Checklist: Managing a dawn raid

Introduction

This checklist will assist in-house counsel and risk and compliance teams with the steps that their organisation should take when dealing with an unannounced inspection or dawn raid. It will help you to determine whether your organisation has the necessary systems in place to handle a dawn raid, explain how to manage a dawn raid and provide instructions for:

Reception and security staff
A senior member of your IT staff
Management and the legal team

Steps 1 to 3 are intended to be shared with the relevant teams in your organisation in advance of a dawn raid and can be used as a reference if a raid takes place.

At the end of the document, there are explanatory notes and specific notes corresponding to the relevant step in the instructions.

Step 1 – Instructions for reception and security staff

No.	Step	Further information
1.1	Welcome officials and contact legal team	Be courteous and polite to the officials, and ask them to wait while you contact the legal team or a senior company representative on the premises and ask them to come to reception. Contact the legal team or a senior company representative and ask them to come to reception immediately. If you cannot reach them, contact external counsel.
1.2	Request documentation	Copy the officials’ documentation and email it to the legal team and external counsel. Ask the lead official for their mobile number and share this with the legal team and external counsel.
1.3	Ask officials to wait	Sign in the officials as you would with any other visitor, but do not record the purpose of the visit. Find an empty room for the officials to wait in until a member of the legal team or a senior manager arrives.
1.4	Record the officials’ details	Make a list of all the officials and the authority they are from. Pass this information on to the legal team.
1.5	Arrange meeting rooms	Book three meeting rooms for the entire day, ensuring that the rooms do not contain documents or provide access to the company’s IT system. If possible, arrange for whiteboards to be placed in each room.
1.6	Maintain confidentiality and cooperation	Treat the arrival of the officials as highly confidential. Do not obstruct the officials in any way – if the officials refuse to wait, contact a member of the legal team immediately.

Step 2 – Instructions for a senior member of IT staff

The instructions below should be utilised by someone with sufficient seniority to understand the IT infrastructure of the organisation and with the authority to take emergency steps in respect of the organisation’s IT – for example, the head of IT or the chief technology officer. The individual(s) will need to have the authority and competence to comply with IT requests made by the officials during the raid – for example, they will need the appropriate permissions to access IT archives.

No.	Step	Further information
2.1	Preserve documentation	Suspend document destruction procedures. Ensure that any document deletion is stopped with immediate effect.
2.2	Meet the officials	Attend a meeting with the officials to explain the company’s IT system, environment and architecture. The officials may ask you to suspend email accounts, disconnect running computers, remove and re-install hard drives etc.
2.3	Set up your base	Arrange a room that you can use as your ‘operations’ room, from which support can be coordinated.
2.4	Assist the officials	Establish whether the officials require any additional equipment to aid their search. Establish what electronic data and devices the officials will want access to. Assist with the collection of devices and access to data stored offsite. Provide administrator access rights/overrule password access requirements to support the officials.
2.5	Create a support team	Create an IT support team and brief them to assist the company’s legal team and external counsel. Instruct all employees in the IT team that they must not interfere with steps that have been agreed with the officials. Assign a member of the IT team to assist the lead official responsible for dealing with IT and help facilitate access to electronic data and compliance with their requests. Assign at least two other people in your support team to be shadowers and assist in the management of more strategic issues. Assign a member of the IT team to assist in the recording and management of IT-related requests made by the officials. Immediately inform the legal team or external counsel of any issues which might affect your ability to provide access to data or to respond within the specified timeframe.
2.6	Data deletion process	At the end of the inspection, ensure that you receive a forensic copy of all data removed, discuss the process for deletion of data copied onto the officials’ equipment and ensure that you are satisfied that this process will result in the total deletion of all data. Monitor the deletion process. If the officials have used equipment belonging to the company, they do not have to wipe this. Ask the officials to sign a document stating that their hard drives have been properly wiped. Ensure that all company devices are returned. Debrief the legal team fully and inform them of any agreed next steps.

Step 3 – Instructions for management and legal teams

Depending on your organisational structure, these instructions should be followed by your chief executive officer, managing director or other members of the senior leadership team, in addition to the head of your legal team, to the extent that you have one.

No.	Step	Further information
3.1	Meet the officials	Meet with the officials in reception as quickly as possible and confirm your intention to cooperate with the process. Take at least two people with you to help you to coordinate the process. If you are not a member of the legal team, ask the officials to wait for the in-house legal team or external counsel to arrive. Tell them how long you expect them to be. Officials will generally wait a reasonable time (typically 30-60 minutes); but in an investigation in respect of criminal conduct, they are unlikely to wait. If you do not already have the lead official’s mobile telephone number, obtain it now.
3.2	Contact internal and external legal counsel	Contact your in-house legal team (if you have one and they are not already in attendance). Where there is no in-house legal team, agree who will contact external legal counsel and ask them to attend. Contact external legal counsel and inform them how many officials are present. If there is an in-house legal team, consider contacting external legal counsel. Check that external counsel have a copy of the officials’ documentation. Contact the IT team and ensure their availability. Contact senior managers and inform them of what is going on. Tell senior managers to treat the existence of the raid as confidential and not to contact anyone else either inside or outside the organisation unless expressly authorised to do so.
3.3	Check documents	Check which authority is conducting the investigation. Check that the name and address of the company being investigated and the date of the inspection are correct. Check that the location of the inspection is covered by the authorisation documents. Check that the date of the inspection is within any time period specified in the authorisation documents. Check that the officials are all named in the authorisation documents and that each has a valid and current identity card. Check the officials’ authorisation documents, as their powers to search will vary according to the form of authorisation document. Check whether the investigation is a criminal or civil investigation. If you are in doubt, ask the officials. Sign the minutes of notification. If there appear to be any errors in the authorisation documentation, consult in-house or external legal counsel before signing.
3.4	Check meeting rooms	Check that reception has booked out three meeting rooms for the rest of the day. Escort the officials to their allocated meeting room(s).
3.5	Agree conditions	The officials may request a meeting with the legal team and a senior representative of the company before commencing the inspection. Assure the officials that the company intends to cooperate fully with the investigation. Provide sitemaps and personnel structure diagrams if requested. The officials may impose conditions (eg, offices of certain individuals to be sealed, certain email accounts to be blocked). Agree to reasonable requests and engage the IT team where necessary. The officials may want to station themselves around the building.
3.6	Assemble and brief shadowers	Assemble and brief a team of shadowers on the scope of the investigation, its confidential nature and the need to cooperate; and outline their role. Provide each shadower with a copy of the authorisation document(s) (so that they can easily check the ‘scope’ of the investigation); and remind them that officials should not be allowed to view or remove privileged information. Each shadower should follow their allocated official and should not allow them to wander off alone. This includes carefully watching the review of any electronic data, including where this is done on the official’s own IT equipment. Explain to the shadowers that while it is important to raise challenges on scope and/or privilege, to the extent that there is a disagreement with an official on those issues, this should be escalated to the lead lawyer (on behalf of the company) and the lead official to resolve separately.
3.7	The role of shadowers	Ensure that no one obstructs the investigation, and that officials only look at documents (hard copy and electronic) within the scope of the investigation and do not remove/view information which is legally privileged. Take detailed notes of where the officials go and what they look at, and make a list of all key words and names used.
3.8	Identify key employees	Identify key employees likely to be implicated and ascertain their whereabouts.
3.9	Handling questions	If the officials want to ask questions, politely request that the legal team or external lawyers are present. Keep a note of questions and answers.
3.10	Email staff	Email all staff on the premises to inform them that the company is hosting officials from the authority, who may wish to enter and inspect their offices. Inform all staff that the fact of the investigation is highly confidential and that they must not discuss this with anyone outside the company. Staff should cooperate with the officials, but refer them to the legal team if they have questions.
3.11	Seals	Comply with the officials’ requests to affix seals. Seals must be securely protected and, if appropriate, guarded overnight. Always discuss seals with the legal team.
3.12	At the end of the raid	Find out what the next steps are in the investigation and whether the officials intend to return or to remove data for review at their premises. Agree on a timetable for providing any outstanding information, which is reasonable and something that the business can comply with. Request a copy of the list of documents which the officials have reviewed and copied, and of any data they have copied to take away for review at a later stage. Take two copies of the sketch of the office and the document log form that the officials have made. Request a receipt and a copy of the documents/data taken. Ask to read the officials’ notes to check for accuracy; ask for a copy of the notes (although they may refuse to provide this). Record any differences in opinion or disputes over documents; reserve the company’s right of defence by reserving the right to challenge later. Gather together anyone who has been involved in the raid for a debrief so that all information about the raid can be collated. Liaise with any other site that has been raided. Prepare for next steps.

Explanatory notes

Overview – who can raid your organisation and why

Several authorities have the power to conduct unannounced inspections as part of investigations into potential infringements. These include, but are not limited to:

the Competition and Markets Authority (CMA) – in respect of a suspected breach of competition law;
Her Majesty’s Revenue and Customs – in respect of a suspected tax fraud; and
the Health and Safety Executive – in respect of suspected poor health and safety performance by a business.

Some will be investigations under civil powers, while others will be conducted under criminal powers.

You will need to carefully check the specific powers applicable in each inspection to ensure that the authority is not acting beyond its legal remit, and that your organisation’s rights of defence are adequately understood and exercised.

While each authority’s powers will differ slightly, the basic principles of how to manage the inspection remain the same.

It is recommended that an organisation seek specialist external counsel in the event of a raid, who can advise on exercising the company’s rights of defence and provide lawyers to help shadow each official. Shadowing helps to ensure that the officials do not exceed the scope of their powers and to keep track of the investigation as it unfolds.

Please note that in respect of UK competition law, in April 2023 the Digital Markets, Competition and Consumers Bill (the Bill) was introduced in the House of Commons. The Bill proposes amendments that will strengthen the Competition and Market Authority’s (CMA’s) evidence-gathering powers, including in relation to dawn raids. Specifically, the Bill will:

broaden the CMA’s power to interview individuals as part of Competition Act investigations, so that the CMA can interview any relevant person, including those not connected with the business;
introduce a duty to preserve evidence in all Competition Act investigations 'where a person knows or suspects' that an investigation by the CMA 'is being or is likely to be carried out';
give the CMA powers to ‘seize and sift’ evidence when it inspects domestic premises under a warrant; and
strengthen the CMA’s powers when executing a warrant to obtain information stored remotely when it is stored electronically and is available from the premises.

In addition, the Bill will augment the CMA’s ability to impose fines on businesses and individuals for non-compliance with the CMA’s investigatory measures. Specifically, the Bill provides that:

where a business (or any other entity) fails to comply with an investigative measure, including failing to comply with an information request, concealing, falsifying or destroying evidence and providing false or misleading information, the CMA should be able to impose fixed penalties of up to 1% of a business’ annual worldwide turnover, and have the power to impose an additional daily penalty of up to 5% of daily worldwide turnover while non-compliance continues
where a natural person conceals, falsifies, or destroys evidence, or provides false or misleading information, the CMA should be able to impose fixed penalties of up to £30,000, as well as have the power to impose an additional daily penalty of up to £15,000 while non-compliance continues; and

The above measures are not yet in place and remain subject to further debate as the Bill goes through the parliamentary process. However, organisations should continue to monitor these developments closely and make relevant staff aware of the upcoming changes.

Notes on specific requirements

Step 1 - Instructions for reception and security staff

1.1 Welcome officials and contact legal team

Ensure that relevant dawn raid contact names and numbers are available and accessible for reception staff to use in the event of an unannounced visit. If staff do not have contact details for specialist external counsel to hand, they should contact in-house counsel and/or senior management for instructions.

1.2 Request documentation

Ensure that the authority in question provides a document authorising the inspection. This will either expressly state the powers that the authority has or refer to the piece of legislation granting the powers.

The authorisation document(s) sets out the scope of the authority’s investigation and the powers under which it is investigating. It is helpful to provide copies of the authorisation to the lawyers and company personnel involved in managing the raid/shadowing, so that they can quickly and easily check the authority’s scope and powers and challenge the authority where it is acting outside of either of them.

It is useful to obtain the mobile number of the lead official so that those involved in managing the raid from the company’s perspective can contact them easily and quickly, to update them on the company’s progress in complying with the authority’s requests, or to discuss and resolve a dispute between a shadower and an official – for example, over scope or privilege.

1.3 Ask officials to wait

While signing in the visiting officials is required, the purpose of the visit should not be recorded, as a company is usually legally obliged to keep the existence of the raid confidential, to avoid ‘tipping off’ any other relevant parties. It is in the company’s own interests to keep the raid confidential, as while it is not usually established at the time of a raid that the company has engaged in unlawful conduct (it is usually under investigation), the raid becoming public could have negative consequences for the company, such as a negative impact on share prices or supplier relations.

1.4 Record the officials’ details

Make a list of the officials and the authority they are from, to help the legal team to understand and ascertain their powers during the raid and how many additional personnel or external counsel will be needed to attend the raid.

1.5 Arrange meeting rooms

It is advisable to book three meeting rooms for the entire day. The officials conducting the raid usually want two rooms: one for IT and one as an operations room. The third room can be used by the organisation’s advisers and in-house lawyers. It is important that the rooms that the officials are using do not contain any IT, documents or other information, to ensure that the officials do not view anything without the presence of a shadower.

1.6 Maintain confidentiality and cooperation

See explanatory notes 1.3 and 3.10. All staff should be informed of the fact that the investigation is highly confidential, that they must not discuss the raid with anyone outside the company, and that they should cooperate with the officials but refer any questions to the legal team.

Step 2 - Instructions for a senior member of IT staff

2.1 Document preservation

It is important to ensure that all relevant data is preserved during the dawn raid and thereafter as an investigation develops, and to avoid the risk of employees starting to delete incriminating information.

In light of the increased use of hybrid / remote working models, organisations must consider how they ensure that staff working from home also comply with document preservation measures (and otherwise comply with any restrictions / requirements imposed by an authority during a raid).

2.2 Meet the officials and 2.3 Set up your base

The officials have extensive powers. For example, they can download data from servers and suspend individuals’ email accounts. Subject to the specific powers in respect of which the raid is taking place, there can be serious penalties for refusing legitimate requests (known as obstruction). For example, committing an offence during a CMA dawn raid is punishable by up to two years’ imprisonment, a fine or both. If you are unsure as to whether the officials have the power to request a certain action, tell the officials that you will need to check with the legal team. Do this as quickly as possible; and if there is a legitimate reason not to agree to the officials’ request (eg, if the request is outside the scope of the investigation or pertains to privileged documents), the legal team will manage this on your behalf.

2.4 Assist the officials

Occasionally, officials may ask the company to provide hard drives or other electronic equipment to assist them in collating/storing information. Companies that are subject to dawn raids are generally obliged to cooperate fully with the officials and not obstruct the raid. Companies that are found to have obstructed or refused to cooperate may be subject to serious penalties.

2.5 Create support team

An IT support team will typically comprise the IT director and other members of the IT staff who can assist with requests from officials to grant access to particular data or information stored on the client’s infrastructure.

A ‘shadower’ has the role of following the official to whom they have been assigned and taking full notes of everything they do: where they go, the questions they ask, the search terms they use, what they are – and are not – interested in etc.

Strategic issues include inputting on external or internal communications strategy.

It is important to keep a clear and comprehensive record of all requests from the officials, to ensure that these are dealt with efficiently. This also helps demonstrate to the officials that you are doing your best to cooperate fully by managing their requests in a timely manner.

It is important that the legal team are aware of any potential delays or issues in delivering the requested information, to enable them to manage the expectations of the officials accordingly. This will help to minimise the risk of the company being accused of failing to cooperate or obstructing the officials (both of which have the potential to incur significant penalties).

2.6 Deletion of data

The timeframe for the deletion of data depends on the authority and the power it is exercising. The ‘debrief’ typically happens on the day of the investigation and involves the legal team seeking feedback from all relevant IT staff about the requests they received from officials and how they were actioned, to ensure that a full audit trail is kept of all data in which the officials expressed an interest, reviewed or copied – including requests to block email accounts, access devices and so on. This audit trail is vital to help the company understand what the authority is investigating and assess whether it may need to make any subsequent legal challenges in respect of the raid (eg, about the authority acting outside the scope of its legal powers).

Step 3 - Instructions for management and legal teams

3.1 Meet the officials

It is important to emphasise the company’s commitment to cooperation, as failure to cooperate (or obstruction) can lead to potentially serious penalties – for example, in a CMA investigation, a company can be liable to pay a fixed penalty of £30,000 and a daily fine of £15,000 for failure to comply with the investigation.

It may be helpful to take at least two people with you, to assist you in keeping track of the various requests which the officials are making and/or in dealing with them.

It is important to involve legal counsel to help the company effectively defend its rights.

3.2 Contact internal and external legal counsel

You may have a sufficiently large legal team, with specialist expertise in the area of law that the officials are investigating, such that the company will not require additional external legal support. However, it is usually the case that companies require additional legal support, either to bolster the number of lawyers in attendance (for the purposes of expanding the shadowing team) or to provide specialist expertise in the area of law that the authority is investigating.

Senior managers may include heads of business units and other managers in charge of teams.

3.3 Check documents

It is important that documents are checked to ensure that the raid is conducted in accordance with the powers set out therein – for example, that the raid is being conducted by the named officials, or that the right business and premises are being searched. If an inspection of the documents reveals any errors, these should be challenged with the assistance of legal counsel. Depending on the extent of the error, legal counsel will likely advise that the officials are allowed to continue with their raid, but that the error is noted, with an explanation to the officials that the company may bring legal challenges regarding the error following the raid. It is unlikely that legal counsel will advise that the officials be refused entry to premises on the basis of an error, as this could be viewed as obstructing the officials, which could potentially lead to very high penalties for the company.

Signing the inspection documents evidences that the documents have been handed to your organisation and is not an admission of liability.

The officials’ powers will vary according to the authorisation documents. For example, some authorities will have the power to remove original documents, whereas others may only have the power to take photocopies or review data on site.

In practice, recent experience is that officials increasingly require organisations to identify and provide them with specific categories of information or documents, rather than conducting a search over all of an organisation’s data themselves.

3.4 Check meeting rooms

Officials will need at least one other room in which they can set up their IT equipment to carry out IT searches and/or to conduct searches of hard-copy files. Ensure that shadowers accompany officials into this room (there should be one shadower per official). See also Overview and 2.5 Role of the shadowers.

3.5 Agree conditions

The officials may request a meeting, although this may not happen in all raids. Sometimes the officials will request a meeting to explain where they will start their investigation.

You may allow officials to station themselves around the building, provided that each official is accompanied by a shadower.

3.6 Assemble and brief shadowers and 3.7 The role of shadowers

The shadowers will need to understand the scope of the investigation from the documentation provided by the officials and from briefings by the legal team or senior management.

The officials will understand that the company must exercise its rights of defence and will thus fully expect to be shadowed by company representatives.

Explain to the shadowers that while it is important to raise challenges on scope and/or privilege, any disagreement with an official on those issues should be escalated to the lead lawyer (on behalf of the company) and the lead official to resolve separately. This helps to minimise the risk that the company may appear to be obstructing the officials.

3.8 Identify key employees

The persons considered to be ‘key employees’ will vary from one raid to the next, but they are likely to be those employees who are most closely involved with the conduct under investigation. Initially, involve those in most senior roles as well as those most likely to be in possession of relevant evidence (ie, documentation pertaining to the subject matter of the investigation).

3.10 Email staff

Send an email to all staff, not just those directly involved in the raid, to provide a general explanation of what is happening and ensure an appropriate level of cooperation from all staff. Given that officials are likely to be able to roam freely around the premises, all staff need to understand who they are in order not to obstruct them when they are acting in accordance with their powers.

3.11 Seals

If the investigation runs into a second or subsequent day, the officials may choose to seal rooms or cabinets used to store documents to ensure that documents are not tampered with overnight. Tampering with seals can result in significant penalties (eg, in a Financial Conduct Authority raid, a person who obstructs a search warrant can be fined up to £5,000).

3.12 At the end of the raid

If the officials do not plan to return to the premises, but have removed data for review, the next steps will be to agree a process for reviewing data off-site. Officials may also follow up asking for individuals to attend interviews, and may issue formal or informal requests for further information to be provided.

You should request two copies of the list of documents the officials have reviewed and copied: one for internal purposes and one for external counsel.

Following a dawn raid, the next steps are likely to include conducting an internal investigation to review all documents or data taken; making further enquiries into the matter under investigation, including additional data searches and interviews with key individuals; and devising the company’s strategy to respond to the raid.

Requests may be made during a closing meeting during the company and the officials, or by separate written communication (depending on the authority in question).