Alston & Bird Consumer Finance Blog

#SEC

Shareholders Sharpen Focus on AI-Related Securities Disclosures

What Happened?

As Alston & Bird’s Securities Litigation Group reported, the number of securities class actions based on AI-related allegations is rising.  With six new filings in the first half of 2024 and at least five more identified by the authors since, a new trend of AI lawsuits has emerged. This trajectory is likely to continue alongside increased AI-related research and development spending in the coming years.

Why Is It Important?

A recent proposed rule and several enforcement actions indicate that the Securities and Exchange Commission (“SEC”) has a growing appetite for regulating AI-specific disclosures, and shareholders’ interest in claims. In this environment, it is imperative that companies remain cognizant of their public statements on AI.

Last year, the SEC proposed a rule that would govern AI use by broker dealers and investment advisers. Although the rule is not yet final, the agency has pursued several AI-related enforcement actions with its authority to regulate false or misleading public statements.

Thus far, the SEC’s enforcement actions have been limited to companies whose public statements on AI usage were at issue.  These companies allegedly claimed to use a specific AI model to elevate their customer offerings but could not provide any evidence of their AI implementation when questioned by the SEC.

Those previous actions do not necessarily mean that a company’s ability to prove it implemented AI technology in some form will be enough to avoid scrutiny or liability. Investor plaintiffs targeting companies’ AI disclosures represent a new frontier of potential risk for companies and their directors and officers.

What To Do Now?

Companies should consider whether the board’s audit or risk committees should be tasked with understanding the company’s AI use and considering associated disclosures in addition to any privacy and confidentiality concerns that arise. Companies can identify their AI experts to properly vet any technical proposed disclosures on AI to confirm the disclosures are accurate. The key is to make sure AI disclosures and company claims about AI prospects have a reasonable basis that’s adequately disclosed.

Companies should also aim to create and maintain appropriate risk disclosures. When disclosing material risks related to AI, risk factors become more meaningful when they are tailored to the company and the industry, not merely boilerplate.

As Economic Winds Blow, So Do Whistleblowers: How to Protect Your Company Through Turbulent Times

A&B ABstract:

As recently reported by the Financial Times, banks are preparing for the “deepest job cuts since the financial crisis,” with firings to be “super brutal.” Already, nonbank lenders and service providers have been suffering with several rounds of layoffs and, potentially, more to come. Former employees, particularly disgruntled ones, may have information they want to share with the government.  An Insider article highlighted that remote work has resulted in a surge of whistleblower complaints.  If true, even current employees, including those whose complaints or grievances fall on deaf ears, also could be potential whistleblowers.

Alston & Bird Partners Nanci Weissgold, Joey Burby, and Cara Peterman (ably assisted by, and a special thanks to, Charlotte BohnAndrew Brown, and Melissa Malpass) addressed today’s challenging economic conditions, and how companies can protect themselves during an expected surge in whistleblowing by disgruntled current and former employees.  The webinar slides address:

  • What you need to know about government whistleblower reward programs and laws with whistleblower incentives and protections, including the False Claims Act, FIRREA, and the SEC’s Whistleblower program.
  • Recent trends, developments, major settlements, and awards in whistleblower-related settlements and litigation.
  • Best practices for companies when responding to, de-escalating, and defending against whistleblower complaints.

Best Practices for Responding to Whistleblower Complaints

#1: Keep complaints internal. It is critical to have procedures in place for employees (as well as contractors and other agents) to report compliance concerns internally.

  • Establish a compliance hotline or other means of anonymous
  • Have an anti-retaliation policy to protect employees who make a report.
  • Promote these policies and procedures, and train employees on them.

This is a required element of an effective compliance program under DOJ and SEC guidance, and factors into their charging decisions; also considered under U.S. Sentencing Guidelines in determining corporate penalties.

Additionally, internal complaints allow companies to investigate and remediate (if necessary) and to consider whether/how to self-disclose. The 2023 revisions to DOJ’s Corporate Enforcement Policy strongly encourage self-disclosure, offering significant incentives to companies who do.

#2: Maintain a strong Compliance Management System (CMS). A strong CMS is one that establishes compliance responsibilities, communicates those responsibilities to employees, ensures the responsibilities are carried out and met, takes corrective action, and updates tools, systems, and processes as needed.

Scaled to the size of the company’s operations, a CMS requires:

  • A strong board of directors and management oversight – “tone at the top.”
  • Comprehensive written policies and procedures to demonstrate an understanding of all applicable laws and regulations.
  • Training of all applicable laws to ensure that employees can perform their functions.
  • Monitoring and testing based on an assessment of risk carried out through three lines of defense:
    (1) functions that own and manage risk; (2) functions that oversee risk; and (3) functions that provide independent assurance.
  • Timely corrective action that remediates past issues and prevents reoccurrence prospectively.
  • Consumer complaint response, root cause analysis, and enterprise-wide action.

#3:  Time is of the essence. Whether you learn of a whistleblower complaint internally, or via contact from a government agency, you should initiate an internal investigation into the subject matter of the complaint immediately. DOJ takes the immediacy of self-disclosure into account in determining whether to file charges. If there is ongoing problematic conduct, you want to stop it and cut off potential liability.

  • What the investigation will involve, and how it will be conducted, will vary depending on the seriousness of the complaint and how credible it appears.
  • Inside or outside counsel should generally conduct the investigation to ensure communications and work product are protected by the attorney-client privilege.
  • Some basic steps are common to almost every internal investigation:
    • Ensure that all potentially relevant documents (including emails and IMs) are preserved.
    • Collect and review relevant documents.
    • Interview involved employees (using Upjohn warning).

Takeaway

Given that a surge in whistleblower complaints is likely, financial institutions should ensure that they are adequately prepared to address them.

Avoiding Pitfalls During Post-Pandemic Government Investigations

As the country begins to emerge from the COVID-19 pandemic and the U.S. economy gets back on track, banks nationwide should expect their activities to come under government scrutiny. The impacts of the coronavirus have touched every corner of the banking industry as institutions have striven to meet the evolving needs of their customers, continue operations in a remote working environment, and stand up new programs in response to government relief efforts, such as the Coronavirus Aid, Relief, and Economic Security (CARES) Act. With 2020 in the rearview mirror, banks’ efforts to balance these challenges during a year of unprecedented changes will be put under the microscope as their compliance with an ever-expanding list of laws and regulations is assessed by regulators. The conduct of banks’ management, service providers, and even customers will likewise be reviewed.

CSI: Confidential Supervisory Information is not a show many banks would enjoy watching, but in a recent advisory it’s one of three areas our Financial Services & Products Group notes banks should keep in mind if they become the subject of subpoenas, document requests, examinations, or investigations by government agencies.