On February 3, the Securities and Exchange Commission announced an administrative enforcement action against Activision Blizzard Inc. (Activision), a video game development company. The SEC charged that Activision failed to maintain disclosure controls and procedures to collect information relating to the company’s ability to attract and retain talented personnel – one of its disclosed risk factors. During the period in question, Activision was the subject of high-profile unfavorable publicity concerning its allegedly hostile work environment, including allegations of sexual harassment. The SEC’s action seems to reflect the extension of the concept of securities law disclosure controls and procedures into the area of workplace misconduct, at least in cases where employee attraction and retention have been identified in risk factor disclosure as key business risks.
The SEC also charged Activision with using its separation agreements to inhibit departing employees from communicating with the SEC staff about potential securities law violations. Without admitting or denying the Commission’s allegations, Activision agreed to settle the matter by paying a $35 million civil money penalty and ceasing and desisting from further violations.
Disclosure Controls and Procedures
Between 2018 and 2021, Activision’s risk factors disclosure included an item headed, “If we do not continue to attract, retain, and motivate skilled personnel, we will be unable to effectively conduct our business.” Among other things, this risk factor stated that the company’s “success depends to a significant extent on our ability to identify, attract, hire, retain, motivate, and utilize the abilities of qualified personnel, particularly personnel with the specialized skills needed to create and sell the high-quality, well-received content upon which our business is substantially dependent.”
Securities Exchange Act Rule 13a-15 requires SEC reporting companies to maintain disclosure controls and procedures “designed to ensure that information required to be disclosed * * * is accumulated and communicated to the issuer's management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.” The SEC alleges that Activision violated Rule 13a-15 by failing to maintain “controls and procedures among its separate business units designed to collect or analyze employee complaints of workplace misconduct.” As a result, of the lack of such controls and procedures, “complaints related to workplace misconduct were not collected and analyzed for disclosure purposes.”
The SEC does not allege that Activision actually committed any disclosure violations. The gravamen of the charge is that, since the company did not have controls and procedures that collected information about employee complaints, personnel responsible for disclosure where unable to make an informed assessment of whether disclosure was warranted. (While not mentioned in the SEC order, in 2021, the California Department of Fair Employment and Housing filed a lawsuit against Activision Blizzard, alleging widespread discrimination and harassment of female employees at the company. In response to the lawsuit, over 2,000 current and former employees signed an open letter criticizing the company's handling of harassment and discrimination allegations.)
SEC also charges that Activision’s agreements with departing employees violated the SEC’s whistleblower protection rules because former employees were required to notify the company if they received a request for information from a government agency. Specifically, a clause in Activision’s standard separation agreement stated: “Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).”
Securities Exchange Act Rule 21F-17 prohibits “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation.” The order finds that the notice clause in the separation agreements “undermines the purpose” of Rule 21F-17, although the order adds that the Commission is not aware of any specific instances in which a former Activision employee was prevented from communicating with SEC about potential violations of the securities laws or in which Activision took action to enforce the notification clause.
Commissioner Peirce’s Dissent
Commissioner Hester M. Peirce issued a statement dissenting from the Activision order. As to the disclosure controls and procedures charge, she emphasizes that the order does not allege that Activision’s disclosures were at any time misleading or incomplete. She also points out that the logic of the order is potentially very far-reaching:
“If workplace misconduct must be reported to the disclosure committee, so too must changes in any number of workplace amenities and workplace requirements, and so too must any multitude of factors relevant to other risk factors. The requirement cannot be that a company’s disclosure controls and procedures must capture potentially relevant, but ultimately—for purposes of disclosure—unimportant information. * * * Using disclosure controls and procedures as its tool, [the Commission] seeks to nudge companies to manage themselves according to the metrics the SEC finds interesting at the moment. * * * [T]oday, that metric is workplace misconduct statistics, but other issues will follow.”
Commissioner Peirce also disagreed that the Activision separation agreements violated whistleblower protection rules. She notes that the order does not explain how the notification requirement impedes former employees from communicating with the Commission.
Comment: The Activision order appears to be a product of the SEC’s ESG enforcement taskforce. (See SEC is Serious About ESG Disclosure Enforcement, April-May 2022 Update). If nothing else, the case illustrates that the Commission’s interest in ESG isn’t limited to greenwashing or inaccurate disclosures and that it is prepared to be aggressive and imaginative in finding links between substantive corporate failings in ESG areas like a hostile workplace environment and the federal securities laws.
For audit committees and managements, a point to consider is what the Activision case says about the relationship between risk factor disclosure and disclosure controls and procedures. As Commissioner Peirce’s dissent suggests, the order could be viewed as indicating that, for every material risk set forth in the risk factors, there need to be procedures to capture information which could be relevant to determining whether or not additional disclosure concerning that risk is necessary. Given the broad array of risks that are typically described, viewing disclosure controls and procedures through that lens could in many cases suggest the need for additional controls. Managements and audit committees may particularly want to consider whether the company’s disclosure controls and procedures capture information in ESG areas that have been flagged as key to the business, even if those areas are not directly tied to financial reporting or to compliance with specific disclosure requirements.