Remember the S in ESG? SEC’s New Focus on Disclosure Controls for Workplace Complaints

The Securities and Exchange Commission announced in a Press Release that Activision Blizzard, Inc. has agreed to pay $35 million to settle accusations that it (1) violated SEC’s whistleblower protection rule; and (2) failed to maintain disclosure controls and procedures concerning workforce disclosures. Although this is the most recent in a series of SEC proceedings concerning its whistleblower protection rule, it marks the first time SEC has imposed disclosure control violations related solely to workplace-specific issues, one of the “social” considerations of ESG-related disclosures.

The SEC found that, between 2016 and 2021, Activision required departing employees to sign separation agreements that violated a Commission whistleblower protection rule. The separation agreements required former employees to notify the company before they made disclosures to any administrative agency, including the SEC. The separation agreements included the following provision:

“Nothing in this Separation Agreement shall prohibit . . . disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).”

The SEC concluded this language violated Exchange Act Rule 21F-17(a), which prohibits companies from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation.” Although some of the separation agreements also contained language expressly stating that the agreement did not prevent former employees from communicating with government regulators, the SEC concluded that the notice requirement “undermine[d] the purpose” of the whistleblower protection rule.

The SEC also alleged that, even though Activision stated in SEC filings that its ability to attract, retain and motivate employees was a significant risk to its business, it failed to adopt the controls and procedures necessary to collect and analyze employee complaints of workplace misconduct. Consequently, company management did not have sufficient information to assess whether its public disclosures concerning its workforce were “fulsome, accurate and not misleading by omission.” The SEC found this conduct to violate Exchange Act Rule 13a-15(a), which requires public companies to maintain “disclosure controls and procedures.”

This resolution is consistent with increased oversight of workplace misconduct issues by courts. A recent ruling by the Delaware Chancery Court in In re McDonald’s Corp. Stockholder Derivative Litig., No. 2021-0324-JTL (Del. Ch. Jan. 25, 2023), expanded the Caremark standard to officers of public companies. The court found that corporate officers have a duty of oversight, which includes a duty to “make a good faith effort to put in place reasonable information systems” to collect the information necessary to make sound decisions and not “ignore red flags indicating that the corporation was going to suffer harm.” This decision marked the first time a Delaware court extended the duty of oversight beyond directors and into the C-suite.

In a related SEC resolution, In re Stephen J. Easterbrook, No. 33-11144 (Jan. 9, 2023), the SEC found that the CEO of McDonalds violated the antifraud provisions of the securities laws by making false and misleading statements to investors about the reasons for his termination, which also involved allegations of workplace misconduct. The company settled charges that its public disclosures surrounding the former CEO’s termination were deficient. For McDonalds, the disclosure violations were tacked onto the fraud charges against the former CEO. However, in the Activision resolution, the SEC obtained a $35 million penalty from the company based on a workplace disclosure that the SEC ultimately did not find was materially misleading, which underscores the significance of the SEC’s focus on this issue.

Activision has been the subject of numerous recent federal and state investigations concerning its workplace policies and practices. As reported in this blog, Activision agreed to pay the Equal Employment Opportunity Commission $18 million to settle a lawsuit alleging that Activision discriminated against female employees and subjected them to sexual harassment. California’s fair employment agency has also accused Activision of having a “frat boy” workplace culture, in which male employees subjected female employees to sexual harassment, including groping, inappropriate comments, and sexual advances.

For the past decade, the SEC has aggressively pursued companies that use company agreements and policies to restrict employees’ ability to report and provide information to the SEC concerning securities violations. Company executives, boards and in-house counsel should review all policies and agreements that potentially restrict employee or former employee disclosures or cooperation, including agreements that include confidentiality, non-disclosure and/or non-disparagement provisions and provisions that require notice to the company before contacting the SEC or other federal agencies. As reflected by the SEC’s Order, a global carve-out may not be sufficient to cure more specific restrictions in an agreement.

The resolution also potentially expands the categories of information management needs to gather and review in assessing its company’s disclosure obligations. If employee hiring, retention and/or engagement are identified as risks to the organization, management needs to assess the problems underlying those risks, including developing a system to gather and review information concerning employee complaints and report it to responsible company officials. For companies, it will be critical to not only develop systems for collecting this information but also break down the silos between the Human Resources, Legal and other responsible departments to ensure information is assessed, appropriate mitigating measures are put in place, and any necessary disclosures are made.