or Reject (with optional comment)
-> If Approve: email can be scheduled for send
-> If Reject: marketer gets notification, edits, resubmits
Email cannot be sent without approval once the workflow is active.
What approvers review
Approvers see the email in Content Builder, can preview with representative subscriber data, and focus on specific fields that the workflow flags:
- From Name - ensure branding is correct
- Subject Line - ensure no placeholders, compliance with policy
- Full email content - legal and brand review
- Personalization - verify Default Values are set
- Links - verify they point to approved destinations
Approver clicks Approve (or Reject with comment) directly in the UI.
Audit trail
Every approval and rejection is logged with:
- Approver identity
- Timestamp
- Approval/rejection status
- Comments (if any)
- Version of email approved
Answers "who approved this, when, with what changes" for any past send. Regulated clients need this.
Withdrawal behavior (the gotcha)
Approval can be withdrawn after email is already scheduled. What happens:
- Email remains scheduled
- Email sends at the scheduled time with the previously approved version
- Withdrawal does NOT auto-cancel the scheduled send
If a withdrawal should stop the send, someone must also cancel the scheduled send manually.
Process implication: "withdraw approval" is not a cancel button. Train the team: withdrawal means "approval is retracted"; canceling the send is a separate action.
Editing an approved email shared across BUs
An email that's approved and shared with multiple BUs cannot be edited without consequences:
- Unshare from other BUs first
- Edit
- Resubmit for approval
- After re-approval, reshare to the BUs
Edits to an approved email invalidate the approval. Process needs to accommodate this - rushed edits to approved emails don't skip re-approval.
Setup for regulated industries
Banks, insurance, pharma, healthcare - compliance-heavy sectors. Typical configuration:
Approval levels:
- Marketing Manager review (creative/brand)
- Legal / Compliance review (regulatory)
- (Optional) Product team review for product-specific claims
Approval required for: all external-facing email
Approval NOT required for: internal staff communications, test sends
Multi-level approval chains in SFMC require ordering; check capabilities against client's specific process.
Mistake 1: Not enabling approvals on regulated accounts
New engagement with a regulated client. Team assumes their existing process (Slack approvals) is fine. First audit finds sends without documented approval. Compliance incident.
Fix: enable Approval Workflow on day one for any regulated client. Non-negotiable.
Mistake 2: Confusing withdrawal with cancellation
Approver realizes an email shouldn't go out, clicks Withdraw Approval. Next day, email still sent. Approver surprised.
Fix: document clearly. "Withdraw = retract approval. Cancel scheduled send = separate action." Train the team.
Mistake 3: Approver bottleneck
Only one approver designated. Approver out of office. Everything backs up for days.
Fix: multiple approvers, at least two per approval level. Distribute load.
Mistake 4: Skipping approval for "small" changes
Marketer edits the subject line of an already-approved email and sends without re-approval. Compliance flags it in an audit. Claim of "it was approved" doesn't hold - the approved version differed.
Fix: any substantive edit requires re-approval. Include this in team training.
Approval for non-regulated clients
Even outside regulated industries, Approval Workflow helps:
- Larger marketing teams with mixed seniority
- Clients with brand-guideline enforcement
- Any scenario where "four eyes" on production sends adds value
Friction tolerance matters. For a 2-person team, the approval overhead may exceed the benefit. For a 10-person team, it's usually worth it.
Alternative: Proofing
For less formal review, SFMC has Content Builder Proofing - send preview to a list for review without the formal approval gate. Comments recorded but no hard gate on send. Lighter-weight than full Approval Workflow.
Use Proofing for collaborative review; Approval Workflow for compliance gates.
Integration with external tools
Some clients integrate approval notifications with tools their reviewers already use (Slack, Teams, project management). SFMC's notification system can email approvers; integrating with Slack requires middleware (Zapier, custom webhook).
For regulated clients, keep the approval record in SFMC for audit purposes. External tools are notification only.
Takeaway
Content Builder Approval Workflow enforces pre-send review in SFMC itself, with audit trail. Essential for regulated clients; valuable for large teams in any industry. Understand the withdrawal-doesn't-cancel behavior, set up multiple approvers per level, and require re-approval for substantive edits. Setup takes an hour; the compliance cover is worth it for the life of the engagement.
Implementing SFMC governance for regulated clients? Our Salesforce team sets up Approval Workflows and compliance frameworks on production engagements. Get in touch ->
See our full platform services for the stack we cover.
Top comments (0)