What the SEC’s Activision Blizzard Settlement Means for ESG Enforcement Trends, Company Disclosures, and Whistleblower Protections

On February 3, 2023, the US Securities and Exchange Commission (SEC or Commission) announced that video game developer Activision Blizzard, Inc. (Activision) agreed to pay $35 million to settle charges for its failure to maintain adequate disclosure controls and for violation of an SEC whistleblower protection rule. The settlement marks the end of a headline-making probe into the company’s handling of employee harassment complaints and workplace misconduct allegations.

A key takeaway from the Activision settlement is the extension of the rule regarding disclosure controls to address what might typically be thought of as an HR-only issue. In its order (the Order), the SEC contrasted risk factor disclosures in Activision’s SEC filings between 2018 and 2021 “acknowledg[ing] that attracting, retaining, and motivating a workforce of employees with specialized skills is particularly important to its business,” with Activision’s failure to maintain “controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be communicated to [Activision]’s disclosure personnel to allow for timely assessment on its disclosures.” The emphasis on Activision’s failure to collect what the SEC views as relevant information about employee concerns to assess the accuracy of risk factor disclosures is an interesting indication of where the Commission may go in the future. While the Order does not assert that Activision’s disclosures were actually inaccurate, the Commission’s focus on risk factor language regarding the importance of skilled personnel is emblematic of the SEC’s increased focus on human capital disclosures, including the “Social” aspects of Environmental, Social and Corporate Governance (ESG) issues. It also demonstrates yet another avenue for potential enforcement in this area beyond those actions premised on demonstrably inaccurate disclosures.

The case also highlights the SEC’s continued vigilance in enforcing whistleblower protection laws, its scrutiny of separation agreements, and its interest in keeping open the pipeline of tips from whistleblowers. As Arnold & Porter partner Jane Norberg, former Chief of the SEC’s Office of the Whistleblower, discussed in a recent article in Law360, Rule 21F-17 impeding cases are now “bread-and-butter” cases for the SEC’s Office of the Whistleblower.

Background: Activision’s Historic Issues

Since 2021, Activision has been embroiled in allegations related to workplace harassment and discrimination, resulting in several lawsuits and the recently-concluded SEC investigation. The Wall Street Journal first reported on the SEC investigation in September 2021, revealing that the SEC was investigating Activision’s disclosures regarding employees’ sexual misconduct and discrimination allegations. The SEC reportedly subpoenaed documents from Activision and its senior executives, including CEO Bobby Kotick, related to the allegations. In February 2022, the Wall Street Journal reported that the SEC issued another subpoena to Activision, expanding the scope of the investigation and requesting additional documents. The SEC’s probe into Activision’s workplace misconduct allegations was the subject of a previous Arnold & Porter Advisory, available here.

The SEC Order and Settlement

The SEC’s Order found that Activision violated two provisions of the Securities and Exchange Act of 1934 (Exchange Act)—Rule 13a-15(a) (related to disclosure controls) and Rule 21F-17(a) (related to impeding whistleblower tip reporting)—for conduct that occurred between 2018 and 2021.

Disclosure Control Violations

Pursuant to Rule 13a-15(a), issuers must maintain disclosure controls and procedures designed to ensure that information required to be disclosed is recorded, processed, summarized, and reported within the required time period. To demonstrate Activision’s violation of this rule, the Commission highlighted a specific risk factor disclosed by Activision and contrasted it with Activision’s failure to adequately capture and collect employee complaints to pass along to its disclosure personnel.

Specifically, in its annual and quarterly SEC filings, Activision included a risk factor regarding the importance of attracting, retaining, and motivating skilled personnel, emphasizing that the failure to do so could be detrimental to the company’s success. Given the emphasis on the need to maintain this workforce, the Commission found that Activision lacked controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be “accessible” to and assessed by Activision’s disclosure personnel. According to the SEC, Activision’s management and disclosure personnel were therefore unable to assess related risks to the company’s business and determine whether such risks warranted disclosure to investors.

Notably, the SEC did not charge Activision with making misleading statements or omissions. It only charged the company with the failure to maintain proper controls. Activision also took remedial action: between May 2020 and May 2022, Activision implemented several company-wide structural changes and policies to enhance reporting policies regarding employee complaints.

SEC Commissioner Hester M. Peirce dissented on the basis that the Order failed to articulate any securities laws violations. Specifically, Commissioner Peirce questioned what she perceived as an overly-broad interpretation of Rule 13a-15(a). In her opinion, the majority deviated from a straightforward reading of the rule, which she says mandates that disclosure controls and procedures capture only information required to be disclosed, and instead adopted an interpretation requiring companies to capture an “additional, vaguely defined category” of information purportedly relevant to a company’s determination about whether a risk requires disclosure. That logic, according to Commissioner Peirce, will result in a slippery slope whereby companies’ disclosure controls and procedures must capture potentially relevant, but ultimately unimportant, information.

Whistleblower Impeding Charges

The Order also found that Activision violated Rule 21F-17 of the Exchange Act, which prohibits anyone from taking steps “to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” According to the Order, Activision’s standard separation agreement template contained the following language requiring former employees to notify the company of any requests from an administrative agency in connection with a report or complaint:

Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).

Additionally, the Order explains that between 2016 and 2021, most, but not all, of the executed separation agreements also contained this additional clause:

Nothing in this Release prevents me from . . . giving truthful testimony, or truthfully responding to a valid subpoena, or communicating or filing a charge with government or regulatory entities (such as the Equal Employment Opportunity Commission, National Labor Relations Board, Department of Labor, or Securities and Exchange Commission.)

Although the SEC was unaware of any instances in which a former Activision employee was prevented from communicating with Commission staff about potential securities laws violations, the Order found that the separate provision requiring notification to the company of a government request undermined the purpose of the whistleblower program to “encourag[e] individuals to report to the Commission.”

Implications of the Activision Action

Disclosure Controls and ESG

There is no doubt that the policing of disclosures and disclosure controls related to ESG will continue under Chairman Gensler’s administration. The SEC’s action against Activision, however, highlights the “Social” component of ESG, which dovetails with the Gensler Commission’s commitment to seeking new avenues for enforcement in this area and to preventing violations of whistleblower protection laws. Last year, the SEC brought several high-profile enforcement actions in both spheres, highlighting the SEC’s intensified focus on workplace misconduct and associated disclosure requirements.

In light of the Activision action, issuers would do well to consider the “Social” aspect of their disclosures and disclosure controls, including how they interact with other areas of the business such as HR, compliance, and legal that may receive complaints or whistleblower tips. The action against Activision puts issuers on notice from the Gensler Commission that, if they discuss an area as a particular risk to their business (e.g., attracting and retaining workers with a specific skillset) in their filings, then they should ensure that their disclosure controls (i) are broad enough to capture information related to all risk categories and (ii) include the timely sharing of information with management or a disclosure committee.

Whistleblower Protections

The whistleblower protection charges in Activision serve as another reminder that companies should carefully review separation and employment agreements to ensure that they contain no contradictory terms that could be viewed as impeding reporting to the SEC. Importantly, as evidenced by this Order, having an incomplete “catch-all” or “carve-out” clause for government reporting in one area of a document will not excuse non-compliant or contradictory language in another section of the document.

Finally, companies should conduct risk assessments to test that internal tips and complaints are being properly reviewed and investigated, if appropriate. And, as evidenced by the Activision enforcement action, companies should test internal whistleblower reporting procedures and disclosure controls to ensure that complaints related to information listed as a risk factor in SEC filings is being communicated to disclosure personnel. In a recent Advisory, available here, Arnold & Porter offered key takeaways for companies to consider to ensure compliance with whistleblower protection laws.

Arnold & Porter has both a Whistleblower Risk Mitigation & Defense practice and a multidisciplinary ESG working group. Our Whistleblower Risk Mitigation & Defense team includes former SEC enforcement senior leaders, including Ms. Norberg, the former Chief of the SEC’s Whistleblower Office. The team assists clients with handling sensitive whistleblower issues, both internally and with defense of governmental claims. Our ESG working group includes former EPA, SEC, and DOJ officials who assist clients with all aspects of ESG, including disclosures, disclosure controls, and SEC and regulatory defense.

Please reach out to any author of this Advisory or your regular Arnold & Porter contact with any questions about the issues discussed herein.

© Arnold & Porter Kaye Scholer LLP 2023 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.