Challenge
The European Commission (EC) has the power to enter the premises and conduct investigations on whether companies infringe the EU rules prohibiting restrictive agreements and abuse of dominance (Article 101, 102).
A large manufacturing client in Poland wanted to assess their team’s reactions and responses to one of these so-called ‘dawn raid’ investigations. As the fines for failing to submit to an inspection can be up to 1% of a company’s total turnover, it was vital that our client was prepared for a real raid.
Solution
Our forensic team, together with the company’s law firm, prepared and performed a mock dawn raid exercise. In the course of the raid, we identified IT as a key area of focus. IT, more than any other area of the business, has the knowledge of the operations and access to critical data that may be requested in a real raid.
Execution
We turned up on the day posing as EU Commission investigators and specialists.
We conducted technical interviews of key IT personnel and assessed their knowledge on:
- willingness to cooperate with investigators
- their systems and location of critical data (efficient asset management controls)
- accountable staff for critical systems and storage locations
- sufficient and tested protocols/readiness plans of responding to information requests
Results
After several hours of interviews and assessments, we revealed our true identity. We carried out a debrief exercise with the law firm and the company which highlighted a number of issues for the company to address. The issues included inadequate data preservation policies and heavy reliance on third party IT vendors to respond to information requests.
This exercise enabled the company to improve their systems in order to be better prepared in the event of a real raid.