What do I do if...my business is the subject of a dawn raid by the authorities?

00:00:05 David Lee, Host

Hello, my name is David Lee, and welcome to Podcasts by Brodies. In this latest episode, we're looking again at how Brodies' lawyers use their expertise and experience to answer the deceptively simple question often asked by clients, "What do I do if…?"

Today we're asking, "What do I do if my business is the subject of a dawn raid by the authorities?"

I'm joined by two guests, Charles Livingstone is a partner in the government regulation and competition team at Brodies and head of the competition practice, and Jamie Dunne who is a senior associate in the same team who specialises in competition law.

We'll be discussing how to respond if the authorities do call and what measures can be put in place beforehand to mitigate the impact if a dawn raid does happen.

Welcome to you both. So Jamie, let's start at the very beginning, which is a very fine place to start! What is a dawn raid? And do they actually happen at dawn?

00:01:07 Jamie Dunne, Senior Associate, Brodies LLP

Yeah, thanks David, so a dawn raid is the name we give to unannounced and therefore unexpected investigation carried out by a regulatory authority that suspects that there has been a legal breach by the person that they're raiding. So that authority can - without any warning - pitch up at a business' premises and demand to carry out a full and intrusive investigation.

They quite frequently will have a warrant that allows them to force entry if they need to, and carry out searches whether or not the business consents to that. They can carry out - and often will carry out - searches of offices, files, briefcases and in fact, even private homes and cars and similar things so it's quite extensive. They can carry out electronic searches of a business’ servers, individual mailboxes and indeed personal devices that that might be used for relevant purposes.

In terms of when they happen, they do tend to take place in the morning, hence the name that we give them. They normally commence between about 9:30 and 10:00am in the morning and for some reason that I've never been able to work out, they do tend to happen on a Tuesday, but they don't always happen at those times. They can happen at any point in time.

That approach, that timing, is more common when the regulator is using civil powers. So if there's a criminal investigation that's happening as part of this, then the raid may happen earlier in the morning. But I think really the key point is to be aware that investigators from the authority could pitch up at a business premises or indeed employees or directors or other officers private homes really, at any time and demand to see anything that that relates to what they're investigating.

00:03:20 David Lee, Host

OK, but you should be particularly worried on a Tuesday, clearly.

So Charles, if somebody does come a calling, especially on a Tuesday, who's it likely to be, which of the agencies that actually have the power to carry out dawn raids?

00:03:33 Charles Livingstone, Partner, Brodies LLP

So the term dawn raid tends to be most synonymous with competition enforcement, and in the UK the regulator is the Competition and Markets Authority or the CMA.

There are also sector regulators like Ofcom and Ofgem that have what we call, "concurrent competition powers" to investigate competition breaches in the sectors that they regulate and those powers extend to carrying out dawn raids. But more widely a broad range of authorities can carry out unannounced investigations of a business’s premises, even if you wouldn't necessarily use the phrase "dawn raid" as much in those scenarios.

The most obvious example is the police, as Jamie said, that may actually be at dawn. It may involve battering rams and things like that in a way that the CMA never does. Also, authorities like the Serious Fraud Office, HMRC, Health and Safety Executive, environment agencies like the Scottish Environment Protection Agency, the Financial Conduct Authority, the Information Commissioner's Office, if it's about data protection compliance, for example. So there are lots of regulators and the powers of those regulators will differ from case. But the conduct of an unannounced investigation and how you control it will generally tend to be pretty much the same, and so are the steps that the business will want to take in response.

So while we'll be speaking in this podcast mostly about or mostly in the context of a competition dawn raid, really the sorts of things we're saying are translatable to pretty much any scenario.

00:05:11 David Lee, Host

OK, thank you Charles, and Jamie, can you give us some for instances, what might be a typical reason for a dawn raid to take place?

00:05:20 Jamie Dunne, Senior Associate, Brodies LLP

So if a regulatory authority decides that it's going to carry out a dawn raid, then typically the reason for doing that is that it thinks that the business it is raiding has breached the law in some way, but also that it holds information that's going to be relevant to investigating that.

But the reason to have a dawn raid rather than go about investigating in any other way, is where the authority thinks that the company or business that it's investigating would destroy the information that it wants, rather than hand it over if they just asked for it. So they pitch up in order to avoid that risk of the information being destroyed.

To give you a couple of examples of that, the Competition and Markets Authority could conduct a dawn raid where it suspects a breach of competition law - something like price fixing, agreeing prices with competitors, or rigging bids in tender exercises - or the Financial Conduct Authority might conduct one where it suspects there's been insider dealing or market manipulation. All of those kind of things are the types of conduct where the authority would be concerned that if it just said, "can you give us something" then it would be deleted rather than handed over.

00:06:40 David Lee, Host

OK thanks Jamie, and back to you Charles, if a dawn raid does happen and nobody wants it to, how should your business react, particularly that first point of contact in the business?

00:06:52 Charles Livingstone, Partner, Brodies LLP

So the main message is stay calm and don't panic. The motto that we tell clients is, "cooperate but don't capitulate." You want to be helpful, you mustn't be obstructive, but you don't have to agree to absolutely anything that an investigator might demand of you, because there are limitations on their powers.

And you're right to ask about that first point of contact. That will typically be reception, but it might be security staff. They'll set the tone for the whole thing, and if it's not handled correctly at that point, then it can quickly spin out of control. So it's important that those "first responders" - as we sometimes call them - should be briefed on how to respond to a dawn raid and should be familiar with any dawn raid response policy or procedures that the business has.

I'm sure we'll come back to that in more detail, but reception should know who to contact if investigators arrive - it’ll typically be an in-house lawyer but if the business doesn't have one of those somebody in a senior management role who can then get external lawyers on board as soon as possible.

Reception should let the investigators know that there is a procedure in place and that things are in hand so the investigators don't think they're being given the run-around. And tell the investigators that they're going to call the responsible person under that procedure and then tell the inspectors that the person is on their way and ask them to wait. Usually the investigators will wait, but if they won't, then that first responder should check the authorising documents and take copies of them. Check that they refer to the correct business and the correct premises, because if they don't, they won't be valid and the investigators can't force their way in. Then also check that the investigator’s ID documents match up to whoever is named in the warrant or other authorising document, and that might just be the lead investigator, or it might be everybody who's there. At that point, as long as all those things check out, then they should not be obstructed, and if they insist on being let in and then they should be let in.

It's also very useful if the first responder makes a note of anything that's said, including conversations between the investigators. If they are discussing things in front of people, then they can have no expectation of privacy there.

But really, it's vital that that first response - that first line of defence - doesn't do anything that would jeopardise the business’s situation. Not only refusing to let investigators with a valid authorization into the premises, but also things like destroying or concealing documents, telling people other than the appropriate contact that the inspection is happening, volunteering information to the investigators and signing documents without reading them first. All those sorts of things should be avoided, and as I said at the start, it's very important that the people who are going to be on that front line are briefed in advance and are not left to make it up on the fly.

00:09:50 David Lee, Host

And you touched on this in your previous answer Charles, do you need a specific person to be in charge of a dawn raid response? And you know, at what point should you get lawyers involved as well?

00:10:03 Charles Livingstone, Partner, Brodies LLP

So yes, you do need a person who has overall control of the response, and generally you'll want somebody in the business that has overall control and ability to give instructions and you will generally want to have an external legal team on board and there will be a leader of that legal team as well. So in that internal role it can be useful for a business to appoint - ideally in advance, but if not on the day - a dawn raid manager who's responsible for coordinating the business's response. Including liaising with the team of investigators about the ground rules for the raid and how it's going to work; arranging IT access - which is absolutely vital and will be required in basically any raid scenario; and confirming the location of anyone the investigators want to talk to.

Typically, that manager will be an in-house lawyer, failing that someone in a senior management role, and they'll have overall responsibility for managing the raid, but they will need a team to support them. So that IT aspect is crucial as I said, but they'll also want to get external lawyers to dispatch a response team as soon as possible. That's one of the first things they do, it's the first call they make and what that entails is confirm how many people are in the investigation team so that the response team can be at least the same size.

If the business has in-house lawyers, then they can certainly be part of the response team, but there are there are not many businesses that have enough in-house lawyers to match the size of team that the investigators tend to send. The reason you'd want to have that matching up is to ensure that each investigator has at least one "shadow" or "shadower" who can follow them around note down everything they do, say and look at, and check that they don't exceed their authority. It's essentially playing a man marking system during a dawn raid because it's very important that investigators are never left unattended on the business’ premises and just left to wander around.

You will want to give them a room that they can set up and use as their HQ where they can ask all the shadowers to leave, close the door and have their internal conversations. But once they're once they're loose, once they're out and about anything they do or say is fair game and should - indeed must - be monitored.

On that point about getting external legal support, businesses are not necessarily entitled to make investigators wait until external support arrives. They're entitled to receive legal advice, and inspectors normally will agree to wait a reasonable period of time for lawyers to arrive on site, but they aren't required to do so. And if the inspectors refused to wait, then an internal team should be assembled as well as the client can manage it, to act as in that shadowing capacity. But then as soon as the external lawyers arrive, they can step in to that role, probably keeping the existing shadowers on. But having a lawyer in the shadower role is very important for some of the reasons we'll get on to in terms of what sort of thing the shadower can protect the business against.

00:13:16 David Lee, Host

OK, thanks very much Charles, and Jamie looking at some of the kind of practicalities here, what can the authorities take away during a raid and what potential impact can that have on a business?

00:13:30 Jamie Dunne, Senior Associate, Brodies LLP

So a dawn raid is going to be a very disruptive thing for any business and really quite a stressful thing for the individuals that get caught up in it as well. The investigators can carry out physical searches - so they can come into offices, they can look through files, they can look into cabinets, open briefcases, look through what's in them. And as I said earlier, go into private homes and cars and devices as well, so they can take copies of documents and potentially the original documents.

And indeed, one reason why, as Charles mentioned, it's important to have this man marking system with shadowers is because a key role of a shadower is to make a note of everything that is copied and make sure that the business has a copy and its lawyers have a copy so that they can really get a sense of what it is that the authorities are looking at, and prepare the business’s strategy for what to do in response to the investigation.

On the IT side, investigators can - and will - search through a business’ servers and individual mailboxes and devices, personal devices, as well as business devices, and they can retrieve deleted documents. As is recognised more and more commonly, nothing is ever fully deleted, and investigators have ways of uncovering ostensibly deleted documents as well.

Raids are more and more about this IT focus, so it might be that all that the authority decides it wants to do on the day is take a complete image of a business' server and then look at it later rather than disrupt the business and commit the time themselves to what can often be several days of a raid.

When they just image it and take it away, that will then be opened and reviewed on a later date at a time to be agreed with the business’ lawyers and in the presence of the business’ lawyers to make sure that that the business’ interests are properly protected as part of that.

00:15:50 David Lee, Host

OK and obviously you've described quite wide-ranging powers for the authorities in terms of what they can take away, but what about the kind of rules of engagement if you like Jamie, what guidelines do those authorities need to follow when they're carrying out a raid?

00:16:07 Jamie Dunne, Senior Associate, Brodies LLP

Authorities have quite significant investigatory powers but they are not unlimited, they are subject to duties. Businesses have rights, and it's important that everybody is aware of those.

The investigators first of all have to produce the required documentation before they can start an investigation, you know, depending on what legal regime they are running their investigation under, there are different requirements for what they have to show. So that could be a warrant from a court or an authorisation from a regulatory authority itself and it's important to make sure that the documentation, those people that are presented with the documentation within the business at the start, that that has the correct premises address, the right company name on it, the investigators are identified and the regulator is identified and make sure that everything matches up to what is in those documents.

If they don't have a warrant, then they can't force entry and they're not entitled to search the premises, but they can still request to be taken to part of the premises where documents are kept in order to look at them in their original location and see them there. So, if an inspection is taking place with a warrant and that will sometimes be more common, the investigators can use reasonable force to obtain entry, if they need to, although as Charles says, it's important to cooperate with investigators.

Whatever happens, they can search the premises and they can take reasonable steps to preserve documents or prevent anybody within the business from interfering with them. So, if they need to take originals and in criminal investigations generally they will take originals because those are the evidence that will stand up best in court later on.

In terms of limits then on what they can do, and focusing on competition investigations in particular, investigators can review basically any document that they want to decide for themselves whether it's within the scope of the investigation. But what they shouldn't examine in detail or copy or take away with them in terms of originals, is anything that's outside that scope. They're restricted to the scope of what their authorisation says they're investigating and that will be set out, as I said earlier, in those authorising documents which have to at least tell the business what kind of conduct is being investigated and restrict what they're entitled to look at and indeed take away. The one category that they are not permitted to read or copy or take away in terms of originals, are legally privileged documents. Documents that seek or provide legal advice, or that have been prepared in anticipation of litigation. Those are things that they're not allowed to take away with them.

And again, one of the reasons for this man marking system, and particularly for having that with the benefit of in-house or external legal support, is to make sure that it's possible to identify when something that the authorities are looking at - or wanting to look at - is potentially subject to legal privilege and to intervene and stop them from doing so. In some regulatory authorities, in terms of asking about other documents, are only entitled to ask questions about the documents themselves and not about wider facts of the investigation. They can request an interview, but they have to provide notice of that. But again, the key point is that questions must focus on the scope of the investigation as identified in those authorising documents.

The other key point for any individuals caught up in this kind of thing to be aware of is that investigators are generally not permitted to ask any question that might require somebody to incriminate themselves. It can often be necessary and certainly very important, to arrange separate legal representation for any individual if it starts to become clear that that individual might be the subject or the focus of the investigation.

00:20:38 David Lee, Host

Thanks Jamie, so Charles I assume that it's not often clear cut in these situations in terms of what might be or not taken away in the event of a raid and so what if there is a dispute between the authorities and a business about what they want to or they do remove during a raid?

00:20:58 Charles Livingstone, Partner, Brodies LLP

You'll want to agree an escalation procedure at the start of the raid, that would be agreed between the teams and everybody would be told about it.

What happens then is that if an investigator wants to take away something that their shadower thinks is out of scope or wants to read something that their shadower thinks is privileged, then if you can't get a quick agreement between the investigator and the shadower in the favour of the business, then what you can do is put the document in a sealed envelope and set it aside for review by the respective team leads later in the day.

It's an escalation process to the team leaders, so you don't have investigators and shadowers arguing with each other all at the same time in different parts of the premises and the team leaders trying to scuttle around to resolve those in real time.

If agreement still can't be reached between the team leaders, then the document can be resealed and the investigators will obviously want to take it away because they don't want to lose control of it, but it will be resealed for the points to be argued further, possibly even resolved by a court if needs be after the raid has finished. So it's important to have those processes in place because these disputes can happen.

00:22:15 David Lee, Host

OK and coming back to you Jamie, what are the common mistakes made by businesses in response to dawn raids? How can a mistake in those early stages make the situation worse and what can be done to try and avoid them?

00:22:30 Jamie Dunne, Senior Associate, Brodies LLP

It's quite common and understandably common that people that are caught up on raids can panic, but it's really important to maintain a professional approach to the investigators. The first responder whether that's reception or security or somebody else, is really vital for setting the tone of what follows and if they lose control, if they panic, then it can be quite hard to get things back on an even keel after that.

So everybody that gets involved from the start really important that they maintain a really sort of professional and calm approach. It's also vital that senior management take a cooperative and not a confrontational role and position on this. So as Charles mentioned earlier, the message, the key message we always say is "cooperate but don't capitulate." Work with the inspectors, but recognise that there are limits on what they can do and that you have rights in these situations?

There are key points of risk that arise as a raid goes on, so a particular one is where a raid has to go beyond one day and quite often you know we will start a dawn raid on a Tuesday and people will still be there on a on a Thursday or even a Friday of the same week, they can run on for some time. Where that's the case, the investigators will put seals on doors, on cabinets, on files and even devices to ensure that they're not tampered with overnight while everybody is away.

Now, if those seals are disturbed in any way, even maybe by a cleaner who tried to clean them, or a security guard who didn't know anything about the raid and wanted to make sure a room was secure or something like that, then the business will be liable for quite significant fines. So we generally say it's worth putting security in place to guard the seals overnight and potentially just stand down cleaners and anybody else who might be on the premises overnight altogether and just say look for the time that this raid is ongoing, we're just not going to have anybody in outside those normal working hours.

Another way that businesses can get into real trouble in a dawn raid is if somebody discloses the fact that the raid is happening to someone outside the business. If you think about it a lot of raids might be to do with cartel investigations or certainly anti-competitive behaviour between businesses, and if people are talking to other businesses about the raid then that might remove the ability of the investigators to also raid that other business and might prejudice the investigation. So they are quite strict about that as well, it’s what’s called ‘tipping off.’ The way to mitigate that risk is to make sure that knowledge of the raid within the business is kept need to know and ensuring that those who do know about it, perhaps because they are there when the raid happens and they have got the inspectors all around them, and so on, that they know and they are told specifically do not mention this to anybody.

The existence of a raid can sometimes be reported in the press. It can be confirmed by the regulator but a business must itself make sure that it is not saying anything to anybody, certainly without getting legal advice first. So if approached for example by the press to confirm or deny something, just say nothing until you’ve taken legal advice.

A further big risk in these situations is destroying information during a raid. Now even if it’s perfectly innocent stuff and perfectly unrelated to the investigation, it’s not a good look, it looks really suspicious if you are deleting information or shredding documents when the investigators are raiding your business. So even automatic document destruction policies should be suspended for the duration of the raid, shredders should be sealed up, stick them in another room, don’t let anybody near them and place what we call ‘litigation holds’ on email accounts to stop anything being deleted or automatically removed from the system, even if that would be the normal approach if a raid wasn’t’ happening. And as Charles mentioned the sort of overarching way to put all of this in place, to make sure you are ready for this and that you avoid these risks is to have a policy procedure in advance, a dawn raid response policy that says to all staff that might get caught up in this, this is what you need to do, this is how we avoid these risks, this is how we all stay calm and this is how we get through it.

00:27:30 David Lee, Host

Great stuff thank you and starting to draw together some of these key points Charles, can you summarise the main do’s and don’ts in terms of responding to a dawn raid.

00:27:44 Charles Livingstone, Partner, Brodies LLP

Absolutely, so in terms of the do’s - do have a prepared and professional response at the first point of contact stage.

Do make sure that it gets escalated to in-house or external lawyers to inform them of the raid as soon as possible, as the inspectors to wait until that legal support arrives before they commence, even if they are not obliged to do it.

Do check the authorisation documents to make sure they reflect the business and premises that the inspectors are actually at. Keep knowledge of the raid on a need to know basis as Jamie said but anybody who does know do tell them they mustn’t discuss with anyone who isn’t already in the loop.

Do try to avoid answering questions without a lawyer present, not necessarily easy but if people know to do that then it’s easier for them to say that’s the procedure we have.

Do seek legal advice if you’re unsure about what your rights and responsibilities are. The client can say during a raid if they are asked something by the investigators I just need to check that with the lawyers and the lawyers will be there on site so that’s not going to cause massive delays.

Do be willing to challenge the inspectors about taking documents that are outside the scope of the investigation or to review privileged material. They have limits on their powers, if they exceed those powers they can prejudice their own investigation, so some regulators are more aggressive than others, some inspectors are more aggressive than others. If former police officers are being used they tend to have less tolerance for that sort of push back than a CMA career person, but the business nevertheless does have those rights. And do just keep the motto in mind cooperate but don’t capitulate.

In terms of the don’ts, don’t discuss the dawn raid outside of the business whatever you do.

Don’t discuss it within the business more widely than necessary,

Don’t be hostile, don’t obstruct the investigation by refusing to co-operate.

For goodness sake don’t interfere with any seals! As Jamie mentioned - so many massive fines for that sort of thing , even where the evidence suggested it was entirely inadvertent and could only have been a cleaner, and the regulators really don’t care if their seals are interfered with, you’re going to get fined.

Don’t destroy, delete or hide any documents or files during the investigation. That applies to physical stuff, electronic stuff and regardless of its possible relevance. If something gets destroyed and the investigators have to try and reconstruct it to confirm that it was something innocent, even if it turns out to have been innocent, they are going to be really annoyed and it’s going to lose you any brownie points you might have picked up from co-operating elsewhere.

Don’t volunteer information that hasn’t been requested and don’t sign anything without reading it carefully.

And that’s pretty much it, the list could go on and on but those are the key points.

00:30:42 David Lee, Host

Thanks very much for all those dos and don'ts, Charles. I wonder whether we you'd like to go into a bit more detail on some of the don'ts and maybe tell us a couple of cautionary tales about where things haven't gone so well in this area?

00:30:56 Charles Livingstone, Partner, Brodies LLP

So there are lots of stories abroad in the competition law community - some of which are true, some of which may be apocryphal.

I've heard from one former colleague that had been on a raid, in which an investigator uncovered a document that was very clear evidence that the business in question had been involved in a cartel, but it wasn't actually the thing that was being investigated.

So the investigator showed this to my former colleague, the lawyer.

And said, "What do you think about this? Do you think this is within scope," knowing full well that it wasn't and the lawyer said no, grabbed it off them and immediately reported it up the clients management chain and that business made a leniency application in respect of that other cartel in very short order.

Another story from another former colleague, a different colleague when he was at a different firm, was he got a call from a client saying, "I've had some inspectors from the Office of Fair Trading, they've called at the office, they said they're entitled to come in and carry out a search."

And the colleague said, "OK, that's fine. You've done the right thing phoning me."

The client said, "Don't worry! I've put them in a meeting room…"

And the colleague thinks OK, good, he seems to be on top of things and then the client says, "…and I've locked the door!"

At this point the lawyer sort of very patiently explains that he should go and unlock that door immediately and hope they don't they didn't realize that they had in fact been locked in because he was very much not following the cooperate part of, "cooperate, but don't capitulate."

And Jamie, do you want to tell the airlock story from one of the raids we did?

00:32:57 Jamie Dunne, Senior Associate, Brodies LLP

I mentioned earlier on around the point about the investigators applying seals to doors, if they pack up to go away overnight. The investigators ended day one of the raid, applied their seal to the door and then and then went away and.

The business had stationed us - it had security that were aware that the sales weren't to be interfered with, but the financial director who was on site with us during the day and then went home and did not get a single second of sleep that night as he was worried that somebody inadvertently might touch the seal and that the business might be exposed for having a smudgy seal or something like that.

So he came in the next day and within a short period of time had carpenters there with him to build an entirely new door in front of the door that the investigators were going to seal up each day, which was a kind of fun thing for everybody involved to be to be carrying on with the stone raid with the drilling and hammering all happening in the background as an emergency air locked door gets built to make sure that the seal isn't affected. But I certainly imagine he slept better that night knowing it was there.

00:34:25 David Lee, Host

And finally to summarise in a few sentences, what is your advice to businesses that might be concerned about facing a dawn raid and just making sure that they're as well prepared as they possibly can be?

00:34:39 Charles Livingstone, Partner, Brodies LLP

So again, sounding a bit like a broken record, but have a dawn raid response policy and procedure in place setting out the key steps to be taken, who is to take them, who they contact, all that sort of thing - particularly first responders, but all employees who are likely to be caught up in a raid should be familiar with that policy and trained on the procedures that should be followed.

It can be helpful to give individual staff a checklist of the things that are key to them, particularly having that at reception. Have a separate checklist for the senior managers who are going to have to lead the team, and in particular what they need to do before the external legal support arrives and do seek legal advice in the specific regulatory area you're concerned about.

If you think you might be subject to a dawn raid, that probably means you have some concerns about either your compliance with competition law or your exposure to competition law risks.

So take advice about those to give yourself the best possible opportunity of avoiding a raid altogether, and indeed managing the risks that you think you might be vulnerable to.

00:35:48 David Lee, Host

Thank you very much. Key messages certainly, "Cooperate don't capitulate," practice your man marking strategies and definitely make sure your dawn raid manager isn't working from home at 10:00 AM on a Tuesday!

You've been listening to Podcasts by Brodies, where some of the country's leading lawyers and special guests share their Enlightened Thinking about a range of issues and developments having an impact on the legal sector, and what that might mean for organisations, for businesses and for individuals across the economy and society.

If you'd like to hear more, you can subscribe to Podcasts by Brodies on all your favorite podcast platforms. And for more information and insights, please visit www.brodies.com