Game On

On Feb. 3 the Securities and Exchange Commission (SEC or the “Commission”) announced a $35 million settlement (the “Order”) with Activision Blizzard Inc. (“Activision Blizzard” or the “Company”) for alleged violations of investor disclosure and whistleblower protection rules. The Order represents a remarkable example of the SEC inserting itself into day-to-day management practices – impacting both data collection processes and the drafting of employee separation agreements – with very little guidance as to how companies should attempt to satisfy these requirements. Given the SEC’s expansive reading of these rules and its aggressive approach to enforcement, the Activision Blizzard settlement could have significant implications for both public issuers and private employers alike.

Case Background

Activision Blizzard is one of the world’s largest video game development and publishing companies, employing over 9,500 individuals worldwide. The SEC’s investigation came in the wake of public reports of rampant workplace misconduct at Activision Blizzard. Following a two-year investigation into Activision Blizzard’s workplace conditions, including allegations of sexual harassment and gender discrimination, the California Department of Fair Employment (the “DFEH”) commenced litigation against the Company in July 2021, which was followed shortly thereafter by an EEOC enforcement action.

Activision Blizzard’s Form 10-K and 10-Q filings submitted between 2018 and 2021 underscored that attracting, retaining, and motivating a workforce of employees with specialized skills was particularly important to its business. The Commission found that, in violation of Exchange Act Rule 13a-15(a), the Company failed to implement and maintain adequate disclosure controls and procedures and, in particular, failed to collect and share with its disclosure committee certain information relevant to employee retention, such as employee complaints of workplace misconduct.

In addition, in the ordinary course of business, the Company entered into separation agreements that required former employees to notify the Company within one business day if they received a request from a government agency in connection with a report or complaint. The agreements further noted that the Company would be permitted to “take all steps it deems to be appropriate to prevent or limit the required disclosure.” The Commission found that this notice requirement violated Exchange Act Rule 21F-17, which governs the Commission’s communications with individuals reporting possible securities law violations – even though the agreements included language protecting truthful testimony or other communications with the SEC.

Signaling that the decision was controversial even within the SEC, Commissioner Hester M. Peirce issued a strong rebuke in her contemporaneously released dissent (the “Dissent”), asserting that the Order “does not articulate any securities law violations” and reflects improper SEC overreach into the private sector.

The SEC’s decision in Activision Blizzard is significant – and potentially troubling – for several reasons.

The Commission’s expansive reading of public disclosure rules could create heightened exposure for public issuers.

Rather than focusing on the text of Rule 13a-15 which only requires the collection of “information required to be disclosed,” the Commission focused on language in an SEC press release which seemingly expanded the collection universe to all information that is “relevant.”

Based on the foregoing, Activision Blizzard was required to collect information relevant to its ability to retain employees even if the collection of this information would not otherwise alter the substance of its disclosures. Notably, the Order does not claim that the Company’s risk disclosure was at any time misleading or incomplete, nor does it assert that workplace misconduct was in fact affecting worker retention and recruitment during the relevant period.

As such, the Order may have the unintended consequence of diverting company resources to gather information that, while relevant, may be unlikely to impact the company’s disclosures – and could create potential exposure for companies that fail to do so.

The Order suggests that public issuers should reassess the information tracked, collected, and disclosed to relevant management personnel.

In response to this decision, issuers should reassess the type of information collected and disclosed to the disclosure committee, to ensure it includes data sufficient to satisfy the SEC’s disclosure requirements. At minimum, the Order requires the collection of employee complaints or incidents of workplace misconduct, particularly where they are known risks. But the Order’s reasoning is not necessarily so limited. As cautioned by Commissioner Peirce’s Dissent, the Commission’s logic threatens to create a slippery slope that could necessitate the collection of data related to numerous other factors, from product development to changes in workplace amenities to any number of personnel issues – indeed, it could encompass a seemingly infinite number of financial and operational matters.

This is especially important in light of the Delaware Court of Chancery’s recent decision in In re McDonald’s Corporation Stockholder Derivative Litigation, which extended the Caremark fiduciary duty of oversight (and corresponding personal liability in a shareholder derivative suit) to include corporate officers, in addition to directors. In re McDonald’s Corp. Stockholder Derivative Litig., No. 2021-0324-JTL, 2023 WL 387292, at *1 (Del. Ch. Jan. 25, 2023).The Activision Blizzard Order’s requirement to funnel all “relevant” information to management personnel could create additional exposure for officers under the Caremark standard, as it may be easier to prove that such individuals had notice of evidence of corporate misconduct and failed to respond appropriately.

Finally, beyond the question of what information to collect, the SEC’s interpretation raises the challenge of what form the collection takes, who should be involved, and how to track issues that are not data-driven or related to financial metrics. The Order itself offers little guidance. Issuers should take careful steps to ensure that they are addressing the SEC’s concerns in a way that comports with their companies’ business operations and risks, with a particular emphasis on any issues that have been identified as risk factors in the company’s disclosures.

The Order compels employers to revisit releases and separation agreements.

The SEC’s Order also ramps up scrutiny of employee confidentiality provisions, challenging in particular Activision Blizzard’s requirements that the employee must provide notice to the Company within one business day of a “disclosure obligation or request,” and that the Company must be permitted to take all steps it deems to be appropriate to limit the required disclosure. Importantly, the SEC found this practice to be problematic despite the fact that (i) nothing in the agreement itself prohibited the employee from making the required disclosures, and (ii) the Commission acknowledged that it was not aware of any specific instances in which a former Company employee was prevented from communicating with Commission staff.

Companies should revisit their separation agreements, releases, and similar documents to ensure that they do not impede employees from communicating with governmental agencies in light of this narrow view taken by the SEC. One possible approach – which is not necessarily banned by the Activision Blizzard Order but remains an open question – would be to require notification to the company in the event of a disclosure, without imposing strict timing requirements or other limitations. The safest approach, however, would be to include an unqualified carve-out that permits truthful disclosures to government agencies without notification to the company.

The Activision Blizzard Order undoubtedly reflects an aggressive enforcement approach, as well as a heightened interest by the SEC in Environmental, Social and Governance (ESG)-related issues. Although this settlement is not a reason by itself for companies to sound the alarm bells, it does counsel in favor of reassessing the process for collecting and reporting data to disclosure committees, and revisiting whistleblower protections, in separation agreements and more broadly.