TheCorporateCounsel.net

Earlier this week, the SEC announced what I am pretty sure is the first “AI washing” case against a public company. (Please correct me if I’m wrong – we like to keep a solid record here.) Here’s more detail:

According to the SEC’s order, Presto made false and misleading claims about Presto Voice in Commission filings and public statements from November 2021 through May 2023. The order found that Presto’s statements regarding the technology powering Presto Voice were misleading because Presto failed to disclose that, for a period of time, the AI speech recognition technology in all units of Presto Voice that the company had then deployed was owned and operated by a third party.

Subsequently, Presto did deploy Presto Voice units powered by its own AI speech recognition technology with certain customers, but it falsely claimed that its own AI product eliminated the need for human order-taking. In fact, the vast majority of drive-thru orders placed through this version of Presto Voice required human intervention. The SEC’s order also found that Presto misleadingly disclosed its reported rate of orders completed without human intervention using this technology.

The SEC had previously brought charges against two investment advisors earlier this year and against at least one former founder and CEO, relating to private fundraising activity. As Dave predicted last March, it was only a matter of time before we’d see an action against a public company. Outgoing SEC Chair Gary Gensler has been talking about “AI washing” quite a bit – and he shared disclosure tips for artificial intelligence topics back in September (see this Baker Donelson memo for additional insights on preparing AI disclosures).

With all that build-up, I was a little surprised to see that the remedy in this inaugural action was merely a cease-and-desist order. The SEC did not impose a civil penalty – even though the fact pattern included a lot of the SEC’s favorite enforcement topics. For example, the company was a de-SPAC, and – wait for it – the order says that the company had no disclosure controls and procedures:

During this time period, Presto had no established process for drafting, reviewing, or approving periodic or current reports required to be filed with the Commission. Although Presto adopted a policy for review of press releases in December 2023, it never implemented disclosure controls and policies and procedures for reviewing periodic or current reports required to be filed by the company. As a result, Presto did not have an established process to ensure that the information required to be disclosed in its filings was recorded, processed, summarized, and reported accurately, or that information required to be disclosed by the company was accumulated and communicated to Presto’s management for timely assessment and disclosure pursuant to applicable rules and regulations. The result of this failure is that no one at Presto was formally responsible for ensuring that the information disclosed in Presto’s Commission filings was accurate.

I’d like to think this is a sign of brighter days ahead when it comes to leniency for deficient DCPs. What’s more likely is that it was unrealistic to collect a fine here. The SEC said the company cooperated, and it has since deregistered.

In addition to our “Artificial Intelligence” Practice Area on this site for governance and disclosure issues, we have a new resource. If you’re looking for direction on other compliance issues arising from AI, cyber, and other emerging technologies, make sure to check out our new “AI Counsel” blog! John and Zachary are sharing best practices and providing alerts about evolving issues for front-line risk management and compliance professionals.

– Liz Dunshee