Following a review of a select sample of whistleblower policies (Policies), ASIC has published and issued a letter to CEOs of public companies, large proprietary companies, and corporate trustees of registrable superannuation entities (Entities) expressing its concern around the short comings identified in a number of the Policies.
Part 9.4AAA of the Corporations Act 2001 (Cth) (Corporations Act) contains a consolidated whistleblower protection regime which requires Entities to implement a compliant whistleblower protection policy and to ensure that policy is available to officers and employees.
Section 1317AI(5) of the Corporations Act requires Entities to have whistleblower policies that cover information about:
a) the protections available to whistleblowers, including protections under the Corporations Act;
b) to whom disclosures that qualify for protection under the Corporations Act may be made, and how they may be made;
c) how the Entity will support whistleblowers and protect them from detriment;
d) how the Entity will investigate disclosures that qualify for protection under the Corporations Act;
e) how the Entity will ensure fair treatment of its employees who are mentioned in disclosures that qualify for protection, or its employees who are the subject of disclosures;
f) how the policy will be made available to officers and employees of the entity; and
g) any matters prescribed by regulations.
Since their review, ASIC have raised concerns that the majority of Policies reviewed as part of its audit did not appear to include all required information. In particular, ASIC expressed concerns that the majority of Policies reviewed did not clearly or accurately detail how whistleblowers could make a qualifying disclosure, nor were the protections available to whistleblowers under the Corporations Act clearly identified. In particular, ASIC noted that the Policies:
- did not list all the categories of people to whom a whistleblower can report misconduct and qualify for protection under the Corporations Act;
- inaccurately referred to obsolete requirements for whistleblowers to identify themselves or make disclosures in good faith or without malice in order to qualify for protection;
- omitted or inaccurately described one or more of the protections available to whistleblowers under the Corporations Act.
Following the results of ASIC’s review, Entities are strongly encouraged to review their existing whistleblower policies to ensure that, amongst other things, the policies:
- clearly articulate how a person can make a disclosure that qualifies for the legal protections for whistleblowers, including to whom such disclosure may be made; and
- accurately describe the legal rights and remedies whistleblowers can rely on if they make a qualifying disclosure, which are identity protection (confidentiality), protection from detriment, compensation and other remedies, and civil, criminal and administrative liability protection.
ASIC’s regulatory guide contains guidance and good practice tips with respect to whilstleblower policies. The guide can be accessed here: https://download.asic.gov.au/media/5702691/rg270-published-13-november-2019-20200727.pdf