The SEC announced on February 3, 2023 a settled enforcement action against Activision Blizzard, Inc., finding that it failed to have adequate controls for reporting widespread workplace misconduct to management and used separation agreements for employees that impeded whistleblowing in violation of SEC rules.
Disclosure Controls and Procedures Failures
The SEC’s order says that between 2018 and 2021 Activision Blizzard lacked controls and procedures among its separate business units to collect and analyze employee complaints of workplace misconduct. Activision faced a number of employee complaints and in 2022 agreed to an $18 million consent decree with the Equal Employment Opportunity Commission (EEOC) related to alleged sexual harassment, pregnancy discrimination, and retaliation. Because of Activision Blizzard’s lack of controls and procedures, management of the company was not able to properly understand the extent of workplace misconduct and so did not assess whether public disclosure of those issues was required. This was the case even though Activision Blizzard identified the importance of attracting and retaining qualified personnel as a risk factor.
This is not the first time that the SEC has responded to a company’s experiencing operational problems that were not timely disclosed by characterizing the circumstances as a failure to maintain adequate disclosure controls and procedures.
The SEC found that Activision Blizzard had, from 2016 through 2021, used separation agreements with former employees that required them to notify the company if they received a request from a government administrative agency in connection with a report or complaint. SEC Rule 21F-17, which became effective in 2011, provides in relevant part:
No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.
The SEC, since bringing its first enforcement action under Rule 21F-17 in 2015, has brought a series of other actions focused on removing provisions of confidentiality agreements, separation agreements and internal policies that attempt to limit an employee or former employee’s communication with the SEC as a whistleblower.
The Activision Blizzard separation agreements did not stop former employees from communicating with the SEC, but did require them to alert the company if the SEC asked them for more information or otherwise made a request of them in connection with a report or complaint, thereby requiring the former employees to let the company know about their communication with the SEC.
The SEC’s press release included the following quote: “[T]aking action to impede former employees from communicating directly with the Commission staff about a possible securities law violation is not only bad corporate governance, it is illegal.” In its enforcement action against BlueLinx Holdings Inc., the SEC similarly found that BlueLinx’s separation agreements, which required notice to the company before giving information to the SEC, forced employees to choose between identifying themselves to the company as whistleblowers or potentially losing their severance pay and benefits.
- The SEC action against Activision Blizzard demonstrates the risk that operational problems can be converted with hindsight into a deficiency of disclosure controls and procedures. This may be particularly true for operational problems involving management. Note also that the Delaware Court of Chancery held in a case involving widespread workplace sexual harassment that officers, similar to directors, have a fiduciary duty of oversight and can be liable for a breach of fiduciary duty as a result of the officer’s own sexual misconduct, see In re McDonald’s Corp. Stockholder Derivative Litig. (Del. Ch. Jan. 26, 2023); the SEC announced a settled enforcement action against the same company and officer for failing to adequately disclose the circumstances of the officer’s termination, see Release No. 34-96610 (Jan. 9, 2023).
- Companies should consider evaluating their policies and procedures for reporting up operational problems and should reflect those as part of their disclosure controls and procedures.
- Although not raised by the SEC, companies should be alert to whether operational problems create potential contingent liabilities that might need to be reflected in the company’s financial statements.
- The SEC’s action is a reminder of the need to revisit policies and agreements with current and separating employees to ensure that they do not run afoul of the SEC’s whistleblower rules by discouraging reporting by employees to the SEC or other regulatory agencies such as the EEOC or the National Labor Relations Board, which each have similar rules.
If you have any questions about these changes, your regular Locke Lord contact or any of the authors can discuss these matters with you.
 SEC Commissioner Peirce dissented, explaining in her Statement that, in her view, (i) the Order does not identify any securities law violations, but rather “[u]sing disclosure controls and procedures as its tool, [the SEC] seeks to nudge companies to manage themselves according to the metrics the SEC finds interesting at the moment”, and (ii) the separation agreement does not impede communication with the SEC.
 See e.g., First American Financial Corporation, Release No. 34-92176 (June 14, 2021) (cybersecurity disclosure controls failure).