You are here

Whistleblowing and the “compliance gap”: Australian regulator fires warning shot on whistleblower policies

24 November 2021 | Australia


'Set and forget' still too common on whistleblowing compliance, warns key business regulator.

It’s almost 2 and a half years since new whistleblower protections were introduced in Australia on 1 July 2019 (see our analysis here), and almost 2 years since public and large proprietary companies were required to have in place a whistleblower policy.

The Australian Securities and Investments Commission (ASIC) had foreshadowed that it would monitor compliance with the new provisions, and set up an “Office of the Whistleblower” around the time the laws were introduced.

Over two years on, ASIC has released a range of relevant materials and statistics which, in ASIC’s view, demonstrate that companies have more work to do on whistleblowing. Summarised below are some of the messages recently released by ASIC.

ASIC’s “call to action for Australian CEOs”

On 13 October 2021, ASIC wrote a letter (available here) to the CEOs of various entities. The letter stated that, during 2020, ASIC reviewed a sample of whistleblower policies. ASIC observed that the majority of those policies did not appear to include the information required by the Corporations Act.

ASIC called on CEOs to:

  • discuss ASIC’s letter within each CEO’s organisation, and appropriately review the organisation’s whistleblower policy;
  • review Regulatory Guide 270: “Whistleblower policies” (RG 270) (available here). Our update on ASIC’s Information Sheet 247 (INFO 247) is available here. Information Sheet 247 contains guidance on company officer’s obligations under the whistleblower protection provisions; and
  • review “other parts” of an organisation’s whistleblowing “systems and processes”, to assess whether they reflect the strengthened whistleblower protection regime.

Some data: whistleblower reports to ASIC in the past 3 years

On 11 November 2021, ASIC Commissioner, Mr Sean Hughes, also spoke at the Third Australian National Whistleblowing Symposium (available here). Commissioner Hughes stated that ASIC is benefiting from the whistleblower protections in that the amount of information whistleblowers are sharing with ASIC has increased. ASIC also has “current investigations underway into alleged breaches of the whistleblower protections” and ASIC continues to “assess new reports of these matters”.

Download infographic

More data: ASIC’s review of whistleblower policies

Commissioner Hughes also stated that:

  • In the 2020–21 financial year, ASIC reviewed a sample of 102 whistleblower policies from entities that must have a whistleblower policy.
  • ASIC has identified “a gap between the legal requirements and how company policies are responding to them”.
  • The majority of policies ASIC reviewed “did not fully address” the relevant legal requirements. Three of the “most prevalent and concerning deficiencies” ASIC observed were:
    • 33% of policies had “incomplete or inaccurate information”: 33% of the policies in ASIC’s sample “provided incomplete or inaccurate information about the protections available to whistleblowers”;
    • 40% of polices were “obsolete and out-of-date”: 40% of the policies ASIC reviewed “did not adequately summarise the threshold criteria for whistleblowers to qualify for protection”. In nearly 50% of the policies ASIC reviewed, the policy did not fully describe the individuals a whistleblower can report to; and
    • close to 33% of policies did not have “oversight arrangements”: close to 33% of policies reviewed by ASIC “did not state if the entity had mechanisms to monitor the effectiveness of its whistleblower policy”. Commissioner Hughes stated that this “suggests there is an attitude of ‘set and forget’, which is not good enough”.

Key takeaways: whistleblowing a priority for ASIC in 2022

ASIC has said that:

  • ASIC will continue to monitor compliance in 2022;
  • ASIC is planning another review of whistleblower policies in the future;
  • if non-compliance is identified, “ASIC will draw upon the full suite of regulatory tools”, “which includes enforcement action”; and
  • one of ASIC’s “priorities” in 2022 is reviewing how entities are handling whistleblower disclosures, how entities use the information from disclosures to address issues or misconduct or change their operations, and the level of board and executive oversight of whistleblower programs.

Need help?

  • If you have any questions or would like to know how this might affect your business, phone or email our key contacts below.
  • Alternatively, HSF’s Whistleblowing Chatbot application can also provide initial guidance on some important issues.

See how we help our clients in

Corporate Crime and Investigations

Learn More

Key Contacts