Two agents arrive at the front desk of the Brazilian company early in the morning. They do not present a court warrant. They say they need to verify information, speak to someone from Legal, or access a specific document. The tone is polite, often cordial. But it comes with familiar pressure: “this will be quick,” “we do not want to create a problem,” “it is better to sort this out now.”
For a foreign parent company, investor, officer, or in-house counsel, this may sound like an ordinary contact with local authorities. In Brazil, however, when a visit like this touches a criminal investigation, the first minutes can matter more than they appear to.
Should the company let them in? Ask for a warrant? Call external counsel first? Allow access to an internal room? Open a server folder? Hand over documents? Record the interaction? Who inside the company is authorized to answer these questions?
The way the company reacts in those first minutes may shape the investigation. An improvised authorization given by someone with no decision-making power may later be described as consent. An informal conversation may become an official record. Limited access to internal files may open an entire investigative path. The attempt to “avoid creating a problem” may end up creating the problem itself.
This is the point: the arrival of Brazilian authorities without a warrant should not be treated as a routine administrative visit. It is a legal, institutional, and often reputational risk event. And this kind of risk cannot be managed by improvisation.
The lobby is not the whole company
Receiving authorities at the front desk does not mean authorizing access to the entire company. A lobby, reception area, or space open to the public has one legal nature. In-house legal offices, executive rooms, archives, computers, servers, and restricted-access spaces have another.
This distinction is easy to understand, but it is often forgotten under pressure.
Brazil’s Constitution protects the home against unlawful entry. Brazilian courts, however, have long understood that this protection is not limited to where a person sleeps. It can also apply to private spaces where professional or business activity is carried out. Law offices, medical offices, corporate rooms, and restricted business premises are not open to the mere investigative curiosity of the State.
That does not prevent authorities from acting. It simply requires a lawful basis before they cross certain boundaries.
If there is a court warrant, it must be presented, read, and executed within its limits. If there is no warrant, entry into a protected space is exceptional. Under Brazilian constitutional law, the usual justifications are flagrante delicto, disaster, emergency assistance, or valid consent. Outside those situations, the company may refuse entry into restricted areas without that refusal amounting to obstruction.
This distinction is especially important because, in most real cases, the visit does not begin with force. It begins with the language of convenience.
The danger of “we just need to take a quick look”
Few expressions are as risky as “we just need to take a quick look.”
Authorities may not say they are conducting a search. They say they need to check information. They do not formally request seizure of documents; they ask to see a folder. They do not demand broad server access; they ask for a specific file. They do not always say the matter is criminal; they say they are verifying something.
The problem is that informal visits tend to expand by stages. First, the agents go upstairs. Then they enter a meeting room. Then they ask for one document. Soon they photograph a spreadsheet. Later they request access to digital files. By the time the company understands the scope of the episode, it has allowed a search-like procedure without a warrant, without a defined scope, and without adequate legal guidance.
The later reading will be different. The authority may record that it was received by the company, that access was authorized, and that documents were delivered voluntarily. The prosecution may argue that there was no coercion, only spontaneous cooperation. The company, which was simply trying to be practical, then has to explain why access was granted, who granted it, on what terms, and how far that authorization could lawfully go.
Cooperating with authorities is one thing. Giving up control is another.
Serious companies cooperate with legitimate investigations. But cooperation does not mean unrestricted access to private areas, servers, files, passwords, or strategic documents without a clear legal basis. A well-advised company does not antagonize authorities. It simply requires the act to be performed properly.
The same logic appears when Brazilian authorities execute a corporate search and seizure warrant. In that setting, the challenge is to control the execution of an existing court order. Here, the issue is earlier and more delicate: what to do when there is no warrant, but there is pressure to allow entry.
No warrant: the first question is legal
When authorities arrive without a warrant, the first step is not to let them upstairs “so we can talk more comfortably.” The first step is to ask for the legal basis of the intended entry.
Are they alleging flagrante delicto? Emergency assistance? Disaster? Or are they asking for consent?
The answer must be clear and, whenever possible, documented. The mere existence of an investigation is not enough. A generic suspicion is not enough. An anonymous tip, standing alone, is not enough. A desire to “verify documents” is not enough.
The Brazilian Supreme Court’s Theme 280 established that forced entry without a warrant requires concrete reasons, capable of being demonstrated later, indicating a situation of flagrante delicto inside the location. Put simply: the justification must exist before entry. Authorities cannot enter first and then use what they find to justify the entry.
That order of events changes everything.
If there is no warrant and no clearly identified exceptional situation, the company should not authorize entry into restricted areas before contacting criminal counsel. This is not undue resistance. It is minimum governance in the face of a potentially invasive investigative act in Brazil.
Consent is not courtesy
The most sensitive issue is consent.
The authority asks: “May we come in?” An employee, uncomfortable with the situation, says yes. The receptionist releases the access gate. A manager authorizes the agents to come upstairs. Someone opens a meeting room. Another employee locates a folder on a computer. Everything seems normal. Legally, it may be serious.
Valid consent requires freedom, information, and authority to decide.
The person must know that refusal is possible. The authorization must be clear. And the person must have actual authority to decide for that space, document, or system. A receptionist may receive agents at the front desk; that does not mean they can authorize entry into executive offices. An administrative employee may forward a request to Legal; that does not mean they can release internal documents. An intern may be present in the office; that does not mean they can allow access to strategic files, client data, or corporate equipment.
In companies, this difference is decisive. The person authorizing entry must have real authority to do so. Otherwise, there may be only an appearance of consent, not consent by the company.
And an appearance of consent should not validate a warrantless search.
The Brazilian Superior Court of Justice, in HC 598.051/SP, reinforced the need to control the legality and voluntariness of consent, including through audio and video recording whenever possible. The reason is obvious: without a record, the later discussion becomes a dispute of versions. The authority says there was authorization; the company says there was pressure; no one knows exactly which words were used, who was present, or which limits were set.
In a business setting, this care should be even greater. The decision affects not only the person who opened the door. It may affect officers, employees, shareholders, clients, third parties, and the legal entity itself.
Documentation protects the company
Recording the interaction, when possible, is not hostility. It is protection.
A record helps show whether authorities presented a warrant, explained the reason for the visit, asked for consent, informed the company that refusal was possible, identified who authorized entry, and defined the limits of any access. It also preserves the company’s posture: respect toward authorities, absence of aggression, and cooperation within the limits of the law.
Without a record, the episode depends on the memory of people who were under pressure. Memory, in a crisis, is an imperfect tool.
This becomes even more important when digital materials are involved. Copying files, accessing network folders, extracting data from computers, or providing passwords are not neutral acts. They can create complex evidentiary chains that are difficult to reconstruct later. That is why this discussion connects directly to issues we have addressed in English on the blog, including digital evidence and chain of custody in Brazil and data incidents and cybercrime in Brazil.
The point is not to create artificial obstacles. It is to prevent an informal act from producing evidence with no controlled origin, no proper scope, and no reliable basis for later review.
The company must know who speaks for it
One common mistake is to assume that responding to authorities is merely a matter of common sense. It is not. It is a matter of protocol.
Before the crisis, the company must know who should be called, who may speak, who may accompany the interaction, who may receive documents, and who may not authorize anything beyond keeping the agents in the reception area.
When authorities arrive, reception or security should request identification and record name, position, agency, badge or registration number, and the stated reason for the visit. If there is a warrant, it must be immediately sent to Legal and to the responsible criminal counsel, who should verify the address, time limits, issuing authority, authorized locations, and items subject to search or seizure. While this review is being conducted, the agents should remain in the reception area, without circulating through internal spaces.
If there is no warrant, the question should be objective: what is the legal basis for entry? If the answer is consent, the company should contact its legal counsel before allowing access to restricted areas.
Passwords, server access, computers, mobile phones, internal files, and strategic documents should not be provided without specific legal review. The company may comply with a lawful order. What it should not do is informally expand the scope of a visit.
This posture is not inconsistent with cooperation. It is the only safe way to cooperate without turning good faith into vulnerability.
Counsel is not there only to litigate later
In Brazilian corporate criminal investigations, there is a significant difference between calling counsel during the encounter and calling counsel weeks later.
When the defense arrives later, there is still work to be done. It may be possible to challenge the legality of the entry, the validity of consent, access to documents, copying of files, and the use of the evidence obtained. But much of the scene will already have been formed. The authority will have recorded its version. The investigation may already have incorporated the documents. The narrative of spontaneous cooperation may already be in place.
When counsel is called immediately, the role is different.
Counsel can review the warrant, define the scope of the procedure, advise who speaks for the company, prevent improper access to protected areas, record the absence of consent, preserve sensitive documents, and reduce the risk that a decision made under pressure will later be used against the company itself.
That is the core of preventive criminal defense in Brazil. It is not about promising that every procedure will be stopped. It is not about turning the company into an adversary of the State. It is about ensuring that authorities act within legal limits and that the company does not hand over, through disorganization, what it was not required to hand over.
Criminal risk is governance risk in Brazil
The arrival of authorities without a warrant at the front desk of a Brazilian company is not only a legal issue. It is a governance issue.
Who decides? Who speaks? Who records? Who calls counsel? Who accompanies the interaction? Who can authorize access to documents? Who can release a system, room, computer, or server? Who has authority to say “no” without fearing that the company will be accused of obstruction?
If these answers are not defined in advance, they will be improvised under pressure. And improvisation in this context is costly.
Companies exposed to criminal risk in Brazil must treat this issue as part of their prevention routine. Compliance on paper is not enough. The company needs to know what to do when authorities arrive without a warrant and ask to come in.
The correct response is not hostility. Nor is it submission. It is control.
The company should receive authorities respectfully, require clarity on the legal basis of the procedure, preserve its rights, and immediately activate specialized legal guidance. Between cooperation and waiver of fundamental guarantees there is a decisive difference. That is where Brazilian corporate criminal defense operates.
Guilherme Brenner Lucchesi is a criminal defense attorney, holds a doctorate in Law from UFPR, an LL.M. from Cornell Law School, is a professor of Criminal Procedure at the Federal University of Paraná (UFPR), president of the Paraná Institute of Lawyers (IAP), and founding partner of Lucchesi Advocacia.



