Under the Biden Administration, the Securities and Exchange Commission has aggressively enforced its Whistleblower Program.  As we previously reported here and here, the SEC has increased its focus on employers’ agreements or procedures that it contends interfere with employee access to the SEC.  More recently, the SEC has for the first time turned its attention toward employer compliance programs with draconian results for employers whose internal compliance efforts do not pass muster.  Specifically, on February 3, 2023, the SEC announced a dizzying $35 million fine against Activision Blizzard, Inc. (“Activision”), a video game developer, largely for failing to implement an effective compliance system to process and track workplace misconduct complaints.  Activision’s fine also included a violation for including a “Notice Clause” in the separation agreement template that it used between 2016 and 2021.  We discuss each violation below and what this means for SEC-regulated employers going forward.

Activision’s Compliance System

Blazing a new regulatory trail, the SEC concluded that Activision’s personnel reporting procedures (or lack thereof) violated Exchange Act Rule 13a-15(a), which requires the issuer of a security registered under Section 12 of the Exchange Act, like Activision, “to maintain disclosure controls and procedures designed to ensure that information required to be disclosed by an issuer in reports it files or submits under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the Commission’s rules and forms.”  Specifically, Activision disclosed in its Forms 10-K and 10-Q filings that “if [Activision] did not continue to attract, retain, and motivate skilled personnel, [Activision] will be unable to effectively conduct [its] business.”  Despite this risk in various filings over the course of three years, Activision never implemented “controls and procedures designed to ensure that it captured and assessed . . . certain information related to these risk factors.”  As a result, Activision lacked “controls and procedures . . . [necessary] to collect or analyze employee complaints of misconduct.”  Consequently, the SEC concluded that the company could not determine if more significant issues existed that Activision needed to flag and disclose to investors.

Activision’s Separation Agreement - Rule 21F-17(a)

Beginning in 2016, Activision executed separation agreements that the SEC noted included language violating Rule 21F-17(a), a rule under the whistleblower program that prohibits employers from imposing policies that may impede employees from communicating with the SEC.  Specifically, Activision’s separation agreement template included a notification clause which allowed employees to make truthful disclosures to an administrative agency in connection with a report or complaint, “but only if [the former employee] notif[ied] the Company of a disclosure obligation or request within one business day after [learning of it] and permit[ting] the Company to take all steps it deems . . . appropriate to prevent or limit the required disclosure.”  According to the SEC’s order, a significant number of Activision employees signed these separation agreements between 2016 and 2021.  While the SEC was unaware of any instances where Activision prevented one of these former employees from reporting a potential securities law violation or in which Activision acted to enforce the policy, the SEC nevertheless found that the company had violated Rule 21F-17(a).  Accordingly, in 2022, Activision revised its separation agreement template to remove this problematic language.

What Should Employers Do Now?

The Activision fine is a significant development for employers for several reasons.  First, and foremost, it indicates that the SEC is expanding its aggressive enforcement practices beyond Rule 21F-17 to new arenas, in this case, internal compliance procedures.  Second, the SEC’s $35 million fine is significantly larger than previous fines for similar violations (which were in the low-six-figures) and serves as an austere warning that the SEC will not tolerate any attempts to impede unfettered access to it.  With these developments, employers should consult with legal counsel to:

  1. Review their internal compliance programs to ensure that adequate reporting procedures are in place, allowing for the company to process and track employee complaints of misconduct.
  2. Ensure the appropriate personnel receive training about the company’s internal compliance program.
  3. Review existing company templates to ensure that they do not include language that employees may perceive as impeding unfettered access to the SEC. 
Back to Workforce Bulletin Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Workforce Bulletin posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.