Whistleblowers are an essential part of an organisation’s ability to detect misconduct and identify, escalate and address issues.
ASIC has written to CEOs of public companies, large proprietary companies and trustees of registrable superannuation entities (RSEs) urging them to review their whistleblower policies to ensure they comply with the law.
ASIC reviewed a select sample of whistleblower policies and is concerned the majority of those policies did not fully address the relevant requirements.
As a result, whistleblowers may not know how they are protected, or feel unsure about how to speak up. This could lead to entities missing opportunities to identify and address potential misconduct at an early stage.
ASIC’s letter to CEOs:
- Reminds entities of their obligation to have a whistleblower policy that reflects the strengthened whistleblower protection regime that started on 1 July 2019
- identifies where policies in our sample fell short, and
- highlights what entities can do to improve their policies.
ASIC Commissioner Sean Hughes said, ‘Whistleblowers help companies and RSEs identify problems and issues that they need to address to comply with the law and improve their performance. Whistleblower policies are essential for encouraging potential whistleblowers to speak up. Policies must clearly set out the legislated whistleblower protections and the process for reporting misconduct.’
‘We call on CEOs and RSE trustees to discuss this letter within your organisation and to think about the culture of speaking up in your workplace. If the issues we observed from our review are present in your policy, we expect you to address and correct them without delay.’
ASIC will continue to monitor compliance with the whistleblower policy requirements and the handling of whistleblower disclosures. ASIC plans to conduct a further review of whistleblower policies in the future. We will consider the full range of regulatory tools available, including enforcement action, where we identify non-compliance.
Since 1 January 2020, the Corporations Act 2001 (Corporations Act) has required public companies, large proprietary companies, and trustees of RSEs to have a whistleblower policy that sets out particular matters and to make that policy available to its officers and employees.
In November 2019, ASIC released Regulatory Guide 270 Whistleblower policies which contains guidance and good practice tips on establishing and implementing a whistleblower policy and program.
During 2020, ASIC selected and reviewed a sample of 102 whistleblower policies from entities that are subject to the requirement to have a whistleblower policy. ASIC conducted this review to improve its understanding of how entities are responding to the requirements.