Red Flag AI Pro
Start free

Case Study

Four violations.
None of them obvious.
All of them happening right now.

This is a composite of real violations found across real agency campaigns. The copy looked professional. It had been reviewed internally. It went live. Here is what a compliance scanner found that nobody else did.

Compliance score before

31

High Risk — do not publish

Violations found

6

5 high, 1 medium

Score after fixes

91

Low Risk — safe to publish

Before you read this

If your agency writes copy for financial services clients, manages influencer campaigns, runs email capture or manages paid ads with headline pricing — at least one of these violations is almost certainly present in live campaigns right now.

Violation #1

FCA Financial Promotion — Criminal Liability

HIGH

The context

A digital agency wrote landing page copy for a fintech client offering a savings product. The copy looked professional and compliant to everyone who reviewed it.

Start growing your money today. Our members earn an average of 4.2% annually. Low risk, high reward. Open your account in minutes.

What the scanner found

This is an unapproved financial promotion under Section 21 of the Financial Services and Markets Act 2000. Communicating a financial promotion without FCA authorisation is a criminal offence — not a civil fine. A criminal offence. The agency that wrote this copy, not just the client, is exposed. The '4.2% annually' figure is a specific return claim that requires FCA approval before publication. The 'low risk' claim is false — all investment carries risk and this wording is specifically prohibited.

The fix

Any copy that invites someone to invest, save or engage with a financial product must be approved by an FCA-authorised person before publication. The agency should have flagged this before writing a word. The client's compliance officer or FCA-authorised firm must approve the final copy. Without that sign-off, neither the client nor the agency should publish.

If not fixed

Criminal prosecution of the person who communicated the promotion. FCA public censure. Campaign takedown. PI insurance may not respond.

FSMA 2000 Section 21 (UK)FCA Financial Promotions Rules (UK)FCA Compliance Sourcebook (UK)

Violation #2

CASL Consent Violation — $10M CAD Per Breach

HIGH

The context

An ecommerce brand's email capture form had been running for two years. The agency built it. It had 40,000 subscribers on the list, including Canadian recipients.

Enter your email to receive exclusive offers and our weekly newsletter. By signing up you agree to receive marketing communications from us.

What the scanner found

Canada's Anti-Spam Legislation (CASL) requires express consent before sending commercial electronic messages. 'By signing up you agree to receive marketing' is not express consent — it is implied consent buried in a checkbox that no one reads. Under CASL, every email sent to a Canadian recipient without proper express consent is a separate violation carrying fines up to $10 million CAD per violation for businesses. With 40,000 subscribers and an unknown number of Canadian recipients, this list has been accumulating liability for two years.

The fix

Add an unchecked checkbox with explicit language: 'I agree to receive marketing emails from [Brand]. I can unsubscribe at any time.' This must be a separate, affirmative action — not bundled with terms acceptance. All existing Canadian subscribers whose consent method does not meet CASL standards should be suppressed until proper consent is obtained.

If not fixed

Potential fines of millions per violation. CRTC enforcement. List destruction. Campaign suspension.

CASL + CRTC (Canada)PECR + ICO (UK)GDPR (EU)CAN-SPAM (US)

Violation #3

Drip Pricing — CMA Enforcement Priority

HIGH

The context

A SaaS client's pricing page was written and managed by the agency. It had been running for eight months generating significant paid traffic.

Start for just £29/month. Join over 5,000 businesses already growing with our platform.

What the scanner found

The £29 figure appears in the hero, the ads and the Google Shopping feed. The actual first month cost is £29 plus a mandatory £49 onboarding fee plus VAT — a total of £92.80 for month one. This is drip pricing, the practice of advertising an artificially low headline price and revealing the full cost through the checkout journey. The CMA has made drip pricing one of its top enforcement priorities under the Digital Markets Competition and Consumers Act 2024. The ACCC fined airlines over $1 million for exactly this practice. The agency that wrote and managed this campaign is in the chain of liability.

The fix

The advertised price must represent the total mandatory cost from the first point of contact. Either include all fees in the headline price, or clearly state 'from £29/month + £49 setup fee' in every placement. This must be updated in the ads, the landing page and any comparison sites simultaneously.

If not fixed

CMA enforcement notice. Fines without court order under DMCC Act 2024. Ad account suspension. Chargeback wave from existing customers.

CMA + DMCC Act 2024 (UK)ACCC (Australia)FTC (US)UCPD (EU)

Violation #4

EU AI Act Article 50 — Undisclosed AI Copy, August 2026

HIGH

The context

A content agency used ChatGPT to write blog posts, email sequences and ad copy for twelve clients. The content was edited and published without any disclosure that AI was used in its creation.

Our team of experts has crafted this guide to help you navigate the landscape. We believe in putting people first — which is why every piece of content we create comes from genuine human expertise.

What the scanner found

EU AI Act Article 50(4) comes into force on 2 August 2026 — weeks away. It requires that AI-generated content intended for public audiences is clearly disclosed. This copy was written by ChatGPT, edited by a human, and then published with the claim that it comes from 'genuine human expertise.' That is not disclosure — it is the opposite. The agency is producing this content for twelve clients across the EU market. Every piece of undisclosed AI content published after 2 August 2026 is a violation. Fines reach €15 million or 3% of global annual turnover. The agency that produced the content, not just the client that published it, is in the regulatory frame.

The fix

Add disclosure language to all AI-assisted content: 'This content was created with the assistance of AI writing tools and reviewed by [Name] on [Date].' Document your human editorial review process. Update all client contracts to include AI tool usage clauses. Audit existing content published after 2 August 2026 and add disclosures retrospectively where possible.

If not fixed

Fines up to €15 million or 3% of global annual turnover. ICO investigation. PI insurance exclusions may apply to AI-generated content claims.

EU AI Act Article 50(4) — effective 2 August 2026UK ICO AI Transparency Guidance (UK)FTC AI Endorsement Guidelines (US)

Violation #5

Greenwashing — EU Green Claims Directive and CMA Enforcement

HIGH

The context

A fashion brand client briefed the agency to write copy positioning their new product line as sustainable. The agency wrote the copy based on information provided by the client's marketing team.

Our new collection is made from eco-friendly materials and is carbon neutral from production to delivery. We are committed to a sustainable future and are proud to offer products that are kind to the planet.

What the scanner found

Every environmental claim in this copy requires substantiation under the EU Green Claims Directive, the CMA Green Claims Code and the FTC Green Guides. 'Eco-friendly' is a vague claim with no legal definition — it requires a specific, verifiable basis. 'Carbon neutral' requires independently verified offsets under a recognised standard such as Gold Standard or VCS — an internal calculation does not qualify. 'Kind to the planet' is meaningless under any regulatory framework. The agency wrote and published this copy without asking the client for substantiation. When the EU Commission ran its 2024 sweep, over 40% of environmental claims reviewed were found to be unsubstantiated. Both the brand and the agency that wrote the copy are exposed.

The fix

Never write environmental claims without first obtaining documented substantiation from the client. 'Carbon neutral' requires a specific offsetting certificate. 'Eco-friendly' must be replaced with a specific, verifiable claim — for example, 'made from 80% recycled polyester, verified by [certification body].' Add a clause to your agency agreement requiring clients to provide evidence before you write sustainability claims.

If not fixed

CMA enforcement notice and public censure. EU Commission investigation. Product withdrawal from EU market. Brand reputational damage. Agency named in proceedings.

EU Green Claims Directive (EU)CMA Green Claims Code (UK)ASA CAP Code (UK)FTC Green Guides (US)ACCC (Australia)

Violation #6

Affiliate Non-Disclosure — FTC Criminal Referral Territory

MEDIUM

The context

An agency managed an influencer campaign for a supplement brand. Twenty influencers posted content. The agency briefed them, managed the contracts and approved the content.

Honestly the best thing I have tried this year. I have been using this for three months and the results speak for themselves. Link in bio.

What the scanner found

Twenty influencers posted variations of this without any disclosure. No #ad. No #sponsored. No 'paid partnership.' The agency briefed them, paid them and approved the content. Under FTC Endorsement Guides 2023, the agency that organises and manages an influencer campaign bears direct responsibility for disclosure failures. This is not a technicality — the FTC has issued civil investigative demands to agencies, not just brands, for exactly this pattern. The ASA and CMA have publicly named agencies in influencer non-disclosure rulings. Each post is a separate violation.

The fix

Every piece of paid, gifted or incentivised influencer content must include clear, prominent disclosure before any promotional content. '#Ad' or 'Paid partnership with [Brand]' must appear at the start of the caption — not buried in hashtags, not at the end. The agency's influencer brief must include mandatory disclosure language and the contract must require it. Content must not be approved without visible disclosure.

If not fixed

FTC civil investigative demand. ASA public ruling. CMA enforcement notice. Brand reputational damage. Agency named publicly.

FTC Endorsement Guides 2023 (US)ASA CAP/BCAP Code (UK)CMA Influencer Guidance (UK)UCPD (EU)

The point of this case study

None of these violations were caught in internal review. None of them looked wrong to the people who wrote, approved and published them. All of them were found in 60 seconds by a compliance scanner.

The FCA violation could result in criminal prosecution. The CASL violation had been running for two years building liability on every send. The drip pricing was being amplified by paid ads the agency was managing. The influencer campaign had twenty posts live without a single disclosure.

The question is not whether your campaigns have violations. The question is whether you find them before a regulator does.

Sentinel plan includes unlimited scanning, signed PDF certificates, client workspaces and weekly monitoring of live campaigns.

See Sentinel for agencies →Try a free scan