ICO fines Manchester firm £300,000 for 5.5m spam loan documents and false bailiff threats

The Manchester company has been hit with the biggest nuisance marketing fine in recent years after it deliberately targeted people already struggling with debt, taunting them with millions of illegal documents and, in some cases, false threats that bailiffs were on their way.

The Information Commissioner’s Office (ICO) has fined KRA Consultancy Ltd £300,000 after finding that the company sent 5,575,715 unsolicited direct sales documents between April 2022 and May 2025. These messages pushed credit solutions to people who had already been refused a loan, a group that knew the company’s regulator could be a very big scheme.

The scale of the task is reflected in the response you elicited. More than 60,000 complaints have been lodged against the ICO and through Mobile UK’s 7726 spam reporting service, making this one of the most reported campaigns the watchdog has ever dealt with.

What raises KRA’s case beyond the general use of spam is the content of some of the messages. Alongside marketing documents, the company sent out fabricated bailiff threats designed to scare people into engaging with its credit services. They come out under the sender ID ‘DEMAND’ and read like this:

“We have tried numerous times to contact you with no success. This matter has become serious and a Legal Agent will be arriving ****** within 48 hours to remove your assets as per Court order. If you are in any legal/debt process you will need evidence readily available.”

Internal WhatsApp messages obtained during the investigation show the company’s director Khuram Rezvan Ahmad referring to these threats in the context of ‘coaching’. In an interview he wrote: “Go through a lot and answer anything. Don’t worry about forcing anything back because the coach will deal with that tomorrow morning.”

The ICO’s investigation, which included search warrants executed at KRA offices and Ahmad’s home, paints a picture of a business that understood it was breaking the law and tried to cover its tracks. Ahmad approached a telecommunications provider in China seeking assurances that bulk documents could be made “completely untraceable”. Even after the search was approved, the company returned to its illegal advertising, generating 161 more complaints.

The company also made no effort to verify whether its loan rejection data was accurate or whether recipients had consented to the marketing. Challenged internally about the three-year-old data, Ahmad was blunt: “Do I have confidence in the data set? As long as I’m making cases I don’t really give a f*** if it’s old as long as it’s making money.”

Andy Curry, Head of Investigations at the ICO, did not mince his words. “People in financial trouble deserve support, not exploitation. KRA deliberately sought out these people, knowing they might be more prone to this type of high-pressure marketing, and hit them with illegal documents. When that wasn’t enough, they sent fake threats telling people that bailiffs were coming to their homes to take their belongings. I’m fighting debt.”

He added: “KRA has shown a complete disregard for the law throughout our investigations and this £300,000 fine, one of the biggest for nuisance marketing in recent years, reflects that.

For the vast majority of regulatory advertising firms, the KRA case is a useful reminder of where the lines lie. Under the Privacy and Electronic Communications Regulations (PECR), businesses must have clear, explicit consent before sending direct marketing documents, and must be able to prove both that consent and the data behind it. Buying from old or unverified lists, as KRA does, is precisely the practice that the regulator targets, and the ICO’s enforcement action shows that the watchdog is increasingly willing to pursue money from company directors personally.

It is also part of a clear upward pattern. The ICO has been slowly increasing fines for spam marketing, and previous cases such as the £495,000 fine handed to firms over millions of disruptive messages show the way to go. This is not the first activity of Greater Manchester to attract the attention of the regulator, following previous attacks on addresses in the region of more than 11 million nuisance documents. With the costs of breaking anti-spam laws skyrocketing, the message to any business tempted to cut corners in compliance is clear: the economics don’t add up.

Anyone who receives a suspicious marketing text can report it for free by forwarding it to 7726, with complaints of this nature directly fed into the regulator’s monitoring of nuisance marketing.