What has changed with ASIC's whistleblower obligations?

Thursday, 01 October 2020


    Directors need to be across the new guidelines on companies' whistleblower obligations, writes ASIC executive director of assessment and intelligence Warren Day.

    Company officers and auditors can now benefit from additional ASIC guidance on their whistleblower protection obligations. On 1 July 2019, Australia’s whistleblower protection regime in the Corporations Act 2001 (Cth) was strengthened to provide greater protections for whistleblowers.

    Whistleblowers can access their rights and protections by reporting their concerns to a company officer or company auditor. If you fulfil one of these roles, it is vital that you understand your obligations and handle whistleblower disclosures in line with the requirements of the Corporations Act.

    On 30 June, ASIC released two information sheets to help company officers and company auditors understand and comply with their obligations: Information Sheet 246 Company auditor obligations under the whistleblower protection provisions (INFO 246); and Information Sheet 247 Company officer obligations under the whistleblower protection provisions (INFO 247) are available on the ASIC website.

    Ongoing obligations as a company officer or auditor

    Company auditors (as well as members of internal or external audit teams), company officers and senior managers have ongoing obligations under the whistleblower provisions of the Corporations Act.

    Individuals in these roles are designated as “eligible recipients” for whistleblower disclosures. This means that, in the course of your day-to-day work, you may receive a disclosure from a whistleblower who can access whistleblower rights and protections. When handling the disclosure, your main legal obligations are to not:

    • Disclose the whistleblower’s identity (or information likely to lead to their identification) unless that disclosure is authorised under the law.
    • Cause or threaten to cause detriment to (or victimise) a whistleblower for making the disclosure.

    Public companies, large proprietary companies and corporate trustees of superannuation entities regulated by the Australian Prudential Regulation Authority (APRA) must also have a whistleblower policy.

    Good for business

    Some companies are not required to have a whistleblower policy. However, ASIC still encourages the putting in place of arrangements for handling whistleblower disclosures. Put simply, an effective approach to whistleblowing is good for business.

    Whistleblowers provide a service to their employers by alerting companies to urgent changes needed to comply with the law and improve company performance. Encouraging people to speak up when they see wrongdoing has the added benefit of improving organisational culture. That’s why companies should make it as easy as possible for their own people to come forward when they observe or experience misconduct in the workplace.

    The information sheets provide guidance for companies and audit firms not required to have a whistleblower policy to develop arrangements for handling whistleblower disclosures that are effective and tailored to their circumstances.

    It will also be important to monitor and oversee how your company complies with the whistleblower protection regime as part of your broader governance responsibilities. You or your company could be liable to pay compensation to a whistleblower if they suffer detriment because of their whistleblower disclosure. Courts may consider the arrangements you have in place to handle whistleblower disclosures when deciding on compensation.

    Visit ASIC's whistleblowing page for more information on company whistleblowing obligations and compliance.

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.