ASIC's call for improved whistleblower policies

On Wednesday, 13 October 2021, ASIC called on Australian CEOs for better compliance with the whistleblower protection regime under the Corporations Act 2001 (Cth) (Act).

As a point of reminder, since 1 January 2020, Part 9.4AAA of the Act has required public companies, large proprietary companies, and the trustees of registerable superannuation entities to have in place, and make publicly available, whistleblower policies. Those policies must provide information about:

• the protections available to whistleblowers;
• the kinds of reportable matters that will qualify for protection;
• persons to whom disclosures may be made;
• how the entity will support and protect whistleblowers;
• how the entity will investigate disclosures and ensure fair treatment to those making or subject to disclosures; and
• how the policy will be made available to employees.

The whistleblower protection legislation is intended to assist entities in encouraging disclosures and supporting whistleblowers – who are an essential part of an organisation’s ability to detect misconduct and identify, escalate and address serious corporate misconduct.

Concerningly, throughout 2020, ASIC reviewed 102 whistleblower policies for compliance with these standards. The review found many instances of ‘unclear, incomplete or inaccurate information’.

The most prevalent errors included:

• close to half of the reviewed policies did not fully identify the channels available for whistleblowers to make disclosures;
• close to half of the reviewed policies did not explain when matters such as personal work-related grievances may qualify for protection; and
• a third of policies incorrectly stated that only disclosures made ‘in good faith’ or ‘without malice’ were protected.

As a result of its review, ASIC has written to the CEOs of entities required to have a whistleblower policy, calling on them to internally consider whether their policies properly reflect the strengthened whistleblower protection regime under the Act. In doing so, ASIC expects entities to review Regulatory Guide 270, which provides guidance and good practice tips for establishing whistleblower policies. You can read the full letter here.

ASIC recommended that, to address the issues it most commonly observed in its 2020 review, entities should review their whistleblower policies with the below in mind:

• clearly articulate how a person can make a disclosure that qualifies for the legal protections for whistleblowers, including to whom;
• carefully update your whistleblower policy to reflect the whistleblower protection regime that started on 1 July 2019; and
• accurately describe the legal rights and remedies whistleblowers can rely on if they make a qualifying disclosure, which are identity protection (confidentiality), protection from detriment, compensation and other remedies, and civil, criminal and administrative liability protection.

ASIC has noted its intention to perform further reviews in the future and consider ‘the full range of regulatory tools available, including enforcement action’ in the event of non-compliance. This accords with the 2021-25 ASIC Corporate Plan, which stated that as a focus item, ASIC would ‘review whistleblower programs from a sample of regulated entities to assess how they handle whistleblower disclosures, how they use the information from disclosures to address issues or misconduct or change their operations, and the level of board and executive oversight of the program’.

DLA Piper bolsters a full-service white collar crime advisory and regulatory team with a depth of experience in preparing and advising on Australian and global whistleblower policies and wider compliance programmes. If you have any questions or would like us to review your whistleblowing policy from a best-practice perspective, please phone or email our key contacts listed below.