Dawn Raids 101: The Bootcamp
Erick Gunawan
Being dawn raided is never a fun experience, but Erick Gunawan writes that good preparation can make a massive difference.
If the thought of a dawn raid has been keeping you awake at night since my last post, mea culpa. I’m sorry. But it really is the case that most businesses could be dragged into an investigation and need to be prepared.
The best way to sleep soundly is to have a plan. And that’s something I can help with. I’ve worked on dozens of dawn raids, and there are plenty of things every business can do before, during, and after a raid.
So, without further ado, this is my Dawn Raid 101 Bootcamp.
Before you have been raided, there are a few obvious things you can do. The first is to look at your document retention policy, what you have and what you don’t. If there are documents that are past their lifetime, can you get rid of them? Take advice. Find out how much you must keep by law and how much you need keep for your operations. Offload useless data accordingly, and this can reduce unnecessary risks.
How sophisticated is your information governance policy? Where is your data kept? Is it on the servers in the room in the basement, or is it kept across various servers in various locations in various countries, with various data and discovery laws? Again, take advice and have a hard think about what you need to do.
Which parts of the business own which files or servers? Is all your data jumbled together or clearly demarked? Good organisation will help investigators get what they need rather than kitchen-sink the job.
Develop a raid communication protocol. Should a raid happen, who needs to get to the office quickly? A senior member of staff and legal are a must, and that lawyer needs to be on top of data law. Independent consultants might be a good idea too. And how do you make sure that when the investigators come, whoever is at the door knows what to do? Get a communications cascade plan in place.
Train employees. Make sure that they are aware that raids are possible, not because the company has been doing anything wrong, but because investigations can be wide ranging. Ensure they know what to do if one happens.
Establish a dawn raid response team made up of the people who will be responsible for handling an on-site inspection. The team should include senior legal personnel, senior IT staff, outside counsel, external forensic experts, a media relations professional, and an administrative team that can assist with note taking and photocopying and be the point of contact for the regulators.
Draft an internal alert email. The company legal team should prepare an internal draft email with instructions to staff that can be circulated in the event of a dawn raid. The message should tell employees not to destroy or remove any documents during the raid. In addition, the email should advise employees of their right to have counsel present for any substantive questioning by authorities and note that people outside of the company should not be informed of the raid.
Finally, consider wargaming a dawn raid. I will explain more in my next article, but, as long as very few people are given advanced notice, it is usually a useful exercise.
Moving on to the day itself, what can you do during the raid? Again, I’ll explain more about the day itself in another post. But in short, the investigators probably will be happy to wait around for an hour or so before taking matters into their own hands. When your team is (promptly) assembled, accompany the investigators. Record what they take, help them get what they need, and check that they are taking only what they are entitled to take. Ensure they take the data they need without damaging equipment or removing a mission-critical IT kit. This stage is best overseen by an independent advisor who will challenge but not obstruct.
Once the investigators have gone, get your forensic expert and the administrative team to write a full report. The investigators might not have told you what they were looking for. But if you know what they took, you might be able to work it out and mount your own investigation.
Collect an inspection record. Outside counsel should collect reports from personnel who accompanied the authorities during the search, which include any incidents that occurred during the raid.
Debrief. The response team and outside counsel must meet to discuss issues such as potentially relevant documents that the authorities did not find and whether any documents that were taken are subject to privilege.
Notify auditors, insurers, and/or regulators. Consider to whom the company needs to make disclosures relating to the raid.
Then, begin your internal investigation. If you find evidence of wrongdoing, give it to the investigators. It will win you more than just brownie points.
In my next article, I will complete my trio of dawn-raid posts with a more detailed run-through of what typically happens during the raid itself, from the surprise call to the investigators leaving the building.
However, I’ll leave you with this thought: I’m often asked if dawn raids only happen at dawn.
The answer is no. They can happen at any time. But usually when you least expect it.
If you are reading this at bedtime, sweet dreams.