The SEC Reminds Companies Not to Forget the ‘S’ in ESG: Activision Blizzard Reaches $35 Million Settlement over Disclosure Controls Related to Workplace Complaints and Violation of Whistleblower Protection Rule

Key Points

• On February 3, 2023, Activision Blizzard settled charges with the SEC, agreeing to pay $35 million to resolve novel claims that the company failed to maintain adequate disclosure controls to track workplace complaints and that it violated whistleblower protection rules by potentially discouraging former employees’ abilities to communicate with regulators. This resolution marks the SEC’s most significant enforcement action involving the “social” considerations of Environmental, Social and Governance (ESG)-related disclosures.
• The resolution broadens the categories of nonfinancial information that public companies may need to track for disclosure purposes, including workplace misconduct complaints, especially if the company makes any disclosures concerning workforce retention, composition or culture.
• Even the perception that companies could be interfering with employees’ abilities to communicate with regulators could result in SEC scrutiny and civil liability. Given the SEC’s continued focus on whistleblower protections, companies should carefully review their employment and separation agreements to ensure full compliance with the SEC’s whistleblower protection rules.

Background

On February 3, 2023, the U.S. Securities and Exchange Commission (SEC or the “Commission”) announced a settled enforcement action involving Activision Blizzard, the maker of popular video games Call of Duty, World of Warcraft and Candy Crush. The company agreed to pay $35 million to settle novel allegations that it failed to maintain disclosure controls related to tracking workplace complaints and, separately, that language in the company’s separation agreements with departing employees violated one of the SEC’s whistleblower protection rules. Activision Blizzard allegedly failed to collect and evaluate employee workplace complaints, which prevented management from having adequate information to assess whether its public disclosures concerning its workforce were “fulsome, accurate, and not misleading by omission.”¹ The SEC found this conduct to be a violation of Exchange Act Rule 13a-15(a), which requires Activision Blizzard to maintain “disclosure controls and procedures.”

As described in the SEC’s order (the “Order”), between 2018 and 2021, Activision Blizzard identified employee hiring and retention as risk factors in its annual and quarterly filings, stating: “If we do not continue to attract, retain, and motivate skilled personnel, we will be unable to effectively conduct our business.” Activision Blizzard, however, allegedly failed to capture information related to those risk factors. This included “lacking controls and procedures among its separate business units designed to collect or analyze employee complaints of workplace misconduct.”² As a result, the company was left “without the means to determine whether larger issues existed that needed to be disclosed to investors.”³

The SEC also alleged that between 2016 and 2021, Activision Blizzard violated a whistleblower protection rule by including a clause in its employee separation agreements that required individuals to notify the company if they received a request for information from regulators. Specifically, the separation agreement stated, in part:

“Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).”

(Emphasis added). The SEC concluded that this language violated Exchange Act Rule 21F-17(a)’s prohibition on taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation.” While some of the separation agreements also contained language expressly stating that the agreement did not prevent an individual from communicating with government regulators, the SEC concluded that the notice requirement “undermine[d] the purpose” of the whistleblower protection rule. The SEC conceded, however, that it was not aware of any instances where an individual was prevented from making a complaint or speaking to regulators.

Commissioner Peirce’s Dissent

The SEC’s decision to charge Activision Blizzard was not unanimous. In a notable dissent, Commissioner Hester M. Peirce stated that the order did not articulate any securities law violations, and derided the SEC for playing “its new favorite game” of “Corporate Manager.”⁴

Commissioner Peirce emphasized that the “plain text” of the rule requiring disclosure controls and procedures suggests that it applies only to “information required to be disclosed by the issuer.” The Activision Blizzard Order, however, seemingly expands disclosure controls to information that is “relevant” to a company’s determination about whether a risk reaches the threshold where it is required to be disclosed. In Commissioner Peirce’s view, the Order was inconsistent, as the SEC did not find that Activision Blizzard’s risk disclosure was misleading or incomplete, suggesting that workplace misconduct statistics were in fact not relevant to the disclosure. Of additional concern to Commissioner Peirce is the slippery slope the Order creates, as it is “difficult to see where the logic of this Order stops.” Commissioner Peirce criticized the SEC for “nudging” companies to manage themselves “according to the metrics the SEC finds interesting at the moment.” She noted that the present case involves workplace misconduct statistics, “but other issues will follow.”

Commissioner Peirce also disagreed that the notice requirement in the company’s separation agreements violated whistleblower protections. While the Order stated that the notice requirement “undermine[d] the purpose” of the whistleblower protection rule, Rule 21F-17(a) only prohibits “taking actions to impede communications with the Commission.” According to Commissioner Peirce, the SEC failed to explain how the notice requirement prevented former employees from communicating with the Commission, and did not allege any specific instances in which such communication was prevented.

Takeaways

1. This resolution indicates that the SEC views its ESG mandate to include the “S” as well as the “E.”

This resolution marks the first time the SEC has imposed disclosure control violations on a public company that are related entirely to workplace-specific issues. The resolution makes clear that the SEC is not focused solely on greenwashing, but is also going to scrutinize “social” disclosures concerning workplace retention and culture.⁵

Moreover, the size of the penalty—$35 million—is substantial and highly unusual for a resolution without any allegations of materially false or misleading representations, sending a clear signal that the SEC is taking an aggressive approach to enforcing workplace-related disclosures.

While a first for the SEC, this resolution is consistent with increased oversight of workplace misconduct issues in the courts as well, as illustrated by the Delaware Chancery Court’s recent ruling expanding the Caremark standard to apply to officers of public companies. In that decision, the court found that corporate officers have a duty of oversight, which entails a duty to “make a good faith effort to put in place reasonable information systems” to collect information needed to make sound decisions and not “ignore red flags indicating that the corporation was going to suffer harm.”⁶ This case marked the first time a Delaware court extended the duty of oversight beyond directors and into the C-suite. In a related SEC resolution, the SEC found that an officer of a public company violated the antifraud provisions of the securities laws by making false and misleading statements to investors about the reasons for his termination, which also involved allegations of workplace misconduct, and the company settled charges that its public disclosures surrounding the officer’s termination were deficient.⁷ For that company, the disclosure violations were tacked onto the fraud charges against the officer, whereas for Activision Blizzard, the SEC obtained a $35 million penalty based on a workplace disclosure that the SEC ultimately did not find was materially misleading—underscoring the significance of the SEC’s focus on this issue.

2. Maintaining disclosure controls and procedures may require expanded data collection and analysis on a broader range of workplace issues.

This resolution potentially broadens the categories of information that public companies may need to gather and escalate to management for disclosure purposes, including for issues not traditionally seen as data driven or related to financial metrics, such as workplace misconduct or workplace culture more broadly. This expansion could result in significant burden on public companies, which may now have to track a variety of additional data to satisfy their disclosure obligations. As Commissioner Peirce cautioned in her dissent, this additional data tracking “may distract management from collecting the data it actually needs to provide material information to investors and impose additional, unnecessary costs on investors who will not benefit from the company’s collection of data points that the SEC highlights, but are not necessary for good disclosure at the particular company.”

3. Regulatory liability for workplace misconduct issues may no longer be the sole domain of the EEOC.

Relatedly, this resolution expands the type of liability that can arise from workplace misconduct, especially if the issues are systemic or otherwise rise to the level of materiality for shareholders. Historically, companies have expected scrutiny from the U.S. Equal Employment Opportunity Commission (EEOC) and other civil rights regulators and have understood the risk of private litigation related to workplace misconduct but have not expected the SEC to involve itself.

4. The Activision Blizzard settlement underscores the SEC’s emphasis on whistleblower protections.

This resolution also underscores the SEC’s continued focus on maintaining robust protections for potential whistleblowers. Last fiscal year was the second highest year ever in whistleblower awards, both in terms of the number of individuals who received awards and the total dollar amounts awarded.⁸

The SEC’s enforcement action in this matter is a reminder that any perceived discouragement of or impediment to employees’ ability to communicate with regulators will be scrutinized and could result in significant civil liability. As such, companies should review their employment and separation agreements to ensure compliance with the SEC’s whistleblower protection rules.

¹ In re Activision Blizzard, Rel. No. 34-96796 (Feb. 3, 2023) (available at https://www.sec.gov/litigation/admin/2023/34-96796.pdf).

² The company recently settled claims with the EEOC related to allegations of workplace misconduct and is currently in private litigation related to the same claims. See U.S. Equal Emp’t Opportunity Comm’n v. Activision Blizzard, Inc., No. 21-07682 (C.D. Cal. Mar. 29, 2022). The company was also sued by the California Department of Fair Employment & Housing over similar claims in a lawsuit slated for trial later this year. See Dep’t of Fair Emp’t & Hous. v. Activision Blizzard, No. 21STCV26571, complaint filed, 2021 WL 3109804 (Cal. Super. Ct., L.A. Cty. July 20, 2021).

³ SEC Press Release 2023-22, Activision Blizzard to Pay $35 Million for Failing to Maintain Disclosure Controls Related to Complaints of Workplace Misconduct and Violating Whistleblower Protection Rule (Feb. 3, 2023), https://www.sec.gov/news/press-release/2023-22.

⁴ Statement by Commissioner Hester M. Peirce, The SEC Levels Up: Statement on In re Activision Blizzard (Feb. 3, 2023), https://www.sec.gov/news/statement/peirce-statement-activision-blizzard-020323.

⁵ On March 4, 2021, the SEC launched a Climate and ESG Task Force in the Division of Enforcement and stated that its “initial focus will be to identify any material gaps or misstatements in issuers’ disclosure of climate risks under existing rules.” SEC Press Release 2021-42, SEC Announces Enforcement Task Force Focused on Climate and ESG Issues (Mar. 4, 2021), https://www.sec.gov/news/press-release/2021-42.

⁶ In re McDonald’s Corp. Stockholder Derivative Litig., No. 2021-0324-JTL, 2023 WL 387292, at *1 (Del. Ch. Jan. 25, 2023).

⁷ In re Stephen J. Easterbrook and McDonald’s Corporation, Rel. No. 33-11144 (Jan. 9, 2023) (available at https://www.sec.gov/litigation/admin/2023/33-11144.pdf).

⁸ SEC Press Release 2022-206, SEC Announces Enforcement Results for FY22 (Nov. 15, 2022), https://www.sec.gov/news/press-release/2022-206.