Directors should be on notice of the regulator's expectations regarding whistleblower regimes with the release of ASIC's Report 758 Good practices for handling whistleblower disclosures and ASIC's first legal action under the current whistleblower laws against TerraCom and its directors for alleged breaches of whistleblower protections.
Since 1 July 2019, the Corporations Act has contained strengthened protections for eligible whistleblowers that restrict the disclosure of their identity and prohibit victimisation. These laws apply to a broad range of entities, including companies registered in Australia and foreign corporations in a range of circumstances. Under these laws, public companies and large proprietary companies are also required to have and make available to employees and officers a whistleblowing policy that contains certain prescribed matters.
In 2022, we prepared a director toolkit setting out:
- the legal framework and some practical insights and tips for directors in supporting an effective whistleblowing framework; and
- how ASIC has worked collaboratively with entities in relation to whistleblower regimes. For example, in November 2019 it released Regulatory Guide 270 Whistleblower policies and in October 2021, ASIC released an open letter to CEOs which urged them to review their whistleblower policies and included relevant guidance.
ASIC Report 758 - good whistleblower practices
The report, which was released by ASIC on 2 March 2023:
- details good practices for handling whistleblower disclosures that ASIC observed from an extensive review of seven selected organisations' whistleblower regimes;
- confirms that ASIC will continue to review firms' whistleblower policies and arrangements for handling disclosures (including when it receives reports from whistleblowers alleging breaches of the whistleblower protections); and
- reiterates that ASIC will act where it identifies serious harm.
This report came hot off the heels of ASIC announcing that it was suing TerraCom Limited, its managing director, chief commercial officer, former Chair and a former director (all members of TerraCom's disclosure committee), for the first time under these laws. In this case, ASIC is alleging that:
- TerraCom and several of these individual respondents engaged in detrimental conduct to a whistleblower by allowing false and misleading ASX announcements to be published regarding the whistleblower's allegations; and
- all individual respondents breached their duty to exercise reasonable care and skill in the discharge of their duties as directors and officers of TerraCom, by failing to take reasonable steps upon receipt of the independent investigator’s report into the issues raised by the whistleblower.
What does the report mean for directors?
In the report, ASIC encourages organisations to carefully consider:
- formalising arrangements for board or board committee oversight of their whistleblowing policy and program, including considering which board committee is most appropriate;
- the frequency, type and level of information that management should provide to board committees so that they can discharge their oversight responsibilities
ASIC has also encouraged boards and board committees to reflect on whether they receive sufficient information to perform their oversight function and are providing informed oversight over the policy and program.
Directors should take note of the following observed good practices outlined in the Report (noting ASIC refers to the seven organisations which participated in its review as 'firms'):
Observed good practices
Frameworks to facilitate effective director oversight
Directors were engaged in the whistleblower program and the:
While ASIC recognises that the Corporations Act does not expressly impose responsibility on a board for whistleblower programs, the regulator considers that a firm's board is ultimately responsible as part of its broader risk management and corporate governance framework. We note that ASIC has recently brought a number of enforcement actions in relation to alleged breaches of directors' duties to exercise their powers and discharge their duties with care and diligence under section 180 of the Corporations Act. For example, in addition to the allegations brought against the relevant TerraCom directors, ASIC has also recently sued current and former directors of Star Casino and Nuix for alleged breaches of the duty of care and diligence.
Where to from here?
The key takeaways from ASIC's report are that directors should reconsider their current whistleblower regimes to:
- ensure that they incorporate evolving best practice, including having regard to ASIC's guidance;
- support compliance and mitigate against the potential consequences of costly and lengthy enforcement action, in circumstances where we expect ASIC to take further action against firms and individual directors in this space having made its expectations clear; and
- revisit the AICD’s director toolkit to refamiliarise themselves with the legal framework and some practical insights and tips for directors in supporting an effective whistleblowing framework.
Already a member?
Login to view this content