ASIC calls on Australian CEOs to review Whistleblower policies

The Australian Securities and Investments Commission (ASIC) has written to CEOs of public companies, large proprietary companies and trustees of registrable superannuation entities (RSE) urging them to ensure their whistleblower policies comply with the Corporations Act following a review by the corporate regulator which determined a majority of policies did not fully address the mandatory requirements for whistleblower policies in Australia.

The key areas of non-compliance noted by ASIC are:

• protections for qualifying disclosures;
• the threshold criteria for whistleblowers to qualify for protection;
• the categories of individuals who are eligible to make disclosures;
• anonymity of whistleblowing reporters;
• identification of the disclosure channels available under the law; and
• description of how companies would protect whistleblowers.

ASIC’s letter notes that majority of policies leave corporations vulnerable to undetected misconduct as they do not address the mandatory requirements. Additionally, for public and large proprietary companies, failing to have a compliant policy is a criminal offence. The regulator also makes best practice recommendations to assist in improving entities’ whistleblower policies to detect misconduct and identify, escalate and address issues within the company.

“Whistleblowers help companies and RSEs identify problems and issues that they need to address to comply with the law and improve their performance,” said ASIC commissioner Sean Hughes.

ASIC’s letter to CEOs reminds entities of their obligation to have a compliant whistleblower policy that reflects the strengthened whistleblower protection regime that started on 1 July 2019 [see our earlier article here], identifies where policies fell short and highlights what entities can do to improve their policies with compliance protocols and the recommended best practice.

So what does the Corporations Act require?

The Corporations Act requires entities to include information about the following matters in their whistleblower policies:

• the protections available to whistleblowers;
• how to make a qualifying disclosure, including to whom;
• your entity’s measures to support and protect whistleblowers;
• indication that a whistleblower can be anonymous or identifiable;
• how your entity will investigate whistleblower disclosures and ensure fair treatment of employees named in disclosures or to whom such disclosures relate; and
• how the policy will be made available to officers and employees.

ASIC confirmed it will continue to monitor compliance with the whistleblower policy requirements, systems, processes and the handling of whistleblower disclosures. It also plans to conduct a further review of whistleblower policies in the future. The corporate watch-dog’s proactive approach should prompt all Australian corporations to revisit their whistleblower policies, particularly those obliged to adopt a compliant policy. Entities that rely on global policies need to ensure that they are consistent with the whistleblower protections in the Corporations Act. Typically they do not reflect Australia’s whistleblower protections, and expose eligible recipients to the risk of inadvertent contravention of the Corporations Act.

If you have questions or concerns about your whistleblower policy, you can contact us to discuss the way forward.