Niall Coburn, Senior Regulatory Intelligence Expert, Thomson Reuters
The Australian Securities and Investments Commission (ASIC) has published two new information sheets to help firms understand their obligations under a new Corporations Act regime to protect whistleblowers. The new regime carries both criminal and civil penalties, and requires firms to implement detailed procedures to protect whistleblowers’ identity.
The law requires all large companies and trustees of superannuation schemes to have a whistleblower policy in place.
The Whistleblower Protection Regime contained in Part 9.4AAA of the Corporations Act was expanded on July 1, 2019 to provide greater protection for whistleblowers who report misconduct on the part of companies or their officers and employees. The law requires all large companies and trustees of superannuation schemes to have a whistleblower policy in place. In November 2019, ASIC released Regulatory Guide 270: Whistleblower Policies (RG270), setting out obligations for companies and trustees.
Whistleblower information sheets
The newly released information sheets — INFO 246 and INFO 247 — summarise the obligations of company officers and auditors, and of internal or external teams investigating whistleblower complaints.
“The information sheets assist company officers and auditors to deal with the requirements under the law as it relates to their important roles in a company. The information sheets provide guidance for companies to develop arrangements for handling whistleblower disclosures that are effective and tailored to their circumstances”, said Warren Day, ASIC executive director for assessment and intelligence.
The information sheets make it clear that companies must obtain consent from whistleblowers to disclose their identity if required for investigations. They also explain how to address any employment issues involving the whistleblower while the company is handling their disclosure.
Firms must conduct training on the whistleblower provisions and ensure investigating teams understand the legal obligations not to disclose a whistleblower’s identity, or any information likely to lead to their identification, unless that disclosure is authorised under the law. Additionally, firms or their employees must not cause or threaten to cause detriment to a whistleblower for making a disclosure, and whistleblowers must not be victimised.
Qualifying disclosures
The information sheets set out the circumstances under which a whistleblower can make “qualifying disclosures” to access the rights and protection under the new regime. A qualifying disclosure is a disclosure of information from a whistleblower “who has reasonable grounds to suspect that the information concerns misconduct, an improper state of affairs or circumstances, a breach of the law or danger to the public or the financial system”. The definition of misconduct is wide-ranging.
“The whistleblower must have reasonable grounds to suspect the concerns that they report. This is an objective test. A person is not protected for a false claim. It must be an allegation they have reasonable grounds to suspect is the case,” ASIC said.
Personal work grievance distinguished from qualifying disclosure
A disclosure about a “personal work-related grievance” is not covered by the whistleblower provisions. Examples of personal work-related grievances include: an interpersonal conflict between the individual and another employee; a decision about the engagement, transfer or promotion of the individual; a decision about the terms and conditions of engagement of the individual; or a decision to terminate or suspend the engagement of the individual.
A disclosure of a personal work-related grievance may, however, fall under the whistleblower provisions if a person suffers, or is threatened with, detriment for making the disclosure or if the disclosure includes information about misconduct, an improper state of affairs or circumstances, or if the disclosure suggests misconduct that has significant implications for the company beyond the discloser’s personal circumstances.
Maintaining confidentiality
Company directors and auditors and their staff must have systems in place to maintain a whistleblower’s confidentiality. This includes managing correspondence with the whistleblower, and the insertion of information about any disclosure into computer systems. The ASIC information sheets remind company officers that the Corporations Act makes it a criminal and a civil penalty offence for someone to disclose unauthorised information likely to reveal the identity of a whistleblower.
Firms need to have effective arrangements for handling disclosures from whistleblowers. They need to take responsibility for overseeing the whistleblower handling program and reviewing its effectiveness, to ensure they are managing risks in this area appropriately.
