
For decades, UK professional services agencies have operated on relationship-based governance. Trust. Implicit procedures. Experienced team knowledge. This is industry standard—not negligence, but how agencies at this scale typically function. It works brilliantly in stable conditions.
I know because I operated this way too. My GTM agency in South Africa relied on informal governance for years, successfully. Relationship-based trust. Implicit risk management. Verbal approval workflows. We delivered excellent work. We had appropriate governance for our scale and context.
Then external crisis hit. A major client launched an internal investigation of their own suppliers—entirely unrelated to our work. They froze payments across their entire supplier base for over a year. Millions receivable. We were eventually cleared of any wrongdoing, but informal governance couldn't withstand the cash flow pressure.
The business closed. Not from operational failure, but because informal governance systems lack the documented resilience mechanisms that become essential when facing extraordinary external pressure you didn't cause.
Meanwhile, my healthcare agency survived the blast radius of the same crisis. Not because we were smarter or more capable, but because pharmaceutical clients had demanded formalised governance through vendor audits. Those requirements felt like bureaucracy at the time. They became survival infrastructure when crisis arrived.
"Informal governance works in stable times. Formalised governance creates documented resilience that survives crisis pressure."
UK agencies built brilliant operations for relationship-dependent workflows. Then AI arrived, and suddenly:
Tools proliferated faster than policy could catch up
Team members became key-person risks ("Ask Sarah, she knows the prompts")
Workflows crystallised around undocumented AI dependencies
Data classifications that never mattered suddenly determine GDPR compliance
Creative output quality became dependent on tools nobody formally approved
Your creative capability isn't broken. Your operational infrastructure needs documentation.
This is GovernFirst, not AI-First.
Every agency needs operational infrastructure that makes AI usage visible, accountable, and commercially defensible. Not thirty-page policies. Not ISO certifications. Not theoretical frameworks.
Classify every data type as Red (never AI), Amber (approved tools only), or Green (public AI acceptable). Takes 15 minutes to learn. Creates documented classification that survives audit questions forever.
AI assists, humans decide. Document who reviewed what, when. Create audit trails that answer client questions and regulatory inquiries with evidence, not assurances.
Capture the value your team creates through AI. Share effective prompts systematically. Measure efficiency gains. Protect margins instead of absorbing AI productivity as silent margin erosion.
of brand leaders have serious concerns about agency
AI use
of agencies have updated contracts with
AI clauses
Enterprise clients are updating procurement requirements right now. Vendor assessments that never mentioned AI six months ago now include governance questions many agencies struggle to answer with documented evidence.
The opportunity to build governance as competitive advantage rather than scrambling for compliance exists for the next 12-18 months.
Answer enterprise security questionnaires with evidence competitors can't provide
Eliminate cascade risk before incidents reveal vulnerability
Capture AI efficiency as measurable Prompt Dividend
Position as low-risk strategic partners through demonstrated operational maturity
While markets focused purely on speed chase AI adoption at any cost, UK agencies have something more valuable: the cultural capacity for operational discipline.
UK professional services culture understands:
This isn't about achieving perfection. It's about creating documented resilience.
You don't need pharmaceutical-grade governance systems. You need Enterprise-ready frameworks that pass vendor assessments while creative teams can actually implement them.
I was a partner in two agencies that faced the same external crisis. One survived through formalised governance. One closed when informal governance reached its limits under extraordinary pressure. That lived experience taught me what crisis reveals about governance systems—lessons I now help UK agencies apply before crisis forces the learning.
The question isn't whether that pressure will come. The question is whether you'll have formalised, documented systems when it does.
"Informal governance works in stable times. Formalised governance creates documented resilience that survives extraordinary external pressure."

Michael MacDonald
Founder, Brains Before Bots
Former agency partner | Shadow AI Governance specialist
LinkedIn: linkedin.com/in/mrmichaelmac
Email: hello@brainsbeforebots.com
© 2026 Brains Before Bots | All rights reserved
The risk is already present. 71% of teams using ungoverned AI tools. Every day. Right now. Not the AI you're planning to adopt. The AI already adopted without governance frameworks, without documentation, without formal oversight.