It is September 2020—hopefully a post-pandemic world. Your company has successfully weathered the storms of crisis, and social and economic life is slowly recovering its previous pace. Most people work at the office again, and you are on your way there. Before arriving at 9 am, you usually stop by the corner coffee place to have a morning espresso and browse the daily news. But at 8:15 am you get a call from the office. It is the receptionist, saying that the company has been approached by agents requesting to inspect the company’s files and computer system. You get to the office and find a few men waiting in black suits. They present a warrant and insist on starting the inspection immediately. It is a dawn raid. And the question is whether you are prepared to handle it.
What is a dawn raid?
A dawn raid is an unannounced inspection of a company’s premises, usually as part of an ongoing investigation by a regulatory or law-enforcement authority. Any company, no matter its size, may be subject to a dawn raid. Dawn raids are usually triggered by a complaint (e.g. from a customer or distributor), an anonymous tip, or a leniency application. They may also be initiated by authorities with their own agenda.
In Poland, different authorities are vested with powers to inspect business premises. The prospect of having any particular authority ring your doorbell generally depends on the type of business you run. The exact powers of the agencies differ. Their powers may also be specified in the particular warrant granted to the agents. At their most extensive, these powers allow authorities to enter premises, search and seize documents and electronic files, and seize equipment (e.g. computers or hard drives). They may also include interviewing employees and even sealing off rooms.
No doubt a surprise dawn raid would cause disruption. However, if dealt with in a carefully coordinated manner, they can be less troubling.
There are several things that can go wrong at the start and during the inspection. The way to mitigate those risks is to have a dawn raid policy in place. The purpose of the policy is to design a clear and simple procedure for how the staff should behave, especially those on the front line of the inspection—reception and security, IT staff, in-house lawyers—when confronted with a raid.
There is no one-size-fits-all policy. It should be specific to your organisation and instruct your staff on how they should behave when investigators arrive and during the inspection. It also provides a protocol for who should be notified and who should coordinate actions on your end.
What else may be needed?
A dawn raid policy is not enough. It must be well known within the organisation, in particular among the “first responders,” and it must be up to date. An outdated policy known to a few will not be fit for purpose, and may do more harm than good. Hence it is essential to make sure that all employees are aware of the policy, and preferably receive training on the policy. However, even the best training in a cosy conference room will fall far short of a realistic drill. A drill will not only help train staff, but also assist in testing the organisation’s preparedness.
Last but not least, even the best policy and trained staff may not be enough. No matter how well trained, staff will be under stress and may be intimidated by the horde of investigators. During the inspection, many issues may pop up with no easy answers: whether the company must provide access to encrypted documents, whether the company needs to turn over cloud-stored files on servers in foreign jurisdictions, etc. Hence it is best to consider having emergency contacts to lawyers with experience handling dawn raids and related proceedings. Raids are often conducted outside office hours (e.g. very early in the morning), so it is good to have trusted advisers available 24/7.
See also Dawn raid policy: why your company should consider adopting one