Today, the Commission announced a $35 million settlement with Activision Blizzard Inc. (“Activision Blizzard”).[1] The Commission alleges no fraud, misrepresentations, omissions, or investor harm. The settled enforcement action comes in the wake of public reports of rampant workplace misconduct at Activision Blizzard, which the Commission believes was not adequately tracked and reported to the people within the company responsible for SEC disclosures. The Commission also charged Activision Blizzard with “undermin[ing] the purpose of Section 21F and Rule 21F-17(a) to ‘encourag[e] individuals to report to the Commission.’” I dissent because the Order does not articulate any securities law violations.

I.

If accurate, the reported widespread workplace harassment at Activision Blizzard is deeply concerning, but it is not our concern.[2] The Commission’s Order contorts the securities laws to reach for a nexus, but never fully makes the connection. The company’s risk disclosures included a risk factor disclosing risks related to recruiting and retaining skilled personnel in a competitive employment market. The Order concludes that such a risk factor required the company to “collect or analyze employee complaints of workplace misconduct.”

Specifically, the Commission finds that Activision Blizzard violated Exchange Act Rule 13a-15(a), which requires Activision Blizzard to have “disclosure controls and procedures.” Exchange Act Rule 13a-15(e) defines the “disclosure controls and procedures”:

For purposes of this section, the term disclosure controls and procedures means controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports that it files or submits under the Act (15 U.S.C. § 78a et seq.) is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in the reports that it files or submits under the Act is accumulated and communicated to the issuer’s management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.[3]

The plain text of this definition explains both the category of information to which the controls apply—“information required to be disclosed by the issuer in reports that it files or submits under the Act”—and the function the controls are meant to serve—“to ensure that information required to be disclosed . . . is accumulated and communicated to the issuer’s management . . . as appropriate to allow timely decisions regarding the required disclosure.” Although this straightforward reading suggests that the required disclosure controls and procedures must capture only “information that is required to be disclosed,” the Order quotes a Commission release stating that the disclosure controls and procedures “should capture information that is relevant to an assessment of the need to disclose developments and risks that pertain to the issuer’s businesses.”[4] In other words, the required disclosure controls and procedures must capture not only information that a company is required to disclose, but also an additional, vaguely defined category—information “relevant” to a company’s determination about whether a risk or other issue reaches the threshold where it is “required to be disclosed.”

For several years, Activision Blizzard disclosed as one of its “material factors that make an investment in the registrant or offering speculative or risky”[5] that its industry was “characterized by a high level of employee mobility” and that it “may have difficulties in attracting and retaining skilled personnel or may incur significant costs to do so.”[6] The Order nowhere claims that this disclosure was misleading, either by affirmative misstatement or by omission, in any of the years it was included in Activision Blizzard’s filings. Instead, the Order faults Activision Blizzard for “lack[ing] controls and procedures designed to ensure that it captured and assessed—from a disclosure perspective—certain information related to these risk factors.” Specifically, the Order faults Activision Blizzard for “lack[ing] controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be communicated to Activision Blizzard’s disclosure personnel to allow for timely assessment on its disclosures.” Additionally, the Order notes that Activision Blizzard’s identified categories of “potentially material information” required to be reported to the Disclosure Committee “did not include information relevant to Activision Blizzard’s ability to retain employees, such as employee complaints or incidents of workplace misconduct.” The Order concludes that “management was unable to assess related risks” connected to Activision Blizzard’s business because it “lack[ed] sufficient information to understand the volume and substance of employee complaints of workplace misconduct.”

Ensuring that information about turnover rates and recruitment is making it up to a company’s SEC disclosure committee may very well be important, but a multitude of factors plays into employee retention and recruitment. The Order concludes that statistics related to reports of workplace misconduct were relevant to recruiting and retaining the workforce, but it does not allege that workplace misconduct was in fact affecting worker retention and recruitment during the relevant time period. If the information that management did not receive were relevant, one would expect that not having it would affect the quality or accuracy of the related disclosure. As already noted, though, the Order nowhere claims that Activision Blizzard’s risk disclosure was at any time misleading or incomplete, even though the Order also insists that management was denied access to relevant information when formulating the disclosure. It is difficult to reconcile these two aspects of the Order.

It is also difficult to see where the logic of this Order stops. When the SEC gets this granular, the limits are not clear. If workplace misconduct must be reported to the disclosure committee, so too must changes in any number of workplace amenities and workplace requirements, and so too must any multitude of factors relevant to other risk factors. The requirement cannot be that a company’s disclosure controls and procedures must capture potentially relevant, but ultimately—for purposes of disclosure—unimportant information. As I read it, in this Order, the SEC once again has sat down at the gaming console to play its new favorite game “Corporate Manager.” Using disclosure controls and procedures as its tool, it seeks to nudge companies to manage themselves according to the metrics the SEC finds interesting at the moment. For Activision Blizzard, today, that metric is workplace misconduct statistics, but other issues will follow. In this level of the enforcement game, the SEC has added $35,000,000 to its point total despite the Order not identifying any investor harm. For companies, though, setting up internal data tracking systems with an eye toward placating the SEC is not a game. It may distract management from collecting the data it actually needs to provide material information to investors and impose additional, unnecessary costs on investors who will not benefit from the company’s collection of data points that the SEC highlights, but are not necessary for good disclosure at the particular company.

II.

The Order also strains to read a violation into Activision Blizzard’s separation agreements. It finds that certain language in the separation agreements violated Exchange Act Rule 21F-17(a)’s prohibition on taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation” because the language “undermines the purpose” of Section 21F and Rule 21F-17, which is to encourage people to report to the Commission. Although the separation agreement makes clear that it does not prohibit “disclosures that are truthful representations in connection with a report or complaint to an administrative agency,” the Order nonetheless concludes the separation agreement violates Rule 21F-17 because this clear statement authorizing “truthful” statements is immediately followed by a qualification: the former employee must “notify the Company of a disclosure obligation or request within one business day after [she] learn[s] of it.” I do not believe that this is a fair reading of the separation agreement.

Notably, the Order does not explain how the notification requirement impedes former employees from communicating with the Commission. Rule 21F-17(a) specifically identifies “enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications” as actions that impede communication, but as the Order acknowledges, the Commission is not aware of any instances of Activision Blizzard taking action to enforce the notice requirement. The Order similarly acknowledges that the “Commission is not aware of any specific instances in which a former Activision Blizzard employee was prevented from communicating with Commission staff.” In my view, even if it were enforced, the notice requirement does not impede communication with the Commission for purposes of Rule 21F-17 because the requirement is about communications with the company, not communications with the Commission. On its face the notice provision only requires notification to the company and non-interference with the company’s efforts to protect its information from disclosure. It does not prohibit the employee from commencing or continuing her communications with an administrative agency. Moreover, the separation agreement includes another provision that explicitly states that “Nothing in this Release prevents me from . . . communicating or filing a charge with government or regulatory entities (such as . . . the Securities and Exchange Commission.)” Reading these two provisions together, it is clear to me that the notice requirement is not intended to and in fact does not impede communications with the Commission.

Rather than explain how the notice requirement impedes communication with the Commission, the Order simply asserts that language in the separation agreement “undermines the purpose of Section 21F and Rule 21F-17(a) to ‘encourage[e] individuals to report to the Commission’” and then concludes that Activision Blizzard has violated Rule 21F-17(a). Rule 21F-17, however, does not prohibit all actions that “undermine” the statutory purpose by possibly discouraging reporting to the Commission; it prohibits taking actions to impede communications with the Commission. If we are to find a company in violation of a rule, we at least ought to articulate clearly both what conduct violated the rule and how it did so.