PanicStation.org
UK USA
us Legal, police, prison & official contact regulator contact • contacted by an agency • government inquiry • regulatory investigation • enforcement investigation • subpoena received • civil investigative demand • cid letter • administrative subpoena • request for interview • agency phone call • official notice of violation • document preservation • legal hold • unsure how to respond • panic after subpoena • compliance allegation • government records request • do i need a lawyer • dealing with investigators

What to do if…
you are contacted by a regulator about possible violations and you are unsure how to respond

Short answer

Do not improvise. Preserve records immediately and get legal counsel before you provide explanations, documents, or interviews—then respond in a controlled way that confirms scope, authority, and deadlines.

Do not do these things

  • Do not ignore it or miss the response date (even if it “seems informal”).
  • Do not delete, alter, rename, backdate, or “clean up” documents, emails, chats, or logs.
  • Do not call the agency to “talk it out” or give a detailed story on the spot.
  • Do not consent to an interview/testimony without counsel, and do not guess answers.
  • Do not volunteer extra categories of documents or information beyond what’s requested.
  • Do not circulate sensitive details widely internally (assume internal messages can be discoverable later).
  • Do not “align accounts” or script narratives. (It’s fine to locate records and confirm facts; it’s not fine to pressure people about what to say.)

What to do now

  1. Verify the contact is legitimate.
    If you got a call/email, independently find the agency’s official phone number (not the one in the message) and confirm the name, office/division, and reference/case number.
  2. Figure out what kind of demand this is.
    Look for: a voluntary request, a subpoena, a Civil Investigative Demand (CID), a notice of violation, or a request for testimony/interview. The label matters because deadlines and obligations differ.
  3. Preserve everything immediately (“legal hold” mindset).
    Stop deletions and auto-purges (email, Teams/Slack, texts, backups where possible). Tell IT to preserve relevant accounts and devices. Don’t “organize” or edit files—just preserve.
  4. Read for the key constraints, then stop.
    Identify: the deadline, what categories are requested, the time period, the format/definitions, and whether testimony is demanded. Don’t start producing substantive explanations until counsel has seen it (unless a deadline is truly imminent and you have no choice).
  5. Get the right lawyer fast.
    Contact your in-house counsel/compliance team if you have one. Otherwise, look for an attorney experienced with the specific regulator/agency area (e.g., SEC, FTC, EPA, state AG, licensing boards). If you have relevant insurance, check notice requirements with counsel/broker and avoid casually sharing privileged details.
  6. Send a minimal “receipt + process” response.
    A safe early reply is: confirm you received it; ask for any missing details (scope/definitions); ask who to coordinate with; and ask what the agency’s process is to discuss scope/format. If you request an extension, ask for written confirmation.
  7. Set one controlled channel for communications.
    Designate a single point of contact. Instruct staff (calmly, in writing) to forward any agency contact to that person and not to respond independently.
  8. Prepare a clean packet for counsel.
    Gather: the full demand/letter, prior related correspondence, org chart / roles involved, where relevant records live (systems, shared drives), and any known deadlines or ongoing risks.
  9. If investigators show up in person.
    Ask for identification and the legal authority (e.g., warrant, inspection authority). Do not obstruct. Contact counsel immediately. Keep a written log of what is requested/taken and who said what.
  10. If they request an interview/testimony.
    Do not attend alone. Ask whether it is voluntary or compelled, what topics are covered, and how it will be recorded. Schedule through counsel.

What can wait

  • You don’t need to “explain everything” today.
  • You don’t need to decide fault, blame, or corrective action plans immediately.
  • You don’t need to make public statements, resign, or fire people in the first hours.
  • You don’t need to predict outcomes; focus on preservation, scope, and counsel first.

Important reassurance

Regulatory contacts can start broadly and narrow later. Many begin as information-gathering. The most damaging mistakes usually come from panic: missed deadlines, casual admissions, or altered records. If you preserve data and slow communications until you have advice, you’re protecting yourself and buying time.

Scope note

This is first-steps guidance only. Your next steps depend on the specific agency, whether the matter is civil or criminal, and whether you received a subpoena/CID versus an informal request.

Important note

This is general information, not legal advice. US federal and state agencies have different rules and deadlines. If you are unsure, treat the matter as serious, preserve records immediately, and get advice from a qualified US attorney.

Additional Resources
Support us