I ran two agencies for nearly fifteen years. One survived a serious crisis. The other closed.
Same market. Same external pressure. Overlapping resources. The difference wasn't talent, or relationships, or timing.
It was structure. Specifically: whether the structure existed before the pressure arrived.
The governance I built for clients, not crises
Here's the thing that took me a while to understand about this.
XEIOH — the agency that survived — wasn't built for resilience. I hadn't sat down and designed it to withstand a payment freeze from a major client. I'd built the operational processes to keep pharmaceutical clients happy. Sanofi, Roche, AstraZeneca, Boehringer Ingelheim. Companies that run their promotional materials through medical-legal-regulatory teams before anything gets approved. Companies that require documented version control, named reviewers, and sign-off records as a condition of the supplier relationship.
I built those processes because the clients required them.
The resilience was a side effect I only recognised afterwards.
What happened when the pressure arrived
When the crisis arrived — a major client froze payments during an internal investigation — XEIOH had something to stand on. Documented processes that kept running. Approval workflows that didn't collapse. Consistent delivery to other clients because the work had a structure behind it that didn't depend on a single person managing every decision.
Zonke Ignition didn't have that structure. Not because it was poorly run. Zonke was a good agency with good clients and experienced people who made the right calls. The informal systems worked well — in normal conditions, informal governance does most of what you need it to do.
The problem is what informal governance can't do under extraordinary external pressure.
When the pressure became structural rather than operational, Zonke had no documented processes to fall back on. Creditors don't accept goodwill as evidence of operational continuity. Zonke closed. XEIOH held.
Why the retrospective matters
The retrospective nature of that insight is actually the useful part.
I'm not telling you this as a strategic foresight story. I didn't build XEIOH's governance for resilience. I built it to satisfy client requirements. The resilience was a consequence I recognised only after working backwards from survival.
That matters because most agency owners won't build governance from scratch for worst-case scenarios. The scenario feels abstract until it doesn't. What they will do is build governance in response to what clients and markets require.
That's the pattern worth paying attention to right now.
The same mechanism is moving through agency AI
UK agencies are adopting AI faster than their operational structures are keeping up. Tools are being used, workflows are being automated, client deliverables are being produced with AI assistance. In most agencies, the governance around all of this is informal. Experienced people making reasonable calls. Unwritten guidelines that the team mostly follows.
This is where the sector was with data protection before GDPR arrived.
The gap is starting to close — and not because agencies are building governance strategically. Because clients are beginning to require it. The UK Government Communication Service now requires documented AI governance from contracted agency suppliers. ISBA reported in late 2024 that 8% of UK advertisers had already amended agency contracts to include specific AI terms, with 42% in the process of doing so.
The mechanism is identical to what happened in pharmaceutical marketing. A client has a governance expectation. They require the supplier to reflect it in their own operations. The supplier builds the governance — to keep the client. And the governance that gets built turns out to matter for reasons that weren't the original motivation.
The agencies with a real answer
An agency wins a public sector contract. The contract requires documented AI governance — which tools are approved, how data is classified before it enters those tools, what human review applies to AI-generated outputs. The agency builds those processes to satisfy the requirement. A year later, a different client asks in a procurement questionnaire: how does your agency handle AI and client data?
The agency has a real answer. Not because it anticipated the question. Because it had already built the structure.
That's the XEIOH pattern.
The agencies with documented AI governance — for whatever reason they built it — can answer that question confidently. The ones without it are hoping it doesn't get asked.
Before or after the question arrives
The agencies that get this right won't have to hope the question doesn't arrive. They'll be the ones who answer it without hesitation.
That's what being AI-ready actually looks like.
This newsletter is from Chapter 6 of Shadow AI Governance: The UK Agency Playbook — a book I'm writing in public, chapter by chapter, about making agency AI usage visible, accountable, and commercially defensible. Chapter 6 is where the solution begins to take shape. Not with theory. With a survival story that taught me more about governance than any framework I've encountered since. The next chapter takes that lesson and makes it practical — translating what the XEIOH pattern actually means for the day-to-day reality of how an agency operates its AI usage.
Want the full chapter?
The newsletter covers the shape of the XEIOH/Zonke story. The full chapter goes further — the specific GCS and Cabinet Office procurement language now in play, and the critical distinction between governance that's genuinely operational versus governance that exists only as documentation. That distinction is the one that matters under pressure.
Or if you'd rather understand what your agency's AI readiness actually looks like before a client asks the question, the AI Readiness Assessment maps exactly what's running, where your gaps are, and what governance looks like for your specific operation.