As many businesses worldwide have shifted towards a hybrid working model, authorities have been adapting traditional dawn raids in the last decade as server and device data have become more important than hard copy files in most investigations. We summarize below the approaches we are currently seeing from authorities, together with key practical steps to prepare for a raid in the hybrid working model.
What are authorities doing?
Hybrid raids. Authorities have been conducting “hybrid” raids, with some of the raid team arriving at the company’s offices and others simultaneously arriving at the homes of key individuals. In recent guidance, the UK Financial Conduct Authority noted that firms must ensure employees are made aware of its powers to conduct a visit at any location where work is performed, business carried out, or employees are based (including at individuals’ homes).
Disguised dawn raids. We have meetings that effectively turn into dawn raids. These can take the form of an authority requesting in advance face-to-face meetings with senior management and serving formal notices to require certain data on the same day, with other data to follow in short order (and at the company’s cost).
Quick turnaround compelled requirements. There is an increased use of remote but quick turnaround information requirements, including broad requests for “data dumps” of client files and correspondence and compelled requirements for mobile device data (either served against the firm or individuals).
What should businesses be doing now to prepare themselves for a dawn raid?
- Review. Businesses should dust off their current policies and procedures and consider whether these need updating to reflect hybrid working (and any other legal, practical, or personnel developments – in our experience, many policies have out-of-date contact details). It’s important businesses have up-to-date emergency contact details for external legal/forensics providers in all relevant jurisdictions.
- Map your data. It is important to have a regularly updated data map to understand what is stored where (and by whom) and whether devices/laptops can be accessed remotely. It is also important to know where particularly sensitive legally privileged material is generally stored and maintain a list of current and former in-house lawyers and external firms (to isolate potentially privileged data).
- Train. The core response team needs to be trained on the updated procedures, different authorities’ powers, and relevant privilege protections. Ensure that all relevant employees understand document retention/storage requirements, who to contact in the event of a dawn raid and that certain employees may receive a visit at home.
- Practice. Run mock hybrid dawn raids to ensure policies and procedures work in practice and refine as necessary.
- Update. Record updates to the dawn raid policy/procedures to consider personnel/legal developments and keep an eye open for relevant regulatory updates as authorities adapt their approaches to raids.
The authors would like to thank David Harris, a Partner based in Norton Rose Fulbright’s London office, for his contributions to this post.
_____
Andrew Reeves, pictured above left, is a Partner based in Norton Rose Fulbright’s London office. He works on a range of major regulatory and criminal investigations and related litigation, focusing on bribery and corruption, fraud, financial crime and money laundering. He can be reached here.
Annie Birch, above right, is an associate based in Norton Rose Fulbright’s London office. Her practice focuses on litigation and regulatory investigations and enforcement proceedings. She can be reached here.
Comments are closed for this article!