SEC Brings Enforcement Action Over Company’s Alleged Failure To Track Information About Workplace Misconduct Relevant To Risk Factor Disclosures About Employee Retention
On February 3, 2023, the Securities and Exchange Commission (“SEC”) announced a settled enforcement action against video game maker Activision Blizzard Inc. (the “Company”) for an alleged failure to maintain procedures designed to collect employee complaints of workplace misconduct and analyze them for disclosure purposes. The SEC found that the lack of such procedures violated the Company’s obligation to maintain procedures designed to ensure that information required to be disclosed in the Company’s SEC reports was in fact timely reported. In addition, the SEC’s enforcement action alleged that the Company had improperly impeded former employees from communicating directly with the SEC staff about possible securities law violations by requiring those employees, through a clause in their separation agreements, to notify the Company of any requests from an administrative agency in connection with a report or complaint. Without admitting or denying the findings, the Company agreed to pay a $35 million civil penalty, but Commissioner Hester Peirce issued a spirited dissent arguing that the SEC’s allegations did not in fact amount to securities law violations.
Exchange Act Rule 13a-15(a) requires issuers to maintain “disclosure controls and procedures” which are defined as “controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the [Exchange] Act (15 U.S.C. 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms.”
The SEC Order found that the Company violated Exchange Act Rule 13a-15(a) by lacking sufficient “controls and procedures designed to ensure that it captured and assessed – from a disclosure perspective – certain information related to” certain risk factors in the company’s SEC reports. Specifically, the SEC noted risk factor disclosures over several years that highlighted the ability to attract, retain, and motivate employees as an important risk in the company’s business. But the SEC claimed that the Company lacked controls and procedures among its separate business units to collect and analyze employee complaints of workplace misconduct. While not detailed in the SEC’s Order, workplace misconduct has been reported by the media to have been a problem at the Company, with hundreds of complaints from current and former employees alleging harassment, sexual assault, bullying, pay disparities, and other issues. By allegedly lacking sufficient information to understand the volume and substance of employee complaints of workplace misconduct, the SEC claimed that the Company’s management was unable to assess related risks to the Company’s business, whether material issues existed that warranted disclosure to investors, or whether the disclosures it made to investors in connection with these risks were fulsome and accurate.
The Company also settled a claim that it violated an SEC whistleblower protection rule, Exchange Act Rule 21F-17(a), by including in its standardized separation agreements with departing employees a clause requiring the Company to be notified of any disclosure obligation or request in connection with a report or complaint to an administrative agency. The SEC claimed this clause undermined the purpose of Exchange Act Section 21F by having the potential to chill whistleblower reporting to the SEC. Specifically, the incriminating clause read: “Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).” (Emphasis added). The SEC acknowledged that it was not aware of any instance in which such agreements in fact prevented whistleblower reporting, or in which the Company took steps to enforce the clause, but, consistent with prior enforcement actions the SEC has brought regarding Rule 21F-17(a), the SEC nevertheless demanded a penalty.
While the SEC’s action as to the Company’s separation agreements is similar to other actions it has brought, its action regarding the Company’s disclosure controls and procedures is arguably a meaningful expansion. But as if anticipating challenge, the SEC’s Order leans heavily on the 2002 adopting release for Rule 13a-15(a). The Order explained: “Disclosure controls and procedures ‘are intended to cover a broader range of information than is covered by an issuer’s internal controls related to financial reporting’ and ‘should capture information that is relevant to an assessment of the need to disclose developments and risks that pertain to the issuer’s businesses.’” (quoting Certification of Disclosure in Companies’ Quarterly & Annual Reports Final Rule Adopting Release, Release No. 33-8124 (Aug. 29, 2002)).
Commissioner Peirce, by contrast, pointed to the text of Rule 13a-15(a) itself, and criticized the Order as an inappropriate expansion. After arguing that a straightforward reading of the Rule “suggests that the required disclosure controls and procedures must capture only ‘information that is required to be disclosed,’” she wrote that based on the Commission’s reliance of the adopting release, “the required disclosure controls and procedures must capture not only information that a company is required to disclose, but also an additional, vaguely defined category—information ‘relevant’ to a company’s determination about whether a risk or other issue reaches the threshold where it is ‘required to be disclosed.’” Commissioner Peirce contended that it was “difficult to see where the logic of this Order stops,” and criticized, in particular, the SEC’s decision to bring an action where it did not, and could not, claim that the Company’s actual risk factor disclosures were misleading or incomplete.
The SEC’s decision to bring this action was almost certainly influenced heavily by a view that the Company allegedly had long-standing (and now widely reported) issues with workplace misconduct. Commissioner Peirce argued that: “If accurate, the reported widespread workplace harassment at [the Company] is deeply concerning, but it is not [the SEC’s] concern,” and claimed that “[t]he Commission’s Order contorts the securities laws to reach for a nexus, but never fully makes the connection.” Nevertheless, it is a reminder that the SEC is prone to investigate any public event that leads to a meaningful drop in an issuer’s stock price, and, like the private plaintiffs’ bar in recent years, is increasingly investigating event-driven securities disclosure issues.