IMPACT ANALYSIS: ASIC warns companies to get their whistleblower policies in order

Many companies’ whistleblower policies may not comply with the latest updates to the whistleblower protection regime, the Australian Securities and Investments Commission (ASIC) has warned. 

One of the regulator’s policies this year will be to conduct a review of whistle-blowing policies at a sample of Australian companies, the regulator said last week.

A previous review carried out in 2020 indicated that some corporate whistleblower policies were failing to comply with amendments to the regime introduced three years ago, ASIC said. The whistleblower protections in Part 9.4AAA of the Corporations Act 2001 (the act) were expanded from July 1, 2019 to provide greater protections for whistleblowers who report misconduct about companies and company officers.

Companies must comply: ASIC

The review of 102 companies conducted by ASIC in 2020 found that most were failing to comply with the legal requirements under the new regime. The most prevalent deficiencies were incomplete, obsolete, or out-of-date policies, suggesting that many companies still do not fully understand the enhanced whistleblower protection regime requirements and the importance of directors maintaining oversight of whistle-blowing programs to ensure they comply with the law. 

The regulator wrote to all Australian chief executive officers (CEOs) in October 2021, reminding them of their obligations to identify and address potential misconduct at an early stage. 

“Whistleblowers help companies and registrable superannuation entities identify problems and issues that they need to address to comply with the law and improve their performance. Whistleblower policies are essential for encouraging potential whistleblowers to speak up. Policies must clearly set out the legislative whistleblower protections and the process for reporting misconduct,” Sean Hughes, ASIC commissioner, said when announcing the letter to CEOs.

Whistleblower provisions 

Part 9.4AAA of the Corporations Act requires all companies to comply with the whistleblower protection provisions. The act provides strong protections for corporate sector whistleblowers, to encourage them to come forward with their concerns. 

The regime provides that whistleblower policies must set out: the protections available to whistleblowers; how to make a “qualifying disclosure”; the measures the firm has in place to support and protect whistleblowers; how whistleblower  disclosures will be investigated; how the firm will ensure whistleblowers are treated fairly; and making information about the police available to officers and employees who make disclosures. 

Companies must ensure, when handling a whistleblowing disclosure, that they do not to disclose a whistleblower’s identity, or information likely to lead to their identification (unless authorised), and must not cause or threaten to cause detriment to, or victimise, a whistleblower for making their disclosure. 

Public companies, large proprietary companies and corporate trustees of registrable superannuation entities must have a whistleblower policy. ASIC has also encouraged small companies which are are not legally required to have a whistleblower policy to put in place arrangements for handling disclosures. 

Company officers or senior managers are “eligible recipients” of disclosures under the act. This means that eligible whistleblowers can “make qualifying disclosures” to the firm and then access the whistleblower rights and protections. There is also a definition of officers and senior managers which is not limited to a company director or secretary and may include liquidators and other external administrators. 

The whistleblower protection regime was put in place after it was recognised that whistleblowers can help companies to identify problems which may prevent them from complying with the law, and which may help them to improve their own performance. Having an effective whistleblowing program in place gives companies a chance to identify and address potential misconduct at an early stage. It also helps to protect the company’s reputation, enabling it to address issues as soon as they become apparent. 

Detrimental outcomes 

Prior to the introduction the new regime, various reports suggested that whistleblowers had been demoted or stood down following their disclosures, and had subsequently been unable to find employment elsewhere in the finance industry. Other detrimental outcomes included discrimination, harassment or intimidation, harm or injury (including psychological), and damage to property, financial position or reputation. 

The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry uncovered a wide range of instances in which failure on the part of employees and senior managers to disclose potential problems led to  reputational damage for their company. If effective whistle-blowing programs had been in place, much of this misconduct might have been averted at an earlier stage, and matters prevented from snowballing. The Royal Commission also found instances where employees who had raises concerns had suffered professional detriment.  

It is crucial that companies ensure their whistle-blowing policies comply with the law regarding the fair treatment of employees. Failure to do so may dissuade whistleblowers from coming forward. It may also lead to regulatory civil penalty fines, while employees may to entitled to compensation.

ASIC pushing ahead with world-leading rules to govern digital assets
Australian senators keep pressure on for AML/CTF law reform, ahead of Senate report

This article first appeared on Thomson Reuters Regulatory Intelligence.

Nathan Lynch is an experienced writer, public speaker, manager and technology enthusiast in the field of financial regulation and risk management. At Thomson Reuters, Nathan leads a team of experts who provide breaking news, deep analysis and practical guidance to risk practitioners in the global financial services sector.
Nathan manages Thomson Reuters’ award-winning Regulatory Intelligence team across the Asia-Pacific region, tracking developments in financial services law, regulation, financial crime and risk management.
Nathan has been involved in building innovative, tech-based businesses in the financial services “regtech” sector — including Complinet Australia and the Thomson Reuters Risk business.

Leave a Reply

Subscribe to Business Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.