Activision Settlement Highlights Where Companies Often Go Wrong With Whistleblowers

On Feb. 3, the SEC announced a $35 million settlement with Activision Blizzard, creator of video games like Candy Crush and Call of Duty. The SEC alleges the company included an illegal provision in employee severance agreements that prohibited former employees from reporting information to the SEC unless they notified the company within 24 hours of the employee becoming aware of that obligation or request and that it failed to implement proper internal controls related to employee reports of misconduct.

These two allegations highlight important commission requirements employers often try to circumvent.

First, Exchange Act Rule 21(f)-17(a) prohibits any person or entity from impeding an individual from speaking directly with the agency about a potential violation of the securities laws. Between 2016 and 2021, however, Activision included in its standard separation agreements a provision that stated: “Nothing in this Separation Agreement shall prohibit … disclosures that are truthful representations in connection with a report or complaint to an administrative agency (but only if I notify the Company of a disclosure obligation or request within one business day after I learn of it and permit the Company to take all steps it deems to be appropriate to prevent or limit the required disclosure).” (emphasis added)

The SEC found that Activision’s requirement that employees sign such agreements illegally impeded employees from communicating directly with the commission about potential violations of securities laws. Although the SEC noted that it found no specific example where the illegal clause did prevent or interfere with a disclosure, the inclusion of the clause still violated SEC rules.

Cybersecurity

Blowing the Whistle: Exploring Federal Protections After Twitter Testimony

by Katherine Krems

September 28, 2022

Twitter’s been in the news of late thanks to Elon Musk’s (failed?) takeover bid, but another recent bit of Twitter news could be even more concerning for data privacy advocates.

Read more

Second, Exchange Act Rule 13a-15(a) requires that companies maintain effective controls over financial reporting and that those in a company who are responsible for financial reporting regularly assess the accuracy of such reports to the agency. 

Among other things, companies are required to report any factors that make investing in the company particularly risky. According to the commission, between 2018 and 2021, Activision knew that one of the main risk factors for its business was its ability to motivate, retain and attract employees. However, the company lacked adequate internal controls to track employee complaints of misconduct within its various, separate business units. 

Thus, Activision lacked adequate information about how many (and what kinds of) employee complaints of misconduct had been logged across the company, and it was unable to accurately assess whether any material issues requiring disclosure existed related to these complaints. Between 2020 and 2022, the company implemented several company-wide changes and policies that improved its management and tracking of employee complaints so that senior management and disclosure personnel became aware of these risks. Still, that was not enough to avoid liability.

The settlement with Activision raises two important points about companies’ obligations under the securities laws:

They cannot attempt to prevent a whistleblower from speaking with the SEC

The SEC whistleblower program has issued more than $1.3 billion in awards to whistleblowers since 2012. The program relies on whistleblowers to share information relevant to violations of the securities laws. A large part of the program’s success depends on whether potential whistleblowers feel empowered and enabled to speak out about fraud without fearing retaliation or otherwise being prevented from speaking with the SEC.

Although employers often try to require would-be whistleblowers (even those no longer employed) to disclose to the company any whistleblowing or reporting obligations to the SEC, this is illegal. Any attempt to prevent a whistleblower from speaking with the commission is likely a violation of the securities laws.

Employers may not require whistleblowers to inform them when they are going to the SEC or when they believe they have an obligation to do so. This is a clear violation of the commission’s rules because it interferes with the key role played by whistleblowers in initiating and assisting with investigations into violations of the securities laws.

Tracking complaints is important, especially when related to investment risk

Tracking and maintaining a record of employee complaints is always a good practice for employers to follow. Where retaining and motivating employees is an especially tenuous aspect of a company’s business, tracking and managing those complaints may relate to that company’s disclosure obligations under the securities laws.

Companies must assess and disclose those aspects of the business that make an investment in the business especially risky. Where a company does not maintain proper internal controls to adequately assess and maintain records of those risks, that entity may be in violation of the securities laws.