On 30 June 2020, ASIC released INFO 247: Company officer obligations under the whistleblower protection provisions. The volume of information and guidance on whistleblowing can feel overwhelming at times. The information sheet largely repeats aspects of ASIC’s guidance in Regulatory Guide 270 (available here), and is again lengthy. However, there are some new and key points of interest that are distilled below.
The information sheet reinforces our golden rules for managing reports
Our golden rules for people receiving reports (like officers and senior managers) are unchanged. These are:
- Respond to the report (don’t overlook it)
- Get consent to pass the whistleblower’s identity on
- Protect the whistleblower.
The information sheet expressly endorses the importance of each of these steps. For more practical help in navigating what to do if you think you have received a report, you can access our Chatbot.
All companies are encouraged to develop whistleblower arrangements
ASIC encourages all companies to develop whistleblower arrangements, not just those required to do so, to ensure that they comply with the enhanced whistleblower protection scheme enacted in 2019 (see here for our previous update on the changes).
This underscores ASIC’s focus on enabling whistleblowing as an important mechanism in all corporate environments, regardless of size. ASIC helpfully again acknowledges that arrangements can be tailored to the nature, size, scale and complexity of the company.
ASIC’s information sheet includes some practical guidance on issues that can arise in dealing with reports
Three areas worth highlighting are below:
|What to do if you can’t get consent to share a whistleblower’s identity?||
Although difficult issues can at times arise where there is no consent, ASIC reiterates that information can be shared to allow a company to investigate if you take reasonable steps to protect the whistleblower’s identity.
ASIC confirms that reasonable steps could include removing the whistleblower's name, position title, team and other identifying details from their disclosure. Companies could also investigate the concern without commenting on or attributing the source, or after masking the source. ASIC affirms that other information from the qualifying disclosure, such as the alleged misconduct, can be disclosed as long as this does not also amount to an unauthorised disclosure of the whistleblower's identity or information likely to lead to their identification.
|Ensure that staff who manage whistleblower correspondence on your behalf receive appropriate guidance and training||
ASIC helpfully acknowledges the realities for people in senior roles in corporate environments, namely that they will have staff assisting in their roles, including staff who receive, manage and draft correspondence or administer technology systems.
ASIC indicates that where those staff may become aware of whistleblower disclosures, they should be mindful of the whistleblower obligations and how the company handles disclosures, so they are able to handle the disclosure on behalf of the officer or senior manager in accordance with the whistleblower provisions. This suggests that these employees should receive guidance or training on the obligations.
|Consider implementing a dual track to manage employment issues relating to whistleblowers||
ASIC also acknowledges that the whistleblower provisions do not constrain companies from exercising lawful rights to address employment issues relating to an employee who has made a qualifying disclosure. However, processes for employee relations or addressing issues with employees may also need to account for the whistleblower provisions.
ASIC suggests that companies could, subject to resources and other factors, handle any employment issues relating to the whistleblower separately from the whistleblower's qualifying disclosure, for instance, separately documenting the employment issue and the qualifying disclosure, and ensuring that different staff members are responsible for handling each issue.
In all, while the information sheet does not contain substantial new content, beyond the provisions in the whistleblower legislation and ASIC Regulatory Guide 270, the new guidance does provide a detailed roadmap for officers and senior managers to more quickly understand key issues for them in managing whistleblower issues.
If you would like more information on setting up the frameworks needed to support compliance with the whistleblower provisions or advice on practical steps in dealing with reports, please contact us.