Since 1 January 2020, the Corporations Act 2001 (Cth) has required public companies, large proprietary companies, and trustees of registrable superannuation entities (RSEs) to have a detailed whistleblowing policy that is available to its officers and employees.
On 13 October 2021, ASIC wrote a letter to CEOs of such companies urging them to review their whistleblower policies to ensure they comply with the law. This article explores ASIC’s concerns, and what entities can do to improve their policies.
Why was the letter sent?
Throughout 2020, ASIC reviewed a sample of 102 whistleblower policies and found that the majority did not include all the information required by the Corporations Act, including information about the legally enforceable protections available to whistleblowers.
As a result, whistleblowers may not know how they are protected, which could hinder the identification and remediation of misconduct such as corporate and white collar crime.
Requirements under the Corporations Act
The Corporations Act requires entities to include information about the following matters in their whistleblower policies:
- Protections available to whistleblowers.
- How to make a qualifying disclosure, and to whom.
- The entity’s measures to support and protect whistleblowers.
- How the entity will investigate whistleblower disclosures and ensure fair treatment of employees named in disclosures or to whom such disclosures relate.
- How the policy will be made available to officers and employees.
Where entities are falling short
ASIC states that “The most prevalent and concerning issues we observed in the policies we reviewed involved unclear, incomplete or inaccurate information about how potential whistleblowers can make a qualifying disclosure and about the protections available under the Corporations Act.”
For example, some policies:
- Didn’t list all the categories of people to whom a whistleblower can report misconduct.
- Referred to obsolete requirements for whistleblowers.
- Omitted or inaccurately described protections available to whistleblowers.
What improvements can be made?
ASIC recommends that entities:
- Clearly articulate how a person can make a disclosure that qualifies for the legal protections for whistleblowers, including to whom.
- Carefully update their whistleblower policy to reflect the whistleblower protection regime that started on 1 July 2019.
- Accurately describe the legal rights and remedies whistleblowers can rely on if they make a qualifying disclosure, which are identity protection (confidentiality), protection from detriment, compensation and other remedies, and civil, criminal and administrative liability protection.
ASIC Commissioner Sean Hughes said that “If the issues we observed from our review are present in your policy, we expect you to address and correct them without delay.”
In response to the recent letter sent, ASIC expects that entities will:
- Discuss the letter internally and review the entity’s whistleblower policy to determine whether any of the identified issues are present, and if so, that these issues be addressed.
- Review Regulatory Guide 270 Whistleblower policies which contains guidance and good practice tips on establishing and implementing a whistleblower policy and program.
- Review other parts of whistleblowing systems and processes to ensure that they comply with the strengthened whistleblower protection regime.
ASIC plans to continue to monitor compliance with the whistleblower policy requirements in the future, and where non-compliance is identified, it will consider the full range of regulatory tools available, including enforcement action.
ASIC’s recent review has highlighted that most public companies, large proprietary companies, and trustees of RSEs have not implemented sufficient whistleblowing policies which include information about the legally enforceable protections available to whistleblowers. This may deter potential whistleblowers from coming forward and making a report. ASIC is taking steps to ensure that entities comply with whistleblowing policy requirements under the Corporations Act and is urging entities to make a number of improvements to their policies. Entities who do not heed this call may be liable to enforcement action.