At Today’s General Counsel, we aim to deliver informative, actionable insights to in-house leaders about the biggest issues shaping the legal landscape. If we were to rank the topics commanding the greatest share of boardroom and executive attention right now, artificial intelligence would almost certainly sit at the top.
AI is no longer theoretical. It is embedded in business operations, product development, and long-term strategy. Yet as these systems grow more powerful, they also grow increasingly opaque. For general counsel, that opacity presents a defining challenge: How do you oversee, govern, and mitigate risks that are not always visible, or even fully understood?
A pivotal development in regulation is attempting to change all of that. California’s Transparency in Frontier Artificial Intelligence Act seeks to address the “black box” nature of the watershed technology, as Corey P. Gray and Rachel E. Noveroske write in their cover story for this issue. Effective Jan. 1, the statute imposes new transparency and reporting obligations on certain AI developers, establishes whistleblower protections, and introduces civil penalties for noncompliance. GCs need to act fast for compliance.
The authors provide a detailed playbook for GCs to address the challenges of this new regulation and ensure seamless coordination across functional teams. It’s also worth remembering that what starts in California rarely stays there. We’ve already seen this happen with the California Consumer Privacy Act and its ripple effects on compliance practices nationwide. Don’t miss out on this required reading for in-house leaders.
Regulation, however, is only part of the equation. Once you are confident in your compliance posture, the next question becomes: How can legal lead AI adoption within the organization? In this issue, Monica Zent explores how GCs can take a proactive role in guiding responsible AI integration within their organizations.
“Leading by example is key to success, and GCs will want to consider how they can leverage AI in their own role,” she writes. Be sure to take note of her concrete suggestions on what GCs should do in the next 90 days to position legal departments as strategic partners in innovation.
Leadership and learning go hand in hand. To that end, we’ve included a wide range of other articles in this issue on topics like mobile discovery, legal drafting, and remote work scams to help you anticipate risk before it materializes.
We’re also pleased to offer you an exclusive interview with Nicole Zafian, Vice President of Learning & Engagement at the Corporate Legal Operations Consortium (CLOC), about the upcoming edition of the CLOC Global Institute (CGI), which will run in Chicago May 11-14. She provides us with an inside look at the buzzy event that serves as an industry bellwether. On a related note, our team is gearing up CGI in a major way with a special May/June issue dedicated entirely to legal operations. You won't want to miss it.
As always, be sure to subscribe to our newsletters and follow us on LinkedIn and X to receive even more analysis and insight from legal leaders.
Thank you for reading!
Amanda Kaiser Editor-in-Chief
MARCH/APRIL 2026
Volume 23/Number 1
PRIVACY & CYBERSECURITY
8 How GCs Can Get Ahead of California’s Transparency in Frontier AI Act
By Corey P. Gray and Rachel E. Noveroske
Discover how to get your organization compliant with California’s Transparency in Frontier Artificial Intelligence Act. PAGE 8
LEGAL
OPERATIONS
10 The 5 a.m. Crisis: Navigating the HighStakes Tug-of-War of Mobile Discovery
By Warren Kruse
Dive into the challenges of mobile discovery and learn how to balance privacy, preservation, and legal exposure.
12 How GCs Can Effectively Lead AI Adoption Efforts for Their Companies, Teams
By Monica Zent
Learn about the best ways to face both challenges and opportunities surrounding AI adoption at your organization. PAGE 12
INTERVIEW
15 Nicole Zafian Talks About What to Expect at the 2026 CLOC Global Institute
Read this exclusive interview with Nicole Zafian of the Corporate Legal Operations Consortium (CLOC) about the upcoming CLOC Global Institute, which will run in Chicago May 11-14.
From COLUMN THE LEGAL BRIEF WITH ROSS GUBERMAN 17 Law Firm
15
19 Imaginary Employees, Actual Danger: How In-House Counsel Can Stop Remote Work Scams in Their Tracks
By Chas Hamilton and Luqmaan Bokhary
Learn how to mitigate the risks of remote work scams and demonstrate a strong compliance posture in the event of an investigation.
Realization: The $30 Million Problem Hiding in Your Drafts
By Ross Guberman
A surprising share of the law firm realization gap traces back to something no one tracks—the quality of the first draft. Learn how to get ahead of this challenge.
17
EXECUTIVE EDITOR
Bruce Rubenstein
CHIEF EXECUTIVE OFFICER
Robert Nienhouse
EDITOR-IN-CHIEF
Amanda Kaiser
SENIOR EDITOR
Barbara Camm
ASSOCIATE EDITOR
Jessica Bajorinas
MANAGING DIRECTOR OF CLIENT PARTNERSHIPS & INITIATIVES
Lainie Geary
DIRECTOR OF ADMINISTRATION
Catherine Nienhouse
CONTRIBUTING EDITORS AND WRITERS
Luqmaan Bokhary
Corey P. Gray
Ross Guberman
Chas Hamilton
Warren Kruse
Rachel E. Noveroske
Monica Zent
DATABASE MANAGER
Patricia McGuinness
ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC
CLIENT PARTNERSHIPS MANAGER
Stella Vargas
EDITORIAL ADVISORY BOARD
Dennis J. Block GREENBERG TRAURIG LLP
Thomas W. Brunner WILEY REIN LLP
Mark A. Carter DINSMORE & SHOHL LLP
Jeffery Cross SMITH, GAMBRELL & RUSSELL LLP
Jamie Gorelick WILMERHALE LLP
Robert L. Haig KELLEY, DRYE & WARREN LLP
Robert C. Heim DECHERT LLP
Sheila Hollis DUANE MORRIS LLP
SUBSCRIPTION
Subscription rate per year: $199
For subscription requests, email subscriptions@todaysgc.com
David A. Katz WACHTELL, LIPTON, ROSEN & KATZ Nikiforos Iatrou MCCARTHY TETRAULT LLP
Steven F. Molo MOLOLAMKEN LLP
Robert A. Profusek JONES DAY
George D. Ruttinger CROWELL & MORING LLP
Jonathan S. Sack MORVILLO ABRAMOWITZ GRAND IASON & ANELLO PC
Victor E. Schwartz SHOOK, HARDY & BACON LLP
Jonathan D. Schiller BOIES SCHILLER FLEXNER LLP
REPRINTS
For reprint requests, email Lisa Payne: lpayne@mossbergco.com Mossberg & Company Inc.
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, without the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients.
To submit an article, go to todaysgeneralcounsel.com/submissions
How GCs Can Get Ahead of California’s Transparency in Frontier AI Act
By COREY P. GRAY AND RACHEL E. NOVEROSKE
AI is transforming business operations by boosting productivity and innovation, but its “black box” nature makes risk assessment challenging. California’s Transparency in Frontier Artificial Intelligence Act addresses this by requiring certain AI developers to meet new transparency and reporting rules. The act also offers whistleblower protections, introduces civil penalties, and urges
general counsel to quickly adapt for compliance.
TRANSPARENCY REPORTS AND INCIDENT REPORTING
Starting January 1, 2026, AI developers training models with over 1026 operations (AI models requiring astronomically large amounts of computation) must post transparency reports online, detailing their release dates, intended uses,
and restrictions. Those with annual revenues over $500 million (large frontier developers, or LFDs) must also publish a ten-category frontier AI framework, update it yearly, and report major changes within 30 days to inform consumers about catastrophic risk management. The act introduces new reporting obligations. All frontier developers are required to notify the Office of Emergency Services (OES) about “critical safety incidents” within 15 days and must report any such incidents posing an imminent risk of death or serious injury within 24 hours. Additionally, LFDs are obligated to file a confidential summary assessing catastrophic risks every three months. OES has not yet released the official reporting system, but in the interim the OES website provides contact information where reports should be made. General counsel should keep track of updates from OES for further direction.
NEW WHISTLEBLOWER PROVISIONS
The act includes robust enforcement mechanisms overseen by the California Attorney General, with civil penalties of up to $1 million
per violation. It protects “covered employees” who report critical risks or public safety incidents from retaliation and requires employers to give clear notice of these rights and provide an anonymous reporting process for disclosing violations or substantial public dangers.
Civil litigation under the act can also be costly. Once a covered employee shows a violation by a preponderance of the evidence, the company must prove independent, legitimate reasons for its conduct. Courts may award attorneys’ fees when granting injunctive relief, and the act’s remedies are cumulative to other California laws, with injunctive relief not stayed on appeal.
The act presents several new requirements to frontier AI developers. GCs are well-suited to address these challenges and ensure coordination across functional teams.
Here is a rundown of what GCs should address in light of this new law:
1
Understand the requirements
• Determine whether your organization qualifies as a frontier developer and whether it is a “large frontier developer” or LFD.
• Identify which reporting, transparency, and framework obligations apply.
• Understand California AG enforcement authority and whistleblower-based civil liability.
• Establish required transparency reports and (if applicable) a frontier AI framework.
• Implement an internal whistleblower reporting process.
• Calendar periodic submissions to OES.
• Confirm reporting obligations
for new or substantially modified frontier models.
• Set internal protocols for identifying and reporting critical safety incidents within 15 days.
• Identify all uses that may constitute “deployment” of a frontier model.
• Identify “covered employees” and provide whistleblower protection notices to covered employees.
• Track whistleblower compliance for existing and new employees.
• Review employment practices liability insurance (EPLI) and directors and officers (D&O) insurance to confirm alignment with compliance and reporting risks.
• Monitor evolving regulatory guidance, including OES and AG reports and updated definitions.
3
Implement a cross-functional compliance program
• Assign a single executive owner for compliance and reporting accuracy.
• Establish cross-functional input from development, policy, safety, HR, and legal.
• Require GC review of: AI framework documentation, transparency reports, and critical safety incident reports.
• Implement incident response plans and escalation protocols.
• Review employee agreements and NDAs to ensure covered employees can report safety incidents without restriction.
• Promote internal buy-in and a culture of compliance.
Prefer to read this online? Click here.
AN EVOLVING AI REGULATORY LANDSCAPE
The AI regulatory landscape is rapidly evolving. With definitions in the act, like “Large Frontier Developer,” set for review this year, the scope of act could change significantly. States, such as Colorado, Utah, Tennessee, Connecticut, Delaware, and Indiana are also implementing AI regulations that will impact companies operating in numerous states. At the federal level, several executive orders targeted AI in 2025. GCs must keep watch and stay informed. Companies will need them to provide timely advisement as they navigate the AI frontier.
Jon Mills and Joshua Quaye contributed to this article.
Corey P. Gray is a Partner at Boies Schiller Flexner. His practice areas include high-stakes business litigation, antitrust actions, and energy litigation that often involve issues of first impression.
Rachel E. Noveroske is an Associate at Boies Schiller Flexner. Her practice focuses on complex business litigation, antitrust litigation, and commercial arbitration disputes on behalf of plaintiffs and defendants in federal and state courts.
The 5 a.m. Crisis: Navigating the High-Stakes Tug-of-War of Mobile Discovery
By WARREN KRUSE
The 5 a.m. glow of a smartphone screen is never the harbinger of good news for a general counsel. As the vibrating mobile dances across the nightstand, you grab the device and answer.
“We have a problem,” says the voice on the other end. “On the investigation there’s a specific thread of messages detailing the allegations and it’s all on the custodian’s personal device.”
Suddenly, the GC is caught in a high-stakes tug-of-war of mobile discovery, balancing privacy, preservation, and legal exposure. As the sun begins to rise, the corporate counsel must decide: Do we “grab” the mobile for the data to satisfy the court, or move cautiously and risk the evidence vanishing into the ether—along with the case?
This scenario is happening more and more. In today’s high-tech world, critical evidence lives on personal smartphones, inside messaging apps, cloud backups, and ephemeral platforms that were never designed for litigation.
“The use of mobile devices is ubiquitous. As a result, it is not surprising that they are an increasingly relevant data source in litigation,” the Sedona Conference wrote in its May
2025 “Commentary on Discovery of Mobile Device Data.”
Demanding a forensic image of a personal device is a trial in itself. I’ve seen forensic imaging from every angle: law enforcement, corporate security, and consulting. In law enforcement, you legally seize the device. In the corporate world, we needed to balance business needs. As an expert, the role shifts to one of defensibility, proportionality and precision.
Even the most cooperative custodian may hesitate to surrender their device, not necessarily for illicit reasons, but because the device is deeply personal and essential to daily life.
This creates a high-stakes balancing act for any legal department:
• The custodian’s device holds the key to the investigation. They may not want to give up the device. They may have commingled data.
• The volatility of data: Mobile data is ephemeral. Encryption, auto-delete timers and remotewipe capabilities mean that the window for defensible preservation is measured in minutes, not days.
• The shadow of spoliation: We sometimes hear “it is on a private device, not a corporate system, but if business was conducted there, the burden of preservation rests on the company,” says Aaron Crews, Partner at Holland & Knight.
With that context in mind, consider the hypothetical scenario of the custodian’s personal device described above. From there, you can develop a defensible mobile discovery strategy that protects the custodian’s privacy without compromising the integrity of the investigation. We’ll review the tools counsel should consider using— but before jumping into collection, it’s critical to first evaluate the matter,
define the needs, and appropriately scope the effort. Every matter is unique.
PHASE 1: THE NATURE OF THE ALLEGATION
Are we looking for intent, communication patterns, or specific files? Don’t forget a mobile device isn’t just pictures, email, and texts. It can contain files.
PHASE 2: SURGICAL SCOPING
Is the device corporate-owned (COPE) or bring your own device (BYOD)? This distinction is the legal fulcrum upon which your authority to collect rests.
Dennis Russell Kiker, Senior Attorney at DLA Piper, advises: “I would recommend that the client document everything we know about the custodian, the device, and the ‘key evidence’ believed to be on the device, while simultaneously retaining a qualified forensic analyst for guidance and collections support.”
I didn’t even ask him to add the last part, but it perfectly captures the reality that good investigations are as much about process and expertise as they are about data. High-level scoping principles:
• What is needed from the device and what app was used is just as important as what type of device is involved.
• Define the “relevant period.”
• Identify parties to include or exclude.
• Identifying where original data might live outside the physical handset
Ryan Bosselman, Chief Operating Officer at ModeOne Technologies, offers this insight: “When custodians
TIERED, PRIVACY-CENTRIC MODEL
Method
Targeted data/ message collection
Logical in-person or remote collection
Best For . . .
Routine HR or certain litigation
General litigation and internal investigations
Full File System (FFS) FFS is the most comprehensive method for acquiring data from a mobile device. It is often reserved for matters where a standard logical collection is insufficient.
know that only relevant data will be collected, and personal content explicitly excluded, cooperation increases and risk decreases. That’s what privacy-centric mobile discovery looks like in practice.”
At this stage, we want to go into our tool bag and select the best tool for the job. The tool that allows counsel to execute the scope they’ve defined, whether that means preserving an entire device or isolating a single conversation.
PHASE 3: WHAT A DEFENSIBLE COLLECTION ACTUALLY LOOKS LIKE
Mobile data collection follows a tiered approach, guided by the needs of the matter and technological advancements—such as the ability to remotely target mobile data or to preserve data first and then apply advanced filtering to isolate what is needed.
Logical in-person or remote collection is typically used when a complete logical snapshot of a device is required. In contrast, targeted data or message collection is best suited when:
• The scope is narrow and well documented
• The objective is to preserve specific data rather than conduct a deep forensic examination
Prefer to read this online? Click here.
CONCLUSION
Mobile collection should not be considered a “one-size-fits-all” forensic exercise. For corporate counsel, the focus has shifted from mere data acquisition to defensible, risk-adjusted strategies that prioritize proportionality and privacy.
This requires a careful balance to avoid the twin hazards of over-collection or under-preservation of mobile communications.
Warren Kruse is the Managing Director at iDiscovery Solutions (iDS). A former New Jersey police officer, he has worked at government agencies and global corporations and led billion-dollar cross-border investigations. Kruse has unraveled intellectual property theft, exposed fraud, and guided organizations through the pressure of regulatory scrutiny. He can be reached at wkruse@idsinc.com
How GCs Can Effectively Lead AI Adoption Efforts for Their Companies, Teams
By MONICA ZENT
As artificial intelligence (AI) reshapes the legal profession, today’s general counsel are navigating a once-in-a-generation shift in how they lead AI adoption efforts and serve their companies.
The past year marked a turning point, with more than half of in-house teams now using generative AI (GenAI), more than double the 23% who reported using it in
2024, according to a recent survey of in-house legal professionals across 30 countries from the Association of Corporate Counsel (ACC) and Everlaw Inc. As we head into 2026, we can only expect in-house legal adoption to grow.
According to research by the Thomson Reuters Institute, 81% of professionals believe that GenAI can be applied to their work, and
76% of in-house teams expect it to help achieve their goals and enhance efficiency.
Amid this rapid evolution, general counsel are facing both the challenge and the opportunity to shape the future of their organizations around AI adoption.
As key leaders, general counsel must take a broad view of AI across their organizations, considering the
role of AI across their companies and team, and within their own roles, including:
Corporate AI adoption: How general counsel guide their companies through the AI adoption process will vary greatly depending upon the organization type, such as a public or private company, an established or mid-level organization, or a nascent startup.
For GCs of public companies, it is critical to think about a company-wide policy regarding AI adoption and governance. It is key to ensure the AI policy closely dovetails with the company’s interests, ensuring protection of both corporate intellectual property and reputation. For regulated industries such as banking or healthcare, the security and compliance of AI programs is especially paramount, ensuring responsible usage.
For smaller companies that do not have the public reporting duties and may not have the same mandates around regulatory compliance, GCs should still look to develop a template policy for corporate AI usage.
In developing AI policies, GCs should look to collaborate with inter-departmental stakeholders such as IT and security.
Regardless of industry, public or private status, and maturity of the corporation, AI represents a critical business opportunity, and corporate leadership and boards are increasingly raising their expectations around AI adoption, making GC leadership essential. General counsel cannot and should not have their head in the proverbial sand when it comes to leading on AI. The reality is that the company will be using AI technologies, whether in
departments such as marketing, sales, engineering, or R&D, and employees will look to the GC and their team (whether directly or implicitly) to define and articulate an appropriate policy.
Legal department AI adoption: Beyond establishing general corporate policies around AI adoption and governance, today’s GCs are also facing “top-down” pressure from corporate leadership and boards to deploy AI within their own legal departments, to drive greater speed, efficiency, and ROI.
As key leaders, general counsel must take a broad view of AI across their organizations, considering the role of AI across their companies and team, and within their own roles.
AI can help in-house teams work more efficiently and make better, more informed decisions about spend management on outside counsel. Surveyed in-house legal professionals in the ACC/Everlaw survey cited AI-led efficiency gains include drafting, contract management, and research.
AI can improve workflow and help deals get resolved and closed. Streamlining the contracting processes and making contracting more efficient is another relatively safe use case for AI to deliver high value from efficiencies and not necessarily
create exposure for risks such as hallucinations.
To begin, I recommend looking for low-hanging-fruit opportunities for in-house legal teams to use AI. For example, GCs may want to consider starting with back-office legal ops functions, which can be a safe place to begin using AI tools.
It is imperative that AI adoption programs take a “people-first” approach. Aine Lyons, Senior Vice President and Deputy General Counsel at Workday, observed that “80% of tech implementations by legal departments are very challenging and don’t deliver an ROI.” Lyons noted widespread adoption of AI creates a need for significant investment in upskilling, and highlighted Workday’s approach, where each of the company’s 20,000 employees has a goal around AI. For the legal team, that commitment translated into more than 20 hours of training for each member to become more proficient in prompt engineering.
Adopting AI in the GC role: Finally, leading by example is key to success, and GCs will want to consider how they can leverage AI in their own role.
It can be helpful to conceptualize AI as functioning as both an assistant and a thought partner. Envisioning AI as an assistant, look to see where AI can help alleviate rote and time-consuming tasks to increase productivity and free up the GC’s time for more high-level priorities. At the same time, especially for first-time GCs, or GCs with lean teams in their departments, AI can act as a thought partner. This can be helpful to alleviate the GC feeling as though they are an “island,” with
Prefer to read this online? Click here.
AI providing input and feedback, just as one would bounce ideas off a colleague.
WHAT GCS SHOULD DO IN THE NEXT 90 DAYS
Amid the industry’s rapid evolution, now is the time for GCs to lean into change, and lead on AI. Here is a 90-day action plan for GCs to begin making rapid progress on AI adoption for their organizations, their teams and in their own roles:
Convene an AI governance working group (legal, IT, security, HR): GCs should spearhead a cross-functional AI governance group to develop policies that reflect organization-wide needs. The group should catalog existing AI use cases and engage stakeholders across the company to strengthen awareness of compliance.
Draft interim AI use policy covering confidentiality, data handling, and vendor approval: New technology introduces risk, so organizations should partner with security and IT to set data-protection policies. These policies ensure security standards are upheld as teams adopt AI tools, from vendor selection through implementation. Designate a leader to continuously review and adapt the policies as needs and vendor relationships change.
Select 1–2 pilot legal use cases: Whether for contract review, eDiscovery, or legal operations efficiency, start by piloting AI in one or two focused areas. Consider bringing in outside expertise—such as
alternative legal service providers or other specialists—who can advise on tool selection and implementation.
Launch baseline AI training for the legal team: Take a people-first approach to ensure your team develops the skills needed to thrive in an AI-powered environment. Use design thinking to build a human-centered program, and identify early adopters who can mentor colleagues within the department.
Invest the time to scale personal skills and lead by example: Dedicate the time it will require to make AI tools a part of your daily life, so you can lead your team by example, demonstrating how you are leveraging AI for productivity yourself.
LOOKING AHEAD
It is a transformative time as today’s general counsel help define how to use AI across their companies. By assessing AI’s implications at the company-wide, departmental, and personal role levels, GCs are establishing themselves as central leaders in the era of AI transformation.
Monica Zent is the Managing Director at the Law Innovation Agency and Founder & CEO of ZentLaw, an award-winning Silicon Valley-based alternative legal services provider (ALSP) working with global brands, major law firms and government agencies. Zent publishes the popular “Venture Legal” newsletter on LinkedIn.
THOUGHT LEADERSHIP, INTERVIEWS, WEBINARS, THE LATEST LEGAL NEWS BEST PRACTICES AND REAL WORLD SOLUTIONS FOR GCs AND IN-HOUSE COUNSEL
Nicole Zafian Talks About What to Expect at the 2026 CLOC Global Institute
In this interview, Nicole Zafian of the Corporate Legal Operations Consortium (CLOC) talks about the upcoming CLOC Global Institute (CGI), which will run in Chicago May 11-14. This year’s edition will feature 85 sessions and 200 speakers covering a wide range of topics relevant to legal ops leaders. Early-bird registration is open here.
Our first question is for legal operations professionals who may be newer to the community. How would you describe the CLOC Global Institute (CGI) and how is it different from other industry events?
Nicole Zafian: The Global Institute is the largest and I would say the most influential gathering of legal operations professionals. We have a very diverse attendee base from all over the world. All of them bring unique perspectives and contributions to the sessions. It’s also a great place to bring the community together. At work, people can sometimes feel like they’re on an island. This is a great place for them to come together with their peers and learn and understand each other’s challenges.
This year’s theme is “Stronger by Design”. What does that mean in practical terms for legal ops leaders who are navigating an increasingly complex environment with scrutiny and expectations?
Nicole Zafian: The focus is to move the profession from being reactive to intentional. To set a foundation to help them be more efficient and strategically aligned with legal departments as well as the broader enterprise. So, it’s not just something where you’re checking tasks off, but it’s meaningful tools, examples from your peers to help you build with confidence within your legal department.
What can you share about the programming this year and how does that reflect what legal ops
Nicole Zafian is the Vice President of Learning & Engagement at the Corporate Legal Operations Consortium (CLOC). She oversees CLOC’s content strategy, educational programming, and community experiences, leading a crossfunctional team and collaborating closely with internal and external partners.
professionals are actually dealing with right now?
Nicole Zafian: Over the past five years, we’ve shifted to this being for the community by the community. That means we work with thought leaders and our education advisory council to evaluate feedback, have an understanding of what people are experiencing in their day-to-day and then curate sessions that meet those practical and timely needs. We’re also looking at what’s coming down in the future, what are general counsel worried about and looking to solve? We do an open call for proposals that invites everyone across the ecosystem community to submit proposals so that we have a good pool of experts and topics to go through and evaluate to put together a robust program.
Can you highlight any of the any of the themes, some of the things that are really standing out in the programming this year?
Nicole Zafian: Obviously AI. But, one of the things that we were thoughtful about this year was that we can’t just talk about AI in theory. We need to have practical skillbuilding around AI. Anything from prompt engineering to a strategic understanding of how to approach AI, particularly within your legal department. AI governance is a huge conversation right now in the community.
People are looking at how do we even get started? We’re bringing in peers and general counsel that are already executing on a strategic plan.
Beyond AI, our community is always looking for that career development side of things, understanding how the profession is growing and changing, what skills legal
The focus is to move the profession from being reactive to intentional.
departments are looking for. That’s another theme that we like to offer content in. Skills like executive communication. We want to give them use cases to help develop those skills, instead of just theoretically talking about what they should be thinking about.
In terms of formats, it seems like it was important for this edition of the event to really rethink formats and what works well for people in terms of the either the hands-on workshops or you know a fishbowl kind of discussion or a forum. How significant was that format issue in planning things out?
Nicole Zafian: We love that this community experiments with different learning styles. We’ve found some fun ways to infuse different formats. We have our quick-hitting eight-minute or less legal hacks that are focused on something like, “Here are three GenAI prompts that I learned to be effective for me when working with a chatbot?” That kind of quick-hitting content.
And then we also have those more extended workshops with in-depth exercises where we’re working on anything from their resume to actual prompt engineering skill sets.
With our peer-driven formats, it’s fun to see the community come together. We have topical-based community conversations where it’s less formal and they can come together share with each other around a specific topic.
And then we have our fishbowl discussions which we introduced last year. We weren’t sure how they would land, but people loved them and were engaged so we’re bringing more back. That usually focuses on a topic that has varying perspectives, varying opinions. We bring in a couple of people who have experience and differing visions around how certain things should be approached.
Prefer to read this online? Click here.
They’ll start a conversation, but then there’s always an open chair at the front of the room where an audience member can join the conversation and share their input or even challenge or question the conversation.
So to wrap up this conversation, when attendees leave Chicago after CGI this year, what do you most want them to walk away with? What do you think is the biggest takeaway for this year’s event for legal ops leaders?
Nicole Zafian: I would say that they feel a part of a bigger community that they can rely on and tap into. Also that they have practical tools that they can go back to their leaders, their general counsel and say here’s some benchmarks on what I was seeing and hearing at the conference, and here’s some things we can do now to be more efficient, more aligned with the organization’s strategic goals. So a combination of knowing that they have that community out there that they can tap into, but also having some focused conversations with their leaders on how they can take action.
Don’t miss it! Subscribe today.
THE LEGAL BRIEF WITH ROSS GUBERMAN
Law Firm Realization: The $30 Million Problem Hiding in Your Drafts
By ROSS GUBERMAN | PRESENTED BY
If your firm bills $200 million a year but realizes only 85%, that 15-point gap represents $30 million in work performed but never collected. Rate pressure and client pushback get the blame. But a surprising share of that law firm realization gap traces back to something no one tracks—the quality of the first draft.
Managing partners can spend all year tightening time-entry discipline and policing discounts, yet realization still slips. Often the culprit is neither the billing system nor the relationship partner. It’s the draft itself.
When the first draft is unclear, every downstream step gets more expensive—partner rewrites, extra review cycles, delayed filings, more client questions, and eventually the write-down no one wants to explain. Industry estimates put document creation and review at 40–60% of a lawyer’s day. That makes writing quality not a soft skill but a primary input to the firm’s production system.
THREE KINDS OF WRITE-OFFS (ONLY ONE IS EASY TO SEE)
Most firms treat write-offs as a billing problem. But writing quality
drives write-offs through at least three channels.
1Time you billed, then cut. These are the classic write-downs. Time is recorded, billed, and later reduced. The cause is rarely random. It’s rework—unclear structure that forces reviewers to reverse-engineer the analysis, muddied sentences that trigger multiple rounds of clarification, bloated sections someone must trim. Draft problems don’t add minutes; they add cycles. One extra cycle on a major motion can pile up hours across multiple timekeepers, and those hours are the first to go when the bill gets sensitive. In one widely cited survey, partners reported roughly 77 hours a year in write-downs tied to revising junior work. Even if your numbers differ,
the pattern holds: rewrite time is real, expensive, and rarely managed because it’s rarely measured.
2
Time you never bill. This bucket is different. The hours never make it to the invoice at all. Partners and senior associates quietly rewrite junior work and don’t record the time at all. That’s pure cost with no client-facing value. In manufacturing, rework is measured obsessively; in law firms, it’s normalized as “review.” You see it in late-night redlines, “quick edits” that take an hour, and full rewrites done under the radar so a deadline can be met.
3
Discounts driven by doubtful value. Writing quality also affects realization through client perception. A hard-to-follow first draft slows internal review, timelines slip, the scramble begins, and the client sees churn—multiple versions, multiple calls, multiple “just to confirm” emails. The client concludes the work took longer than it should have and pushes back. Realization plateaus in the mid-80s not only because of economics or “tough clients,” but because quality-induced rework sits upstream, hiding in plain sight.
REFINEMENT VS. RECONSTRUCTION, A SIMPLE COMPARISON
Consider two motions with the same legal issues.
Scenario A: The associate produces a usable first draft. The partner spends a short block refining strategy and polishing.
Scenario B: The associate’s draft is legally accurate but structurally chaotic. The partner spends hours rewriting. The bill can’t support the combined time. The partner writes down the associate’s time, their own time, or both.
The result is more than a writedown. It’s opportunity cost. The partner’s time got dragged from high-value work into rework, and the firm can’t collect its way out of that loss because the cost of those hours is already incurred.
FIXED FEES MAKE THE PROBLEM IMPOSSIBLE TO HIDE
Under alternative fee arrangements, drafting inefficiency stops being a recoverable hourly annoyance and becomes a dollar-for-dollar margin hit. A fixed fee is a bet that the firm can deliver below a target internal cost. When writing quality is poor, the rework loop expands, internal cost rises, and margin collapses. Bad writing also creates scope creep when the engagement letter or statement of work is ambiguous. That ambiguity leaks profit.
THE MANAGEMENT MISTAKE: TREATING WRITING AS INDIVIDUAL PERFORMANCE
Most write-off initiatives focus on people—training associates, reminding partners, tightening review. Those steps are necessary but don’t address the operational
truth: draft quality is a system outcome. If quality varies by reviewer, the firm pays for that variance through extra cycles and write-offs. The fix isn’t “tell associates to write better.” The fix is to build a drafting system that makes “reviewable, not rewritable” the default.
FOUR THINGS YOU CAN DO NEXT MONDAY:
1
Measure rewrite time. For 30 days, ask partners and senior reviewers to tag time that is truly devoted to rework rather than substantive strategy. Use simple codes: structure/organization, clarity/ style, missing analysis, citation issues, “first draft not usable,” etc. You’re not policing; you’re finding patterns.
2
Add a draft-quality code to write-downs. If your billing system captures write-down reasons, include a “quality/rework” category. When write-offs are always coded as “client sensitivity” or “budget,” leadership stays blind to the true cause.
3
Standardize a first-draft readiness checklist. A short checklist is one of the cheapest margin improvements you can implement. Ensure that first drafts have a clear issue statement, point headings that track the argument, topic sentences that state the point, a brief roadmap for long documents, and a pre-submission cite check.
4
Shift quality control earlier with tools that also teach. The best legal-writing technology does two things at once: it improves the draft before review and builds the associate’s skill through explainable
Read this story on
feedback. Generic grammar tools don’t understand legal structure. General-purpose AI can speed drafting but creates a risk of overconfident prose bolstered by unverified authorities. The right workflow combines speed with guardrails.
THE BOTTOM LINE
Write-offs are the bill for yesterday’s quality shortcuts. If partners are spending significant time reconstructing drafts, the firm pays twice—once in senior time that can’t comfortably be billed, and again in discounts when the bill meets client expectations. Treat writing quality as what it is: an operational input to realization. Measurable. Coachable. And increasingly improvable with systems and technology that reduce rework and build skill over time.
Ross Guberman is the founder and CEO of BriefCatch, a research-based legal writing and editing platform. He is the author of “Point Made: How to Write Like the Nation’s Top Advocates” and an expert on legal writing and the responsible use of AI in legal practice.
Imaginary Employees, Actual Danger: How In-House Counsel Can Stop Remote Work Scams in Their Tracks
By CHAS HAMILTON AND LUQMAAN BOKHARY
Imagine this scenario: You are an associate general counsel for a global technology company and were just alerted that a recently hired, fully remote employee has presented an identity document that appears to be fake. With the assistance of your IT security team, you investigate and uncover a troubling pattern, including login locations that do not match the employee’s claimed residence and a freight-forwarding address used for equipment delivery. An internal audit reveals an apparent remote work scam involving multiple employees hired through a third-party staffing firm. Now what?
In today’s increasingly remotefirst work environment, the flexibility and global reach of distributed teams have gone from a competitive advantage to a necessary part of a company’s business model. But with that flexibility comes a new and evolving threat of fraud—one that is increasingly drawing the attention of the US Department of Justice (DOJ) and other federal agencies.
UNDERSTANDING THE THREAT
The proliferation of remote work has introduced a new vector for fraud, one
that exploits the digital hiring process and circumvents traditional safeguards. According to the US Bureau of Labor Statistics, in 2019, only 6.5% of US private sector workers worked primarily from home. In an April 2024 report, the Congressional Budget Office estimated that figure had risen to 25% in 2022. It is likely to be even higher now. This dramatic shift has expanded the surface area for fraud, making it easier for bad actors to manipulate virtual onboarding systems, impersonate legitimate candidates, and gain unauthorized access to revenue and sensitive information. Some of the most effective schemes have involved the use of stolen or synthetic identities, forged documentation, proxy infrastructure such as VPNs, and remote desktop tools. In
some cases, schemes have centered on the use of “laptop farms,” physical locations where dozens of laptops are remotely controlled by threat actors outside the US. These setups often involve US-based collaborators (sometimes legitimate company employees, sometimes third parties), allowing overseas threat actors to appear as though they are working from within the United States by mimicking domestic IP addresses, time zones, and login behaviors.
RECENT ACTION BY THE FEDERAL GOVERNMENT
On May 16, 2022, the State Department, Department of the Treasury, and the FBI issued “Guidance on the Democratic People’s Republic of Korea Information Technology Workers,” warning of the growing threat of North Korean IT workers seeking employment while posing as nonNorth Korean nationals. The guidance further warned of instances of North Korean nationals infiltrating companies across sectors—including defense, finance, and technology—generating revenue for the North Korean regime. In the wake of the 2022 guidance, federal authorities have launched
a series of coordinated enforcement actions aimed at dismantling complex international schemes that exploit digital hiring practices. These cases, prosecuted by the DOJ in collaboration with the FBI, IRS, and other federal agencies, reveal the extent to which foreign actors and domestic enablers have infiltrated US companies under false pretenses. The following prosecutions illustrate several fraud patterns and the government’s evolving strategy to combat this multifaceted threat.
UNITED STATES V. CHRISTINA CHAPMAN AND OLEKSANDR DIDENKO (DISTRICT OF COLUMBIA – MAY 2024)
In what the DOJ has called the largest case of remote work fraud to date, Christina Marie Chapman, a US citizen, and Oleksandr Didenko, a Ukrainian national, were charged in May 2024 for orchestrating a sprawling scheme that enabled overseas IT workers to pose as US-based professionals. Chapman, a 49-year-old Arizona resident, allegedly ran a laptop farm out of her home, hosting dozens of company-issued computers that were remotely accessed by foreign workers using US IP addresses to fool employers. These workers infiltrated more than 300 US companies, including a major television network, a Silicon Valley tech firm, and an aerospace manufacturer. Chapman also processed payroll checks, forged documents, and laundered millions of dollars through her personal accounts, some of which were falsely reported to the IRS and Social Security Administration under the names of identity theft victims. Didenko, meanwhile, operated the now-seized website upworksell.com, which openly advertised services to help individuals pose as US-based IT
professionals. He created and sold fraudulent accounts on job platforms and money service transmitters, managing a network of nearly 900 proxy identities. His infrastructure included at least three US-based laptop farms, one of which hosted 79 computers, and he acknowledged in private messages that he believed he was assisting North Korean workers. The DOJ linked Didenko’s operation directly to Chapman’s, noting that one of his clients requested a laptop be shipped from his farm to hers. Together, their schemes not only compromised sensitive corporate systems but also exposed how remote work infrastructure can be weaponized to evade sanctions, steal identities, and funnel illicit revenue to hostile foreign regimes.
UNITED STATES V. KEJIA WANG (DISTRICT OF MASSACHUSETTS – JUNE 2025)
Beginning as early as 2021, Kejia Wang, a U.S. citizen and New Jersey resident, played a central role in a sprawling international scheme that helped North Korean IT workers infiltrate over 100 US companies under false identities. Working with co-conspirators in China, the UAE, and across the United States, Wang helped North Korean nationals pose as American software engineers by stealing the identities of more than 80 US citizens. These identities were used to apply for remote jobs at companies ranging from defense contractors to media firms. The fraud was elaborate: Wang and his associates created fake driver’s licenses and Social Security cards, submitted forged I-9 forms, and even registered shell companies to make the workers appear legitimate.
To complete the illusion, Wang operated a laptop farm, implementing
remote desktop software and keyboard-video-mouse (KVM) switches, which allowed the overseas workers to access these machines from abroad, bypassing geolocation and security controls. In one case, a North Korean worker posing as a US citizen gained access to a defense contractor’s internal systems and exfiltrated data controlled under the International Traffic in Arms Regulations (ITAR). Wang also helped launder millions in illicit wages through US bank accounts and money transfer services, personally pocketing over $400,000. The scheme not only compromised sensitive corporate systems but also defrauded the IRS and Social Security Administration, leaving a trail of financial and national security damage in its wake.
UNITED STATES V. KIM KWANG JIN ET AL. (NORTHERN DISTRICT OF GEORGIA – JUNE 2025)
Between late 2020 and early 2022, four North Korean nationals—Kim Kwang Jin, Jong Pong Ju, Chang Nam Il, and Kang Tae Bok—executed a coordinated scheme to infiltrate US and foreign blockchain firms under false identities and siphon off over $900,000 in cryptocurrency. Operating as a co-located team outside North Korea, the defendants posed as developers from countries such as Portugal and Malaysia, using forged identity documents and aliases, including “Bryan Cho” and “Peter Xiao.” They gained remote employment at companies in Georgia and Serbia, earned trust through legitimate work, and then exploited that access to manipulate smart contracts and funding pools on Ethereum and Polygon blockchains. The thefts were not only technical but deeply deceptive. In one instance,
Kim Kwang Jin modified smart contract code to change withdrawal rules, enabling the unauthorized transfer of thousands of tokens. When confronted, he denied wrongdoing via encrypted Telegram messages, even as stolen funds were traced to his wallet. The group laundered the proceeds through Tornado Cash, a cryptocurrency mixer designed to obscure transaction origins, and funneled assets through accounts opened with fraudulent documents. The case underscores how remote work, anonymity tools, and decentralized finance have converged to create new vulnerabilities at the intersection of cybersecurity, financial fraud, and national security.
WHAT IN-HOUSE COUNSEL SHOULD DO
Faced with a complex and evolving fraud landscape, in-house counsel must be prepared to protect their organizations from exploitation. The following measures can help mitigate risk and demonstrate a strong compliance posture in the event of an investigation.
• Strengthen identity verification: Companies should require video interviews where candidates are asked to display their governmentissued ID on camera. In-person Form I-9 verification should be conducted whenever possible, avoiding remote or third-party verifications. Biometric logins and geo-location tracking on company-issued devices can help ensure that employees are working from their claimed locations. Remote desktop access and VPN use should be prohibited or strictly limited unless explicitly authorized and monitored.
• Conduct robust due diligence: Third-party staffing firms must be thoroughly vetted, with transparency demanded in their background check processes. Education and employment history should be independently verified using trusted sources. Resumes should be scrutinized for inconsistencies and overly generic portfolio sites that may indicate fraudulent activity.
• Monitor for red flags: Counsel should work with IT and HR teams to monitor for warning signs, such as refusal to appear on video, requests for payment in cryptocurrency, use of freight-forwarding addresses, and inconsistent login times or IP addresses. Insider threat monitoring tools can help flag suspicious behavior before it escalates.
• Prepare for enforcement and reporting: All hiring and verification steps should be carefully documented. Suspicious activity should be reported to the FBI’s Internet Crime Complaint Center (IC3) or other relevant authorities. Contracts and internal policies should be reviewed to ensure compliance with sanctions laws and other applicable regulations.
• Engage outside counsel: Experienced outside counsel can assist by facilitating an effective internal investigation that will surface key issues through document review, analysis, and witness interviews. This internal investigation can be prepared into a report or presentation and delivered to the US Attorney’s Office with appropriate jurisdiction, which, with the assistance of the FBI and local law enforcement, can bring the fraud actors to justice. Additionally, outside counsel can serve as effective thought partners for any reme-
Prefer to read this online? Click here.
diation efforts, including trainings delivered to company personnel.
CONCLUSION
For in-house counsel managing an evolving array of business and legal risks, understanding the complex intersection of cybersecurity, employment law, and national security is essential. But in-house lawyers need not (and should not) walk this path alone. They should seek out legal partners with experience building robust compliance programs, conducting internal investigations, and responding to enforcement actions from the DOJ, FBI, and other agencies. The threat is real, and the consequences are serious. But with the right legal partner, in-house counsel—the company’s first line of defense—can stay ahead of the curve and keep their companies out of the headlines.
Chas Hamilton is a business and commercial disputes attorney at DLA Piper with extensive experience representing clients in litigation, responding to government inquiries, and conducting internal investigations. For more than a decade, he has advised companies across industries including technology, consumer goods, healthcare, professional services, and sports and entertainment, with a focus on sensitive legal, governance, and reputational matters.
Luqmaan Bokhary is a J.D. candidate at the University of Michigan Law School. He graduated magna cum laude and Phi Beta Kappa from Brown University with a degree in public policy and has worked in roles spanning workers’ rights advocacy, public-sector legal work, and private-sector legal support.
Designing Contract Workflows That Scale With the Business
In this 30-minute session, we’ll explore how modern legal teams design contract workflows that scale with the business — without increasing risk, headcount, or cycle times.
Originally recorded on February 18, 2026.
From Tasks to Teammates: When AI Agents Join Your Legal Team
Join LegalOn’s CEO Daniel Lewis and Head of Legal Bärí Williams for a practical, legally-grounded discussion on how to guide, grow, and govern your work when using sophisticated AI tools.
Originally recorded on February 24, 2026.
Modernizing Entity Governance: From Spreadsheets to Strategy
In this CLE-eligible webinar, we’ll explore why entity governance has become a growing risk area for modern legal departments, where manual tracking breaks down, and what “modern entity governance” looks like in practice.
