Case Study
This is a composite of real violations found across real agency campaigns. The copy looked professional. It had been reviewed internally. It went live. Here is what a compliance checker found that nobody else did.
Score before
31
High risk. Do not publish
Violations found
6
5 high · 1 medium
Score after fixes
91
Low risk. Safe to publish
Before you read this: If your agency writes copy for financial services clients, manages influencer campaigns, runs email capture or manages paid ads with headline pricing, at least one of these violations is almost certainly present in live campaigns right now.
Violation #1
The context
A digital agency wrote landing page copy for a fintech client offering a savings product. The copy looked professional and compliant to everyone who reviewed it.
“Start growing your money today. Our members earn an average of 4.2% annually. Low risk, high reward. Open your account in minutes.”
What the checker found
This is an unapproved financial promotion under Section 21 of the Financial Services and Markets Act 2000. Communicating a financial promotion without FCA authorisation is a criminal offence, not a civil fine. A criminal offence. The agency that wrote this copy, not just the client, is exposed. The '4.2% annually' figure is a specific return claim that requires FCA approval before publication. The 'low risk' claim is false: all investment carries risk and this wording is specifically prohibited.
The fix
Any copy that invites someone to invest, save or engage with a financial product must be approved by an FCA authorised person before publication. The agency should have flagged this before writing a word. Without that sign off, neither the client nor the agency should publish.
If not fixed
Criminal prosecution of the person who communicated the promotion. FCA public censure. Campaign takedown. PI insurance may not respond.
Violation #2
The context
An ecommerce brand's email capture form had been running for two years. The agency built it. It had 40,000 subscribers on the list, including Canadian recipients.
“Enter your email to receive exclusive offers and our weekly newsletter. By signing up you agree to receive marketing communications from us.”
What the checker found
Canada's Anti Spam Legislation (CASL) requires express consent before sending commercial electronic messages. 'By signing up you agree to receive marketing' is not express consent, it is implied consent. Under CASL, every email sent to a Canadian recipient without proper express consent is a separate violation carrying fines up to $10 million CAD per violation for businesses. With 40,000 subscribers, this list has been accumulating liability for two years.
The fix
Add an unchecked checkbox with explicit language: 'I agree to receive marketing emails from [Brand]. I can unsubscribe at any time.' This must be a separate, affirmative action, not bundled with terms acceptance. All existing Canadian subscribers without proper consent should be suppressed.
If not fixed
Potential fines of millions per violation. CRTC enforcement. List destruction. Campaign suspension.
Violation #3
The context
A SaaS client's pricing page was written and managed by the agency. It had been running for eight months generating significant paid traffic.
“Start for just £29/month. Join over 5,000 businesses already growing with our platform.”
What the checker found
The £29 figure appears in the hero, the ads and the Google Shopping feed. The actual first month cost is £29 plus a mandatory £49 onboarding fee plus VAT: a total of £92.80 for month one. This is drip pricing. The CMA has made drip pricing one of its top enforcement priorities under the Digital Markets Competition and Consumers Act 2024. The agency that wrote and managed this campaign is in the chain of liability.
The fix
The advertised price must represent the total mandatory cost from the first point of contact. Either include all fees in the headline price, or clearly state 'from £29/month + £49 setup fee' in every placement. This must be updated in ads, landing page and comparison sites simultaneously.
If not fixed
CMA enforcement notice. Fines without court order under DMCC Act 2024. Ad account suspension. Chargeback wave from existing customers.
Violation #4
The context
A content agency used ChatGPT to write blog posts, email sequences and ad copy for twelve clients. The content was edited and published without any disclosure that AI was used in its creation.
“Our team of experts has crafted this guide to help you navigate the landscape. We believe in putting people first, which is why every piece of content we create comes from genuine human expertise.”
What the checker found
EU AI Act Article 50(4) comes into force on 2 August 2026. It requires that AI generated content intended for public audiences is clearly disclosed. This copy was written by ChatGPT, edited by a human, and then published with the claim that it comes from 'genuine human expertise.' That is not disclosure, it is the opposite. The agency is producing this content for twelve clients across the EU market. Every piece of undisclosed AI content published after 2 August 2026 is a violation. Fines reach €15 million or 3% of global annual turnover.
The fix
Add disclosure language to all AI assisted content: 'This content was created with the assistance of AI writing tools and reviewed by [Name] on [Date].' Document your human editorial review process. Update all client contracts to include AI tool usage clauses.
If not fixed
Fines up to €15 million or 3% of global annual turnover. ICO investigation. PI insurance exclusions may apply to AI generated content claims.
Violation #5
The context
A fashion brand client briefed the agency to write copy positioning their new product line as sustainable. The agency wrote the copy based on information provided by the client's marketing team.
“Our new collection is made from eco-friendly materials and is carbon neutral from production to delivery. We are committed to a sustainable future and are proud to offer products that are kind to the planet.”
What the checker found
Every environmental claim in this copy requires substantiation under the EU Green Claims Directive, the CMA Green Claims Code and the FTC Green Guides. 'Eco-friendly' is a vague claim with no legal definition. 'Carbon neutral' requires independently verified offsets under a recognised standard. 'Kind to the planet' is meaningless under any regulatory framework. The agency wrote and published this copy without asking the client for substantiation.
The fix
Never write environmental claims without first obtaining documented substantiation from the client. 'Carbon neutral' requires a specific offsetting certificate. 'Eco friendly' must be replaced with a specific, verifiable claim. Add a clause to your agency agreement requiring clients to provide evidence before you write sustainability claims.
If not fixed
CMA enforcement notice and public censure. EU Commission investigation. Product withdrawal from EU market. Agency named in proceedings.
Violation #6
The context
An agency managed an influencer campaign for a supplement brand. Twenty influencers posted content. The agency briefed them, managed the contracts and approved the content.
“Honestly the best thing I have tried this year. I have been using this for three months and the results speak for themselves. Link in bio.”
What the checker found
Twenty influencers posted variations of this without any disclosure. No #ad. No #sponsored. No 'paid partnership.' The agency briefed them, paid them and approved the content. Under FTC Endorsement Guides 2023, the agency that organises and manages an influencer campaign bears direct responsibility for disclosure failures. The FTC has issued civil investigative demands to agencies, not just brands, for exactly this pattern. Each post is a separate violation.
The fix
Every piece of paid, gifted or incentivised influencer content must include clear, prominent disclosure before any promotional content. '#Ad' or 'Paid partnership with [Brand]' must appear at the start of the caption. The agency's influencer brief must include mandatory disclosure language and the contract must require it.
If not fixed
FTC civil investigative demand. ASA public ruling. CMA enforcement notice. Agency named publicly.
None of these violations were caught in internal review. None of them looked wrong to the people who wrote, approved and published them. All of them were found in 60 seconds by a compliance checker.
The FCA violation could result in criminal prosecution. The CASL violation had been running for two years building liability on every send. The drip pricing was being amplified by paid ads the agency was managing. The influencer campaign had twenty posts live without a single disclosure.
The question is not whether your campaigns have violations. The question is whether you find them before a regulator does.
Sentinel plan includes unlimited checks, a cryptographically sealed audit trail you can verify on demand, client workspaces and weekly monitoring of live campaigns. If you're a CFO or compliance lead rather than an agency, the same audit trail thinking applies to AI governance.