Using Data Analytics and Artificial Intelligence for Public Disclosures

January 17, 2024

Click for PDF

Data analytics technology has now matured to a point where companies should consider how to harness it for enhancing compliance around their corporate financial and sustainability disclosures.

I.  INTRODUCTION AND SCOPE

As computing technology develops at a mind-boggling pace, companies are thinking more creatively about how to leverage data science and analytics, including through the use of artificial intelligence (AI) (collectively, data analytics technology) across their operations. This alert provides guidance and recommendations regarding one specific area where clients should consider this technology: managing and mitigating compliance risks associated with the company’s public financial and sustainability disclosures.

We first provide some background on data analytics and artificial intelligence. Second, we provide a brief overview of the extent to which large market capitalization (large-cap) companies are using data analytics technology. We also discuss how companies are leveraging AI for specific objectives and how regulators are thinking about and employing data analytics technology. Third, we highlight specific risks associated with public disclosures, filings, and other statements, and present some ideas for how companies can use data analytics technology to mitigate those risks. We also discuss the risks companies may face through activism and litigation because of how third parties are using these technologies.

We provide four recommendations for companies to consider—or consider further—as they seek to better manage disclosure risks by using data analytics technology. These recommendations include ways in which companies may leverage both traditional data analytics tools[1]—which often require data scientists manually to compile and examine reports—and tools incorporating machine learning and AI capabilities[2] such that portions of the analysis may be automated.[3] Broadly, these recommendations are centered around using data analytics technology to more proactively:

  • assess regulatory filings, investor disclosures, and public statements for areas of regulatory risk;
  • understand, prepare for, and respond to activism and litigation relating to public disclosures;
  • address fraud and non-compliance with corporate policies and procedures; and
  • identify and combat misinformation in news and media coverage about the company and its business.

These recommendations are intended at a high level and many of them may be implemented using either traditional data analytics tools or AI capabilities. Moreover, AI and the legal frameworks governing its development and use are rapidly evolving, and, while the information in this alert is accurate as of the date of its writing, we are confident that subsequent developments will warrant continued evaluation of the relevant factual, technological, and legal landscape. Ultimately, the purpose of the discussion and recommendations below is to assist companies as they consider how to use these tools to enhance compliance around the company’s public financial and sustainability disclosures.

II.  RELEVANT TECHNOLOGY AND RELATED CONSIDERATIONS

  1. Data Analytics

Data analytics (sometimes referred to as “data science” in the technology and academic sectors) involves the collection, transformation, and organization of data in order to draw conclusions, develop predictions, and support informed decision-making. Data analytics relies on data mining, data cleansing, data transformation, and data modeling to describe, predict, and improve performance. In the business context, data analytics has become an increasingly important tool for analyzing and shaping business processes, improving decision-making, and driving business results.

Broadly speaking, data analytics is commonly used in several ways:

  • Descriptive analytics identifies trends and patterns in current or historical data to describe the state of affairs in a specified time period.[4] In the business context, data analytics is used to analyze business information and develop insights to inform business decisions.
  • Diagnostic analytics uses data to identify, understand, and explain the reasons for past performance.[5]
  • Predictive analytics uses statistical modeling, forecasting, and machine learning to analyze data produced by descriptive or diagnostic analytics and to make predictions about the future based on that analysis.[6]
  • Prescriptive analytics uses machine learning and complex algorithms to build and test specific solutions to complex problems that can be implemented to solve business problems and drive improved results.[7]

Data analytics can be manual or automated, with automated processes relying on computers to generate results more efficiently, cost-effectively, and with minimal need for human intervention.

A recent example of non-AI data analytics tools that impact public companies is the Securities and Exchange Commission’s (SEC’s) Earnings Per Share Initiative, which uses “risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.”[8] Unlike other initiatives that focus on re-running financial data, the EPS initiative is using data analytics and other tools to uncover evidence of manipulation in reporting.[9] Although relatively simple compared to generative artificial intelligence (GAI), these data-based approaches can reveal large-scale manipulation due to human error (e.g., investigators review data to ensure that the proper ratio of the numeral “4” appears in data, as human manipulation tends to leave out the number 4, due to a tendency to round up or down).[10] Academic research on earnings management and accounting fraud has applied such methods or concepts to detect fraud by, for example, drawing correlations between CEO/CFO driving records and propensity for ostentatious lifestyles.[11] Regulators and analysts are using the methods developed in these papers to detect accounting fraud earlier and, according to the SEC’s latest budget request, it plans to put even more effort into developing its AI capabilities.[12]

  1. Artificial Intelligence

AI is a technology through which various computing and analytics tasks can be automated. “An AI system is a machine-based system that is capable of influencing the environment by producing an output (predictions, recommendations or decisions) for a given set of objectives. It uses machine and/or human-based data and inputs to (i) perceive real and/or virtual environments; (ii) abstract these perceptions into models through analysis in an automated manner (e.g., with machine learning), or manually; and (iii) use model inference to formulate options for outcomes. AI systems are designed to operate with varying levels of autonomy.”[13] For example, AI systems can be used to automate any of the four types of data analytics described above. AI systems can be designed to automatically analyze data, identify issues, propose solutions, and predict how a solution will work. With that information in hand, human decision-makers can decide whether or not to take a proposed course of action. AI systems can also be designed to be fully automated. That is, once an AI system has identified a problem and proposed and tested a solution, it can decide whether to implement the solution without human intervention.

To be able to propose and test solutions to complex problems—and even take independent action—an AI system relies on training models that consume and process vast amounts of data. The lifecycle of an AI system involves several phases: “i) ‘design, data and models’; which is a context-dependent sequence encompassing planning and design, data collection and processing, as well as model building; ii) ‘verification and validation’; iii) ‘deployment’; and iv) ‘operation and monitoring’. These phases often take place in an iterative manner and are not necessarily sequential.”[14]

III.  GENERAL USE CASES FOR ANALYTICS IN THE COMPLIANCE SPACE

  1. Current State of the Use of Data Analytics Technology

Although companies are rapidly adopting data analytics technology, its use for managing risk and compliance has lagged somewhat. Deloitte conducted a recent study of large-cap companies by surveying members of the Society for Corporate Governance.[15] The study found that nearly half of all respondents reported that the use of AI tools was neither expressly permitted nor prohibited within their company. However, among large-cap respondents, only 25% reported that the use of AI tools is simply not addressed by company policies, with 36% of large-cap respondents reporting that they allow for AI use for specific purposes, and 14% of large-cap respondents permitting use for any purpose.[16]

Among large-cap respondents, 17% reported that they do not currently have any AI use framework, AI policy, or AI code of conduct in place, while 47% are “currently considering” implementing such policies and frameworks.[17] Notably, among all respondents (including mid- and large-cap), only 13% have specific AI-related policies or frameworks in place.[18] However, 57% of large-cap respondents are currently considering revising corporate policies (including privacy, cyber, risk management, etc.) to address the use of AI.[19]

Although AI use cases span many industries, the current focus of AI-related attention (including usage, strategy, impact, disruption, competitive advantage, and risk) for large-cap respondents was focused primarily on sales/marketing (55%), product development (48%), legal (42%), human resources (36%), risk (30%), and finance/accounting (21%).[20]

With respect to internal company management of AI, responsibility is primarily delegated to IT/tech (56% of large-cap respondents), a cross-functional working group (47% of respondents), and legal (34% of respondents). At the board level, 25% of large-cap respondents reported not expressly delegating authority for primary oversight of AI, 19% reporting that the topic has not yet been addressed at the board level, 19% placing responsibility with the audit committee (or similar), 13% of respondents place responsibility with the technology committee, another 13% placing authority with the full board, and notably only 3% placing responsibility with the risk committee.[21]

There is a risk that at least some employees are using AI in a way that is not on the companies’ radar. A recent survey by the Conference Board found that “56% of workers are using generative AI at work but only 26% of those respondents said their organization has a policy related to its use.”[22] This use of AI presents risks, but it also shows the promise that AI presents across a wide variety of corporate functions.

  1. Risks and Opportunities in the Use of Environmental Data Analytics Technology

Despite a relatively low rate of adoption of data analytics technology by large companies, smaller companies and organizations are already building such tools, especially to push for additional environmental and sustainability measures. These tools are not just novelties. They pose potential risks to companies because governments across the world are requiring the disclosure of increasingly large amounts of environmental and sustainability data. Environmental activists and large, especially European, investors are likewise demanding the disclosure of sustainability data, including human rights, supply chain, and human capital information. This disclosure of ever-larger amounts of data combined with increasingly powerful computing technology creates an ever-more-risky disclosure environment for public companies.[23]

Some examples of tools that are publicly known include Climate TRACE, which tracks and inventories companies’ emissions in real-time;[24] GreenWatch, which compares companies’ green claims to emissions performance;[25] Datamaran, which reviews and analyzes corporate governance data to assess a company’s ESG performance and identify areas for improvement;[26] Manifest Climate, which compares companies’ data to reporting frameworks, regulations, and peers;[27] and JUST Capital, which uses AI to rank companies on the basis of “just” business behavior, emphasizing ESG factors.[28] BreezoMeter offers real-time air quality data, promoting environmental transparency and awareness.[29] ClarityAI provides sustainability data to allow users to invest, shop, and benchmark based on that data.[30] These tools create risks but also present opportunities.

Of course, companies could consider using some of these tools, such as Datamaran or Manifest Climate, to their own advantage, especially to evaluate their compliance with complex regulations and ESG rules, and to compare their disclosures and metrics to other peers. Additionally, companies could consider using tools such as SustainLab, which provides a comprehensive platform for sustainability data management and reporting;[31] Ecogain, which uses AI to assist companies in setting and achieving sustainability goals;[32] and Turntide Technologies, which uses AI to optimize energy consumption in buildings.[33] Such tools could, for example, help companies ensure they comply with their state and federal reporting requirements.

  1. SEC Recognition of Opportunities for the Use of AI

As companies have increasingly begun to deploy AI, the SEC has begun to consider how AI can be used to enhance its compliance and enforcement efforts. The agency describes several uses of AI in its most recent budget request to Congress, which describes the SEC’s “broader undertaking to initialize and integrate machine-learning and artificial intelligence-supporting technology, with the ultimate goal to innovate and develop usable tools for the staff that deploy predictive and information visualization models to create data analytics efficiencies, particularly in the rulemaking context, where the staff routinely receives significant and diffuse feedback from market participants during open comment periods.”[34]

In a September 10, 2023 speech to the annual meeting of the North American Securities Administrators Association (NASAA), SEC Commissioner Mark T. Uyeda discussed some of the potential benefits of AI use, including decreased operational costs for companies and expanded access to investors.[35] Importantly, Commissioner Uyeda also discussed how AI can be used to improve compliance efforts by both companies and regulators. For companies, Commissioner Uyeda noted that they will be able to use AI to detect fraud, monitor data, flag risk indicators, and identify patterns in data much faster.[36] Such uses might reduce costs for companies, result in more accurate determinations of compliance violations, and inform decisions about whether findings need to be escalated, including to regulators and law enforcement.[37] For regulators, AI can help sift through the large volumes of data included in Exchange Act filings, for example. Regulators can use AI to evaluate those filings and identify areas of potential risk.

IV.  RISK MANAGEMENT STRATEGIES AND RECOMMENDATIONS

The growing use of data analytics technology by activist organizations and regulators to challenge companies’ business practices and regulatory disclosures puts pressure on companies to consider what actions they might take to implement tools of their own to respond to and preempt such efforts. We discuss four risk areas below: public disclosures and statements, activism and litigation, fraud and non-compliance with corporate policies, and misinformation about the company in news and media coverage. These risk areas intersect and impact one another. Accordingly, companies should consider how to leverage the tools discussed below across risk areas where appropriate.

However, it is important to take all the recommendations below as intended: Not as a promotion of any particular method or product but as an encouragement to consider how data analytics technology can help a company mitigate the risks created by the increasingly data-driven scrutiny of corporate financial and sustainability disclosures.

  1. Leverage Data Analytics Technology to Assess Regulatory Filings, Investor Disclosures, and Public Statements for Areas of Regulatory Risk

Public companies are required and urged to disclose large amounts of information, and those disclosures must comply with an increasingly complex array of regulatory and third-party oversight. These disclosures create the potential for hundreds of opportunities for simple human error and intentional or reckless misstatements or omissions that are always judged in hindsight. Ensuring compliance with these requirements can be challenging, even under established, longstanding regulatory regimes.

Existing disclosure requirements present sufficient compliance risks because as noted above, the SEC has already begun proactively using data analytics technology to identify non-compliance.[38] Compliance is even more challenging when regulators adopt new disclosure requirements, which has been happening at a torrid pace. Without a clear interpretation, an enforcement track record, or guidance from courts, new disclosure rules can create significant regulatory uncertainty, increasing risk for companies required to file under the new rules. For example, the SEC’s new rules on cybersecurity disclosures for public companies significantly changed the status quo—imposing a substantial burden and introducing complexity to incident response for all public companies.[39]

Additionally, in the coming months, the SEC is expected to finalize new rules that would require public companies to disclose in their 10-Ks a potentially expansive amount of data relating to environmental and climate risks.[40] Not to be outdone, the California Legislature recently passed two bills that will impose significant and mandatory climate-related reporting requirements for large public and private companies doing business in California.[41] The bills require annual disclosure of audited Scope 1, 2, and 3 greenhouse gas emissions and biennial disclosure of certain climate risks.[42] The European Union is also implementing several directives over the coming years that will require multinational companies to disclose environmental, social, and governance data[43] and extensive human rights impacts across their value chains.[44] These directives and rules collectively will result in significantly more disclosures and could—indeed, are intended to—heighten the compliance, investigation, and litigation risks for companies.

There are several ways companies could use data analytics technology to assess and mitigate the risks posed by current and coming disclosure requirements. As an initial matter, companies could use some of the third-party tools described above to test their data and disclosures.[45] Companies could use existing data sets of SEC comment letters and enforcement actions to develop their own lists of SEC hot topics and trends. Companies could use data analytics technology to compare the disclosures of peer companies and compare those disclosures against their own. This type of analysis could help companies identify whether peers are handling their disclosures differently and inform changes to their disclosures if the analysis identifies gaps. Especially in uncertain or new regulatory environments, such as the SEC’s new cybersecurity reporting rules and its proposed emissions reporting rules, evaluating and learning from the disclosures of peer firms is an important way to mitigate risk. Data analytics technology can make that process more efficient and dynamic.

Companies could also employ data analytics technology to learn from the mistakes peer companies have made with their disclosures. For example, companies could analyze SEC or Environmental Protection Agency (EPA) enforcement actions and identify the issues that triggered regulatory scrutiny. Data analytics technology could enable analysis of a vast number of relevant enforcement actions to discern key compliance errors or patterns of enforcement. Companies could also cross reference the disclosures of peer companies against SEC or EPA enforcement actions to identify which disclosures triggered investigation and enforcement.

Looking inward to the company’s own data, data analytics technology could be used to evaluate internal controls and monitor and analyze hotline or whistleblower complaints. Similarly, companies could employ data analytics technology to analyze their own historical disclosures and compare them against current enforcement priorities and new regulations to determine what the potential risks are and what, if any, sections of the disclosures need to be updated or modified.

Companies also can learn from financial analysts and academics, who have devised ways to identify fraudulent activity in financial statements. None of these methods are proven, but combined, analytical methods like pattern recognition, Benford’s Law,[46] textual analysis of disclosures,[47] and ratio analysis can be proactively employed to test the company’s own information. The requirement by the SEC that companies disclose much of their data using XBRL (eXtensible Business Reporting Language) format means that much of the companies’ key data is reported in machine-readable, structured data format. This makes it easier for investors and third parties to analyze,[48] but also for companies to perform their own analyses.

Caution is warranted as companies begin to incorporate the use of these tools. Recent reporting has highlighted the shortcomings of AI when it comes to analyzing disclosures such as SEC filings.[49] Indeed, researchers have found that as of this writing, AI models are only able to answer relevant questions about an SEC filing with 79% accuracy.[50] However, the use of AI for discrete tasks that have been shown to produce accurate results and the use of non-AI data analytics on larger tasks, like the methods described above, may be valuable ways to improve a company’s disclosure review process. Moreover, it will be important to continue to monitor AI’s capabilities as the technology in this space is developing quickly.

  1. Leverage Data Analytics Technology to Understand, Prepare for, and Respond to Activism and Litigation Relating to Public Disclosures

Companies may also be able to use data analytics technology to mitigate activism and litigation risk. Increasingly, activists and other organizations are using data analytics technology to evaluate companies’ advertisements, press releases, and disclosure documents and to compare them against actual performance, regulatory frameworks, and desired policy goals. This analysis can often result in shareholder activism, litigation or regulatory scrutiny, and reputational damage to the company.

Climate activist organizations have taken a particular interest in this approach, leveraging a growing number of data analytics technology tools to evaluate and report on companies’ climate change and environmental activities. For example, Datamaran reviews and analyzes corporate governance data, including ESG risks and opportunities, to assess a company’s ESG performance and identify areas for improvement.[51] Climate TRACE independently tracks companies’ emissions in real time, and has been described as the “world’s first global emissions inventory.”[52] GreenWatch contrasts companies’ green or sustainability claims against their actual emissions performance, and has been advertised as AI to detect “greenwashing.”[53]

Another existing tool is provided by Manifest Climate, which compares company data to reporting frameworks and regulations, as well as to peers. Using a dashboard format, Manifest Climate promises to employ AI to help companies with sustainability compliance and strategy. Specifically, the tool is designed to help companies “identify their climate-related risks and opportunities, track peer action and market trends, and provide better disclosures aligned with global reporting standards and frameworks including TCFD, SEC, CSA, ISSB and more.”[54] It promises to allow companies to compare themselves to peers, identify sustainability actions the company is taking that it is not disclosing, and serve as a climate risk management solution. These offerings are examples of ways companies may benefit from AI applied to sustainability reporting. The tool, and the others discussed throughout this memo, show some of the early capabilities that third parties are likely to apply against companies’ data.

Companies can likewise use AI to evaluate activists’ claims, employing their own analytics to evaluate and respond to allegations regarding inaccurate or misleading statements in their marketing materials, on their websites, and in their public filings and statements. This is a useful defensive tool, not just to respond to claims made in activist campaigns or shareholder engagements, but also to claims made in the media that may affect corporate reputation, trigger shareholder proposals or proxy fights, or draw regulatory scrutiny.

Data analytics technology can also play a role in mitigating risk in specific litigation. For example, in support of claims based on misleading statements and or deceptive marketing, plaintiffs often pull statements from particular documents at particular times and use them out of context. Companies facing such a lawsuit could consider using data analytics technology to analyze those statements, support responsive filings, and build a more complete and accurate narrative. But it is critical that companies comply with court orders and any other applicable rules and requirements, including rules of professional conduct, when using AI in the litigation context and strictly avoid relying on AI-generated content for filings or strategy.[55]

That said, the proactive use of data analytics technology is becoming more important in light of the increasing government focus on sustainability disclosures. In addition to the SEC’s efforts discussed above, the Federal Trade Commission (FTC) provides another example of increasing government scrutiny that creates risk. Under section 5 of the Federal Trade Commission Act, the FTC has the authority to “prevent persons, partnerships, or corporations” from using “unfair or deceptive acts or practices in or affecting commerce.”[56] There is a risk that a company’s public sustainability statements may come under scrutiny for being allegedly unfair or deceptive.

For example, activists are placing particular emphasis on so-called “greenwashing” statements and are pressuring the FTC to step in. In fact, the FTC has taken some action in this area, requesting public comment on its Guides for the Use of Environmental Marketing Claims (Green Guides).[57] First issued in 1992 and most recently revised in 2012, the Commission’s Green Guides, 16 C.F.R. part 260, address the applicability of section 5 of the FTC Act to environmental advertising and labeling claims.[58] The Green Guides outline general principles applicable to all environmental marketing claims, and provide specific guidance regarding many common environmental benefit claims.[59]

The EU proposed Green Claims Directive likewise will expand the regulatory scrutiny over sustainability claims. The directive lists actions “which are to be considered misleading if they cause or are likely to cause the average consumers to take a transactional decision that they would not have otherwise taken” and expands the lists of “commercial practices which are considered unfair in all circumstances . . . to four practices associated with greenwashing.”[60] It also imposes detailed substantiation requirements on sustainability claims.

With respect to FTC requests for comments about rulemaking, companies could employ AI to mine the comment submissions for keywords or themes. AI may help identify instances where the company’s interests are specifically mentioned and in what context. It could also recognize patterns in the comment submissions that hone in on the issues most addressed by commenters to help focus the company’s responses on the key issues. Moreover, companies could use this approach with respect to analyzing any large agency docket or action in which they are interested, understanding the critical issues, and formulating a responsive strategy. Regardless, companies should monitor the market because these types of tools are improving in quality and sophistication.

As a more general matter, companies can use data analytics technology both proactively and defensively to ensure that their public statements do not run afoul of these developing rules and standards. As described above, companies could employ data analytics technology to analyze and learn from the public statements of other companies, especially those of competitors. Companies could use the results to evaluate whether their public statements conform to standard practice and whether any similar statements have drawn regulatory scrutiny. More defensively, in an environment where third parties are using AI tools to analyze a company’s public statements, companies can use AI tools to run their own internal analyses of public statements prior to publication to identify and remediate any potential issues likely to be seized on by regulators, plaintiffs, or activists.

  1. Increase the Use of Data Analytics Technology to Address Fraud and Non-Compliance with Corporate Policies and Procedures

Fraud and non-compliance with corporate policies and procedures are not new risks for companies, but as regulators increasingly employ new tools to detect fraud—as noted above—it is imperative that companies leverage data analytics technology internally to mitigate risk. Using basic structured query (“SQL”) language tools, for instance, companies are already using data analytics technology to continuously monitor and audit vast and complex data streams, looking for anomalies or behavioral patterns that may indicate fraud. SQL queries can compare data across tables and use statistical functions to identify discrepancies or outliers in data. SQL can be used to generate summary reports, which can be used to identify trends and patterns in data. Queries can also be used to analyze trends in data over time by comparing data across audits performed in different time periods.[61] Major banks already use data analytics technology to identify credit card and banking fraud and to maintain compliance with anti-money laundering and other rules, so this is an area that is relatively advanced in terms of the availability of off-the-shelf tools.[62] Some companies have been using data analytics technology to identify employee fraud and monitor for anti-corruption compliance.[63] The results can be used to guide internal investigations and to inform recommendations on how to improve internal policies and controls.

  1. Use Data Analytics Technology to Help Identify and Combat Misinformation in News and Media Coverage About the Company and Its Business

News media reports about a company’s substantive business and compliance efforts may pose significant potential risks. News reports can serve as a trigger for government investigations, regulatory action, and lawsuits, and regulators and plaintiffs’ attorneys have been known to leverage information contained in such reports. They can also significantly impact corporate reputation and stock prices. Data analytics technology offers an efficient and automated method to comb the internet for relevant reports, articles, or statements, identify any misstatements or inaccuracies, and flag issues for decision. Such information could enable a company to quickly correct the record on inaccurate news pieces, publish responses, or address misleading statements through its public disclosures.[64]

V.  CONCLUSION

Data analytics technology has now matured to a point where companies should consider how to harness it for enhancing compliance around their corporate financial and sustainability disclosures. There is far more growth to come, but there are opportunities for assessing regulatory filings and public disclosures; understanding and responding to activism and litigation; addressing fraud and non-compliance with corporate policies and procedures; and identifying and combating misinformation in news and media coverage about the company and its business. As regulators, activists, and others ramp up their data-driven scrutiny of corporate financial and sustainability disclosures, companies may want to stay ahead of those efforts.

__________

[1] As generally understood in the technology sector, data analytics (also known as data science) is a technology-agnostic discipline in which the data collected, generated, and maintained by an organization is subjected to statistical analysis for the purposes of providing the organization with insights relevant to its operations and objectives such that it can guide decision-making and help solve other organizational problems. Data analytics can be used, for example, in product development, supply chain management, and financial modeling. Data analytics also may help to identify and mitigate legal and compliance risks, which are the focus of this memorandum. For more information, see generally, e.g., Thor Olavsrud, What is data analytics? Analyzing and managing data for decisions, CIO (June 7, 2022), https://www.cio.com/article/191313/what-is-data-analytics-analyzing-and-managing-data-for-decisions.html.

[2] In the context of this alert, we discuss the capabilities of AI only as related to the analysis and mitigation of compliance risks, such that companies may consider that AI is not entirely distinct from data analytics.

[3] “An AI system is a machine-based system that is capable of influencing the environment by producing an output (predictions, recommendations or decisions) for a given set of objectives.” OECD.AI Policy Observatory, OECD AI Principles overview, https://oecd.ai/en/ai-principles (last visited Oct. 2, 2023).

[4] See Olavsrud, supra note 1.

[5] Id.

[6] Id.

[7] Id.

[8] Securities and Exchange Commission, SEC Charges Gentex and Chief Financial Officer in Connection with EPS Initiative (Feb. 7, 2023), https://www.sec.gov/enforce/34-96819-s.

[9] See here. Silver Law Group, What To Know About The SEC’s “EPS Initiative” (June 16, 2023), here.

[10] See Dave Michaels, SEC Probes Whether Companies Rounded Up Earnings Per Share, Wall St. J. (June 22, 2018), https://www.wsj.com/articles/sec-probes-whether-companies-rounded-up-earnings-1529699702?mod=article_inline.

[11] David Woodcock, Accounting Fraud: Down, But Not Out, Law360 (Sept. 11, 2015, 10:38 AM EDT), https://www.law360.com/articles/700727. (“There are now thousands of academic research papers on earnings management and accounting fraud, on the motivations, financial impacts and detection methods, among other things. They apply methods or concepts like Benford’s Law, quadrophobia, Beneish M-Scores, F-Scores, and cash flow variances, and they draw correlations between CEO/CFO driving records and propensity for ostentatious lifestyles. Their work is being used by regulators and analysts to detect accounting fraud earlier.”). The point here is that the SEC’s use of these tools is not new, but it is increasing as the agency seeks to harness data analytics technology for use in its review of public company disclosures and accounting.

[12] Securities and Exchange Commission, SEC Fiscal Year 2024 Congressional Budget Justification Annual Performance Plan (SEC 2024 Budget), 26, at https://www.sec.gov/files/fy-2024-congressional-budget-justification_final-3-10.pdf (“In addition, the SEC intends to invest in artificial intelligence/machine learning (AI/ML) and other capabilities to address the growing volume of data it receives, processes, analyzes, and makes available to the investing public.”).

[13] OECD.AI Policy Observatory, supra note 3.

[14] Id.

[15] Natalie Cooper, Bob Lamm, & Randi Val Morrison, Board Practices: Artificial intelligence, Harvard Law School Forum on Corporate Governance (Sept. 2, 2023), https://corpgov.law.harvard.edu/2023/09/02/board-practices-artificial-intelligence/#more-158903

[16] Id.

[17] Id.

[18] Id.

[19] Id.

[20] Id.

[21] Id.

[22] Frederic Lee, Employee AI Use Outpacing Workplace Policies, Agenda Week (Sept 29, 2023), here.

[23] David Woodcock, ESG and The Board: Avoiding Risky Business, The Corporate Board (Sept./Oct. 2023) (“[S]ustainability and ESG reports highlighting corporate disclosures and commitments have grown considerably in length over the past few years. According to one study, these have grown from an average length of 102 pages in 2019 to 165 pages in 2022. Almost every large company produces one.”),

[24] Climate TRACE, https://climatetrace.org/ (last viewed Oct. 2, 2023).

[25] GreenWatch, http://greenwatch.ai/ (last viewed Oct. 2, 2023).

[26] Datamaran, https://www.datamaran.com/ (last viewed Oct. 2, 2023).

[27] Manifest Climate, https://www.manifestclimate.com/ (last viewed Oct. 2, 2023).

[28] JUST Capital, https://justcapital.com/ (last viewed Oct. 2, 2023).

[29] BreezoMeter, https://www.breezometer.com/air-quality-map/ (last viewed Oct. 2, 2023).

[30] ClarityAI, https://clarity.ai/ (last viewed Oct. 2, 2023).

[31] SustainLab, https://sustainlab.co/ (last viewed Oct. 2, 2023).

[32] Ecogain, https://en.ecogain.se/ (last viewed Oct. 2, 2023).

[33] Turntide Technologies, https://turntide.com/ (last viewed Oct. 2, 2023).

[34] SEC 2024 Budget, supra note 12, at 25 (noting the importance of two requested data analyst positions: “The positions are critical to the division’s effort to support the agency’s broader undertaking to initialize and integrate machine-learning and artificial intelligence-supporting technology, with the ultimate goal to innovate and develop usable tools for the staff that deploy predictive and information visualization models to create data analytics efficiencies, particularly in the rulemaking context, where the staff routinely receives significant and diffuse feedback from market participants during open comment periods.”); 26 (“In FY 2024, the SEC Cloud Center of Excellence will continue to help drive modernization efforts within the Commission. The cornerstone of this program is a cloud platform that will allow the SEC to increase mission capabilities and agility through the use of modern software tools to enable data visualization, artificial intelligence, and machine learning.”).

[35] Mark T. Uyeda, Remarks to the 2023 NASAA Fall Annual Meeting—Modernizing Investor Protection for the Digital Age, Securities and Exchange Commission (Sept. 10, 2023), https://www.sec.gov/news/speech/uyeda-remarks-nasaa-091023.

[36] Id.

[37] Id.

[38] See supra note 8 (discussing SEC’s EPS initiative).

[39] Client Alert, SEC Adopts New Rules on Cybersecurity Disclosure for Public Companies, Gibson, Dunn & Crutcher LLP (July 31, 2023), https://gdstaging.com/sec-adopts-new-rules-on-cybersecurity-disclosure-for-public-companies/.

[40] SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors, U.S. Sec. & Exch. Comm’n (Mar. 21, 2022), https://www.sec.gov/news/press-release/2022-46.

[41] Client Alert, California Passes Climate Disclosure Legislation, Gibson, Dunn & Crutcher LLP (Sept. 27, 2023), https://gdstaging.com/california-passes-climate-disclosure-legislation/.

[42] Id.

[43] Client Alert, European Corporate Sustainability Reporting Directive (CSRD): Key Takeaways from Adoption of the European Sustainability Reporting Standards, Gibson, Dunn & Crutcher LLP (Aug. 23, 2023), at https://gdstaging.com/european-corporate-sustainability-reporting-directive-key-takeaways-from-adoption-of-european-sustainability-reporting-standards/.

[44] Client Alert, European Commission Proposes Far-Reaching Human Rights and Environmental Due Diligence Obligations, Gibson, Dunn & Crutcher LLP (Mar. 11, 2022), at https://gdstaging.com/european-commission-proposes-far-reaching-human-rights-and-environmental-due-diligence-obligations/.

[45] Note the guidance in the concluding section on certain risks to consider when doing this, including confidentiality of sensitive company data.

[46] Benford’s Law as a Quality of Reporting Indicator, Ideagen Audit Analytics, https://blog.auditanalytics.com/benfords-law-as-a-quality-of-reporting-indicator/ (last visited Jan. 1, 2024).

[47] Loughran, Tim and McDonald, Bill, Textual Analysis in Finance (June 17, 2020), available at https://ssrn.com/abstract=3470272.

[48] Audit Analytics, https://www.auditanalytics.com/ (last visited Oct. 2, 2023).

[49] AI Models Only 79% Accurate When Asked About SEC Filings, PYMNTS (Dec. 19, 2023), https://www.pymnts.com/artificial-intelligence-2/2023/ai-models-only-79-accurate-when-asked-about-sec-filings/ (last visited Jan. 10, 2024).

[50] Id.

[51] Datamaran, supra note 26.

[52] Climate TRACE, supra note 24.

[53] GreenWatch, supra note 25.

[54] Manifest Climate, supra note 27.

[55] Peter Hayes, Attorneys Must Certify AI Policy Compliance, Judge Orders, Bloomberg Law (May 31, 2023) (discussing Judge Brantley Starr’s standing order on the use of AI), available at https://news.bloomberglaw.com/litigation/attorneys-must-certify-ai-policy-compliance-judge-orders.

[56] 15 U.S.C. § 45.

[57] Federal Trade Commission, Request for Public Comment, Guides for the Use of Environmental Marketing Claims, 87 Fed. Reg. 77766 (Dec. 20, 2022), https://www.regulations.gov/document/FTC-2022-0077-0001.

[58] Id.

[59] Id.

[60] European Commission, Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on substantiation and communication of explicit environmental claims (Proposed Green Claims Directive) (Mar. 22, 2023), https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52023PC0166&from=EN. This proposed directive is intended to work together with an earlier directive. See European Commission, Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL empowering consumers for the green transition through better protection against unfair practices and better information (Proposed Greenwashing Directive) (Mar. 30, 2022), https://eur-lex.europa.eu/resource.html?uri=cellar:ccf4e0b8-b0cc-11ec-83e1-01aa75ed71a1.0012.02/DOC_1&format=PDF.

[61] Muhammad Musa Mazhar, Audit Analytics: When writing few lines of SQL can help detect billion dollar fraud, LinkedIn (Dec. 22, 2022), https://www.linkedin.com/pulse/audit-analytics-when-writing-few-lines-sql-can-help-detect-mazhar/.

[62] See, e.g., J.P. Pressley, Why Banks Are Using Advanced Analytics for Faster Fraud Detection, BizTech (July 25, 2023), https://biztechmagazine.com/article/2023/07/why-banks-are-using-advanced-analytics-faster-fraud-detection#:~:text; Denis Francis, Imke Jacob, and Fadi Zoghby, The Data and Analytics Edge in Corporate and Commercial Banking, McKinsey Report (Mar. 23, 2023), https://www.mckinsey.com/industries/financial-services/our-insights/the-data-and-analytics-edge-in-corporate-and-commercial-banking; Jamie Dimon, Chairman and CEO Letter to Shareholders, JP Morgan Chase & Co. Annual Report 2022, https://reports.jpmorganchase.com/investor-relations/2022/ar-ceo-letters.htm (“We already have more than 300 AI use cases in production today for risk, prospecting, marketing, customer experience and fraud prevention, and AI runs throughout our payments processing and money movement systems across the globe. AI has already added significant value to our company. For example, in the last few years, AI has helped us to significantly decrease risk in our retail business (by reducing fraud and illicit activity) and improve trading optimization and portfolio construction (by providing optimal execution strategies, automating forecasting and analytics, and improving client intelligence).”).

[63] See, e.g., Angie Sullivan & Mathias Ward, Four ways to use data analytics to identify corruption red flags, Tableau, https://www.tableau.com/blog/identify-corruption-red-flags-using-data-analytics (describing four steps to using data analytics: (1) Identify corruption risk factors; (2) Design analytics to identify corruption red flags; (3) Risk rank transactions and perform testing; (4) Use analytics to provide proactive alerting of high-risk transactions).

[64] Even where companies already engage in proactive monitoring of the Internet for relevant material, AI could be used to perform or improve some of those functions.


The following Gibson Dunn attorneys assisted in preparing this update: Vivek Mohan, David Woodcock, Frances Waldmann, Hugh Danilack, and Samantha Yi*.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any of the leaders and members of the firm’s Artificial Intelligence, Securities Enforcement, or Securities Regulation and Corporate Governance practice groups, or the following authors:

Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
David Woodcock – Dallas (+1 214.698.3211, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914, [email protected])
Hugh N. Danilack – Washington, D.C. (+1 202.777.9536, [email protected])

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Co-Chair, Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – Co-Chair, London/Paris (+44 20 7071 4902, [email protected])
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213.229.7186, [email protected])

Securities Enforcement:
Richard W. Grime – Co-Chair, Washington, D.C. (+1 202.955.8219, [email protected])
Mark K. Schonfeld – Co-Chair, New York (+1 212.351.2433, [email protected])
David Woodcock – Co-Chair, Dallas (+1 214.698.3211, [email protected])

Securities Regulation and Corporate Governance:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Co-Chair, Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – Co-Chair, New York (+1 212.351.2309, [email protected])

*Samantha Yi is an associate working in the firm’s Washington, D.C. office who currently is admitted to practice only in Maryland.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.