Dawn Raid? Don’t Panic! – Top 10 Tips
The phrase ‘Dawn Raid’ conjures up images of dramatic drug busts with hordes of law enforcement officers battering down doors and descending on unsuspecting criminals and the mad panic as they try to escape by jumping from a second floor window.
A corporate dawn raid may be a little more composed, however the risks for companies are just as real. The surprise can cause people to behave unpredictably, especially when technology is involved.
The harsh reality of today’s difficult economic conditions means that companies are more at risk than before. They need to be prepared for unannounced visits from agencies such as the OFT, FCA, SFO or the EC.
Authorities will often have the power to question company officials and take away information from paper files, and also electronic evidence stored on personal computers, servers and other digital devices.
Here are my top 10 tips for dealing with a corporate dawn raid from a technology perspective:
1. House in Order
Know where your data is: create a data map. Ensure compliance with a company backup policy and securely destroy old data outside of that policy. Keep individual data access to a minimum. Regulators can fine for poor data access controls so ensure suitable encryption exists. Conduct internal audits to uncover potential breaches. Finally, consider the implications of using personal devices for work purposes.
2. Be Prepared
Attend training on how to handle a dawn raid and conduct a mock dawn-raid to test the effectiveness of compliance procedures. Have you created Dawn Raid procedures and assigned a response team?
3. Inform Management, Lawyers & Advisers
Be polite to investigators and, if possible, wait for the lawyers to arrive to check the warrant or search order although depending on the circumstances there may be nothing to stop the investigators proceeding immediately. Enlist the help and advice of a forensic technology consultant to shadow the investigators to ensure that they stick to the scope of the warrant and following proper procedures. Handle communications within the firm to ensure there is compliance with the investigation and that your reputation is protected.
4. Know your IT Administrators
Get your IT people involved early on, to grant access to electronic data and individual custodians. Investigators might require Internet access, LAN access and USB access to install and run their forensic imaging software. Make sure that the tools they are installing are forensically sound and virus free. Passwords may also be required for any encrypted hardware, software, folders or documents.
Ensure all members of the company are aware of their legal obligations. Do not turn off computers as investigators might request access to Random Access Memory (containing passwords, clipboard content etc.) which would disappear upon loss of power. Protect any seals (e.g. tamper proof evidence bags, locks on doors) left by the investigators or risk hefty fines. Do not delete data – deleting data can leave a trace and lead to uncomfortable enquiries.
Business continuity is important. Is it necessary for whole computers to be seized or for servers to be taken off-line? Highlight individual areas of potential relevance and consider approaches to ensure known privileged documents are not seen by investigators such as sealing disputed documents for review by an independent lawyer.
7. Take Copies
Take copies of everything seized or copied or seen. This may or may not be possible during the course of the execution of the warrant. As a rule, investigators are obliged to provide a list of seized items but not copies. A forensic technology consultant will be able to assist you using forensic software to ensure that source data copied is not altered in any way and that crucial meta data remains intact.
Have the investigators taken adequate steps to secure data to ensure data protection and data integrity? Are they taking documents outside the scope of the investigation or documents with privileged information? Are they using suitable software, tamper proof evidence bags and maintaining chain of custody? Are they creating an inventory of recoveries, clearly labelling data and avoiding cross-contamination? One of the most important things during the course of a raid is to take copious notes of what they are searching for and on which machines. This will allow a forensic expert to reconstruct what has been searched or copied.
9. Stay Ahead
Consider a further internal audit, in order to preserve more data than the regulator, which might strengthen your case.
Use a legal technology provider to setup an Early Case Assessment database of all the documents seized by the regulator plus any further documents identified. Filter and prioritise documents for review using the latest technology to quickly assess the company’s exposure and asses it’s legal strategy for responding. In the race for leniency technology can help you work out what happened fast.
Dawn raids can have a significant impact on business, with the possibility of severe penalties and reputational damage associated with corporate wrongdoing. In addition to companies preparing themselves for a raid, the most prudent approach is to carry out routine internal audits to uncover problems ahead of a knock on the door from the authorities.