Investigative Intelligence

Armed with warrants, they can and do arrest company officials and take away information not only in the form of paper files, but also electronic evidence stored on computers, servers and other digital devices. Given the impact on business, severe penalties and reputational damage associated with corporate wrongdoing, companies need to be prepared for a raid. They should also take proactive steps to detect unlawful behaviour ahead of a knock on the door from the authorities.

How to handle a raid
Alert management and legal to the arrival of authorities
It is always advisable to ask the investigators to wait for the company’s lawyers to arrive, as they will check on the lawfulness and scope of the warrant/search order. Also, call in an IT or forensic technology consultant who can shadow the investigators.

Ensure internal communications promote compliance with investigators
The obstruction and failure to comply with properly authorised investigators carries the risk of hefty fines and imprisonment. Employees should stay calm, not answer questions beyond scope or comment outside of company-related questions.

Do NOT delete data
This leaves a trace and can lead to uncomfortable inquiries, expansion on the scope of electronic data collections or repeated collections. It is vital to ensure all employees are aware of their legal obligations. For example, computers should not be turned off because investigators may require access to recently used RAM to check on data copied to clipboards or downloaded.

Monitor investigators
Organisations should ensure investigators are sticking to the scope of investigation and following proper procedures to preserve the integrity of evidence. The powers of the authorities to enter premises and how they copy relevant information vary. Companies should always seek local legal advice on how to respond in each case.

Note what investigators are searching for and on which devices. With the help of a computer forensic expert, it is possible to replicate what the investigators copy either during or immediately after the raid. Business continuity is important — negotiate with investigators and ask whether they need to seize whole computers and take servers offline. Areas of potential relevance can be discussed and targeted, as can procedures for handling known privileged documents.

The aftermath
The sooner a company is able to start reviewing what the authorities have collected, the sooner it can consider its legal exposure and strategy for handling the investigation. A legal technology provider can set up a document review tool that allows the company to rapidly analyse documents seized by regulators. The millions of emails now available will need to be automatically filtered and prioritised using the latest technology so that the company can quickly assess potential liability and prepare a response.

Proactive compliance monitoring
Electronically stored information (ESI) such as email is a source of evidence often targeted by regulators. In line with guidance from authorities, it is becoming increasingly advisable for companies to review their electronic communications and information as part of their internal compliance monitoring and audit process. Companies that carry out such internal reviews of their ESI to detect unlawful activity will be better placed to defend themselves.