As widely reported, during 2021 the activity of competition/anti-trust authorities and in particular on-site inspections, commonly referred to as “dawn raids”, rose compared to the prior year.   

This is not entirely surprising, given those authorities were trying to navigate the new challenges caused by COVID-19 throughout 2020. Recent comments attributed to competition authorities signify that this activity is set to increase throughout 2022 and beyond. In 2021, the commissioner for competition from the European Commission, Margrethe Vestager, and Andreas Mundt, the president of the Bundeskartellamt, signalled their intention for restarting dawn raids. Mr. Mundt proclaimed “the relaxed time for cartel offenders is over. We are on the road again.” However, being physically “on the road” may no longer be a necessary requirement for competition authorities to gather information. 

A dawn raid refers to an unannounced inspection at the premises of a company. It is a part of the investigative toolkit of the competition authorities that allows them to investigate potentially anti-competitive conduct under European Union (EU) or domestic competition laws. Historically, a dawn raid would involve the competition authority arriving unannounced at the premises of a company where they would then seek to collect any relevant and permissible information available to them within the scope of their enquiry. 

This collection could include:

• Hard copy documents
• Electronic date from any available devices including laptops or central storage servers
• Information gathered from interviews with key personnel

However, from a data perspective, the need for competition authorities to physically descend upon a business’s premises to conduct a dawn raid is diminishing. This is partially due to the adoption of cloud-based systems, where a company’s data (e.g. emails, documents and instant messaging data) is accessible via the cloud, and also due to the technical advancements in remote collection capabilities. 

This migration to the cloud is now being compounded as many companies are embracing hybrid working policies and therefore seeing far less employee foot traffic through their physical premises. 

Evolution of data collection in dawn raids

The collection of relevant data and information are the foundation of any successful investigation and therefore it is important to understand the different data types and storage systems used by companies. 

Competition authorities focus on two types of data as a priority: structured data, such as databases containing pricing or accounting information and unstructured data, such as communication data and key business documents created by senior employees. This communication data tends to fall into two main categories: formal and informal. 

Formal data includes data from company email and instant messaging, as well as collaboration tools such as Microsoft Teams and Slack. These data sources are typically stored on a server or in the cloud and can be accessed with the assistance of the company’s IT function. Informal communications, including text and WhatsApp messages, are generally stored on the mobile devices they relate to – although they are sometimes surreptitiously stored on company servers in the form of device backups. 

Companies generally have document storage policies that dictate where important documents are saved. This minimises the risk of documents only existing on an individual employee’s laptop or desktop. Key business documents may be stored in locations using cloud-based storage such as OneDrive or SharePoint, bespoke industry-specific document management systems, and in some cases, although falling in popularity, on laptops/desktops or even in hard copy format. While the latter may seem outdated, retaining hard copy documents remains commonplace in certain industries for varying reasons. OneDrive and SharePoint are both cloud-based systems and therefore likely to be administered by a company’s IT function. 

Structured data types such as pricing or accounting information is typically stored in database systems, also largely cloud-based, allowing relevant business functions to log in and navigate the data as required. Business functions typically interact with the structured data through the simplified user interface of a program, however, the data itself sits behind these programs in complex tables linked together to form a database. All the systems discussed above are typically managed and administered by the company, but there is also the potential for relevant data to sit outside of a company’s prescribed systems. 

This “potential” exists in most cases and is heightened due to the recent rise in remote working due to the onset of COVID-19. This has caused a side effect: An increased risk of employees accessing and saving work-related documents and information on personal devices, typically stored at home. For example, the convenience of picking up a personal laptop or tablet to draft a document, to send company data through a personal email address, or similarly, physical notebooks used to note the thoughts and workings of the day, all could result in relevant information to an investigation being stored at a residential address. 

Throughout the pandemic, and subject to multiple COVID tests and full PPE, courts granted search orders covering residential and/or business premises, to secure relevant information and data related to civil litigation. This is in line with comments released by the Financial Conduct Authority (FCA) (whom have similar powers to the competition authorities) in October 2021:

“It’s important that firms are prepared to take responsibility to ensure employees understand that that the FCA has powers to visit any location where work is performed, business is carried out and employees are based (including residential addresses) for any regulatory purposes. This includes supervisory and enforcement visits" 

In addition to the information captured directly from a company or employees, information can be obtained indirectly either through publicly available sources, or through the competition authority utilising its powers to compel third parties to provide potentially relevant data they hold. Publicly available data comes in various formats and can include company websites and published financial accounts.

Investigators may deploy web scraping technology to collect information from:

• Press releases
• Publicly available accounting information
• Social media
• Any industry-recognised publications

Classic examples of data obtained from third parties include communication metadata from a mobile phone network or internet service provider and financial records from a bank. These sources of information could show mobile phone records or even geo-location data. Both of which could be relevant to an investigation.

The advancement of artificial intelligent (AI) around the analysis of large data sets allows investigators to handle the increasing volume of data that inevitably comes from all these systems, without the apprehension of having to review all data manually. Given AI’s ability to intelligently sift through huge data sets, it is now possible to efficiently identify interesting and relevant findings across multiple data sources. 

Many AI algorithms continuously learn what relevance means for a matter and therefore increases the efficiencies of analysing large data sets over time. Work product in the form of an AI model which encapsulates the AI learning from a particular case can be transferred to new cases. This allows investigators to harness prior learning by the AI model to fast-track new case analysis.

A move to remote dawn raids 

With the adoption of remote working policies and with technology being at the heart of the investigative approach, it’s no surprise that dawn raids are being conducted remotely by competition authorities. The introduction of these remote dawn raids allow authorities to interact with companies through video conferencing. From there, authorities can proceed to collect relevant data through virtual data rooms, or by accessing the companies’ IT systems remotely and then deploying forensic collection software to capture data in a forensically sound manner.  

The end of 2021 saw activity from competition authorities in France, Hungary, Norway, Poland, Spain, Portugal, Romania, and by the European Commission, among other locations across the globe. Specifically, there were three instances in which competition authorities conducted remote dawn raids, including:

In Italy, the local competition authority downloaded data remotely after a video call with the company’s legal representatives. They conducted a secondary filtering process for relevance on a follow up video call by sharing their screen with external counsel.

In Colombia, the competition authority invited the company to a virtual meeting and during that meeting requested control rights to the laptops of individuals participating on the call. The authority collected screenshots of folders on the laptops, including document counts and sizes ensuring any deletion activity after the call would be easily recognisable.

In Greece, a local competition authority announced seven new cases since summer 2021 that combined in-person data collection with remote interviews. 

Practical tips to prepare for a remote dawn raid

Much of the advice offered to prepare for remote dawn raids follows the advice previously provided for traditional or in-person dawn raids, albeit with updates to take into account the change of working practices and advancement of technology available. 

Here are our top tips to ensure your company is prepared for a remote dawn raid:

• Dawn raid inspections are 95 percent focused on digital devices or systems. Management of these devices by IT teams and appropriate use by employees is fundamental. 
  • Companies should document appropriate IT policy such as data retention, network permissions and data access and where appropriate, require acknowledgment by staff. 
  • Employees should be trained on the appropriate use of all available company IT systems and understand the potential consequences of using personal devices for work activities. 
  • If working from home, employees should follow practical advice for storing work devices in a designated working area (e.g. a home office/desk area) to try to maintain boundaries between work and home devices, thereby minimising the risk of personal devices being included in scope by a regulator.
• Companies should work with their technical partners to develop an action plan to be followed in the event a remote dawn raid occurs. Technical partners skilled in electronic discovery and digital investigations can track and monitor the technical processes used by the regulator. This ensures companies know what data is collected. Information on the regulators technical work may be stored in log files created by remote processes run by the regulator, or through remote observation by a technical partner. This information is crucial for the company’s legal team to support the company through the investigation and can also be used to ensure any subsequent parallel investigation includes the data sources the regulatory body has in their scope. 
• The deployment of remote collection software used by competition authorities may have an impact on the company’s live systems. A technical partner who is familiar with these remote collection methodologies can create a plan that will be able to work with the IT team to monitor live networks, ensuring business continues.
• Companies should work with their legal partners to develop or update their action plan to ensure a comprehensive planned approach. Issues regarding privilege material and the legal powers of a regulator may rise and including legal partners in the response plan will allow them to assist from the very start of any remote dawn raid. Staff should be trained regarding their legal rights during a dawn raid, as well as the limits to these rights, as failure to comply with the law can lead to fines for obstruction.  

To conclude, companies must prepare for the increased activity from competition authorities. That preparation should include a review of current dawn raid protocols, if already in place, with a focus on bringing those protocols up to date for the new hybrid working situations and the advancement of remote data collection possibilities.  

A&M’s Global Forensic Technology Services team is comprised exclusively of senior forensics, data analytics, e-discovery, and information security consultants, who bring deep expertise in computer science and information systems and offer a hands-on, action-oriented and results-driven approach to preserving, collecting, processing, and analysing electronically stored information, customised to fit each client’s unique support needs. Our consultants come from FTSE-listed corporations, global law firms, top consulting firms, and government agencies, and most have 10+ years of experience in technology support. If you are interested in discussing how we could help you prepare for a dawn raid or assist with any regulatory investigation please contact one of our experts.