The Australian Securities and Investments Commission ("ASIC") has begun raising concerns and urging corporate entities to review their whistleblower policies to achieve compliance with the whistleblower provisions in the Corporations Act 2001 (Cth) (the "Corporations Act").

It is clear that ASIC expects corporate entities to develop and implement comprehensive whistleblower policies and it is likely that ASIC will be cracking down on non-compliance moving forward. Now is the time to review your whistleblower policy.

What is a whistleblower policy and why is it imperative to enforce?

The Corporations Act gives whistleblowers legal rights and protections to encourage them to come forward with their concerns and protect them when they do. Since 1 January 2020, the Corporations Act has required public companies, large proprietary companies, and trustees of registrable superannuation entities to have a whistleblower policy that deals with the matters prescribed in the Corporations Act.

In 2020, ASIC reviewed a sample of whistleblower policies and was concerned that the majority of those policies did not comply with the Corporations Act. While we are not aware of ASIC prosecuting any of those companies sampled, we consider that those companies, as well as all other companies, have now been sufficiently warned by ASIC that non-compliance will not be tolerated moving forward.

Failure to comply with the requirements in the Corporations Act to have and make available a whistleblower policy is an offence of "strict liability".

Do you need to review your whistleblower policy?

While section 1317AI of the Corporations Act only requires corporate entities to have a whistleblower policy that contains "information about" certain matters, ASIC's recent statements and guidance indicates its view that corporate entities must provide comprehensive details about the whistleblowing protections available under the Corporations Act.

Based on ASIC's recent review, it is concerned, amongst other things, that some whistleblower policies:

  • did not list all the categories of people to whom a whistleblower can report misconduct and qualify for protection under the Corporations Act (noting that some policies only contained information about the entities' preferred reporting channels);
  • inaccurately referred to obsolete requirements for whistleblowers to identify themselves or make disclosures in "good faith" or without malice in order to qualify for protection; and
  • did not accurately describe the types of reportable matters that qualify for whistleblower protections under the Corporations Act.

For example, if your organisation's whistleblower does not provide information about how a disclosure can be made to a journalist or parliamentarian under certain circumstances and qualify for protection, it is time to review your whistleblower policy.

Next steps

We encourage all organisations to review ASIC's regulatory guide on whistleblower policies and make any necessary amendments to their whistleblower policies. ASIC's guidance is available here.

It is not enough for an organisation to have a documented whistleblower policy, the organisation must also implement the underlying operational practices that align with the whistleblower policy.

Please do not hesitate to contact People + Culture Strategies for assistance with developing or implementing a comprehensive whistleblower policy that complies with the Corporations Act.