11 November 2021
The Australian Securities & Investments Commission (ASIC) recently announced that it found many entities’ whistleblower policies failed to include all of the information required by law, after undertaking a review of over 100 entities’ whistleblower policies throughout 2020.
Generally, whistleblower policies must:
-
clearly outline how, and to whom, a person can make a disclosure that qualifies for the legal protections for whistleblowers;
-
explain how a company will investigate a disclosure;
-
reflect the whistleblower protection regime that started on 1 July 2019; and
-
accurately describe the legal rights and remedies whistleblowers can rely on if they make a qualifying disclosure.
Upon reviewing the sample whistleblower policies, ASIC found that many of the policies were non-compliant, as the policies:
-
failed to list all the categories of people to whom a whistleblower disclosure can be made (and instead, were unduly limiting in requiring the disclosure to be made through a particular channel);
-
failed to list all the persons that qualify for the protections;
-
inaccurately referred to requirements for whistleblowers to identify themselves or make disclosures in good faith or without malice in order to qualify for protections; or
-
omitted or inaccurately described the protections available under the Corporations Act 2001 (Cth) (Corporations Act).
As a consequence of this non-compliance, ASIC found that:
-
there may be potential whistleblowers who do not understand how to make a protected disclosure, and are therefore discouraged from speaking up; and
-
further, entities are not handling whistleblower disclosures in line with the Corporations Act obligations.
ASIC encouraged entities that are required to maintain a whistleblower policy to review both their policy and internal systems and processes, to ensure compliance with both the Corporations Act and Regulatory Guide RG270.
For further information, please contact:
Hamish Fraser, Partner, Bird & Bird
hamish.fraser@twobirds.com
