The Marketing Agency's Guide to Compliance, How to Protect Yourself When a Client Campaign Gets a Complaint

The Complaint Is Filed. Now What?

A client's campaign triggers an ASA complaint or an FCA investigation. The regulator doesn't just look at the brand, they want to know who produced the copy, who approved it, and what compliance checks were in place before it was published.

If your agency produced that copy without a documented compliance review process, you are exposed.

Here is how to build a compliance process that protects your agency before a complaint ever arrives.

Why Agencies Are Increasingly in the Frame

Ten years ago, regulatory enforcement focused almost exclusively on the brand. Today, that has changed:

• •The CMA's updated guidance explicitly states that agencies that produce misleading marketing materials can share liability with the advertiser
• •The FTC's Endorsement Guides hold agencies responsible for influencer campaigns they organise and manage
• •EU DSA rules on dark patterns can apply to the agency that implemented them, not just the brand that requested them
• •FCA financial promotion rules make the communicator of an unapproved promotion criminally liable, which can mean the agency

The legal and regulatory environment has shifted. Agencies can no longer rely on "we just did what the client asked."

Building Your Compliance Process

Step 1, Compliance Review Before Submission

Every piece of copy should go through a compliance review before it is submitted to the client. This review should check for:

• •Income or earnings claims requiring substantiation
• •Health claims requiring regulatory authorisation
• •Urgency and scarcity language that may be artificial
• •Guarantee language that contradicts terms
• •Endorsement and testimonial disclosures
• •Financial promotion language requiring FCA approval
• •AI-generated content requiring disclosure

Document that this review happened, who conducted it, and what was changed as a result.

Step 2, Client Sign-Off as a Compliance Document

Client approval is not just project management, it is compliance documentation. Your sign-off process should require the client to confirm:

• •They have reviewed the copy for compliance with applicable regulations
• •They take responsibility for the factual accuracy of all claims
• •They have obtained any necessary regulatory approvals (FCA, for financial promotions)
• •They confirm the copy is consistent with their Terms of Service

This sign-off should be in writing, email is sufficient, but a documented approval workflow is better.

Step 3, Timestamped Records

Keep timestamped records of:

• •The version of copy submitted to the client
• •The client's approval
• •Any compliance amendments made at your agency's initiative
• •The date the campaign went live

When a regulator asks "what compliance checks were in place and when?" you need to be able to answer with dates and documents.

Step 4, Compliance Clauses in Your Agency Agreement

Your standard client contract should include:

• •A clause requiring the client to confirm they hold any necessary regulatory approvals
• •A clause requiring the client to indemnify the agency against claims arising from the client's failure to meet regulatory requirements
• •A clause giving your agency the right to refuse to produce copy that you believe is non-compliant
• •A clause specifying that the client takes responsibility for the factual accuracy of all claims

Have your solicitor review these clauses, generic templates are not sufficient for regulated industries.

The Compliance Audit Tool Agencies Are Using

Red Flag AI Pro runs compliance checks against 21 risk categories across 5 jurisdictions, including FCA financial promotions, ASA CAP Code, GDPR, EU AI Act and FTC requirements.

On the Sentinel plan, agencies can:

• •Run unlimited compliance scans on client copy
• •Organise scans by client workspace
• •Generate signed PDF compliance certificates showing the scan was run, when, and what was found
• •Monitor live client URLs weekly for changes that introduce new compliance risks
• •White-label PDF reports under the agency's own branding

The timestamped PDF certificate is exactly the kind of documented evidence that demonstrates professional diligence, to clients, to regulators, and to PI insurers.