Erick Gunawan

Most CEOs and senior executives think that their firms are unlikely targets for a dawn raid. But, as BRG’s Erick Gunawan explains, it could happen to anyone. So what are you going to do about it?

Your mobile rings at 6:00 a.m. It’s the night receptionist from head office. Government investigators are in the lobby. They say they have a court order and want access to the server room. It’s a dawn raid. What are you going to do?

Have a think, because one day it might happen.

I have more than fifteen years of experience working with clients who have been dawn-raided, and one thing that most of them have in common is that they were caught by surprise when it happened.

That is sort of the point. Nobody expects the Spanish Inquisition, right? What I mean is that, up until the point at which they received the phone call saying that investigators were in the lobby with an order signed by a judge, senior executives at many targeted companies hadn’t realized they were the sort of businesses that might, one day, get raided. 

In my experience, dawn raids happen for various reasons, with the top three being: money laundering, insider trading and tax evasion. Businesses that are bending or breaking regulations usually are aware they risk attention from the authorities, but money launderers and insider traders tend to keep their activities quiet. And some money launderers actively try to run their transactions through well-run and reputable businesses to make their whites come out even whiter.

Any business can have an employee who has gone rogue or is being blackmailed. A criminal might be targeting your firm. Or nobody has done anything wrong, but something has raised ‘red flags’.

As a rule of thumb, about 70 percent of medium- to large-sized businesses run the risk of a raid. That means that most businesses need to get a plan together.

“But”, I hear my law-abiding LinkedIn contacts say, “if the authorities come calling, is it not our duty to comply with law enforcement, and do whatever is asked of us?”

We all have a duty to cooperate with the law. But does that mean that you should let the police walk off with trolley-loads of laptops that you need for your day-to-day operations? 

Or would it be better to get some independent forensic experts to assist the regulators to perform imaging of data from servers and computer equipment, or to monitor the seizure process to ensure no tampering of the original data occurs and that a defensible forensic preservation process is followed?

Surely it would be a good idea to make an inventory of everything that gets taken, just to make sure you get everything back? If you don’t ask, you might not get…

This registry also is crucial to ensure the company has the upper hand to start working on the mitigation plan post-raid. Perhaps an internal investigation might be warranted to ensure you know exactly what has been going on within your company and preemptively release your findings to the regulators. They’ll appreciate it, and more often than not, you might just get a more lenient fine.

These are just a couple of things you can do during a raid. There are many more. 

In my next article, I’ll review what you should be doing to prepare for a raid and then, if one happens, what you should do during and after.