Dawn raid compliance guidelines

0
144

It is vital for employees to understand how to conduct themselves during dawn raids or interactions with regulators. Failure to do so may result in significant consequences for the employer.

The European Commission recently fined a European company after a senior employee deleted private WhatsApp messages during a dawn raid pertaining to a competition law violation.

The WhatsApp chat in question was with a competitor and contained business-related information. This fine illustrates the growing scrutiny on digital communication channels as employees increasingly rely on platforms like WhatsApp for personal and professional interactions. Regulators are recognising the need to adapt their enforcement strategies.

The use of messaging apps on the work mobile phones

The use of messaging platforms such as WhatsApp and Snapchat, which offer ephemeral or disappearing message features, likely provides a false sense of privacy to employees and managers. Employees may feel more comfortable sharing information or discussing sensitive topics that they might not want to address in a more permanent format, like email.

Similarly, when the regulator is at the door, employees who are hesitant to switch on the shredder can quickly reach into their pocket and hit delete on communications they don’t think their employer will want the regulator to see. As the European Commission’s fine illustrates, the consequences can still be borne by the company. Financial institutions globally have faced regulatory scrutiny over the use of messaging apps by employees to discuss sensitive matters.

There has been a move away from the use of third-party messaging apps on the work mobile phones of employees, a trend we have not yet seen in South Africa. In South Africa, a number of regulators and public bodies are empowered to conduct dawn raids.

For example, dawn raids may be conducted by:

  • the South African Police Service;
  • the South African Revenue Services;
  • the Competition Commission; and
  • the Information Regulator.

While each authority is subject to different laws governing the powers granted to them, as a general principle, they may enter a firm’s premises, seize and/or make copies of documents and collect electronic data that form part of the investigation.

Having an effective policy in place

In our experience, a significant focus of dawn raids is accessing electronic documents such as those on servers and devices. If a company fails to comply with its legal obligations during a dawn raid, significant fines and/or criminal penalties may be imposed. As dawn raids have proven to be effective investigatory tools, we anticipate that regulators and law enforcement will continue to conduct dawn raids in South Africa (and that their frequency will likely increase).

The best defence is having an effective document management and communication policy that is well known and understood.

The hallmarks of a dawn raid ready company are the following:

  • employees have clear reporting guidelines, indicating who they must contact in the event of a dawn raid;
  • employees are aware that they cannot delete, destroy, hide or falsify any documents or information during the dawn raid as this may result in criminal liability not only against the employer but also against the employee. This includes information stored on mobile phones or computers, which relate to the business of the employer;
  • employees are provided with training on their rights and obligations during a dawn raid, as well as the manner in which they must act to protect the confidential and legally privileged information of their employer within the confines of the law;
  • employees are aware that any dawn raid must be conducted with due regard to their dignity as well as their right not to answer questions that may be incriminating, particularly without the assistance of a legal representative. This being said, employees must cooperate with the investigators and answer questions truthfully and to the best of their ability;
  • employers should implement procedures for the disclosure of confidential information. This may include a process that requires employees to disclose to the employer any information that they have been required to disclose by law to enable the employer to take steps to mitigate any harm to its business and/or its clients; and
  • employees are aware that they cannot discuss the dawn raid with other employees or third parties unless they have been authorised by their employer to do so.

In conclusion

Employers must take measures to protect the confidentiality, availability and integrity of communications pertaining to their business and may face difficulties if employees routinely utilise messaging apps to conduct business.

Some applications make provision for encrypted messaging, and communication data is typically kept ‘in the cloud’, to which employers do not have access. Companies should understand the extent to which employees are using third-party applications in conducting business and appropriately adjust their policies and procedures.


Clare-Alice Vertue | Partner | mail me |
Karl Blom | Partner | mail me |
Siya Ngcamu | Senior Associate | mail me |
Sidrah Suliman | Associate | mail me |
| Webber Wentzel |

Related FAQs: Dawn raid compliance guidelines

Q: What should an organisation’s response team do to ensure compliance during a dawn raid?

A: The organisation’s response team should familiarise themselves with the dawn raid procedures and ensure all staff are trained on best practices. They should have a clear plan in place, including a designated dawn raid contact, to manage the situation effectively and comply with the inspector’s requests.

Q: How can a business prepare to respond to a dawn raid?

A: A business can prepare by conducting regular training for their staff, especially reception staff, on how to respond to a dawn raid. They should also ensure that their legal team is readily available and that there are clear procedures in place for managing a dawn raid event.

Q: What is the role of in-house counsel during a dawn raid?

A: The in-house counsel plays a critical role by providing legal guidance during the raid. They should ensure that the organisation complies with all legal requirements and that the rights of the organisation are protected during the inspection by the inspector.

Q: What should an organisation do if a dawn raid occurs?

A: If a dawn raid occurs, the organisation should promptly activate their response team, notify senior management and contact their legal team. They should also ensure that all staff remain calm and follow the established dawn raid guidance.

Q: What are the potential consequences of a breach during a dawn raid?

A: A breach during a dawn raid can lead to serious consequences, including legal penalties, damage to the organisation’s reputation and potential criminal charges depending on the severity of the offence. Compliance with dawn raid procedures is crucial to avoid such outcomes.

Q: What is the best way to manage a dawn raid with external counsel involved?

A: To manage a dawn raid effectively with external counsel, organisations should ensure that there is clear communication between internal and external teams. They should also have pre-established protocols for how to respond to a dawn raid, ensuring that external counsel is present to advise on compliance and legal rights.

Q: How important is it to have a designated dawn raid contact within an organisation?

A: Having a designated dawn raid contact is crucial as this person is responsible for coordinating the response to the raid. They serve as the main point of communication between the organisation, the inspector, and the legal team, ensuring that all actions taken are compliant with the law and the organisation’s policies.





LEAVE A REPLY

Please enter your comment!
Please enter your name here