Updated laws in the Corporations Act will require certain companies to have in place a compliant whistleblower policy before the 1st of January 2020.

ASIC has also provided explicit guidance on the new laws and on what it expects a policy to contain. The updated laws and guidance go beyond the existing regime, with a view to providing better whistleblower protections and processes than the legislation currently provides.

Given the new laws and associated guidelines, it is unlikely that existing whistleblower policies will comply with the new requirements. It is critical therefore that affected businesses put in place new or updated policies as a matter of urgency.


The new provision, s1317AI of the Corporations Act, requires all public companies (including all listed companies), large proprietary companies, and proprietary companies that are trustees of a registrable superannuation entity, to have a compliant whistleblower policy in place. A large proprietary company is a company that satisfies at least two of the following:

  • has a consolidated revenue of over $50 million in a financial year;
  • consolidated gross assets of $25 million or greater;
  • employs at least 100 employees.

If a company qualifies under the provision at the conclusion of any financial year, it must implement a policy within 6 months of the end of that financial year.

Failure to have a policy in place from 1 January 2020 is a strict liability offence. ASIC expects the policy to be made available on a business' website, and has advised that it will be undertaking surveillance and monitoring on an ongoing basis.


The Government and Regulators policy intent is clear: Whistleblower policies are important for sound risk management and corporate governance, and provide important means of uncovering misconduct that would otherwise go undetected. This is because disclosing wrongdoing can expose whistleblowers to great personal and financial risk. Comprehensive and clear policy may minimise such risk by protecting the whistleblower and encouraging disclosure.

Broadly, a good whistleblower policy should provide information about the legal protections available to whistleblowers, indicate how a company will investigate whistleblower disclosures, and outline how the company will protect whistleblowers from detriment.

ASIC has released Regulatory Guide 270 (RG 270) to assist in creating an effective whistleblower policy and to ensure compliance with legislative requirements. Notably, RG 270 makes clear that ASIC expects policies to be broader than the strict legislative requirements. These additional requirements include setting out whistleblower eligibility under the Corporations Act and Taxation Administration Act, a provision allowing whistleblowers to make emergency disclosures to journalists or Members of Parliament, and a provision indicating to whom whistleblowers may make a disclosure.

RG 270 also contains a number of 'good practice' recommendations, although ASIC acknowledges that the nature and extent of a whistleblowing policy and procedures can be tailored having regard to the nature of the business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.