Authorities across the U.K. and Europe have indicated plans to step up oversight and enforcement across a range of regulations, particularly in the area of antitrust. This effort is already proving to include a surge in dawn raids—unannounced inspection by a regulator on suspicion of infringement—throughout 2022. In the months and year ahead, organisations will be under intensifying pressure to prepare for these inspections. This is prompting a renewed need for legal and compliance teams to review procedures and develop clearer understanding of their IT landscape so they can quickly respond to an inspector during an unannounced investigation.
Earlier this year, Maria Jaspers, head of the cartel directorate within the European Commission, acknowledged in a public statement that a series of raids were planned for the remainder of 2021 as part of the Commission’s efforts to tackle a backlog of inspections that accumulated amid pandemic-related slowdowns and cross-border restrictions. This was reinforced in October when the EU raided a Belgian pharmaceutical company for abuse of dominance suspicions. And since October, the commission has conducted three more sets of dawn raids, indicating that a recent uptick in coronavirus cases is not acting as a deterrent in this latest enforcement push.
Additional dawn raids to investigate suspected antitrust infringements across several industry sectors, led by European Commission authorities as well as national authorities in France, Greece, Hungary, the Netherlands, Norway, Poland, Romania, Portugal, Spain and Slovenia, added to the renewed enforcement momentum in recent months. In December, The Netherlands Authority for Consumers and Markets (ACM) conducted dawn raids against numerous food processing companies. Andreas Mundt, president of the German Bundeskartellamt stated that his agency is likely to re-start unannounced inspections, and Andrea Coscelli, the Chief Executive of the U.K. Competition and Markets Authority (CMA), has spoken publicly about an intention for the CMA to possibly increase its volume of antitrust cases under investigation. If the CMA indeed takes a more active approach towards investigating business practices impacting markets in the U.K., it’s likely that organisations in the region will also experience an increased incidence of dawn raid activities.
Corporations need to prepare for a tough enforcement landscape in the year ahead. During a dawn raid, inspectors typically have wide remit to interview employees and collect paper documents, emails, electronic files and devices (including personal chats stored on WhatsApp) from corporate offices and the private residences of certain persons of interest. Delays in providing access can easily lead to a charge of obstruction or non-cooperation, carrying significant fines and other penalties. Below are several steps organisations can take to strengthen their systems and processes in the interest of dawn raid readiness.
- Understand and document where data is stored. This is more critical now than ever before, as most organisations have transitioned their core IT operations to the cloud and on-site IT staff may not have the credentials needed to immediately freeze employees’ user accounts or collect the information requested by the inspector. Data maps should make note of which employees have access to sensitive information and all data sources (including chat applications and collaboration platforms) that may contain information of interest to the dawn raid.
- Refresh existing readiness processes and employee training to align with remote and hybrid working scenarios. Proactively provide guidance on how staff should respond to an unannounced inspection when most employees may be working from home. Legal and IT personnel also need to consider how they will ‘shadow’ inspectors and record a log of what is seized when an employee interview is conducted remotely and counsel and/or IT are not physically present in the room.
- Review acceptable data use policies to ensure they address how employees store information when working remotely, as this can become a factor that justifies expansion of the investigation’s scope include employees’ homes.
- Map out key areas where over-collection may occur—a common occurrence within multinational organisations that share data between geographies or maintain a central information store with subsidiaries and parent corporations—to ensure the dawn raid response team knows what systems and topics to monitor. This principle of caution against over-collection should also apply to inspector requests to view documents containing personal or privileged data.
The lull in dawn raid activity from the past nearly two years is likely at its end, and in the new year, organisations should expect an uptick in these disruptive investigations. And like everything, the pandemic has changed the landscape. The way inspections will be carried out and the challenges involved in responding to them will be different than they were when business operations were conducted primarily in physical offices and using traditional communications channels. This is why it’s important to revisit policies and establish dawn raid readiness processes that account for today’s remote work environment. With limited investment, organisations can get a better understanding of how equipped they are to respond to a raid and bolster their position before it’s put to the test.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.