This is from a recent SEC press release:

• The Securities and Exchange Commission today announced that Activision Blizzard Inc., a video game development and publishing company, agreed to pay $35 million to settle charges that it failed to maintain disclosure controls and procedures to ensure that the company could assess whether its disclosures pertaining to its workforce were adequate….
• According to the SEC’s order, between 2018 and 2021, Activision Blizzard was aware that its ability to attract, retain, and motivate employees was a particularly important risk in its business, but it lacked controls and procedures among its separate business units to collect and analyze employee complaints of workplace misconduct. As a result, the company’s management lacked sufficient information to understand the volume and substance of employee complaints about workplace misconduct and did not assess whether any material issues existed that would have required public disclosure….
• “The SEC’s order finds that Activision Blizzard failed to implement necessary controls to collect and review employee complaints about workplace misconduct, which left it without the means to determine whether larger issues existed that needed to be disclosed to investors,” said Jason Burt, Director of the SEC’s Denver Regional Office…

As noted, the company did provide risk factor disclosure on this general area (sure, such disclosures are often skimmed over as “boilerplate,” but they’re there):

• Our success depends to a significant extent on our ability to identify, attract, hire, retain, motivate, and utilize the abilities of qualified personnel, particularly personnel with the specialized skills needed to create and sell the high-quality, well-received content upon which our business is substantially dependent. Our industry is generally characterized by a high level of employee mobility, competitive compensation programs, and aggressive recruiting among competitors for employees with technical, marketing, sales, engineering, product development, creative, and/or management skills. We may have difficulties in attracting and retaining skilled personnel or may incur significant costs to do so. If we are unable to attract additional qualified employees or retain and utilize the services of key personnel, it could have a negative impact on our business.

Of course, any amount of generalized anything-could-happen disclosure can’t compensate for sustained underlying bad practice. Was this such a case? SEC commissioner Hester Peirce issued an interesting dissenting commentary, noting the absence of any specific allegations of fraud, misrepresentations, omissions, or investor harm, and that saying that “(if) accurate, the reported widespread workplace harassment at Activision Blizzard is deeply concerning, but it is not our concern.” She goes on:

• It is…difficult to see where the logic of this Order stops. When the SEC gets this granular, the limits are not clear. If workplace misconduct must be reported to the disclosure committee, so too must changes in any number of workplace amenities and workplace requirements, and so too must any multitude of factors relevant to other risk factors. The requirement cannot be that a company’s disclosure controls and procedures must capture potentially relevant, but ultimately—for purposes of disclosure—unimportant information. As I read it, in this Order, the SEC once again has sat down at the gaming console to play its new favorite game “Corporate Manager.” Using disclosure controls and procedures as its tool, it seeks to nudge companies to manage themselves according to the metrics the SEC finds interesting at the moment. For Activision Blizzard, today, that metric is workplace misconduct statistics, but other issues will follow. In this level of the enforcement game, the SEC has added $35,000,000 to its point total despite the Order not identifying any investor harm. For companies, though, setting up internal data tracking systems with an eye toward placating the SEC is not a game. It may distract management from collecting the data it actually needs to provide material information to investors and impose additional, unnecessary costs on investors who will not benefit from the company’s collection of data points that the SEC highlights, but are not necessary for good disclosure at the particular company.

This all provides an interesting object of debate. It seems generally useful to highlight an expansive concept of disclosure controls and procedures and to emphasize that it’s about more than narrow compliance with the tightest available readings of securities law. But on the other hand, if it’s a $35 million error not to be able to fully ensure that disclosures pertaining to a workforce are adequate, then it’s surely a much greater, more value-destroying transgression for a board of directors to (say) take a company down the wrong path by hiring an unsuitable, wildly overly paid CEO. But that’s not a blunder that would ever be the subject of enforcement action. It’s hard then not to have some sympathy for Peirce’s view that the SEC came down on this case partially because it provided an easy target…

And by the way, that’s almost the nicest thing I’ve ever said about a Trump appointee…

The opinions expressed are solely those of the author.