ONS Edition 8

Article: You’ve been hit with ransomware. Think twice before you pay. (Constangy, Brooks, Smith & Prophete, LLP, 10th December 2024)

Article Summary: Businesses must carefully weigh the costs and benefits before deciding to pay a ransom. Backups, help from forensic teams, encrypted data, and the possible impact on clients or business from downtime are all factors to think about. While paying ransom to unsanctioned cybercriminals is not explicitly forbidden under federal law, it is highly discouraged. Ransom is illegal in two states—Florida and North Carolina—outright. To keep track of who has had their U.S. assets frozen because of concerns regarding national security or foreign policy, the Office of Foreign Assets Control (OFAC) keeps tabs on cybercriminal groups' ransomware payments and supervises them. The OFAC offers advice to organizations hit by ransomware, stressing the consequences of paying the ransom. Since paying ransom does not ensure the secure return of stolen data or the restoration of an entity's operations, the U.S. government is against it. The average ransom payment has climbed by about $1 million since 2023, while the number of ransomware attacks has increased by 13% in the previous five years. Ransom payments, according to the authorities, only serve to incentivize more cyberattacks. Factors that reduce the likelihood of ransom payments include authentication protocols, cybersecurity training, offline backups, incident response plans, and frequent software updates for antivirus and anti-malware. To reduce the risk of sanctions violations, entities should implement incident response and compliance programs. The OFAC suggests tools for enhancing cybersecurity, such as the Ransomware Guide by the Cybersecurity and Infrastructure Security Agency. Businesses should notify the applicable U.S. government entities, such as CISA, the Office of Cybersecurity and Critical Infrastructure Protection under the Treasury Department, and law enforcement, about any ransomware attacks they may have encountered. To further reduce the impact, we will also investigate the possibility of collaborating with relevant authorities. If the idea of paying a ransom is still being explored, there are procedures to take to make sure it's done securely. You may check the SDN List, talk to cybersecurity and legal experts, and make sure you're following all the rules and regulations.

Article: Five Compliance Best Practices for … USMCA Management. (Foley & Lardner LLP, 04th December 2024)

Article Summary: As of July 1, 2020, NAFTA was superseded by the USMCA, which stands for the United States, Mexico, and Canada Free Trade Agreement. To be in compliance with USMCA, North American businesses must verify that they have accurately identified their nation of origin, assess their capacity to fulfil labour and regional content standards, examine updated certificates of origin, and fulfil recordkeeping procedures. For goods to be eligible for preferential tariff treatment, USMCA incorporates revised rules of origin that outline minimum regional content and other criteria. Certain items are subject to unique labour content and regional content laws, and customs regulations substitute a tariff-shift analysis for the traditional substantial transformation test. Checking certificates of origin before importing guarantees that all necessary paperwork is available. Not only that, but USMCA mandates that manufacturers, exporters, and importers keep records about the provenance of their goods. This includes keeping all certificates of origin and documents that back up certifications of origin. Furthermore, companies should make sure they are exempt from Chinese import regulations, as the marking requirements for products and the ability to claim origin status for Chapter 1-97 taxes are different from Section 301 tariffs.

Article: Expect Major Changes to Employment Benefits Under the Incoming Trump Administration. (Steptoe & Johnson PLLC, 09th December 2024)

Article Summary: It is believed that the proposed changes to employee benefits policies put forth by President-elect Trump during his 2024 presidential campaign will lead to a relaxation of regulation across various government agencies. Therefore, there will likely be substantial changes to employment benefits, especially employee health care plans, that are favourable to employers. Furthermore, retirement benefits could be impacted by changes in tax and investment policies, as could the introduction of legislation that facilitate companies' classification of persons as independent contractors. It is believed that Trump will roll back parts of the ACA, including the employer shared responsibility requirement or the penalty for noncompliance, with the backing of the Republican majorities in both houses of Congress. People whose health insurance is purchased through an Affordable Care Act exchange may see a rise in their premium costs if he backs efforts to repeal or scale back the individual health premium tax credit. There has been bipartisan support for comparable legislation, and the incoming Trump administration has indicated its intention to alter tax regulations to encourage workers to make contributions to their employers' 401(k) and 403(b) plans. It is widely believed that Trump would also reverse the final rule issued by the Department of Labor in 2022. This regulation permitted, but did not require, advisors to employee retirement plans to take ESG considerations into account when making investment decisions. Finally, Trump will probably order the Labor Department to carry out a regulation that was suggested by the previous Trump administration. This rule would make it easier for companies to label workers as independent contractors.

Article: What In-House Counsel Needs to Know About Generative AI (Vinson & Elkins LLP, 04th December 2024)

Article Summary: Generative AI (GAI) is a rapidly expanding technology that has the potential to alter the legal profession by boosting productivity, cost-efficiency, and enabling scalability. Nonetheless, in-house attorneys face substantial dangers and difficulties as a result. Even the most foolproof AI systems have vulnerabilities, thus protecting user data and personal information is of the utmost importance. To protect privilege, confidentiality, and compliance with professional norms, it is recommended to use only licensed AI products and familiarize oneself with their conditions of use. Another crucial factor to think about is how to optimize AI queries for improved outcomes. Using well-formed prompts improves the outcomes produced by machine learning and large language models; attorneys should specify their goals and purposes before utilizing any model. They can fine-tune the LLM's prompting by adjusting criteria including context, desired outcome, tone, and audience. Departments of legal should provide its attorneys with training on when to utilize these tools effectively and how to prompt them appropriately. With the help of generative AI, corporate legal departments have access to a variety of cost-effective technologies that can handle bigger volumes of work and more efficiently manage variable workflows. Legal teams can rely on GAI for a variety of tasks, including document management, due diligence, contract analysis, legal research, and document authoring. Validating every AI output is essential, though, because GAI still has a number of problems with the product it produces. Implementation and compliance are two of the integration challenges. It may be necessary to reassess current procedures for document review and compliance in order to bring them into line with the new technology. To facilitate their adoption and utilization, legal practitioners should get training on how to make the most of these technologies. It is recommended that legal departments implement AI policies and procedures. These should be reviewed on a regular basis to make sure they are still up to date and meeting all regulatory requirements. Generative AI must still adhere to strict ethical and legal guidelines. Lawyers should not depend on AI only for decisions, but rather should adhere to their duty of competence, validate information supplied by AI, comprehend the tool's limitations, and so on. Rather than trying to supplant human discretion, generative AI can be a useful tool for making well-informed decisions. Issued by the ABA Standing Committee on Ethics & Professional Responsibility, Formal Opinion 512 provides ethics guidance that is in line with the Model Rules of Professional Conduct and pertains to Generative Artificial Intelligence Tools. It is important for outside attorneys to pay close attention to client policies regarding the use of generative AI tools. Finally, generative AI could revolutionize in-house legal work, but before using it, lawyers need exercise caution, handle confidentiality concerns, ensure high-quality output, and enforce compliance. Legal professionals can take advantage of AI without compromising their professional, ethical, or corporate ethics by striking a balance between the two.