SEC Nails Activision on Culture Oversight

Activision-Blizzard has agreed to pay $35 million to settle charges from the Securities and Exchange Commission that the company didn’t have adequate processes to warn investors about its poor corporate culture. The company also settled charges that it violated whistleblower protection rules.

The settlement was announced Friday morning, and I fear that this case may be more significant for compliance officers as a whole than it first seems. We’ll get to that shortly. First let’s look at the backstory of Activision’s culture problems and the SEC’s allegations against the company.

That backstory is painfully well-known. California regulators filed a lawsuit against the videogame giant in 2021, alleging a long-time “frat boy workplace culture” where female employees were “subjected to constant sexual harassment.” The company’s then-chief compliance officer, Frances Townsend, made matters worse by issuing a statement declaring that the California lawsuit “presented a distorted and untrue picture of our company, including factually inaccurate, old, and out of context stories.” Employees were incensed. 

That lawsuit is still winding its way through California courts. Activision did pay $18 million to the Equal Employment Opportunity in 2022 to settle separate civil charges of a sexually harassing culture, although Activision’s board published its own report last year declaring that allegations of a sexually harassing culture were false. Townsend stepped down as full-time chief compliance officer as well, although she continues to advise the board and CEO. 

That brings us to today’s settlement with the SEC. The agency said that from 2018 through 2021, Activision didn’t have sufficient disclosure controls and procedures to evaluate information related to employee complaints about workplace misconduct in a timely manner. 

As described in the settlement order, Activision did list employee retention as a risk factor in its annual and quarterly reports, and even said:

Such factors include, but are not limited to … maintenance of relationships with key personnel … including the ability to attract, retain, and develop key personnel and developers that can create high-quality titles, products, and services.

Except, the SEC went on to say, Activision lacked controls and procedures designed to assure that it captured and assessed information related to those risk factors. “This included lacking controls and procedures among its separate business units designed to collect or analyze employee complaints of workplace misconduct,” the SEC said. “As a result, complaints related to workplace misconduct were not collected and analyzed for disclosure purposes.”

This also seems like an important part of the SEC settlement:

By lacking sufficient information to understand the volume and substance of employee complaints of workplace misconduct, Activision Blizzard’s management was unable to assess related risks to the company’s business, whether material issues existed that warranted disclosure to investors, or whether the disclosures it made to investors in connection with these risks were fulsome and accurate.

This case demonstrates, yet again, that lots of material information for investors might be non-financial in nature — including information about corporate culture. So in-house disclosure committees need to think expansively about what qualifies as material, and assure that the right systems and procedures are in place to collect that data and give it proper attention.

Remember the Delaware Decision

Compliance officers need to look at today’s enforcement action against Activision through the lens of last week’s Delaware Chancery Court ruling against the former HR chief of McDonalds. That ruling said corporate officers have a duty of oversight, which includes a duty to “make a good-faith effort to put in place reasonable information systems” to collect information necessary to make sound decisions.

Now we have an enforcement action from the SEC that specifically faults a company for not having information systems in place to, among other things, “understand the volume and substance of employee complaints of workplace misconduct.”

And which corporate executive is typically in charge of understanding the volume and substance of workplace misconduct? Why, that would be you.

So if the SEC (or some other regulator) charges a company with failing to monitor and govern allegations of workplace misconduct, could that expose a chief compliance officer to personal liability under the Delaware Chancery Court’s new standard for corporate officers’ duty of oversight? 

This case only broke this morning, so we don’t have an answer just yet. But with every passing day, these question about CCO liability become less and less far-fetched.