Protections for corporate sector whistleblowers
From 1 July 2019, the whistleblower protections in Part 9.4AAA the Corporations Act 2001 (Corporations Act) have been expanded to provide greater protections for whistleblowers who report misconduct about companies and company officers. The reforms to the regime were contained in the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019, which received Royal Assent on 12 March 2019.
ASIC has issued two information sheets for people to understand who is eligible to access the whistleblower rights and protections under the Corporations Act and how we will respond to reports of misconduct from whistleblowers:
- Information Sheet 238 Whistleblower rights and protections (INFO 238)
- Information Sheet 239 How ASIC handles whistleblower reports (INFO 239)
Corporate sector whistleblower protection regime
From 1 July 2019, the corporate sector whistleblower protection regime:
- includes in the definition of whistleblower both current and former employees, officers, and contractors, as well as their spouses, dependants, and other relatives, whether they identify themselves or are anonymous
- extends the protections to whistleblower reports that allege misconduct, an improper state of affairs or circumstances, or breach of financial sector law and all Commonwealth offences punishable by imprisonment of 12 months or more, though a report solely about a personal work-related grievance is not covered by the protections
- requires a whistleblower to have reasonable grounds to suspect misconduct, though they do not need to prove their allegations. The whistleblower’s reasons for reporting or their personal opinions about the people involved do not prevent them from qualifying for protection
- creates civil penalty provisions, in addition to the existing criminal offences, for causing or threatening detriment to (or victimising) a whistleblower and for breaching a whistleblower's confidentiality
- gives protections for whistleblowers in limited circumstances if they disclose to a journalist or parliamentarian after they have reported to ASIC or APRA their concerns about
- substantial and imminent danger to the health or safety of one or more people or to the natural environment or
- matters in the public interest after 90 days
- provides whistleblowers with easier access to compensation and remedies if they suffer detriment, including protections from costs orders unless a court finds the claim to be vexatious or the whistleblower acted unreasonably, and
- requires all public companies, large proprietary companies, and corporate trustees of registrable superannuation entities to have a whistleblower policy from 1 January 2020.
We value the people from inside companies and organisations who come to ASIC with reports of potential misconduct or breaches of the law. Whistleblowers provide ASIC with important information and help us enforce the laws we administer and address and prevent harm to consumers.
We appreciate that whistleblowers can find themselves in difficult and stressful circumstances, and may risk their careers or even their personal safety. ASIC takes the concerns whistleblowers raise with ASIC seriously.
ASIC is responsible for enforcing the corporate sector whistleblower protection regime, including where a whistleblower may suffer detriment for alleging breaches of laws outside of ASIC’s regulatory responsibilities.
The regime also applies to whistleblower reports made before 1 July 2019, if a whistleblower's confidentiality is breached or they suffer detriment on or after 1 July 2019.
ASIC considers that a strong and effective process for handling whistleblowers and whistleblower disclosures can assist in the timely identification and prevention of misconduct. Respect and fair treatment for whistleblowers, commitment to address whistleblower concerns, and reporting of whistleblower concerns to senior executives and board members will assist companies and organisations to manage themselves, comply with their obligations, and improve their performance.
From 1 January 2020, public companies, large proprietary companies, and corporate trustees of registrable superannuation entities are required to have a whistleblower policy and to make that policy available to officers and employees of the company.
There are penalties for failing to comply with the requirement to have a whistleblower policy.
The Corporations Act sets out at a high level what a whistleblower policy should contain. These are:
- information about the protections available to whistleblowers, including protections under the law
- information about to whom disclosures that qualify for protection under the law may be made, and how they may be made. In addition to particular categories of eligible recipients within and outside the company prescribed by the law, a company can also authorise particular staff or third parties to receive disclosures from whistleblowers
- information about how the company will support whistleblowers and protect them from detriment
- information about how the company will investigate disclosures that qualify for protection under the law. This will be important for whistleblowers to understand how their reports and their personal information will be handled during any investigation
- information about how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection under the law, or to whom such disclosures relate
- information about how the policy is to be made available to officers and employees of the company, and
- any matters prescribed by the regulations (no regulations have yet been prescribed).
ASIC has released Regulatory Guide 270 Whistleblower policies (RG 270) to help entities establish a whistleblower policy that complies with their legal obligations. It also contains our good practice guidance on implementing and maintaining a whistleblower policy.
RG 270 can also assist entities that are not required to have a whistleblower policy but are required to manage whistleblowing in accordance with the Corporations Act. Further guidance is contained in ASIC Information Sheet 247 Company officer obligations under the whistleblower protection provisions (INFO 247).
The Corporations Act also gives ASIC the power to grant relief from the whistleblower policy requirements, so that companies may be exempted from compliance with the requirements or certain aspects of the requirements.
ASIC has granted relief to public companies limited by guarantee that are not‑for-profits or charities with annual revenue of less than $1 million from the requirement to have a whistleblower policy. See ASIC Corporations (Whistleblower Policies) Instrument 2019/1146.
Further information about ASIC’s relief powers, including how to request relief from ASIC, is contained in Regulatory Guide 51 Applications for relief (RG 51).