What happened?

In a recent settlement order, the SEC charged Activision Blizzard with failing to maintain adequate disclosure controls and procedures.  Notably, the SEC did not claim that the company’s SEC filings were false or misleading.  Instead, the SEC charged that management was unable to evaluate whether workplace complaints created a material risk that might need to be disclosed -- because the company did not adequately collect information about such complaints.

Separately, the SEC charged the company with interfering with potential whistleblowing by former employees because of a prior notification requirement in its separation agreements.

The company agreed to cease and desist from causing future violations and to pay a $35 million civil money penalty. It did not admit to or deny the SEC’s findings. 

Take-away lessons

The settlement order could be seen as a new initiative by the SEC to induce companies to strengthen their controls and procedures, whether or not they face a material disclosure issue.  However, because this case reflected a negotiated resolution to an SEC investigation, it is not clear how far the SEC intends to push this theory.  For example, it is possible that its focus on controls and procedures represented a response to the volume of media coverage, such as: Activision Blizzard Pushes Out Dozens of Employees Over Workplace Misconduct and Activision CEO Bobby Kotick Knew for Years About Sexual-Misconduct Allegations at Videogame Giant.  Further, it may reflect the company’s willingness to concede to the order instead of defending a traditional disclosure charge.

However, companies should be aware that the SEC’s charge of deficient controls and procedures could be applied broadly to a variety of issues in ways that could prove challenging.  Commission Peirce objected to the settlement order, as discussed below, in part because of the potentially expansive scope of the SEC’s theory.

Most companies maintain enterprise risk management systems to identify, evaluate and monitor risks and opportunities.  Unless those systems allow management to monitor and evaluate the various issues addressed in SEC filings, a company may be vulnerable in the event those issues become more significant – even if not actually determined to be material.  Accordingly, companies should take steps to align their risk management controls and internal reporting with risk factor disclosures. In particular, companies should determine what data and metrics should be collected and shared, and at what levels of management, so they can be considered by the disclosure committee.

Additionally, the settlement order provides a teaching moment for companies to review their separation, confidentiality and other employee agreements for any questionable “gag” provisions – that is, any language that implicate communications with a governmental agency and might be negatively construed by the SEC.

Deeper dive

Failure to collect information to evaluate whether material risks exist

Like virtually all public companies, Activision’s SEC filings contained customary risk factors and forward-looking statement disclaimers acknowledging, among other things, that attracting, retaining and motivating employees is important to the business.  However, according to the SEC settlement order:

• the company lacked adequate controls and procedures to ensure it collected and analyzed employee complaints of workplace misconduct
• reports from business units to the disclosure committee did not include information relevant to employee retention, such as employee complaints or incidents of workplace misconduct

As a result, “management was unable to assess related risks to the company’s business, whether material issues existed that warranted disclosure to investors, or whether the disclosures it made to investors in connection with these risks were fulsome and accurate.”

The SEC order did not describe the nature of the workplace complaints.  However, last year the company entered into an $18 million consent decree with the EEOC related to sexual harassment, pregnancy discrimination and related retaliation.  And in 2021, the California fair employment agency charged the company with equal pay violations, sex discrimination and sexual harassment.

Commissioner Peirce objected to the settlement order, stating that the alleged workplace harassment “is deeply concerning, but it is not our concern.” She concluded that “the SEC has added $35,000,000 to its point total [in its “enforcement game] despite the Order not identifying any investor harm.” 

She believes that controls and procedures are only relevant to capturing information required to be disclosed – and that the SEC is overreaching by requiring “information ‘relevant’ to a company’s determination about whether a risk or other issue reaches the threshold where it is ‘required to be disclosed,’” particularly since the SEC does not allege that any disclosure was misleading.

She expressed concern that “[i]t is . . . difficult to see where the logic of this Order stops. When the SEC gets this granular, the limits are not clear.”  Because companies may conclude they need to track numerous additional metrics “with an eye toward placating the SEC .  .  . it may distract management from collecting the data it actually needs to provide material information to investors and impose additional, unnecessary costs on investors who will not benefit from the company’s collection of data points that the SEC highlights, but are not necessary for good disclosure at the particular company.”

Requirement in separation agreements to give prior notice to company of governmental inquiries

The company’s customary form of separation agreement required former employees to notify the company if they received a request from a governmental agency relating to a report or complaint, providing that:

“Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).” [emphasis added]

Despite a purported savings clause in the agreement, the SEC order concluded that the agreement language “undermines the purpose” of the SEC whistleblowing provisions (Section 21F of the Dodd-Frank Act and Rule 21F-17) “to ‘encourag[e] individuals to report to the Commission.’” Those provisions bar any action that impedes anyone from contacting  SEC staff about possible securities law violations, including enforcing or threatening to enforce a confidentiality agreement. 

The SEC acknowledged that it was not aware of any instance in which a former employee was prevented from communicating with the SEC or where the company took action to enforce the notification clause or otherwise prevent such communications.

Commissioner Peirce objected to this whistleblowing charge as well.  She believes Rule 21F-17 “does not prohibit all actions that ‘undermine’ the statutory purpose by possibly discouraging reporting to the Commission [and instead] it [only] prohibits taking actions to impede communications with the Commission.”  In her view, the provision at issue, together with the savings clause, do not prohibit communication with a governmental agency.  She notes that “[o]n its face the notice provision only requires notification to the company and non-interference with the company’s efforts to protect its information from disclosure.” She believes the SEC has failed “to articulate clearly both what conduct violated the rule and how it did so.”

[View source.]