Office Tenants: Do Due Diligence on Your Landlord

Office markets from coast-to-coast are struggling mightily, especially in major urban downtowns. Chicago’s downtown business district (i.e. the Loop) is no exception. Right now, Chicago’s Loop office vacancy rates are the highest since such rates have been recorded.

In April of this year, Crain’s Chicago Business reported that downtown office vacancy broke 25% for the first time on record, landing at 25.1%. This number reflects seven consecutive quarters of increasing vacancy.

What does this mean for tenants? Well…a lot.

It means opportunity as landlords feel pressure to fill vacant office space. Lease concessions that never would have been considered three years ago, might be available now. These days, on most office deals, tenants enjoy considerable leverage. While this market brings tenant’s many benefits, it also brings significant risks. Here are a few risks for tenants to consider before signing a lease:

1. Is your landlord in financial distress? Landlords will always vet an incoming tenant’s financial condition. The same often does not happen in reverse. Many office landlords face financial pressure now. If the landlord is at risk of foreclosure, or otherwise in financial peril, the tenant should have a number of concerns ranging from how well the building will be maintained to whether or not they will be staying in a bank-owned building soon. Tenants should fully inquire into landlord’s financial condition, especially if meaningful tenant allowances have been agreed to.

2. Subordination and Non-Disturbance Agreements are more important now than ever. “SNDAs” can go a long way towards protecting tenant’s lease rights in the event of a foreclosure.

3. Will “creative” uses come to the building? Never underestimate the ingenuity of the commercial real estate industry. All kinds of ideas have sprouted up as to what could be done to fill empty downtown office space. Indoor dog parks, pickle ball courts and the often tossed about notion of converting vacant office space into residential apartments are good examples. Tenants should find out before signing if the landlord has any designs on filling vacant space with uses that the tenant might find objectionable.

4. Co-tenancy provisions and the careful review of how operating costs will be allocated are critical. Who bears the risk of vacancy as to operating expenses? Tenants needs to know if fewer tenants means they will have a higher share of operating costs. Tenants also need to know if they have any way out of the lease if the building really struggles. No one wants to be alone in an empty tower.

© 2024 Chuhak & Tecson P.C.
For more on Office Tenants, visit the NLR Real Estate section.

Supreme Court Upholds Refusal to Register Trademark Containing the Name of Living Individual – Donald Trump

In a recent unanimous decision in the case Vidal v. Elster (602 U.S. ___ (2024)), the U.S. Supreme Court upheld the refusal to register a federal trademark for the phrase “Trump Too Small” based on the fact that the Lanham Act prohibits the registration of the name of a living individual without their consent. The plaintiff in this case, Mr. Elster, filed a federal trademark application in 2018 for the mark “TRUMP TOO SMALL” for use on clothing as shown below, without the prior consent of former President Trump, arguing that the phrase was intended to be a criticism of Donald Trump and his policies and that the refusal was a violation of Mr. Elster’s First Amendment right of free speech. Mr. Elster claimed he wanted to register the mark to convey a political message about the former president.

The Supreme Court reviewed the matter based on the initial refusal to register issued by the United States Patent & Trademark Office, which was then appealed to the U.S. Court of Appeals for the Federal Circuit, who overturned the refusal holding that barring registration of “Trump Too Small” under a provision of federal trademark law unconstitutionally restricted free speech. The Court’s ruling upholds the “living-individual rule” established under the Lanham Act which requires the consent of the living individual prior to registration. Specifically, “No trademark … shall be refused registration … on account of its nature unless it…[c]onsists of or comprises a name, portrait, or signature identifying a particular living individual except by his written consent….” 15 U.S.C. §1052(c). Proponents of the law, including the International Trademark Association, argue that this provision of trademark law is consistent with the concepts of the right of publicity and privacy, and assists in preventing the unauthorized use of individuals’ names in commercial contexts. In explaining the rationale for the decision, Justice Thomas wrote: “This Court has long recognized that a trademark protects the markholder’s reputation, and the connection is even stronger when the mark contains a person’s name,” and further stated, This history and tradition is sufficient to conclude that the names clause — a content-based, but viewpoint-neutral, trademark restriction — is compatible with the First Amendment.”

It is worth noting the Court’s decision does not affect the ability of Mr. Elster to offer goods or services under any particular name or brand – in fact, Mr. Elster’s T-shirts bearing the phrase “Trump Too Small” are still available online for $24.99, even though his trademark application was refused. But the ruling does uphold the prohibition of seeking and obtaining federal trademark protection where the mark contains the name of a living individual without their consent. This ruling from the Supreme Court joins a string of other First Amendment challenges to provisions of the Lanham Act, the main statute governing trademarks. The high court in 2017 struck down a section of the law that barred registration of disparaging marks and did the same for a provision prohibiting immoral or scandalous marks in 2019.

The key takeaway from this narrowly tailored decision is that, prior to seeking federal trademark protection for a mark containing the name of a living individual, consent from that individual must be obtained. In the context of protecting a name or brand focused on a living individual, or in the continuation of such use post-merger or other transaction, it is important to ensure that the consent of the living individual is secured in some manner.

© Polsinelli PC, Polsinelli LLP in California

SBA Eliminates Self-Certification for SDVOSBs

The U.S. Small Business Administration (SBA) recently issued a direct final rule that eliminates self-certification for service-disabled veteran-owned small businesses (SDVOSBs). The SBA’s final rule — which implements a provision in the National Defense Authorization Act for Fiscal Year 2024 (NDAA 2024) — is effective August 5, 2024.

Background

  • To be awarded an SDVOSB set-aside or sole source contract, firms must be certified by SBA through the Veteran Small Business Certification (VetCert) Program.
  • Currently, firms that do not seek SDVOSB set-aside or sole source contracts but that meet the VetCert Program eligibility requirements may self-certify their SDVOSB status, receive prime contract or subcontract awards that are not SDVOSB set-aside or sole source contracts, and be counted toward an agency’s SDVOSB small business goals or a prime contractor’s subcontracting goal for SDVOSB awards.
  • Section 864 of the NDAA 2024 amends the SDVOSB requirements so that, effective October 1, 2024, each prime contract award and subcontract award counted for the purpose of meeting the goals for participation by SDVOSBs in procurement contracts for federal agencies or federal prime contractors shall be entered into with firms certified by VetCert under Section 36 of the Small Business Act (15 U.S.C. 657f).
  • Section 864 also creates a grace period so that firms that file an application for certification with SBA by December 22, 2024, may continue to self-certify for such federal government contracts and subcontracts until the SBA makes a final decision.
  • SDVOSBs that do not file an application for certification with SBA by December 22, 2024, or are not certified by SBA’s VetCert program and do not file an application by the deadline, will not be eligible to self-certify for such federal government contracts or subcontracts after December 22, 2024.
  • To implement the statutory language of Section 864 of the NDAA 2024, SBA is amending parts 125 and 128 of its regulations.

Listen to this post

© 2024 Bradley Arant Boult Cummings LLP
For more on Small Businesses, visit the NLR Corporate Business Organizations section.

Confused About the FCC’s New One-to-One Consent Rules– You’re Not Alone. Here Are Some FAQs Answered For YOU!

Heard a lot about what folks are concerned about in the industry. Still seems to be a lot of confusion about it. So let me help with some answers to critical questions.

None of this is legal advice. Absolutely critical you hire a lawyer–AND A GOOD ONE–to assist you here. But this should help orient.

What is the new FCC One-to-One Ruling?

The FCC’s one-to-one ruling is a new federal regulation that alters the TCPA’s express written consent definition in a manner that requires consumers to select each “seller”–that is the ultimate good or service provider–the consumer chooses to receive calls from individually.

The ruling also limits the scope of consent to matters “logically and topically” related to the transaction that lead to consent.

Under the TCPA express written consent is required for any call that is made using regulated technology, which includes autodialers (ATDS), prerecorded or artificial voice calls, AI voice calls, and any form of outbound IVR or voicemail technology (including ringless) using prerecorded or artifical voice messages.

Why Does the FCC’s New One-to-One Ruling Matter?

Currently online webforms and comparison shopping websites are used to generate “leads” for direct to consumer marketers, insurance agents, real estate agents, and product sellers in numerous verticals.

Millions of leads a month are sold by tens of thousands of lead generation websites, leading to hundreds of millions of regulated marketing calls by businesses that rely on these websites to provide “leads”–consumers interested in hearing about their goods or services.

Prior to the new one-to-one ruling website operators were free to include partner pages that linked thousands of companies the consumer might be providing consent to receive calls from. And fine-print disclosures might allow a consumer to receive calls from business selling products unrelated to the consumer’s request. (For instance a website offering information about a home for sale might include fine print allowing the consumer’s data to be sold to a mortgage lender or insurance broker to receive calls.)

The new one-to-one rule stop these practices and requires website operators to specifically identify each good or service provider that might be contacting the consumer and requires the consumer to select each such provider on a one by one basis in order for consent to be valid.

Will the FCC’s One-to-One Ruling Impact Me?

If you are buying or selling leads, YES this ruling will effect you.

If you are a BPO or call center that relies on leads– YES this ruling will effect you.

If you are a CPaaS or communication platform–YES this ruling will effect you.

If you are a telecom carrier–YES this ruling will effect you.

If you are lead gen platform or service provider–YES this ruling will effect you.

If you generate first-party leads–Yes this ruling will effect you.

When Does the Rule Go Into Effect?

The ruling applies to all calls made in reliance on leads beginning January 27, 2025.

However, the ruling applies regardless of the date the lead was generated. So compliance efforts need to begin early so as to assure a pipeline of available leads to contact on that date.

In other words, all leads NOT in compliance with the FCC’s one-to-one rule CANNOT be called beginning January 27, 2025.

What Do I have to Do to Comply?

Three things:

i) Comply with the rather complex, but navigable new one-to-one rule paradigm. (The Troutman Amin Fifteen is a handy checklist to assist you);

ii) Assure the lead is being captured in a manner that is “logically and topically” related to the calls that will be placed; and

iii) Assure the caller has possession of the consent record before the call is made.

© 2024 Troutman Amin, LLP
For more news on FCC Consent Regulations, visit the NLR Communications, Media, & Internet section.

The Privacy Patchwork: Beyond US State “Comprehensive” Laws

We’ve cautioned before about the danger of thinking only about US state “comprehensive” laws when looking to legal privacy and data security obligations in the United States. We’ve also mentioned that the US has a patchwork of privacy laws. That patchwork is found to a certain extent outside of the US as well. What laws exist in the patchwork that relate to a company’s activities?

There are laws that apply when companies host websites, including the most well-known, the California Privacy Protection Act (CalOPPA). It has been in effect since July 2004, thus predating COPPA by 14 years. Then there are laws the apply if a company is collecting and using biometric identifiers, like Illinois’ Biometric Information Privacy Act.

Companies are subject to specific laws both in the US and elsewhere when engaging in digital communications. These laws include the US federal laws TCPA and TCFAPA, as well as CAN-SPAM. Digital communication laws exist in countries as wide ranging as Australia, Canada, Morocco, and many others. Then we have laws that apply when collecting information during a credit card transaction, like the Song Beverly Credit Card Act (California).

Putting It Into Practice: When assessing your company’s obligations under privacy and data security laws, keep activity specific privacy laws in mind. Depending on what you are doing, and in what jurisdictions, you may have more obligations to address than simply those found in comprehensive privacy laws.

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
For more on Privacy Laws, visit the NLR Communications Media Internet section.

Understanding the Enhanced Regulation S-P Requirements

On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P, the regulation that governs the treatment of nonpublic personal information about consumers by certain financial institutions. The amendments apply to broker-dealers, investment companies, and registered investment advisers (collectively, “covered institutions”) and are designed to modernize and enhance the protection of consumer financial information. Regulation S-P continues to require covered institutions to implement written polices and procedures to safeguard customer records and information (the “safeguards rule”), properly dispose of consumer information to protect against unauthorized use (the “disposal rule”), and implementation of a privacy policy notice containing an opt out option. Registered investment advisers with over $1.5 billion in assets under management will have until November 16, 2025 (18 months) to comply, those entities with less will have until May 16, 2026 (24 months) to comply.

Incident Response Program

Covered institutions will have to implement an Incident Response Program (the “Program”) to their written policies and procedures if they have not already done so. The Program must be designed to detect, respond to, and recover customer information from unauthorized third parties. The nature and scope of the incident must be documented with further steps taken to prevent additional unauthorized use. Covered institutions will also be responsible for adopting procedures regarding the oversight of third-party service providers that are receiving, maintaining, processing, or accessing their client’s data. The safeguard rule and disposal rule require that nonpublic personal information received from a third-party about their customers should be treated the same as if it were your own client.

Customer Notification Requirement

The amendments require covered institutions to notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. The amendments require a covered institution to provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. The notices must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves. A covered institution is not required to provide the notification if it determines that the sensitive customer information has not been, and is not reasonably likely to be, used in a manner that would result in substantial harm or inconvenience. To the extent a covered institution will have a notification obligation under both the final amendments and a similar state law, a covered institution may be able to provide one notice to satisfy notification obligations under both the final amendments and the state law, provided that the notice includes all information required under both the final amendments and the state law, which may reduce the number of notices an individual receives.

Recordkeeping

Covered institutions will have to make and maintain the following in their books and records:

  • Written policies and procedures required to be adopted and implemented pursuant to the Safeguards Rule, including the incident response program;
  • Written documentation of any detected unauthorized access to or use of customer information, as well as any response to and recovery from such unauthorized access to or use of customer information required by the incident response program;
  • Written documentation of any investigation and determination made regarding whether notification to customers is required, including the basis for any determination made and any written documentation from the United States Attorney General related to a delay in notice, as well as a copy of any notice transmitted following such determination;
  • Written policies and procedures required as part of service provider oversight;
  • Written documentation of any contract entered into pursuant to the service provider oversight requirements; and
  • Written policies and procedures required to be adopted and implemented for the Disposal Rule.

Registered investment advisers will be required to preserve these records for five years, the first two in an easily accessible place.

COPYRIGHT © 2024, STARK & STARK
For more news on SEC Amended Regulations, visit the NLR Securities & SEC section.

U.S. Supreme Court Raises Standard for Labor Board When Seeking 10(j) Injunctions

The U.S. Supreme Court issued a decision directing district courts to use the traditional four-part test when evaluating whether a preliminary injunction should issue at the request of the National Labor Relations Board pending litigation of a complaint under the National Labor Relations Act. No. 23-367 (June 13, 2024).

The decision settles the split among the federal circuit courts over the standard that should be applied when the Board files a motion for a “10(j)” injunction, named for the section of the Act that authorizes the Board to seek injunctive relief. Circuit courts were split on which test should apply: the traditional four-part test, a more lenient two-part test, or a hybrid of the two.

The Court’s decision raises the bar for the Board, requiring it to meet each prong of the four-part test for a court to grant an injunction. In particular, it will be more difficult for the Board to establish it is “likely to succeed on the merits,” as opposed to the more lenient standard espoused by the Board that “there is reasonable cause to believe that unfair labor practices have occurred.”

The Court vacated and remanded the case to the U.S. Court of Appeals for the Sixth Circuit to reevaluate the merits of the injunction request under the four-part test.

10(j) Injunctions

Section 10(j) of the Act allows the Board to seek preliminary injunctions before federal district courts against both employers and unions to stop alleged unfair labor practices during the pendency of the Board’s administrative processing of an unfair labor practice charge. Section 10(j) authorizes a district court “to grant to the Board such temporary relief … as it deems just and proper.”

The requests are rare; the Board has sought only 20 such injunctions since 2023, according to the Board’s website. Nonetheless, the standard a court will use in evaluating the injunction request has been determinative of whether the relief was granted.

Prior Standards

The U.S. Court of Appeals for the Sixth Circuit, as in this case, used a two-part test to assess whether the Board was entitled to an injunction. The two-part test examined whether “there is reasonable cause to believe that unfair labor practices have occurred,” and “whether injunctive relief is ‘just and proper.’” McKinney v. Ozburn-Hessey Logistics, LLC, 875 F.3d 333 (2017). The Supreme Court noted in its latest decision that the Board could establish reasonable cause “by simply showing that its ‘legal theory [was] substantial and not frivolous.’”

Conversely, other courts, such as the U.S. Court of Appeals for the Seventh and Eighth Circuits applied the four-part test used for preliminary injunctions in traditional litigation settings set forth in Winter v. Natural Resources Defense Council, 555 U.S. 7 (2008). Under the Winter framework, a party seeking injunctive relief must “make a clear showing” that:

  1. He is likely to succeed on the merits;
  2. He is likely to suffer irreparable harm in the absence of preliminary relief;
  3. The balance of equities tips in his favor; and
  4. An injunction is in the public interest.

New Standard for Labor Board

In holding that the four-part test applies to 10(j) injunction requests by the Board, the Court declined to allow Section 10(j) language “to supplant the traditional equitable principles governing injunctions.” Rather, courts should apply standard principles involved in granting injunctive relief, not 10(j)’s “discretion-inviting directive.”

The Court explained that the reasonable-cause standard in the two-part test “goes far beyond simply fine tuning the traditional criteria to the Section 10(j) context—it substantively lowers the bar for securing a preliminary injunction by requiring courts to yield to the Board’s preliminary view of the facts, law, and equities.” It noted there is a substantial difference between the “likely”-to-succeed-on-the-merits standard versus a finding that the charge was “substantial and not frivolous.” Under the “less exacting” standard, courts could evaluate injunction requests giving significant deference to the Board under even a “minimally plausible legal theory” without assessing conflicting facts or questions of law.

Accordingly, the Board must satisfy the traditional standard that requires it to make a clear showing it is likely to succeed on the merits of the claim under a valid theory of liability.

The Court’s decision to standardize 10(j) injunction requests not only raises the Board’s burden of proof, but it creates more consistency across district courts at a time employers increasingly face injunction requests by an activist Board general counsel.

Jackson Lewis P.C. © 2024

United States | New DACA Report Breaks Down the Trillion-Dollar Cost of Ending the Program

Coalition for the American Dream published a report this week detailing the projected economic and societal costs of ending the Deferred Action for Childhood Arrivals program.

Key Points:

  • Coalition for the American Dream published the report days ahead of the 12th anniversary of the DACA program on June 15.
  • Current DACA recipients number more than 500,000. The report finds that future long-term economic losses and costs could approach $1 trillion over the lifetimes of DACA recipients.
  • Other economic and workforce impacts include:
    • As many as 168,000 U.S. jobs in DACA-owned businesses could be lost.
    • U.S. workforce losses could include 37,000 healthcare workers, 17,000 STEM professionals and 17,000 educators.
    • Lost business training and recruitment costs for current DACA employees could reach $8 billion.

Additional Information: The report’s demographic and economic estimates and business impacts are based in part on data collected in the U.S. Census Bureau’s 2022 American Community Survey, the March 2022-2023-2024 Current Population Surveys and data from U.S. Citizenship and Immigration Services.

Coalition for the American Dream is an organization of more than 100 businesses, trade associations and other groups representing every major sector of the U.S. economy and more than half of American private sector workers. Its mission is to seek the passage of bipartisan legislation that gives Dreamers a permanent solution.

BAL Analysis: The report notes if DACA ended and work authorizations were denied renewal, 440,000 workers would be forced from the U.S. workforce over a two-year period, with the most acute impact on health, education and STEM occupations. The business community continues to show strong support for DACA and the crucial role Dreamers play in the U.S. economy. Given the uncertain environment, DACA recipients who qualify for a renewal are urged to apply for one as soon as they can.

©2024 Berry Appleman & Leiden. All Rights Reserved.
For more on the DACA, visit the NLR Immigration section.

The Double-Edged Impact of AI Compliance Algorithms on Whistleblowing

As the implementation of Artificial Intelligence (AI) compliance and fraud detection algorithms within corporations and financial institutions continues to grow, it is crucial to consider how this technology has a twofold effect.

It’s a classic double-edged technology: in the right hands it can help detect fraud and bolster compliance, but in the wrong it can snuff out would-be-whistleblowers and weaken accountability mechanisms. Employees should assume it is being used in a wide range of ways.

Algorithms are already pervasive in our legal and governmental systems: the Securities and Exchange Commission, a champion of whistleblowers, employs these very compliance algorithms to detect trading misconduct and determine whether a legal violation has taken place.

There are two major downsides to the implementation of compliance algorithms that experts foresee: institutions avoiding culpability and tracking whistleblowers. AI can uncover fraud but cannot guarantee the proper reporting of it. This same technology can be used against employees to monitor and detect signs of whistleblowing.

Strengths of AI Compliance Systems:

AI excels at analyzing vast amounts of data to identify fraudulent transactions and patterns that might escape human detection, allowing institutions to quickly and efficiently spot misconduct that would otherwise remain undetected.

AI compliance algorithms are promised to operate as follows:

  • Real-time Detection: AI can analyze vast amounts of data, including financial transactions, communication logs, and travel records, in real-time. This allows for immediate identification of anomalies that might indicate fraudulent activity.
  • Pattern Recognition: AI excels at finding hidden patterns, analyzing spending habits, communication patterns, and connections between seemingly unrelated entities to flag potential conflicts of interest, unusual transactions, or suspicious interactions.
  • Efficiency and Automation: AI can automate data collection and analysis, leading to quicker identification and investigation of potential fraud cases.

Yuktesh Kashyap, associate Vice President of data science at Sigmoid explains on TechTarget that AI allows financial institutions, for example, to “streamline compliance processes and improve productivity. Thanks to its ability to process massive data logs and deliver meaningful insights, AI can give financial institutions a competitive advantage with real-time updates for simpler compliance management… AI technologies greatly reduce workloads and dramatically cut costs for financial institutions by enabling compliance to be more efficient and effective. These institutions can then achieve more than just compliance with the law by actually creating value with increased profits.”

Due Diligence and Human Oversight

Stephen M. Kohn, founding partner of Kohn, Kohn & Colapinto LLP, argues that AI compliance algorithms will be an ineffective tool that allow institutions to escape liability. He worries that corporations and financial institutions will implement AI systems and evade enforcement action by calling it due diligence.

“Companies want to use AI software to show the government that they are complying reasonably. Corporations and financial institutions will tell the government that they use sophisticated algorithms, and it did not detect all that money laundering, so you should not sanction us because we did due diligence.” He insists that the U.S. Government should not allow these algorithms to be used as a regulatory benchmark.

Legal scholar Sonia Katyal writes in her piece “Democracy & Distrust in an Era of Artificial Intelligence” that “While automation lowers the cost of decision making, it also raises significant due process concerns, involving a lack of notice and the opportunity to challenge the decision.”

While AI can be used as a powerful tool for identifying fraud, there is still no method for it to contact authorities with its discoveries. Compliance personnel are still required to blow the whistle, given societies standard due process. These algorithms should be used in conjunction with human judgment to determine compliance or lack thereof. Due process is needed so that individuals can understand the reasoning behind algorithmic determinations.

The Double-Edged Sword

Darrell West, Senior Fellow at Brookings Institute’s Center for Technology Innovation and Douglas Dillon Chair in Governmental Studies warns about the dangerous ways these same algorithms can be used to find whistleblowers and silence them.

Nowadays most office jobs (whether remote or in person) conduct operations fully online. Employees are required to use company computers and networks to do their jobs. Data generated by each employee passes through these devices and networks. Meaning, your privacy rights are questionable.

Because of this, whistleblowing will get much harder – organizations can employ the technology they initially implemented to catch fraud to instead catch whistleblowers. They can monitor employees via the capabilities built into our everyday tech: cameras, emails, keystroke detectors, online activity logs, what is downloaded, and more. West urges people to operate under the assumption that employers are monitoring their online activity.

These techniques have been implemented in the workplace for years, but AI automates tracking mechanisms. AI gives organizations more systematic tools to detect internal problems.

West explains, “All organizations are sensitive to a disgruntled employee who might take information outside the organization, especially if somebody’s dealing with confidential information, budget information or other types of financial information. It is just easy for organizations to monitor that because they can mine emails. They can analyze text messages; they can see who you are calling. Companies could have keystroke detectors and see what you are typing. Since many of us are doing our jobs in Microsoft Teams meetings and other video conferencing, there is a camera that records and transcribes information.”

If a company is defining a whistleblower as a problem, they can monitor this very information and look for keywords that would indicate somebody is engaging in whistleblowing.

With AI, companies can monitor specific employees they might find problematic (such as a whistleblower) and all the information they produce, including the keywords that might indicate fraud. Creators of these algorithms promise that soon their products will be able to detect all sorts of patterns and feelings, such as emotion and sentiment.

AI cannot determine whether somebody is a whistleblower, but it can flag unusual patterns and refer those patterns to compliance analysts. AI then becomes a tool to monitor what is going on within the organization, making it difficult for whistleblowers to go unnoticed. The risk of being caught by internal compliance software will be much greater.

“The only way people could report under these technological systems would be to go offline, using their personal devices or burner phones. But it is difficult to operate whistleblowing this way and makes it difficult to transmit confidential information. A whistleblower must, at some point, download information. Since you will be doing that on a company network, and that is easily detected these days.”

But the question of what becomes of the whistleblower is based on whether the compliance officers operate in support of the company or the public interest – they will have an extraordinary amount of information about the company and the whistleblower.

Risks for whistleblowers have gone up as AI has evolved because it is harder for them to collect and report information on fraud and compliance without being discovered by the organization.

West describes how organizations do not have a choice whether or not to use AI anymore: “All of the major companies are building it into their products. Google, Microsoft, Apple, and so on. A company does not even have to decide to use it: it is already being used. It’s a question of whether they avail themselves of the results of what’s already in their programs.”

“There probably are many companies that are not set up to use all the information that is at their disposal because it does take a little bit of expertise to understand data analytics. But this is just a short-term barrier, like organizations are going to solve that problem quickly.”

West recommends that organizations should just be a lot more transparent about their use of these tools. They should inform their employees what kind of information they are using, how they are monitoring employees, and what kind of software they use. Are they using detection? Software of any sort? Are they monitoring keystrokes?

Employees should want to know how long information is being stored. Organizations might legitimately use this technology for fraud detection, which might be a good argument to collect information, but it does not mean they should keep that information for five years. Once they have used the information and determined whether employees are committing fraud, there is no reason to keep it. Companies are largely not transparent about length of storage and what is done with this data and once it is used.

West believes that currently, most companies are not actually informing employees of how their information is being kept and how the new digital tools are being utilized.

The Importance of Whistleblower Programs:

The ability of AI algorithms to track whistleblowers poses a real risk to regulatory compliance given the massive importance of whistleblower programs in the United States’ enforcement of corporate crime.

The whistleblower programs at the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) respond to individuals who voluntarily report original information about fraud or misconduct.

If a tip leads to a successful enforcement action, the whistleblowers are entitled to 10-30% of the recovered funds. These programs have created clear anti-retaliation protections and strong financial incentives for reporting securities and commodities fraud.

Established in 2010 under the Dodd-Frank Act, these programs have been integral to enforcement. The SEC reports that whistleblower tips have led to over $6 billion in sanctions while the CFTC states that almost a third of its investigations stem from whistleblower disclosures.

Whistleblower programs, with robust protections for those who speak out, remain essential for exposing fraud and holding organizations accountable. This ensures that detected fraud is not only identified, but also reported and addressed, protecting taxpayer money, and promoting ethical business practices.

If AI algorithms are used to track down whistleblowers, their implementation would hinder these programs. Companies will undoubtedly retaliate against employees they suspect of blowing the whistle, creating a massive chilling effect where potential whistleblowers would not act out of fear of detection.

Already being employed in our institutions, experts believe these AI-driven compliance systems must have independent oversight for transparency’s sake. The software must also be designed to adhere to due process standards.

Copyright Kohn, Kohn & Colapinto, LLP 2024. All Rights Reserved.
For more news on AI Compliance and Whistleblowing, visit the NLR Communications, Media & Internet section.

Supreme Court Says When It Comes to Deciding Arbitration Clauses: “I Am the Law”

On May 23, the Supreme Court issued a decision holding that when parties have two conflicting contracts – one that sends disputes to arbitration and one that sends disputes to the courts – a court, not an arbitrator, must decide which contract controls. This decision is important as arbitration provisions continue to rise in popularity and situations like the one the Supreme Court encountered are not uncommon.

The Supreme Court’s decision in Coinbase Inc., v. Suski, et. al., stems from a dispute regarding two separate contracts between Coinbase, a leading cryptocurrency exchange platform, and respondents, users of Coinbase. The first contract concerned the Coinbase user agreement, which included an arbitration agreement with a delegation clause. The delegation clause provided that “[a]ll such matters shall be decided by an arbitrator and not by a court or judge.” The second contract concerned the official rules of a sweepstakes Coinbase offered, where respondents entered for a chance to win Dogecoin. The official rules contained a forum selection clause, which provided: “[t]he California courts (state and federal) shall have sole jurisdiction of any controversies regarding the [sweepstakes] promotion and the laws of California shall govern the promotion.” Thus, the arbitration agreement’s delegation clause, which sent all disputes to arbitration, and the official rules’ forum selection clause, which sent all disputes to California courts, provided for different procedural vehicles for disputes.

Respondents brought suit against Coinbase in the United States District Court for the Northern District of California for claims under the Coinbase user agreement and the official rules. Coinbase moved to compel arbitration based on the Coinbase user agreement, and the District Court denied the motion, reasoning that deciding which contract governed was a question for the court. On appeal, the Ninth Circuit affirmed the District Court’s ruling. The Supreme Court then granted certiorari, and was tasked to decide, when two such contracts exist, who should decide the arbitrability of a contract-related dispute between the parties – an arbitrator or the court?

Justice Ketanji Brown Jackson, writing for the Supreme Court, began the Court’s analysis by noting that the Supreme Court has “previously addressed three layers of arbitration disputes: (1) merits, (2) arbitrability, and (3) who decides arbitrability. This case involves a fourth: What happens if parties have multiple agreements that conflict as to the third-order question of who decides arbitrability?”. Justice Jackson wrote that “[b]asic legal principles establish the answer. Arbitration is a matter of contract and consent, and we have long held that disputes are subject to arbitration if, and only if, the parties actually agreed to arbitrate those disputes. Here… a court needs to decide what the parties have agreed to.” So, if there is a contract at dispute without an arbitration clause, even if there is another contract that requires arbitration, the matter will need to be decided by a court.

Coinbase argued that the user agreement’s delegation provision should have been isolated and severed from the contract and the Ninth Circuit should have considered only arguments specific to that provision. The Supreme Court, however, rejected this argument, reasoning that if a party challenges the validity of the precise agreement to arbitrate at issue, the federal court must consider the challenge before ordering compliance with that arbitration agreement. The Supreme Court also declined to heed Coinbase’s warning that its ruling would “invite chaos by facilitating challenges to delegation clauses.” To this argument, the Supreme Court replied that such chaos will not follow because disputes with one contract that mandates arbitration will go to arbitration absent a successful challenge, and situations with two contracts – one sending the dispute to arbitration and one sending the dispute to the courts – will be handled by a court.

This is an important decision in the dispute resolution space because it makes clear that even though a company may have an arbitration provision in one contract, that arbitration provision will not necessarily carry the day if there are subsequent contracts that provide for different results. As companies continue to increasingly use arbitration provisions in their contracts, they must be careful to be consistent in any future contracts or agreements.

Copyright ©2024 Nelson Mullins Riley & Scarborough LLP