Under the Biden Administration, the Securities and Exchange Commission has aggressively enforced its Whistleblower Program. As we previously reported here and here, the SEC has increased its focus on employers’ agreements or procedures that it contends interfere with employee access to the SEC. More recently, the SEC has for the first time turned its attention toward employer compliance programs with draconian results for employers whose internal compliance efforts do not pass muster. Specifically, on February 3, 2023, the SEC announced a dizzying $35 million fine against Activision Blizzard, Inc. (“Activision”), a video game developer, largely for failing to implement an effective compliance system to process and track workplace misconduct complaints. Activision’s fine also included a violation for including a “Notice Clause” in the separation agreement template that it used between 2016 and 2021. We discuss each violation below and what this means for SEC-regulated employers going forward.
Activision’s Compliance System
Blazing a new regulatory trail, the SEC concluded that Activision’s personnel reporting procedures (or lack thereof) violated Exchange Act Rule 13a-15(a), which requires the issuer of a security registered under Section 12 of the Exchange Act, like Activision, “to maintain disclosure controls and procedures designed to ensure that information required to be disclosed by an issuer in reports it files or submits under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the Commission’s rules and forms.” Specifically, Activision disclosed in its Forms 10-K and 10-Q filings that “if [Activision] did not continue to attract, retain, and motivate skilled personnel, [Activision] will be unable to effectively conduct [its] business.” Despite this risk in various filings over the course of three years, Activision never implemented “controls and procedures designed to ensure that it captured and assessed . . . certain information related to these risk factors.” As a result, Activision lacked “controls and procedures . . . [necessary] to collect or analyze employee complaints of misconduct.” Consequently, the SEC concluded that the company could not determine if more significant issues existed that Activision needed to flag and disclose to investors.
Activision’s Separation Agreement – Rule 21F-17(a)
Beginning in 2016, Activision executed separation agreements that the SEC noted included language violating Rule 21F-17(a), a rule under the whistleblower program that prohibits employers from imposing policies that may impede employees from communicating with the SEC. Specifically, Activision’s separation agreement template included a notification clause which allowed employees to make truthful disclosures to an administrative agency in connection with a report or complaint, “but only if [the former employee] notif[ied] the Company of a disclosure obligation or request within one business day after [learning of it] and permit[ting] the Company to take all steps it deems . . . appropriate to prevent or limit the required disclosure.” According to the SEC’s order, a significant number of Activision employees signed these separation agreements between 2016 and 2021. While the SEC was unaware of any instances where Activision prevented one of these former employees from reporting a potential securities law violation or in which Activision acted to enforce the policy, the SEC nevertheless found that the company had violated Rule 21F-17(a). Accordingly, in 2022, Activision revised its separation agreement template to remove this problematic language.
What Should Employers Do Now?
The Activision fine is a significant development for employers for several reasons. First, and foremost, it indicates that the SEC is expanding its aggressive enforcement practices beyond Rule 21F-17 to new arenas, in this case, internal compliance procedures. Second, the SEC’s $35 million fine is significantly larger than previous fines for similar violations (which were in the low-six-figures) and serves as an austere warning that the SEC will not tolerate any attempts to impede unfettered access to it. With these developments, employers should consult with legal counsel to:
Review their internal compliance programs to ensure that adequate reporting procedures are in place, allowing for the company to process and track employee complaints of misconduct.
Ensure the appropriate personnel receive training about the company’s internal compliance program.
Review existing company templates to ensure that they do not include language that employees may perceive as impeding unfettered access to the SEC.