How ASIC handles whistleblower reports
We value the people from inside companies and organisations who come to ASIC with reports of potential misconduct or breaches of the law. Whistleblowers provide ASIC with important information and help us enforce the laws we administer and address and prevent harm to consumers.
We appreciate that whistleblowers can find themselves in difficult and stressful circumstances, and may risk their careers or even their personal safety. We take the concerns whistleblowers raise with ASIC seriously.
This information sheet (INFO 239) explains:
- whistleblower reports that we may receive
- ASIC's role in relation to whistleblowers
- how we deal with information from whistleblowers, including when we will act on your information and matters outside of our regulatory responsibilities
- how we pursue alleged breaches of the whistleblower protections
- our communication with whistleblowers
- the role of ASIC's Office of the Whistleblower
The Corporations Act 2001 (Corporations Act) provides certain legal rights and protections for people who meet the definition of an 'eligible whistleblower'. For information about who can qualify for protections as a whistleblower under the Corporations Act, please see Information Sheet 238 Whistleblower rights and protections (INFO 238).
The whistleblower protections in the Corporations Act apply to you if you are an insider to a company or organisation and make a report about:
- an improper state of affairs or circumstances, or
- a breach of the law by the company or organisation or an officer or employee of the company or organisation.
This is a broad test, and the subject matter of a whistleblower report may extend beyond ASIC's regulatory responsibilities as Australia's corporate, markets, financial services, and consumer credit regulator.
Whistleblowers can access the legal rights and protections from when they report to ASIC. Whistleblowers can also access the protections from when they report internally within the company or organisation or externally to the company's or organisation's auditor, actuary, or whistleblower complaints service.
Further information about the legal rights and protections for whistleblowers, ASIC's enforcement approach, and our handling of reports of misconduct is available in:
- INFO 238
- Information Sheet 151 ASIC's approach to enforcement (INFO 151)
- Information Sheet 153 How ASIC deals with reports of misconduct (INFO 153).
If your report is about matters within the Australian Prudential Regulation Authority's (APRA's) responsibilities, such as compliance with prudential regulation or the safety and soundness of financial institutions, you may wish to raise your concerns directly with APRA. The whistleblower protections in the Corporations Act also apply to reports from whistleblowers made direct to APRA. For guidance on providing information on institutions APRA regulates, see APRA's webpage on whistleblowing.
ASIC's primary role in relation to you as a whistleblower is to receive and consider your report about misconduct and breaches of the law, and investigate the concerns where it is appropriate and within our regulatory responsibilities. We also look into allegations that you have experienced or been threatened with detriment for making a disclosure or had your confidentiality breached.
However, under the law there are limits to our role that are important to understand:
- ASIC enforces the laws we administer, and we prioritise which matters to we will investigate. We pursue breaches of the law through a variety of means, including litigation, administrative action, stakeholder engagement, and negotiation. We cannot enforce laws we are not responsible for.
- The whistleblower protection provisions in the Corporations Act do not oblige ASIC to:
- act for you if you are the subject of a private litigation or prosecution
- bring an application on your behalf if your employer has terminated your employment as a result of a disclosure
- bring an action seeking compensation for you for loss, damage, or injury caused by detriment or threatened detriment.
- We do not decide who is and who is not a whistleblower. The definition of a whistleblower is set out in the law (see INFO 238). If there is a dispute about whether you satisfy this definition, it can only be determined by a court. However, we will provide you with information about the types of people who are covered by the whistleblower definition in the Corporations Act.
- We cannot provide you with legal advice. If you believe you may be a whistleblower or are unsure what protections apply to you, we urge you to seek independent legal advice.
- Obtaining or accessing the protections under the Corporations Act does not depend on any action by ASIC. Unlike some foreign countries, whistleblowers in Australia are not eligible to receive a financial reward for making a whistleblower report; the Corporations Act does not provide for it.
We value and consider all reports and information that we receive, but not every matter brought to our attention requires ASIC to take regulatory action. Any inquiries we make will focus on the breaches you have disclosed. What is important is that we get the information you believe relates to potential misconduct. This information is valuable to ASIC and helps us do our job. We will contact you and follow up with you to obtain the information you have. We will keep that information and your identity confidential. However, in very limited circumstances – for example, if a court subpoenas us to do so – we may be compelled to provide it. If this happens we will speak with you ahead of time and seek to protect your identity and disclosure.
You can give us information anonymously, but the value of that information may be limited and we will not be able to follow up with you for further information if necessary or to tell you what steps we may take based on your information. However, anonymous disclosures can still qualify for the whistleblower protections: see INFO 238).
All information, complaints, or reports of alleged misconduct and breaches of the law (including those from whistleblowers) reported to ASIC are initially considered by the Misconduct and Breach Reporting team. Staff in this team will provide you with information about the whistleblower rights and protections if we think you might fall within the legal whistleblower definition. For more information, see INFO 153.
During our consideration, we will need to take an objective view of the information provided and consider if the misconduct is something we need to make further inquiries about. Often these matters occur in the context of an employment dispute or issue. We are not likely to focus on those issues, but on the alleged misconduct or breaches of the law disclosed or reported to ASIC.
We cannot investigate every allegation that is made to ASIC; we must prioritise. Generally, we do not act for individuals and we will seek to take action only where our action will result in a greater impact in the market and benefit the general public more broadly.
For information on our enforcement role and why we respond to particular types of breaches of the law in different ways, see INFO 151.
Apart from being a means to receive tip-offs and insider information, ASIC's role to receive and consider whistleblower reports can be important for whistleblowers to access their legal rights and protections. This includes where a whistleblower is not comfortable first reporting their concerns internally or fears reprisals for doing so.
While we consider all reports of misconduct we receive, we can only enforce the laws we are responsible for. However, by reporting to ASIC, even if your concerns are not breaches of the laws ASIC enforces, you are still able to access the whistleblower protections.
During our consideration of your report, we may conclude that another regulator or law enforcement agency can best respond to your concerns. In these circumstances, we will encourage you to raise your concerns with the other regulator or law enforcement agency directly.
In addition, we may also refer your report to another regulator or law enforcement agency ourselves. Generally, we will do this if:
- the concerns relate to a serious breach, compliance failure, or risk of harm to consumers
- a company director, officer or senior employee has been involved in the alleged misconduct
- an entity or person we license or register, such as an Australian financial services (AFS) licensee, Australian credit licensee, registered liquidator, auditor, or registered agent has been involved in the alleged misconduct outside of our regulatory responsibilities, or
- there is a risk you may suffer detriment in the future.
Before we refer your concerns to another regulator or law enforcement agency, we will generally discuss this with you and seek your consent.
For information on our consideration of reports about misconduct outside of our regulatory responsibilities, see Information Sheet 208 When companies break laws that ASIC does not enforce (INFO 208).
Whether or not your whistleblower report relates to a matter within ASIC's regulatory responsibilities, we will consider allegations that a person has:
- caused you or threatened you with detriment for reporting your concerns, or
- breached your confidentiality.
We will need to consider if any inquiries we may make into these allegations will accord with inquiries we or another regulatory or law enforcement agency may make into the other allegations in your report.
For more information on how we make select matters for enforcement action and why we respond to particular types of breaches of the law in different ways, see INFO 151.
Causing or threatening detriment to a whistleblower
The Corporations Act makes it illegal (through a criminal offence and a civil penalty) for someone to cause or threaten detriment to you because they believe or suspect that you have made, may have made, or could make a whistleblower disclosure.
The criminal offence and civil penalty apply even if you have not made a whistleblower report, but the offender causes or threatens detriment to you because they believe or suspect you have or might make a report.
We can pursue allegations that a person caused or threatened detriment to you, but we would need your assistance to investigate the claim. This may result in a penalty to the company but not necessarily any compensation.
You can seek compensation through a court if you suffer loss, damage or injury for making your disclosure. Further information about the criminal offence and civil penalty for causing or threatening detriment and the ability to seek compensation is available in INFO 238.
Breaching a whistleblower's confidentiality
The Corporations Act makes it illegal (through a criminal offence and a civil penalty) for someone to disclose your identity, or information likely to lead to your identification, as a whistleblower unless it is an authorised disclosure.
An 'authorised disclosure' of your identity or information is a disclosure:
- to ASIC, APRA or the Australian Federal Police,
- to a lawyer for advice about the whistleblower protections, or
- with your consent.
In addition, in a company's or organisation's investigation of the concerns raised in your report, the company or organisation must take reasonable steps to ensure that information likely to lead to your identification is not disclosed.
We can pursue allegations that a person made an unauthorised disclosure of your identity or information likely to lead to your identification as a whistleblower, but we would need your assistance to investigate the allegations. This may result in a penalty to the person but not necessarily compensation.
You can seek compensation through a court if you suffer loss, damage, or injury for making your disclosure. We encourage you to seek legal advice about any potential remedies that may be available to you. Further information is available in INFO 238.
If you believe you may be a whistleblower or are unsure what protections may apply to you, it is important to seek legal advice. We are not able to give personal legal advice and can only provide general information on these issues.
Only a properly accredited legal practitioner who understands your circumstances can give you legal advice. This is especially important if you are thinking of acting on the rights the whistleblower protections give to you.
If you are a whistleblower, we recognise that you may have an ongoing interest in the matter and we will contact you regularly to update you as best we can. As we conduct our inquiries into your report, a dedicated Whistleblower Liaison Officer within ASIC will contact you regularly. However, for confidentiality reasons, we may not be able to provide much detail during the course of our review or any subsequent investigation or action: see Information Sheet 152 Public comment on ASIC's regulatory activities (INFO 152).
If we decide not to take any further steps following our inquiries, we will let you know. We will explain the reasons why and give some guidance on what you can do next. For example, we may suggest you seek private legal advice about any rights or remedies that may be available to you.
If your report to ASIC is about matters that fall within the responsibilities of another regulator or law enforcement agency, we may refer you to a more appropriate agency to consider the concerns – such as state or federal police or another regulatory body. In addition, we may not be able to inform you of the actions taken by the other regulator or agency. You may need to contact them directly for an update. This may be relevant if you are considering making a public interest disclosure to a journalist or parliamentarian. Further information is available in INFO 238.
ASIC has formed an Office of the Whistleblower to improve our ability to:
- identify, assess, and inquire into whistleblower reports
- communicate with you throughout our inquiries, and inform you of your rights and protections under the law
- liaise with other regulators and industry stakeholders on whistleblower handling and the whistleblower protections.
The Office of the Whistleblower ensures that we maintain regular communication with you and, if our handling of or action in a matter concludes, that we explain the outcome and reason for that outcome to you (within the limitations of what ASIC can and cannot say). The Office of the Whistleblower oversees the handling of whistleblower matters across all of ASIC's teams, rather than handling or dealing with individual whistleblower matters directly.
As noted above, if you believe you are a whistleblower with information that relates to potential breaches of the laws ASIC administers, you should send it to ASIC through our online misconduct reporting form or by writing to ASIC.
Where to find more information
- RG 103 Confidentiality and release of information
- INFO 151 ASIC’s approach to enforcement
- INFO 153 How ASIC deals with reports of misconduct
- INFO 172 Cooperating with ASIC
- INFO 208 When companies break laws that ASIC does not enforce
- INFO 238 Whistleblower rights and protections
Read the whistleblower provisions of the Corporations Act (especially Part 9.4AAA) on the Federal Register of Legislation.
Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. Omission of any matter in this information sheet will not relieve a company or its officers from any penalty incurred by failing to comply with the statutory obligations of the Corporations Act. You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.
This is Information Sheet 239 (INFO 239), issued on 1 July 2019.